* [RFC 0/6] Create central repository for boilerplate configuration
@ 2017-09-20 17:27 Leif Lindholm
2017-09-20 17:27 ` [RFC 1/6] ConfigPkg: add new package for holding common config fragments Leif Lindholm
` (8 more replies)
0 siblings, 9 replies; 16+ messages in thread
From: Leif Lindholm @ 2017-09-20 17:27 UTC (permalink / raw)
To: edk2-devel
Cc: Andrew Fish, Michael D Kinney, Ard Biesheuvel, Laszlo Ersek,
Jordan Justen
An awful lot of platform configuration is just repeated verbatim for
every platform. This is my first stab at eliminating some of this
redundancy.
I have additional bits as work in progress, but before I sink too much
time into it, I would like to try to gather feedback on this approach
(all the way down to directory structure).
This first round deals with basic network support and Secure Boot
requirements.
Leif Lindholm (6):
ConfigPkg: add new package for holding common config fragments
ArmVirtPkg: use ConfigPkg for common network items
OvmfPkg: use ConfigPkg for common network items
ConfigPkg: add common Security settings
ArmVirtPkg: use ConfigPkg for common security items
OvmfPkg: use ConfigPkg for common security items
ArmVirtPkg/ArmVirt.dsc.inc | 25 ++--------
ArmVirtPkg/ArmVirtQemu.dsc | 46 +++---------------
ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 24 ++--------
ArmVirtPkg/ArmVirtQemuKernel.dsc | 46 +++---------------
ConfigPkg/Network/Network.dsc.inc | 92 ++++++++++++++++++++++++++++++++++++
ConfigPkg/Network/Network.fdf.inc | 47 ++++++++++++++++++
ConfigPkg/Security/Security.dsc.inc | 67 ++++++++++++++++++++++++++
ConfigPkg/Security/Security.fdf.inc | 17 +++++++
OvmfPkg/OvmfPkgIa32.dsc | 92 ++++--------------------------------
OvmfPkg/OvmfPkgIa32.fdf | 37 +--------------
OvmfPkg/OvmfPkgIa32X64.dsc | 90 ++++-------------------------------
OvmfPkg/OvmfPkgIa32X64.fdf | 37 +--------------
OvmfPkg/OvmfPkgX64.dsc | 92 ++++--------------------------------
OvmfPkg/OvmfPkgX64.fdf | 37 +--------------
14 files changed, 276 insertions(+), 473 deletions(-)
create mode 100644 ConfigPkg/Network/Network.dsc.inc
create mode 100644 ConfigPkg/Network/Network.fdf.inc
create mode 100644 ConfigPkg/Security/Security.dsc.inc
create mode 100644 ConfigPkg/Security/Security.fdf.inc
--
2.11.0
^ permalink raw reply [flat|nested] 16+ messages in thread
* [RFC 1/6] ConfigPkg: add new package for holding common config fragments
2017-09-20 17:27 [RFC 0/6] Create central repository for boilerplate configuration Leif Lindholm
@ 2017-09-20 17:27 ` Leif Lindholm
2017-09-21 0:05 ` Ard Biesheuvel
2017-09-20 17:27 ` [RFC 2/6] ArmVirtPkg: use ConfigPkg for common network items Leif Lindholm
` (7 subsequent siblings)
8 siblings, 1 reply; 16+ messages in thread
From: Leif Lindholm @ 2017-09-20 17:27 UTC (permalink / raw)
To: edk2-devel
Cc: Andrew Fish, Michael D Kinney, Ard Biesheuvel, Laszlo Ersek,
Jordan Justen
Start with common networking options.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
---
ConfigPkg/Network/Network.dsc.inc | 92 +++++++++++++++++++++++++++++++++++++++
ConfigPkg/Network/Network.fdf.inc | 47 ++++++++++++++++++++
2 files changed, 139 insertions(+)
create mode 100644 ConfigPkg/Network/Network.dsc.inc
create mode 100644 ConfigPkg/Network/Network.fdf.inc
diff --git a/ConfigPkg/Network/Network.dsc.inc b/ConfigPkg/Network/Network.dsc.inc
new file mode 100644
index 0000000000..8c53350deb
--- /dev/null
+++ b/ConfigPkg/Network/Network.dsc.inc
@@ -0,0 +1,92 @@
+## @file
+#
+# Copyright (c) 2017, Linaro ltd. All rights reserved.<BR>
+#
+# This program and the accompanying materials are licensed and made available
+# under the terms and conditions of the BSD License which accompanies this
+# distribution. The full text of the license may be found at
+# http://opensource.org/licenses/bsd-license.php
+#
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+##
+
+
+################################################################################
+#
+# Library Class section
+#
+################################################################################
+[LibraryClasses]
+ DpcLib|MdeModulePkg/Library/DxeDpcLib/DxeDpcLib.inf
+ IpIoLib|MdeModulePkg/Library/DxeIpIoLib/DxeIpIoLib.inf
+ NetLib|MdeModulePkg/Library/DxeNetLib/DxeNetLib.inf
+ UdpIoLib|MdeModulePkg/Library/DxeUdpIoLib/DxeUdpIoLib.inf
+
+!if $(CONFIG_HTTP_BOOT_ENABLE) == TRUE
+ HttpLib|MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.inf
+!endif
+
+!if $(CONFIG_NETWORK_IP6_ENABLE) == TRUE
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+ TcpIoLib|MdeModulePkg/Library/DxeTcpIoLib/DxeTcpIoLib.inf
+!endif
+
+!if $(CONFIG_TLS_ENABLE) == TRUE
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+ TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
+!else
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+!endif
+
+
+#################################################################################
+# Pcd Section
+#
+################################################################################
+[PcdsFixedAtBuild]
+!if $(CONFIG_HTTP_BOOT_ENABLE) == TRUE
+ gEfiNetworkPkgTokenSpaceGuid.PcdAllowHttpConnections|TRUE
+!endif
+
+
+################################################################################
+#
+# Components Section
+#
+################################################################################
+[Components]
+ MdeModulePkg/Universal/Network/ArpDxe/ArpDxe.inf
+ MdeModulePkg/Universal/Network/Dhcp4Dxe/Dhcp4Dxe.inf
+ MdeModulePkg/Universal/Network/DpcDxe/DpcDxe.inf
+ MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Dxe.inf
+ MdeModulePkg/Universal/Network/MnpDxe/MnpDxe.inf
+ MdeModulePkg/Universal/Network/Mtftp4Dxe/Mtftp4Dxe.inf
+ MdeModulePkg/Universal/Network/SnpDxe/SnpDxe.inf
+ MdeModulePkg/Universal/Network/Udp4Dxe/Udp4Dxe.inf
+ MdeModulePkg/Universal/Network/VlanConfigDxe/VlanConfigDxe.inf
+!if $(CONFIG_NETWORK_IP6_ENABLE) == TRUE
+ NetworkPkg/Dhcp6Dxe/Dhcp6Dxe.inf
+ NetworkPkg/Ip6Dxe/Ip6Dxe.inf
+ NetworkPkg/IScsiDxe/IScsiDxe.inf
+ NetworkPkg/Mtftp6Dxe/Mtftp6Dxe.inf
+ NetworkPkg/TcpDxe/TcpDxe.inf
+ NetworkPkg/Udp6Dxe/Udp6Dxe.inf
+ NetworkPkg/UefiPxeBcDxe/UefiPxeBcDxe.inf
+!else
+ MdeModulePkg/Universal/Network/IScsiDxe/IScsiDxe.inf
+ MdeModulePkg/Universal/Network/Tcp4Dxe/Tcp4Dxe.inf
+ MdeModulePkg/Universal/Network/UefiPxeBcDxe/UefiPxeBcDxe.inf
+!endif
+!if $(CONFIG_HTTP_BOOT_ENABLE) == TRUE
+ NetworkPkg/DnsDxe/DnsDxe.inf
+ NetworkPkg/HttpBootDxe/HttpBootDxe.inf
+ NetworkPkg/HttpDxe/HttpDxe.inf
+ NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf
+!endif
+!if $(CONFIG_TLS_ENABLE) == TRUE
+ NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf
+ NetworkPkg/TlsDxe/TlsDxe.inf
+!endif
diff --git a/ConfigPkg/Network/Network.fdf.inc b/ConfigPkg/Network/Network.fdf.inc
new file mode 100644
index 0000000000..614fd18a9a
--- /dev/null
+++ b/ConfigPkg/Network/Network.fdf.inc
@@ -0,0 +1,47 @@
+## @file
+#
+# Copyright (c) 2017, Linaro ltd. All rights reserved.<BR>
+#
+# This program and the accompanying materials are licensed and made available
+# under the terms and conditions of the BSD License which accompanies this
+# distribution. The full text of the license may be found at
+# http://opensource.org/licenses/bsd-license.php
+#
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+##
+
+
+ INF MdeModulePkg/Universal/Network/ArpDxe/ArpDxe.inf
+ INF MdeModulePkg/Universal/Network/Dhcp4Dxe/Dhcp4Dxe.inf
+ INF MdeModulePkg/Universal/Network/DpcDxe/DpcDxe.inf
+ INF MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Dxe.inf
+ INF MdeModulePkg/Universal/Network/MnpDxe/MnpDxe.inf
+ INF MdeModulePkg/Universal/Network/Mtftp4Dxe/Mtftp4Dxe.inf
+ INF MdeModulePkg/Universal/Network/SnpDxe/SnpDxe.inf
+ INF MdeModulePkg/Universal/Network/Udp4Dxe/Udp4Dxe.inf
+ INF MdeModulePkg/Universal/Network/VlanConfigDxe/VlanConfigDxe.inf
+!if $(CONFIG_NETWORK_IP6_ENABLE) == TRUE
+ INF NetworkPkg/Dhcp6Dxe/Dhcp6Dxe.inf
+ INF NetworkPkg/Ip6Dxe/Ip6Dxe.inf
+ INF NetworkPkg/IScsiDxe/IScsiDxe.inf
+ INF NetworkPkg/Mtftp6Dxe/Mtftp6Dxe.inf
+ INF NetworkPkg/TcpDxe/TcpDxe.inf
+ INF NetworkPkg/Udp6Dxe/Udp6Dxe.inf
+ INF NetworkPkg/UefiPxeBcDxe/UefiPxeBcDxe.inf
+!else
+ INF MdeModulePkg/Universal/Network/IScsiDxe/IScsiDxe.inf
+ INF MdeModulePkg/Universal/Network/Tcp4Dxe/Tcp4Dxe.inf
+ INF MdeModulePkg/Universal/Network/UefiPxeBcDxe/UefiPxeBcDxe.inf
+!endif
+!if $(CONFIG_HTTP_BOOT_ENABLE) == TRUE
+ INF NetworkPkg/DnsDxe/DnsDxe.inf
+ INF NetworkPkg/HttpBootDxe/HttpBootDxe.inf
+ INF NetworkPkg/HttpDxe/HttpDxe.inf
+ INF NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf
+!endif
+!if $(CONFIG_TLS_ENABLE) == TRUE
+ INF NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf
+ INF NetworkPkg/TlsDxe/TlsDxe.inf
+!endif
--
2.11.0
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [RFC 2/6] ArmVirtPkg: use ConfigPkg for common network items
2017-09-20 17:27 [RFC 0/6] Create central repository for boilerplate configuration Leif Lindholm
2017-09-20 17:27 ` [RFC 1/6] ConfigPkg: add new package for holding common config fragments Leif Lindholm
@ 2017-09-20 17:27 ` Leif Lindholm
2017-09-20 17:27 ` [RFC 3/6] OvmfPkg: " Leif Lindholm
` (6 subsequent siblings)
8 siblings, 0 replies; 16+ messages in thread
From: Leif Lindholm @ 2017-09-20 17:27 UTC (permalink / raw)
To: edk2-devel
Cc: Andrew Fish, Michael D Kinney, Ard Biesheuvel, Laszlo Ersek,
Jordan Justen
Remove boilerplate from the QEMU platforms by including
ConfigPkg/Network/Network.{dsc|fdf}.inc.
As a side effect, this enables support for building in IPv6 support,
by specifying -D CONFIG_NETWORK_IP6_ENABLE=TRUE.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
---
ArmVirtPkg/ArmVirt.dsc.inc | 6 ------
ArmVirtPkg/ArmVirtQemu.dsc | 34 ++++------------------------------
ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 23 ++---------------------
ArmVirtPkg/ArmVirtQemuKernel.dsc | 34 ++++------------------------------
4 files changed, 10 insertions(+), 87 deletions(-)
diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
index c92a69281a..a9fdddcd6c 100644
--- a/ArmVirtPkg/ArmVirt.dsc.inc
+++ b/ArmVirtPkg/ArmVirt.dsc.inc
@@ -71,12 +71,6 @@
# use the accelerated BaseMemoryLibOptDxe by default, overrides for SEC/PEI below
BaseMemoryLib|MdePkg/Library/BaseMemoryLibOptDxe/BaseMemoryLibOptDxe.inf
- # Networking Requirements
- NetLib|MdeModulePkg/Library/DxeNetLib/DxeNetLib.inf
- DpcLib|MdeModulePkg/Library/DxeDpcLib/DxeDpcLib.inf
- UdpIoLib|MdeModulePkg/Library/DxeUdpIoLib/DxeUdpIoLib.inf
- IpIoLib|MdeModulePkg/Library/DxeIpIoLib/DxeIpIoLib.inf
-
#
# It is not possible to prevent the ARM compiler from inserting calls to intrinsic functions.
# This library provides the instrinsic functions such a compiler may generate calls to.
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index 8a60b61f2a..71d3fb252f 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -33,10 +33,13 @@
# Defines for default states. These can be changed on the command line.
# -D FLAG=VALUE
#
+ DEFINE CONFIG_HTTP_BOOT_ENABLE = FALSE
+ DEFINE CONFIG_NETWORK_IP6_ENABLE = FALSE
+ DEFINE CONFIG_TLS_ENABLE = FALSE
DEFINE SECURE_BOOT_ENABLE = FALSE
- DEFINE HTTP_BOOT_ENABLE = FALSE
!include ArmVirtPkg/ArmVirt.dsc.inc
+!include ConfigPkg/Network/Network.dsc.inc
[LibraryClasses.common]
ArmLib|ArmPkg/Library/ArmLib/ArmBaseLib.inf
@@ -64,10 +67,6 @@
PciSegmentLib|MdePkg/Library/BasePciSegmentLibPci/BasePciSegmentLibPci.inf
PciHostBridgeLib|ArmVirtPkg/Library/FdtPciHostBridgeLib/FdtPciHostBridgeLib.inf
-!if $(HTTP_BOOT_ENABLE) == TRUE
- HttpLib|MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.inf
-!endif
-
[LibraryClasses.common.UEFI_DRIVER]
UefiScsiLib|MdePkg/Library/UefiScsiLib/UefiScsiLib.inf
@@ -129,10 +128,6 @@
#
gArmTokenSpaceGuid.PcdArmArchTimerFreqInHz|0
-!if $(HTTP_BOOT_ENABLE) == TRUE
- gEfiNetworkPkgTokenSpaceGuid.PcdAllowHttpConnections|TRUE
-!endif
-
# System Memory Base -- fixed at 0x4000_0000
gArmTokenSpaceGuid.PcdSystemMemoryBase|0x40000000
@@ -334,27 +329,6 @@
}
#
- # Networking stack
- #
- MdeModulePkg/Universal/Network/DpcDxe/DpcDxe.inf
- MdeModulePkg/Universal/Network/ArpDxe/ArpDxe.inf
- MdeModulePkg/Universal/Network/Dhcp4Dxe/Dhcp4Dxe.inf
- MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Dxe.inf
- MdeModulePkg/Universal/Network/MnpDxe/MnpDxe.inf
- MdeModulePkg/Universal/Network/VlanConfigDxe/VlanConfigDxe.inf
- MdeModulePkg/Universal/Network/Mtftp4Dxe/Mtftp4Dxe.inf
- MdeModulePkg/Universal/Network/Tcp4Dxe/Tcp4Dxe.inf
- MdeModulePkg/Universal/Network/Udp4Dxe/Udp4Dxe.inf
- MdeModulePkg/Universal/Network/UefiPxeBcDxe/UefiPxeBcDxe.inf
- MdeModulePkg/Universal/Network/IScsiDxe/IScsiDxe.inf
-!if $(HTTP_BOOT_ENABLE) == TRUE
- NetworkPkg/DnsDxe/DnsDxe.inf
- NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf
- NetworkPkg/HttpDxe/HttpDxe.inf
- NetworkPkg/HttpBootDxe/HttpBootDxe.inf
-!endif
-
- #
# SCSI Bus and Disk Driver
#
MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf
diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
index 744006d13c..504fdf5fa9 100644
--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
+++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
@@ -44,6 +44,8 @@ READ_STATUS = TRUE
READ_LOCK_CAP = TRUE
READ_LOCK_STATUS = TRUE
+!include ConfigPkg/Network/Network.fdf.inc
+
INF MdeModulePkg/Core/Dxe/DxeMain.inf
INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
INF ArmVirtPkg/VirtioFdtDxe/VirtioFdtDxe.inf
@@ -115,27 +117,6 @@ READ_LOCK_STATUS = TRUE
INF MdeModulePkg/Application/UiApp/UiApp.inf
#
- # Networking stack
- #
- INF MdeModulePkg/Universal/Network/DpcDxe/DpcDxe.inf
- INF MdeModulePkg/Universal/Network/ArpDxe/ArpDxe.inf
- INF MdeModulePkg/Universal/Network/Dhcp4Dxe/Dhcp4Dxe.inf
- INF MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Dxe.inf
- INF MdeModulePkg/Universal/Network/MnpDxe/MnpDxe.inf
- INF MdeModulePkg/Universal/Network/VlanConfigDxe/VlanConfigDxe.inf
- INF MdeModulePkg/Universal/Network/Mtftp4Dxe/Mtftp4Dxe.inf
- INF MdeModulePkg/Universal/Network/Tcp4Dxe/Tcp4Dxe.inf
- INF MdeModulePkg/Universal/Network/Udp4Dxe/Udp4Dxe.inf
- INF MdeModulePkg/Universal/Network/UefiPxeBcDxe/UefiPxeBcDxe.inf
- INF MdeModulePkg/Universal/Network/IScsiDxe/IScsiDxe.inf
-!if $(HTTP_BOOT_ENABLE) == TRUE
- INF NetworkPkg/DnsDxe/DnsDxe.inf
- INF NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf
- INF NetworkPkg/HttpDxe/HttpDxe.inf
- INF NetworkPkg/HttpBootDxe/HttpBootDxe.inf
-!endif
-
- #
# SCSI Bus and Disk Driver
#
INF MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf
diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
index 9a31ec93ca..db62c1d611 100644
--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
@@ -33,10 +33,13 @@
# Defines for default states. These can be changed on the command line.
# -D FLAG=VALUE
#
+ DEFINE CONFIG_HTTP_BOOT_ENABLE = FALSE
+ DEFINE CONFIG_NETWORK_IP6_ENABLE = FALSE
+ DEFINE CONFIG_TLS_ENABLE = FALSE
DEFINE SECURE_BOOT_ENABLE = FALSE
- DEFINE HTTP_BOOT_ENABLE = FALSE
!include ArmVirtPkg/ArmVirt.dsc.inc
+!include ConfigPkg/Network/Network.dsc.inc
[LibraryClasses.common]
ArmLib|ArmPkg/Library/ArmLib/ArmBaseLib.inf
@@ -64,10 +67,6 @@
PciSegmentLib|MdePkg/Library/BasePciSegmentLibPci/BasePciSegmentLibPci.inf
PciHostBridgeLib|ArmVirtPkg/Library/FdtPciHostBridgeLib/FdtPciHostBridgeLib.inf
-!if $(HTTP_BOOT_ENABLE) == TRUE
- HttpLib|MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.inf
-!endif
-
[LibraryClasses.common.UEFI_DRIVER]
UefiScsiLib|MdePkg/Library/UefiScsiLib/UefiScsiLib.inf
@@ -134,10 +133,6 @@
#
gArmTokenSpaceGuid.PcdArmArchTimerFreqInHz|0
-!if $(HTTP_BOOT_ENABLE) == TRUE
- gEfiNetworkPkgTokenSpaceGuid.PcdAllowHttpConnections|TRUE
-!endif
-
[PcdsPatchableInModule.common]
#
# This will be overridden in the code
@@ -325,27 +320,6 @@
}
#
- # Networking stack
- #
- MdeModulePkg/Universal/Network/DpcDxe/DpcDxe.inf
- MdeModulePkg/Universal/Network/ArpDxe/ArpDxe.inf
- MdeModulePkg/Universal/Network/Dhcp4Dxe/Dhcp4Dxe.inf
- MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Dxe.inf
- MdeModulePkg/Universal/Network/MnpDxe/MnpDxe.inf
- MdeModulePkg/Universal/Network/VlanConfigDxe/VlanConfigDxe.inf
- MdeModulePkg/Universal/Network/Mtftp4Dxe/Mtftp4Dxe.inf
- MdeModulePkg/Universal/Network/Tcp4Dxe/Tcp4Dxe.inf
- MdeModulePkg/Universal/Network/Udp4Dxe/Udp4Dxe.inf
- MdeModulePkg/Universal/Network/UefiPxeBcDxe/UefiPxeBcDxe.inf
- MdeModulePkg/Universal/Network/IScsiDxe/IScsiDxe.inf
-!if $(HTTP_BOOT_ENABLE) == TRUE
- NetworkPkg/DnsDxe/DnsDxe.inf
- NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf
- NetworkPkg/HttpDxe/HttpDxe.inf
- NetworkPkg/HttpBootDxe/HttpBootDxe.inf
-!endif
-
- #
# SCSI Bus and Disk Driver
#
MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf
--
2.11.0
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [RFC 3/6] OvmfPkg: use ConfigPkg for common network items
2017-09-20 17:27 [RFC 0/6] Create central repository for boilerplate configuration Leif Lindholm
2017-09-20 17:27 ` [RFC 1/6] ConfigPkg: add new package for holding common config fragments Leif Lindholm
2017-09-20 17:27 ` [RFC 2/6] ArmVirtPkg: use ConfigPkg for common network items Leif Lindholm
@ 2017-09-20 17:27 ` Leif Lindholm
2017-09-20 17:27 ` [RFC 4/6] ConfigPkg: add common Security settings Leif Lindholm
` (5 subsequent siblings)
8 siblings, 0 replies; 16+ messages in thread
From: Leif Lindholm @ 2017-09-20 17:27 UTC (permalink / raw)
To: edk2-devel
Cc: Andrew Fish, Michael D Kinney, Ard Biesheuvel, Laszlo Ersek,
Jordan Justen
Remove boilerplate from the Ovmf platforms by including
ConfigPkg/Network/Network.{dsc|fdf}.inc.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
---
OvmfPkg/OvmfPkgIa32.dsc | 67 +++++-----------------------------------------
OvmfPkg/OvmfPkgIa32.fdf | 33 +----------------------
OvmfPkg/OvmfPkgIa32X64.dsc | 67 +++++-----------------------------------------
OvmfPkg/OvmfPkgIa32X64.fdf | 33 +----------------------
OvmfPkg/OvmfPkgX64.dsc | 67 +++++-----------------------------------------
OvmfPkg/OvmfPkgX64.fdf | 33 +----------------------
6 files changed, 21 insertions(+), 279 deletions(-)
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 92e943d4a0..99175155a2 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -34,11 +34,11 @@
# Defines for default states. These can be changed on the command line.
# -D FLAG=VALUE
#
+ DEFINE CONFIG_HTTP_BOOT_ENABLE = FALSE
+ DEFINE CONFIG_NETWORK_IP6_ENABLE = FALSE
+ DEFINE CONFIG_TLS_ENABLE = FALSE
DEFINE SECURE_BOOT_ENABLE = FALSE
- DEFINE NETWORK_IP6_ENABLE = FALSE
- DEFINE HTTP_BOOT_ENABLE = FALSE
DEFINE SMM_REQUIRE = FALSE
- DEFINE TLS_ENABLE = FALSE
#
# Flash size selection. Setting FD_SIZE_IN_KB on the command line directly to
@@ -59,6 +59,8 @@
!endif
!endif
+!include ConfigPkg/Network/Network.dsc.inc
+
[BuildOptions]
GCC:*_UNIXGCC_*_CC_FLAGS = -DMDEPKG_NDEBUG
GCC:RELEASE_*_*_CC_FLAGS = -DMDEPKG_NDEBUG
@@ -136,10 +138,6 @@
FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf
UefiCpuLib|UefiCpuPkg/Library/BaseUefiCpuLib/BaseUefiCpuLib.inf
SecurityManagementLib|MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.inf
- NetLib|MdeModulePkg/Library/DxeNetLib/DxeNetLib.inf
- IpIoLib|MdeModulePkg/Library/DxeIpIoLib/DxeIpIoLib.inf
- UdpIoLib|MdeModulePkg/Library/DxeUdpIoLib/DxeUdpIoLib.inf
- DpcLib|MdeModulePkg/Library/DxeDpcLib/DxeDpcLib.inf
UefiUsbLib|MdePkg/Library/UefiUsbLib/UefiUsbLib.inf
SerializeVariablesLib|OvmfPkg/Library/SerializeVariablesLib/SerializeVariablesLib.inf
QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxeLib.inf
@@ -165,11 +163,6 @@
DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
-!if $(TLS_ENABLE) == TRUE
- OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
-!else
- OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
-!endif
!if $(SECURE_BOOT_ENABLE) == TRUE
PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
@@ -181,18 +174,6 @@
!endif
VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
-!if $(NETWORK_IP6_ENABLE) == TRUE
- TcpIoLib|MdeModulePkg/Library/DxeTcpIoLib/DxeTcpIoLib.inf
-!endif
-
-!if $(HTTP_BOOT_ENABLE) == TRUE
- HttpLib|MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.inf
-!endif
-
-!if $(TLS_ENABLE) == TRUE
- TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
-!endif
-
S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf
SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf
OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf
@@ -471,10 +452,6 @@
gEfiSourceLevelDebugPkgTokenSpaceGuid.PcdDebugLoadImageMethod|0x2
!endif
-!if $(HTTP_BOOT_ENABLE) == TRUE
- gEfiNetworkPkgTokenSpaceGuid.PcdAllowHttpConnections|TRUE
-!endif
-
!ifndef $(USE_OLD_SHELL)
gEfiIntelFrameworkModulePkgTokenSpaceGuid.PcdShellFile|{ 0x83, 0xA5, 0x04, 0x7C, 0x3E, 0x9E, 0x1C, 0x4F, 0xAD, 0x65, 0xE0, 0x52, 0x68, 0xD0, 0xB4, 0xD1 }
!endif
@@ -731,38 +708,6 @@
#
# Network Support
#
- MdeModulePkg/Universal/Network/SnpDxe/SnpDxe.inf
- MdeModulePkg/Universal/Network/DpcDxe/DpcDxe.inf
- MdeModulePkg/Universal/Network/MnpDxe/MnpDxe.inf
- MdeModulePkg/Universal/Network/VlanConfigDxe/VlanConfigDxe.inf
- MdeModulePkg/Universal/Network/ArpDxe/ArpDxe.inf
- MdeModulePkg/Universal/Network/Dhcp4Dxe/Dhcp4Dxe.inf
- MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Dxe.inf
- MdeModulePkg/Universal/Network/Mtftp4Dxe/Mtftp4Dxe.inf
- MdeModulePkg/Universal/Network/Udp4Dxe/Udp4Dxe.inf
-!if $(NETWORK_IP6_ENABLE) == TRUE
- NetworkPkg/Ip6Dxe/Ip6Dxe.inf
- NetworkPkg/TcpDxe/TcpDxe.inf
- NetworkPkg/Udp6Dxe/Udp6Dxe.inf
- NetworkPkg/Dhcp6Dxe/Dhcp6Dxe.inf
- NetworkPkg/Mtftp6Dxe/Mtftp6Dxe.inf
- NetworkPkg/UefiPxeBcDxe/UefiPxeBcDxe.inf
- NetworkPkg/IScsiDxe/IScsiDxe.inf
-!else
- MdeModulePkg/Universal/Network/Tcp4Dxe/Tcp4Dxe.inf
- MdeModulePkg/Universal/Network/UefiPxeBcDxe/UefiPxeBcDxe.inf
- MdeModulePkg/Universal/Network/IScsiDxe/IScsiDxe.inf
-!endif
-!if $(HTTP_BOOT_ENABLE) == TRUE
- NetworkPkg/DnsDxe/DnsDxe.inf
- NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf
- NetworkPkg/HttpDxe/HttpDxe.inf
- NetworkPkg/HttpBootDxe/HttpBootDxe.inf
-!endif
-!if $(TLS_ENABLE) == TRUE
- NetworkPkg/TlsDxe/TlsDxe.inf
- NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf
-!endif
OvmfPkg/VirtioNetDxe/VirtioNet.inf
#
@@ -795,7 +740,7 @@
NULL|ShellPkg/Library/UefiShellDebug1CommandsLib/UefiShellDebug1CommandsLib.inf
NULL|ShellPkg/Library/UefiShellInstall1CommandsLib/UefiShellInstall1CommandsLib.inf
NULL|ShellPkg/Library/UefiShellNetwork1CommandsLib/UefiShellNetwork1CommandsLib.inf
-!if $(NETWORK_IP6_ENABLE) == TRUE
+!if $(CONFIG_NETWORK_IP6_ENABLE) == TRUE
NULL|ShellPkg/Library/UefiShellNetwork2CommandsLib/UefiShellNetwork2CommandsLib.inf
!endif
NULL|ShellPkg/Library/UefiShellTftpCommandLib/UefiShellTftpCommandLib.inf
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index 7515224118..68438afc13 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -295,38 +295,7 @@ INF MdeModulePkg/Logo/LogoDxe.inf
#
# Network modules
#
- INF MdeModulePkg/Universal/Network/SnpDxe/SnpDxe.inf
- INF MdeModulePkg/Universal/Network/DpcDxe/DpcDxe.inf
- INF MdeModulePkg/Universal/Network/MnpDxe/MnpDxe.inf
- INF MdeModulePkg/Universal/Network/VlanConfigDxe/VlanConfigDxe.inf
- INF MdeModulePkg/Universal/Network/ArpDxe/ArpDxe.inf
- INF MdeModulePkg/Universal/Network/Dhcp4Dxe/Dhcp4Dxe.inf
- INF MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Dxe.inf
- INF MdeModulePkg/Universal/Network/Mtftp4Dxe/Mtftp4Dxe.inf
- INF MdeModulePkg/Universal/Network/Udp4Dxe/Udp4Dxe.inf
-!if $(NETWORK_IP6_ENABLE) == TRUE
- INF NetworkPkg/Ip6Dxe/Ip6Dxe.inf
- INF NetworkPkg/TcpDxe/TcpDxe.inf
- INF NetworkPkg/Udp6Dxe/Udp6Dxe.inf
- INF NetworkPkg/Dhcp6Dxe/Dhcp6Dxe.inf
- INF NetworkPkg/Mtftp6Dxe/Mtftp6Dxe.inf
- INF NetworkPkg/UefiPxeBcDxe/UefiPxeBcDxe.inf
- INF NetworkPkg/IScsiDxe/IScsiDxe.inf
-!else
- INF MdeModulePkg/Universal/Network/Tcp4Dxe/Tcp4Dxe.inf
- INF MdeModulePkg/Universal/Network/UefiPxeBcDxe/UefiPxeBcDxe.inf
- INF MdeModulePkg/Universal/Network/IScsiDxe/IScsiDxe.inf
-!endif
-!if $(HTTP_BOOT_ENABLE) == TRUE
- INF NetworkPkg/DnsDxe/DnsDxe.inf
- INF NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf
- INF NetworkPkg/HttpDxe/HttpDxe.inf
- INF NetworkPkg/HttpBootDxe/HttpBootDxe.inf
-!endif
-!if $(TLS_ENABLE) == TRUE
- INF NetworkPkg/TlsDxe/TlsDxe.inf
- INF NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf
-!endif
+!include ConfigPkg/Network/Network.fdf.inc
INF OvmfPkg/VirtioNetDxe/VirtioNet.inf
#
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 7f9220ccb9..0e4c86d5bc 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -34,11 +34,11 @@
# Defines for default states. These can be changed on the command line.
# -D FLAG=VALUE
#
+ DEFINE CONFIG_HTTP_BOOT_ENABLE = FALSE
+ DEFINE CONFIG_NETWORK_IP6_ENABLE = FALSE
+ DEFINE CONFIG_TLS_ENABLE = FALSE
DEFINE SECURE_BOOT_ENABLE = FALSE
- DEFINE NETWORK_IP6_ENABLE = FALSE
- DEFINE HTTP_BOOT_ENABLE = FALSE
DEFINE SMM_REQUIRE = FALSE
- DEFINE TLS_ENABLE = FALSE
#
# Flash size selection. Setting FD_SIZE_IN_KB on the command line directly to
@@ -59,6 +59,8 @@
!endif
!endif
+!include ConfigPkg/Network/Network.dsc.inc
+
[BuildOptions]
GCC:*_UNIXGCC_*_CC_FLAGS = -DMDEPKG_NDEBUG
GCC:RELEASE_*_*_CC_FLAGS = -DMDEPKG_NDEBUG
@@ -141,10 +143,6 @@
FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf
UefiCpuLib|UefiCpuPkg/Library/BaseUefiCpuLib/BaseUefiCpuLib.inf
SecurityManagementLib|MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.inf
- NetLib|MdeModulePkg/Library/DxeNetLib/DxeNetLib.inf
- IpIoLib|MdeModulePkg/Library/DxeIpIoLib/DxeIpIoLib.inf
- UdpIoLib|MdeModulePkg/Library/DxeUdpIoLib/DxeUdpIoLib.inf
- DpcLib|MdeModulePkg/Library/DxeDpcLib/DxeDpcLib.inf
UefiUsbLib|MdePkg/Library/UefiUsbLib/UefiUsbLib.inf
SerializeVariablesLib|OvmfPkg/Library/SerializeVariablesLib/SerializeVariablesLib.inf
QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxeLib.inf
@@ -170,11 +168,6 @@
DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
-!if $(TLS_ENABLE) == TRUE
- OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
-!else
- OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
-!endif
!if $(SECURE_BOOT_ENABLE) == TRUE
PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
@@ -186,18 +179,6 @@
!endif
VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
-!if $(NETWORK_IP6_ENABLE) == TRUE
- TcpIoLib|MdeModulePkg/Library/DxeTcpIoLib/DxeTcpIoLib.inf
-!endif
-
-!if $(HTTP_BOOT_ENABLE) == TRUE
- HttpLib|MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.inf
-!endif
-
-!if $(TLS_ENABLE) == TRUE
- TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
-!endif
-
S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf
SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf
OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf
@@ -477,10 +458,6 @@
!endif
[PcdsFixedAtBuild.X64]
-!if $(HTTP_BOOT_ENABLE) == TRUE
- gEfiNetworkPkgTokenSpaceGuid.PcdAllowHttpConnections|TRUE
-!endif
-
!ifndef $(USE_OLD_SHELL)
gEfiIntelFrameworkModulePkgTokenSpaceGuid.PcdShellFile|{ 0x83, 0xA5, 0x04, 0x7C, 0x3E, 0x9E, 0x1C, 0x4F, 0xAD, 0x65, 0xE0, 0x52, 0x68, 0xD0, 0xB4, 0xD1 }
!endif
@@ -740,38 +717,6 @@
#
# Network Support
#
- MdeModulePkg/Universal/Network/SnpDxe/SnpDxe.inf
- MdeModulePkg/Universal/Network/DpcDxe/DpcDxe.inf
- MdeModulePkg/Universal/Network/MnpDxe/MnpDxe.inf
- MdeModulePkg/Universal/Network/VlanConfigDxe/VlanConfigDxe.inf
- MdeModulePkg/Universal/Network/ArpDxe/ArpDxe.inf
- MdeModulePkg/Universal/Network/Dhcp4Dxe/Dhcp4Dxe.inf
- MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Dxe.inf
- MdeModulePkg/Universal/Network/Mtftp4Dxe/Mtftp4Dxe.inf
- MdeModulePkg/Universal/Network/Udp4Dxe/Udp4Dxe.inf
-!if $(NETWORK_IP6_ENABLE) == TRUE
- NetworkPkg/Ip6Dxe/Ip6Dxe.inf
- NetworkPkg/TcpDxe/TcpDxe.inf
- NetworkPkg/Udp6Dxe/Udp6Dxe.inf
- NetworkPkg/Dhcp6Dxe/Dhcp6Dxe.inf
- NetworkPkg/Mtftp6Dxe/Mtftp6Dxe.inf
- NetworkPkg/UefiPxeBcDxe/UefiPxeBcDxe.inf
- NetworkPkg/IScsiDxe/IScsiDxe.inf
-!else
- MdeModulePkg/Universal/Network/Tcp4Dxe/Tcp4Dxe.inf
- MdeModulePkg/Universal/Network/UefiPxeBcDxe/UefiPxeBcDxe.inf
- MdeModulePkg/Universal/Network/IScsiDxe/IScsiDxe.inf
-!endif
-!if $(HTTP_BOOT_ENABLE) == TRUE
- NetworkPkg/DnsDxe/DnsDxe.inf
- NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf
- NetworkPkg/HttpDxe/HttpDxe.inf
- NetworkPkg/HttpBootDxe/HttpBootDxe.inf
-!endif
-!if $(TLS_ENABLE) == TRUE
- NetworkPkg/TlsDxe/TlsDxe.inf
- NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf
-!endif
OvmfPkg/VirtioNetDxe/VirtioNet.inf
#
@@ -804,7 +749,7 @@
NULL|ShellPkg/Library/UefiShellDebug1CommandsLib/UefiShellDebug1CommandsLib.inf
NULL|ShellPkg/Library/UefiShellInstall1CommandsLib/UefiShellInstall1CommandsLib.inf
NULL|ShellPkg/Library/UefiShellNetwork1CommandsLib/UefiShellNetwork1CommandsLib.inf
-!if $(NETWORK_IP6_ENABLE) == TRUE
+!if $(CONFIG_NETWORK_IP6_ENABLE) == TRUE
NULL|ShellPkg/Library/UefiShellNetwork2CommandsLib/UefiShellNetwork2CommandsLib.inf
!endif
NULL|ShellPkg/Library/UefiShellTftpCommandLib/UefiShellTftpCommandLib.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index f1a2044fb7..ec91c0b74a 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -301,38 +301,7 @@ INF MdeModulePkg/Logo/LogoDxe.inf
SECTION PE32 = Intel3.5/EFIX64/E3522X2.EFI
}
!endif
- INF MdeModulePkg/Universal/Network/SnpDxe/SnpDxe.inf
- INF MdeModulePkg/Universal/Network/DpcDxe/DpcDxe.inf
- INF MdeModulePkg/Universal/Network/MnpDxe/MnpDxe.inf
- INF MdeModulePkg/Universal/Network/VlanConfigDxe/VlanConfigDxe.inf
- INF MdeModulePkg/Universal/Network/ArpDxe/ArpDxe.inf
- INF MdeModulePkg/Universal/Network/Dhcp4Dxe/Dhcp4Dxe.inf
- INF MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Dxe.inf
- INF MdeModulePkg/Universal/Network/Mtftp4Dxe/Mtftp4Dxe.inf
- INF MdeModulePkg/Universal/Network/Udp4Dxe/Udp4Dxe.inf
-!if $(NETWORK_IP6_ENABLE) == TRUE
- INF NetworkPkg/Ip6Dxe/Ip6Dxe.inf
- INF NetworkPkg/TcpDxe/TcpDxe.inf
- INF NetworkPkg/Udp6Dxe/Udp6Dxe.inf
- INF NetworkPkg/Dhcp6Dxe/Dhcp6Dxe.inf
- INF NetworkPkg/Mtftp6Dxe/Mtftp6Dxe.inf
- INF NetworkPkg/UefiPxeBcDxe/UefiPxeBcDxe.inf
- INF NetworkPkg/IScsiDxe/IScsiDxe.inf
-!else
- INF MdeModulePkg/Universal/Network/Tcp4Dxe/Tcp4Dxe.inf
- INF MdeModulePkg/Universal/Network/UefiPxeBcDxe/UefiPxeBcDxe.inf
- INF MdeModulePkg/Universal/Network/IScsiDxe/IScsiDxe.inf
-!endif
-!if $(HTTP_BOOT_ENABLE) == TRUE
- INF NetworkPkg/DnsDxe/DnsDxe.inf
- INF NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf
- INF NetworkPkg/HttpDxe/HttpDxe.inf
- INF NetworkPkg/HttpBootDxe/HttpBootDxe.inf
-!endif
-!if $(TLS_ENABLE) == TRUE
- INF NetworkPkg/TlsDxe/TlsDxe.inf
- INF NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf
-!endif
+!include ConfigPkg/Network/Network.fdf.inc
INF OvmfPkg/VirtioNetDxe/VirtioNet.inf
#
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 36c60fc19c..8a600f8051 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -34,11 +34,11 @@
# Defines for default states. These can be changed on the command line.
# -D FLAG=VALUE
#
+ DEFINE CONFIG_HTTP_BOOT_ENABLE = FALSE
+ DEFINE CONFIG_NETWORK_IP6_ENABLE = FALSE
+ DEFINE CONFIG_TLS_ENABLE = FALSE
DEFINE SECURE_BOOT_ENABLE = FALSE
- DEFINE NETWORK_IP6_ENABLE = FALSE
- DEFINE HTTP_BOOT_ENABLE = FALSE
DEFINE SMM_REQUIRE = FALSE
- DEFINE TLS_ENABLE = FALSE
#
# Flash size selection. Setting FD_SIZE_IN_KB on the command line directly to
@@ -59,6 +59,8 @@
!endif
!endif
+!include ConfigPkg/Network/Network.dsc.inc
+
[BuildOptions]
GCC:*_UNIXGCC_*_CC_FLAGS = -DMDEPKG_NDEBUG
GCC:RELEASE_*_*_CC_FLAGS = -DMDEPKG_NDEBUG
@@ -141,10 +143,6 @@
FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf
UefiCpuLib|UefiCpuPkg/Library/BaseUefiCpuLib/BaseUefiCpuLib.inf
SecurityManagementLib|MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.inf
- NetLib|MdeModulePkg/Library/DxeNetLib/DxeNetLib.inf
- IpIoLib|MdeModulePkg/Library/DxeIpIoLib/DxeIpIoLib.inf
- UdpIoLib|MdeModulePkg/Library/DxeUdpIoLib/DxeUdpIoLib.inf
- DpcLib|MdeModulePkg/Library/DxeDpcLib/DxeDpcLib.inf
UefiUsbLib|MdePkg/Library/UefiUsbLib/UefiUsbLib.inf
SerializeVariablesLib|OvmfPkg/Library/SerializeVariablesLib/SerializeVariablesLib.inf
QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxeLib.inf
@@ -170,11 +168,6 @@
DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
-!if $(TLS_ENABLE) == TRUE
- OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
-!else
- OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
-!endif
!if $(SECURE_BOOT_ENABLE) == TRUE
PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
@@ -186,18 +179,6 @@
!endif
VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
-!if $(NETWORK_IP6_ENABLE) == TRUE
- TcpIoLib|MdeModulePkg/Library/DxeTcpIoLib/DxeTcpIoLib.inf
-!endif
-
-!if $(HTTP_BOOT_ENABLE) == TRUE
- HttpLib|MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.inf
-!endif
-
-!if $(TLS_ENABLE) == TRUE
- TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
-!endif
-
S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf
SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf
OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf
@@ -476,10 +457,6 @@
gEfiSourceLevelDebugPkgTokenSpaceGuid.PcdDebugLoadImageMethod|0x2
!endif
-!if $(HTTP_BOOT_ENABLE) == TRUE
- gEfiNetworkPkgTokenSpaceGuid.PcdAllowHttpConnections|TRUE
-!endif
-
!ifndef $(USE_OLD_SHELL)
gEfiIntelFrameworkModulePkgTokenSpaceGuid.PcdShellFile|{ 0x83, 0xA5, 0x04, 0x7C, 0x3E, 0x9E, 0x1C, 0x4F, 0xAD, 0x65, 0xE0, 0x52, 0x68, 0xD0, 0xB4, 0xD1 }
!endif
@@ -738,38 +715,6 @@
#
# Network Support
#
- MdeModulePkg/Universal/Network/SnpDxe/SnpDxe.inf
- MdeModulePkg/Universal/Network/DpcDxe/DpcDxe.inf
- MdeModulePkg/Universal/Network/MnpDxe/MnpDxe.inf
- MdeModulePkg/Universal/Network/VlanConfigDxe/VlanConfigDxe.inf
- MdeModulePkg/Universal/Network/ArpDxe/ArpDxe.inf
- MdeModulePkg/Universal/Network/Dhcp4Dxe/Dhcp4Dxe.inf
- MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Dxe.inf
- MdeModulePkg/Universal/Network/Mtftp4Dxe/Mtftp4Dxe.inf
- MdeModulePkg/Universal/Network/Udp4Dxe/Udp4Dxe.inf
-!if $(NETWORK_IP6_ENABLE) == TRUE
- NetworkPkg/Ip6Dxe/Ip6Dxe.inf
- NetworkPkg/TcpDxe/TcpDxe.inf
- NetworkPkg/Udp6Dxe/Udp6Dxe.inf
- NetworkPkg/Dhcp6Dxe/Dhcp6Dxe.inf
- NetworkPkg/Mtftp6Dxe/Mtftp6Dxe.inf
- NetworkPkg/UefiPxeBcDxe/UefiPxeBcDxe.inf
- NetworkPkg/IScsiDxe/IScsiDxe.inf
-!else
- MdeModulePkg/Universal/Network/Tcp4Dxe/Tcp4Dxe.inf
- MdeModulePkg/Universal/Network/UefiPxeBcDxe/UefiPxeBcDxe.inf
- MdeModulePkg/Universal/Network/IScsiDxe/IScsiDxe.inf
-!endif
-!if $(HTTP_BOOT_ENABLE) == TRUE
- NetworkPkg/DnsDxe/DnsDxe.inf
- NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf
- NetworkPkg/HttpDxe/HttpDxe.inf
- NetworkPkg/HttpBootDxe/HttpBootDxe.inf
-!endif
-!if $(TLS_ENABLE) == TRUE
- NetworkPkg/TlsDxe/TlsDxe.inf
- NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf
-!endif
OvmfPkg/VirtioNetDxe/VirtioNet.inf
#
@@ -802,7 +747,7 @@
NULL|ShellPkg/Library/UefiShellDebug1CommandsLib/UefiShellDebug1CommandsLib.inf
NULL|ShellPkg/Library/UefiShellInstall1CommandsLib/UefiShellInstall1CommandsLib.inf
NULL|ShellPkg/Library/UefiShellNetwork1CommandsLib/UefiShellNetwork1CommandsLib.inf
-!if $(NETWORK_IP6_ENABLE) == TRUE
+!if $(CONFIG_NETWORK_IP6_ENABLE) == TRUE
NULL|ShellPkg/Library/UefiShellNetwork2CommandsLib/UefiShellNetwork2CommandsLib.inf
!endif
NULL|ShellPkg/Library/UefiShellTftpCommandLib/UefiShellTftpCommandLib.inf
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index 32000a3b93..be22048f66 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -301,38 +301,7 @@ INF MdeModulePkg/Logo/LogoDxe.inf
SECTION PE32 = Intel3.5/EFIX64/E3522X2.EFI
}
!endif
- INF MdeModulePkg/Universal/Network/SnpDxe/SnpDxe.inf
- INF MdeModulePkg/Universal/Network/DpcDxe/DpcDxe.inf
- INF MdeModulePkg/Universal/Network/MnpDxe/MnpDxe.inf
- INF MdeModulePkg/Universal/Network/VlanConfigDxe/VlanConfigDxe.inf
- INF MdeModulePkg/Universal/Network/ArpDxe/ArpDxe.inf
- INF MdeModulePkg/Universal/Network/Dhcp4Dxe/Dhcp4Dxe.inf
- INF MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Dxe.inf
- INF MdeModulePkg/Universal/Network/Mtftp4Dxe/Mtftp4Dxe.inf
- INF MdeModulePkg/Universal/Network/Udp4Dxe/Udp4Dxe.inf
-!if $(NETWORK_IP6_ENABLE) == TRUE
- INF NetworkPkg/Ip6Dxe/Ip6Dxe.inf
- INF NetworkPkg/TcpDxe/TcpDxe.inf
- INF NetworkPkg/Udp6Dxe/Udp6Dxe.inf
- INF NetworkPkg/Dhcp6Dxe/Dhcp6Dxe.inf
- INF NetworkPkg/Mtftp6Dxe/Mtftp6Dxe.inf
- INF NetworkPkg/UefiPxeBcDxe/UefiPxeBcDxe.inf
- INF NetworkPkg/IScsiDxe/IScsiDxe.inf
-!else
- INF MdeModulePkg/Universal/Network/Tcp4Dxe/Tcp4Dxe.inf
- INF MdeModulePkg/Universal/Network/UefiPxeBcDxe/UefiPxeBcDxe.inf
- INF MdeModulePkg/Universal/Network/IScsiDxe/IScsiDxe.inf
-!endif
-!if $(HTTP_BOOT_ENABLE) == TRUE
- INF NetworkPkg/DnsDxe/DnsDxe.inf
- INF NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf
- INF NetworkPkg/HttpDxe/HttpDxe.inf
- INF NetworkPkg/HttpBootDxe/HttpBootDxe.inf
-!endif
-!if $(TLS_ENABLE) == TRUE
- INF NetworkPkg/TlsDxe/TlsDxe.inf
- INF NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf
-!endif
+!include ConfigPkg/Network/Network.fdf.inc
INF OvmfPkg/VirtioNetDxe/VirtioNet.inf
#
--
2.11.0
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [RFC 4/6] ConfigPkg: add common Security settings
2017-09-20 17:27 [RFC 0/6] Create central repository for boilerplate configuration Leif Lindholm
` (2 preceding siblings ...)
2017-09-20 17:27 ` [RFC 3/6] OvmfPkg: " Leif Lindholm
@ 2017-09-20 17:27 ` Leif Lindholm
2017-09-20 17:27 ` [RFC 5/6] ArmVirtPkg: use ConfigPkg for common security items Leif Lindholm
` (4 subsequent siblings)
8 siblings, 0 replies; 16+ messages in thread
From: Leif Lindholm @ 2017-09-20 17:27 UTC (permalink / raw)
To: edk2-devel
Cc: Andrew Fish, Michael D Kinney, Ard Biesheuvel, Laszlo Ersek,
Jordan Justen
Collate universal Secure Boot and crypto settings under Security/.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
---
ConfigPkg/Security/Security.dsc.inc | 67 +++++++++++++++++++++++++++++++++++++
ConfigPkg/Security/Security.fdf.inc | 17 ++++++++++
2 files changed, 84 insertions(+)
create mode 100644 ConfigPkg/Security/Security.dsc.inc
create mode 100644 ConfigPkg/Security/Security.fdf.inc
diff --git a/ConfigPkg/Security/Security.dsc.inc b/ConfigPkg/Security/Security.dsc.inc
new file mode 100644
index 0000000000..88100c992d
--- /dev/null
+++ b/ConfigPkg/Security/Security.dsc.inc
@@ -0,0 +1,67 @@
+## @file
+#
+# Copyright (c) 2017, Linaro ltd. All rights reserved.<BR>
+#
+# This program and the accompanying materials are licensed and made available
+# under the terms and conditions of the BSD License which accompanies this
+# distribution. The full text of the license may be found at
+# http://opensource.org/licenses/bsd-license.php
+#
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+##
+
+
+################################################################################
+#
+# Library Class section
+#
+################################################################################
+[LibraryClasses.common]
+!if $(CONFIG_SECURE_BOOT_ENABLE) == TRUE
+ AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+ TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
+#
+!else
+#
+ AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
+ TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
+!endif
+
+[LibraryClasses.ARM, LibraryClasses.AARCH64]
+!if $(CONFIG_SECURE_BOOT_ENABLE) == TRUE
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+!endif
+
+[LibraryClasses.common.DXE_RUNTIME_DRIVER]
+!if $(CONFIG_SECURE_BOOT_ENABLE) == TRUE
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
+!endif
+
+
+################################################################################
+#
+# Pcd Section
+#
+################################################################################
+[PcdsFeatureFlag]
+
+
+################################################################################
+#
+# Components Section
+#
+################################################################################
+[Components]
+!if $(CONFIG_SECURE_BOOT_ENABLE) == TRUE
+ MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {
+ <LibraryClasses>
+ NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
+ }
+ SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
+!else
+ MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
+!endif
diff --git a/ConfigPkg/Security/Security.fdf.inc b/ConfigPkg/Security/Security.fdf.inc
new file mode 100644
index 0000000000..2a75446c9b
--- /dev/null
+++ b/ConfigPkg/Security/Security.fdf.inc
@@ -0,0 +1,17 @@
+## @file
+#
+# Copyright (c) 2017, Linaro ltd. All rights reserved.<BR>
+#
+# This program and the accompanying materials are licensed and made available
+# under the terms and conditions of the BSD License which accompanies this
+# distribution. The full text of the license may be found at
+# http://opensource.org/licenses/bsd-license.php
+#
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+##
+
+!if $(CONFIGURE_SECURE_BOOT_ENABLE) == TRUE
+ INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
+!endif
--
2.11.0
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [RFC 5/6] ArmVirtPkg: use ConfigPkg for common security items
2017-09-20 17:27 [RFC 0/6] Create central repository for boilerplate configuration Leif Lindholm
` (3 preceding siblings ...)
2017-09-20 17:27 ` [RFC 4/6] ConfigPkg: add common Security settings Leif Lindholm
@ 2017-09-20 17:27 ` Leif Lindholm
2017-09-20 17:27 ` [RFC 6/6] OvmfPkg: " Leif Lindholm
` (3 subsequent siblings)
8 siblings, 0 replies; 16+ messages in thread
From: Leif Lindholm @ 2017-09-20 17:27 UTC (permalink / raw)
To: edk2-devel
Cc: Andrew Fish, Michael D Kinney, Ard Biesheuvel, Laszlo Ersek,
Jordan Justen
Remove boilerplate from the QEMU platforms by including
ConfigPkg/Security/Security.{dsc|fdf}.inc.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
---
ArmVirtPkg/ArmVirt.dsc.inc | 19 +++----------------
ArmVirtPkg/ArmVirtQemu.dsc | 12 ++----------
ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 1 +
ArmVirtPkg/ArmVirtQemuKernel.dsc | 12 ++----------
4 files changed, 8 insertions(+), 36 deletions(-)
diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
index a9fdddcd6c..5c8be2d689 100644
--- a/ArmVirtPkg/ArmVirt.dsc.inc
+++ b/ArmVirtPkg/ArmVirt.dsc.inc
@@ -131,18 +131,9 @@
#
# Secure Boot dependencies
#
-!if $(SECURE_BOOT_ENABLE) == TRUE
- IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
- OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
- TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
- AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
-
+!if $(CONFIG_SECURE_BOOT_ENABLE) == TRUE
# re-use the UserPhysicalPresent() dummy implementation from the ovmf tree
PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
-!else
- TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
- AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
!endif
VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
UefiBootManagerLib|MdeModulePkg/Library/UefiBootManagerLib/UefiBootManagerLib.inf
@@ -225,10 +216,6 @@
MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf
CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf
-!if $(SECURE_BOOT_ENABLE) == TRUE
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
-!endif
-
[LibraryClasses.ARM]
ArmSoftFloatLib|ArmPkg/Library/ArmSoftFloatLib/ArmSoftFloatLib.inf
@@ -323,7 +310,7 @@
gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiACPIReclaimMemory|0
gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiACPIMemoryNVS|0
gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiReservedMemoryType|0
-!if $(SECURE_BOOT_ENABLE) == TRUE
+!if $(CONFIG_SECURE_BOOT_ENABLE) == TRUE
gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesData|600
gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesCode|400
gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiBootServicesCode|1500
@@ -336,7 +323,7 @@
gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiLoaderCode|20
gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiLoaderData|0
-!if $(SECURE_BOOT_ENABLE) == TRUE
+!if $(CONFIG_SECURE_BOOT_ENABLE) == TRUE
# override the default values from SecurityPkg to ensure images from all sources are verified in secure boot
gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x04
gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy|0x04
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index 71d3fb252f..635309c346 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -36,10 +36,11 @@
DEFINE CONFIG_HTTP_BOOT_ENABLE = FALSE
DEFINE CONFIG_NETWORK_IP6_ENABLE = FALSE
DEFINE CONFIG_TLS_ENABLE = FALSE
- DEFINE SECURE_BOOT_ENABLE = FALSE
+ DEFINE CONFIG_SECURE_BOOT_ENABLE = FALSE
!include ArmVirtPkg/ArmVirt.dsc.inc
!include ConfigPkg/Network/Network.dsc.inc
+!include ConfigPkg/Security/Security.dsc.inc
[LibraryClasses.common]
ArmLib|ArmPkg/Library/ArmLib/ArmBaseLib.inf
@@ -257,15 +258,6 @@
<LibraryClasses>
NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf
}
-!if $(SECURE_BOOT_ENABLE) == TRUE
- MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {
- <LibraryClasses>
- NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
- }
- SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
-!else
- MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
-!endif
MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
index 504fdf5fa9..9cff352416 100644
--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
+++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
@@ -45,6 +45,7 @@ READ_LOCK_CAP = TRUE
READ_LOCK_STATUS = TRUE
!include ConfigPkg/Network/Network.fdf.inc
+!include ConfigPkg/Security/Security.fdf.inc
INF MdeModulePkg/Core/Dxe/DxeMain.inf
INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
index db62c1d611..59ad54c3fb 100644
--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
@@ -35,11 +35,12 @@
#
DEFINE CONFIG_HTTP_BOOT_ENABLE = FALSE
DEFINE CONFIG_NETWORK_IP6_ENABLE = FALSE
+ DEFINE CONFIG_SECURE_BOOT_ENABLE = FALSE
DEFINE CONFIG_TLS_ENABLE = FALSE
- DEFINE SECURE_BOOT_ENABLE = FALSE
!include ArmVirtPkg/ArmVirt.dsc.inc
!include ConfigPkg/Network/Network.dsc.inc
+!include ConfigPkg/Security/Security.dsc.inc
[LibraryClasses.common]
ArmLib|ArmPkg/Library/ArmLib/ArmBaseLib.inf
@@ -248,15 +249,6 @@
<LibraryClasses>
NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf
}
-!if $(SECURE_BOOT_ENABLE) == TRUE
- MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {
- <LibraryClasses>
- NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
- }
- SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
-!else
- MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
-!endif
MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
--
2.11.0
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [RFC 6/6] OvmfPkg: use ConfigPkg for common security items
2017-09-20 17:27 [RFC 0/6] Create central repository for boilerplate configuration Leif Lindholm
` (4 preceding siblings ...)
2017-09-20 17:27 ` [RFC 5/6] ArmVirtPkg: use ConfigPkg for common security items Leif Lindholm
@ 2017-09-20 17:27 ` Leif Lindholm
2017-09-20 18:14 ` [RFC 0/6] Create central repository for boilerplate configuration Laszlo Ersek
` (2 subsequent siblings)
8 siblings, 0 replies; 16+ messages in thread
From: Leif Lindholm @ 2017-09-20 17:27 UTC (permalink / raw)
To: edk2-devel
Cc: Andrew Fish, Michael D Kinney, Ard Biesheuvel, Laszlo Ersek,
Jordan Justen
Remove boilerplate from the Ovmf platforms by including
ConfigPkg/Security/Security.{dsc|fdf}.inc.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
---
OvmfPkg/OvmfPkgIa32.dsc | 25 ++++---------------------
OvmfPkg/OvmfPkgIa32.fdf | 4 +---
OvmfPkg/OvmfPkgIa32X64.dsc | 23 +++--------------------
OvmfPkg/OvmfPkgIa32X64.fdf | 4 +---
OvmfPkg/OvmfPkgX64.dsc | 25 ++++---------------------
OvmfPkg/OvmfPkgX64.fdf | 4 +---
6 files changed, 14 insertions(+), 71 deletions(-)
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 99175155a2..c450733d7c 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -36,8 +36,8 @@
#
DEFINE CONFIG_HTTP_BOOT_ENABLE = FALSE
DEFINE CONFIG_NETWORK_IP6_ENABLE = FALSE
+ DEFINE CONFIG_SECURE_BOOT_ENABLE = FALSE
DEFINE CONFIG_TLS_ENABLE = FALSE
- DEFINE SECURE_BOOT_ENABLE = FALSE
DEFINE SMM_REQUIRE = FALSE
#
@@ -60,6 +60,7 @@
!endif
!include ConfigPkg/Network/Network.dsc.inc
+!include ConfigPkg/Security/Security.dsc.inc
[BuildOptions]
GCC:*_UNIXGCC_*_CC_FLAGS = -DMDEPKG_NDEBUG
@@ -164,13 +165,8 @@
IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
-!if $(SECURE_BOOT_ENABLE) == TRUE
+!if $(CONFIG_SECURE_BOOT_ENABLE) == TRUE
PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
- TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
- AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
-!else
- TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
- AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
!endif
VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
@@ -460,7 +456,7 @@
gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmStackSize|0x4000
!endif
-!if $(SECURE_BOOT_ENABLE) == TRUE
+!if $(CONFIG_SECURE_BOOT_ENABLE) == TRUE
gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00
!endif
@@ -585,15 +581,6 @@
MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
-!if $(SECURE_BOOT_ENABLE) == TRUE
- MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {
- <LibraryClasses>
- NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
- }
-!else
- MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
-!endif
-
MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
PcAtChipsetPkg/8259InterruptControllerDxe/8259.inf
UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf
@@ -759,10 +746,6 @@
}
!endif
-!if $(SECURE_BOOT_ENABLE) == TRUE
- SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
-!endif
-
OvmfPkg/PlatformDxe/Platform.inf
OvmfPkg/IoMmuDxe/IoMmuDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index 68438afc13..dfe4e78568 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -230,9 +230,7 @@ INF OvmfPkg/XenIoPciDxe/XenIoPciDxe.inf
INF OvmfPkg/XenBusDxe/XenBusDxe.inf
INF OvmfPkg/XenPvBlkDxe/XenPvBlkDxe.inf
-!if $(SECURE_BOOT_ENABLE) == TRUE
- INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
-!endif
+!include ConfigPkg/Security/Security.fdf.inc
INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
INF MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 0e4c86d5bc..106de22bdc 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -36,8 +36,8 @@
#
DEFINE CONFIG_HTTP_BOOT_ENABLE = FALSE
DEFINE CONFIG_NETWORK_IP6_ENABLE = FALSE
+ DEFINE CONFIG_SECURE_BOOT_ENABLE = FALSE
DEFINE CONFIG_TLS_ENABLE = FALSE
- DEFINE SECURE_BOOT_ENABLE = FALSE
DEFINE SMM_REQUIRE = FALSE
#
@@ -60,6 +60,7 @@
!endif
!include ConfigPkg/Network/Network.dsc.inc
+!include ConfigPkg/Security/Security.dsc.inc
[BuildOptions]
GCC:*_UNIXGCC_*_CC_FLAGS = -DMDEPKG_NDEBUG
@@ -171,11 +172,6 @@
!if $(SECURE_BOOT_ENABLE) == TRUE
PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
- TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
- AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
-!else
- TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
- AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
!endif
VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
@@ -466,7 +462,7 @@
gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmStackSize|0x4000
!endif
-!if $(SECURE_BOOT_ENABLE) == TRUE
+!if $(CONFIG_SECURE_BOOT_ENABLE) == TRUE
gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00
!endif
@@ -594,15 +590,6 @@
MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
-!if $(SECURE_BOOT_ENABLE) == TRUE
- MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {
- <LibraryClasses>
- NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
- }
-!else
- MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
-!endif
-
MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
PcAtChipsetPkg/8259InterruptControllerDxe/8259.inf
UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf
@@ -768,10 +755,6 @@
}
!endif
-!if $(SECURE_BOOT_ENABLE) == TRUE
- SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
-!endif
-
OvmfPkg/PlatformDxe/Platform.inf
OvmfPkg/AmdSevDxe/AmdSevDxe.inf
OvmfPkg/IoMmuDxe/IoMmuDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index ec91c0b74a..51846f3e1b 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -231,9 +231,7 @@ INF OvmfPkg/XenIoPciDxe/XenIoPciDxe.inf
INF OvmfPkg/XenBusDxe/XenBusDxe.inf
INF OvmfPkg/XenPvBlkDxe/XenPvBlkDxe.inf
-!if $(SECURE_BOOT_ENABLE) == TRUE
- INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
-!endif
+!include ConfigPkg/Security/Security.fdf.inc
INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
INF MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 8a600f8051..0564936d2b 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -36,8 +36,8 @@
#
DEFINE CONFIG_HTTP_BOOT_ENABLE = FALSE
DEFINE CONFIG_NETWORK_IP6_ENABLE = FALSE
+ DEFINE CONFIG_SECURE_BOOT_ENABLE = FALSE
DEFINE CONFIG_TLS_ENABLE = FALSE
- DEFINE SECURE_BOOT_ENABLE = FALSE
DEFINE SMM_REQUIRE = FALSE
#
@@ -60,6 +60,7 @@
!endif
!include ConfigPkg/Network/Network.dsc.inc
+!include ConfigPkg/Security/Security.dsc.inc
[BuildOptions]
GCC:*_UNIXGCC_*_CC_FLAGS = -DMDEPKG_NDEBUG
@@ -169,13 +170,8 @@
IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
-!if $(SECURE_BOOT_ENABLE) == TRUE
+!if $(CONFIG_SECURE_BOOT_ENABLE) == TRUE
PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
- TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
- AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
-!else
- TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
- AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
!endif
VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
@@ -465,7 +461,7 @@
gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmStackSize|0x4000
!endif
-!if $(SECURE_BOOT_ENABLE) == TRUE
+!if $(CONFIG_SECURE_BOOT_ENABLE) == TRUE
gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00
!endif
@@ -592,15 +588,6 @@
MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
-!if $(SECURE_BOOT_ENABLE) == TRUE
- MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {
- <LibraryClasses>
- NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
- }
-!else
- MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
-!endif
-
MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
PcAtChipsetPkg/8259InterruptControllerDxe/8259.inf
UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf
@@ -766,10 +753,6 @@
}
!endif
-!if $(SECURE_BOOT_ENABLE) == TRUE
- SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
-!endif
-
OvmfPkg/PlatformDxe/Platform.inf
OvmfPkg/AmdSevDxe/AmdSevDxe.inf
OvmfPkg/IoMmuDxe/IoMmuDxe.inf
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index be22048f66..97b93bfba4 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -231,9 +231,7 @@ INF OvmfPkg/XenIoPciDxe/XenIoPciDxe.inf
INF OvmfPkg/XenBusDxe/XenBusDxe.inf
INF OvmfPkg/XenPvBlkDxe/XenPvBlkDxe.inf
-!if $(SECURE_BOOT_ENABLE) == TRUE
- INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
-!endif
+!include ConfigPkg/Security/Security.fdf.inc
INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
INF MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
--
2.11.0
^ permalink raw reply related [flat|nested] 16+ messages in thread
* Re: [RFC 0/6] Create central repository for boilerplate configuration
2017-09-20 17:27 [RFC 0/6] Create central repository for boilerplate configuration Leif Lindholm
` (5 preceding siblings ...)
2017-09-20 17:27 ` [RFC 6/6] OvmfPkg: " Leif Lindholm
@ 2017-09-20 18:14 ` Laszlo Ersek
2017-09-20 21:09 ` Leif Lindholm
2017-09-21 12:47 ` Yao, Jiewen
2017-09-21 13:21 ` Kirkendall, Garrett
8 siblings, 1 reply; 16+ messages in thread
From: Laszlo Ersek @ 2017-09-20 18:14 UTC (permalink / raw)
To: Leif Lindholm, edk2-devel
Cc: Michael D Kinney, Jordan Justen, Andrew Fish, Ard Biesheuvel
On 09/20/17 19:27, Leif Lindholm wrote:
> An awful lot of platform configuration is just repeated verbatim for
> every platform. This is my first stab at eliminating some of this
> redundancy.
>
> I have additional bits as work in progress, but before I sink too much
> time into it, I would like to try to gather feedback on this approach
> (all the way down to directory structure).
>
> This first round deals with basic network support and Secure Boot
> requirements.
I can't comment on the general "ConfigPkg" question, and the directory
structure; I'll just assume that it's OK that way. (It will need
documented maintainers though.)
I do have some initial comments:
(1) Please update your git config so that the diff hunk headers display
the INI-style section name that's being modified. Please search the
following sections for "ini":
https://github.com/tianocore/tianocore.github.io/wiki/Laszlo's-unkempt-git-guide-for-edk2-contributors-and-maintainers#contrib-05
https://github.com/tianocore/tianocore.github.io/wiki/Laszlo's-unkempt-git-guide-for-edk2-contributors-and-maintainers#contrib-09
Normally this is plain "helpful" for reviewers, but given the subject of
this set, I'd say it's "important" (to me as a reviewer anyway), to see
what section lines are removed from.
(2) Replacing a build define called FOOBAR with CONFIG_FOOBAR will break
all downstream build scripts. Is the CONFIG_ prefix a requirement?
(3) I think PCDs should not be included in ConfigPkg DSC include files,
even if several platforms set the same value. The set of libraries and
driver modules commonly used for a given feature is mostly constant
across platforms (and it is easy to extend, incrementally); but I don't
think the same holds for PCDs. Especially if a user wants to change a
PCD for one platform but not the other. Even if repeated settings for a
PCD worked (all on the same level of "specificity"), I'd find the result
confusing.
(4) The Ia32X64 build of OVMF is a bit trickier than the rest; DXE
modules should be built for X64, while PEI modules should be built for
IA32. You can see this in the names of the [Components.IA32] and
[Components.X64] sections. (Point (1) above helps with this.)
For example, in patch #1 you add "ArpDxe" to [Components], but in patch
#3 you remove it from [Components.X64].
(5) In patch #4, there's a section for [LibraryClasses.ARM,
LibraryClasses.AARCH64] -- why is it specific to ARM/AARCH64?
If others like the ConfigPkg idea, I'd like to review the set (or v2)
again, in more detail, but for that, please fix the patch formatting
first, as requested in (1).
Thanks!
Laszlo
>
> Leif Lindholm (6):
> ConfigPkg: add new package for holding common config fragments
> ArmVirtPkg: use ConfigPkg for common network items
> OvmfPkg: use ConfigPkg for common network items
> ConfigPkg: add common Security settings
> ArmVirtPkg: use ConfigPkg for common security items
> OvmfPkg: use ConfigPkg for common security items
>
> ArmVirtPkg/ArmVirt.dsc.inc | 25 ++--------
> ArmVirtPkg/ArmVirtQemu.dsc | 46 +++---------------
> ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 24 ++--------
> ArmVirtPkg/ArmVirtQemuKernel.dsc | 46 +++---------------
> ConfigPkg/Network/Network.dsc.inc | 92 ++++++++++++++++++++++++++++++++++++
> ConfigPkg/Network/Network.fdf.inc | 47 ++++++++++++++++++
> ConfigPkg/Security/Security.dsc.inc | 67 ++++++++++++++++++++++++++
> ConfigPkg/Security/Security.fdf.inc | 17 +++++++
> OvmfPkg/OvmfPkgIa32.dsc | 92 ++++--------------------------------
> OvmfPkg/OvmfPkgIa32.fdf | 37 +--------------
> OvmfPkg/OvmfPkgIa32X64.dsc | 90 ++++-------------------------------
> OvmfPkg/OvmfPkgIa32X64.fdf | 37 +--------------
> OvmfPkg/OvmfPkgX64.dsc | 92 ++++--------------------------------
> OvmfPkg/OvmfPkgX64.fdf | 37 +--------------
> 14 files changed, 276 insertions(+), 473 deletions(-)
> create mode 100644 ConfigPkg/Network/Network.dsc.inc
> create mode 100644 ConfigPkg/Network/Network.fdf.inc
> create mode 100644 ConfigPkg/Security/Security.dsc.inc
> create mode 100644 ConfigPkg/Security/Security.fdf.inc
>
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [RFC 0/6] Create central repository for boilerplate configuration
2017-09-20 18:14 ` [RFC 0/6] Create central repository for boilerplate configuration Laszlo Ersek
@ 2017-09-20 21:09 ` Leif Lindholm
2017-09-22 11:20 ` Laszlo Ersek
0 siblings, 1 reply; 16+ messages in thread
From: Leif Lindholm @ 2017-09-20 21:09 UTC (permalink / raw)
To: Laszlo Ersek
Cc: edk2-devel, Michael D Kinney, Jordan Justen, Andrew Fish,
Ard Biesheuvel
On Wed, Sep 20, 2017 at 08:14:59PM +0200, Laszlo Ersek wrote:
> On 09/20/17 19:27, Leif Lindholm wrote:
> > An awful lot of platform configuration is just repeated verbatim for
> > every platform. This is my first stab at eliminating some of this
> > redundancy.
> >
> > I have additional bits as work in progress, but before I sink too much
> > time into it, I would like to try to gather feedback on this approach
> > (all the way down to directory structure).
> >
> > This first round deals with basic network support and Secure Boot
> > requirements.
>
> I can't comment on the general "ConfigPkg" question, and the directory
> structure; I'll just assume that it's OK that way. (It will need
> documented maintainers though.)
Of course - I just thought I'd wait with that until we'd been through
whether it should live in MdeModulePkg or ...
> I do have some initial comments:
>
> (1) Please update your git config so that the diff hunk headers display
> the INI-style section name that's being modified. Please search the
> following sections for "ini":
Agh, sorry - I lost that when I reinstalled my build machine a month
or so back. I did do 9, but I missed out rerunning
git config diff.ini.xfuncname '^\[[A-Za-z0-9_., ]+]'
> https://github.com/tianocore/tianocore.github.io/wiki/Laszlo's-unkempt-git-guide-for-edk2-contributors-and-maintainers#contrib-05
>
> https://github.com/tianocore/tianocore.github.io/wiki/Laszlo's-unkempt-git-guide-for-edk2-contributors-and-maintainers#contrib-09
>
> Normally this is plain "helpful" for reviewers, but given the subject of
> this set, I'd say it's "important" (to me as a reviewer anyway), to see
> what section lines are removed from.
Indeed. Pure oversight. Now addressed.
> (2) Replacing a build define called FOOBAR with CONFIG_FOOBAR will break
> all downstream build scripts. Is the CONFIG_ prefix a requirement?
It was explicitly intended to break compatibility, to ensure we didn't
end up with things accidentally working until something unrelated
changed in the future.
Also a subject for discussion - hence the RFC.
> (3) I think PCDs should not be included in ConfigPkg DSC include files,
> even if several platforms set the same value. The set of libraries and
> driver modules commonly used for a given feature is mostly constant
> across platforms (and it is easy to extend, incrementally); but I don't
> think the same holds for PCDs. Especially if a user wants to change a
> PCD for one platform but not the other. Even if repeated settings for a
> PCD worked (all on the same level of "specificity"), I'd find the result
> confusing.
Also a subject for discussion.
My intent was that if most of the open source platforms had an
override on the default of a particular Pcd, we could override it in
the config fragments without changing the .dec (and affecting
non-public ports).
Individual platforms can still override (again).
Also a subject for discussion.
> (4) The Ia32X64 build of OVMF is a bit trickier than the rest; DXE
> modules should be built for X64, while PEI modules should be built for
> IA32. You can see this in the names of the [Components.IA32] and
> [Components.X64] sections. (Point (1) above helps with this.)
>
> For example, in patch #1 you add "ArpDxe" to [Components], but in patch
> #3 you remove it from [Components.X64].
I'll be honest, I don't have any system on which I can currently build
IA32 - I get "unknown relocations" whenever I try. So Ia32X64 was only
compile tested, not linked.
> (5) In patch #4, there's a section for [LibraryClasses.ARM,
> LibraryClasses.AARCH64] -- why is it specific to ARM/AARCH64?
These mappings appeared to be necessary only for these architectures
at the time. The section started up larger than it ended up, It is
quite likely further work on Common.dsc.inc would remove more of these.
> If others like the ConfigPkg idea, I'd like to review the set (or v2)
> again, in more detail, but for that, please fix the patch formatting
> first, as requested in (1).
As stated above, pure oversight.
/
Leif
> Thanks!
> Laszlo
>
> >
> > Leif Lindholm (6):
> > ConfigPkg: add new package for holding common config fragments
> > ArmVirtPkg: use ConfigPkg for common network items
> > OvmfPkg: use ConfigPkg for common network items
> > ConfigPkg: add common Security settings
> > ArmVirtPkg: use ConfigPkg for common security items
> > OvmfPkg: use ConfigPkg for common security items
> >
> > ArmVirtPkg/ArmVirt.dsc.inc | 25 ++--------
> > ArmVirtPkg/ArmVirtQemu.dsc | 46 +++---------------
> > ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 24 ++--------
> > ArmVirtPkg/ArmVirtQemuKernel.dsc | 46 +++---------------
> > ConfigPkg/Network/Network.dsc.inc | 92 ++++++++++++++++++++++++++++++++++++
> > ConfigPkg/Network/Network.fdf.inc | 47 ++++++++++++++++++
> > ConfigPkg/Security/Security.dsc.inc | 67 ++++++++++++++++++++++++++
> > ConfigPkg/Security/Security.fdf.inc | 17 +++++++
> > OvmfPkg/OvmfPkgIa32.dsc | 92 ++++--------------------------------
> > OvmfPkg/OvmfPkgIa32.fdf | 37 +--------------
> > OvmfPkg/OvmfPkgIa32X64.dsc | 90 ++++-------------------------------
> > OvmfPkg/OvmfPkgIa32X64.fdf | 37 +--------------
> > OvmfPkg/OvmfPkgX64.dsc | 92 ++++--------------------------------
> > OvmfPkg/OvmfPkgX64.fdf | 37 +--------------
> > 14 files changed, 276 insertions(+), 473 deletions(-)
> > create mode 100644 ConfigPkg/Network/Network.dsc.inc
> > create mode 100644 ConfigPkg/Network/Network.fdf.inc
> > create mode 100644 ConfigPkg/Security/Security.dsc.inc
> > create mode 100644 ConfigPkg/Security/Security.fdf.inc
> >
>
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [RFC 1/6] ConfigPkg: add new package for holding common config fragments
2017-09-20 17:27 ` [RFC 1/6] ConfigPkg: add new package for holding common config fragments Leif Lindholm
@ 2017-09-21 0:05 ` Ard Biesheuvel
2017-09-22 11:22 ` Laszlo Ersek
0 siblings, 1 reply; 16+ messages in thread
From: Ard Biesheuvel @ 2017-09-21 0:05 UTC (permalink / raw)
To: Leif Lindholm
Cc: edk2-devel@lists.01.org, Andrew Fish, Michael D Kinney,
Laszlo Ersek, Jordan Justen
On 20 September 2017 at 10:27, Leif Lindholm <leif.lindholm@linaro.org> wrote:
> Start with common networking options.
>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
> ---
> ConfigPkg/Network/Network.dsc.inc | 92 +++++++++++++++++++++++++++++++++++++++
> ConfigPkg/Network/Network.fdf.inc | 47 ++++++++++++++++++++
> 2 files changed, 139 insertions(+)
> create mode 100644 ConfigPkg/Network/Network.dsc.inc
> create mode 100644 ConfigPkg/Network/Network.fdf.inc
>
> diff --git a/ConfigPkg/Network/Network.dsc.inc b/ConfigPkg/Network/Network.dsc.inc
> new file mode 100644
> index 0000000000..8c53350deb
> --- /dev/null
> +++ b/ConfigPkg/Network/Network.dsc.inc
> @@ -0,0 +1,92 @@
> +## @file
> +#
> +# Copyright (c) 2017, Linaro ltd. All rights reserved.<BR>
> +#
> +# This program and the accompanying materials are licensed and made available
> +# under the terms and conditions of the BSD License which accompanies this
> +# distribution. The full text of the license may be found at
> +# http://opensource.org/licenses/bsd-license.php
> +#
> +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
> +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
> +#
> +##
> +
> +
> +################################################################################
> +#
> +# Library Class section
> +#
> +################################################################################
> +[LibraryClasses]
> + DpcLib|MdeModulePkg/Library/DxeDpcLib/DxeDpcLib.inf
> + IpIoLib|MdeModulePkg/Library/DxeIpIoLib/DxeIpIoLib.inf
> + NetLib|MdeModulePkg/Library/DxeNetLib/DxeNetLib.inf
> + UdpIoLib|MdeModulePkg/Library/DxeUdpIoLib/DxeUdpIoLib.inf
> +
Now that you have made a clean spot: any reason we shouldn't do
DpcLib |MdeModulePkg/Library/DxeDpcLib/DxeDpcLib.inf
IpIoLib |MdeModulePkg/Library/DxeIpIoLib/DxeIpIoLib.inf
NetLib |MdeModulePkg/Library/DxeNetLib/DxeNetLib.inf
UdpIoLib |MdeModulePkg/Library/DxeUdpIoLib/DxeUdpIoLib.inf
?
> +!if $(CONFIG_HTTP_BOOT_ENABLE) == TRUE
> + HttpLib|MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.inf
> +!endif
> +
> +!if $(CONFIG_NETWORK_IP6_ENABLE) == TRUE
> + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
> + TcpIoLib|MdeModulePkg/Library/DxeTcpIoLib/DxeTcpIoLib.inf
> +!endif
> +
> +!if $(CONFIG_TLS_ENABLE) == TRUE
> + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
> + TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
> +!else
> + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> +!endif
> +
> +
> +#################################################################################
> +# Pcd Section
> +#
> +################################################################################
> +[PcdsFixedAtBuild]
> +!if $(CONFIG_HTTP_BOOT_ENABLE) == TRUE
> + gEfiNetworkPkgTokenSpaceGuid.PcdAllowHttpConnections|TRUE
> +!endif
> +
> +
> +################################################################################
> +#
> +# Components Section
> +#
> +################################################################################
> +[Components]
> + MdeModulePkg/Universal/Network/ArpDxe/ArpDxe.inf
> + MdeModulePkg/Universal/Network/Dhcp4Dxe/Dhcp4Dxe.inf
> + MdeModulePkg/Universal/Network/DpcDxe/DpcDxe.inf
> + MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Dxe.inf
> + MdeModulePkg/Universal/Network/MnpDxe/MnpDxe.inf
> + MdeModulePkg/Universal/Network/Mtftp4Dxe/Mtftp4Dxe.inf
> + MdeModulePkg/Universal/Network/SnpDxe/SnpDxe.inf
> + MdeModulePkg/Universal/Network/Udp4Dxe/Udp4Dxe.inf
> + MdeModulePkg/Universal/Network/VlanConfigDxe/VlanConfigDxe.inf
> +!if $(CONFIG_NETWORK_IP6_ENABLE) == TRUE
> + NetworkPkg/Dhcp6Dxe/Dhcp6Dxe.inf
> + NetworkPkg/Ip6Dxe/Ip6Dxe.inf
> + NetworkPkg/IScsiDxe/IScsiDxe.inf
> + NetworkPkg/Mtftp6Dxe/Mtftp6Dxe.inf
> + NetworkPkg/TcpDxe/TcpDxe.inf
> + NetworkPkg/Udp6Dxe/Udp6Dxe.inf
> + NetworkPkg/UefiPxeBcDxe/UefiPxeBcDxe.inf
> +!else
> + MdeModulePkg/Universal/Network/IScsiDxe/IScsiDxe.inf
> + MdeModulePkg/Universal/Network/Tcp4Dxe/Tcp4Dxe.inf
> + MdeModulePkg/Universal/Network/UefiPxeBcDxe/UefiPxeBcDxe.inf
> +!endif
> +!if $(CONFIG_HTTP_BOOT_ENABLE) == TRUE
> + NetworkPkg/DnsDxe/DnsDxe.inf
> + NetworkPkg/HttpBootDxe/HttpBootDxe.inf
> + NetworkPkg/HttpDxe/HttpDxe.inf
> + NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf
> +!endif
> +!if $(CONFIG_TLS_ENABLE) == TRUE
> + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf
> + NetworkPkg/TlsDxe/TlsDxe.inf
> +!endif
> diff --git a/ConfigPkg/Network/Network.fdf.inc b/ConfigPkg/Network/Network.fdf.inc
> new file mode 100644
> index 0000000000..614fd18a9a
> --- /dev/null
> +++ b/ConfigPkg/Network/Network.fdf.inc
> @@ -0,0 +1,47 @@
> +## @file
> +#
> +# Copyright (c) 2017, Linaro ltd. All rights reserved.<BR>
> +#
> +# This program and the accompanying materials are licensed and made available
> +# under the terms and conditions of the BSD License which accompanies this
> +# distribution. The full text of the license may be found at
> +# http://opensource.org/licenses/bsd-license.php
> +#
> +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
> +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
> +#
> +##
> +
> +
> + INF MdeModulePkg/Universal/Network/ArpDxe/ArpDxe.inf
> + INF MdeModulePkg/Universal/Network/Dhcp4Dxe/Dhcp4Dxe.inf
> + INF MdeModulePkg/Universal/Network/DpcDxe/DpcDxe.inf
> + INF MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Dxe.inf
> + INF MdeModulePkg/Universal/Network/MnpDxe/MnpDxe.inf
> + INF MdeModulePkg/Universal/Network/Mtftp4Dxe/Mtftp4Dxe.inf
> + INF MdeModulePkg/Universal/Network/SnpDxe/SnpDxe.inf
> + INF MdeModulePkg/Universal/Network/Udp4Dxe/Udp4Dxe.inf
> + INF MdeModulePkg/Universal/Network/VlanConfigDxe/VlanConfigDxe.inf
> +!if $(CONFIG_NETWORK_IP6_ENABLE) == TRUE
> + INF NetworkPkg/Dhcp6Dxe/Dhcp6Dxe.inf
> + INF NetworkPkg/Ip6Dxe/Ip6Dxe.inf
> + INF NetworkPkg/IScsiDxe/IScsiDxe.inf
> + INF NetworkPkg/Mtftp6Dxe/Mtftp6Dxe.inf
> + INF NetworkPkg/TcpDxe/TcpDxe.inf
> + INF NetworkPkg/Udp6Dxe/Udp6Dxe.inf
> + INF NetworkPkg/UefiPxeBcDxe/UefiPxeBcDxe.inf
> +!else
> + INF MdeModulePkg/Universal/Network/IScsiDxe/IScsiDxe.inf
> + INF MdeModulePkg/Universal/Network/Tcp4Dxe/Tcp4Dxe.inf
> + INF MdeModulePkg/Universal/Network/UefiPxeBcDxe/UefiPxeBcDxe.inf
> +!endif
> +!if $(CONFIG_HTTP_BOOT_ENABLE) == TRUE
> + INF NetworkPkg/DnsDxe/DnsDxe.inf
> + INF NetworkPkg/HttpBootDxe/HttpBootDxe.inf
> + INF NetworkPkg/HttpDxe/HttpDxe.inf
> + INF NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf
> +!endif
> +!if $(CONFIG_TLS_ENABLE) == TRUE
> + INF NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf
> + INF NetworkPkg/TlsDxe/TlsDxe.inf
> +!endif
> --
> 2.11.0
>
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [RFC 0/6] Create central repository for boilerplate configuration
2017-09-20 17:27 [RFC 0/6] Create central repository for boilerplate configuration Leif Lindholm
` (6 preceding siblings ...)
2017-09-20 18:14 ` [RFC 0/6] Create central repository for boilerplate configuration Laszlo Ersek
@ 2017-09-21 12:47 ` Yao, Jiewen
2017-09-21 13:21 ` Kirkendall, Garrett
8 siblings, 0 replies; 16+ messages in thread
From: Yao, Jiewen @ 2017-09-21 12:47 UTC (permalink / raw)
To: Leif Lindholm, edk2-devel@lists.01.org
Cc: Kinney, Michael D, Justen, Jordan L, Laszlo Ersek, Andrew Fish,
Ard Biesheuvel
Hi Leif
It is good to see such configuration.
Here is some of my thought:
1) We have similar idea. But there is one key difference is that we do not use MACRO, but use PCD to control feature selection.
For example, we defined
gPlatformModuleTokenSpaceGuid.PcdUefiSecureBootEnable|FALSE|BOOLEAN|0xF00000A4
gPlatformModuleTokenSpaceGuid.PcdTpm2Enable |FALSE|BOOLEAN|0xF00000A5
gPlatformModuleTokenSpaceGuid.PcdPerformanceEnable |FALSE|BOOLEAN|0xF00000A6
in https://github.com/tianocore/edk2-platforms/blob/devel-MinPlatform/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dec
And they are used in https://github.com/tianocore/edk2-platforms/blob/devel-MinPlatform/Platform/Intel/MinPlatformPkg/Include/Fdf/CoreDxeInclude.fdf
I suggest we consider using PCD for configuration.
2) I do not suggest we use configuration for library, if this library only has one instance.
For example:
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
If no module need this library, this library will be ignored directly.
We can always leave BaseCryptLib there. No impact.
3) For below NULL library, we need put configuration around the NULL library instance, instead of the module. As such we may add more NULL instance, such as DxeTpm2MeasureBootLib.
+!if $(CONFIG_SECURE_BOOT_ENABLE) == TRUE
+ MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {
+ <LibraryClasses>
+ NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
+ }
To
MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {
<LibraryClasses>
!if gSecurityTokenSpaceGuid.PcdUefiSecureBootEnable == TRUE
NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
!endif
!if gSecurityTokenSpaceGuid.PcdTpm2Enable == TRUE
NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
!endif
}
Thank you
Yao Jiewen
> -----Original Message-----
> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Leif
> Lindholm
> Sent: Thursday, September 21, 2017 1:28 AM
> To: edk2-devel@lists.01.org
> Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Justen, Jordan L
> <jordan.l.justen@intel.com>; Laszlo Ersek <lersek@redhat.com>; Andrew Fish
> <afish@apple.com>; Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Subject: [edk2] [RFC 0/6] Create central repository for boilerplate configuration
>
> An awful lot of platform configuration is just repeated verbatim for
> every platform. This is my first stab at eliminating some of this
> redundancy.
>
> I have additional bits as work in progress, but before I sink too much
> time into it, I would like to try to gather feedback on this approach
> (all the way down to directory structure).
>
> This first round deals with basic network support and Secure Boot
> requirements.
>
> Leif Lindholm (6):
> ConfigPkg: add new package for holding common config fragments
> ArmVirtPkg: use ConfigPkg for common network items
> OvmfPkg: use ConfigPkg for common network items
> ConfigPkg: add common Security settings
> ArmVirtPkg: use ConfigPkg for common security items
> OvmfPkg: use ConfigPkg for common security items
>
> ArmVirtPkg/ArmVirt.dsc.inc | 25 ++--------
> ArmVirtPkg/ArmVirtQemu.dsc | 46 +++---------------
> ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 24 ++--------
> ArmVirtPkg/ArmVirtQemuKernel.dsc | 46 +++---------------
> ConfigPkg/Network/Network.dsc.inc | 92
> ++++++++++++++++++++++++++++++++++++
> ConfigPkg/Network/Network.fdf.inc | 47 ++++++++++++++++++
> ConfigPkg/Security/Security.dsc.inc | 67 ++++++++++++++++++++++++++
> ConfigPkg/Security/Security.fdf.inc | 17 +++++++
> OvmfPkg/OvmfPkgIa32.dsc | 92 ++++--------------------------------
> OvmfPkg/OvmfPkgIa32.fdf | 37 +--------------
> OvmfPkg/OvmfPkgIa32X64.dsc | 90 ++++-------------------------------
> OvmfPkg/OvmfPkgIa32X64.fdf | 37 +--------------
> OvmfPkg/OvmfPkgX64.dsc | 92
> ++++--------------------------------
> OvmfPkg/OvmfPkgX64.fdf | 37 +--------------
> 14 files changed, 276 insertions(+), 473 deletions(-)
> create mode 100644 ConfigPkg/Network/Network.dsc.inc
> create mode 100644 ConfigPkg/Network/Network.fdf.inc
> create mode 100644 ConfigPkg/Security/Security.dsc.inc
> create mode 100644 ConfigPkg/Security/Security.fdf.inc
>
> --
> 2.11.0
>
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [RFC 0/6] Create central repository for boilerplate configuration
2017-09-20 17:27 [RFC 0/6] Create central repository for boilerplate configuration Leif Lindholm
` (7 preceding siblings ...)
2017-09-21 12:47 ` Yao, Jiewen
@ 2017-09-21 13:21 ` Kirkendall, Garrett
8 siblings, 0 replies; 16+ messages in thread
From: Kirkendall, Garrett @ 2017-09-21 13:21 UTC (permalink / raw)
To: Leif Lindholm, edk2-devel@lists.01.org
Cc: Michael D Kinney, Jordan Justen, Laszlo Ersek, Andrew Fish,
Ard Biesheuvel
Something I have found useful is leaving the intended file extension at the end of the file name. That way, you still know it is intended to be "!include"ed, but any editor file extensions you have set up still work on these files.
ConfigPkg/Security/Security.dsc.inc => ConfigPkg/Security/Security.inc.dsc
Since DSC can merge sections from different files, one *.inc.dsc file is sufficient with multiple sections.
For FDF files, I've found that sections cannot be merged so it might be better to indicate where pieces are intended to be included *.pei.inc.fdf and *.dxe.inc.fdf. Also, these files probably shouldn't contain section headers because you don't know what a platform might call the sections/FVs. (general statements, not critique on this RFC)
This allows people to "!include" directly and know where the pieces are intended to go. Plus it gives a quick view indication in the platform DSC and FDF files that things have been "!include"ed in the correct sections of the file.
Thanks,
GARRETT KIRKENDALL
SMTS Firmware Engineer | CTE
7171 Southwest Parkway, Austin, TX 78735 USA
AMD facebook | amd.com
> -----Original Message-----
> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of
> Leif Lindholm
> Sent: Wednesday, September 20, 2017 12:28 PM
> To: edk2-devel@lists.01.org
> Cc: Michael D Kinney <michael.d.kinney@intel.com>; Jordan Justen
> <jordan.l.justen@intel.com>; Laszlo Ersek <lersek@redhat.com>; Andrew Fish
> <afish@apple.com>; Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Subject: [edk2] [RFC 0/6] Create central repository for boilerplate
> configuration
>
> An awful lot of platform configuration is just repeated verbatim for every
> platform. This is my first stab at eliminating some of this redundancy.
>
> I have additional bits as work in progress, but before I sink too much
> time into it, I would like to try to gather feedback on this approach (all
> the way down to directory structure).
>
> This first round deals with basic network support and Secure Boot
> requirements.
>
> Leif Lindholm (6):
> ConfigPkg: add new package for holding common config fragments
> ArmVirtPkg: use ConfigPkg for common network items
> OvmfPkg: use ConfigPkg for common network items
> ConfigPkg: add common Security settings
> ArmVirtPkg: use ConfigPkg for common security items
> OvmfPkg: use ConfigPkg for common security items
>
> ArmVirtPkg/ArmVirt.dsc.inc | 25 ++--------
> ArmVirtPkg/ArmVirtQemu.dsc | 46 +++---------------
> ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 24 ++--------
> ArmVirtPkg/ArmVirtQemuKernel.dsc | 46 +++---------------
> ConfigPkg/Network/Network.dsc.inc | 92
> ++++++++++++++++++++++++++++++++++++
> ConfigPkg/Network/Network.fdf.inc | 47 ++++++++++++++++++
> ConfigPkg/Security/Security.dsc.inc | 67 ++++++++++++++++++++++++++
> ConfigPkg/Security/Security.fdf.inc | 17 +++++++
> OvmfPkg/OvmfPkgIa32.dsc | 92 ++++---------------------------
> -----
> OvmfPkg/OvmfPkgIa32.fdf | 37 +--------------
> OvmfPkg/OvmfPkgIa32X64.dsc | 90 ++++---------------------------
> ----
> OvmfPkg/OvmfPkgIa32X64.fdf | 37 +--------------
> OvmfPkg/OvmfPkgX64.dsc | 92 ++++---------------------------
> -----
> OvmfPkg/OvmfPkgX64.fdf | 37 +--------------
> 14 files changed, 276 insertions(+), 473 deletions(-) create mode 100644
> ConfigPkg/Network/Network.dsc.inc create mode 100644
> ConfigPkg/Network/Network.fdf.inc create mode 100644
> ConfigPkg/Security/Security.dsc.inc
> create mode 100644 ConfigPkg/Security/Security.fdf.inc
>
> --
> 2.11.0
>
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [RFC 0/6] Create central repository for boilerplate configuration
2017-09-20 21:09 ` Leif Lindholm
@ 2017-09-22 11:20 ` Laszlo Ersek
2017-09-23 16:58 ` Leif Lindholm
0 siblings, 1 reply; 16+ messages in thread
From: Laszlo Ersek @ 2017-09-22 11:20 UTC (permalink / raw)
To: Leif Lindholm
Cc: edk2-devel, Michael D Kinney, Jordan Justen, Andrew Fish,
Ard Biesheuvel, Gao, Liming, Zhu, Yonghong
On 09/20/17 23:09, Leif Lindholm wrote:
> On Wed, Sep 20, 2017 at 08:14:59PM +0200, Laszlo Ersek wrote:
>> (2) Replacing a build define called FOOBAR with CONFIG_FOOBAR will break
>> all downstream build scripts. Is the CONFIG_ prefix a requirement?
>
> It was explicitly intended to break compatibility, to ensure we didn't
> end up with things accidentally working until something unrelated
> changed in the future.
Interesting idea. I guess we could try to reach out to all of the
"repeat builders" of OVMF.
>
>> (3) I think PCDs should not be included in ConfigPkg DSC include files,
>> even if several platforms set the same value. The set of libraries and
>> driver modules commonly used for a given feature is mostly constant
>> across platforms (and it is easy to extend, incrementally); but I don't
>> think the same holds for PCDs. Especially if a user wants to change a
>> PCD for one platform but not the other. Even if repeated settings for a
>> PCD worked (all on the same level of "specificity"), I'd find the result
>> confusing.
>
> Also a subject for discussion.
> My intent was that if most of the open source platforms had an
> override on the default of a particular Pcd, we could override it in
> the config fragments without changing the .dec (and affecting
> non-public ports).
Right, that's great...
> Individual platforms can still override (again).
... but this "again" part is what confuses me (assuming it would
technically work). We'd have a PCD default in the .dec, then a setting
in the central .dsc.inc that ultimately qualifies as a platform-level
setting, and finally a setting in the actual platform .dsc, which *also*
qualifies as a platform-level setting. IOW, one in the .dec, and two in
the (final) .dsc.
I have no clue if this works, but even if it does, the priority could
depend on the order of inclusion, which I find confusing.
Liming, Yonghong, can you guys please comment on this?
Thanks!
Laszlo
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [RFC 1/6] ConfigPkg: add new package for holding common config fragments
2017-09-21 0:05 ` Ard Biesheuvel
@ 2017-09-22 11:22 ` Laszlo Ersek
0 siblings, 0 replies; 16+ messages in thread
From: Laszlo Ersek @ 2017-09-22 11:22 UTC (permalink / raw)
To: Ard Biesheuvel, Leif Lindholm
Cc: edk2-devel@lists.01.org, Andrew Fish, Michael D Kinney,
Jordan Justen
On 09/21/17 02:05, Ard Biesheuvel wrote:
> On 20 September 2017 at 10:27, Leif Lindholm <leif.lindholm@linaro.org> wrote:
>> Start with common networking options.
>>
>> Contributed-under: TianoCore Contribution Agreement 1.1
>> Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
>> ---
>> ConfigPkg/Network/Network.dsc.inc | 92 +++++++++++++++++++++++++++++++++++++++
>> ConfigPkg/Network/Network.fdf.inc | 47 ++++++++++++++++++++
>> 2 files changed, 139 insertions(+)
>> create mode 100644 ConfigPkg/Network/Network.dsc.inc
>> create mode 100644 ConfigPkg/Network/Network.fdf.inc
>>
>> diff --git a/ConfigPkg/Network/Network.dsc.inc b/ConfigPkg/Network/Network.dsc.inc
>> new file mode 100644
>> index 0000000000..8c53350deb
>> --- /dev/null
>> +++ b/ConfigPkg/Network/Network.dsc.inc
>> @@ -0,0 +1,92 @@
>> +## @file
>> +#
>> +# Copyright (c) 2017, Linaro ltd. All rights reserved.<BR>
>> +#
>> +# This program and the accompanying materials are licensed and made available
>> +# under the terms and conditions of the BSD License which accompanies this
>> +# distribution. The full text of the license may be found at
>> +# http://opensource.org/licenses/bsd-license.php
>> +#
>> +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
>> +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
>> +#
>> +##
>> +
>> +
>> +################################################################################
>> +#
>> +# Library Class section
>> +#
>> +################################################################################
>> +[LibraryClasses]
>> + DpcLib|MdeModulePkg/Library/DxeDpcLib/DxeDpcLib.inf
>> + IpIoLib|MdeModulePkg/Library/DxeIpIoLib/DxeIpIoLib.inf
>> + NetLib|MdeModulePkg/Library/DxeNetLib/DxeNetLib.inf
>> + UdpIoLib|MdeModulePkg/Library/DxeUdpIoLib/DxeUdpIoLib.inf
>> +
>
> Now that you have made a clean spot: any reason we shouldn't do
>
> DpcLib |MdeModulePkg/Library/DxeDpcLib/DxeDpcLib.inf
> IpIoLib |MdeModulePkg/Library/DxeIpIoLib/DxeIpIoLib.inf
> NetLib |MdeModulePkg/Library/DxeNetLib/DxeNetLib.inf
> UdpIoLib |MdeModulePkg/Library/DxeUdpIoLib/DxeUdpIoLib.inf
>
> ?
Do you mean the nicer visual layout / alignment?
Thanks
Laszlo
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [RFC 0/6] Create central repository for boilerplate configuration
2017-09-22 11:20 ` Laszlo Ersek
@ 2017-09-23 16:58 ` Leif Lindholm
2017-09-25 5:27 ` Gao, Liming
0 siblings, 1 reply; 16+ messages in thread
From: Leif Lindholm @ 2017-09-23 16:58 UTC (permalink / raw)
To: Laszlo Ersek
Cc: edk2-devel, Michael D Kinney, Jordan Justen, Andrew Fish,
Ard Biesheuvel, Gao, Liming, Zhu, Yonghong
On Fri, Sep 22, 2017 at 01:20:57PM +0200, Laszlo Ersek wrote:
> On 09/20/17 23:09, Leif Lindholm wrote:
> > On Wed, Sep 20, 2017 at 08:14:59PM +0200, Laszlo Ersek wrote:
>
> >> (2) Replacing a build define called FOOBAR with CONFIG_FOOBAR will break
> >> all downstream build scripts. Is the CONFIG_ prefix a requirement?
> >
> > It was explicitly intended to break compatibility, to ensure we didn't
> > end up with things accidentally working until something unrelated
> > changed in the future.
>
> Interesting idea. I guess we could try to reach out to all of the
> "repeat builders" of OVMF.
The proposal to drive the CONFIG options as Pcds would also be a
solution to this issue.
> >> (3) I think PCDs should not be included in ConfigPkg DSC include files,
> >> even if several platforms set the same value. The set of libraries and
> >> driver modules commonly used for a given feature is mostly constant
> >> across platforms (and it is easy to extend, incrementally); but I don't
> >> think the same holds for PCDs. Especially if a user wants to change a
> >> PCD for one platform but not the other. Even if repeated settings for a
> >> PCD worked (all on the same level of "specificity"), I'd find the result
> >> confusing.
> >
> > Also a subject for discussion.
> > My intent was that if most of the open source platforms had an
> > override on the default of a particular Pcd, we could override it in
> > the config fragments without changing the .dec (and affecting
> > non-public ports).
>
> Right, that's great...
>
> > Individual platforms can still override (again).
>
> ... but this "again" part is what confuses me (assuming it would
> technically work). We'd have a PCD default in the .dec, then a setting
> in the central .dsc.inc that ultimately qualifies as a platform-level
> setting, and finally a setting in the actual platform .dsc, which *also*
> qualifies as a platform-level setting. IOW, one in the .dec, and two in
> the (final) .dsc.
Yes. But I cannot think of another way of handling it, that does not
also mean stuffing a lot of boiler plate back into the platform-level
files.
> I have no clue if this works, but even if it does, the priority could
> depend on the order of inclusion, which I find confusing.
Oh, definitely. But also under complete control of the platform.
Potentially, if this becomes some great success story, we will want to
extend the build command with a separate [includes] section to give
greater control over enforcing order.
> Liming, Yonghong, can you guys please comment on this?
Yes, please :)
Regards,
Leif
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [RFC 0/6] Create central repository for boilerplate configuration
2017-09-23 16:58 ` Leif Lindholm
@ 2017-09-25 5:27 ` Gao, Liming
0 siblings, 0 replies; 16+ messages in thread
From: Gao, Liming @ 2017-09-25 5:27 UTC (permalink / raw)
To: Leif Lindholm, Laszlo Ersek
Cc: edk2-devel@lists.01.org, Kinney, Michael D, Justen, Jordan L,
Andrew Fish, Ard Biesheuvel, Zhu, Yonghong
Laszlo and Leif:
PCD value are the position relation. In DSC file, the latter one will override the first one. But, PCD type can't be overridden. For example, if PCD is listed in [PcdsFixedAtBuild] section in the config.inc, PCD can't be listed in [PcdsPatchableInModule] section in Platform.dsc. I think Platform may not only override PCD value, but also override PCD type. To meet with platform requirement, we had better not place PCD setting in common DSC file.
Thanks
Liming
>-----Original Message-----
>From: Leif Lindholm [mailto:leif.lindholm@linaro.org]
>Sent: Sunday, September 24, 2017 12:58 AM
>To: Laszlo Ersek <lersek@redhat.com>
>Cc: edk2-devel@lists.01.org; Kinney, Michael D
><michael.d.kinney@intel.com>; Justen, Jordan L <jordan.l.justen@intel.com>;
>Andrew Fish <afish@apple.com>; Ard Biesheuvel
><ard.biesheuvel@linaro.org>; Gao, Liming <liming.gao@intel.com>; Zhu,
>Yonghong <yonghong.zhu@intel.com>
>Subject: Re: [edk2] [RFC 0/6] Create central repository for boilerplate
>configuration
>
>On Fri, Sep 22, 2017 at 01:20:57PM +0200, Laszlo Ersek wrote:
>> On 09/20/17 23:09, Leif Lindholm wrote:
>> > On Wed, Sep 20, 2017 at 08:14:59PM +0200, Laszlo Ersek wrote:
>>
>> >> (2) Replacing a build define called FOOBAR with CONFIG_FOOBAR will
>break
>> >> all downstream build scripts. Is the CONFIG_ prefix a requirement?
>> >
>> > It was explicitly intended to break compatibility, to ensure we didn't
>> > end up with things accidentally working until something unrelated
>> > changed in the future.
>>
>> Interesting idea. I guess we could try to reach out to all of the
>> "repeat builders" of OVMF.
>
>The proposal to drive the CONFIG options as Pcds would also be a
>solution to this issue.
>
>> >> (3) I think PCDs should not be included in ConfigPkg DSC include files,
>> >> even if several platforms set the same value. The set of libraries and
>> >> driver modules commonly used for a given feature is mostly constant
>> >> across platforms (and it is easy to extend, incrementally); but I don't
>> >> think the same holds for PCDs. Especially if a user wants to change a
>> >> PCD for one platform but not the other. Even if repeated settings for a
>> >> PCD worked (all on the same level of "specificity"), I'd find the result
>> >> confusing.
>> >
>> > Also a subject for discussion.
>> > My intent was that if most of the open source platforms had an
>> > override on the default of a particular Pcd, we could override it in
>> > the config fragments without changing the .dec (and affecting
>> > non-public ports).
>>
>> Right, that's great...
>>
>> > Individual platforms can still override (again).
>>
>> ... but this "again" part is what confuses me (assuming it would
>> technically work). We'd have a PCD default in the .dec, then a setting
>> in the central .dsc.inc that ultimately qualifies as a platform-level
>> setting, and finally a setting in the actual platform .dsc, which *also*
>> qualifies as a platform-level setting. IOW, one in the .dec, and two in
>> the (final) .dsc.
>
>Yes. But I cannot think of another way of handling it, that does not
>also mean stuffing a lot of boiler plate back into the platform-level
>files.
>
>> I have no clue if this works, but even if it does, the priority could
>> depend on the order of inclusion, which I find confusing.
>
>Oh, definitely. But also under complete control of the platform.
>
>Potentially, if this becomes some great success story, we will want to
>extend the build command with a separate [includes] section to give
>greater control over enforcing order.
>
>> Liming, Yonghong, can you guys please comment on this?
>
>Yes, please :)
>
>Regards,
>
>Leif
^ permalink raw reply [flat|nested] 16+ messages in thread
end of thread, other threads:[~2017-09-25 5:24 UTC | newest]
Thread overview: 16+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-09-20 17:27 [RFC 0/6] Create central repository for boilerplate configuration Leif Lindholm
2017-09-20 17:27 ` [RFC 1/6] ConfigPkg: add new package for holding common config fragments Leif Lindholm
2017-09-21 0:05 ` Ard Biesheuvel
2017-09-22 11:22 ` Laszlo Ersek
2017-09-20 17:27 ` [RFC 2/6] ArmVirtPkg: use ConfigPkg for common network items Leif Lindholm
2017-09-20 17:27 ` [RFC 3/6] OvmfPkg: " Leif Lindholm
2017-09-20 17:27 ` [RFC 4/6] ConfigPkg: add common Security settings Leif Lindholm
2017-09-20 17:27 ` [RFC 5/6] ArmVirtPkg: use ConfigPkg for common security items Leif Lindholm
2017-09-20 17:27 ` [RFC 6/6] OvmfPkg: " Leif Lindholm
2017-09-20 18:14 ` [RFC 0/6] Create central repository for boilerplate configuration Laszlo Ersek
2017-09-20 21:09 ` Leif Lindholm
2017-09-22 11:20 ` Laszlo Ersek
2017-09-23 16:58 ` Leif Lindholm
2017-09-25 5:27 ` Gao, Liming
2017-09-21 12:47 ` Yao, Jiewen
2017-09-21 13:21 ` Kirkendall, Garrett
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox