public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
* [PATCH v3 00/11] OvmfPkg: add Crypto Driver support
@ 2023-03-09 11:09 Gerd Hoffmann
  2023-03-09 11:09 ` [PATCH v3 01/11] CryptoPkg/Driver: move PCD configs to include files Gerd Hoffmann
                   ` (11 more replies)
  0 siblings, 12 replies; 13+ messages in thread
From: Gerd Hoffmann @ 2023-03-09 11:09 UTC (permalink / raw)
  To: devel
  Cc: Pawel Polawski, Guomin Jiang, Jordan Justen, Jian J Wang,
	James Bottomley, Gerd Hoffmann, Oliver Steffen, Erdem Aktas,
	Min Xu, Xiaoyu Lu, Jiewen Yao, Ard Biesheuvel, Michael Roth,
	Tom Lendacky

v3 changes:
 - rebase to latest master.
 - enable crypto driver only for SMM + DXE.
 - CI passes now \o/
v2 changes:
 - turn on crypto driver support by default.
 - left the config option in for now as fallback option.
   When all goes as planned remove it one or two releases
   later.
 - fix various build problems.

Gerd Hoffmann (11):
  CryptoPkg/Driver: move PCD configs to include files
  CryptoPkg/Driver: add CryptoServicePcd.hash_only.dsc.inc
  CryptoPkg/Driver: add TPM hashes to
    CryptoServicePcd.min_dxe_smm.dsc.inc
  BaseTools: GCC5: enable lto for noopt builds on IA32 and X64
  OvmfPkg: add OvmfCrypto*.inc
  OvmfPkg: OvmfPkgX64: use crypto includes
  OvmfPkg: OvmfPkgIa32X64: use crypto includes
  OvmfPkg: OvmfPkgIa32: use crypto includes
  OvmfPkg: Microvm: use crypto includes
  OvmfPkg: IntelTdx: use crypto includes
  OvmfPkg: AmdSev: use crypto includes

 .../Include/Dsc/CryptoServicePcd.all.dsc.inc  | 29 +++++++
 .../Dsc/CryptoServicePcd.hash_only.dsc.inc    |  8 ++
 .../Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc  | 37 +++++++++
 .../Dsc/CryptoServicePcd.min_pei.dsc.inc      | 20 +++++
 .../Dsc/OvmfCryptoComponentsDxe.dsc.inc       | 23 ++++++
 .../Dsc/OvmfCryptoComponentsPei.dsc.inc       | 19 +++++
 .../Dsc/OvmfCryptoComponentsSmm.dsc.inc       | 18 +++++
 OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc |  7 ++
 OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc    | 72 +++++++++++++++++
 CryptoPkg/CryptoPkg.dsc                       | 78 +------------------
 OvmfPkg/AmdSev/AmdSevX64.dsc                  | 12 ++-
 OvmfPkg/IntelTdx/IntelTdxX64.dsc              | 15 ++--
 OvmfPkg/Microvm/MicrovmX64.dsc                | 24 +++---
 OvmfPkg/OvmfPkgIa32.dsc                       | 22 +++---
 OvmfPkg/OvmfPkgIa32X64.dsc                    | 22 +++---
 OvmfPkg/OvmfPkgX64.dsc                        | 22 +++---
 OvmfPkg/AmdSev/AmdSevX64.fdf                  |  6 ++
 OvmfPkg/IntelTdx/IntelTdxX64.fdf              |  5 ++
 OvmfPkg/Microvm/MicrovmX64.fdf                |  7 ++
 OvmfPkg/OvmfPkgIa32.fdf                       |  6 ++
 OvmfPkg/OvmfPkgIa32X64.fdf                    |  6 ++
 OvmfPkg/OvmfPkgX64.fdf                        |  6 ++
 BaseTools/Conf/tools_def.template             |  8 +-
 OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc  | 12 +++
 OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc     |  7 ++
 25 files changed, 350 insertions(+), 141 deletions(-)
 create mode 100644 CryptoPkg/Include/Dsc/CryptoServicePcd.all.dsc.inc
 create mode 100644 CryptoPkg/Include/Dsc/CryptoServicePcd.hash_only.dsc.inc
 create mode 100644 CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc
 create mode 100644 CryptoPkg/Include/Dsc/CryptoServicePcd.min_pei.dsc.inc
 create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc
 create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc
 create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc
 create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc
 create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc
 create mode 100644 OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc
 create mode 100644 OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc

-- 
2.39.2


^ permalink raw reply	[flat|nested] 13+ messages in thread

* [PATCH v3 01/11] CryptoPkg/Driver: move PCD configs to include files
  2023-03-09 11:09 [PATCH v3 00/11] OvmfPkg: add Crypto Driver support Gerd Hoffmann
@ 2023-03-09 11:09 ` Gerd Hoffmann
  2023-03-09 11:09 ` [PATCH v3 02/11] CryptoPkg/Driver: add CryptoServicePcd.hash_only.dsc.inc Gerd Hoffmann
                   ` (10 subsequent siblings)
  11 siblings, 0 replies; 13+ messages in thread
From: Gerd Hoffmann @ 2023-03-09 11:09 UTC (permalink / raw)
  To: devel
  Cc: Pawel Polawski, Guomin Jiang, Jordan Justen, Jian J Wang,
	James Bottomley, Gerd Hoffmann, Oliver Steffen, Erdem Aktas,
	Min Xu, Xiaoyu Lu, Jiewen Yao, Ard Biesheuvel, Michael Roth,
	Tom Lendacky

Makes it easier to reuse the predefined config sets in other places.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 .../Include/Dsc/CryptoServicePcd.all.dsc.inc  | 29 +++++++
 .../Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc  | 35 +++++++++
 .../Dsc/CryptoServicePcd.min_pei.dsc.inc      | 20 +++++
 CryptoPkg/CryptoPkg.dsc                       | 78 +------------------
 4 files changed, 87 insertions(+), 75 deletions(-)
 create mode 100644 CryptoPkg/Include/Dsc/CryptoServicePcd.all.dsc.inc
 create mode 100644 CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc
 create mode 100644 CryptoPkg/Include/Dsc/CryptoServicePcd.min_pei.dsc.inc

diff --git a/CryptoPkg/Include/Dsc/CryptoServicePcd.all.dsc.inc b/CryptoPkg/Include/Dsc/CryptoServicePcd.all.dsc.inc
new file mode 100644
index 000000000000..1c3ffa461ca5
--- /dev/null
+++ b/CryptoPkg/Include/Dsc/CryptoServicePcd.all.dsc.inc
@@ -0,0 +1,29 @@
+##
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family                        | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family                        | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family                              | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Dh.Family                                | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Family                               | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family                              | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Family                              | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.GetContextSize              | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init                        | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcEncrypt                  | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcDecrypt                  | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Arc4.Family                              | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family                               | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family                              | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family                               | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.RsaPss.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.ParallelHash.Family                      | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.AeadAesGcm.Family                        | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Bn.Family                                | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Ec.Family                                | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
diff --git a/CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc b/CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc
new file mode 100644
index 000000000000..aaf35e4c6061
--- /dev/null
+++ b/CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc
@@ -0,0 +1,35 @@
+##
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family                        | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family                        | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs1v2Encrypt             | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs5HashPassword          | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs7Verify                | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.VerifyEKUsInPkcs7Signature | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs7GetSigners            | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs7FreeSigners           | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.AuthenticodeVerify         | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Pkcs1Verify                 | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.New                         | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Free                        | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.SetKey                      | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.GetPublicKeyFromX509        | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family                              | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services.HashAll                  | FALSE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetSubjectName             | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetCommonName              | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetOrganizationName        | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetTBSCert                 | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family                               | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.GetContextSize              | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init                        | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcEncrypt                  | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcDecrypt                  | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.AeadAesGcm.Services.Encrypt              | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.AeadAesGcm.Services.Decrypt              | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family                              | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
diff --git a/CryptoPkg/Include/Dsc/CryptoServicePcd.min_pei.dsc.inc b/CryptoPkg/Include/Dsc/CryptoServicePcd.min_pei.dsc.inc
new file mode 100644
index 000000000000..023c6f1d1d04
--- /dev/null
+++ b/CryptoPkg/Include/Dsc/CryptoServicePcd.min_pei.dsc.inc
@@ -0,0 +1,20 @@
+##
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family               | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family               | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family                     | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family                   | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family                   | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family                   | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family                      | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Pkcs1Verify        | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.New                | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Free               | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.SetKey             | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs5HashPassword | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.GetContextSize     | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init               | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcEncrypt         | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcDecrypt         | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family                     | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc
index 4676193e8953..6a5fbd807a17 100644
--- a/CryptoPkg/CryptoPkg.dsc
+++ b/CryptoPkg/CryptoPkg.dsc
@@ -193,32 +193,7 @@ [PcdsFixedAtBuild]
 #
 !if $(CRYPTO_SERVICES) IN "ALL TARGET_UINT_TESTS"
 [PcdsFixedAtBuild]
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family                        | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family                        | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family                              | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Dh.Family                                | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Family                               | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family                              | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Family                              | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.GetContextSize              | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init                        | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcEncrypt                  | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcDecrypt                  | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Arc4.Family                              | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family                               | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family                              | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family                               | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.RsaPss.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.ParallelHash.Family                      | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.AeadAesGcm.Family                        | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Bn.Family                                | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Ec.Family                                | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+!include CryptoPkg/Include/Dsc/CryptoServicePcd.all.dsc.inc
 !endif
 
 #
@@ -227,23 +202,7 @@ [PcdsFixedAtBuild]
 #
 !if $(CRYPTO_SERVICES) == MIN_PEI
 [PcdsFixedAtBuild]
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family               | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family               | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family                     | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family                   | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family                   | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family                   | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family                      | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Pkcs1Verify        | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.New                | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Free               | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.SetKey             | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs5HashPassword | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.GetContextSize     | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init               | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcEncrypt         | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcDecrypt         | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family                     | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+!include CryptoPkg/Include/Dsc/CryptoServicePcd.min_pei.dsc.inc
 !endif
 
 #
@@ -252,38 +211,7 @@ [PcdsFixedAtBuild]
 #
 !if $(CRYPTO_SERVICES) == MIN_DXE_MIN_SMM
 [PcdsFixedAtBuild]
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family                        | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family                        | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs1v2Encrypt             | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs5HashPassword          | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs7Verify                | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.VerifyEKUsInPkcs7Signature | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs7GetSigners            | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs7FreeSigners           | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.AuthenticodeVerify         | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Pkcs1Verify                 | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.New                         | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Free                        | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.SetKey                      | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.GetPublicKeyFromX509        | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family                              | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services.HashAll                  | FALSE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetSubjectName             | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetCommonName              | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetOrganizationName        | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetTBSCert                 | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family                               | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.GetContextSize              | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init                        | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcEncrypt                  | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcDecrypt                  | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.AeadAesGcm.Services.Encrypt              | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.AeadAesGcm.Services.Decrypt              | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family                              | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+!include CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc
 !endif
 
 ###################################################################################################
-- 
2.39.2


^ permalink raw reply related	[flat|nested] 13+ messages in thread

* [PATCH v3 02/11] CryptoPkg/Driver: add CryptoServicePcd.hash_only.dsc.inc
  2023-03-09 11:09 [PATCH v3 00/11] OvmfPkg: add Crypto Driver support Gerd Hoffmann
  2023-03-09 11:09 ` [PATCH v3 01/11] CryptoPkg/Driver: move PCD configs to include files Gerd Hoffmann
@ 2023-03-09 11:09 ` Gerd Hoffmann
  2023-03-09 11:09 ` [PATCH v3 03/11] CryptoPkg/Driver: add TPM hashes to CryptoServicePcd.min_dxe_smm.dsc.inc Gerd Hoffmann
                   ` (9 subsequent siblings)
  11 siblings, 0 replies; 13+ messages in thread
From: Gerd Hoffmann @ 2023-03-09 11:09 UTC (permalink / raw)
  To: devel
  Cc: Pawel Polawski, Guomin Jiang, Jordan Justen, Jian J Wang,
	James Bottomley, Gerd Hoffmann, Oliver Steffen, Erdem Aktas,
	Min Xu, Xiaoyu Lu, Jiewen Yao, Ard Biesheuvel, Michael Roth,
	Tom Lendacky

Contains only hash functions needed for measurements.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 CryptoPkg/Include/Dsc/CryptoServicePcd.hash_only.dsc.inc | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 CryptoPkg/Include/Dsc/CryptoServicePcd.hash_only.dsc.inc

diff --git a/CryptoPkg/Include/Dsc/CryptoServicePcd.hash_only.dsc.inc b/CryptoPkg/Include/Dsc/CryptoServicePcd.hash_only.dsc.inc
new file mode 100644
index 000000000000..0d5402be9a1a
--- /dev/null
+++ b/CryptoPkg/Include/Dsc/CryptoServicePcd.hash_only.dsc.inc
@@ -0,0 +1,8 @@
+##
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family                     | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family                   | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family                   | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family                   | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family                      | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-- 
2.39.2


^ permalink raw reply related	[flat|nested] 13+ messages in thread

* [PATCH v3 03/11] CryptoPkg/Driver: add TPM hashes to CryptoServicePcd.min_dxe_smm.dsc.inc
  2023-03-09 11:09 [PATCH v3 00/11] OvmfPkg: add Crypto Driver support Gerd Hoffmann
  2023-03-09 11:09 ` [PATCH v3 01/11] CryptoPkg/Driver: move PCD configs to include files Gerd Hoffmann
  2023-03-09 11:09 ` [PATCH v3 02/11] CryptoPkg/Driver: add CryptoServicePcd.hash_only.dsc.inc Gerd Hoffmann
@ 2023-03-09 11:09 ` Gerd Hoffmann
  2023-03-09 11:09 ` [PATCH v3 04/11] BaseTools: GCC5: enable lto for noopt builds on IA32 and X64 Gerd Hoffmann
                   ` (8 subsequent siblings)
  11 siblings, 0 replies; 13+ messages in thread
From: Gerd Hoffmann @ 2023-03-09 11:09 UTC (permalink / raw)
  To: devel
  Cc: Pawel Polawski, Guomin Jiang, Jordan Justen, Jian J Wang,
	James Bottomley, Gerd Hoffmann, Oliver Steffen, Erdem Aktas,
	Min Xu, Xiaoyu Lu, Jiewen Yao, Ard Biesheuvel, Michael Roth,
	Tom Lendacky

Enable Sha384 + Sha512 + Sm3.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc b/CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc
index aaf35e4c6061..9209b4c526a7 100644
--- a/CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc
+++ b/CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc
@@ -18,7 +18,9 @@
   gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.GetPublicKeyFromX509        | TRUE
   gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family                              | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
   gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services.HashAll                  | FALSE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family                               | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
   gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetSubjectName             | TRUE
   gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetCommonName              | TRUE
   gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetOrganizationName        | TRUE
-- 
2.39.2


^ permalink raw reply related	[flat|nested] 13+ messages in thread

* [PATCH v3 04/11] BaseTools: GCC5: enable lto for noopt builds on IA32 and X64
  2023-03-09 11:09 [PATCH v3 00/11] OvmfPkg: add Crypto Driver support Gerd Hoffmann
                   ` (2 preceding siblings ...)
  2023-03-09 11:09 ` [PATCH v3 03/11] CryptoPkg/Driver: add TPM hashes to CryptoServicePcd.min_dxe_smm.dsc.inc Gerd Hoffmann
@ 2023-03-09 11:09 ` Gerd Hoffmann
  2023-03-09 11:09 ` [PATCH v3 05/11] OvmfPkg: add OvmfCrypto*.inc Gerd Hoffmann
                   ` (7 subsequent siblings)
  11 siblings, 0 replies; 13+ messages in thread
From: Gerd Hoffmann @ 2023-03-09 11:09 UTC (permalink / raw)
  To: devel
  Cc: Pawel Polawski, Guomin Jiang, Jordan Justen, Jian J Wang,
	James Bottomley, Gerd Hoffmann, Oliver Steffen, Erdem Aktas,
	Min Xu, Xiaoyu Lu, Jiewen Yao, Ard Biesheuvel, Michael Roth,
	Tom Lendacky

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 BaseTools/Conf/tools_def.template | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template
index 471eb67c0c83..7f73ed817cd9 100755
--- a/BaseTools/Conf/tools_def.template
+++ b/BaseTools/Conf/tools_def.template
@@ -2310,8 +2310,8 @@ RELEASE_GCC49_AARCH64_DLINK_XIPFLAGS = -z common-page-size=0x20
 RELEASE_GCC5_IA32_CC_FLAGS       = DEF(GCC5_IA32_CC_FLAGS) -flto -Wno-unused-but-set-variable -Wno-unused-const-variable
 RELEASE_GCC5_IA32_DLINK_FLAGS    = DEF(GCC5_IA32_X64_DLINK_FLAGS) -flto -Os -Wl,-m,elf_i386,--oformat=elf32-i386
 
-  NOOPT_GCC5_IA32_CC_FLAGS       = DEF(GCC5_IA32_CC_FLAGS) -O0
-  NOOPT_GCC5_IA32_DLINK_FLAGS    = DEF(GCC5_IA32_X64_DLINK_FLAGS) -Wl,-m,elf_i386,--oformat=elf32-i386 -O0
+  NOOPT_GCC5_IA32_CC_FLAGS       = DEF(GCC5_IA32_CC_FLAGS) -flto -O0
+  NOOPT_GCC5_IA32_DLINK_FLAGS    = DEF(GCC5_IA32_X64_DLINK_FLAGS) -flto -Wl,-m,elf_i386,--oformat=elf32-i386 -O0
 
 ##################
 # GCC5 X64 definitions
@@ -2342,8 +2342,8 @@ RELEASE_GCC5_IA32_DLINK_FLAGS    = DEF(GCC5_IA32_X64_DLINK_FLAGS) -flto -Os -Wl,
 RELEASE_GCC5_X64_CC_FLAGS        = DEF(GCC5_X64_CC_FLAGS) -flto -DUSING_LTO -Wno-unused-but-set-variable -Wno-unused-const-variable
 RELEASE_GCC5_X64_DLINK_FLAGS     = DEF(GCC5_X64_DLINK_FLAGS) -flto -Os
 
-  NOOPT_GCC5_X64_CC_FLAGS        = DEF(GCC5_X64_CC_FLAGS) -O0
-  NOOPT_GCC5_X64_DLINK_FLAGS     = DEF(GCC5_X64_DLINK_FLAGS) -O0
+  NOOPT_GCC5_X64_CC_FLAGS        = DEF(GCC5_X64_CC_FLAGS) -flto -DUSING_LTO -O0
+  NOOPT_GCC5_X64_DLINK_FLAGS     = DEF(GCC5_X64_DLINK_FLAGS) -flto -O0
 
 ##################
 # GCC5 ARM definitions
-- 
2.39.2


^ permalink raw reply related	[flat|nested] 13+ messages in thread

* [PATCH v3 05/11] OvmfPkg: add OvmfCrypto*.inc
  2023-03-09 11:09 [PATCH v3 00/11] OvmfPkg: add Crypto Driver support Gerd Hoffmann
                   ` (3 preceding siblings ...)
  2023-03-09 11:09 ` [PATCH v3 04/11] BaseTools: GCC5: enable lto for noopt builds on IA32 and X64 Gerd Hoffmann
@ 2023-03-09 11:09 ` Gerd Hoffmann
  2023-03-09 11:09 ` [PATCH v3 06/11] OvmfPkg: OvmfPkgX64: use crypto includes Gerd Hoffmann
                   ` (6 subsequent siblings)
  11 siblings, 0 replies; 13+ messages in thread
From: Gerd Hoffmann @ 2023-03-09 11:09 UTC (permalink / raw)
  To: devel
  Cc: Pawel Polawski, Guomin Jiang, Jordan Justen, Jian J Wang,
	James Bottomley, Gerd Hoffmann, Oliver Steffen, Erdem Aktas,
	Min Xu, Xiaoyu Lu, Jiewen Yao, Ard Biesheuvel, Michael Roth,
	Tom Lendacky

Create include files for crypto support, so the configuration can be
shared for all OVMF build variants.  Also add support for using the
Crypto Driver.

The Crypto Driver is by default for enabled SMM + DXE and disabled for
PEI.  This can be changed using the {PEI,SMM,DXE}_USE_CRYPTO_DRIVER
options.  The config option is intended to be temporary and will
probably stay for one or two releases as fallback, then be removed.

The configuration follows mostly the recommendations given in
CryptoPkg/Readme.md, with some minor exceptions like only compiling
TLS support in case NETWORK_TLS_ENABLE is TRUE.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 .../Dsc/OvmfCryptoComponentsDxe.dsc.inc       | 23 ++++++
 .../Dsc/OvmfCryptoComponentsPei.dsc.inc       | 19 +++++
 .../Dsc/OvmfCryptoComponentsSmm.dsc.inc       | 18 +++++
 OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc |  7 ++
 OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc    | 72 +++++++++++++++++++
 OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc  | 12 ++++
 OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc     |  7 ++
 7 files changed, 158 insertions(+)
 create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc
 create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc
 create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc
 create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc
 create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc
 create mode 100644 OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc
 create mode 100644 OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc

diff --git a/OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc
new file mode 100644
index 000000000000..72728aea68f5
--- /dev/null
+++ b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc
@@ -0,0 +1,23 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+# mostly following CryptoPkg/Readme.md recommendations
+##
+
+!if $(DXE_USE_CRYPTO_DRIVER) == TRUE
+
+  CryptoPkg/Driver/CryptoDxe.inf {
+    <LibraryClasses>
+      BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+!if $(NETWORK_TLS_ENABLE) == TRUE
+      TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
+      OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+!else
+      TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+      OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+!endif
+    <PcdsFixedAtBuild>
+!include CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc
+  }
+
+!endif
diff --git a/OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc
new file mode 100644
index 000000000000..0457235f8eb0
--- /dev/null
+++ b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc
@@ -0,0 +1,19 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+# mostly following CryptoPkg/Readme.md recommendations
+##
+
+!if $(PEI_USE_CRYPTO_DRIVER) == TRUE
+
+  CryptoPkg/Driver/CryptoPei.inf {
+    <LibraryClasses>
+      BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+      TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+      OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+    <PcdsFixedAtBuild>
+#!include CryptoPkg/Include/Dsc/CryptoServicePcd.min_pei.dsc.inc
+!include CryptoPkg/Include/Dsc/CryptoServicePcd.hash_only.dsc.inc
+  }
+
+!endif
diff --git a/OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc
new file mode 100644
index 000000000000..be1647397a60
--- /dev/null
+++ b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc
@@ -0,0 +1,18 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+# mostly following CryptoPkg/Readme.md recommendations
+##
+
+!if $(SMM_USE_CRYPTO_DRIVER) == TRUE && $(SMM_REQUIRE) == TRUE
+
+  CryptoPkg/Driver/CryptoSmm.inf {
+    <LibraryClasses>
+      BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+      TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+      OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+    <PcdsFixedAtBuild>
+!include CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc
+  }
+
+!endif
diff --git a/OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc b/OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc
new file mode 100644
index 000000000000..f005f593b4eb
--- /dev/null
+++ b/OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc
@@ -0,0 +1,7 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+  DEFINE PEI_USE_CRYPTO_DRIVER = FALSE
+  DEFINE SMM_USE_CRYPTO_DRIVER = TRUE
+  DEFINE DXE_USE_CRYPTO_DRIVER = TRUE
diff --git a/OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc b/OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc
new file mode 100644
index 000000000000..f9fdf36c1dab
--- /dev/null
+++ b/OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc
@@ -0,0 +1,72 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+# mostly following CryptoPkg/Readme.md recommendations
+##
+
+[LibraryClasses]
+  HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
+  IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+
+[LibraryClasses.common.SEC]
+  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
+  TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+
+[LibraryClasses.common.DXE_RUNTIME_DRIVER]
+  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
+  TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+
+
+!if $(PEI_USE_CRYPTO_DRIVER) == TRUE
+
+[LibraryClasses.common.PEIM]
+  BaseCryptLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/PeiCryptLib.inf
+  TlsLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/PeiCryptLib.inf
+
+!else
+
+[LibraryClasses.common.PEIM]
+  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+  TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+
+!endif
+
+
+!if $(SMM_USE_CRYPTO_DRIVER) == TRUE
+
+[LibraryClasses.common.DXE_SMM_DRIVER]
+  BaseCryptLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptLib.inf
+  TlsLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptLib.inf
+
+!else
+
+[LibraryClasses.common.DXE_SMM_DRIVER]
+  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+  TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+
+!endif
+
+
+!if $(DXE_USE_CRYPTO_DRIVER) == TRUE
+
+[LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.UEFI_DRIVER, LibraryClasses.common.UEFI_APPLICATION]
+  BaseCryptLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptLib.inf
+  TlsLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptLib.inf
+
+!else
+
+[LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.UEFI_DRIVER, LibraryClasses.common.UEFI_APPLICATION]
+  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+!if $(NETWORK_TLS_ENABLE) == TRUE
+  TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
+  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+!else
+  TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+!endif
+
+!endif
diff --git a/OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc b/OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc
new file mode 100644
index 000000000000..6fc12ed8656f
--- /dev/null
+++ b/OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc
@@ -0,0 +1,12 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+!if $(DXE_USE_CRYPTO_DRIVER) == TRUE
+INF CryptoPkg/Driver/CryptoDxe.inf
+!endif
+
+!if $(SMM_USE_CRYPTO_DRIVER) == TRUE && $(SMM_REQUIRE) == TRUE
+INF CryptoPkg/Driver/CryptoSmm.inf
+!endif
+
diff --git a/OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc b/OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc
new file mode 100644
index 000000000000..8b42c2da7b2a
--- /dev/null
+++ b/OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc
@@ -0,0 +1,7 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+!if $(PEI_USE_CRYPTO_DRIVER) == TRUE
+INF CryptoPkg/Driver/CryptoPei.inf
+!endif
-- 
2.39.2


^ permalink raw reply related	[flat|nested] 13+ messages in thread

* [PATCH v3 06/11] OvmfPkg: OvmfPkgX64: use crypto includes
  2023-03-09 11:09 [PATCH v3 00/11] OvmfPkg: add Crypto Driver support Gerd Hoffmann
                   ` (4 preceding siblings ...)
  2023-03-09 11:09 ` [PATCH v3 05/11] OvmfPkg: add OvmfCrypto*.inc Gerd Hoffmann
@ 2023-03-09 11:09 ` Gerd Hoffmann
  2023-03-09 11:09 ` [PATCH v3 07/11] OvmfPkg: OvmfPkgIa32X64: " Gerd Hoffmann
                   ` (5 subsequent siblings)
  11 siblings, 0 replies; 13+ messages in thread
From: Gerd Hoffmann @ 2023-03-09 11:09 UTC (permalink / raw)
  To: devel
  Cc: Pawel Polawski, Guomin Jiang, Jordan Justen, Jian J Wang,
	James Bottomley, Gerd Hoffmann, Oliver Steffen, Erdem Aktas,
	Min Xu, Xiaoyu Lu, Jiewen Yao, Ard Biesheuvel, Michael Roth,
	Tom Lendacky

Use the new crypto support include files.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 OvmfPkg/OvmfPkgX64.dsc | 22 +++++++++-------------
 OvmfPkg/OvmfPkgX64.fdf |  6 ++++++
 2 files changed, 15 insertions(+), 13 deletions(-)

diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 04d50704c736..fed5723c4c40 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -35,6 +35,7 @@ [Defines]
   DEFINE CC_MEASUREMENT_ENABLE   = FALSE
 
 !include OvmfPkg/Include/Dsc/OvmfTpmDefines.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc
 
   #
   # Shell can be useful for debugging but should not be enabled for production
@@ -232,12 +233,6 @@ [LibraryClasses]
   LocalApicLib|UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf
   DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
 
-  IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
-!if $(NETWORK_TLS_ENABLE) == TRUE
-  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
-!else
-  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
-!endif
   RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
 
 !if $(SECURE_BOOT_ENABLE) == TRUE
@@ -260,10 +255,6 @@ [LibraryClasses]
   #
 !include NetworkPkg/NetworkLibs.dsc.inc
 
-!if $(NETWORK_TLS_ENABLE) == TRUE
-  TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
-!endif
-
 !if $(BUILD_SHELL) == TRUE
   ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf
 !endif
@@ -274,9 +265,9 @@ [LibraryClasses]
   OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf
 
 !include OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc
 
 [LibraryClasses.common]
-  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
   CcExitLib|OvmfPkg/Library/CcExitLib/CcExitLib.inf
   TdxLib|MdePkg/Library/TdxLib/TdxLib.inf
   TdxMailboxLib|OvmfPkg/Library/TdxMailboxLib/TdxMailboxLib.inf
@@ -385,7 +376,6 @@ [LibraryClasses.common.DXE_RUNTIME_DRIVER]
   DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf
 !endif
   UefiRuntimeLib|MdePkg/Library/UefiRuntimeLib/UefiRuntimeLib.inf
-  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
   PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
   QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
   VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
@@ -474,7 +464,6 @@ [LibraryClasses.common.DXE_SMM_DRIVER]
 !if $(SOURCE_DEBUG_ENABLE) == TRUE
   DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/SmmDebugAgentLib.inf
 !endif
-  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
   PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
   SmmCpuRendezvousLib|UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf
 
@@ -976,6 +965,13 @@ [Components]
 
   OvmfPkg/VirtioNetDxe/VirtioNet.inf
 
+  #
+  # Crypto Support
+  #
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc
+
   #
   # Usb Support
   #
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index 16666ba24440..541e0df85e1d 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -189,6 +189,7 @@ [FV.PEIFV]
 INF  FILE_GUID = $(UP_CPU_PEI_GUID) UefiCpuPkg/CpuMpPei/CpuMpPei.inf
 
 !include OvmfPkg/OvmfTpmPei.fdf.inc
+!include OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc
 
 ################################################################################
 
@@ -414,6 +415,11 @@ [FV.DXEFV]
 #
 !include OvmfPkg/OvmfTpmDxe.fdf.inc
 
+#
+# Crypto support
+#
+!include OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc
+
 ################################################################################
 
 [FV.FVMAIN_COMPACT]
-- 
2.39.2


^ permalink raw reply related	[flat|nested] 13+ messages in thread

* [PATCH v3 07/11] OvmfPkg: OvmfPkgIa32X64: use crypto includes
  2023-03-09 11:09 [PATCH v3 00/11] OvmfPkg: add Crypto Driver support Gerd Hoffmann
                   ` (5 preceding siblings ...)
  2023-03-09 11:09 ` [PATCH v3 06/11] OvmfPkg: OvmfPkgX64: use crypto includes Gerd Hoffmann
@ 2023-03-09 11:09 ` Gerd Hoffmann
  2023-03-09 11:09 ` [PATCH v3 08/11] OvmfPkg: OvmfPkgIa32: " Gerd Hoffmann
                   ` (4 subsequent siblings)
  11 siblings, 0 replies; 13+ messages in thread
From: Gerd Hoffmann @ 2023-03-09 11:09 UTC (permalink / raw)
  To: devel
  Cc: Pawel Polawski, Guomin Jiang, Jordan Justen, Jian J Wang,
	James Bottomley, Gerd Hoffmann, Oliver Steffen, Erdem Aktas,
	Min Xu, Xiaoyu Lu, Jiewen Yao, Ard Biesheuvel, Michael Roth,
	Tom Lendacky

Use the new crypto support include files.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 OvmfPkg/OvmfPkgIa32X64.dsc | 22 +++++++++-------------
 OvmfPkg/OvmfPkgIa32X64.fdf |  6 ++++++
 2 files changed, 15 insertions(+), 13 deletions(-)

diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 51db692b10fb..b032d4a3c99d 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -34,6 +34,7 @@ [Defines]
   DEFINE SOURCE_DEBUG_ENABLE     = FALSE
 
 !include OvmfPkg/Include/Dsc/OvmfTpmDefines.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc
 
   #
   # Shell can be useful for debugging but should not be enabled for production
@@ -215,12 +216,6 @@ [LibraryClasses]
   LocalApicLib|UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf
   DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
 
-  IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
-!if $(NETWORK_TLS_ENABLE) == TRUE
-  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
-!else
-  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
-!endif
   RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
 
 !if $(SECURE_BOOT_ENABLE) == TRUE
@@ -243,10 +238,6 @@ [LibraryClasses]
   #
 !include NetworkPkg/NetworkLibs.dsc.inc
 
-!if $(NETWORK_TLS_ENABLE) == TRUE
-  TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
-!endif
-
 !if $(BUILD_SHELL) == TRUE
   ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf
 !endif
@@ -257,9 +248,9 @@ [LibraryClasses]
   OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf
 
 !include OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc
 
 [LibraryClasses.common]
-  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
   CcExitLib|UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf
   TdxLib|MdePkg/Library/TdxLib/TdxLib.inf
   TdxMailboxLib|OvmfPkg/Library/TdxMailboxLib/TdxMailboxLibNull.inf
@@ -364,7 +355,6 @@ [LibraryClasses.common.DXE_RUNTIME_DRIVER]
   DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf
 !endif
   UefiRuntimeLib|MdePkg/Library/UefiRuntimeLib/UefiRuntimeLib.inf
-  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
   PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
   QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
   VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
@@ -453,7 +443,6 @@ [LibraryClasses.common.DXE_SMM_DRIVER]
 !if $(SOURCE_DEBUG_ENABLE) == TRUE
   DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/SmmDebugAgentLib.inf
 !endif
-  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
   PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
   SmmCpuRendezvousLib|UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf
 
@@ -740,6 +729,7 @@ [Components.IA32]
   UefiCpuPkg/CpuMpPei/CpuMpPei.inf
 
 !include OvmfPkg/Include/Dsc/OvmfTpmComponentsPei.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc
 
 [Components.X64]
   #
@@ -902,6 +892,12 @@ [Components.X64]
 
   OvmfPkg/VirtioNetDxe/VirtioNet.inf
 
+  #
+  # Crypto Support
+  #
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc
+
   #
   # Usb Support
   #
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index 4c5bd0dbc3b0..cf287303cb2c 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -173,6 +173,7 @@ [FV.PEIFV]
 INF  UefiCpuPkg/CpuMpPei/CpuMpPei.inf
 
 !include OvmfPkg/OvmfTpmPei.fdf.inc
+!include OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc
 
 ################################################################################
 
@@ -380,6 +381,11 @@ [FV.DXEFV]
 #
 !include OvmfPkg/OvmfTpmDxe.fdf.inc
 
+#
+# Crypto support
+#
+!include OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc
+
 ################################################################################
 
 [FV.FVMAIN_COMPACT]
-- 
2.39.2


^ permalink raw reply related	[flat|nested] 13+ messages in thread

* [PATCH v3 08/11] OvmfPkg: OvmfPkgIa32: use crypto includes
  2023-03-09 11:09 [PATCH v3 00/11] OvmfPkg: add Crypto Driver support Gerd Hoffmann
                   ` (6 preceding siblings ...)
  2023-03-09 11:09 ` [PATCH v3 07/11] OvmfPkg: OvmfPkgIa32X64: " Gerd Hoffmann
@ 2023-03-09 11:09 ` Gerd Hoffmann
  2023-03-09 11:09 ` [PATCH v3 09/11] OvmfPkg: Microvm: " Gerd Hoffmann
                   ` (3 subsequent siblings)
  11 siblings, 0 replies; 13+ messages in thread
From: Gerd Hoffmann @ 2023-03-09 11:09 UTC (permalink / raw)
  To: devel
  Cc: Pawel Polawski, Guomin Jiang, Jordan Justen, Jian J Wang,
	James Bottomley, Gerd Hoffmann, Oliver Steffen, Erdem Aktas,
	Min Xu, Xiaoyu Lu, Jiewen Yao, Ard Biesheuvel, Michael Roth,
	Tom Lendacky

Use the new crypto support include files.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 OvmfPkg/OvmfPkgIa32.dsc | 22 +++++++++-------------
 OvmfPkg/OvmfPkgIa32.fdf |  6 ++++++
 2 files changed, 15 insertions(+), 13 deletions(-)

diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 22dc29330d2d..8ca29e9747c1 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -35,6 +35,7 @@ [Defines]
   DEFINE LOAD_X64_ON_IA32_ENABLE = FALSE
 
 !include OvmfPkg/Include/Dsc/OvmfTpmDefines.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc
 
   #
   # Shell can be useful for debugging but should not be enabled for production
@@ -211,12 +212,6 @@ [LibraryClasses]
   LocalApicLib|UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf
   DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
 
-  IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
-!if $(NETWORK_TLS_ENABLE) == TRUE
-  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
-!else
-  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
-!endif
   RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
 
 !if $(SECURE_BOOT_ENABLE) == TRUE
@@ -239,10 +234,6 @@ [LibraryClasses]
   #
 !include NetworkPkg/NetworkLibs.dsc.inc
 
-!if $(NETWORK_TLS_ENABLE) == TRUE
-  TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
-!endif
-
 !if $(BUILD_SHELL) == TRUE
   ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf
 !endif
@@ -253,9 +244,9 @@ [LibraryClasses]
   OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf
 
 !include OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc
 
 [LibraryClasses.common]
-  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
   CcExitLib|UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf
   TdxMailboxLib|OvmfPkg/Library/TdxMailboxLib/TdxMailboxLibNull.inf
 
@@ -359,7 +350,6 @@ [LibraryClasses.common.DXE_RUNTIME_DRIVER]
   DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf
 !endif
   UefiRuntimeLib|MdePkg/Library/UefiRuntimeLib/UefiRuntimeLib.inf
-  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
   PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
   QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
   VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
@@ -447,7 +437,6 @@ [LibraryClasses.common.DXE_SMM_DRIVER]
 !if $(SOURCE_DEBUG_ENABLE) == TRUE
   DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/SmmDebugAgentLib.inf
 !endif
-  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
   PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
   SmmCpuRendezvousLib|UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf
 
@@ -888,6 +877,13 @@ [Components]
 
   OvmfPkg/VirtioNetDxe/VirtioNet.inf
 
+  #
+  # Crypto Support
+  #
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc
+
   #
   # Usb Support
   #
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index 5451bfb84525..552730485123 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -173,6 +173,7 @@ [FV.PEIFV]
 INF  UefiCpuPkg/CpuMpPei/CpuMpPei.inf
 
 !include OvmfPkg/OvmfTpmPei.fdf.inc
+!include OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc
 
 ################################################################################
 
@@ -373,6 +374,11 @@ [FV.DXEFV]
 #
 !include OvmfPkg/OvmfTpmDxe.fdf.inc
 
+#
+# Crypto support
+#
+!include OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc
+
 !if $(LOAD_X64_ON_IA32_ENABLE) == TRUE
 INF  OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf
 !endif
-- 
2.39.2


^ permalink raw reply related	[flat|nested] 13+ messages in thread

* [PATCH v3 09/11] OvmfPkg: Microvm: use crypto includes
  2023-03-09 11:09 [PATCH v3 00/11] OvmfPkg: add Crypto Driver support Gerd Hoffmann
                   ` (7 preceding siblings ...)
  2023-03-09 11:09 ` [PATCH v3 08/11] OvmfPkg: OvmfPkgIa32: " Gerd Hoffmann
@ 2023-03-09 11:09 ` Gerd Hoffmann
  2023-03-09 11:09 ` [PATCH v3 10/11] OvmfPkg: IntelTdx: " Gerd Hoffmann
                   ` (2 subsequent siblings)
  11 siblings, 0 replies; 13+ messages in thread
From: Gerd Hoffmann @ 2023-03-09 11:09 UTC (permalink / raw)
  To: devel
  Cc: Pawel Polawski, Guomin Jiang, Jordan Justen, Jian J Wang,
	James Bottomley, Gerd Hoffmann, Oliver Steffen, Erdem Aktas,
	Min Xu, Xiaoyu Lu, Jiewen Yao, Ard Biesheuvel, Michael Roth,
	Tom Lendacky

Use the new crypto support include files.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 OvmfPkg/Microvm/MicrovmX64.dsc | 24 +++++++++++-------------
 OvmfPkg/Microvm/MicrovmX64.fdf |  7 +++++++
 2 files changed, 18 insertions(+), 13 deletions(-)

diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc
index 76fc54865015..9ae375107414 100644
--- a/OvmfPkg/Microvm/MicrovmX64.dsc
+++ b/OvmfPkg/Microvm/MicrovmX64.dsc
@@ -33,6 +33,8 @@ [Defines]
   DEFINE SMM_REQUIRE             = FALSE
   DEFINE SOURCE_DEBUG_ENABLE     = FALSE
 
+!include OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc
+
   #
   # Network definition
   #
@@ -206,12 +208,6 @@ [LibraryClasses]
   LocalApicLib|UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf
   DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
 
-  IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
-!if $(NETWORK_TLS_ENABLE) == TRUE
-  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
-!else
-  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
-!endif
   RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
 
 !if $(SECURE_BOOT_ENABLE) == TRUE
@@ -234,10 +230,6 @@ [LibraryClasses]
   #
 !include NetworkPkg/NetworkLibs.dsc.inc
 
-!if $(NETWORK_TLS_ENABLE) == TRUE
-  TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
-!endif
-
   ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf
   ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf
   S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf
@@ -247,8 +239,9 @@ [LibraryClasses]
   Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf
   TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
 
+!include OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc
+
 [LibraryClasses.common]
-  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
   CcExitLib|OvmfPkg/Library/CcExitLib/CcExitLib.inf
   SerialPortLib|MdeModulePkg/Library/BaseSerialPortLib16550/BaseSerialPortLib16550.inf
   PlatformHookLib|MdeModulePkg/Library/BasePlatformHookLibNull/BasePlatformHookLibNull.inf
@@ -356,7 +349,6 @@ [LibraryClasses.common.DXE_RUNTIME_DRIVER]
   DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf
 !endif
   UefiRuntimeLib|MdePkg/Library/UefiRuntimeLib/UefiRuntimeLib.inf
-  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
 #  PciLib|MdePkg/Library/BasePciLibPciExpress/BasePciLibPciExpress.inf
 #  PciPcdProducerLib|OvmfPkg/Fdt/FdtPciPcdProducerLib/FdtPciPcdProducerLib.inf
 #  PciExpressLib|OvmfPkg/Library/BaseCachingPciExpressLib/BaseCachingPciExpressLib.inf
@@ -442,7 +434,6 @@ [LibraryClasses.common.DXE_SMM_DRIVER]
 !if $(SOURCE_DEBUG_ENABLE) == TRUE
   DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/SmmDebugAgentLib.inf
 !endif
-  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
   PciLib|MdePkg/Library/BasePciLibPciExpress/BasePciLibPciExpress.inf
   PciPcdProducerLib|OvmfPkg/Fdt/FdtPciPcdProducerLib/FdtPciPcdProducerLib.inf
   PciExpressLib|OvmfPkg/Library/BaseCachingPciExpressLib/BaseCachingPciExpressLib.inf
@@ -830,6 +821,13 @@ [Components]
 
   OvmfPkg/VirtioNetDxe/VirtioNet.inf
 
+  #
+  # Crypto Support
+  #
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc
+
   #
   # Usb Support
   #
diff --git a/OvmfPkg/Microvm/MicrovmX64.fdf b/OvmfPkg/Microvm/MicrovmX64.fdf
index b83fd1e6e4fe..92d4b446b7fe 100644
--- a/OvmfPkg/Microvm/MicrovmX64.fdf
+++ b/OvmfPkg/Microvm/MicrovmX64.fdf
@@ -149,6 +149,8 @@ [FV.PEIFV]
 INF  UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf
 INF  UefiCpuPkg/CpuMpPei/CpuMpPei.inf
 
+!include OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc
+
 ################################################################################
 
 [FV.DXEFV]
@@ -302,6 +304,11 @@ [FV.DXEFV]
 INF  MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
 INF  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
 
+#
+# Crypto support
+#
+!include OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc
+
 ################################################################################
 
 [FV.FVMAIN_COMPACT]
-- 
2.39.2


^ permalink raw reply related	[flat|nested] 13+ messages in thread

* [PATCH v3 10/11] OvmfPkg: IntelTdx: use crypto includes
  2023-03-09 11:09 [PATCH v3 00/11] OvmfPkg: add Crypto Driver support Gerd Hoffmann
                   ` (8 preceding siblings ...)
  2023-03-09 11:09 ` [PATCH v3 09/11] OvmfPkg: Microvm: " Gerd Hoffmann
@ 2023-03-09 11:09 ` Gerd Hoffmann
  2023-03-09 11:09 ` [PATCH v3 11/11] OvmfPkg: AmdSev: " Gerd Hoffmann
  2023-03-20  9:54 ` [PATCH v3 00/11] OvmfPkg: add Crypto Driver support Gerd Hoffmann
  11 siblings, 0 replies; 13+ messages in thread
From: Gerd Hoffmann @ 2023-03-09 11:09 UTC (permalink / raw)
  To: devel
  Cc: Pawel Polawski, Guomin Jiang, Jordan Justen, Jian J Wang,
	James Bottomley, Gerd Hoffmann, Oliver Steffen, Erdem Aktas,
	Min Xu, Xiaoyu Lu, Jiewen Yao, Ard Biesheuvel, Michael Roth,
	Tom Lendacky

Use the new crypto support include files.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 OvmfPkg/IntelTdx/IntelTdxX64.dsc | 15 +++++++++------
 OvmfPkg/IntelTdx/IntelTdxX64.fdf |  5 +++++
 2 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
index d093660283dd..88f7b3c2cce2 100644
--- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc
+++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
@@ -36,6 +36,8 @@ [Defines]
   #
   DEFINE BUILD_SHELL             = TRUE
 
+!include OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc
+
   #
   # Device drivers
   #
@@ -191,8 +193,6 @@ [LibraryClasses]
   LocalApicLib|UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf
   DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
 
-  IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
-  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
   RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
 
 !if $(SECURE_BOOT_ENABLE) == TRUE
@@ -220,8 +220,9 @@ [LibraryClasses]
   Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf
   TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
 
+!include OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc
+
 [LibraryClasses.common]
-  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
   CcExitLib|OvmfPkg/Library/CcExitLib/CcExitLib.inf
   TdxLib|MdePkg/Library/TdxLib/TdxLib.inf
   TdxMailboxLib|OvmfPkg/Library/TdxMailboxLib/TdxMailboxLib.inf
@@ -280,7 +281,6 @@ [LibraryClasses.common.DXE_RUNTIME_DRIVER]
   DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf
 !endif
   UefiRuntimeLib|MdePkg/Library/UefiRuntimeLib/UefiRuntimeLib.inf
-  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
   PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
   QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
   VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
@@ -356,7 +356,6 @@ [LibraryClasses.common.DXE_SMM_DRIVER]
   DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf
 !endif
   CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SmmCpuExceptionHandlerLib.inf
-  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
   PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
 
 [LibraryClasses.common.SMM_CORE]
@@ -553,7 +552,6 @@ [Components]
     <LibraryClasses>
       NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompressLib.inf
       NULL|OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelperLib.inf
-      BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
   }
 
   #
@@ -720,6 +718,11 @@ [Components]
   MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
   MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
 
+  #
+  # Crypto Support
+  #
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc
+
   #
   # Usb Support
   #
diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.fdf b/OvmfPkg/IntelTdx/IntelTdxX64.fdf
index 73dffc104301..e1b07449b7a9 100644
--- a/OvmfPkg/IntelTdx/IntelTdxX64.fdf
+++ b/OvmfPkg/IntelTdx/IntelTdxX64.fdf
@@ -257,6 +257,11 @@ [FV.DXEFV]
 #
 INF SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf
 
+#
+# Crypto support
+#
+!include OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc
+
 ################################################################################
 
 [FV.NCCFV]
-- 
2.39.2


^ permalink raw reply related	[flat|nested] 13+ messages in thread

* [PATCH v3 11/11] OvmfPkg: AmdSev: use crypto includes
  2023-03-09 11:09 [PATCH v3 00/11] OvmfPkg: add Crypto Driver support Gerd Hoffmann
                   ` (9 preceding siblings ...)
  2023-03-09 11:09 ` [PATCH v3 10/11] OvmfPkg: IntelTdx: " Gerd Hoffmann
@ 2023-03-09 11:09 ` Gerd Hoffmann
  2023-03-20  9:54 ` [PATCH v3 00/11] OvmfPkg: add Crypto Driver support Gerd Hoffmann
  11 siblings, 0 replies; 13+ messages in thread
From: Gerd Hoffmann @ 2023-03-09 11:09 UTC (permalink / raw)
  To: devel
  Cc: Pawel Polawski, Guomin Jiang, Jordan Justen, Jian J Wang,
	James Bottomley, Gerd Hoffmann, Oliver Steffen, Erdem Aktas,
	Min Xu, Xiaoyu Lu, Jiewen Yao, Ard Biesheuvel, Michael Roth,
	Tom Lendacky

Use the new crypto support include files.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 OvmfPkg/AmdSev/AmdSevX64.dsc | 12 ++++++++----
 OvmfPkg/AmdSev/AmdSevX64.fdf |  6 ++++++
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index f0c4dc231071..69710469e9c7 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -34,6 +34,7 @@ [Defines]
   DEFINE SOURCE_DEBUG_ENABLE     = FALSE
 
 !include OvmfPkg/Include/Dsc/OvmfTpmDefines.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc
 
   #
   # Shell can be useful for debugging but should not be enabled for production
@@ -182,8 +183,6 @@ [LibraryClasses]
   LocalApicLib|UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf
   DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
 
-  IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
-  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
   RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
 
   AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
@@ -201,9 +200,9 @@ [LibraryClasses]
   OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf
 
 !include OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc
 
 [LibraryClasses.common]
-  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
   CcExitLib|OvmfPkg/Library/CcExitLib/CcExitLib.inf
   TdxLib|MdePkg/Library/TdxLib/TdxLib.inf
   TdxMailboxLib|OvmfPkg/Library/TdxMailboxLib/TdxMailboxLibNull.inf
@@ -310,7 +309,6 @@ [LibraryClasses.common.DXE_RUNTIME_DRIVER]
   DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf
 !endif
   UefiRuntimeLib|MdePkg/Library/UefiRuntimeLib/UefiRuntimeLib.inf
-  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
   PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
   QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
   VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
@@ -709,6 +707,12 @@ [Components]
   OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf
   MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
 
+  #
+  # Crypto Support
+  #
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc
+
   #
   # Usb Support
   #
diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
index 5fb3b5d27632..84842a601262 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
@@ -163,6 +163,7 @@ [FV.PEIFV]
 INF  OvmfPkg/AmdSev/SecretPei/SecretPei.inf
 
 !include OvmfPkg/OvmfTpmPei.fdf.inc
+!include OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc
 
 ################################################################################
 
@@ -318,6 +319,11 @@ [FV.DXEFV]
 #
 !include OvmfPkg/OvmfTpmDxe.fdf.inc
 
+#
+# Crypto support
+#
+!include OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc
+
 ################################################################################
 
 [FV.FVMAIN_COMPACT]
-- 
2.39.2


^ permalink raw reply related	[flat|nested] 13+ messages in thread

* Re: [PATCH v3 00/11] OvmfPkg: add Crypto Driver support
  2023-03-09 11:09 [PATCH v3 00/11] OvmfPkg: add Crypto Driver support Gerd Hoffmann
                   ` (10 preceding siblings ...)
  2023-03-09 11:09 ` [PATCH v3 11/11] OvmfPkg: AmdSev: " Gerd Hoffmann
@ 2023-03-20  9:54 ` Gerd Hoffmann
  11 siblings, 0 replies; 13+ messages in thread
From: Gerd Hoffmann @ 2023-03-20  9:54 UTC (permalink / raw)
  To: devel
  Cc: Pawel Polawski, Guomin Jiang, Jordan Justen, Jian J Wang,
	James Bottomley, Oliver Steffen, Erdem Aktas, Min Xu, Xiaoyu Lu,
	Jiewen Yao, Ard Biesheuvel, Michael Roth, Tom Lendacky

On Thu, Mar 09, 2023 at 12:09:23PM +0100, Gerd Hoffmann wrote:
> v3 changes:
>  - rebase to latest master.
>  - enable crypto driver only for SMM + DXE.
>  - CI passes now \o/

Ping.  Any comments on this series?

take care,
  Gerd


^ permalink raw reply	[flat|nested] 13+ messages in thread

end of thread, other threads:[~2023-03-20  9:54 UTC | newest]

Thread overview: 13+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-03-09 11:09 [PATCH v3 00/11] OvmfPkg: add Crypto Driver support Gerd Hoffmann
2023-03-09 11:09 ` [PATCH v3 01/11] CryptoPkg/Driver: move PCD configs to include files Gerd Hoffmann
2023-03-09 11:09 ` [PATCH v3 02/11] CryptoPkg/Driver: add CryptoServicePcd.hash_only.dsc.inc Gerd Hoffmann
2023-03-09 11:09 ` [PATCH v3 03/11] CryptoPkg/Driver: add TPM hashes to CryptoServicePcd.min_dxe_smm.dsc.inc Gerd Hoffmann
2023-03-09 11:09 ` [PATCH v3 04/11] BaseTools: GCC5: enable lto for noopt builds on IA32 and X64 Gerd Hoffmann
2023-03-09 11:09 ` [PATCH v3 05/11] OvmfPkg: add OvmfCrypto*.inc Gerd Hoffmann
2023-03-09 11:09 ` [PATCH v3 06/11] OvmfPkg: OvmfPkgX64: use crypto includes Gerd Hoffmann
2023-03-09 11:09 ` [PATCH v3 07/11] OvmfPkg: OvmfPkgIa32X64: " Gerd Hoffmann
2023-03-09 11:09 ` [PATCH v3 08/11] OvmfPkg: OvmfPkgIa32: " Gerd Hoffmann
2023-03-09 11:09 ` [PATCH v3 09/11] OvmfPkg: Microvm: " Gerd Hoffmann
2023-03-09 11:09 ` [PATCH v3 10/11] OvmfPkg: IntelTdx: " Gerd Hoffmann
2023-03-09 11:09 ` [PATCH v3 11/11] OvmfPkg: AmdSev: " Gerd Hoffmann
2023-03-20  9:54 ` [PATCH v3 00/11] OvmfPkg: add Crypto Driver support Gerd Hoffmann

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox