From nobody Tue Feb 10 16:18:38 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+94786+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+94786+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1665054335; cv=none; d=zohomail.com; s=zohoarc; b=dTofEzW3ymSg90CNdX91PQLs1q9Oq7oIYvQFfcVK31YmSzCrqVZqyHyZHsNOCQGKA1xXiOAmpEbTS+B7ar+1u/TLzaJMA9oY7z/Ulrj1QJGxc8bDHs2NhYtkXmn8QPLiSoJy/WEGVbMdJGg0ClDJ8SbHpjA8BXjXKaaDo/k/OJE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1665054335; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=B2UGTkj5Xk1gCIRKBvjmLqhxOA/AVbs8xOnJXV1TRXQ=; b=VhaORaX2X08jh3HspCl+OOKgI8BwClFmMSJYCRPWMFtz/HnJj8GVGwKQ7Fl4knxq3sagyHlgfM9iOpoUSDRh/YxaVpHTn6OhAF7nFyyFqOB9T/fLInYbGsIoPIvhlMn8ds2xg1dI+As4uiCH6gR8JXwrhzxSn8/BQuMPWJDNlGg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+94786+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1665054335654881.0219647073505; Thu, 6 Oct 2022 04:05:35 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id rSRoYY1788612x3ky7hNcS5z; Thu, 06 Oct 2022 04:05:35 -0700 X-Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.groups.io with SMTP id smtpd.web10.4429.1665054334338832843 for ; Thu, 06 Oct 2022 04:05:34 -0700 X-Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-404-BrEJd4LqM2W2ShCQG8vuzw-1; Thu, 06 Oct 2022 07:05:28 -0400 X-MC-Unique: BrEJd4LqM2W2ShCQG8vuzw-1 X-Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 97ED13C01DA2; Thu, 6 Oct 2022 11:05:28 +0000 (UTC) X-Received: from sirius.home.kraxel.org (unknown [10.39.193.173]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 55C231121339; Thu, 6 Oct 2022 11:05:28 +0000 (UTC) X-Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 9BCB0180079A; Thu, 6 Oct 2022 13:05:26 +0200 (CEST) From: "Gerd Hoffmann" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Oliver Steffen , Jordan Justen , Gerd Hoffmann , Pawel Polawski , Jiewen Yao Subject: [edk2-devel] [PATCH 1/2] OvmfPkg/Microvm: add SECURE_BOOT_FEATURE_ENABLED Date: Thu, 6 Oct 2022 13:05:25 +0200 Message-Id: <20221006110526.1068475-2-kraxel@redhat.com> In-Reply-To: <20221006110526.1068475-1-kraxel@redhat.com> References: <20221006110526.1068475-1-kraxel@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.3 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,kraxel@redhat.com X-Gm-Message-State: ZQSlZC8Ha4nGscrECthBDwaGx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1665054335; bh=GixDGuzOec9rchK9f++DnGk02n1MW4CFensuzIFvMiA=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=YDQMmGBHPkdcFle+Wu8Lco9y+g3ptKJY64XpDsSorAnQKg0+tI4d+HM2Qx7pB8kJt12 K+TvFfPQm61ToVx5JGSBfvgU2D7X0sVE4fp/veaWFnaXQTSljkvA6HWxGRBfTtLuD64So Ue6vLHi4aDQHyoTVanGUZb3p5RG86wzbLdk= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1665054336169100001 Content-Type: text/plain; charset="utf-8"; x-default="true" Compiler flag is needed to make (stateless) secure boot be actually secure, i.e. restore EFI variables from ROM on reset. Signed-off-by: Gerd Hoffmann --- OvmfPkg/Microvm/MicrovmX64.dsc | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc index 33d68a5493de..e60d3a2071ab 100644 --- a/OvmfPkg/Microvm/MicrovmX64.dsc +++ b/OvmfPkg/Microvm/MicrovmX64.dsc @@ -91,6 +91,15 @@ [BuildOptions] INTEL:*_*_*_CC_FLAGS =3D /D DISABLE_NEW_DEPRECATED_INTERFACES GCC:*_*_*_CC_FLAGS =3D -D DISABLE_NEW_DEPRECATED_INTERFACES =20 + # + # SECURE_BOOT_FEATURE_ENABLED + # +!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE + MSFT:*_*_*_CC_FLAGS =3D /D SECURE_BOOT_FEATURE_ENABLED + INTEL:*_*_*_CC_FLAGS =3D /D SECURE_BOOT_FEATURE_ENABLED + GCC:*_*_*_CC_FLAGS =3D -D SECURE_BOOT_FEATURE_ENABLED +!endif + !include NetworkPkg/NetworkBuildOptions.dsc.inc =20 [BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER] --=20 2.37.3 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#94786): https://edk2.groups.io/g/devel/message/94786 Mute This Topic: https://groups.io/mt/94155095/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-