From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.groups.io with SMTP id smtpd.web11.7432.1624360267876719650 for ; Tue, 22 Jun 2021 04:11:08 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=P0kOZqnB; spf=pass (domain: redhat.com, ip: 170.10.133.124, mailfrom: lersek@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1624360267; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=UzeT7ddE4gvnLKIpooJEhnN0lC7nk5zGBuS9sYYzKqw=; b=P0kOZqnBAzTfG9xVci5CNCVE9aO7X0HPNtDqluJbPht7VM32aKJLbgUgHWfLPh7TqsWdlh 7sPbsW2UijvhJCRi/kRyGbrz+4GyhQD61vKPJeWGwpMIXDZmN9fF+O9G8L6fuHZ2hzMseQ inKEic6dnUkUKTy2pJ0DWrMWsZe4C+8= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-206-ftCJoz2aP8-x_Cox7YH4_A-1; Tue, 22 Jun 2021 07:11:02 -0400 X-MC-Unique: ftCJoz2aP8-x_Cox7YH4_A-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id C2B1C1084F56; Tue, 22 Jun 2021 11:10:59 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-115-52.ams2.redhat.com [10.36.115.52]) by smtp.corp.redhat.com (Postfix) with ESMTPS id B93A61962F; Tue, 22 Jun 2021 11:10:53 +0000 (UTC) Subject: Re: [PATCH v3 2/8] Platforms: add SecureBootVariableLib class resolution To: Grzegorz Bernacki , devel@edk2.groups.io Cc: leif@nuviainc.com, ardb+tianocore@kernel.org, Samer.El-Haj-Mahmoud@arm.com, sunny.Wang@arm.com, mw@semihalf.com, upstream@semihalf.com, jiewen.yao@intel.com, jian.j.wang@intel.com, min.m.xu@intel.com, sami.mujawar@arm.com, afish@apple.com, ray.ni@intel.com, jordan.l.justen@intel.com, rebecca@bsdio.com, grehan@freebsd.org, thomas.abraham@arm.com, chasel.chiu@intel.com, nathaniel.l.desimone@intel.com, gaoliming@byosoft.com.cn, eric.dong@intel.com, michael.d.kinney@intel.com, zailiang.sun@intel.com, yi.qian@intel.com, graeme@nuviainc.com, rad@semihalf.com, pete@akeo.ie References: <20210614094308.2314345-1-gjb@semihalf.com> <20210614094308.2314345-5-gjb@semihalf.com> From: "Laszlo Ersek" Message-ID: Date: Tue, 22 Jun 2021 13:10:52 +0200 MIME-Version: 1.0 In-Reply-To: <20210614094308.2314345-5-gjb@semihalf.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=lersek@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Hi Grzegorz, On 06/14/21 11:43, Grzegorz Bernacki wrote: > Update platform files to add SecureBootVariableLib for each > platform which uses SecureBootConfigDxe. > > Signed-off-by: Grzegorz Bernacki > --- > ArmVirtPkg/ArmVirtQemu.dsc | 3 +++ > ArmVirtPkg/ArmVirtQemuKernel.dsc | 3 +++ > EmulatorPkg/EmulatorPkg.dsc | 1 + > OvmfPkg/Bhyve/BhyveX64.dsc | 1 + > OvmfPkg/OvmfPkgIa32.dsc | 1 + > OvmfPkg/OvmfPkgIa32X64.dsc | 1 + > OvmfPkg/OvmfPkgX64.dsc | 1 + > 7 files changed, 11 insertions(+) please split this patch in three (one patch per package), and assign according subject lines to those patches as well. I had some difficulties determining what I should look at in this patch set at all (the subject in particular is unhelpful). Thanks, Laszlo > > diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc > index 7ef5e7297b..c9cb0ff4ae 100644 > --- a/ArmVirtPkg/ArmVirtQemu.dsc > +++ b/ArmVirtPkg/ArmVirtQemu.dsc > @@ -82,6 +82,9 @@ > PciHostBridgeLib|ArmVirtPkg/Library/FdtPciHostBridgeLib/FdtPciHostBridgeLib.inf > PciHostBridgeUtilityLib|OvmfPkg/Library/PciHostBridgeUtilityLib/PciHostBridgeUtilityLib.inf > > +!if $(SECURE_BOOT_ENABLE) == TRUE > + SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf > +!endif > !if $(TPM2_ENABLE) == TRUE > Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf > Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf > diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc > index a542fcb157..97b36e895e 100644 > --- a/ArmVirtPkg/ArmVirtQemuKernel.dsc > +++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc > @@ -81,6 +81,9 @@ > PciHostBridgeUtilityLib|OvmfPkg/Library/PciHostBridgeUtilityLib/PciHostBridgeUtilityLib.inf > TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf > > +!if $(SECURE_BOOT_ENABLE) == TRUE > + SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf > +!endif > [LibraryClasses.common.DXE_DRIVER] > ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf > > diff --git a/EmulatorPkg/EmulatorPkg.dsc b/EmulatorPkg/EmulatorPkg.dsc > index 20e5468398..966cc7af01 100644 > --- a/EmulatorPkg/EmulatorPkg.dsc > +++ b/EmulatorPkg/EmulatorPkg.dsc > @@ -132,6 +132,7 @@ > OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf > AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf > + SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf > !else > AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf > !endif > diff --git a/OvmfPkg/Bhyve/BhyveX64.dsc b/OvmfPkg/Bhyve/BhyveX64.dsc > index d8792812ab..f9c8131309 100644 > --- a/OvmfPkg/Bhyve/BhyveX64.dsc > +++ b/OvmfPkg/Bhyve/BhyveX64.dsc > @@ -198,6 +198,7 @@ > !if $(SECURE_BOOT_ENABLE) == TRUE > PlatformSecureLib|OvmfPkg/Bhyve/Library/PlatformSecureLib/PlatformSecureLib.inf > AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf > + SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf > !else > AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf > !endif > diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc > index f53efeae79..9225966541 100644 > --- a/OvmfPkg/OvmfPkgIa32.dsc > +++ b/OvmfPkg/OvmfPkgIa32.dsc > @@ -204,6 +204,7 @@ > !if $(SECURE_BOOT_ENABLE) == TRUE > PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf > AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf > + SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf > !else > AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf > !endif > diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc > index b3662e17f2..5d53327edb 100644 > --- a/OvmfPkg/OvmfPkgIa32X64.dsc > +++ b/OvmfPkg/OvmfPkgIa32X64.dsc > @@ -208,6 +208,7 @@ > !if $(SECURE_BOOT_ENABLE) == TRUE > PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf > AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf > + SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf > !else > AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf > !endif > diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc > index 0a237a9058..509acf7926 100644 > --- a/OvmfPkg/OvmfPkgX64.dsc > +++ b/OvmfPkg/OvmfPkgX64.dsc > @@ -208,6 +208,7 @@ > !if $(SECURE_BOOT_ENABLE) == TRUE > PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf > AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf > + SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf > !else > AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf > !endif >