* [PATCH v3 00/11] OvmfPkg: add Crypto Driver support
@ 2023-03-09 11:09 Gerd Hoffmann
2023-03-09 11:09 ` [PATCH v3 01/11] CryptoPkg/Driver: move PCD configs to include files Gerd Hoffmann
` (11 more replies)
0 siblings, 12 replies; 13+ messages in thread
From: Gerd Hoffmann @ 2023-03-09 11:09 UTC (permalink / raw)
To: devel
Cc: Pawel Polawski, Guomin Jiang, Jordan Justen, Jian J Wang,
James Bottomley, Gerd Hoffmann, Oliver Steffen, Erdem Aktas,
Min Xu, Xiaoyu Lu, Jiewen Yao, Ard Biesheuvel, Michael Roth,
Tom Lendacky
v3 changes:
- rebase to latest master.
- enable crypto driver only for SMM + DXE.
- CI passes now \o/
v2 changes:
- turn on crypto driver support by default.
- left the config option in for now as fallback option.
When all goes as planned remove it one or two releases
later.
- fix various build problems.
Gerd Hoffmann (11):
CryptoPkg/Driver: move PCD configs to include files
CryptoPkg/Driver: add CryptoServicePcd.hash_only.dsc.inc
CryptoPkg/Driver: add TPM hashes to
CryptoServicePcd.min_dxe_smm.dsc.inc
BaseTools: GCC5: enable lto for noopt builds on IA32 and X64
OvmfPkg: add OvmfCrypto*.inc
OvmfPkg: OvmfPkgX64: use crypto includes
OvmfPkg: OvmfPkgIa32X64: use crypto includes
OvmfPkg: OvmfPkgIa32: use crypto includes
OvmfPkg: Microvm: use crypto includes
OvmfPkg: IntelTdx: use crypto includes
OvmfPkg: AmdSev: use crypto includes
.../Include/Dsc/CryptoServicePcd.all.dsc.inc | 29 +++++++
.../Dsc/CryptoServicePcd.hash_only.dsc.inc | 8 ++
.../Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc | 37 +++++++++
.../Dsc/CryptoServicePcd.min_pei.dsc.inc | 20 +++++
.../Dsc/OvmfCryptoComponentsDxe.dsc.inc | 23 ++++++
.../Dsc/OvmfCryptoComponentsPei.dsc.inc | 19 +++++
.../Dsc/OvmfCryptoComponentsSmm.dsc.inc | 18 +++++
OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc | 7 ++
OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc | 72 +++++++++++++++++
CryptoPkg/CryptoPkg.dsc | 78 +------------------
OvmfPkg/AmdSev/AmdSevX64.dsc | 12 ++-
OvmfPkg/IntelTdx/IntelTdxX64.dsc | 15 ++--
OvmfPkg/Microvm/MicrovmX64.dsc | 24 +++---
OvmfPkg/OvmfPkgIa32.dsc | 22 +++---
OvmfPkg/OvmfPkgIa32X64.dsc | 22 +++---
OvmfPkg/OvmfPkgX64.dsc | 22 +++---
OvmfPkg/AmdSev/AmdSevX64.fdf | 6 ++
OvmfPkg/IntelTdx/IntelTdxX64.fdf | 5 ++
OvmfPkg/Microvm/MicrovmX64.fdf | 7 ++
OvmfPkg/OvmfPkgIa32.fdf | 6 ++
OvmfPkg/OvmfPkgIa32X64.fdf | 6 ++
OvmfPkg/OvmfPkgX64.fdf | 6 ++
BaseTools/Conf/tools_def.template | 8 +-
OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc | 12 +++
OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc | 7 ++
25 files changed, 350 insertions(+), 141 deletions(-)
create mode 100644 CryptoPkg/Include/Dsc/CryptoServicePcd.all.dsc.inc
create mode 100644 CryptoPkg/Include/Dsc/CryptoServicePcd.hash_only.dsc.inc
create mode 100644 CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc
create mode 100644 CryptoPkg/Include/Dsc/CryptoServicePcd.min_pei.dsc.inc
create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc
create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc
create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc
create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc
create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc
create mode 100644 OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc
create mode 100644 OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc
--
2.39.2
^ permalink raw reply [flat|nested] 13+ messages in thread
* [PATCH v3 01/11] CryptoPkg/Driver: move PCD configs to include files
2023-03-09 11:09 [PATCH v3 00/11] OvmfPkg: add Crypto Driver support Gerd Hoffmann
@ 2023-03-09 11:09 ` Gerd Hoffmann
2023-03-09 11:09 ` [PATCH v3 02/11] CryptoPkg/Driver: add CryptoServicePcd.hash_only.dsc.inc Gerd Hoffmann
` (10 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: Gerd Hoffmann @ 2023-03-09 11:09 UTC (permalink / raw)
To: devel
Cc: Pawel Polawski, Guomin Jiang, Jordan Justen, Jian J Wang,
James Bottomley, Gerd Hoffmann, Oliver Steffen, Erdem Aktas,
Min Xu, Xiaoyu Lu, Jiewen Yao, Ard Biesheuvel, Michael Roth,
Tom Lendacky
Makes it easier to reuse the predefined config sets in other places.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
.../Include/Dsc/CryptoServicePcd.all.dsc.inc | 29 +++++++
.../Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc | 35 +++++++++
.../Dsc/CryptoServicePcd.min_pei.dsc.inc | 20 +++++
CryptoPkg/CryptoPkg.dsc | 78 +------------------
4 files changed, 87 insertions(+), 75 deletions(-)
create mode 100644 CryptoPkg/Include/Dsc/CryptoServicePcd.all.dsc.inc
create mode 100644 CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc
create mode 100644 CryptoPkg/Include/Dsc/CryptoServicePcd.min_pei.dsc.inc
diff --git a/CryptoPkg/Include/Dsc/CryptoServicePcd.all.dsc.inc b/CryptoPkg/Include/Dsc/CryptoServicePcd.all.dsc.inc
new file mode 100644
index 000000000000..1c3ffa461ca5
--- /dev/null
+++ b/CryptoPkg/Include/Dsc/CryptoServicePcd.all.dsc.inc
@@ -0,0 +1,29 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Dh.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.GetContextSize | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcEncrypt | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcDecrypt | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Arc4.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.RsaPss.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.ParallelHash.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.AeadAesGcm.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Bn.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Ec.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
diff --git a/CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc b/CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc
new file mode 100644
index 000000000000..aaf35e4c6061
--- /dev/null
+++ b/CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc
@@ -0,0 +1,35 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs1v2Encrypt | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs5HashPassword | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs7Verify | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.VerifyEKUsInPkcs7Signature | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs7GetSigners | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs7FreeSigners | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.AuthenticodeVerify | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Pkcs1Verify | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.New | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Free | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.SetKey | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.GetPublicKeyFromX509 | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services.HashAll | FALSE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetSubjectName | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetCommonName | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetOrganizationName | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetTBSCert | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.GetContextSize | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcEncrypt | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcDecrypt | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.AeadAesGcm.Services.Encrypt | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.AeadAesGcm.Services.Decrypt | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
diff --git a/CryptoPkg/Include/Dsc/CryptoServicePcd.min_pei.dsc.inc b/CryptoPkg/Include/Dsc/CryptoServicePcd.min_pei.dsc.inc
new file mode 100644
index 000000000000..023c6f1d1d04
--- /dev/null
+++ b/CryptoPkg/Include/Dsc/CryptoServicePcd.min_pei.dsc.inc
@@ -0,0 +1,20 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Pkcs1Verify | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.New | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Free | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.SetKey | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs5HashPassword | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.GetContextSize | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcEncrypt | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcDecrypt | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc
index 4676193e8953..6a5fbd807a17 100644
--- a/CryptoPkg/CryptoPkg.dsc
+++ b/CryptoPkg/CryptoPkg.dsc
@@ -193,32 +193,7 @@ [PcdsFixedAtBuild]
#
!if $(CRYPTO_SERVICES) IN "ALL TARGET_UINT_TESTS"
[PcdsFixedAtBuild]
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Dh.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.GetContextSize | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcEncrypt | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcDecrypt | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Arc4.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.RsaPss.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.ParallelHash.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.AeadAesGcm.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Bn.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Ec.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+!include CryptoPkg/Include/Dsc/CryptoServicePcd.all.dsc.inc
!endif
#
@@ -227,23 +202,7 @@ [PcdsFixedAtBuild]
#
!if $(CRYPTO_SERVICES) == MIN_PEI
[PcdsFixedAtBuild]
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Pkcs1Verify | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.New | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Free | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.SetKey | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs5HashPassword | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.GetContextSize | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcEncrypt | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcDecrypt | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+!include CryptoPkg/Include/Dsc/CryptoServicePcd.min_pei.dsc.inc
!endif
#
@@ -252,38 +211,7 @@ [PcdsFixedAtBuild]
#
!if $(CRYPTO_SERVICES) == MIN_DXE_MIN_SMM
[PcdsFixedAtBuild]
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs1v2Encrypt | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs5HashPassword | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs7Verify | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.VerifyEKUsInPkcs7Signature | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs7GetSigners | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs7FreeSigners | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.AuthenticodeVerify | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Pkcs1Verify | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.New | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Free | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.SetKey | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.GetPublicKeyFromX509 | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services.HashAll | FALSE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetSubjectName | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetCommonName | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetOrganizationName | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetTBSCert | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.GetContextSize | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcEncrypt | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcDecrypt | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.AeadAesGcm.Services.Encrypt | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.AeadAesGcm.Services.Decrypt | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+!include CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc
!endif
###################################################################################################
--
2.39.2
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH v3 02/11] CryptoPkg/Driver: add CryptoServicePcd.hash_only.dsc.inc
2023-03-09 11:09 [PATCH v3 00/11] OvmfPkg: add Crypto Driver support Gerd Hoffmann
2023-03-09 11:09 ` [PATCH v3 01/11] CryptoPkg/Driver: move PCD configs to include files Gerd Hoffmann
@ 2023-03-09 11:09 ` Gerd Hoffmann
2023-03-09 11:09 ` [PATCH v3 03/11] CryptoPkg/Driver: add TPM hashes to CryptoServicePcd.min_dxe_smm.dsc.inc Gerd Hoffmann
` (9 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: Gerd Hoffmann @ 2023-03-09 11:09 UTC (permalink / raw)
To: devel
Cc: Pawel Polawski, Guomin Jiang, Jordan Justen, Jian J Wang,
James Bottomley, Gerd Hoffmann, Oliver Steffen, Erdem Aktas,
Min Xu, Xiaoyu Lu, Jiewen Yao, Ard Biesheuvel, Michael Roth,
Tom Lendacky
Contains only hash functions needed for measurements.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
CryptoPkg/Include/Dsc/CryptoServicePcd.hash_only.dsc.inc | 8 ++++++++
1 file changed, 8 insertions(+)
create mode 100644 CryptoPkg/Include/Dsc/CryptoServicePcd.hash_only.dsc.inc
diff --git a/CryptoPkg/Include/Dsc/CryptoServicePcd.hash_only.dsc.inc b/CryptoPkg/Include/Dsc/CryptoServicePcd.hash_only.dsc.inc
new file mode 100644
index 000000000000..0d5402be9a1a
--- /dev/null
+++ b/CryptoPkg/Include/Dsc/CryptoServicePcd.hash_only.dsc.inc
@@ -0,0 +1,8 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
--
2.39.2
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH v3 03/11] CryptoPkg/Driver: add TPM hashes to CryptoServicePcd.min_dxe_smm.dsc.inc
2023-03-09 11:09 [PATCH v3 00/11] OvmfPkg: add Crypto Driver support Gerd Hoffmann
2023-03-09 11:09 ` [PATCH v3 01/11] CryptoPkg/Driver: move PCD configs to include files Gerd Hoffmann
2023-03-09 11:09 ` [PATCH v3 02/11] CryptoPkg/Driver: add CryptoServicePcd.hash_only.dsc.inc Gerd Hoffmann
@ 2023-03-09 11:09 ` Gerd Hoffmann
2023-03-09 11:09 ` [PATCH v3 04/11] BaseTools: GCC5: enable lto for noopt builds on IA32 and X64 Gerd Hoffmann
` (8 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: Gerd Hoffmann @ 2023-03-09 11:09 UTC (permalink / raw)
To: devel
Cc: Pawel Polawski, Guomin Jiang, Jordan Justen, Jian J Wang,
James Bottomley, Gerd Hoffmann, Oliver Steffen, Erdem Aktas,
Min Xu, Xiaoyu Lu, Jiewen Yao, Ard Biesheuvel, Michael Roth,
Tom Lendacky
Enable Sha384 + Sha512 + Sm3.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc b/CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc
index aaf35e4c6061..9209b4c526a7 100644
--- a/CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc
+++ b/CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc
@@ -18,7 +18,9 @@
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.GetPublicKeyFromX509 | TRUE
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services.HashAll | FALSE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetSubjectName | TRUE
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetCommonName | TRUE
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetOrganizationName | TRUE
--
2.39.2
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH v3 04/11] BaseTools: GCC5: enable lto for noopt builds on IA32 and X64
2023-03-09 11:09 [PATCH v3 00/11] OvmfPkg: add Crypto Driver support Gerd Hoffmann
` (2 preceding siblings ...)
2023-03-09 11:09 ` [PATCH v3 03/11] CryptoPkg/Driver: add TPM hashes to CryptoServicePcd.min_dxe_smm.dsc.inc Gerd Hoffmann
@ 2023-03-09 11:09 ` Gerd Hoffmann
2023-03-09 11:09 ` [PATCH v3 05/11] OvmfPkg: add OvmfCrypto*.inc Gerd Hoffmann
` (7 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: Gerd Hoffmann @ 2023-03-09 11:09 UTC (permalink / raw)
To: devel
Cc: Pawel Polawski, Guomin Jiang, Jordan Justen, Jian J Wang,
James Bottomley, Gerd Hoffmann, Oliver Steffen, Erdem Aktas,
Min Xu, Xiaoyu Lu, Jiewen Yao, Ard Biesheuvel, Michael Roth,
Tom Lendacky
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
BaseTools/Conf/tools_def.template | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template
index 471eb67c0c83..7f73ed817cd9 100755
--- a/BaseTools/Conf/tools_def.template
+++ b/BaseTools/Conf/tools_def.template
@@ -2310,8 +2310,8 @@ RELEASE_GCC49_AARCH64_DLINK_XIPFLAGS = -z common-page-size=0x20
RELEASE_GCC5_IA32_CC_FLAGS = DEF(GCC5_IA32_CC_FLAGS) -flto -Wno-unused-but-set-variable -Wno-unused-const-variable
RELEASE_GCC5_IA32_DLINK_FLAGS = DEF(GCC5_IA32_X64_DLINK_FLAGS) -flto -Os -Wl,-m,elf_i386,--oformat=elf32-i386
- NOOPT_GCC5_IA32_CC_FLAGS = DEF(GCC5_IA32_CC_FLAGS) -O0
- NOOPT_GCC5_IA32_DLINK_FLAGS = DEF(GCC5_IA32_X64_DLINK_FLAGS) -Wl,-m,elf_i386,--oformat=elf32-i386 -O0
+ NOOPT_GCC5_IA32_CC_FLAGS = DEF(GCC5_IA32_CC_FLAGS) -flto -O0
+ NOOPT_GCC5_IA32_DLINK_FLAGS = DEF(GCC5_IA32_X64_DLINK_FLAGS) -flto -Wl,-m,elf_i386,--oformat=elf32-i386 -O0
##################
# GCC5 X64 definitions
@@ -2342,8 +2342,8 @@ RELEASE_GCC5_IA32_DLINK_FLAGS = DEF(GCC5_IA32_X64_DLINK_FLAGS) -flto -Os -Wl,
RELEASE_GCC5_X64_CC_FLAGS = DEF(GCC5_X64_CC_FLAGS) -flto -DUSING_LTO -Wno-unused-but-set-variable -Wno-unused-const-variable
RELEASE_GCC5_X64_DLINK_FLAGS = DEF(GCC5_X64_DLINK_FLAGS) -flto -Os
- NOOPT_GCC5_X64_CC_FLAGS = DEF(GCC5_X64_CC_FLAGS) -O0
- NOOPT_GCC5_X64_DLINK_FLAGS = DEF(GCC5_X64_DLINK_FLAGS) -O0
+ NOOPT_GCC5_X64_CC_FLAGS = DEF(GCC5_X64_CC_FLAGS) -flto -DUSING_LTO -O0
+ NOOPT_GCC5_X64_DLINK_FLAGS = DEF(GCC5_X64_DLINK_FLAGS) -flto -O0
##################
# GCC5 ARM definitions
--
2.39.2
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH v3 05/11] OvmfPkg: add OvmfCrypto*.inc
2023-03-09 11:09 [PATCH v3 00/11] OvmfPkg: add Crypto Driver support Gerd Hoffmann
` (3 preceding siblings ...)
2023-03-09 11:09 ` [PATCH v3 04/11] BaseTools: GCC5: enable lto for noopt builds on IA32 and X64 Gerd Hoffmann
@ 2023-03-09 11:09 ` Gerd Hoffmann
2023-03-09 11:09 ` [PATCH v3 06/11] OvmfPkg: OvmfPkgX64: use crypto includes Gerd Hoffmann
` (6 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: Gerd Hoffmann @ 2023-03-09 11:09 UTC (permalink / raw)
To: devel
Cc: Pawel Polawski, Guomin Jiang, Jordan Justen, Jian J Wang,
James Bottomley, Gerd Hoffmann, Oliver Steffen, Erdem Aktas,
Min Xu, Xiaoyu Lu, Jiewen Yao, Ard Biesheuvel, Michael Roth,
Tom Lendacky
Create include files for crypto support, so the configuration can be
shared for all OVMF build variants. Also add support for using the
Crypto Driver.
The Crypto Driver is by default for enabled SMM + DXE and disabled for
PEI. This can be changed using the {PEI,SMM,DXE}_USE_CRYPTO_DRIVER
options. The config option is intended to be temporary and will
probably stay for one or two releases as fallback, then be removed.
The configuration follows mostly the recommendations given in
CryptoPkg/Readme.md, with some minor exceptions like only compiling
TLS support in case NETWORK_TLS_ENABLE is TRUE.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
.../Dsc/OvmfCryptoComponentsDxe.dsc.inc | 23 ++++++
.../Dsc/OvmfCryptoComponentsPei.dsc.inc | 19 +++++
.../Dsc/OvmfCryptoComponentsSmm.dsc.inc | 18 +++++
OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc | 7 ++
OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc | 72 +++++++++++++++++++
OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc | 12 ++++
OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc | 7 ++
7 files changed, 158 insertions(+)
create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc
create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc
create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc
create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc
create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc
create mode 100644 OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc
create mode 100644 OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc
diff --git a/OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc
new file mode 100644
index 000000000000..72728aea68f5
--- /dev/null
+++ b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc
@@ -0,0 +1,23 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+# mostly following CryptoPkg/Readme.md recommendations
+##
+
+!if $(DXE_USE_CRYPTO_DRIVER) == TRUE
+
+ CryptoPkg/Driver/CryptoDxe.inf {
+ <LibraryClasses>
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+!if $(NETWORK_TLS_ENABLE) == TRUE
+ TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+!else
+ TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+!endif
+ <PcdsFixedAtBuild>
+!include CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc
+ }
+
+!endif
diff --git a/OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc
new file mode 100644
index 000000000000..0457235f8eb0
--- /dev/null
+++ b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc
@@ -0,0 +1,19 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+# mostly following CryptoPkg/Readme.md recommendations
+##
+
+!if $(PEI_USE_CRYPTO_DRIVER) == TRUE
+
+ CryptoPkg/Driver/CryptoPei.inf {
+ <LibraryClasses>
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+ TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+ <PcdsFixedAtBuild>
+#!include CryptoPkg/Include/Dsc/CryptoServicePcd.min_pei.dsc.inc
+!include CryptoPkg/Include/Dsc/CryptoServicePcd.hash_only.dsc.inc
+ }
+
+!endif
diff --git a/OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc
new file mode 100644
index 000000000000..be1647397a60
--- /dev/null
+++ b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc
@@ -0,0 +1,18 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+# mostly following CryptoPkg/Readme.md recommendations
+##
+
+!if $(SMM_USE_CRYPTO_DRIVER) == TRUE && $(SMM_REQUIRE) == TRUE
+
+ CryptoPkg/Driver/CryptoSmm.inf {
+ <LibraryClasses>
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+ TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+ <PcdsFixedAtBuild>
+!include CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc
+ }
+
+!endif
diff --git a/OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc b/OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc
new file mode 100644
index 000000000000..f005f593b4eb
--- /dev/null
+++ b/OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc
@@ -0,0 +1,7 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+ DEFINE PEI_USE_CRYPTO_DRIVER = FALSE
+ DEFINE SMM_USE_CRYPTO_DRIVER = TRUE
+ DEFINE DXE_USE_CRYPTO_DRIVER = TRUE
diff --git a/OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc b/OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc
new file mode 100644
index 000000000000..f9fdf36c1dab
--- /dev/null
+++ b/OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc
@@ -0,0 +1,72 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+# mostly following CryptoPkg/Readme.md recommendations
+##
+
+[LibraryClasses]
+ HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
+ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+
+[LibraryClasses.common.SEC]
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
+ TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+
+[LibraryClasses.common.DXE_RUNTIME_DRIVER]
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
+ TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+
+
+!if $(PEI_USE_CRYPTO_DRIVER) == TRUE
+
+[LibraryClasses.common.PEIM]
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/PeiCryptLib.inf
+ TlsLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/PeiCryptLib.inf
+
+!else
+
+[LibraryClasses.common.PEIM]
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+ TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+
+!endif
+
+
+!if $(SMM_USE_CRYPTO_DRIVER) == TRUE
+
+[LibraryClasses.common.DXE_SMM_DRIVER]
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptLib.inf
+ TlsLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptLib.inf
+
+!else
+
+[LibraryClasses.common.DXE_SMM_DRIVER]
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+ TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+
+!endif
+
+
+!if $(DXE_USE_CRYPTO_DRIVER) == TRUE
+
+[LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.UEFI_DRIVER, LibraryClasses.common.UEFI_APPLICATION]
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptLib.inf
+ TlsLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptLib.inf
+
+!else
+
+[LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.UEFI_DRIVER, LibraryClasses.common.UEFI_APPLICATION]
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+!if $(NETWORK_TLS_ENABLE) == TRUE
+ TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+!else
+ TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+!endif
+
+!endif
diff --git a/OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc b/OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc
new file mode 100644
index 000000000000..6fc12ed8656f
--- /dev/null
+++ b/OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc
@@ -0,0 +1,12 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+!if $(DXE_USE_CRYPTO_DRIVER) == TRUE
+INF CryptoPkg/Driver/CryptoDxe.inf
+!endif
+
+!if $(SMM_USE_CRYPTO_DRIVER) == TRUE && $(SMM_REQUIRE) == TRUE
+INF CryptoPkg/Driver/CryptoSmm.inf
+!endif
+
diff --git a/OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc b/OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc
new file mode 100644
index 000000000000..8b42c2da7b2a
--- /dev/null
+++ b/OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc
@@ -0,0 +1,7 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+!if $(PEI_USE_CRYPTO_DRIVER) == TRUE
+INF CryptoPkg/Driver/CryptoPei.inf
+!endif
--
2.39.2
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH v3 06/11] OvmfPkg: OvmfPkgX64: use crypto includes
2023-03-09 11:09 [PATCH v3 00/11] OvmfPkg: add Crypto Driver support Gerd Hoffmann
` (4 preceding siblings ...)
2023-03-09 11:09 ` [PATCH v3 05/11] OvmfPkg: add OvmfCrypto*.inc Gerd Hoffmann
@ 2023-03-09 11:09 ` Gerd Hoffmann
2023-03-09 11:09 ` [PATCH v3 07/11] OvmfPkg: OvmfPkgIa32X64: " Gerd Hoffmann
` (5 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: Gerd Hoffmann @ 2023-03-09 11:09 UTC (permalink / raw)
To: devel
Cc: Pawel Polawski, Guomin Jiang, Jordan Justen, Jian J Wang,
James Bottomley, Gerd Hoffmann, Oliver Steffen, Erdem Aktas,
Min Xu, Xiaoyu Lu, Jiewen Yao, Ard Biesheuvel, Michael Roth,
Tom Lendacky
Use the new crypto support include files.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
OvmfPkg/OvmfPkgX64.dsc | 22 +++++++++-------------
OvmfPkg/OvmfPkgX64.fdf | 6 ++++++
2 files changed, 15 insertions(+), 13 deletions(-)
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 04d50704c736..fed5723c4c40 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -35,6 +35,7 @@ [Defines]
DEFINE CC_MEASUREMENT_ENABLE = FALSE
!include OvmfPkg/Include/Dsc/OvmfTpmDefines.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc
#
# Shell can be useful for debugging but should not be enabled for production
@@ -232,12 +233,6 @@ [LibraryClasses]
LocalApicLib|UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf
DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
- IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
-!if $(NETWORK_TLS_ENABLE) == TRUE
- OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
-!else
- OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
-!endif
RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
!if $(SECURE_BOOT_ENABLE) == TRUE
@@ -260,10 +255,6 @@ [LibraryClasses]
#
!include NetworkPkg/NetworkLibs.dsc.inc
-!if $(NETWORK_TLS_ENABLE) == TRUE
- TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
-!endif
-
!if $(BUILD_SHELL) == TRUE
ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf
!endif
@@ -274,9 +265,9 @@ [LibraryClasses]
OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf
!include OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc
[LibraryClasses.common]
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
CcExitLib|OvmfPkg/Library/CcExitLib/CcExitLib.inf
TdxLib|MdePkg/Library/TdxLib/TdxLib.inf
TdxMailboxLib|OvmfPkg/Library/TdxMailboxLib/TdxMailboxLib.inf
@@ -385,7 +376,6 @@ [LibraryClasses.common.DXE_RUNTIME_DRIVER]
DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf
!endif
UefiRuntimeLib|MdePkg/Library/UefiRuntimeLib/UefiRuntimeLib.inf
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
@@ -474,7 +464,6 @@ [LibraryClasses.common.DXE_SMM_DRIVER]
!if $(SOURCE_DEBUG_ENABLE) == TRUE
DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/SmmDebugAgentLib.inf
!endif
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
SmmCpuRendezvousLib|UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf
@@ -976,6 +965,13 @@ [Components]
OvmfPkg/VirtioNetDxe/VirtioNet.inf
+ #
+ # Crypto Support
+ #
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc
+
#
# Usb Support
#
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index 16666ba24440..541e0df85e1d 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -189,6 +189,7 @@ [FV.PEIFV]
INF FILE_GUID = $(UP_CPU_PEI_GUID) UefiCpuPkg/CpuMpPei/CpuMpPei.inf
!include OvmfPkg/OvmfTpmPei.fdf.inc
+!include OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc
################################################################################
@@ -414,6 +415,11 @@ [FV.DXEFV]
#
!include OvmfPkg/OvmfTpmDxe.fdf.inc
+#
+# Crypto support
+#
+!include OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc
+
################################################################################
[FV.FVMAIN_COMPACT]
--
2.39.2
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH v3 07/11] OvmfPkg: OvmfPkgIa32X64: use crypto includes
2023-03-09 11:09 [PATCH v3 00/11] OvmfPkg: add Crypto Driver support Gerd Hoffmann
` (5 preceding siblings ...)
2023-03-09 11:09 ` [PATCH v3 06/11] OvmfPkg: OvmfPkgX64: use crypto includes Gerd Hoffmann
@ 2023-03-09 11:09 ` Gerd Hoffmann
2023-03-09 11:09 ` [PATCH v3 08/11] OvmfPkg: OvmfPkgIa32: " Gerd Hoffmann
` (4 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: Gerd Hoffmann @ 2023-03-09 11:09 UTC (permalink / raw)
To: devel
Cc: Pawel Polawski, Guomin Jiang, Jordan Justen, Jian J Wang,
James Bottomley, Gerd Hoffmann, Oliver Steffen, Erdem Aktas,
Min Xu, Xiaoyu Lu, Jiewen Yao, Ard Biesheuvel, Michael Roth,
Tom Lendacky
Use the new crypto support include files.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
OvmfPkg/OvmfPkgIa32X64.dsc | 22 +++++++++-------------
OvmfPkg/OvmfPkgIa32X64.fdf | 6 ++++++
2 files changed, 15 insertions(+), 13 deletions(-)
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 51db692b10fb..b032d4a3c99d 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -34,6 +34,7 @@ [Defines]
DEFINE SOURCE_DEBUG_ENABLE = FALSE
!include OvmfPkg/Include/Dsc/OvmfTpmDefines.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc
#
# Shell can be useful for debugging but should not be enabled for production
@@ -215,12 +216,6 @@ [LibraryClasses]
LocalApicLib|UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf
DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
- IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
-!if $(NETWORK_TLS_ENABLE) == TRUE
- OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
-!else
- OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
-!endif
RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
!if $(SECURE_BOOT_ENABLE) == TRUE
@@ -243,10 +238,6 @@ [LibraryClasses]
#
!include NetworkPkg/NetworkLibs.dsc.inc
-!if $(NETWORK_TLS_ENABLE) == TRUE
- TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
-!endif
-
!if $(BUILD_SHELL) == TRUE
ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf
!endif
@@ -257,9 +248,9 @@ [LibraryClasses]
OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf
!include OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc
[LibraryClasses.common]
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
CcExitLib|UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf
TdxLib|MdePkg/Library/TdxLib/TdxLib.inf
TdxMailboxLib|OvmfPkg/Library/TdxMailboxLib/TdxMailboxLibNull.inf
@@ -364,7 +355,6 @@ [LibraryClasses.common.DXE_RUNTIME_DRIVER]
DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf
!endif
UefiRuntimeLib|MdePkg/Library/UefiRuntimeLib/UefiRuntimeLib.inf
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
@@ -453,7 +443,6 @@ [LibraryClasses.common.DXE_SMM_DRIVER]
!if $(SOURCE_DEBUG_ENABLE) == TRUE
DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/SmmDebugAgentLib.inf
!endif
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
SmmCpuRendezvousLib|UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf
@@ -740,6 +729,7 @@ [Components.IA32]
UefiCpuPkg/CpuMpPei/CpuMpPei.inf
!include OvmfPkg/Include/Dsc/OvmfTpmComponentsPei.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc
[Components.X64]
#
@@ -902,6 +892,12 @@ [Components.X64]
OvmfPkg/VirtioNetDxe/VirtioNet.inf
+ #
+ # Crypto Support
+ #
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc
+
#
# Usb Support
#
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index 4c5bd0dbc3b0..cf287303cb2c 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -173,6 +173,7 @@ [FV.PEIFV]
INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf
!include OvmfPkg/OvmfTpmPei.fdf.inc
+!include OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc
################################################################################
@@ -380,6 +381,11 @@ [FV.DXEFV]
#
!include OvmfPkg/OvmfTpmDxe.fdf.inc
+#
+# Crypto support
+#
+!include OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc
+
################################################################################
[FV.FVMAIN_COMPACT]
--
2.39.2
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH v3 08/11] OvmfPkg: OvmfPkgIa32: use crypto includes
2023-03-09 11:09 [PATCH v3 00/11] OvmfPkg: add Crypto Driver support Gerd Hoffmann
` (6 preceding siblings ...)
2023-03-09 11:09 ` [PATCH v3 07/11] OvmfPkg: OvmfPkgIa32X64: " Gerd Hoffmann
@ 2023-03-09 11:09 ` Gerd Hoffmann
2023-03-09 11:09 ` [PATCH v3 09/11] OvmfPkg: Microvm: " Gerd Hoffmann
` (3 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: Gerd Hoffmann @ 2023-03-09 11:09 UTC (permalink / raw)
To: devel
Cc: Pawel Polawski, Guomin Jiang, Jordan Justen, Jian J Wang,
James Bottomley, Gerd Hoffmann, Oliver Steffen, Erdem Aktas,
Min Xu, Xiaoyu Lu, Jiewen Yao, Ard Biesheuvel, Michael Roth,
Tom Lendacky
Use the new crypto support include files.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
OvmfPkg/OvmfPkgIa32.dsc | 22 +++++++++-------------
OvmfPkg/OvmfPkgIa32.fdf | 6 ++++++
2 files changed, 15 insertions(+), 13 deletions(-)
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 22dc29330d2d..8ca29e9747c1 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -35,6 +35,7 @@ [Defines]
DEFINE LOAD_X64_ON_IA32_ENABLE = FALSE
!include OvmfPkg/Include/Dsc/OvmfTpmDefines.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc
#
# Shell can be useful for debugging but should not be enabled for production
@@ -211,12 +212,6 @@ [LibraryClasses]
LocalApicLib|UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf
DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
- IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
-!if $(NETWORK_TLS_ENABLE) == TRUE
- OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
-!else
- OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
-!endif
RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
!if $(SECURE_BOOT_ENABLE) == TRUE
@@ -239,10 +234,6 @@ [LibraryClasses]
#
!include NetworkPkg/NetworkLibs.dsc.inc
-!if $(NETWORK_TLS_ENABLE) == TRUE
- TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
-!endif
-
!if $(BUILD_SHELL) == TRUE
ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf
!endif
@@ -253,9 +244,9 @@ [LibraryClasses]
OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf
!include OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc
[LibraryClasses.common]
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
CcExitLib|UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf
TdxMailboxLib|OvmfPkg/Library/TdxMailboxLib/TdxMailboxLibNull.inf
@@ -359,7 +350,6 @@ [LibraryClasses.common.DXE_RUNTIME_DRIVER]
DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf
!endif
UefiRuntimeLib|MdePkg/Library/UefiRuntimeLib/UefiRuntimeLib.inf
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
@@ -447,7 +437,6 @@ [LibraryClasses.common.DXE_SMM_DRIVER]
!if $(SOURCE_DEBUG_ENABLE) == TRUE
DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/SmmDebugAgentLib.inf
!endif
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
SmmCpuRendezvousLib|UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf
@@ -888,6 +877,13 @@ [Components]
OvmfPkg/VirtioNetDxe/VirtioNet.inf
+ #
+ # Crypto Support
+ #
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc
+
#
# Usb Support
#
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index 5451bfb84525..552730485123 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -173,6 +173,7 @@ [FV.PEIFV]
INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf
!include OvmfPkg/OvmfTpmPei.fdf.inc
+!include OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc
################################################################################
@@ -373,6 +374,11 @@ [FV.DXEFV]
#
!include OvmfPkg/OvmfTpmDxe.fdf.inc
+#
+# Crypto support
+#
+!include OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc
+
!if $(LOAD_X64_ON_IA32_ENABLE) == TRUE
INF OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf
!endif
--
2.39.2
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH v3 09/11] OvmfPkg: Microvm: use crypto includes
2023-03-09 11:09 [PATCH v3 00/11] OvmfPkg: add Crypto Driver support Gerd Hoffmann
` (7 preceding siblings ...)
2023-03-09 11:09 ` [PATCH v3 08/11] OvmfPkg: OvmfPkgIa32: " Gerd Hoffmann
@ 2023-03-09 11:09 ` Gerd Hoffmann
2023-03-09 11:09 ` [PATCH v3 10/11] OvmfPkg: IntelTdx: " Gerd Hoffmann
` (2 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: Gerd Hoffmann @ 2023-03-09 11:09 UTC (permalink / raw)
To: devel
Cc: Pawel Polawski, Guomin Jiang, Jordan Justen, Jian J Wang,
James Bottomley, Gerd Hoffmann, Oliver Steffen, Erdem Aktas,
Min Xu, Xiaoyu Lu, Jiewen Yao, Ard Biesheuvel, Michael Roth,
Tom Lendacky
Use the new crypto support include files.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
OvmfPkg/Microvm/MicrovmX64.dsc | 24 +++++++++++-------------
OvmfPkg/Microvm/MicrovmX64.fdf | 7 +++++++
2 files changed, 18 insertions(+), 13 deletions(-)
diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc
index 76fc54865015..9ae375107414 100644
--- a/OvmfPkg/Microvm/MicrovmX64.dsc
+++ b/OvmfPkg/Microvm/MicrovmX64.dsc
@@ -33,6 +33,8 @@ [Defines]
DEFINE SMM_REQUIRE = FALSE
DEFINE SOURCE_DEBUG_ENABLE = FALSE
+!include OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc
+
#
# Network definition
#
@@ -206,12 +208,6 @@ [LibraryClasses]
LocalApicLib|UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf
DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
- IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
-!if $(NETWORK_TLS_ENABLE) == TRUE
- OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
-!else
- OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
-!endif
RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
!if $(SECURE_BOOT_ENABLE) == TRUE
@@ -234,10 +230,6 @@ [LibraryClasses]
#
!include NetworkPkg/NetworkLibs.dsc.inc
-!if $(NETWORK_TLS_ENABLE) == TRUE
- TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
-!endif
-
ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf
ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf
S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf
@@ -247,8 +239,9 @@ [LibraryClasses]
Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf
TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
+!include OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc
+
[LibraryClasses.common]
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
CcExitLib|OvmfPkg/Library/CcExitLib/CcExitLib.inf
SerialPortLib|MdeModulePkg/Library/BaseSerialPortLib16550/BaseSerialPortLib16550.inf
PlatformHookLib|MdeModulePkg/Library/BasePlatformHookLibNull/BasePlatformHookLibNull.inf
@@ -356,7 +349,6 @@ [LibraryClasses.common.DXE_RUNTIME_DRIVER]
DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf
!endif
UefiRuntimeLib|MdePkg/Library/UefiRuntimeLib/UefiRuntimeLib.inf
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
# PciLib|MdePkg/Library/BasePciLibPciExpress/BasePciLibPciExpress.inf
# PciPcdProducerLib|OvmfPkg/Fdt/FdtPciPcdProducerLib/FdtPciPcdProducerLib.inf
# PciExpressLib|OvmfPkg/Library/BaseCachingPciExpressLib/BaseCachingPciExpressLib.inf
@@ -442,7 +434,6 @@ [LibraryClasses.common.DXE_SMM_DRIVER]
!if $(SOURCE_DEBUG_ENABLE) == TRUE
DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/SmmDebugAgentLib.inf
!endif
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
PciLib|MdePkg/Library/BasePciLibPciExpress/BasePciLibPciExpress.inf
PciPcdProducerLib|OvmfPkg/Fdt/FdtPciPcdProducerLib/FdtPciPcdProducerLib.inf
PciExpressLib|OvmfPkg/Library/BaseCachingPciExpressLib/BaseCachingPciExpressLib.inf
@@ -830,6 +821,13 @@ [Components]
OvmfPkg/VirtioNetDxe/VirtioNet.inf
+ #
+ # Crypto Support
+ #
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc
+
#
# Usb Support
#
diff --git a/OvmfPkg/Microvm/MicrovmX64.fdf b/OvmfPkg/Microvm/MicrovmX64.fdf
index b83fd1e6e4fe..92d4b446b7fe 100644
--- a/OvmfPkg/Microvm/MicrovmX64.fdf
+++ b/OvmfPkg/Microvm/MicrovmX64.fdf
@@ -149,6 +149,8 @@ [FV.PEIFV]
INF UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf
INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf
+!include OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc
+
################################################################################
[FV.DXEFV]
@@ -302,6 +304,11 @@ [FV.DXEFV]
INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
+#
+# Crypto support
+#
+!include OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc
+
################################################################################
[FV.FVMAIN_COMPACT]
--
2.39.2
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH v3 10/11] OvmfPkg: IntelTdx: use crypto includes
2023-03-09 11:09 [PATCH v3 00/11] OvmfPkg: add Crypto Driver support Gerd Hoffmann
` (8 preceding siblings ...)
2023-03-09 11:09 ` [PATCH v3 09/11] OvmfPkg: Microvm: " Gerd Hoffmann
@ 2023-03-09 11:09 ` Gerd Hoffmann
2023-03-09 11:09 ` [PATCH v3 11/11] OvmfPkg: AmdSev: " Gerd Hoffmann
2023-03-20 9:54 ` [PATCH v3 00/11] OvmfPkg: add Crypto Driver support Gerd Hoffmann
11 siblings, 0 replies; 13+ messages in thread
From: Gerd Hoffmann @ 2023-03-09 11:09 UTC (permalink / raw)
To: devel
Cc: Pawel Polawski, Guomin Jiang, Jordan Justen, Jian J Wang,
James Bottomley, Gerd Hoffmann, Oliver Steffen, Erdem Aktas,
Min Xu, Xiaoyu Lu, Jiewen Yao, Ard Biesheuvel, Michael Roth,
Tom Lendacky
Use the new crypto support include files.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
OvmfPkg/IntelTdx/IntelTdxX64.dsc | 15 +++++++++------
OvmfPkg/IntelTdx/IntelTdxX64.fdf | 5 +++++
2 files changed, 14 insertions(+), 6 deletions(-)
diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
index d093660283dd..88f7b3c2cce2 100644
--- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc
+++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
@@ -36,6 +36,8 @@ [Defines]
#
DEFINE BUILD_SHELL = TRUE
+!include OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc
+
#
# Device drivers
#
@@ -191,8 +193,6 @@ [LibraryClasses]
LocalApicLib|UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf
DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
- IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
- OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
!if $(SECURE_BOOT_ENABLE) == TRUE
@@ -220,8 +220,9 @@ [LibraryClasses]
Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf
TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
+!include OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc
+
[LibraryClasses.common]
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
CcExitLib|OvmfPkg/Library/CcExitLib/CcExitLib.inf
TdxLib|MdePkg/Library/TdxLib/TdxLib.inf
TdxMailboxLib|OvmfPkg/Library/TdxMailboxLib/TdxMailboxLib.inf
@@ -280,7 +281,6 @@ [LibraryClasses.common.DXE_RUNTIME_DRIVER]
DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf
!endif
UefiRuntimeLib|MdePkg/Library/UefiRuntimeLib/UefiRuntimeLib.inf
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
@@ -356,7 +356,6 @@ [LibraryClasses.common.DXE_SMM_DRIVER]
DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf
!endif
CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SmmCpuExceptionHandlerLib.inf
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
[LibraryClasses.common.SMM_CORE]
@@ -553,7 +552,6 @@ [Components]
<LibraryClasses>
NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompressLib.inf
NULL|OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelperLib.inf
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
}
#
@@ -720,6 +718,11 @@ [Components]
MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
+ #
+ # Crypto Support
+ #
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc
+
#
# Usb Support
#
diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.fdf b/OvmfPkg/IntelTdx/IntelTdxX64.fdf
index 73dffc104301..e1b07449b7a9 100644
--- a/OvmfPkg/IntelTdx/IntelTdxX64.fdf
+++ b/OvmfPkg/IntelTdx/IntelTdxX64.fdf
@@ -257,6 +257,11 @@ [FV.DXEFV]
#
INF SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf
+#
+# Crypto support
+#
+!include OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc
+
################################################################################
[FV.NCCFV]
--
2.39.2
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH v3 11/11] OvmfPkg: AmdSev: use crypto includes
2023-03-09 11:09 [PATCH v3 00/11] OvmfPkg: add Crypto Driver support Gerd Hoffmann
` (9 preceding siblings ...)
2023-03-09 11:09 ` [PATCH v3 10/11] OvmfPkg: IntelTdx: " Gerd Hoffmann
@ 2023-03-09 11:09 ` Gerd Hoffmann
2023-03-20 9:54 ` [PATCH v3 00/11] OvmfPkg: add Crypto Driver support Gerd Hoffmann
11 siblings, 0 replies; 13+ messages in thread
From: Gerd Hoffmann @ 2023-03-09 11:09 UTC (permalink / raw)
To: devel
Cc: Pawel Polawski, Guomin Jiang, Jordan Justen, Jian J Wang,
James Bottomley, Gerd Hoffmann, Oliver Steffen, Erdem Aktas,
Min Xu, Xiaoyu Lu, Jiewen Yao, Ard Biesheuvel, Michael Roth,
Tom Lendacky
Use the new crypto support include files.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
OvmfPkg/AmdSev/AmdSevX64.dsc | 12 ++++++++----
OvmfPkg/AmdSev/AmdSevX64.fdf | 6 ++++++
2 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index f0c4dc231071..69710469e9c7 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -34,6 +34,7 @@ [Defines]
DEFINE SOURCE_DEBUG_ENABLE = FALSE
!include OvmfPkg/Include/Dsc/OvmfTpmDefines.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc
#
# Shell can be useful for debugging but should not be enabled for production
@@ -182,8 +183,6 @@ [LibraryClasses]
LocalApicLib|UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf
DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
- IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
- OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
@@ -201,9 +200,9 @@ [LibraryClasses]
OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf
!include OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc
[LibraryClasses.common]
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
CcExitLib|OvmfPkg/Library/CcExitLib/CcExitLib.inf
TdxLib|MdePkg/Library/TdxLib/TdxLib.inf
TdxMailboxLib|OvmfPkg/Library/TdxMailboxLib/TdxMailboxLibNull.inf
@@ -310,7 +309,6 @@ [LibraryClasses.common.DXE_RUNTIME_DRIVER]
DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf
!endif
UefiRuntimeLib|MdePkg/Library/UefiRuntimeLib/UefiRuntimeLib.inf
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
@@ -709,6 +707,12 @@ [Components]
OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf
MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
+ #
+ # Crypto Support
+ #
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc
+
#
# Usb Support
#
diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
index 5fb3b5d27632..84842a601262 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
@@ -163,6 +163,7 @@ [FV.PEIFV]
INF OvmfPkg/AmdSev/SecretPei/SecretPei.inf
!include OvmfPkg/OvmfTpmPei.fdf.inc
+!include OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc
################################################################################
@@ -318,6 +319,11 @@ [FV.DXEFV]
#
!include OvmfPkg/OvmfTpmDxe.fdf.inc
+#
+# Crypto support
+#
+!include OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc
+
################################################################################
[FV.FVMAIN_COMPACT]
--
2.39.2
^ permalink raw reply related [flat|nested] 13+ messages in thread
* Re: [PATCH v3 00/11] OvmfPkg: add Crypto Driver support
2023-03-09 11:09 [PATCH v3 00/11] OvmfPkg: add Crypto Driver support Gerd Hoffmann
` (10 preceding siblings ...)
2023-03-09 11:09 ` [PATCH v3 11/11] OvmfPkg: AmdSev: " Gerd Hoffmann
@ 2023-03-20 9:54 ` Gerd Hoffmann
11 siblings, 0 replies; 13+ messages in thread
From: Gerd Hoffmann @ 2023-03-20 9:54 UTC (permalink / raw)
To: devel
Cc: Pawel Polawski, Guomin Jiang, Jordan Justen, Jian J Wang,
James Bottomley, Oliver Steffen, Erdem Aktas, Min Xu, Xiaoyu Lu,
Jiewen Yao, Ard Biesheuvel, Michael Roth, Tom Lendacky
On Thu, Mar 09, 2023 at 12:09:23PM +0100, Gerd Hoffmann wrote:
> v3 changes:
> - rebase to latest master.
> - enable crypto driver only for SMM + DXE.
> - CI passes now \o/
Ping. Any comments on this series?
take care,
Gerd
^ permalink raw reply [flat|nested] 13+ messages in thread
end of thread, other threads:[~2023-03-20 9:54 UTC | newest]
Thread overview: 13+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-03-09 11:09 [PATCH v3 00/11] OvmfPkg: add Crypto Driver support Gerd Hoffmann
2023-03-09 11:09 ` [PATCH v3 01/11] CryptoPkg/Driver: move PCD configs to include files Gerd Hoffmann
2023-03-09 11:09 ` [PATCH v3 02/11] CryptoPkg/Driver: add CryptoServicePcd.hash_only.dsc.inc Gerd Hoffmann
2023-03-09 11:09 ` [PATCH v3 03/11] CryptoPkg/Driver: add TPM hashes to CryptoServicePcd.min_dxe_smm.dsc.inc Gerd Hoffmann
2023-03-09 11:09 ` [PATCH v3 04/11] BaseTools: GCC5: enable lto for noopt builds on IA32 and X64 Gerd Hoffmann
2023-03-09 11:09 ` [PATCH v3 05/11] OvmfPkg: add OvmfCrypto*.inc Gerd Hoffmann
2023-03-09 11:09 ` [PATCH v3 06/11] OvmfPkg: OvmfPkgX64: use crypto includes Gerd Hoffmann
2023-03-09 11:09 ` [PATCH v3 07/11] OvmfPkg: OvmfPkgIa32X64: " Gerd Hoffmann
2023-03-09 11:09 ` [PATCH v3 08/11] OvmfPkg: OvmfPkgIa32: " Gerd Hoffmann
2023-03-09 11:09 ` [PATCH v3 09/11] OvmfPkg: Microvm: " Gerd Hoffmann
2023-03-09 11:09 ` [PATCH v3 10/11] OvmfPkg: IntelTdx: " Gerd Hoffmann
2023-03-09 11:09 ` [PATCH v3 11/11] OvmfPkg: AmdSev: " Gerd Hoffmann
2023-03-20 9:54 ` [PATCH v3 00/11] OvmfPkg: add Crypto Driver support Gerd Hoffmann
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox