From patchwork Wed Sep 20 17:27:53 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Leif Lindholm X-Patchwork-Id: 113162 Delivered-To: patch@linaro.org Received: by 10.80.163.150 with SMTP id s22csp926002edb; Wed, 20 Sep 2017 10:28:12 -0700 (PDT) X-Received: by 10.99.6.140 with SMTP id 134mr2805120pgg.199.1505928492042; Wed, 20 Sep 2017 10:28:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1505928492; cv=none; d=google.com; s=arc-20160816; b=ijMFRo10kljXrG8TfnNrksfenwVIA6m8us49LQK3EIAeho7rZXIvii5QOzXcodzVFh QwC0gAtcu9upOfkenG5VIbSIsOZzp3dCd8FiVu8bTzLobcpJ8MN9w65CE8auBjlRfRfM hbzmOj1L0POZL/m3t2F5g28GRHNdeQTZzPXndsTBw6ZqnB8jiADp8r3lMVXq3hIFRpkq 3/7BkJ6GL/j5hIOLJUu018fyJpjWgSZeB3juxzd6CeS1stjrXMR0sgMNVNntg1N8feNV K8OGvkBjmDCYiVTIotPwtUtGXJxmHaWoaF5jE9egvEYBQ6O4FegahmgYndRAjUvp+XWH qCVA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:cc :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:dkim-signature:delivered-to:arc-authentication-results; bh=CBjMxjHxDMrrMfweGclsea4xmwXI1htqlm8RmvNHqCQ=; b=Ifz7JP3KkVHml4+PyY4/Cgtk9PxRlhWc+RN6Lwz8ZJLe1tcMNEyoi+kxqQgANKO6Dw DPYGRJBYU6YVkgThYNMcnMXVBn6FNtjV70QUuGyVK/4VPRSyn8MFIU3g4YMAVRGjO/B0 dTjYYLyPn5qQddHOlcbkmfAFdiHvydwzOWgbF16TYjhw9gD3Mee6NgNx8sQIbszskffB WfvyeYBKSSkHPpcP39CdeofweWVOii8UnJ8yOpN7YfdGXO/qiP9KndG8fYzUCi5CQPC3 /05PuZ0NQjuMxZ4cV+bbBAzv5Xq2h0HJyY+icLtF5xcpF3tpbh+gj9+/NKu8unViE1Yq /gtg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=L4GHvZZC; spf=pass (google.com: best guess record for domain of edk2-devel-bounces@lists.01.org designates 198.145.21.10 as permitted sender) smtp.mailfrom=edk2-devel-bounces@lists.01.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from ml01.01.org (ml01.01.org. [198.145.21.10]) by mx.google.com with ESMTPS id j9si3515828pgs.702.2017.09.20.10.28.11 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 20 Sep 2017 10:28:12 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of edk2-devel-bounces@lists.01.org designates 198.145.21.10 as permitted sender) client-ip=198.145.21.10; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=L4GHvZZC; spf=pass (google.com: best guess record for domain of edk2-devel-bounces@lists.01.org designates 198.145.21.10 as permitted sender) smtp.mailfrom=edk2-devel-bounces@lists.01.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 0429221D046DF; Wed, 20 Sep 2017 10:25:02 -0700 (PDT) X-Original-To: edk2-devel@lists.01.org Delivered-To: edk2-devel@lists.01.org Received: from mail-wm0-x235.google.com (mail-wm0-x235.google.com [IPv6:2a00:1450:400c:c09::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id B74C121D046D7 for ; Wed, 20 Sep 2017 10:25:00 -0700 (PDT) Received: by mail-wm0-x235.google.com with SMTP id 13so9221954wmq.2 for ; Wed, 20 Sep 2017 10:28:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=pHlRgljo0XFT0yYBiAfxtNO7DSnFb9kzc9ts7TYZ0PQ=; b=L4GHvZZCKR8KTCzxgoNHeFIFtvVd6+fH/bzm3p3zYmh95FE22/g/Nfic1m80fCEk93 V1Sdx33g9NPRxBHXF6RwHys2zotXSUDbpevrRRdoeHEQLbthErg/y89fs+vkXp2DRX9y +M1FgSmKf0SdeeLhsOqYV2+/dHuHiuDQ7Ka7c= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=pHlRgljo0XFT0yYBiAfxtNO7DSnFb9kzc9ts7TYZ0PQ=; b=ZRFOM8EpU/YVbUwaurC7AyxyLT/gzNDZj/97Emr9NM49bHJK6shaTQvmiYza4M8JR/ a7J5nbDlcF+tiDx5cT4NVZ86VmHAMPmd4SklS+CR0C9etZ+4rKk9EE/UHwkUHgPw/LwG 2emq64OLwh2B+QoWdV9HJ1pg2duWT0gT2EmfaGc0OaqfHhAaYNPwtEpCUlAGlivNQNHM dKA6ysqEydNbdJZQW5+F8c7cbaM7dFUscFgQTLGSGNHrCTUSzIogHCSSLqpWtlewoH1o Rdho5u62cNpSVVRdRZNamw/TdpS2JndMUiDMnekbYAGd6oaTuwEPSbEnlKRRki/byaqN 0u0w== X-Gm-Message-State: AHPjjUh5K6RZ+wnSKPOeQ+IBcDlaCvraASG5WCZnVzRo+dEqZh1Y83u0 gAfuq4iASzWt85wubsL6z7P1ZMQwVeQ= X-Google-Smtp-Source: AOwi7QAnPzw64v4Jr2Z/caXQUtvZGBlrgIX5P8ZhqKgBOAjFerpognXDSPKqZaFDcEKv23TX106SrA== X-Received: by 10.28.12.65 with SMTP id 62mr5056967wmm.129.1505928485047; Wed, 20 Sep 2017 10:28:05 -0700 (PDT) Received: from vanye.hemma.eciton.net (cpc92316-cmbg19-2-0-cust118.5-4.cable.virginm.net. [82.12.0.119]) by smtp.gmail.com with ESMTPSA id j65sm1920429wmj.3.2017.09.20.10.28.03 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 20 Sep 2017 10:28:03 -0700 (PDT) From: Leif Lindholm To: edk2-devel@lists.01.org Date: Wed, 20 Sep 2017 18:27:53 +0100 Message-Id: <20170920172755.22767-5-leif.lindholm@linaro.org> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20170920172755.22767-1-leif.lindholm@linaro.org> References: <20170920172755.22767-1-leif.lindholm@linaro.org> Subject: [edk2] [RFC 4/6] ConfigPkg: add common Security settings X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Michael D Kinney , Jordan Justen , Laszlo Ersek , Andrew Fish , Ard Biesheuvel MIME-Version: 1.0 Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" Collate universal Secure Boot and crypto settings under Security/. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Leif Lindholm --- ConfigPkg/Security/Security.dsc.inc | 67 +++++++++++++++++++++++++++++++++++++ ConfigPkg/Security/Security.fdf.inc | 17 ++++++++++ 2 files changed, 84 insertions(+) create mode 100644 ConfigPkg/Security/Security.dsc.inc create mode 100644 ConfigPkg/Security/Security.fdf.inc -- 2.11.0 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel diff --git a/ConfigPkg/Security/Security.dsc.inc b/ConfigPkg/Security/Security.dsc.inc new file mode 100644 index 0000000000..88100c992d --- /dev/null +++ b/ConfigPkg/Security/Security.dsc.inc @@ -0,0 +1,67 @@ +## @file +# +# Copyright (c) 2017, Linaro ltd. All rights reserved.
+# +# This program and the accompanying materials are licensed and made available +# under the terms and conditions of the BSD License which accompanies this +# distribution. The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php +# +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +## + + +################################################################################ +# +# Library Class section +# +################################################################################ +[LibraryClasses.common] +!if $(CONFIG_SECURE_BOOT_ENABLE) == TRUE + AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf + TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf +# +!else +# + AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf + TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf +!endif + +[LibraryClasses.ARM, LibraryClasses.AARCH64] +!if $(CONFIG_SECURE_BOOT_ENABLE) == TRUE + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +!endif + +[LibraryClasses.common.DXE_RUNTIME_DRIVER] +!if $(CONFIG_SECURE_BOOT_ENABLE) == TRUE + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf +!endif + + +################################################################################ +# +# Pcd Section +# +################################################################################ +[PcdsFeatureFlag] + + +################################################################################ +# +# Components Section +# +################################################################################ +[Components] +!if $(CONFIG_SECURE_BOOT_ENABLE) == TRUE + MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf { + + NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf + } + SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf +!else + MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf +!endif diff --git a/ConfigPkg/Security/Security.fdf.inc b/ConfigPkg/Security/Security.fdf.inc new file mode 100644 index 0000000000..2a75446c9b --- /dev/null +++ b/ConfigPkg/Security/Security.fdf.inc @@ -0,0 +1,17 @@ +## @file +# +# Copyright (c) 2017, Linaro ltd. All rights reserved.
+# +# This program and the accompanying materials are licensed and made available +# under the terms and conditions of the BSD License which accompanies this +# distribution. The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php +# +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +## + +!if $(CONFIGURE_SECURE_BOOT_ENABLE) == TRUE + INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf +!endif