:p
atchew
Login
Known problem: the NOOPT builds fail due to PEI becoming too big. What is the reason for doing these NOOPT builds? I'm not sure what value they provide. But the lack of LTO bloats the binaries with dead code, which is a constant source of trouble ... v2 changes: - turn on crypto driver support by default. - left the config option in for now as fallback option. When all goes as planned remove it one or two releases later. - fix various build problems. Gerd Hoffmann (10): CryptoPkg: move Driver PCD configs to include files CryptoPkg: add CryptoServicePcd.hash_only.dsc.inc CryptoPkg: add TPM hashes to CryptoServicePcd.min_dxe_smm.dsc.inc OvmfPkg: add OvmfCrypto*.inc OvmfPkg: OvmfPkgX64: use crypto includes OvmfPkg: OvmfPkgIa32X64: use crypto includes OvmfPkg: OvmfPkgIa32: use crypto includes OvmfPkg: Microvm: use crypto includes OvmfPkg: IntelTdx: use crypto includes OvmfPkg: AmdSev: use crypto includes .../Include/Dsc/CryptoServicePcd.all.dsc.inc | 29 +++++++ .../Dsc/CryptoServicePcd.hash_only.dsc.inc | 8 ++ .../Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc | 37 +++++++++ .../Dsc/CryptoServicePcd.min_pei.dsc.inc | 20 +++++ .../Dsc/OvmfCryptoComponentsDxe.dsc.inc | 23 ++++++ .../Dsc/OvmfCryptoComponentsPei.dsc.inc | 19 +++++ .../Dsc/OvmfCryptoComponentsSmm.dsc.inc | 18 +++++ OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc | 5 ++ OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc | 57 ++++++++++++++ CryptoPkg/CryptoPkg.dsc | 78 +------------------ OvmfPkg/AmdSev/AmdSevX64.dsc | 12 ++- OvmfPkg/IntelTdx/IntelTdxX64.dsc | 15 ++-- OvmfPkg/Microvm/MicrovmX64.dsc | 24 +++--- OvmfPkg/OvmfPkgIa32.dsc | 22 +++--- OvmfPkg/OvmfPkgIa32X64.dsc | 22 +++--- OvmfPkg/OvmfPkgX64.dsc | 22 +++--- OvmfPkg/AmdSev/AmdSevX64.fdf | 6 ++ OvmfPkg/IntelTdx/IntelTdxX64.fdf | 5 ++ OvmfPkg/Microvm/MicrovmX64.fdf | 7 ++ OvmfPkg/OvmfPkgIa32.fdf | 6 ++ OvmfPkg/OvmfPkgIa32X64.fdf | 6 ++ OvmfPkg/OvmfPkgX64.fdf | 6 ++ OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc | 12 +++ OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc | 9 +++ 24 files changed, 331 insertions(+), 137 deletions(-) create mode 100644 CryptoPkg/Include/Dsc/CryptoServicePcd.all.dsc.inc create mode 100644 CryptoPkg/Include/Dsc/CryptoServicePcd.hash_only.dsc.inc create mode 100644 CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc create mode 100644 CryptoPkg/Include/Dsc/CryptoServicePcd.min_pei.dsc.inc create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc create mode 100644 OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc create mode 100644 OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc -- 2.39.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#99870): https://edk2.groups.io/g/devel/message/99870 Mute This Topic: https://groups.io/mt/96850388/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
Makes it easier to reuse the predefined config sets in other places. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> --- .../Include/Dsc/CryptoServicePcd.all.dsc.inc | 29 +++++++ .../Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc | 35 +++++++++ .../Dsc/CryptoServicePcd.min_pei.dsc.inc | 20 +++++ CryptoPkg/CryptoPkg.dsc | 78 +------------------ 4 files changed, 87 insertions(+), 75 deletions(-) create mode 100644 CryptoPkg/Include/Dsc/CryptoServicePcd.all.dsc.inc create mode 100644 CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc create mode 100644 CryptoPkg/Include/Dsc/CryptoServicePcd.min_pei.dsc.inc diff --git a/CryptoPkg/Include/Dsc/CryptoServicePcd.all.dsc.inc b/CryptoPkg/Include/Dsc/CryptoServicePcd.all.dsc.inc new file mode 100644 index XXXXXXX..XXXXXXX --- /dev/null +++ b/CryptoPkg/Include/Dsc/CryptoServicePcd.all.dsc.inc @@ -XXX,XX +XXX,XX @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Dh.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.GetContextSize | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcEncrypt | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcDecrypt | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Arc4.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.RsaPss.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.ParallelHash.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.AeadAesGcm.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Bn.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Ec.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY diff --git a/CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc b/CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc new file mode 100644 index XXXXXXX..XXXXXXX --- /dev/null +++ b/CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc @@ -XXX,XX +XXX,XX @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs1v2Encrypt | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs5HashPassword | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs7Verify | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.VerifyEKUsInPkcs7Signature | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs7GetSigners | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs7FreeSigners | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.AuthenticodeVerify | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Pkcs1Verify | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.New | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Free | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.SetKey | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.GetPublicKeyFromX509 | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services.HashAll | FALSE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetSubjectName | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetCommonName | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetOrganizationName | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetTBSCert | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.GetContextSize | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcEncrypt | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcDecrypt | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.AeadAesGcm.Services.Encrypt | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.AeadAesGcm.Services.Decrypt | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY diff --git a/CryptoPkg/Include/Dsc/CryptoServicePcd.min_pei.dsc.inc b/CryptoPkg/Include/Dsc/CryptoServicePcd.min_pei.dsc.inc new file mode 100644 index XXXXXXX..XXXXXXX --- /dev/null +++ b/CryptoPkg/Include/Dsc/CryptoServicePcd.min_pei.dsc.inc @@ -XXX,XX +XXX,XX @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Pkcs1Verify | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.New | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Free | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.SetKey | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs5HashPassword | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.GetContextSize | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcEncrypt | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcDecrypt | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc index XXXXXXX..XXXXXXX 100644 --- a/CryptoPkg/CryptoPkg.dsc +++ b/CryptoPkg/CryptoPkg.dsc @@ -XXX,XX +XXX,XX @@ [PcdsFixedAtBuild] # !if $(CRYPTO_SERVICES) IN "ALL TARGET_UINT_TESTS" [PcdsFixedAtBuild] - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Dh.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.GetContextSize | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcEncrypt | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcDecrypt | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Arc4.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.RsaPss.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.ParallelHash.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.AeadAesGcm.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Bn.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Ec.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY +!include CryptoPkg/Include/Dsc/CryptoServicePcd.all.dsc.inc !endif # @@ -XXX,XX +XXX,XX @@ [PcdsFixedAtBuild] # !if $(CRYPTO_SERVICES) == MIN_PEI [PcdsFixedAtBuild] - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Pkcs1Verify | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.New | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Free | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.SetKey | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs5HashPassword | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.GetContextSize | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcEncrypt | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcDecrypt | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY +!include CryptoPkg/Include/Dsc/CryptoServicePcd.min_pei.dsc.inc !endif # @@ -XXX,XX +XXX,XX @@ [PcdsFixedAtBuild] # !if $(CRYPTO_SERVICES) == MIN_DXE_MIN_SMM [PcdsFixedAtBuild] - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs1v2Encrypt | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs5HashPassword | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs7Verify | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.VerifyEKUsInPkcs7Signature | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs7GetSigners | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs7FreeSigners | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.AuthenticodeVerify | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Pkcs1Verify | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.New | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Free | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.SetKey | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.GetPublicKeyFromX509 | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services.HashAll | FALSE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetSubjectName | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetCommonName | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetOrganizationName | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetTBSCert | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.GetContextSize | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcEncrypt | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcDecrypt | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.AeadAesGcm.Services.Encrypt | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.AeadAesGcm.Services.Decrypt | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY +!include CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc !endif ################################################################################################### -- 2.39.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#99872): https://edk2.groups.io/g/devel/message/99872 Mute This Topic: https://groups.io/mt/96850390/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
Contains only hash functions needed for measurements. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> --- CryptoPkg/Include/Dsc/CryptoServicePcd.hash_only.dsc.inc | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 CryptoPkg/Include/Dsc/CryptoServicePcd.hash_only.dsc.inc diff --git a/CryptoPkg/Include/Dsc/CryptoServicePcd.hash_only.dsc.inc b/CryptoPkg/Include/Dsc/CryptoServicePcd.hash_only.dsc.inc new file mode 100644 index XXXXXXX..XXXXXXX --- /dev/null +++ b/CryptoPkg/Include/Dsc/CryptoServicePcd.hash_only.dsc.inc @@ -XXX,XX +XXX,XX @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY -- 2.39.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#99869): https://edk2.groups.io/g/devel/message/99869 Mute This Topic: https://groups.io/mt/96850387/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
Enable Sha384 + Sha512 + Sm3. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> --- CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc b/CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc index XXXXXXX..XXXXXXX 100644 --- a/CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc +++ b/CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc @@ -XXX,XX +XXX,XX @@ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.GetPublicKeyFromX509 | TRUE gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services.HashAll | FALSE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetSubjectName | TRUE gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetCommonName | TRUE gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetOrganizationName | TRUE -- 2.39.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#99873): https://edk2.groups.io/g/devel/message/99873 Mute This Topic: https://groups.io/mt/96850391/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
Create include files for crypto support, so the configuration can be shared for all OVMF build variants. Also add support for using the Crypto Driver. The Crypto Driver is enabled by default and can be disabled by setting USE_CRYPTO_DRIVER to FALSE. The config option is intended to be temporary and will probably stay for one or two releases as fallback, then be removed. The configuration follows mostly the recommendations given in CryptoPkg/Readme.md, with some minor exceptions like only compiling TLS support in case NETWORK_TLS_ENABLE is TRUE. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> --- .../Dsc/OvmfCryptoComponentsDxe.dsc.inc | 23 ++++++++ .../Dsc/OvmfCryptoComponentsPei.dsc.inc | 19 +++++++ .../Dsc/OvmfCryptoComponentsSmm.dsc.inc | 18 ++++++ OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc | 5 ++ OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc | 57 +++++++++++++++++++ OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc | 12 ++++ OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc | 9 +++ 7 files changed, 143 insertions(+) create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc create mode 100644 OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc create mode 100644 OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc diff --git a/OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc new file mode 100644 index XXXXXXX..XXXXXXX --- /dev/null +++ b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc @@ -XXX,XX +XXX,XX @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +# mostly following CryptoPkg/Readme.md recommendations +## + +!if $(USE_CRYPTO_DRIVER) == TRUE + + CryptoPkg/Driver/CryptoDxe.inf { + <LibraryClasses> + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +!if $(NETWORK_TLS_ENABLE) == TRUE + TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf +!else + TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +!endif + <PcdsFixedAtBuild> +!include CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc + } + +!endif diff --git a/OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc new file mode 100644 index XXXXXXX..XXXXXXX --- /dev/null +++ b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc @@ -XXX,XX +XXX,XX @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +# mostly following CryptoPkg/Readme.md recommendations +## + +!if $(USE_CRYPTO_DRIVER) == TRUE + + CryptoPkg/Driver/CryptoPei.inf { + <LibraryClasses> + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf + TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf + <PcdsFixedAtBuild> +#!include CryptoPkg/Include/Dsc/CryptoServicePcd.min_pei.dsc.inc +!include CryptoPkg/Include/Dsc/CryptoServicePcd.hash_only.dsc.inc + } + +!endif diff --git a/OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc new file mode 100644 index XXXXXXX..XXXXXXX --- /dev/null +++ b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc @@ -XXX,XX +XXX,XX @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +# mostly following CryptoPkg/Readme.md recommendations +## + +!if $(USE_CRYPTO_DRIVER) == TRUE && $(SMM_REQUIRE) == TRUE + + CryptoPkg/Driver/CryptoSmm.inf { + <LibraryClasses> + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf + TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf + <PcdsFixedAtBuild> +!include CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc + } + +!endif diff --git a/OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc b/OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc new file mode 100644 index XXXXXXX..XXXXXXX --- /dev/null +++ b/OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc @@ -XXX,XX +XXX,XX @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + + DEFINE USE_CRYPTO_DRIVER = TRUE diff --git a/OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc b/OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc new file mode 100644 index XXXXXXX..XXXXXXX --- /dev/null +++ b/OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc @@ -XXX,XX +XXX,XX @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +# mostly following CryptoPkg/Readme.md recommendations +## + +[LibraryClasses] + HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf + +[LibraryClasses.common.SEC] + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf + TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf + +[LibraryClasses.common.DXE_RUNTIME_DRIVER] + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf + TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf + +!if $(USE_CRYPTO_DRIVER) == TRUE + +[LibraryClasses.common.PEIM] + BaseCryptLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/PeiCryptLib.inf + TlsLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/PeiCryptLib.inf + +[LibraryClasses.common.DXE_SMM_DRIVER] + BaseCryptLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptLib.inf + TlsLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptLib.inf + +[LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.UEFI_DRIVER, LibraryClasses.common.UEFI_APPLICATION] + BaseCryptLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptLib.inf + TlsLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptLib.inf + +!else + +[LibraryClasses.common] + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +!if $(NETWORK_TLS_ENABLE) == TRUE + TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf +!else + TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +!endif + +[LibraryClasses.common.PEIM] + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf + TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf + +[LibraryClasses.common.DXE_SMM_DRIVER] + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf + TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf + +!endif diff --git a/OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc b/OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc new file mode 100644 index XXXXXXX..XXXXXXX --- /dev/null +++ b/OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc @@ -XXX,XX +XXX,XX @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(USE_CRYPTO_DRIVER) == TRUE + +INF CryptoPkg/Driver/CryptoDxe.inf +!if $(SMM_REQUIRE) == TRUE +INF CryptoPkg/Driver/CryptoSmm.inf +!endif + +!endif diff --git a/OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc b/OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc new file mode 100644 index XXXXXXX..XXXXXXX --- /dev/null +++ b/OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc @@ -XXX,XX +XXX,XX @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(USE_CRYPTO_DRIVER) == TRUE + +INF CryptoPkg/Driver/CryptoPei.inf + +!endif -- 2.39.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#99879): https://edk2.groups.io/g/devel/message/99879 Mute This Topic: https://groups.io/mt/96850399/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
Use the new crypto support include files. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> --- OvmfPkg/OvmfPkgX64.dsc | 22 +++++++++------------- OvmfPkg/OvmfPkgX64.fdf | 6 ++++++ 2 files changed, 15 insertions(+), 13 deletions(-) diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index XXXXXXX..XXXXXXX 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -XXX,XX +XXX,XX @@ [Defines] DEFINE CC_MEASUREMENT_ENABLE = FALSE !include OvmfPkg/Include/Dsc/OvmfTpmDefines.dsc.inc +!include OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc # # Shell can be useful for debugging but should not be enabled for production @@ -XXX,XX +XXX,XX @@ [LibraryClasses] LocalApicLib|UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf - IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf -!if $(NETWORK_TLS_ENABLE) == TRUE - OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf -!else - OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf -!endif RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf !if $(SECURE_BOOT_ENABLE) == TRUE @@ -XXX,XX +XXX,XX @@ [LibraryClasses] # !include NetworkPkg/NetworkLibs.dsc.inc -!if $(NETWORK_TLS_ENABLE) == TRUE - TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf -!endif - !if $(BUILD_SHELL) == TRUE ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf !endif @@ -XXX,XX +XXX,XX @@ [LibraryClasses] OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf !include OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc +!include OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc [LibraryClasses.common] - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf CcExitLib|OvmfPkg/Library/CcExitLib/CcExitLib.inf TdxLib|MdePkg/Library/TdxLib/TdxLib.inf TdxMailboxLib|OvmfPkg/Library/TdxMailboxLib/TdxMailboxLib.inf @@ -XXX,XX +XXX,XX @@ [LibraryClasses.common.DXE_RUNTIME_DRIVER] DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf !endif UefiRuntimeLib|MdePkg/Library/UefiRuntimeLib/UefiRuntimeLib.inf - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf @@ -XXX,XX +XXX,XX @@ [LibraryClasses.common.DXE_SMM_DRIVER] !if $(SOURCE_DEBUG_ENABLE) == TRUE DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/SmmDebugAgentLib.inf !endif - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf SmmCpuRendezvousLib|UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf @@ -XXX,XX +XXX,XX @@ [Components] OvmfPkg/VirtioNetDxe/VirtioNet.inf + # + # Crypto Support + # +!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc +!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc +!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc + # # Usb Support # diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index XXXXXXX..XXXXXXX 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -XXX,XX +XXX,XX @@ [FV.PEIFV] INF FILE_GUID = $(UP_CPU_PEI_GUID) UefiCpuPkg/CpuMpPei/CpuMpPei.inf !include OvmfPkg/OvmfTpmPei.fdf.inc +!include OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc ################################################################################ @@ -XXX,XX +XXX,XX @@ [FV.DXEFV] # !include OvmfPkg/OvmfTpmDxe.fdf.inc +# +# Crypto support +# +!include OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc + ################################################################################ [FV.FVMAIN_COMPACT] -- 2.39.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#99871): https://edk2.groups.io/g/devel/message/99871 Mute This Topic: https://groups.io/mt/96850389/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
Use the new crypto support include files. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> --- OvmfPkg/OvmfPkgIa32X64.dsc | 22 +++++++++------------- OvmfPkg/OvmfPkgIa32X64.fdf | 6 ++++++ 2 files changed, 15 insertions(+), 13 deletions(-) diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index XXXXXXX..XXXXXXX 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -XXX,XX +XXX,XX @@ [Defines] DEFINE SOURCE_DEBUG_ENABLE = FALSE !include OvmfPkg/Include/Dsc/OvmfTpmDefines.dsc.inc +!include OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc # # Shell can be useful for debugging but should not be enabled for production @@ -XXX,XX +XXX,XX @@ [LibraryClasses] LocalApicLib|UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf - IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf -!if $(NETWORK_TLS_ENABLE) == TRUE - OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf -!else - OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf -!endif RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf !if $(SECURE_BOOT_ENABLE) == TRUE @@ -XXX,XX +XXX,XX @@ [LibraryClasses] # !include NetworkPkg/NetworkLibs.dsc.inc -!if $(NETWORK_TLS_ENABLE) == TRUE - TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf -!endif - !if $(BUILD_SHELL) == TRUE ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf !endif @@ -XXX,XX +XXX,XX @@ [LibraryClasses] OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf !include OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc +!include OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc [LibraryClasses.common] - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf CcExitLib|UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf TdxLib|MdePkg/Library/TdxLib/TdxLib.inf TdxMailboxLib|OvmfPkg/Library/TdxMailboxLib/TdxMailboxLibNull.inf @@ -XXX,XX +XXX,XX @@ [LibraryClasses.common.DXE_RUNTIME_DRIVER] DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf !endif UefiRuntimeLib|MdePkg/Library/UefiRuntimeLib/UefiRuntimeLib.inf - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf @@ -XXX,XX +XXX,XX @@ [LibraryClasses.common.DXE_SMM_DRIVER] !if $(SOURCE_DEBUG_ENABLE) == TRUE DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/SmmDebugAgentLib.inf !endif - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf SmmCpuRendezvousLib|UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf @@ -XXX,XX +XXX,XX @@ [Components.IA32] UefiCpuPkg/CpuMpPei/CpuMpPei.inf !include OvmfPkg/Include/Dsc/OvmfTpmComponentsPei.dsc.inc +!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc [Components.X64] # @@ -XXX,XX +XXX,XX @@ [Components.X64] OvmfPkg/VirtioNetDxe/VirtioNet.inf + # + # Crypto Support + # +!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc +!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc + # # Usb Support # diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf index XXXXXXX..XXXXXXX 100644 --- a/OvmfPkg/OvmfPkgIa32X64.fdf +++ b/OvmfPkg/OvmfPkgIa32X64.fdf @@ -XXX,XX +XXX,XX @@ [FV.PEIFV] INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf !include OvmfPkg/OvmfTpmPei.fdf.inc +!include OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc ################################################################################ @@ -XXX,XX +XXX,XX @@ [FV.DXEFV] # !include OvmfPkg/OvmfTpmDxe.fdf.inc +# +# Crypto support +# +!include OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc + ################################################################################ [FV.FVMAIN_COMPACT] -- 2.39.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#99874): https://edk2.groups.io/g/devel/message/99874 Mute This Topic: https://groups.io/mt/96850393/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
Use the new crypto support include files. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> --- OvmfPkg/OvmfPkgIa32.dsc | 22 +++++++++------------- OvmfPkg/OvmfPkgIa32.fdf | 6 ++++++ 2 files changed, 15 insertions(+), 13 deletions(-) diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index XXXXXXX..XXXXXXX 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -XXX,XX +XXX,XX @@ [Defines] DEFINE LOAD_X64_ON_IA32_ENABLE = FALSE !include OvmfPkg/Include/Dsc/OvmfTpmDefines.dsc.inc +!include OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc # # Shell can be useful for debugging but should not be enabled for production @@ -XXX,XX +XXX,XX @@ [LibraryClasses] LocalApicLib|UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf - IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf -!if $(NETWORK_TLS_ENABLE) == TRUE - OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf -!else - OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf -!endif RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf !if $(SECURE_BOOT_ENABLE) == TRUE @@ -XXX,XX +XXX,XX @@ [LibraryClasses] # !include NetworkPkg/NetworkLibs.dsc.inc -!if $(NETWORK_TLS_ENABLE) == TRUE - TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf -!endif - !if $(BUILD_SHELL) == TRUE ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf !endif @@ -XXX,XX +XXX,XX @@ [LibraryClasses] OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf !include OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc +!include OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc [LibraryClasses.common] - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf CcExitLib|UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf TdxMailboxLib|OvmfPkg/Library/TdxMailboxLib/TdxMailboxLibNull.inf @@ -XXX,XX +XXX,XX @@ [LibraryClasses.common.DXE_RUNTIME_DRIVER] DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf !endif UefiRuntimeLib|MdePkg/Library/UefiRuntimeLib/UefiRuntimeLib.inf - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf @@ -XXX,XX +XXX,XX @@ [LibraryClasses.common.DXE_SMM_DRIVER] !if $(SOURCE_DEBUG_ENABLE) == TRUE DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/SmmDebugAgentLib.inf !endif - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf SmmCpuRendezvousLib|UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf @@ -XXX,XX +XXX,XX @@ [Components] OvmfPkg/VirtioNetDxe/VirtioNet.inf + # + # Crypto Support + # +!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc +!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc +!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc + # # Usb Support # diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf index XXXXXXX..XXXXXXX 100644 --- a/OvmfPkg/OvmfPkgIa32.fdf +++ b/OvmfPkg/OvmfPkgIa32.fdf @@ -XXX,XX +XXX,XX @@ [FV.PEIFV] INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf !include OvmfPkg/OvmfTpmPei.fdf.inc +!include OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc ################################################################################ @@ -XXX,XX +XXX,XX @@ [FV.DXEFV] # !include OvmfPkg/OvmfTpmDxe.fdf.inc +# +# Crypto support +# +!include OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc + !if $(LOAD_X64_ON_IA32_ENABLE) == TRUE INF OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf !endif -- 2.39.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#99875): https://edk2.groups.io/g/devel/message/99875 Mute This Topic: https://groups.io/mt/96850395/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
Use the new crypto support include files. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> --- OvmfPkg/Microvm/MicrovmX64.dsc | 24 +++++++++++------------- OvmfPkg/Microvm/MicrovmX64.fdf | 7 +++++++ 2 files changed, 18 insertions(+), 13 deletions(-) diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc index XXXXXXX..XXXXXXX 100644 --- a/OvmfPkg/Microvm/MicrovmX64.dsc +++ b/OvmfPkg/Microvm/MicrovmX64.dsc @@ -XXX,XX +XXX,XX @@ [Defines] DEFINE SMM_REQUIRE = FALSE DEFINE SOURCE_DEBUG_ENABLE = FALSE +!include OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc + # # Network definition # @@ -XXX,XX +XXX,XX @@ [LibraryClasses] LocalApicLib|UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf - IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf -!if $(NETWORK_TLS_ENABLE) == TRUE - OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf -!else - OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf -!endif RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf !if $(SECURE_BOOT_ENABLE) == TRUE @@ -XXX,XX +XXX,XX @@ [LibraryClasses] # !include NetworkPkg/NetworkLibs.dsc.inc -!if $(NETWORK_TLS_ENABLE) == TRUE - TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf -!endif - ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf @@ -XXX,XX +XXX,XX @@ [LibraryClasses] Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf +!include OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc + [LibraryClasses.common] - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf CcExitLib|OvmfPkg/Library/CcExitLib/CcExitLib.inf SerialPortLib|MdeModulePkg/Library/BaseSerialPortLib16550/BaseSerialPortLib16550.inf PlatformHookLib|MdeModulePkg/Library/BasePlatformHookLibNull/BasePlatformHookLibNull.inf @@ -XXX,XX +XXX,XX @@ [LibraryClasses.common.DXE_RUNTIME_DRIVER] DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf !endif UefiRuntimeLib|MdePkg/Library/UefiRuntimeLib/UefiRuntimeLib.inf - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf # PciLib|MdePkg/Library/BasePciLibPciExpress/BasePciLibPciExpress.inf # PciPcdProducerLib|OvmfPkg/Fdt/FdtPciPcdProducerLib/FdtPciPcdProducerLib.inf # PciExpressLib|OvmfPkg/Library/BaseCachingPciExpressLib/BaseCachingPciExpressLib.inf @@ -XXX,XX +XXX,XX @@ [LibraryClasses.common.DXE_SMM_DRIVER] !if $(SOURCE_DEBUG_ENABLE) == TRUE DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/SmmDebugAgentLib.inf !endif - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf PciLib|MdePkg/Library/BasePciLibPciExpress/BasePciLibPciExpress.inf PciPcdProducerLib|OvmfPkg/Fdt/FdtPciPcdProducerLib/FdtPciPcdProducerLib.inf PciExpressLib|OvmfPkg/Library/BaseCachingPciExpressLib/BaseCachingPciExpressLib.inf @@ -XXX,XX +XXX,XX @@ [Components] OvmfPkg/VirtioNetDxe/VirtioNet.inf + # + # Crypto Support + # +!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc +!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc +!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc + # # Usb Support # diff --git a/OvmfPkg/Microvm/MicrovmX64.fdf b/OvmfPkg/Microvm/MicrovmX64.fdf index XXXXXXX..XXXXXXX 100644 --- a/OvmfPkg/Microvm/MicrovmX64.fdf +++ b/OvmfPkg/Microvm/MicrovmX64.fdf @@ -XXX,XX +XXX,XX @@ [FV.PEIFV] INF UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf +!include OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc + ################################################################################ [FV.DXEFV] @@ -XXX,XX +XXX,XX @@ [FV.DXEFV] INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf +# +# Crypto support +# +!include OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc + ################################################################################ [FV.FVMAIN_COMPACT] -- 2.39.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#99876): https://edk2.groups.io/g/devel/message/99876 Mute This Topic: https://groups.io/mt/96850396/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
Use the new crypto support include files. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> --- OvmfPkg/IntelTdx/IntelTdxX64.dsc | 15 +++++++++------ OvmfPkg/IntelTdx/IntelTdxX64.fdf | 5 +++++ 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc index XXXXXXX..XXXXXXX 100644 --- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc +++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc @@ -XXX,XX +XXX,XX @@ [Defines] # DEFINE BUILD_SHELL = TRUE +!include OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc + # # Device drivers # @@ -XXX,XX +XXX,XX @@ [LibraryClasses] LocalApicLib|UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf - IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf - OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf !if $(SECURE_BOOT_ENABLE) == TRUE @@ -XXX,XX +XXX,XX @@ [LibraryClasses] Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf +!include OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc + [LibraryClasses.common] - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf CcExitLib|OvmfPkg/Library/CcExitLib/CcExitLib.inf TdxLib|MdePkg/Library/TdxLib/TdxLib.inf TdxMailboxLib|OvmfPkg/Library/TdxMailboxLib/TdxMailboxLib.inf @@ -XXX,XX +XXX,XX @@ [LibraryClasses.common.DXE_RUNTIME_DRIVER] DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf !endif UefiRuntimeLib|MdePkg/Library/UefiRuntimeLib/UefiRuntimeLib.inf - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf @@ -XXX,XX +XXX,XX @@ [LibraryClasses.common.DXE_SMM_DRIVER] DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf !endif CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SmmCpuExceptionHandlerLib.inf - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf [LibraryClasses.common.SMM_CORE] @@ -XXX,XX +XXX,XX @@ [Components] <LibraryClasses> NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompressLib.inf NULL|OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelperLib.inf - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf } # @@ -XXX,XX +XXX,XX @@ [Components] MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf + # + # Crypto Support + # +!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc + # # Usb Support # diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.fdf b/OvmfPkg/IntelTdx/IntelTdxX64.fdf index XXXXXXX..XXXXXXX 100644 --- a/OvmfPkg/IntelTdx/IntelTdxX64.fdf +++ b/OvmfPkg/IntelTdx/IntelTdxX64.fdf @@ -XXX,XX +XXX,XX @@ [FV.DXEFV] # INF SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf +# +# Crypto support +# +!include OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc + ################################################################################ [FV.NCCFV] -- 2.39.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#99877): https://edk2.groups.io/g/devel/message/99877 Mute This Topic: https://groups.io/mt/96850397/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
Use the new crypto support include files. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> --- OvmfPkg/AmdSev/AmdSevX64.dsc | 12 ++++++++---- OvmfPkg/AmdSev/AmdSevX64.fdf | 6 ++++++ 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc index XXXXXXX..XXXXXXX 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc @@ -XXX,XX +XXX,XX @@ [Defines] DEFINE SOURCE_DEBUG_ENABLE = FALSE !include OvmfPkg/Include/Dsc/OvmfTpmDefines.dsc.inc +!include OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc # # Shell can be useful for debugging but should not be enabled for production @@ -XXX,XX +XXX,XX @@ [LibraryClasses] LocalApicLib|UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf - IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf - OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf @@ -XXX,XX +XXX,XX @@ [LibraryClasses] OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf !include OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc +!include OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc [LibraryClasses.common] - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf CcExitLib|OvmfPkg/Library/CcExitLib/CcExitLib.inf TdxLib|MdePkg/Library/TdxLib/TdxLib.inf TdxMailboxLib|OvmfPkg/Library/TdxMailboxLib/TdxMailboxLibNull.inf @@ -XXX,XX +XXX,XX @@ [LibraryClasses.common.DXE_RUNTIME_DRIVER] DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf !endif UefiRuntimeLib|MdePkg/Library/UefiRuntimeLib/UefiRuntimeLib.inf - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf @@ -XXX,XX +XXX,XX @@ [Components] OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf + # + # Crypto Support + # +!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc +!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc + # # Usb Support # diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf index XXXXXXX..XXXXXXX 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.fdf +++ b/OvmfPkg/AmdSev/AmdSevX64.fdf @@ -XXX,XX +XXX,XX @@ [FV.PEIFV] INF OvmfPkg/AmdSev/SecretPei/SecretPei.inf !include OvmfPkg/OvmfTpmPei.fdf.inc +!include OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc ################################################################################ @@ -XXX,XX +XXX,XX @@ [FV.DXEFV] # !include OvmfPkg/OvmfTpmDxe.fdf.inc +# +# Crypto support +# +!include OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc + ################################################################################ [FV.FVMAIN_COMPACT] -- 2.39.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#99878): https://edk2.groups.io/g/devel/message/99878 Mute This Topic: https://groups.io/mt/96850398/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
v3 changes: - rebase to latest master. - enable crypto driver only for SMM + DXE. - CI passes now \o/ v2 changes: - turn on crypto driver support by default. - left the config option in for now as fallback option. When all goes as planned remove it one or two releases later. - fix various build problems. Gerd Hoffmann (11): CryptoPkg/Driver: move PCD configs to include files CryptoPkg/Driver: add CryptoServicePcd.hash_only.dsc.inc CryptoPkg/Driver: add TPM hashes to CryptoServicePcd.min_dxe_smm.dsc.inc BaseTools: GCC5: enable lto for noopt builds on IA32 and X64 OvmfPkg: add OvmfCrypto*.inc OvmfPkg: OvmfPkgX64: use crypto includes OvmfPkg: OvmfPkgIa32X64: use crypto includes OvmfPkg: OvmfPkgIa32: use crypto includes OvmfPkg: Microvm: use crypto includes OvmfPkg: IntelTdx: use crypto includes OvmfPkg: AmdSev: use crypto includes .../Include/Dsc/CryptoServicePcd.all.dsc.inc | 29 +++++++ .../Dsc/CryptoServicePcd.hash_only.dsc.inc | 8 ++ .../Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc | 37 +++++++++ .../Dsc/CryptoServicePcd.min_pei.dsc.inc | 20 +++++ .../Dsc/OvmfCryptoComponentsDxe.dsc.inc | 23 ++++++ .../Dsc/OvmfCryptoComponentsPei.dsc.inc | 19 +++++ .../Dsc/OvmfCryptoComponentsSmm.dsc.inc | 18 +++++ OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc | 7 ++ OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc | 72 +++++++++++++++++ CryptoPkg/CryptoPkg.dsc | 78 +------------------ OvmfPkg/AmdSev/AmdSevX64.dsc | 12 ++- OvmfPkg/IntelTdx/IntelTdxX64.dsc | 15 ++-- OvmfPkg/Microvm/MicrovmX64.dsc | 24 +++--- OvmfPkg/OvmfPkgIa32.dsc | 22 +++--- OvmfPkg/OvmfPkgIa32X64.dsc | 22 +++--- OvmfPkg/OvmfPkgX64.dsc | 22 +++--- OvmfPkg/AmdSev/AmdSevX64.fdf | 6 ++ OvmfPkg/IntelTdx/IntelTdxX64.fdf | 5 ++ OvmfPkg/Microvm/MicrovmX64.fdf | 7 ++ OvmfPkg/OvmfPkgIa32.fdf | 6 ++ OvmfPkg/OvmfPkgIa32X64.fdf | 6 ++ OvmfPkg/OvmfPkgX64.fdf | 6 ++ BaseTools/Conf/tools_def.template | 8 +- OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc | 12 +++ OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc | 7 ++ 25 files changed, 350 insertions(+), 141 deletions(-) create mode 100644 CryptoPkg/Include/Dsc/CryptoServicePcd.all.dsc.inc create mode 100644 CryptoPkg/Include/Dsc/CryptoServicePcd.hash_only.dsc.inc create mode 100644 CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc create mode 100644 CryptoPkg/Include/Dsc/CryptoServicePcd.min_pei.dsc.inc create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc create mode 100644 OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc create mode 100644 OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#100931): https://edk2.groups.io/g/devel/message/100931 Mute This Topic: https://groups.io/mt/97493569/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
Makes it easier to reuse the predefined config sets in other places. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> --- .../Include/Dsc/CryptoServicePcd.all.dsc.inc | 29 +++++++ .../Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc | 35 +++++++++ .../Dsc/CryptoServicePcd.min_pei.dsc.inc | 20 +++++ CryptoPkg/CryptoPkg.dsc | 78 +------------------ 4 files changed, 87 insertions(+), 75 deletions(-) create mode 100644 CryptoPkg/Include/Dsc/CryptoServicePcd.all.dsc.inc create mode 100644 CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc create mode 100644 CryptoPkg/Include/Dsc/CryptoServicePcd.min_pei.dsc.inc diff --git a/CryptoPkg/Include/Dsc/CryptoServicePcd.all.dsc.inc b/CryptoPkg/Include/Dsc/CryptoServicePcd.all.dsc.inc new file mode 100644 index XXXXXXX..XXXXXXX --- /dev/null +++ b/CryptoPkg/Include/Dsc/CryptoServicePcd.all.dsc.inc @@ -XXX,XX +XXX,XX @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Dh.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.GetContextSize | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcEncrypt | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcDecrypt | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Arc4.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.RsaPss.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.ParallelHash.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.AeadAesGcm.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Bn.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Ec.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY diff --git a/CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc b/CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc new file mode 100644 index XXXXXXX..XXXXXXX --- /dev/null +++ b/CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc @@ -XXX,XX +XXX,XX @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs1v2Encrypt | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs5HashPassword | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs7Verify | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.VerifyEKUsInPkcs7Signature | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs7GetSigners | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs7FreeSigners | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.AuthenticodeVerify | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Pkcs1Verify | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.New | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Free | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.SetKey | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.GetPublicKeyFromX509 | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services.HashAll | FALSE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetSubjectName | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetCommonName | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetOrganizationName | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetTBSCert | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.GetContextSize | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcEncrypt | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcDecrypt | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.AeadAesGcm.Services.Encrypt | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.AeadAesGcm.Services.Decrypt | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY diff --git a/CryptoPkg/Include/Dsc/CryptoServicePcd.min_pei.dsc.inc b/CryptoPkg/Include/Dsc/CryptoServicePcd.min_pei.dsc.inc new file mode 100644 index XXXXXXX..XXXXXXX --- /dev/null +++ b/CryptoPkg/Include/Dsc/CryptoServicePcd.min_pei.dsc.inc @@ -XXX,XX +XXX,XX @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Pkcs1Verify | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.New | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Free | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.SetKey | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs5HashPassword | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.GetContextSize | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcEncrypt | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcDecrypt | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc index XXXXXXX..XXXXXXX 100644 --- a/CryptoPkg/CryptoPkg.dsc +++ b/CryptoPkg/CryptoPkg.dsc @@ -XXX,XX +XXX,XX @@ [PcdsFixedAtBuild] # !if $(CRYPTO_SERVICES) IN "ALL TARGET_UINT_TESTS" [PcdsFixedAtBuild] - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Dh.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.GetContextSize | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcEncrypt | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcDecrypt | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Arc4.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.RsaPss.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.ParallelHash.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.AeadAesGcm.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Bn.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Ec.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY +!include CryptoPkg/Include/Dsc/CryptoServicePcd.all.dsc.inc !endif # @@ -XXX,XX +XXX,XX @@ [PcdsFixedAtBuild] # !if $(CRYPTO_SERVICES) == MIN_PEI [PcdsFixedAtBuild] - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Pkcs1Verify | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.New | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Free | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.SetKey | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs5HashPassword | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.GetContextSize | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcEncrypt | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcDecrypt | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY +!include CryptoPkg/Include/Dsc/CryptoServicePcd.min_pei.dsc.inc !endif # @@ -XXX,XX +XXX,XX @@ [PcdsFixedAtBuild] # !if $(CRYPTO_SERVICES) == MIN_DXE_MIN_SMM [PcdsFixedAtBuild] - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs1v2Encrypt | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs5HashPassword | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs7Verify | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.VerifyEKUsInPkcs7Signature | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs7GetSigners | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs7FreeSigners | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.AuthenticodeVerify | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Pkcs1Verify | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.New | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Free | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.SetKey | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.GetPublicKeyFromX509 | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services.HashAll | FALSE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetSubjectName | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetCommonName | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetOrganizationName | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetTBSCert | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.GetContextSize | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcEncrypt | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcDecrypt | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.AeadAesGcm.Services.Encrypt | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.AeadAesGcm.Services.Decrypt | TRUE - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY +!include CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc !endif ################################################################################################### -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#100932): https://edk2.groups.io/g/devel/message/100932 Mute This Topic: https://groups.io/mt/97493570/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
Contains only hash functions needed for measurements. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> --- CryptoPkg/Include/Dsc/CryptoServicePcd.hash_only.dsc.inc | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 CryptoPkg/Include/Dsc/CryptoServicePcd.hash_only.dsc.inc diff --git a/CryptoPkg/Include/Dsc/CryptoServicePcd.hash_only.dsc.inc b/CryptoPkg/Include/Dsc/CryptoServicePcd.hash_only.dsc.inc new file mode 100644 index XXXXXXX..XXXXXXX --- /dev/null +++ b/CryptoPkg/Include/Dsc/CryptoServicePcd.hash_only.dsc.inc @@ -XXX,XX +XXX,XX @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#100933): https://edk2.groups.io/g/devel/message/100933 Mute This Topic: https://groups.io/mt/97493571/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
Enable Sha384 + Sha512 + Sm3. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> --- CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc b/CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc index XXXXXXX..XXXXXXX 100644 --- a/CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc +++ b/CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc @@ -XXX,XX +XXX,XX @@ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.GetPublicKeyFromX509 | TRUE gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services.HashAll | FALSE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetSubjectName | TRUE gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetCommonName | TRUE gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetOrganizationName | TRUE -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#100934): https://edk2.groups.io/g/devel/message/100934 Mute This Topic: https://groups.io/mt/97493572/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> --- BaseTools/Conf/tools_def.template | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template index XXXXXXX..XXXXXXX 100755 --- a/BaseTools/Conf/tools_def.template +++ b/BaseTools/Conf/tools_def.template @@ -XXX,XX +XXX,XX @@ RELEASE_GCC49_AARCH64_DLINK_XIPFLAGS = -z common-page-size=0x20 RELEASE_GCC5_IA32_CC_FLAGS = DEF(GCC5_IA32_CC_FLAGS) -flto -Wno-unused-but-set-variable -Wno-unused-const-variable RELEASE_GCC5_IA32_DLINK_FLAGS = DEF(GCC5_IA32_X64_DLINK_FLAGS) -flto -Os -Wl,-m,elf_i386,--oformat=elf32-i386 - NOOPT_GCC5_IA32_CC_FLAGS = DEF(GCC5_IA32_CC_FLAGS) -O0 - NOOPT_GCC5_IA32_DLINK_FLAGS = DEF(GCC5_IA32_X64_DLINK_FLAGS) -Wl,-m,elf_i386,--oformat=elf32-i386 -O0 + NOOPT_GCC5_IA32_CC_FLAGS = DEF(GCC5_IA32_CC_FLAGS) -flto -O0 + NOOPT_GCC5_IA32_DLINK_FLAGS = DEF(GCC5_IA32_X64_DLINK_FLAGS) -flto -Wl,-m,elf_i386,--oformat=elf32-i386 -O0 ################## # GCC5 X64 definitions @@ -XXX,XX +XXX,XX @@ RELEASE_GCC5_IA32_DLINK_FLAGS = DEF(GCC5_IA32_X64_DLINK_FLAGS) -flto -Os -Wl, RELEASE_GCC5_X64_CC_FLAGS = DEF(GCC5_X64_CC_FLAGS) -flto -DUSING_LTO -Wno-unused-but-set-variable -Wno-unused-const-variable RELEASE_GCC5_X64_DLINK_FLAGS = DEF(GCC5_X64_DLINK_FLAGS) -flto -Os - NOOPT_GCC5_X64_CC_FLAGS = DEF(GCC5_X64_CC_FLAGS) -O0 - NOOPT_GCC5_X64_DLINK_FLAGS = DEF(GCC5_X64_DLINK_FLAGS) -O0 + NOOPT_GCC5_X64_CC_FLAGS = DEF(GCC5_X64_CC_FLAGS) -flto -DUSING_LTO -O0 + NOOPT_GCC5_X64_DLINK_FLAGS = DEF(GCC5_X64_DLINK_FLAGS) -flto -O0 ################## # GCC5 ARM definitions -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#100935): https://edk2.groups.io/g/devel/message/100935 Mute This Topic: https://groups.io/mt/97493573/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
Create include files for crypto support, so the configuration can be shared for all OVMF build variants. Also add support for using the Crypto Driver. The Crypto Driver is by default for enabled SMM + DXE and disabled for PEI. This can be changed using the {PEI,SMM,DXE}_USE_CRYPTO_DRIVER options. The config option is intended to be temporary and will probably stay for one or two releases as fallback, then be removed. The configuration follows mostly the recommendations given in CryptoPkg/Readme.md, with some minor exceptions like only compiling TLS support in case NETWORK_TLS_ENABLE is TRUE. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> --- .../Dsc/OvmfCryptoComponentsDxe.dsc.inc | 23 ++++++ .../Dsc/OvmfCryptoComponentsPei.dsc.inc | 19 +++++ .../Dsc/OvmfCryptoComponentsSmm.dsc.inc | 18 +++++ OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc | 7 ++ OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc | 72 +++++++++++++++++++ OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc | 12 ++++ OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc | 7 ++ 7 files changed, 158 insertions(+) create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc create mode 100644 OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc create mode 100644 OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc diff --git a/OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc new file mode 100644 index XXXXXXX..XXXXXXX --- /dev/null +++ b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc @@ -XXX,XX +XXX,XX @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +# mostly following CryptoPkg/Readme.md recommendations +## + +!if $(DXE_USE_CRYPTO_DRIVER) == TRUE + + CryptoPkg/Driver/CryptoDxe.inf { + <LibraryClasses> + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +!if $(NETWORK_TLS_ENABLE) == TRUE + TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf +!else + TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +!endif + <PcdsFixedAtBuild> +!include CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc + } + +!endif diff --git a/OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc new file mode 100644 index XXXXXXX..XXXXXXX --- /dev/null +++ b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc @@ -XXX,XX +XXX,XX @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +# mostly following CryptoPkg/Readme.md recommendations +## + +!if $(PEI_USE_CRYPTO_DRIVER) == TRUE + + CryptoPkg/Driver/CryptoPei.inf { + <LibraryClasses> + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf + TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf + <PcdsFixedAtBuild> +#!include CryptoPkg/Include/Dsc/CryptoServicePcd.min_pei.dsc.inc +!include CryptoPkg/Include/Dsc/CryptoServicePcd.hash_only.dsc.inc + } + +!endif diff --git a/OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc new file mode 100644 index XXXXXXX..XXXXXXX --- /dev/null +++ b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc @@ -XXX,XX +XXX,XX @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +# mostly following CryptoPkg/Readme.md recommendations +## + +!if $(SMM_USE_CRYPTO_DRIVER) == TRUE && $(SMM_REQUIRE) == TRUE + + CryptoPkg/Driver/CryptoSmm.inf { + <LibraryClasses> + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf + TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf + <PcdsFixedAtBuild> +!include CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc + } + +!endif diff --git a/OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc b/OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc new file mode 100644 index XXXXXXX..XXXXXXX --- /dev/null +++ b/OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc @@ -XXX,XX +XXX,XX @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + + DEFINE PEI_USE_CRYPTO_DRIVER = FALSE + DEFINE SMM_USE_CRYPTO_DRIVER = TRUE + DEFINE DXE_USE_CRYPTO_DRIVER = TRUE diff --git a/OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc b/OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc new file mode 100644 index XXXXXXX..XXXXXXX --- /dev/null +++ b/OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc @@ -XXX,XX +XXX,XX @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +# mostly following CryptoPkg/Readme.md recommendations +## + +[LibraryClasses] + HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf + +[LibraryClasses.common.SEC] + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf + TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf + +[LibraryClasses.common.DXE_RUNTIME_DRIVER] + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf + TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf + + +!if $(PEI_USE_CRYPTO_DRIVER) == TRUE + +[LibraryClasses.common.PEIM] + BaseCryptLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/PeiCryptLib.inf + TlsLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/PeiCryptLib.inf + +!else + +[LibraryClasses.common.PEIM] + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf + TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf + +!endif + + +!if $(SMM_USE_CRYPTO_DRIVER) == TRUE + +[LibraryClasses.common.DXE_SMM_DRIVER] + BaseCryptLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptLib.inf + TlsLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptLib.inf + +!else + +[LibraryClasses.common.DXE_SMM_DRIVER] + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf + TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf + +!endif + + +!if $(DXE_USE_CRYPTO_DRIVER) == TRUE + +[LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.UEFI_DRIVER, LibraryClasses.common.UEFI_APPLICATION] + BaseCryptLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptLib.inf + TlsLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptLib.inf + +!else + +[LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.UEFI_DRIVER, LibraryClasses.common.UEFI_APPLICATION] + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +!if $(NETWORK_TLS_ENABLE) == TRUE + TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf +!else + TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +!endif + +!endif diff --git a/OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc b/OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc new file mode 100644 index XXXXXXX..XXXXXXX --- /dev/null +++ b/OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc @@ -XXX,XX +XXX,XX @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(DXE_USE_CRYPTO_DRIVER) == TRUE +INF CryptoPkg/Driver/CryptoDxe.inf +!endif + +!if $(SMM_USE_CRYPTO_DRIVER) == TRUE && $(SMM_REQUIRE) == TRUE +INF CryptoPkg/Driver/CryptoSmm.inf +!endif + diff --git a/OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc b/OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc new file mode 100644 index XXXXXXX..XXXXXXX --- /dev/null +++ b/OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc @@ -XXX,XX +XXX,XX @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(PEI_USE_CRYPTO_DRIVER) == TRUE +INF CryptoPkg/Driver/CryptoPei.inf +!endif -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#100936): https://edk2.groups.io/g/devel/message/100936 Mute This Topic: https://groups.io/mt/97493574/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
Use the new crypto support include files. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> --- OvmfPkg/OvmfPkgX64.dsc | 22 +++++++++------------- OvmfPkg/OvmfPkgX64.fdf | 6 ++++++ 2 files changed, 15 insertions(+), 13 deletions(-) diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index XXXXXXX..XXXXXXX 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -XXX,XX +XXX,XX @@ [Defines] DEFINE CC_MEASUREMENT_ENABLE = FALSE !include OvmfPkg/Include/Dsc/OvmfTpmDefines.dsc.inc +!include OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc # # Shell can be useful for debugging but should not be enabled for production @@ -XXX,XX +XXX,XX @@ [LibraryClasses] LocalApicLib|UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf - IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf -!if $(NETWORK_TLS_ENABLE) == TRUE - OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf -!else - OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf -!endif RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf !if $(SECURE_BOOT_ENABLE) == TRUE @@ -XXX,XX +XXX,XX @@ [LibraryClasses] # !include NetworkPkg/NetworkLibs.dsc.inc -!if $(NETWORK_TLS_ENABLE) == TRUE - TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf -!endif - !if $(BUILD_SHELL) == TRUE ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf !endif @@ -XXX,XX +XXX,XX @@ [LibraryClasses] OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf !include OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc +!include OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc [LibraryClasses.common] - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf CcExitLib|OvmfPkg/Library/CcExitLib/CcExitLib.inf TdxLib|MdePkg/Library/TdxLib/TdxLib.inf TdxMailboxLib|OvmfPkg/Library/TdxMailboxLib/TdxMailboxLib.inf @@ -XXX,XX +XXX,XX @@ [LibraryClasses.common.DXE_RUNTIME_DRIVER] DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf !endif UefiRuntimeLib|MdePkg/Library/UefiRuntimeLib/UefiRuntimeLib.inf - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf @@ -XXX,XX +XXX,XX @@ [LibraryClasses.common.DXE_SMM_DRIVER] !if $(SOURCE_DEBUG_ENABLE) == TRUE DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/SmmDebugAgentLib.inf !endif - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf SmmCpuRendezvousLib|UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf @@ -XXX,XX +XXX,XX @@ [Components] OvmfPkg/VirtioNetDxe/VirtioNet.inf + # + # Crypto Support + # +!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc +!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc +!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc + # # Usb Support # diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index XXXXXXX..XXXXXXX 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -XXX,XX +XXX,XX @@ [FV.PEIFV] INF FILE_GUID = $(UP_CPU_PEI_GUID) UefiCpuPkg/CpuMpPei/CpuMpPei.inf !include OvmfPkg/OvmfTpmPei.fdf.inc +!include OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc ################################################################################ @@ -XXX,XX +XXX,XX @@ [FV.DXEFV] # !include OvmfPkg/OvmfTpmDxe.fdf.inc +# +# Crypto support +# +!include OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc + ################################################################################ [FV.FVMAIN_COMPACT] -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#100938): https://edk2.groups.io/g/devel/message/100938 Mute This Topic: https://groups.io/mt/97493576/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
Use the new crypto support include files. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> --- OvmfPkg/OvmfPkgIa32X64.dsc | 22 +++++++++------------- OvmfPkg/OvmfPkgIa32X64.fdf | 6 ++++++ 2 files changed, 15 insertions(+), 13 deletions(-) diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index XXXXXXX..XXXXXXX 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -XXX,XX +XXX,XX @@ [Defines] DEFINE SOURCE_DEBUG_ENABLE = FALSE !include OvmfPkg/Include/Dsc/OvmfTpmDefines.dsc.inc +!include OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc # # Shell can be useful for debugging but should not be enabled for production @@ -XXX,XX +XXX,XX @@ [LibraryClasses] LocalApicLib|UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf - IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf -!if $(NETWORK_TLS_ENABLE) == TRUE - OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf -!else - OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf -!endif RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf !if $(SECURE_BOOT_ENABLE) == TRUE @@ -XXX,XX +XXX,XX @@ [LibraryClasses] # !include NetworkPkg/NetworkLibs.dsc.inc -!if $(NETWORK_TLS_ENABLE) == TRUE - TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf -!endif - !if $(BUILD_SHELL) == TRUE ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf !endif @@ -XXX,XX +XXX,XX @@ [LibraryClasses] OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf !include OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc +!include OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc [LibraryClasses.common] - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf CcExitLib|UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf TdxLib|MdePkg/Library/TdxLib/TdxLib.inf TdxMailboxLib|OvmfPkg/Library/TdxMailboxLib/TdxMailboxLibNull.inf @@ -XXX,XX +XXX,XX @@ [LibraryClasses.common.DXE_RUNTIME_DRIVER] DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf !endif UefiRuntimeLib|MdePkg/Library/UefiRuntimeLib/UefiRuntimeLib.inf - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf @@ -XXX,XX +XXX,XX @@ [LibraryClasses.common.DXE_SMM_DRIVER] !if $(SOURCE_DEBUG_ENABLE) == TRUE DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/SmmDebugAgentLib.inf !endif - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf SmmCpuRendezvousLib|UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf @@ -XXX,XX +XXX,XX @@ [Components.IA32] UefiCpuPkg/CpuMpPei/CpuMpPei.inf !include OvmfPkg/Include/Dsc/OvmfTpmComponentsPei.dsc.inc +!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc [Components.X64] # @@ -XXX,XX +XXX,XX @@ [Components.X64] OvmfPkg/VirtioNetDxe/VirtioNet.inf + # + # Crypto Support + # +!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc +!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc + # # Usb Support # diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf index XXXXXXX..XXXXXXX 100644 --- a/OvmfPkg/OvmfPkgIa32X64.fdf +++ b/OvmfPkg/OvmfPkgIa32X64.fdf @@ -XXX,XX +XXX,XX @@ [FV.PEIFV] INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf !include OvmfPkg/OvmfTpmPei.fdf.inc +!include OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc ################################################################################ @@ -XXX,XX +XXX,XX @@ [FV.DXEFV] # !include OvmfPkg/OvmfTpmDxe.fdf.inc +# +# Crypto support +# +!include OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc + ################################################################################ [FV.FVMAIN_COMPACT] -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#100937): https://edk2.groups.io/g/devel/message/100937 Mute This Topic: https://groups.io/mt/97493575/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
Use the new crypto support include files. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> --- OvmfPkg/OvmfPkgIa32.dsc | 22 +++++++++------------- OvmfPkg/OvmfPkgIa32.fdf | 6 ++++++ 2 files changed, 15 insertions(+), 13 deletions(-) diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index XXXXXXX..XXXXXXX 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -XXX,XX +XXX,XX @@ [Defines] DEFINE LOAD_X64_ON_IA32_ENABLE = FALSE !include OvmfPkg/Include/Dsc/OvmfTpmDefines.dsc.inc +!include OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc # # Shell can be useful for debugging but should not be enabled for production @@ -XXX,XX +XXX,XX @@ [LibraryClasses] LocalApicLib|UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf - IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf -!if $(NETWORK_TLS_ENABLE) == TRUE - OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf -!else - OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf -!endif RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf !if $(SECURE_BOOT_ENABLE) == TRUE @@ -XXX,XX +XXX,XX @@ [LibraryClasses] # !include NetworkPkg/NetworkLibs.dsc.inc -!if $(NETWORK_TLS_ENABLE) == TRUE - TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf -!endif - !if $(BUILD_SHELL) == TRUE ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf !endif @@ -XXX,XX +XXX,XX @@ [LibraryClasses] OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf !include OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc +!include OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc [LibraryClasses.common] - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf CcExitLib|UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf TdxMailboxLib|OvmfPkg/Library/TdxMailboxLib/TdxMailboxLibNull.inf @@ -XXX,XX +XXX,XX @@ [LibraryClasses.common.DXE_RUNTIME_DRIVER] DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf !endif UefiRuntimeLib|MdePkg/Library/UefiRuntimeLib/UefiRuntimeLib.inf - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf @@ -XXX,XX +XXX,XX @@ [LibraryClasses.common.DXE_SMM_DRIVER] !if $(SOURCE_DEBUG_ENABLE) == TRUE DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/SmmDebugAgentLib.inf !endif - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf SmmCpuRendezvousLib|UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf @@ -XXX,XX +XXX,XX @@ [Components] OvmfPkg/VirtioNetDxe/VirtioNet.inf + # + # Crypto Support + # +!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc +!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc +!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc + # # Usb Support # diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf index XXXXXXX..XXXXXXX 100644 --- a/OvmfPkg/OvmfPkgIa32.fdf +++ b/OvmfPkg/OvmfPkgIa32.fdf @@ -XXX,XX +XXX,XX @@ [FV.PEIFV] INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf !include OvmfPkg/OvmfTpmPei.fdf.inc +!include OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc ################################################################################ @@ -XXX,XX +XXX,XX @@ [FV.DXEFV] # !include OvmfPkg/OvmfTpmDxe.fdf.inc +# +# Crypto support +# +!include OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc + !if $(LOAD_X64_ON_IA32_ENABLE) == TRUE INF OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf !endif -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#100942): https://edk2.groups.io/g/devel/message/100942 Mute This Topic: https://groups.io/mt/97493582/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
Use the new crypto support include files. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> --- OvmfPkg/Microvm/MicrovmX64.dsc | 24 +++++++++++------------- OvmfPkg/Microvm/MicrovmX64.fdf | 7 +++++++ 2 files changed, 18 insertions(+), 13 deletions(-) diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc index XXXXXXX..XXXXXXX 100644 --- a/OvmfPkg/Microvm/MicrovmX64.dsc +++ b/OvmfPkg/Microvm/MicrovmX64.dsc @@ -XXX,XX +XXX,XX @@ [Defines] DEFINE SMM_REQUIRE = FALSE DEFINE SOURCE_DEBUG_ENABLE = FALSE +!include OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc + # # Network definition # @@ -XXX,XX +XXX,XX @@ [LibraryClasses] LocalApicLib|UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf - IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf -!if $(NETWORK_TLS_ENABLE) == TRUE - OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf -!else - OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf -!endif RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf !if $(SECURE_BOOT_ENABLE) == TRUE @@ -XXX,XX +XXX,XX @@ [LibraryClasses] # !include NetworkPkg/NetworkLibs.dsc.inc -!if $(NETWORK_TLS_ENABLE) == TRUE - TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf -!endif - ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf @@ -XXX,XX +XXX,XX @@ [LibraryClasses] Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf +!include OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc + [LibraryClasses.common] - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf CcExitLib|OvmfPkg/Library/CcExitLib/CcExitLib.inf SerialPortLib|MdeModulePkg/Library/BaseSerialPortLib16550/BaseSerialPortLib16550.inf PlatformHookLib|MdeModulePkg/Library/BasePlatformHookLibNull/BasePlatformHookLibNull.inf @@ -XXX,XX +XXX,XX @@ [LibraryClasses.common.DXE_RUNTIME_DRIVER] DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf !endif UefiRuntimeLib|MdePkg/Library/UefiRuntimeLib/UefiRuntimeLib.inf - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf # PciLib|MdePkg/Library/BasePciLibPciExpress/BasePciLibPciExpress.inf # PciPcdProducerLib|OvmfPkg/Fdt/FdtPciPcdProducerLib/FdtPciPcdProducerLib.inf # PciExpressLib|OvmfPkg/Library/BaseCachingPciExpressLib/BaseCachingPciExpressLib.inf @@ -XXX,XX +XXX,XX @@ [LibraryClasses.common.DXE_SMM_DRIVER] !if $(SOURCE_DEBUG_ENABLE) == TRUE DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/SmmDebugAgentLib.inf !endif - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf PciLib|MdePkg/Library/BasePciLibPciExpress/BasePciLibPciExpress.inf PciPcdProducerLib|OvmfPkg/Fdt/FdtPciPcdProducerLib/FdtPciPcdProducerLib.inf PciExpressLib|OvmfPkg/Library/BaseCachingPciExpressLib/BaseCachingPciExpressLib.inf @@ -XXX,XX +XXX,XX @@ [Components] OvmfPkg/VirtioNetDxe/VirtioNet.inf + # + # Crypto Support + # +!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc +!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc +!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc + # # Usb Support # diff --git a/OvmfPkg/Microvm/MicrovmX64.fdf b/OvmfPkg/Microvm/MicrovmX64.fdf index XXXXXXX..XXXXXXX 100644 --- a/OvmfPkg/Microvm/MicrovmX64.fdf +++ b/OvmfPkg/Microvm/MicrovmX64.fdf @@ -XXX,XX +XXX,XX @@ [FV.PEIFV] INF UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf +!include OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc + ################################################################################ [FV.DXEFV] @@ -XXX,XX +XXX,XX @@ [FV.DXEFV] INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf +# +# Crypto support +# +!include OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc + ################################################################################ [FV.FVMAIN_COMPACT] -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#100939): https://edk2.groups.io/g/devel/message/100939 Mute This Topic: https://groups.io/mt/97493577/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
Use the new crypto support include files. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> --- OvmfPkg/IntelTdx/IntelTdxX64.dsc | 15 +++++++++------ OvmfPkg/IntelTdx/IntelTdxX64.fdf | 5 +++++ 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc index XXXXXXX..XXXXXXX 100644 --- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc +++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc @@ -XXX,XX +XXX,XX @@ [Defines] # DEFINE BUILD_SHELL = TRUE +!include OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc + # # Device drivers # @@ -XXX,XX +XXX,XX @@ [LibraryClasses] LocalApicLib|UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf - IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf - OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf !if $(SECURE_BOOT_ENABLE) == TRUE @@ -XXX,XX +XXX,XX @@ [LibraryClasses] Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf +!include OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc + [LibraryClasses.common] - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf CcExitLib|OvmfPkg/Library/CcExitLib/CcExitLib.inf TdxLib|MdePkg/Library/TdxLib/TdxLib.inf TdxMailboxLib|OvmfPkg/Library/TdxMailboxLib/TdxMailboxLib.inf @@ -XXX,XX +XXX,XX @@ [LibraryClasses.common.DXE_RUNTIME_DRIVER] DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf !endif UefiRuntimeLib|MdePkg/Library/UefiRuntimeLib/UefiRuntimeLib.inf - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf @@ -XXX,XX +XXX,XX @@ [LibraryClasses.common.DXE_SMM_DRIVER] DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf !endif CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SmmCpuExceptionHandlerLib.inf - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf [LibraryClasses.common.SMM_CORE] @@ -XXX,XX +XXX,XX @@ [Components] <LibraryClasses> NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompressLib.inf NULL|OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelperLib.inf - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf } # @@ -XXX,XX +XXX,XX @@ [Components] MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf + # + # Crypto Support + # +!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc + # # Usb Support # diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.fdf b/OvmfPkg/IntelTdx/IntelTdxX64.fdf index XXXXXXX..XXXXXXX 100644 --- a/OvmfPkg/IntelTdx/IntelTdxX64.fdf +++ b/OvmfPkg/IntelTdx/IntelTdxX64.fdf @@ -XXX,XX +XXX,XX @@ [FV.DXEFV] # INF SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf +# +# Crypto support +# +!include OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc + ################################################################################ [FV.NCCFV] -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#100941): https://edk2.groups.io/g/devel/message/100941 Mute This Topic: https://groups.io/mt/97493581/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
Use the new crypto support include files. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> --- OvmfPkg/AmdSev/AmdSevX64.dsc | 12 ++++++++---- OvmfPkg/AmdSev/AmdSevX64.fdf | 6 ++++++ 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc index XXXXXXX..XXXXXXX 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc @@ -XXX,XX +XXX,XX @@ [Defines] DEFINE SOURCE_DEBUG_ENABLE = FALSE !include OvmfPkg/Include/Dsc/OvmfTpmDefines.dsc.inc +!include OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc # # Shell can be useful for debugging but should not be enabled for production @@ -XXX,XX +XXX,XX @@ [LibraryClasses] LocalApicLib|UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf - IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf - OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf @@ -XXX,XX +XXX,XX @@ [LibraryClasses] OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf !include OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc +!include OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc [LibraryClasses.common] - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf CcExitLib|OvmfPkg/Library/CcExitLib/CcExitLib.inf TdxLib|MdePkg/Library/TdxLib/TdxLib.inf TdxMailboxLib|OvmfPkg/Library/TdxMailboxLib/TdxMailboxLibNull.inf @@ -XXX,XX +XXX,XX @@ [LibraryClasses.common.DXE_RUNTIME_DRIVER] DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf !endif UefiRuntimeLib|MdePkg/Library/UefiRuntimeLib/UefiRuntimeLib.inf - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf @@ -XXX,XX +XXX,XX @@ [Components] OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf + # + # Crypto Support + # +!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc +!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc + # # Usb Support # diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf index XXXXXXX..XXXXXXX 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.fdf +++ b/OvmfPkg/AmdSev/AmdSevX64.fdf @@ -XXX,XX +XXX,XX @@ [FV.PEIFV] INF OvmfPkg/AmdSev/SecretPei/SecretPei.inf !include OvmfPkg/OvmfTpmPei.fdf.inc +!include OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc ################################################################################ @@ -XXX,XX +XXX,XX @@ [FV.DXEFV] # !include OvmfPkg/OvmfTpmDxe.fdf.inc +# +# Crypto support +# +!include OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc + ################################################################################ [FV.FVMAIN_COMPACT] -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#100940): https://edk2.groups.io/g/devel/message/100940 Mute This Topic: https://groups.io/mt/97493578/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-