From nobody Sat Feb  7 04:40:41 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+92120+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)  smtp.mailfrom=bounce+27952+92120+1787277+3901457@groups.io
ARC-Seal: i=1; a=rsa-sha256; t=1659629493; cv=none;
	d=zohomail.com; s=zohoarc;
	b=QotBwb1U9RB3T5d9u+LWanRlh1s7YzIE8WMiXz4fnJJoiJSSq7si95i9ANRD03cIYOWz6Pj+HcGCxTsyAxI7LZGuP0JoillpsQbbjWCdVkss4/5HoV5uaAqy2oaxNskiXrXzqsiXaJhTMnjgJWcq+Ho1+KRZxG4AuIAEaqGIw68=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1659629493;
 h=Content-Type:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=IwgDw+ilMKQVihQ2oBlcTJF/AZfJqV8SQ9s1fJ13Bac=;
	b=X7GQv1I6UV42wZ3a2yQ28Fz49DmxE3zbt1aVUdLsDHjRyCfAdpBB3LiZ+Qv+uP/nGRHAAc/e85zDT/M/V1/X5JUHectHSe/M7X4hwkGrmhrDMuxyUj6SX6Qv8Jc0/TG2Cd+gfef8A8jmFZZqJyf9yQaKPrF7F9OMzIbJVEblhvc=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)  smtp.mailfrom=bounce+27952+92120+1787277+3901457@groups.io
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1659629493112143.50046086405348;
 Thu, 4 Aug 2022 09:11:33 -0700 (PDT)
Return-Path: <bounce+27952+92120+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id MPHQYY1788612xyVsWWlMTVA;
 Thu, 04 Aug 2022 09:11:32 -0700
X-Received: from mail-oo1-f74.google.com (mail-oo1-f74.google.com
 [209.85.161.74])
 by mx.groups.io with SMTP id smtpd.web08.536.1659581566529583241
 for <devel@edk2.groups.io>;
 Wed, 03 Aug 2022 19:52:46 -0700
X-Received: by mail-oo1-f74.google.com with SMTP id
 n13-20020a4a610d000000b00440b0c214edso3013410ooc.6
        for <devel@edk2.groups.io>; Wed, 03 Aug 2022 19:52:46 -0700 (PDT)
X-Gm-Message-State: 7Qv3Gjuyaw9QSberTmF5zNFex1787277AA=
X-Google-Smtp-Source: 
 AA6agR7QTH8zyHpIU0w/L6vnEzvGH3NtQHvYjUfBUxi6IY8XaRPVVVNyPfrGcAZI1stBHwuF9L54zYVuRRY=
X-Received: from yuanyu.kir.corp.google.com
 ([2620:15c:29:204:5484:86bb:f3b4:5636])
 (user=yuanyu job=sendgmr) by 2002:a05:6870:d208:b0:10f:72d:4ee0 with SMTP id
 g8-20020a056870d20800b0010f072d4ee0mr3334400oac.227.1659581565886; Wed, 03
 Aug 2022 19:52:45 -0700 (PDT)
Date: Wed,  3 Aug 2022 19:52:39 -0700
In-Reply-To: <20220804025239.918263-1-yuanyu@google.com>
Message-Id: <20220804025239.918263-3-yuanyu@google.com>
Mime-Version: 1.0
References: <20220804025239.918263-1-yuanyu@google.com>
Subject: [edk2-devel] [PATCH v1 2/2] OvmfPkg: Use PcdNetworkSupport to
 enable/disable VirtIo net
From: "Yuan Yu via groups.io" <yuanyu=google.com@groups.io>
To: devel@edk2.groups.io
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>,
 Jordan Justen <jordan.l.justen@intel.com>,
	Laszlo Ersek <lersek@redhat.com>, Anthony Perard <anthony.perard@citrix.com>,
	Julien Grall <julien@xen.org>
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,yuanyu@google.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1659629492;
 bh=CnLmh1a5LjH0o6tb/PPyZQx7IeCNDJj06IUdOXBh0nM=;
 h=Cc:Content-Type:Date:From:Reply-To:Subject:To;
 b=aoMwjx121zoQlGZBEXoR/v+IdqD3cKtd2CNtEcNCV5qKNNEezql2GNLekxHZPnkxhof
 uEWhMkkqZr0i23Fn6EdUkljNTl30Y3QYiUurF/Rfb1MW+8uT2Jtdxg3WBFJrB/ch4e/3w
 f+J/AQY2zONLRTUA3ppyNwzTWVkz/RZVZVE=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1659629494385100002
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Enable/Disable VirtIo net based on the value of PcdNetworkSupport which
is controlled in NetworkCfgLib, which sets the PCD based on
"etc/networking" qemu file.

With this change, VMM can disable networking even if it is enabled at
compile time. This will allow to reduce attack surface by simply
providing an "etc/networking" value without having to recompile EDK2
completely.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Anthony Perard <anthony.perard@citrix.com>
Cc: Julien Grall <julien@xen.org>

Signed-off-by: Yuan Yu <yuanyu@google.com>
---
 OvmfPkg/OvmfPkgX64.dsc             |  7 ++++++-
 OvmfPkg/VirtioNetDxe/VirtioNet.inf |  3 +++
 OvmfPkg/VirtioNetDxe/EntryPoint.c  | 10 ++++++++++
 3 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 6e68f60dc90f..63cce9f65a95 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -686,6 +686,8 @@ [PcdsDynamicDefault]
   gEfiMdePkgTokenSpaceGuid.PcdFSBClock|1000000000
 !endif
=20
+  gUefiOvmfPkgTokenSpaceGuid.PcdNetworkSupport|TRUE
+
 [PcdsDynamicHii]
 !include OvmfPkg/OvmfTpmPcdsHii.dsc.inc
=20
@@ -953,7 +955,10 @@ [Components]
       NULL|OvmfPkg/Library/TlsAuthConfigLib/TlsAuthConfigLib.inf
   }
 !endif
-  OvmfPkg/VirtioNetDxe/VirtioNet.inf
+  OvmfPkg/VirtioNetDxe/VirtioNet.inf {
+    <LibraryClasses>
+      NULL|OvmfPkg/Library/NetworkCfgLib/NetworkCfgLib.inf
+  }
=20
   #
   # Usb Support
diff --git a/OvmfPkg/VirtioNetDxe/VirtioNet.inf b/OvmfPkg/VirtioNetDxe/Virt=
ioNet.inf
index ada84ed5543b..37bcf13b7863 100644
--- a/OvmfPkg/VirtioNetDxe/VirtioNet.inf
+++ b/OvmfPkg/VirtioNetDxe/VirtioNet.inf
@@ -54,3 +54,6 @@ [Protocols]
   gEfiSimpleNetworkProtocolGuid  ## BY_START
   gEfiDevicePathProtocolGuid     ## BY_START
   gVirtioDeviceProtocolGuid      ## TO_START
+
+[Pcd]
+  gUefiOvmfPkgTokenSpaceGuid.PcdNetworkSupport       ## CONSUMES
diff --git a/OvmfPkg/VirtioNetDxe/EntryPoint.c b/OvmfPkg/VirtioNetDxe/Entry=
Point.c
index c3f41dab57bd..9bf220b9ade5 100644
--- a/OvmfPkg/VirtioNetDxe/EntryPoint.c
+++ b/OvmfPkg/VirtioNetDxe/EntryPoint.c
@@ -9,6 +9,8 @@
=20
 **/
=20
+#include <PiDxe.h>
+
 #include <Library/UefiLib.h>
=20
 #include "VirtioNet.h"
@@ -32,6 +34,14 @@ VirtioNetEntryPoint (
   IN EFI_SYSTEM_TABLE  *SystemTable
   )
 {
+  if (PcdGetBool (PcdNetworkSupport)) {
+    DEBUG ((DEBUG_INFO, "[network] %a - Networking enabled.\n", __FUNCTION=
__));
+  } else {
+    DEBUG ((DEBUG_INFO, "[network] %a - Networking disabled.\n", __FUNCTIO=
N__));
+
+    return EFI_REQUEST_UNLOAD_IMAGE;
+  }
+
   return EfiLibInstallDriverBindingComponentName2 (
            ImageHandle,
            SystemTable,
--=20
2.37.1.559.g78731f0fdb-goog



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#92120): https://edk2.groups.io/g/devel/message/92120
Mute This Topic: https://groups.io/mt/92816626/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-