From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.groups.io with SMTP id smtpd.web11.10590.1678360195175887226 for ; Thu, 09 Mar 2023 03:09:55 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=J8c4yh8I; spf=pass (domain: redhat.com, ip: 170.10.129.124, mailfrom: kraxel@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1678360194; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=sZCRe61gsTDIjEsKI1p9FpK0Hidhoh7+wl4fkcojPZw=; b=J8c4yh8I+Br4rtWxKVoh9tpQoQ5ONSaZsCsfVJucvWJbVLdJdENyQH8HP2SCnJZ7fCnbJZ /o3cZ69hJBM7e19T+GA/vHMX+6AscYIPganDC+yZvHlbQ5TiQgC4V7UHAt3ZbzdiPsQQUU wImTMg30hJDYP7Nsfj/z5+AIPQaBckc= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-195-cTUn1Z9wO1ed5ZEBXjBXwg-1; Thu, 09 Mar 2023 06:09:50 -0500 X-MC-Unique: cTUn1Z9wO1ed5ZEBXjBXwg-1 Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com [10.11.54.9]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id AE45785A588; Thu, 9 Mar 2023 11:09:49 +0000 (UTC) Received: from sirius.home.kraxel.org (unknown [10.39.192.39]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 560FE492B04; Thu, 9 Mar 2023 11:09:49 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 3DD8F18003BF; Thu, 9 Mar 2023 12:09:34 +0100 (CET) From: "Gerd Hoffmann" To: devel@edk2.groups.io Cc: Pawel Polawski , Guomin Jiang , Jordan Justen , Jian J Wang , James Bottomley , Gerd Hoffmann , Oliver Steffen , Erdem Aktas , Min Xu , Xiaoyu Lu , Jiewen Yao , Ard Biesheuvel , Michael Roth , Tom Lendacky Subject: [PATCH v3 05/11] OvmfPkg: add OvmfCrypto*.inc Date: Thu, 9 Mar 2023 12:09:28 +0100 Message-Id: <20230309110934.853991-6-kraxel@redhat.com> In-Reply-To: <20230309110934.853991-1-kraxel@redhat.com> References: <20230309110934.853991-1-kraxel@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.9 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII"; x-default=true Create include files for crypto support, so the configuration can be shared for all OVMF build variants. Also add support for using the Crypto Driver. The Crypto Driver is by default for enabled SMM + DXE and disabled for PEI. This can be changed using the {PEI,SMM,DXE}_USE_CRYPTO_DRIVER options. The config option is intended to be temporary and will probably stay for one or two releases as fallback, then be removed. The configuration follows mostly the recommendations given in CryptoPkg/Readme.md, with some minor exceptions like only compiling TLS support in case NETWORK_TLS_ENABLE is TRUE. Signed-off-by: Gerd Hoffmann --- .../Dsc/OvmfCryptoComponentsDxe.dsc.inc | 23 ++++++ .../Dsc/OvmfCryptoComponentsPei.dsc.inc | 19 +++++ .../Dsc/OvmfCryptoComponentsSmm.dsc.inc | 18 +++++ OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc | 7 ++ OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc | 72 +++++++++++++++++++ OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc | 12 ++++ OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc | 7 ++ 7 files changed, 158 insertions(+) create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc create mode 100644 OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc create mode 100644 OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc diff --git a/OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc new file mode 100644 index 000000000000..72728aea68f5 --- /dev/null +++ b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc @@ -0,0 +1,23 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +# mostly following CryptoPkg/Readme.md recommendations +## + +!if $(DXE_USE_CRYPTO_DRIVER) == TRUE + + CryptoPkg/Driver/CryptoDxe.inf { + + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +!if $(NETWORK_TLS_ENABLE) == TRUE + TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf +!else + TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +!endif + +!include CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc + } + +!endif diff --git a/OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc new file mode 100644 index 000000000000..0457235f8eb0 --- /dev/null +++ b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc @@ -0,0 +1,19 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +# mostly following CryptoPkg/Readme.md recommendations +## + +!if $(PEI_USE_CRYPTO_DRIVER) == TRUE + + CryptoPkg/Driver/CryptoPei.inf { + + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf + TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf + +#!include CryptoPkg/Include/Dsc/CryptoServicePcd.min_pei.dsc.inc +!include CryptoPkg/Include/Dsc/CryptoServicePcd.hash_only.dsc.inc + } + +!endif diff --git a/OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc new file mode 100644 index 000000000000..be1647397a60 --- /dev/null +++ b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc @@ -0,0 +1,18 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +# mostly following CryptoPkg/Readme.md recommendations +## + +!if $(SMM_USE_CRYPTO_DRIVER) == TRUE && $(SMM_REQUIRE) == TRUE + + CryptoPkg/Driver/CryptoSmm.inf { + + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf + TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf + +!include CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc + } + +!endif diff --git a/OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc b/OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc new file mode 100644 index 000000000000..f005f593b4eb --- /dev/null +++ b/OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc @@ -0,0 +1,7 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + + DEFINE PEI_USE_CRYPTO_DRIVER = FALSE + DEFINE SMM_USE_CRYPTO_DRIVER = TRUE + DEFINE DXE_USE_CRYPTO_DRIVER = TRUE diff --git a/OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc b/OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc new file mode 100644 index 000000000000..f9fdf36c1dab --- /dev/null +++ b/OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc @@ -0,0 +1,72 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +# mostly following CryptoPkg/Readme.md recommendations +## + +[LibraryClasses] + HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf + +[LibraryClasses.common.SEC] + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf + TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf + +[LibraryClasses.common.DXE_RUNTIME_DRIVER] + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf + TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf + + +!if $(PEI_USE_CRYPTO_DRIVER) == TRUE + +[LibraryClasses.common.PEIM] + BaseCryptLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/PeiCryptLib.inf + TlsLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/PeiCryptLib.inf + +!else + +[LibraryClasses.common.PEIM] + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf + TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf + +!endif + + +!if $(SMM_USE_CRYPTO_DRIVER) == TRUE + +[LibraryClasses.common.DXE_SMM_DRIVER] + BaseCryptLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptLib.inf + TlsLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptLib.inf + +!else + +[LibraryClasses.common.DXE_SMM_DRIVER] + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf + TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf + +!endif + + +!if $(DXE_USE_CRYPTO_DRIVER) == TRUE + +[LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.UEFI_DRIVER, LibraryClasses.common.UEFI_APPLICATION] + BaseCryptLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptLib.inf + TlsLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptLib.inf + +!else + +[LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.UEFI_DRIVER, LibraryClasses.common.UEFI_APPLICATION] + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +!if $(NETWORK_TLS_ENABLE) == TRUE + TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf +!else + TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +!endif + +!endif diff --git a/OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc b/OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc new file mode 100644 index 000000000000..6fc12ed8656f --- /dev/null +++ b/OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc @@ -0,0 +1,12 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(DXE_USE_CRYPTO_DRIVER) == TRUE +INF CryptoPkg/Driver/CryptoDxe.inf +!endif + +!if $(SMM_USE_CRYPTO_DRIVER) == TRUE && $(SMM_REQUIRE) == TRUE +INF CryptoPkg/Driver/CryptoSmm.inf +!endif + diff --git a/OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc b/OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc new file mode 100644 index 000000000000..8b42c2da7b2a --- /dev/null +++ b/OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc @@ -0,0 +1,7 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(PEI_USE_CRYPTO_DRIVER) == TRUE +INF CryptoPkg/Driver/CryptoPei.inf +!endif -- 2.39.2