From nobody Thu Dec 26 13:10:14 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1505928497879279.475266954001; Wed, 20 Sep 2017 10:28:17 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 6692721D046DC; Wed, 20 Sep 2017 10:25:03 -0700 (PDT) Received: from mail-wr0-x22f.google.com (mail-wr0-x22f.google.com [IPv6:2a00:1450:400c:c0c::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 4F14B20945BF5 for ; Wed, 20 Sep 2017 10:25:02 -0700 (PDT) Received: by mail-wr0-x22f.google.com with SMTP id c23so2738804wrg.9 for ; Wed, 20 Sep 2017 10:28:08 -0700 (PDT) Received: from vanye.hemma.eciton.net (cpc92316-cmbg19-2-0-cust118.5-4.cable.virginm.net. [82.12.0.119]) by smtp.gmail.com with ESMTPSA id j65sm1920429wmj.3.2017.09.20.10.28.05 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 20 Sep 2017 10:28:05 -0700 (PDT) X-Original-To: edk2-devel@lists.01.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=T3E/XchJsON2OwULJBEYPdyyC75SE9GM0QiYMd0i9UM=; b=Q4T/50vK5jXwumcWw1eVCk9pJ7lUrUjRFw8VR7JKXPXjX4QCJVoXYzwGKJJx0kJTns gnQh2uR9NLoug+JOXea0BebZwcuw06oK3praW5e5+Lj9zerSeMBZ5QMwhfHazCIqEWqj 5B80gepdqiPKcYJeGhD1RzIS+TueTBF+wMGB4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=T3E/XchJsON2OwULJBEYPdyyC75SE9GM0QiYMd0i9UM=; b=N1/mrxwCKD02syO99opwfPfvLRTav8GWZFgVRculORBkaEvrLEWhUJMYG2FKNhk16n XsXRu52F5Oa/yQDptJaFo8V9GwwNCgHbRSdsE3ONsO4cHjvO81ECiwniHvUE2Pjfihs2 QcB2XJtin9MuM0pGZHoNOXi4jlc7iOBVCUhRkg6E15UH3qs0jKB4Dk1Y67O8xF/Ho8ua IKLbGQk2mMpo3stw3otKoIntzcgJqQJePiHJrq3PYzReWPQTFa5pIWIInY567siDd0W0 +23jJi2eXaTg4xmghuupneYz01cDWxlDuJd0/LiEONeNto3HTnyGfz5RbPcUbry4TkyI 7eKA== X-Gm-Message-State: AHPjjUhRIOSXO1xA55enwzDBJppEFrgWAbK5H8nc9ahqOq3PHZuaXA+8 iOwBnWMZQC9nhYk+P9xS0F/kJTlg4Nc= X-Google-Smtp-Source: AOwi7QDn7GTPHPYkkUPOIZ7loIwXBgUEmjG7mZN2FhV6OQrWqDQfORIPKkw3ADoheAU+tPk8tyDBiA== X-Received: by 10.223.155.154 with SMTP id d26mr5680913wrc.149.1505928486518; Wed, 20 Sep 2017 10:28:06 -0700 (PDT) From: Leif Lindholm To: edk2-devel@lists.01.org Date: Wed, 20 Sep 2017 18:27:54 +0100 Message-Id: <20170920172755.22767-6-leif.lindholm@linaro.org> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20170920172755.22767-1-leif.lindholm@linaro.org> References: <20170920172755.22767-1-leif.lindholm@linaro.org> Subject: [edk2] [RFC 5/6] ArmVirtPkg: use ConfigPkg for common security items X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Michael D Kinney , Jordan Justen , Laszlo Ersek , Andrew Fish , Ard Biesheuvel MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Remove boilerplate from the QEMU platforms by including ConfigPkg/Security/Security.{dsc|fdf}.inc. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Leif Lindholm --- ArmVirtPkg/ArmVirt.dsc.inc | 19 +++---------------- ArmVirtPkg/ArmVirtQemu.dsc | 12 ++---------- ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 1 + ArmVirtPkg/ArmVirtQemuKernel.dsc | 12 ++---------- 4 files changed, 8 insertions(+), 36 deletions(-) diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc index a9fdddcd6c..5c8be2d689 100644 --- a/ArmVirtPkg/ArmVirt.dsc.inc +++ b/ArmVirtPkg/ArmVirt.dsc.inc @@ -131,18 +131,9 @@ # # Secure Boot dependencies # -!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE - IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf - OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf - TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasure= mentLib.inf - AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf - +!if $(CONFIG_SECURE_BOOT_ENABLE) =3D=3D TRUE # re-use the UserPhysicalPresent() dummy implementation from the ovmf tr= ee PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf -!else - TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf - AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLib= Null.inf !endif VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf UefiBootManagerLib|MdeModulePkg/Library/UefiBootManagerLib/UefiBootManag= erLib.inf @@ -225,10 +216,6 @@ MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAll= ocationLib.inf CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf =20 -!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf -!endif - [LibraryClasses.ARM] ArmSoftFloatLib|ArmPkg/Library/ArmSoftFloatLib/ArmSoftFloatLib.inf =20 @@ -323,7 +310,7 @@ gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiACPIReclaimMemory|0 gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiACPIMemoryNVS|0 gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiReservedMemoryType|0 -!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE +!if $(CONFIG_SECURE_BOOT_ENABLE) =3D=3D TRUE gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesData|600 gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesCode|400 gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiBootServicesCode|1500 @@ -336,7 +323,7 @@ gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiLoaderCode|20 gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiLoaderData|0 =20 -!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE +!if $(CONFIG_SECURE_BOOT_ENABLE) =3D=3D TRUE # override the default values from SecurityPkg to ensure images from all= sources are verified in secure boot gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x04 gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy|0x04 diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc index 71d3fb252f..635309c346 100644 --- a/ArmVirtPkg/ArmVirtQemu.dsc +++ b/ArmVirtPkg/ArmVirtQemu.dsc @@ -36,10 +36,11 @@ DEFINE CONFIG_HTTP_BOOT_ENABLE =3D FALSE DEFINE CONFIG_NETWORK_IP6_ENABLE =3D FALSE DEFINE CONFIG_TLS_ENABLE =3D FALSE - DEFINE SECURE_BOOT_ENABLE =3D FALSE + DEFINE CONFIG_SECURE_BOOT_ENABLE =3D FALSE =20 !include ArmVirtPkg/ArmVirt.dsc.inc !include ConfigPkg/Network/Network.dsc.inc +!include ConfigPkg/Security/Security.dsc.inc =20 [LibraryClasses.common] ArmLib|ArmPkg/Library/ArmLib/ArmBaseLib.inf @@ -257,15 +258,6 @@ NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf } -!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE - MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf { - - NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificatio= nLib.inf - } - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDx= e.inf -!else - MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf -!endif MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntim= eDxe.inf diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuF= vMain.fdf.inc index 504fdf5fa9..9cff352416 100644 --- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc +++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc @@ -45,6 +45,7 @@ READ_LOCK_CAP =3D TRUE READ_LOCK_STATUS =3D TRUE =20 !include ConfigPkg/Network/Network.fdf.inc +!include ConfigPkg/Security/Security.fdf.inc =20 INF MdeModulePkg/Core/Dxe/DxeMain.inf INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKerne= l.dsc index db62c1d611..59ad54c3fb 100644 --- a/ArmVirtPkg/ArmVirtQemuKernel.dsc +++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc @@ -35,11 +35,12 @@ # DEFINE CONFIG_HTTP_BOOT_ENABLE =3D FALSE DEFINE CONFIG_NETWORK_IP6_ENABLE =3D FALSE + DEFINE CONFIG_SECURE_BOOT_ENABLE =3D FALSE DEFINE CONFIG_TLS_ENABLE =3D FALSE - DEFINE SECURE_BOOT_ENABLE =3D FALSE =20 !include ArmVirtPkg/ArmVirt.dsc.inc !include ConfigPkg/Network/Network.dsc.inc +!include ConfigPkg/Security/Security.dsc.inc =20 [LibraryClasses.common] ArmLib|ArmPkg/Library/ArmLib/ArmBaseLib.inf @@ -248,15 +249,6 @@ NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf } -!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE - MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf { - - NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificatio= nLib.inf - } - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDx= e.inf -!else - MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf -!endif MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntim= eDxe.inf --=20 2.11.0 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel