From patchwork Wed Sep 20 17:27:54 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Leif Lindholm <leif.lindholm@linaro.org>
X-Patchwork-Id: 113163
Delivered-To: patch@linaro.org
Received: by 10.80.163.150 with SMTP id s22csp926067edb;
 Wed, 20 Sep 2017 10:28:17 -0700 (PDT)
X-Received: by 10.98.56.74 with SMTP id f71mr2939462pfa.44.1505928497349;
 Wed, 20 Sep 2017 10:28:17 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1505928497; cv=none;
 d=google.com; s=arc-20160816;
 b=sdzlgCHlhmmi/3BLjljLL2lrKXranq7ZyC6IRxMwVhSQkimLInIsDnPyavx9kGjXE5
 oR0Tc1hNHjjAGRyI/rP/zwFMtAghLIcCFIWuTf8O0qFbvk8ANdjfpRv/9AtOXSmXiT/P
 ejAmF1t19n0OhWD2P/U1MXtjQ1CCFnGNa3WrG56EtEnKgq+Oz9jeDIGmJGL3RUUgOm1U
 zWmo1SGFvIzOzy3p/x7JgSciK0jcNGczdmuNsSc/ajMdifPfGAKjaQo2cQ2TB7v7Lmtx
 0kRtWCnCBLjgyk7VB3tqKFm55Al2crb3W/R9x8w3DtKY54LWPlgH/l1JRy9PSew3aTff
 5Ntw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:content-transfer-encoding:mime-version:cc
 :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
 :list-id:precedence:subject:references:in-reply-to:message-id:date
 :to:from:dkim-signature:delivered-to:arc-authentication-results;
 bh=Y+5yrAq9JZgKAnx0JCQtQNhw93yvdsU+OGBj8g019UQ=;
 b=Aok/Yo85eZzllRe2k4HfQqM/X3pscsY9JpGkcF6uY15spQU15zXGrPWZRJA7i0R8y0
 cU8M4SBuliXny5jptgcrI3aRlMGT4Cs9O6XY/lFlZxCkD62fCv+PU3hOOrEWAZ560mBK
 FmJgRQv8UgL7ESJqJR1qaUekzGViVo+LiYMPyvb43Dvl87K+K+a36jonKtoT52gBjV1b
 Pn3QlImO2g7a8YUpLU8y0P7vOJB5F7piIQdfJkGp6s1ohAPmF6hwitUo7e/nVFQLf0Wr
 mEhZTbtufCFFBhwJBp+n4TC0KJXy8mE3MroBooH7C40gzMkPLee5aol1+0G4htPtJsMt
 KhcA==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=neutral (body hash did not verify) header.i=@linaro.org
 header.s=google header.b=Q4T/50vK; 
 spf=pass (google.com: best guess record for domain of
 edk2-devel-bounces@lists.01.org designates 198.145.21.10 as
 permitted sender)
 smtp.mailfrom=edk2-devel-bounces@lists.01.org; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <edk2-devel-bounces@lists.01.org>
Received: from ml01.01.org (ml01.01.org. [198.145.21.10])
 by mx.google.com with ESMTPS id
 f14si3498223pgt.803.2017.09.20.10.28.17
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Wed, 20 Sep 2017 10:28:17 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of
 edk2-devel-bounces@lists.01.org designates 198.145.21.10 as
 permitted sender) client-ip=198.145.21.10; 
Authentication-Results: mx.google.com;
 dkim=neutral (body hash did not verify) header.i=@linaro.org
 header.s=google header.b=Q4T/50vK; 
 spf=pass (google.com: best guess record for domain of
 edk2-devel-bounces@lists.01.org designates 198.145.21.10 as
 permitted sender)
 smtp.mailfrom=edk2-devel-bounces@lists.01.org; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from [127.0.0.1] (localhost [IPv6:::1])
 by ml01.01.org (Postfix) with ESMTP id 6692721D046DC;
 Wed, 20 Sep 2017 10:25:03 -0700 (PDT)
X-Original-To: edk2-devel@lists.01.org
Delivered-To: edk2-devel@lists.01.org
Received: from mail-wr0-x22f.google.com (mail-wr0-x22f.google.com
 [IPv6:2a00:1450:400c:c0c::22f])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128
 bits)) (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 4F14B20945BF5
 for <edk2-devel@lists.01.org>; Wed, 20 Sep 2017 10:25:02 -0700 (PDT)
Received: by mail-wr0-x22f.google.com with SMTP id c23so2738804wrg.9
 for <edk2-devel@lists.01.org>; Wed, 20 Sep 2017 10:28:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id:in-reply-to:references;
 bh=T3E/XchJsON2OwULJBEYPdyyC75SE9GM0QiYMd0i9UM=;
 b=Q4T/50vK5jXwumcWw1eVCk9pJ7lUrUjRFw8VR7JKXPXjX4QCJVoXYzwGKJJx0kJTns
 gnQh2uR9NLoug+JOXea0BebZwcuw06oK3praW5e5+Lj9zerSeMBZ5QMwhfHazCIqEWqj
 5B80gepdqiPKcYJeGhD1RzIS+TueTBF+wMGB4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references;
 bh=T3E/XchJsON2OwULJBEYPdyyC75SE9GM0QiYMd0i9UM=;
 b=N1/mrxwCKD02syO99opwfPfvLRTav8GWZFgVRculORBkaEvrLEWhUJMYG2FKNhk16n
 XsXRu52F5Oa/yQDptJaFo8V9GwwNCgHbRSdsE3ONsO4cHjvO81ECiwniHvUE2Pjfihs2
 QcB2XJtin9MuM0pGZHoNOXi4jlc7iOBVCUhRkg6E15UH3qs0jKB4Dk1Y67O8xF/Ho8ua
 IKLbGQk2mMpo3stw3otKoIntzcgJqQJePiHJrq3PYzReWPQTFa5pIWIInY567siDd0W0
 +23jJi2eXaTg4xmghuupneYz01cDWxlDuJd0/LiEONeNto3HTnyGfz5RbPcUbry4TkyI
 7eKA==
X-Gm-Message-State: AHPjjUhRIOSXO1xA55enwzDBJppEFrgWAbK5H8nc9ahqOq3PHZuaXA+8
 iOwBnWMZQC9nhYk+P9xS0F/kJTlg4Nc=
X-Google-Smtp-Source: AOwi7QDn7GTPHPYkkUPOIZ7loIwXBgUEmjG7mZN2FhV6OQrWqDQfORIPKkw3ADoheAU+tPk8tyDBiA==
X-Received: by 10.223.155.154 with SMTP id d26mr5680913wrc.149.1505928486518; 
 Wed, 20 Sep 2017 10:28:06 -0700 (PDT)
Received: from vanye.hemma.eciton.net
 (cpc92316-cmbg19-2-0-cust118.5-4.cable.virginm.net. [82.12.0.119])
 by smtp.gmail.com with ESMTPSA id
 j65sm1920429wmj.3.2017.09.20.10.28.05
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Wed, 20 Sep 2017 10:28:05 -0700 (PDT)
From: Leif Lindholm <leif.lindholm@linaro.org>
To: edk2-devel@lists.01.org
Date: Wed, 20 Sep 2017 18:27:54 +0100
Message-Id: <20170920172755.22767-6-leif.lindholm@linaro.org>
X-Mailer: git-send-email 2.11.0
In-Reply-To: <20170920172755.22767-1-leif.lindholm@linaro.org>
References: <20170920172755.22767-1-leif.lindholm@linaro.org>
Subject: [edk2] [RFC 5/6] ArmVirtPkg: use ConfigPkg for common security items
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
Cc: Michael D Kinney <michael.d.kinney@intel.com>,
 Jordan Justen <jordan.l.justen@intel.com>,
 Laszlo Ersek <lersek@redhat.com>, Andrew Fish <afish@apple.com>,
 Ard Biesheuvel <ard.biesheuvel@linaro.org>
MIME-Version: 1.0
Errors-To: edk2-devel-bounces@lists.01.org
Sender: "edk2-devel" <edk2-devel-bounces@lists.01.org>

Remove boilerplate from the QEMU platforms by including
ConfigPkg/Security/Security.{dsc|fdf}.inc.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
---
 ArmVirtPkg/ArmVirt.dsc.inc           | 19 +++----------------
 ArmVirtPkg/ArmVirtQemu.dsc           | 12 ++----------
 ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc |  1 +
 ArmVirtPkg/ArmVirtQemuKernel.dsc     | 12 ++----------
 4 files changed, 8 insertions(+), 36 deletions(-)

-- 
2.11.0

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
index a9fdddcd6c..5c8be2d689 100644
--- a/ArmVirtPkg/ArmVirt.dsc.inc
+++ b/ArmVirtPkg/ArmVirt.dsc.inc
@@ -131,18 +131,9 @@
   #
   # Secure Boot dependencies
   #
-!if $(SECURE_BOOT_ENABLE) == TRUE
-  IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
-  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
-  TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
-  AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
-  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
-
+!if $(CONFIG_SECURE_BOOT_ENABLE) == TRUE
   # re-use the UserPhysicalPresent() dummy implementation from the ovmf tree
   PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
-!else
-  TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
-  AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
 !endif
   VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
   UefiBootManagerLib|MdeModulePkg/Library/UefiBootManagerLib/UefiBootManagerLib.inf
@@ -225,10 +216,6 @@
   MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf
   CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf
 
-!if $(SECURE_BOOT_ENABLE) == TRUE
-  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
-!endif
-
 [LibraryClasses.ARM]
   ArmSoftFloatLib|ArmPkg/Library/ArmSoftFloatLib/ArmSoftFloatLib.inf
 
@@ -323,7 +310,7 @@
   gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiACPIReclaimMemory|0
   gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiACPIMemoryNVS|0
   gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiReservedMemoryType|0
-!if $(SECURE_BOOT_ENABLE) == TRUE
+!if $(CONFIG_SECURE_BOOT_ENABLE) == TRUE
   gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesData|600
   gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesCode|400
   gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiBootServicesCode|1500
@@ -336,7 +323,7 @@
   gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiLoaderCode|20
   gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiLoaderData|0
 
-!if $(SECURE_BOOT_ENABLE) == TRUE
+!if $(CONFIG_SECURE_BOOT_ENABLE) == TRUE
   # override the default values from SecurityPkg to ensure images from all sources are verified in secure boot
   gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x04
   gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy|0x04
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index 71d3fb252f..635309c346 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -36,10 +36,11 @@
   DEFINE CONFIG_HTTP_BOOT_ENABLE        = FALSE
   DEFINE CONFIG_NETWORK_IP6_ENABLE      = FALSE
   DEFINE CONFIG_TLS_ENABLE              = FALSE
-  DEFINE SECURE_BOOT_ENABLE      = FALSE
+  DEFINE CONFIG_SECURE_BOOT_ENABLE      = FALSE
 
 !include ArmVirtPkg/ArmVirt.dsc.inc
 !include ConfigPkg/Network/Network.dsc.inc
+!include ConfigPkg/Security/Security.dsc.inc
 
 [LibraryClasses.common]
   ArmLib|ArmPkg/Library/ArmLib/ArmBaseLib.inf
@@ -257,15 +258,6 @@
     <LibraryClasses>
       NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf
   }
-!if $(SECURE_BOOT_ENABLE) == TRUE
-  MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {
-    <LibraryClasses>
-      NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
-  }
-  SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
-!else
-  MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
-!endif
   MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
   MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
   MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
index 504fdf5fa9..9cff352416 100644
--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
+++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
@@ -45,6 +45,7 @@ READ_LOCK_CAP      = TRUE
 READ_LOCK_STATUS   = TRUE
 
 !include ConfigPkg/Network/Network.fdf.inc
+!include ConfigPkg/Security/Security.fdf.inc
 
   INF MdeModulePkg/Core/Dxe/DxeMain.inf
   INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
index db62c1d611..59ad54c3fb 100644
--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
@@ -35,11 +35,12 @@
   #
   DEFINE CONFIG_HTTP_BOOT_ENABLE        = FALSE
   DEFINE CONFIG_NETWORK_IP6_ENABLE      = FALSE
+  DEFINE CONFIG_SECURE_BOOT_ENABLE      = FALSE
   DEFINE CONFIG_TLS_ENABLE              = FALSE
-  DEFINE SECURE_BOOT_ENABLE      = FALSE
 
 !include ArmVirtPkg/ArmVirt.dsc.inc
 !include ConfigPkg/Network/Network.dsc.inc
+!include ConfigPkg/Security/Security.dsc.inc
 
 [LibraryClasses.common]
   ArmLib|ArmPkg/Library/ArmLib/ArmBaseLib.inf
@@ -248,15 +249,6 @@
     <LibraryClasses>
       NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf
   }
-!if $(SECURE_BOOT_ENABLE) == TRUE
-  MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {
-    <LibraryClasses>
-      NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
-  }
-  SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
-!else
-  MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
-!endif
   MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
   MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
   MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf