From nobody Sat Feb 15 15:51:46 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+100936+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+100936+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1678360196; cv=none; d=zohomail.com; s=zohoarc; b=YPB8ySCOdWb/X4EXXJFS9lJyPZPHVoP2L4VshjiZ7yeDoVTxFD8fkzpdFvsrC/gTuawSlJDJwfGNtgvRK7212M/WYpC+S8fbqrqEUsERFDTH5sERL/dtQDl09abm1odP/XAMBZvTukhHbauv356mhbHKmNzOF2JMTbXa6cEiJgo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1678360196; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=KOE9FugHEWUUPqooMsqWZsI4Sd/yzrVnAn1wxlPAkSs=; b=FtEdPI8S+QD0XFz4NTGRmThJvtokQ7V/KOVgzoe2/bh7FylX/ZYYj7sle6U7vI1WbuMFFMGSObK73NoOvJy+q5ygfz6gEfFnBzTUYPahSdmEI7WFa0RBgeOd/6NuBzhyr51mYzmmVFvCUe4nZ7Uva0JYMtDFt43Yitq71h7AFTQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+100936+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 16783601962021013.6813932102433; Thu, 9 Mar 2023 03:09:56 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id Aw9jYY1788612x2TOuTKbCbw; Thu, 09 Mar 2023 03:09:55 -0800 X-Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.groups.io with SMTP id smtpd.web11.10590.1678360195175887226 for ; Thu, 09 Mar 2023 03:09:55 -0800 X-Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-195-cTUn1Z9wO1ed5ZEBXjBXwg-1; Thu, 09 Mar 2023 06:09:50 -0500 X-MC-Unique: cTUn1Z9wO1ed5ZEBXjBXwg-1 X-Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com [10.11.54.9]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id AE45785A588; Thu, 9 Mar 2023 11:09:49 +0000 (UTC) X-Received: from sirius.home.kraxel.org (unknown [10.39.192.39]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 560FE492B04; Thu, 9 Mar 2023 11:09:49 +0000 (UTC) X-Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 3DD8F18003BF; Thu, 9 Mar 2023 12:09:34 +0100 (CET) From: "Gerd Hoffmann" To: devel@edk2.groups.io Cc: Pawel Polawski , Guomin Jiang , Jordan Justen , Jian J Wang , James Bottomley , Gerd Hoffmann , Oliver Steffen , Erdem Aktas , Min Xu , Xiaoyu Lu , Jiewen Yao , Ard Biesheuvel , Michael Roth , Tom Lendacky Subject: [edk2-devel] [PATCH v3 05/11] OvmfPkg: add OvmfCrypto*.inc Date: Thu, 9 Mar 2023 12:09:28 +0100 Message-Id: <20230309110934.853991-6-kraxel@redhat.com> In-Reply-To: <20230309110934.853991-1-kraxel@redhat.com> References: <20230309110934.853991-1-kraxel@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.9 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,kraxel@redhat.com X-Gm-Message-State: v12Hwxw0vakSd8WsHJ5UFGYWx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1678360195; bh=Qaz5T7n9oy8xHDYsmqNjAumMbW7Q/bD2jdJOLUMuAbU=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=sese4Ui9r+WyWdAAevEfH3VnzVSK/2z6TGd4i5Wg+J3WasKXKU7KCkLXZ1Lzp/ELtMD 8A7caDTbNNlIVxE1c1UM7C3yPNOu1BeIBlKMJhtRRDwEJhRpqj9g/rCx9fa7tShJibdZ8 3UyTeKQR/BWVDV0NiMYSlY2SNUHfClN/l4s= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1678360197278100014 Content-Type: text/plain; charset="utf-8"; x-default="true" Create include files for crypto support, so the configuration can be shared for all OVMF build variants. Also add support for using the Crypto Driver. The Crypto Driver is by default for enabled SMM + DXE and disabled for PEI. This can be changed using the {PEI,SMM,DXE}_USE_CRYPTO_DRIVER options. The config option is intended to be temporary and will probably stay for one or two releases as fallback, then be removed. The configuration follows mostly the recommendations given in CryptoPkg/Readme.md, with some minor exceptions like only compiling TLS support in case NETWORK_TLS_ENABLE is TRUE. Signed-off-by: Gerd Hoffmann --- .../Dsc/OvmfCryptoComponentsDxe.dsc.inc | 23 ++++++ .../Dsc/OvmfCryptoComponentsPei.dsc.inc | 19 +++++ .../Dsc/OvmfCryptoComponentsSmm.dsc.inc | 18 +++++ OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc | 7 ++ OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc | 72 +++++++++++++++++++ OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc | 12 ++++ OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc | 7 ++ 7 files changed, 158 insertions(+) create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc create mode 100644 OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc create mode 100644 OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc diff --git a/OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc b/OvmfPkg/= Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc new file mode 100644 index 000000000000..72728aea68f5 --- /dev/null +++ b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc @@ -0,0 +1,23 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +# mostly following CryptoPkg/Readme.md recommendations +## + +!if $(DXE_USE_CRYPTO_DRIVER) =3D=3D TRUE + + CryptoPkg/Driver/CryptoDxe.inf { + + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +!if $(NETWORK_TLS_ENABLE) =3D=3D TRUE + TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf +!else + TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +!endif + +!include CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc + } + +!endif diff --git a/OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc b/OvmfPkg/= Include/Dsc/OvmfCryptoComponentsPei.dsc.inc new file mode 100644 index 000000000000..0457235f8eb0 --- /dev/null +++ b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc @@ -0,0 +1,19 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +# mostly following CryptoPkg/Readme.md recommendations +## + +!if $(PEI_USE_CRYPTO_DRIVER) =3D=3D TRUE + + CryptoPkg/Driver/CryptoPei.inf { + + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf + TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf + +#!include CryptoPkg/Include/Dsc/CryptoServicePcd.min_pei.dsc.inc +!include CryptoPkg/Include/Dsc/CryptoServicePcd.hash_only.dsc.inc + } + +!endif diff --git a/OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc b/OvmfPkg/= Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc new file mode 100644 index 000000000000..be1647397a60 --- /dev/null +++ b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc @@ -0,0 +1,18 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +# mostly following CryptoPkg/Readme.md recommendations +## + +!if $(SMM_USE_CRYPTO_DRIVER) =3D=3D TRUE && $(SMM_REQUIRE) =3D=3D TRUE + + CryptoPkg/Driver/CryptoSmm.inf { + + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf + TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf + +!include CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc + } + +!endif diff --git a/OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc b/OvmfPkg/Includ= e/Dsc/OvmfCryptoDefines.dsc.inc new file mode 100644 index 000000000000..f005f593b4eb --- /dev/null +++ b/OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc @@ -0,0 +1,7 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + + DEFINE PEI_USE_CRYPTO_DRIVER =3D FALSE + DEFINE SMM_USE_CRYPTO_DRIVER =3D TRUE + DEFINE DXE_USE_CRYPTO_DRIVER =3D TRUE diff --git a/OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc b/OvmfPkg/Include/D= sc/OvmfCryptoLibs.dsc.inc new file mode 100644 index 000000000000..f9fdf36c1dab --- /dev/null +++ b/OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc @@ -0,0 +1,72 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +# mostly following CryptoPkg/Readme.md recommendations +## + +[LibraryClasses] + HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf + +[LibraryClasses.common.SEC] + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf + TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf + +[LibraryClasses.common.DXE_RUNTIME_DRIVER] + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf + TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf + + +!if $(PEI_USE_CRYPTO_DRIVER) =3D=3D TRUE + +[LibraryClasses.common.PEIM] + BaseCryptLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/PeiCryptLib.inf + TlsLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/PeiCryptLib.inf + +!else + +[LibraryClasses.common.PEIM] + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf + TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf + +!endif + + +!if $(SMM_USE_CRYPTO_DRIVER) =3D=3D TRUE + +[LibraryClasses.common.DXE_SMM_DRIVER] + BaseCryptLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptLib.inf + TlsLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptLib.inf + +!else + +[LibraryClasses.common.DXE_SMM_DRIVER] + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf + TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf + +!endif + + +!if $(DXE_USE_CRYPTO_DRIVER) =3D=3D TRUE + +[LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.UEFI_DRIVER, Libr= aryClasses.common.UEFI_APPLICATION] + BaseCryptLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptLib.inf + TlsLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptLib.inf + +!else + +[LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.UEFI_DRIVER, Libr= aryClasses.common.UEFI_APPLICATION] + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +!if $(NETWORK_TLS_ENABLE) =3D=3D TRUE + TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf +!else + TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +!endif + +!endif diff --git a/OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc b/OvmfPkg/Include= /Fdf/OvmfCryptoDxeSmm.fdf.inc new file mode 100644 index 000000000000..6fc12ed8656f --- /dev/null +++ b/OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc @@ -0,0 +1,12 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(DXE_USE_CRYPTO_DRIVER) =3D=3D TRUE +INF CryptoPkg/Driver/CryptoDxe.inf +!endif + +!if $(SMM_USE_CRYPTO_DRIVER) =3D=3D TRUE && $(SMM_REQUIRE) =3D=3D TRUE +INF CryptoPkg/Driver/CryptoSmm.inf +!endif + diff --git a/OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc b/OvmfPkg/Include/Fd= f/OvmfCryptoPei.fdf.inc new file mode 100644 index 000000000000..8b42c2da7b2a --- /dev/null +++ b/OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc @@ -0,0 +1,7 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(PEI_USE_CRYPTO_DRIVER) =3D=3D TRUE +INF CryptoPkg/Driver/CryptoPei.inf +!endif --=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#100936): https://edk2.groups.io/g/devel/message/100936 Mute This Topic: https://groups.io/mt/97493574/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-