From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by mx.groups.io with SMTP id smtpd.web12.32335.1656631779038420889 for ; Thu, 30 Jun 2022 16:29:53 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=Eh88TsYy; spf=pass (domain: intel.com, ip: 134.134.136.126, mailfrom: min.m.xu@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1656631793; x=1688167793; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=MTGguawwM3KpIGvDf47NMqsco/wtofdiJSUS3uoIARo=; b=Eh88TsYy1saPe3Gdf8U59U34twhIvnZfgTyt5mxIpbgJnxfXk495LMCT CtN/59P/0kInUpHfUnE02HhB1ZchfemZFa+X2JVlUmcSNI6O58yGE1KJM FOHgt+ukpcqhme6vp4NCK1ZVJ/WkHpz7Mfr2un7y40g/Pz6O88PQhcbt1 l5e0oJ/FgFfHFRMoBM8qKtn/EPagdG/0UcbZctKW+V8PqBbh/Cb6/IUoo zOh/dZOYWTnRHPNnPpqLeddkgUtVf9vTrGl3kCQEx739hRCBycD0Dx7Rw IyHEa1xt/c3ARf5wukhUZM1HC69DuQLyaTngNi1Zg4/ZwkFmjCj21Eny8 w==; X-IronPort-AV: E=McAfee;i="6400,9594,10394"; a="265528387" X-IronPort-AV: E=Sophos;i="5.92,235,1650956400"; d="scan'208";a="265528387" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Jun 2022 16:29:53 -0700 X-IronPort-AV: E=Sophos;i="5.92,235,1650956400"; d="scan'208";a="648098766" Received: from mxu9-mobl1.ccr.corp.intel.com ([10.255.29.210]) by fmsmga008-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Jun 2022 16:29:51 -0700 From: "Min Xu" To: devel@edk2.groups.io Cc: Min M Xu , Erdem Aktas , James Bottomley , Jiewen Yao , Tom Lendacky , Gerd Hoffmann Subject: [PATCH V4 8/8] OvmfPkg: Add build-flag SECURE_BOOT_FEATURE_ENABLED Date: Fri, 1 Jul 2022 07:29:17 +0800 Message-Id: X-Mailer: git-send-email 2.29.2.windows.2 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: Min M Xu SECURE_BOOT_FEATURE_ENABLED is the build-flag defined when secure boot is enabled. Currently this flag is used in below lib: - OvmfPkg/PlatformPei - PeilessStartupLib So it is defined in below 5 .dsc - OvmfPkg/CloudHv/CloudHvX64.dsc - OvmfPkg/IntelTdx/IntelTdxX64.dsc - OvmfPkg/OvmfPkgIa32.dsc - OvmfPkg/OvmfPkgIa32X64.dsc - OvmfPkg/OvmfPkgX64.dsc Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lendacky Cc: Gerd Hoffmann Signed-off-by: Min Xu --- OvmfPkg/CloudHv/CloudHvX64.dsc | 9 +++++++++ OvmfPkg/IntelTdx/IntelTdxX64.dsc | 9 +++++++++ OvmfPkg/OvmfPkgIa32.dsc | 9 +++++++++ OvmfPkg/OvmfPkgIa32X64.dsc | 9 +++++++++ OvmfPkg/OvmfPkgX64.dsc | 9 +++++++++ 5 files changed, 45 insertions(+) diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc b/OvmfPkg/CloudHv/CloudHvX64.dsc index ca601aa09d3a..2712731caf55 100644 --- a/OvmfPkg/CloudHv/CloudHvX64.dsc +++ b/OvmfPkg/CloudHv/CloudHvX64.dsc @@ -93,6 +93,15 @@ INTEL:*_*_*_CC_FLAGS = /D DISABLE_NEW_DEPRECATED_INTERFACES GCC:*_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES + # + # SECURE_BOOT_FEATURE_ENABLED + # +!if $(SECURE_BOOT_ENABLE) == TRUE + MSFT:*_*_*_CC_FLAGS = /D SECURE_BOOT_FEATURE_ENABLED + INTEL:*_*_*_CC_FLAGS = /D SECURE_BOOT_FEATURE_ENABLED + GCC:*_*_*_CC_FLAGS = -D SECURE_BOOT_FEATURE_ENABLED +!endif + !include NetworkPkg/NetworkBuildOptions.dsc.inc [BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER] diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc index c662ae8720ff..f4f495a9d199 100644 --- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc +++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc @@ -85,6 +85,15 @@ INTEL:*_*_*_CC_FLAGS = /D TDX_PEI_LESS_BOOT GCC:*_*_*_CC_FLAGS = -D TDX_PEI_LESS_BOOT + # + # SECURE_BOOT_FEATURE_ENABLED + # +!if $(SECURE_BOOT_ENABLE) == TRUE + MSFT:*_*_*_CC_FLAGS = /D SECURE_BOOT_FEATURE_ENABLED + INTEL:*_*_*_CC_FLAGS = /D SECURE_BOOT_FEATURE_ENABLED + GCC:*_*_*_CC_FLAGS = -D SECURE_BOOT_FEATURE_ENABLED +!endif + [BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER] GCC:*_*_*_DLINK_FLAGS = -z common-page-size=0x1000 XCODE:*_*_*_DLINK_FLAGS = -seg1addr 0x1000 -segalign 0x1000 diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 934edbbd2a7b..3126e695b7dd 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -89,6 +89,15 @@ INTEL:*_*_*_CC_FLAGS = /D DISABLE_NEW_DEPRECATED_INTERFACES GCC:*_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES + # + # SECURE_BOOT_FEATURE_ENABLED + # +!if $(SECURE_BOOT_ENABLE) == TRUE + MSFT:*_*_*_CC_FLAGS = /D SECURE_BOOT_FEATURE_ENABLED + INTEL:*_*_*_CC_FLAGS = /D SECURE_BOOT_FEATURE_ENABLED + GCC:*_*_*_CC_FLAGS = -D SECURE_BOOT_FEATURE_ENABLED +!endif + !include NetworkPkg/NetworkBuildOptions.dsc.inc [BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER] diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 4f432c294958..0c86e0b4882d 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -93,6 +93,15 @@ INTEL:*_*_*_CC_FLAGS = /D DISABLE_NEW_DEPRECATED_INTERFACES GCC:*_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES + # + # SECURE_BOOT_FEATURE_ENABLED + # +!if $(SECURE_BOOT_ENABLE) == TRUE + MSFT:*_*_*_CC_FLAGS = /D SECURE_BOOT_FEATURE_ENABLED + INTEL:*_*_*_CC_FLAGS = /D SECURE_BOOT_FEATURE_ENABLED + GCC:*_*_*_CC_FLAGS = -D SECURE_BOOT_FEATURE_ENABLED +!endif + !include NetworkPkg/NetworkBuildOptions.dsc.inc [BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER] diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index b22da97d4f77..a36bcef4fd3c 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -106,6 +106,15 @@ INTEL:*_*_*_CC_FLAGS = /D TDX_GUEST_SUPPORTED GCC:*_*_*_CC_FLAGS = -D TDX_GUEST_SUPPORTED + # + # SECURE_BOOT_FEATURE_ENABLED + # +!if $(SECURE_BOOT_ENABLE) == TRUE + MSFT:*_*_*_CC_FLAGS = /D SECURE_BOOT_FEATURE_ENABLED + INTEL:*_*_*_CC_FLAGS = /D SECURE_BOOT_FEATURE_ENABLED + GCC:*_*_*_CC_FLAGS = -D SECURE_BOOT_FEATURE_ENABLED +!endif + !include NetworkPkg/NetworkBuildOptions.dsc.inc [BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER] -- 2.29.2.windows.2