From patchwork Wed Sep 20 17:27:55 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Leif Lindholm X-Patchwork-Id: 113164 Delivered-To: patch@linaro.org Received: by 10.80.163.150 with SMTP id s22csp926125edb; Wed, 20 Sep 2017 10:28:21 -0700 (PDT) X-Received: by 10.98.36.132 with SMTP id k4mr2948827pfk.148.1505928501138; Wed, 20 Sep 2017 10:28:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1505928501; cv=none; d=google.com; s=arc-20160816; b=fn7o/KgqI1lH265zFroQuDWMDyD8qW2Y9gRC1lC/sB60aHuVuPWuBWbhwbQcx67frV 4RODdijRjrH2O8IF793wnFMS73trkXFLRgsp1IsQIuILCUkrCkVhwOIdoYBs2Oc/22ev DQqMuKw2O/DPeBNwtXACJfQDgnLeYi20rhOMOn/bmET6u8S/CSWe+FzoDLLwgpubWg1q X4wj33y1yVut7MuWdVuqrEHvguln5SXM+I1yRcRh64Lcx1UF+v8oYem64pIdu9UeEfSR NGILCGqRentiyRcHzs0hmHbXhnccIc3PSkR/RJ1ChZsC7jZooAEkNR/c7qMb/rCHnYsX OkAw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:cc :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:dkim-signature:delivered-to:arc-authentication-results; bh=LIlbeZbmIqc+OvpJFgqDoVYWwjg8IfOzllJIGzBsLP8=; b=Er9n3j6VuC0y8n1Kj0+AQB+KLVBPhGSMAHUizBZVl4T0rSm7IRT0odUwUmI59NGqXE /u/edwPCC47Ok591Rk6DhGbSHryUaXBQMalcxxsEGvyjwdO2mcItNMQDDp2vTykChJo8 g9d9iiFbBooyLJ2IcaFE8Kz6kiYgN8BDhSqRaa504jpWKnq9LoRG8suV17IWJZrL7cuO TUsHSDU4MAtyUBHIsu781UFBi3rGLVmM7SlvkUW3gJjfoqjXPjrhfiRlG/n+hbEoP3VH RA7arVAz9Fh61mxW7P1q4oUf3Mqtevy3+xqV9eIKvXxsUV1u+YdTb0OMqRLU/3oy9ymA EdJQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=eESfZuz1; spf=pass (google.com: best guess record for domain of edk2-devel-bounces@lists.01.org designates 2001:19d0:306:5::1 as permitted sender) smtp.mailfrom=edk2-devel-bounces@lists.01.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from ml01.01.org (ml01.01.org. [2001:19d0:306:5::1]) by mx.google.com with ESMTPS id p33si1650804pld.547.2017.09.20.10.28.20 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 20 Sep 2017 10:28:21 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of edk2-devel-bounces@lists.01.org designates 2001:19d0:306:5::1 as permitted sender) client-ip=2001:19d0:306:5::1; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=eESfZuz1; spf=pass (google.com: best guess record for domain of edk2-devel-bounces@lists.01.org designates 2001:19d0:306:5::1 as permitted sender) smtp.mailfrom=edk2-devel-bounces@lists.01.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id A2A6A21D046AB; Wed, 20 Sep 2017 10:25:05 -0700 (PDT) X-Original-To: edk2-devel@lists.01.org Delivered-To: edk2-devel@lists.01.org Received: from mail-wm0-x22e.google.com (mail-wm0-x22e.google.com [IPv6:2a00:1450:400c:c09::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 3E86021D046AB for ; Wed, 20 Sep 2017 10:25:04 -0700 (PDT) Received: by mail-wm0-x22e.google.com with SMTP id 13so9222322wmq.2 for ; Wed, 20 Sep 2017 10:28:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=8Klr0NHp9aoK3ME5zcaC+M1Bc0bOjoxhww4xMkDzfT0=; b=eESfZuz1l1bqNJC3MUfKb5y4CFR/DkG7NeEc6H3ZWPxjZzH1UM9D3TzXulA2v5zPob cEuNZB00qA/eWvCsmafBRshnWoqwTB/KJznwrtDGjpDe3JbX8qK5N5qQMe6Cq2Q/plrQ djCU/Xp6zvzAzN0oWJmAyunMJhOHJu4ZGzPbo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=8Klr0NHp9aoK3ME5zcaC+M1Bc0bOjoxhww4xMkDzfT0=; b=n/DAcl9ynIa6961q5Q6Ab2Ks/Exao4ovte0PHVmqvsBQzgz9SekHAFv0qHGtPwBZOr i+Y2g8CEDvfBw8pRgWRldvlxpW6bMM+zH+eTXDUjJcnNeaNCfoP1JAbCzlGYDP4fo/eB cIKoZNhQVXPHibCP9PMX9q8I5LQigWK5gD4F/xGMX7MFTuKSxPOHHBT+NaHjFK9pB/Hk OVhAGH99Zx5f5hhnSMh+h4R2kH7v90ff6YydiX2O0vt7KtAQb0vEscWGlHayclSVbdmk W26B1UmrhDCnJW9tp2NohZQ3Sw9scZKdjprNts48wvYyPM+M5Bun4nt4dEhXrWlkF5o6 XAzg== X-Gm-Message-State: AHPjjUiEapogw4F4qU/huGRl0jYnBt5Ler1csXQbBfSYtAsMIFmEWC4H hf3NKX0hQEqOTsNs5NGzq4CeKwf+Agg= X-Google-Smtp-Source: AOwi7QAl+1UNUFtq7d6CiHiHQ0GiPc5OWWGsHnn38LGpuqf4vSBNXaiaw1smHvmlIsBSHaDOox7Idw== X-Received: by 10.28.65.213 with SMTP id o204mr4760892wma.139.1505928488510; Wed, 20 Sep 2017 10:28:08 -0700 (PDT) Received: from vanye.hemma.eciton.net (cpc92316-cmbg19-2-0-cust118.5-4.cable.virginm.net. [82.12.0.119]) by smtp.gmail.com with ESMTPSA id j65sm1920429wmj.3.2017.09.20.10.28.06 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 20 Sep 2017 10:28:07 -0700 (PDT) From: Leif Lindholm To: edk2-devel@lists.01.org Date: Wed, 20 Sep 2017 18:27:55 +0100 Message-Id: <20170920172755.22767-7-leif.lindholm@linaro.org> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20170920172755.22767-1-leif.lindholm@linaro.org> References: <20170920172755.22767-1-leif.lindholm@linaro.org> Subject: [edk2] [RFC 6/6] OvmfPkg: use ConfigPkg for common security items X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Michael D Kinney , Jordan Justen , Laszlo Ersek , Andrew Fish , Ard Biesheuvel MIME-Version: 1.0 Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" Remove boilerplate from the Ovmf platforms by including ConfigPkg/Security/Security.{dsc|fdf}.inc. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Leif Lindholm --- OvmfPkg/OvmfPkgIa32.dsc | 25 ++++--------------------- OvmfPkg/OvmfPkgIa32.fdf | 4 +--- OvmfPkg/OvmfPkgIa32X64.dsc | 23 +++-------------------- OvmfPkg/OvmfPkgIa32X64.fdf | 4 +--- OvmfPkg/OvmfPkgX64.dsc | 25 ++++--------------------- OvmfPkg/OvmfPkgX64.fdf | 4 +--- 6 files changed, 14 insertions(+), 71 deletions(-) -- 2.11.0 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 99175155a2..c450733d7c 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -36,8 +36,8 @@ # DEFINE CONFIG_HTTP_BOOT_ENABLE = FALSE DEFINE CONFIG_NETWORK_IP6_ENABLE = FALSE + DEFINE CONFIG_SECURE_BOOT_ENABLE = FALSE DEFINE CONFIG_TLS_ENABLE = FALSE - DEFINE SECURE_BOOT_ENABLE = FALSE DEFINE SMM_REQUIRE = FALSE # @@ -60,6 +60,7 @@ !endif !include ConfigPkg/Network/Network.dsc.inc +!include ConfigPkg/Security/Security.dsc.inc [BuildOptions] GCC:*_UNIXGCC_*_CC_FLAGS = -DMDEPKG_NDEBUG @@ -164,13 +165,8 @@ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf -!if $(SECURE_BOOT_ENABLE) == TRUE +!if $(CONFIG_SECURE_BOOT_ENABLE) == TRUE PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf - TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf - AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf -!else - TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf - AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf !endif VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf @@ -460,7 +456,7 @@ gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmStackSize|0x4000 !endif -!if $(SECURE_BOOT_ENABLE) == TRUE +!if $(CONFIG_SECURE_BOOT_ENABLE) == TRUE gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00 !endif @@ -585,15 +581,6 @@ MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf -!if $(SECURE_BOOT_ENABLE) == TRUE - MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf { - - NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf - } -!else - MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf -!endif - MdeModulePkg/Universal/EbcDxe/EbcDxe.inf PcAtChipsetPkg/8259InterruptControllerDxe/8259.inf UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf @@ -759,10 +746,6 @@ } !endif -!if $(SECURE_BOOT_ENABLE) == TRUE - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf -!endif - OvmfPkg/PlatformDxe/Platform.inf OvmfPkg/IoMmuDxe/IoMmuDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf index 68438afc13..dfe4e78568 100644 --- a/OvmfPkg/OvmfPkgIa32.fdf +++ b/OvmfPkg/OvmfPkgIa32.fdf @@ -230,9 +230,7 @@ INF OvmfPkg/XenIoPciDxe/XenIoPciDxe.inf INF OvmfPkg/XenBusDxe/XenBusDxe.inf INF OvmfPkg/XenPvBlkDxe/XenPvBlkDxe.inf -!if $(SECURE_BOOT_ENABLE) == TRUE - INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf -!endif +!include ConfigPkg/Security/Security.fdf.inc INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf INF MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 0e4c86d5bc..106de22bdc 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -36,8 +36,8 @@ # DEFINE CONFIG_HTTP_BOOT_ENABLE = FALSE DEFINE CONFIG_NETWORK_IP6_ENABLE = FALSE + DEFINE CONFIG_SECURE_BOOT_ENABLE = FALSE DEFINE CONFIG_TLS_ENABLE = FALSE - DEFINE SECURE_BOOT_ENABLE = FALSE DEFINE SMM_REQUIRE = FALSE # @@ -60,6 +60,7 @@ !endif !include ConfigPkg/Network/Network.dsc.inc +!include ConfigPkg/Security/Security.dsc.inc [BuildOptions] GCC:*_UNIXGCC_*_CC_FLAGS = -DMDEPKG_NDEBUG @@ -171,11 +172,6 @@ !if $(SECURE_BOOT_ENABLE) == TRUE PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf - TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf - AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf -!else - TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf - AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf !endif VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf @@ -466,7 +462,7 @@ gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmStackSize|0x4000 !endif -!if $(SECURE_BOOT_ENABLE) == TRUE +!if $(CONFIG_SECURE_BOOT_ENABLE) == TRUE gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00 !endif @@ -594,15 +590,6 @@ MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf -!if $(SECURE_BOOT_ENABLE) == TRUE - MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf { - - NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf - } -!else - MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf -!endif - MdeModulePkg/Universal/EbcDxe/EbcDxe.inf PcAtChipsetPkg/8259InterruptControllerDxe/8259.inf UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf @@ -768,10 +755,6 @@ } !endif -!if $(SECURE_BOOT_ENABLE) == TRUE - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf -!endif - OvmfPkg/PlatformDxe/Platform.inf OvmfPkg/AmdSevDxe/AmdSevDxe.inf OvmfPkg/IoMmuDxe/IoMmuDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf index ec91c0b74a..51846f3e1b 100644 --- a/OvmfPkg/OvmfPkgIa32X64.fdf +++ b/OvmfPkg/OvmfPkgIa32X64.fdf @@ -231,9 +231,7 @@ INF OvmfPkg/XenIoPciDxe/XenIoPciDxe.inf INF OvmfPkg/XenBusDxe/XenBusDxe.inf INF OvmfPkg/XenPvBlkDxe/XenPvBlkDxe.inf -!if $(SECURE_BOOT_ENABLE) == TRUE - INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf -!endif +!include ConfigPkg/Security/Security.fdf.inc INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf INF MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 8a600f8051..0564936d2b 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -36,8 +36,8 @@ # DEFINE CONFIG_HTTP_BOOT_ENABLE = FALSE DEFINE CONFIG_NETWORK_IP6_ENABLE = FALSE + DEFINE CONFIG_SECURE_BOOT_ENABLE = FALSE DEFINE CONFIG_TLS_ENABLE = FALSE - DEFINE SECURE_BOOT_ENABLE = FALSE DEFINE SMM_REQUIRE = FALSE # @@ -60,6 +60,7 @@ !endif !include ConfigPkg/Network/Network.dsc.inc +!include ConfigPkg/Security/Security.dsc.inc [BuildOptions] GCC:*_UNIXGCC_*_CC_FLAGS = -DMDEPKG_NDEBUG @@ -169,13 +170,8 @@ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf -!if $(SECURE_BOOT_ENABLE) == TRUE +!if $(CONFIG_SECURE_BOOT_ENABLE) == TRUE PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf - TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf - AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf -!else - TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf - AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf !endif VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf @@ -465,7 +461,7 @@ gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmStackSize|0x4000 !endif -!if $(SECURE_BOOT_ENABLE) == TRUE +!if $(CONFIG_SECURE_BOOT_ENABLE) == TRUE gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00 !endif @@ -592,15 +588,6 @@ MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf -!if $(SECURE_BOOT_ENABLE) == TRUE - MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf { - - NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf - } -!else - MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf -!endif - MdeModulePkg/Universal/EbcDxe/EbcDxe.inf PcAtChipsetPkg/8259InterruptControllerDxe/8259.inf UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf @@ -766,10 +753,6 @@ } !endif -!if $(SECURE_BOOT_ENABLE) == TRUE - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf -!endif - OvmfPkg/PlatformDxe/Platform.inf OvmfPkg/AmdSevDxe/AmdSevDxe.inf OvmfPkg/IoMmuDxe/IoMmuDxe.inf diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index be22048f66..97b93bfba4 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -231,9 +231,7 @@ INF OvmfPkg/XenIoPciDxe/XenIoPciDxe.inf INF OvmfPkg/XenBusDxe/XenBusDxe.inf INF OvmfPkg/XenPvBlkDxe/XenPvBlkDxe.inf -!if $(SECURE_BOOT_ENABLE) == TRUE - INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf -!endif +!include ConfigPkg/Security/Security.fdf.inc INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf INF MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf