From nobody Thu Dec 26 12:10:23 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1505928501616851.3778560829624; Wed, 20 Sep 2017 10:28:21 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id A2A6A21D046AB; Wed, 20 Sep 2017 10:25:05 -0700 (PDT) Received: from mail-wm0-x22e.google.com (mail-wm0-x22e.google.com [IPv6:2a00:1450:400c:c09::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 3E86021D046AB for ; Wed, 20 Sep 2017 10:25:04 -0700 (PDT) Received: by mail-wm0-x22e.google.com with SMTP id 13so9222322wmq.2 for ; Wed, 20 Sep 2017 10:28:10 -0700 (PDT) Received: from vanye.hemma.eciton.net (cpc92316-cmbg19-2-0-cust118.5-4.cable.virginm.net. [82.12.0.119]) by smtp.gmail.com with ESMTPSA id j65sm1920429wmj.3.2017.09.20.10.28.06 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 20 Sep 2017 10:28:07 -0700 (PDT) X-Original-To: edk2-devel@lists.01.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=8Klr0NHp9aoK3ME5zcaC+M1Bc0bOjoxhww4xMkDzfT0=; b=eESfZuz1l1bqNJC3MUfKb5y4CFR/DkG7NeEc6H3ZWPxjZzH1UM9D3TzXulA2v5zPob cEuNZB00qA/eWvCsmafBRshnWoqwTB/KJznwrtDGjpDe3JbX8qK5N5qQMe6Cq2Q/plrQ djCU/Xp6zvzAzN0oWJmAyunMJhOHJu4ZGzPbo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=8Klr0NHp9aoK3ME5zcaC+M1Bc0bOjoxhww4xMkDzfT0=; b=n/DAcl9ynIa6961q5Q6Ab2Ks/Exao4ovte0PHVmqvsBQzgz9SekHAFv0qHGtPwBZOr i+Y2g8CEDvfBw8pRgWRldvlxpW6bMM+zH+eTXDUjJcnNeaNCfoP1JAbCzlGYDP4fo/eB cIKoZNhQVXPHibCP9PMX9q8I5LQigWK5gD4F/xGMX7MFTuKSxPOHHBT+NaHjFK9pB/Hk OVhAGH99Zx5f5hhnSMh+h4R2kH7v90ff6YydiX2O0vt7KtAQb0vEscWGlHayclSVbdmk W26B1UmrhDCnJW9tp2NohZQ3Sw9scZKdjprNts48wvYyPM+M5Bun4nt4dEhXrWlkF5o6 XAzg== X-Gm-Message-State: AHPjjUiEapogw4F4qU/huGRl0jYnBt5Ler1csXQbBfSYtAsMIFmEWC4H hf3NKX0hQEqOTsNs5NGzq4CeKwf+Agg= X-Google-Smtp-Source: AOwi7QAl+1UNUFtq7d6CiHiHQ0GiPc5OWWGsHnn38LGpuqf4vSBNXaiaw1smHvmlIsBSHaDOox7Idw== X-Received: by 10.28.65.213 with SMTP id o204mr4760892wma.139.1505928488510; Wed, 20 Sep 2017 10:28:08 -0700 (PDT) From: Leif Lindholm To: edk2-devel@lists.01.org Date: Wed, 20 Sep 2017 18:27:55 +0100 Message-Id: <20170920172755.22767-7-leif.lindholm@linaro.org> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20170920172755.22767-1-leif.lindholm@linaro.org> References: <20170920172755.22767-1-leif.lindholm@linaro.org> Subject: [edk2] [RFC 6/6] OvmfPkg: use ConfigPkg for common security items X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Michael D Kinney , Jordan Justen , Laszlo Ersek , Andrew Fish , Ard Biesheuvel MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Remove boilerplate from the Ovmf platforms by including ConfigPkg/Security/Security.{dsc|fdf}.inc. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Leif Lindholm --- OvmfPkg/OvmfPkgIa32.dsc | 25 ++++--------------------- OvmfPkg/OvmfPkgIa32.fdf | 4 +--- OvmfPkg/OvmfPkgIa32X64.dsc | 23 +++-------------------- OvmfPkg/OvmfPkgIa32X64.fdf | 4 +--- OvmfPkg/OvmfPkgX64.dsc | 25 ++++--------------------- OvmfPkg/OvmfPkgX64.fdf | 4 +--- 6 files changed, 14 insertions(+), 71 deletions(-) diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 99175155a2..c450733d7c 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -36,8 +36,8 @@ # DEFINE CONFIG_HTTP_BOOT_ENABLE =3D FALSE DEFINE CONFIG_NETWORK_IP6_ENABLE =3D FALSE + DEFINE CONFIG_SECURE_BOOT_ENABLE =3D FALSE DEFINE CONFIG_TLS_ENABLE =3D FALSE - DEFINE SECURE_BOOT_ENABLE =3D FALSE DEFINE SMM_REQUIRE =3D FALSE =20 # @@ -60,6 +60,7 @@ !endif =20 !include ConfigPkg/Network/Network.dsc.inc +!include ConfigPkg/Security/Security.dsc.inc =20 [BuildOptions] GCC:*_UNIXGCC_*_CC_FLAGS =3D -DMDEPKG_NDEBUG @@ -164,13 +165,8 @@ =20 IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf =20 -!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE +!if $(CONFIG_SECURE_BOOT_ENABLE) =3D=3D TRUE PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf - TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasure= mentLib.inf - AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf -!else - TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf - AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLib= Null.inf !endif VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf =20 @@ -460,7 +456,7 @@ gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmStackSize|0x4000 !endif =20 -!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE +!if $(CONFIG_SECURE_BOOT_ENABLE) =3D=3D TRUE gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00 !endif =20 @@ -585,15 +581,6 @@ =20 MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf =20 -!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE - MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf { - - NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificatio= nLib.inf - } -!else - MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf -!endif - MdeModulePkg/Universal/EbcDxe/EbcDxe.inf PcAtChipsetPkg/8259InterruptControllerDxe/8259.inf UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf @@ -759,10 +746,6 @@ } !endif =20 -!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDx= e.inf -!endif - OvmfPkg/PlatformDxe/Platform.inf OvmfPkg/IoMmuDxe/IoMmuDxe.inf =20 diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf index 68438afc13..dfe4e78568 100644 --- a/OvmfPkg/OvmfPkgIa32.fdf +++ b/OvmfPkg/OvmfPkgIa32.fdf @@ -230,9 +230,7 @@ INF OvmfPkg/XenIoPciDxe/XenIoPciDxe.inf INF OvmfPkg/XenBusDxe/XenBusDxe.inf INF OvmfPkg/XenPvBlkDxe/XenPvBlkDxe.inf =20 -!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE - INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon= figDxe.inf -!endif +!include ConfigPkg/Security/Security.fdf.inc =20 INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf INF MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRun= timeDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 0e4c86d5bc..106de22bdc 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -36,8 +36,8 @@ # DEFINE CONFIG_HTTP_BOOT_ENABLE =3D FALSE DEFINE CONFIG_NETWORK_IP6_ENABLE =3D FALSE + DEFINE CONFIG_SECURE_BOOT_ENABLE =3D FALSE DEFINE CONFIG_TLS_ENABLE =3D FALSE - DEFINE SECURE_BOOT_ENABLE =3D FALSE DEFINE SMM_REQUIRE =3D FALSE =20 # @@ -60,6 +60,7 @@ !endif =20 !include ConfigPkg/Network/Network.dsc.inc +!include ConfigPkg/Security/Security.dsc.inc =20 [BuildOptions] GCC:*_UNIXGCC_*_CC_FLAGS =3D -DMDEPKG_NDEBUG @@ -171,11 +172,6 @@ =20 !if $(SECURE_BOOT_ENABLE) =3D=3D TRUE PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf - TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasure= mentLib.inf - AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf -!else - TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf - AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLib= Null.inf !endif VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf =20 @@ -466,7 +462,7 @@ gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmStackSize|0x4000 !endif =20 -!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE +!if $(CONFIG_SECURE_BOOT_ENABLE) =3D=3D TRUE gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00 !endif =20 @@ -594,15 +590,6 @@ =20 MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf =20 -!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE - MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf { - - NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificatio= nLib.inf - } -!else - MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf -!endif - MdeModulePkg/Universal/EbcDxe/EbcDxe.inf PcAtChipsetPkg/8259InterruptControllerDxe/8259.inf UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf @@ -768,10 +755,6 @@ } !endif =20 -!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDx= e.inf -!endif - OvmfPkg/PlatformDxe/Platform.inf OvmfPkg/AmdSevDxe/AmdSevDxe.inf OvmfPkg/IoMmuDxe/IoMmuDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf index ec91c0b74a..51846f3e1b 100644 --- a/OvmfPkg/OvmfPkgIa32X64.fdf +++ b/OvmfPkg/OvmfPkgIa32X64.fdf @@ -231,9 +231,7 @@ INF OvmfPkg/XenIoPciDxe/XenIoPciDxe.inf INF OvmfPkg/XenBusDxe/XenBusDxe.inf INF OvmfPkg/XenPvBlkDxe/XenPvBlkDxe.inf =20 -!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE - INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon= figDxe.inf -!endif +!include ConfigPkg/Security/Security.fdf.inc =20 INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf INF MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRun= timeDxe.inf diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 8a600f8051..0564936d2b 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -36,8 +36,8 @@ # DEFINE CONFIG_HTTP_BOOT_ENABLE =3D FALSE DEFINE CONFIG_NETWORK_IP6_ENABLE =3D FALSE + DEFINE CONFIG_SECURE_BOOT_ENABLE =3D FALSE DEFINE CONFIG_TLS_ENABLE =3D FALSE - DEFINE SECURE_BOOT_ENABLE =3D FALSE DEFINE SMM_REQUIRE =3D FALSE =20 # @@ -60,6 +60,7 @@ !endif =20 !include ConfigPkg/Network/Network.dsc.inc +!include ConfigPkg/Security/Security.dsc.inc =20 [BuildOptions] GCC:*_UNIXGCC_*_CC_FLAGS =3D -DMDEPKG_NDEBUG @@ -169,13 +170,8 @@ =20 IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf =20 -!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE +!if $(CONFIG_SECURE_BOOT_ENABLE) =3D=3D TRUE PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf - TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasure= mentLib.inf - AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf -!else - TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf - AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLib= Null.inf !endif VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf =20 @@ -465,7 +461,7 @@ gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmStackSize|0x4000 !endif =20 -!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE +!if $(CONFIG_SECURE_BOOT_ENABLE) =3D=3D TRUE gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00 !endif =20 @@ -592,15 +588,6 @@ =20 MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf =20 -!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE - MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf { - - NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificatio= nLib.inf - } -!else - MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf -!endif - MdeModulePkg/Universal/EbcDxe/EbcDxe.inf PcAtChipsetPkg/8259InterruptControllerDxe/8259.inf UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf @@ -766,10 +753,6 @@ } !endif =20 -!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDx= e.inf -!endif - OvmfPkg/PlatformDxe/Platform.inf OvmfPkg/AmdSevDxe/AmdSevDxe.inf OvmfPkg/IoMmuDxe/IoMmuDxe.inf diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index be22048f66..97b93bfba4 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -231,9 +231,7 @@ INF OvmfPkg/XenIoPciDxe/XenIoPciDxe.inf INF OvmfPkg/XenBusDxe/XenBusDxe.inf INF OvmfPkg/XenPvBlkDxe/XenPvBlkDxe.inf =20 -!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE - INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon= figDxe.inf -!endif +!include ConfigPkg/Security/Security.fdf.inc =20 INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf INF MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRun= timeDxe.inf --=20 2.11.0 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel