From nobody Sat Apr 20 09:44:34 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+65335+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+65335+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=intel.com Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1600271592769522.0661820974816; Wed, 16 Sep 2020 08:53:12 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id KjgWYY1788612xdKZhIQohTA; Wed, 16 Sep 2020 08:53:12 -0700 X-Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by mx.groups.io with SMTP id smtpd.web12.1179.1600271591566395506 for ; Wed, 16 Sep 2020 08:53:11 -0700 IronPort-SDR: B6Hv19GGtCX1danZJWyVGGRfSZ2uqJufyDhJ8pyAdmHsmbuD7PO7MjX92BE9idF0/vUhHwN1pY ez6Qs/lP35oQ== X-IronPort-AV: E=McAfee;i="6000,8403,9746"; a="147185699" X-IronPort-AV: E=Sophos;i="5.76,433,1592895600"; d="scan'208,217";a="147185699" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Sep 2020 08:53:10 -0700 IronPort-SDR: Dmb21KAgvran18lVkHPlCGcgLtH5dmoWLSA8Ls97nFUHGWEnTmVBk4/fYulcy2yZc4dRAEbLfD LyhpBnsXegkw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.76,433,1592895600"; d="scan'208,217";a="288398979" X-Received: from fmsmsx603.amr.corp.intel.com ([10.18.126.83]) by fmsmga008.fm.intel.com with ESMTP; 16 Sep 2020 08:53:10 -0700 X-Received: from fmsmsx610.amr.corp.intel.com (10.18.126.90) by fmsmsx603.amr.corp.intel.com (10.18.126.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Wed, 16 Sep 2020 08:53:10 -0700 X-Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by fmsmsx610.amr.corp.intel.com (10.18.126.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5 via Frontend Transport; Wed, 16 Sep 2020 08:53:10 -0700 X-Received: from NAM12-BN8-obe.outbound.protection.outlook.com (104.47.55.175) by edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.1713.5; Wed, 16 Sep 2020 08:53:05 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Zvo2ri1BCSKuN7puwebRW6eVJNJ83VonH5ycSjsZpdo9z5Zz42MTGpDR7VFf0OHatXpD51o+WAHfOKadixn9BAATs02rZL8kRcRLA7tvZb+uQ8pgaV2ICQhw7FtrOoxagK+raMuuPMTtOkpMVg7D7uA7QzfKXw+WTEqe1oBngryhiMRysVcVkC7duwnN4RW+Pw44QUZLogk07bD0M9BkxtmL3uCPs0cpQAuMldZmD1mdjLDUtpLKLk+GUxpTltPGdCK8MBzo1rPtDALbZTRIGOqnczRjnG71U4Q9QYOZiCRIkbeB3G5YWDPPO/yRVPQeENfE2oVxU8sevqGutqzwnA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=86xZ3T5Hw7ppSzHEdtL0gSRr5ipPgCsEUbV6zDOGj3s=; b=fo5TTInjWSh9v5KXZZsZ1D7Vcq0MtLEaYe1/1JKYLvmK/yig7LxX6Hp/Da8xTg8/91MUEn/Yg8khrB+B612lKDfCVM51MUfichXY7trkdPhx8JJWj+EMjjIHGYoPbt2IKCyXZ4rwweyYxnnr5rMUdw88fQoWwP+LsdbkV92DpKtVQW32vj93bNlRtg8KYoN2MrafvR3q3XilfJufp83m/OO9e7kEAA4yJmY1eQqGecRhxbGD9x7LtKcy++HLpUTYNNm3NOqkmg/9KqYB+YEHvck2ByWgnlk4l2MRE7D1NBc+lI7Z9+3OEgaPiwCZMt3cbJoFsn/nJgpd4qDAa1VcNw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none X-Received: from DM6PR11MB4315.namprd11.prod.outlook.com (2603:10b6:5:201::28) by DM5PR11MB1644.namprd11.prod.outlook.com (2603:10b6:4:c::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3391.13; Wed, 16 Sep 2020 15:53:04 +0000 X-Received: from DM6PR11MB4315.namprd11.prod.outlook.com ([fe80::4c5c:c6d0:dfd3:1e45]) by DM6PR11MB4315.namprd11.prod.outlook.com ([fe80::4c5c:c6d0:dfd3:1e45%4]) with mapi id 15.20.3370.019; Wed, 16 Sep 2020 15:53:04 +0000 From: "Wadhawan, Divneil R" To: "devel@edk2.groups.io" CC: "Ni, Ray" , gaoliming , 'Andrew Fish' , "Justen, Jordan L" , "Kinney, Michael D" , "Wadhawan, Divneil R" Subject: [edk2-devel] [PATCH v2] EmulatorPkg: Enable support for Secure Boot Thread-Topic: [edk2-devel] [PATCH v2] EmulatorPkg: Enable support for Secure Boot Thread-Index: AdaMQS9sqEhJ/RVOQYWR22UtRyYHlA== Date: Wed, 16 Sep 2020 15:53:03 +0000 Message-ID: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-reaction: no-action dlp-version: 11.5.1.3 x-originating-ip: [106.200.250.114] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: eae716cb-8aff-46e6-2e03-08d85a5898cf x-ms-traffictypediagnostic: DM5PR11MB1644: x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:6430; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: sMKK+I7wRoJMxqadgUcOfoVRrS6KsxYvgRzYbrh7tOUxffXc/ZJJ5vHGX8fARgvk6zjbCIOQVYVfO6uozCmoKx4OvmUjKPFNt8kJondhEV0PlKmILaoGn5q+DZXz6QjtO/ocQDuyXPOWIAkxLwDLM72mRdL770uedmC0sLTKfZwAX8VK9CWRVH06Z41Ttux9KVZnhAcI7IF3TmAU8R3HxJA9QYIeHRi6g/iIiOv5WZr2byfKyGCTXjRIlQhceolJnSH90kwd2sc4QMilqLLh4sbIUBBUzriWKsJ4NnwispmYGiKFW9CZrnBPgV79RNZJl+1tojHVeSVDFHX5Pt4gKw== x-ms-exchange-antispam-messagedata: d1bPlIGJZrfVeW6izyBo27xKOUvbFPkpDdxVlajeAOpv39XCrE1x3NBU7TM72xK9jnaAEj5XsqP3sgYRhfj0FSA1Dpq6TmNpLJMVEf3FqubtQdXZaOpvt3hp7Wy2Y/oBbvdK5bb+Zv5DRT/L47UmcUxrKb86bGDE6DREHl7dL9LTpiqu07bnt8XGA3HqTaSfLNTpjehhUWxLp9KSQlZnguUnOBtw1GDMdlIvqtc4Fi7HB02Eld80SbnuzhH1vdTwvq8U6dHh4FqfPHx7uVjjh2LOcadB/gNBTbyhdmmjphW1ZgQhq/jVB60c2F48q6Mizk+z0RkfEyRfJWwuBpOry+b+uxY4nqdXgHKHfsKz22t1WB94BJDvizTaIWic4lAiNj9xGyep/4pcX65TlBn7z2sTlCXqDrbgKY+90q2ZanawMOc+PWWfLoOBsqc+I/ykVNE1p7D8bqAVNPM8M2YX44ChuvJeVlKFzhZ2ygmBlPQ0Kd4pEcW4A1l+vFY2WCedLBcgdPjJck3tQVUvSu/QYqxvIjoqKy7Y+8muo4avFwv4ya1GJ/rFx7TPjsGn7Kiw1zFQuP692xfAZd7c9qg9D6pGSl1wvzlt2RLteDez7ohKKPq8nqs9qWNc1Vb7vokspVJ90L6CFlTONuwmBMWTJQ== MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: DM6PR11MB4315.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: eae716cb-8aff-46e6-2e03-08d85a5898cf X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Sep 2020 15:53:03.8832 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: bB6xJH5LLssk7qqHXbj/dZ6hzKgIpbmKQjz8DSfxZkpO08f1Ke6oxxPwLDIjIG8wn/LQtv6BgcH8SAHtjPMhN+ksj9AFW3/6xCd/DVXKr3A= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR11MB1644 X-OriginatorOrg: intel.com Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,divneil.r.wadhawan@intel.com X-Gm-Message-State: qaxuF1uPZ07qoiNUbLiKwkXSx1787277AA= Content-Language: en-US Content-Type: multipart/alternative; boundary="_000_DM6PR11MB4315A9FB72F2181A336DCED9CB210DM6PR11MB4315namp_" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1600271592; bh=ss5AlQLJnFwL+8ZRXVFs8F/YDTII4CjAvtYlp5tecXA=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=izud7EZG6n5FvS+xRk/2iv86uZCkezrh+29iyBV722rmdU5GW/aUpIQgtnTSdZrO+CR jjEGvxp2T4VbwqTfTAxfF2Z9jrObn6eRX3Wr/69sTyzBZcTZBe5ptDuPa8Rnzih0U1xy3 9Xt7Wl/wqksdOr6e9UnM9b/f8GOeOIB6dmM= X-ZohoMail-DKIM: pass (identity @groups.io) --_000_DM6PR11MB4315A9FB72F2181A336DCED9CB210DM6PR11MB4315namp_ Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" SECURE_BOOT_ENABLE feature flag is introduced to enable Secure Boot. The following gets enabled with this patch: o Secure Boot Menu in "Device Manager" for enrolling keys o Storage space for Authenticated Variables o Authenticated execution of 3rd party images Signed-off-by: Divneil Rai Wadhawan Reviewed-by: Ray Ni > Reviewed-by: Ray Ni --- EmulatorPkg/EmulatorPkg.dsc | 37 +++++++++++++++++++++++++++++++++++-- EmulatorPkg/EmulatorPkg.fdf | 14 ++++++++++++++ 2 files changed, 49 insertions(+), 2 deletions(-) diff --git a/EmulatorPkg/EmulatorPkg.dsc b/EmulatorPkg/EmulatorPkg.dsc index 86a6271735..c6e25c745e 100644 --- a/EmulatorPkg/EmulatorPkg.dsc +++ b/EmulatorPkg/EmulatorPkg.dsc @@ -32,6 +32,7 @@ DEFINE NETWORK_TLS_ENABLE =3D FALSE DEFINE NETWORK_HTTP_BOOT_ENABLE =3D FALSE DEFINE NETWORK_ISCSI_ENABLE =3D FALSE + DEFINE SECURE_BOOT_ENABLE =3D FALSE [SkuIds] 0|DEFAULT @@ -106,12 +107,20 @@ LockBoxLib|MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf CpuExceptionHandlerLib|MdeModulePkg/Library/CpuExceptionHandlerLibNull/C= puExceptionHandlerLibNull.inf TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf - AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLib= Null.inf VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf SortLib|MdeModulePkg/Library/BaseSortLib/BaseSortLib.inf ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf +!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf + PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecu= reLibNull.inf + AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf +!else + AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLib= Null.inf +!endif + [LibraryClasses.common.SEC] PeiServicesLib|EmulatorPkg/Library/SecPeiServicesLib/SecPeiServicesLib.i= nf PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf @@ -162,6 +171,16 @@ TimerLib|EmulatorPkg/Library/DxeCoreTimerLib/DxeCoreTimerLib.inf EmuThunkLib|EmulatorPkg/Library/DxeEmuLib/DxeEmuLib.inf +[LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.UEFI_DRIVER, Libr= aryClasses.common.UEFI_APPLICATION] +!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +!endif + +[LibraryClasses.common.DXE_RUNTIME_DRIVER] +!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf +!endif + [LibraryClasses.common.DXE_RUNTIME_DRIVER, LibraryClasses.common.UEFI_DRIVE= R, LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.UEFI_APPLICATION] HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf @@ -190,6 +209,10 @@ gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareFdSize|0x002a0000 gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareBlockSize|0x10000 gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareVolume|L"../FV/FV_RECOVERY.fd" +!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800 + gEfiSecurityPkgTokenSpaceGuid.PcdUserPhysicalPresence|TRUE +!endif gEmulatorPkgTokenSpaceGuid.PcdEmuMemorySize|L"64!64" @@ -306,7 +329,14 @@ EmulatorPkg/ResetRuntimeDxe/Reset.inf MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf EmulatorPkg/FvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf - MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf + + MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf { + +!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE + NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificatio= nLib.inf +!endif + } + MdeModulePkg/Universal/EbcDxe/EbcDxe.inf MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf EmulatorPkg/EmuThunkDxe/EmuThunk.inf @@ -315,6 +345,9 @@ EmulatorPkg/PlatformSmbiosDxe/PlatformSmbiosDxe.inf EmulatorPkg/TimerDxe/Timer.inf +!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE + SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDx= e.inf +!endif MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf { diff --git a/EmulatorPkg/EmulatorPkg.fdf b/EmulatorPkg/EmulatorPkg.fdf index 295f6f1db8..b256aa9397 100644 --- a/EmulatorPkg/EmulatorPkg.fdf +++ b/EmulatorPkg/EmulatorPkg.fdf @@ -46,10 +46,17 @@ DATA =3D { # Blockmap[1]: End 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ## This is the VARIABLE_STORE_HEADER +!if $(SECURE_BOOT_ENABLE) =3D=3D FALSE #Signature: gEfiVariableGuid =3D # { 0xddcf3616, 0x3275, 0x4164, { 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0= xfe, 0x7d }} 0x16, 0x36, 0xcf, 0xdd, 0x75, 0x32, 0x64, 0x41, 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d, +!else + # Signature: gEfiAuthenticatedVariableGuid =3D + # { 0xaaf32c78, 0x947b, 0x439a, { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0= x77, 0x92 }} + 0x78, 0x2c, 0xf3, 0xaa, 0x7b, 0x94, 0x9a, 0x43, + 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92, +!endif #Size: 0xc000 (gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableS= ize) - 0x48 (size of EFI_FIRMWARE_VOLUME_HEADER) =3D 0xBFB8 # This can speed up the Variable Dispatch a bit. 0xB8, 0xBF, 0x00, 0x00, @@ -186,6 +193,13 @@ INF RuleOverride =3D UI MdeModulePkg/Application/UiAp= p/UiApp.inf INF MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenuApp.inf INF MdeModulePkg/Universal/DriverSampleDxe/DriverSampleDxe.inf +# +# Secure Boot Key Enroll +# +!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE +INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig= Dxe.inf +!endif + # # Network stack drivers # -- 2.24.1.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#65335): https://edk2.groups.io/g/devel/message/65335 Mute This Topic: https://groups.io/mt/76890431/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- --_000_DM6PR11MB4315A9FB72F2181A336DCED9CB210DM6PR11MB4315namp_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

SECURE_BOOT_ENABLE feature flag is introduced to en= able Secure Boot.

The following gets enabled with this patch:

o Secure Boot Menu in "Device Manager" fo= r enrolling keys

o Storage space for Authenticated Variables

o Authenticated execution of 3rd party images<= /o:p>

 

Signed-off-by: Divneil Rai Wadhawan <divneil.r.w= adhawan@intel.com>

---

EmulatorPkg/EmulatorPkg.dsc | 37 ++++++++++++++++++= +++++++++++++++++--

EmulatorPkg/EmulatorPkg.fdf | 14 ++++++++++++++

2 files changed, 49 insertions(+), 2 deletions(-)

 

diff --git a/EmulatorPkg/EmulatorPkg.dsc b/Emulator= Pkg/EmulatorPkg.dsc

index 86a6271735..c6e25c745e 100644

--- a/EmulatorPkg/EmulatorPkg.dsc

+++ b/EmulatorPkg/EmulatorPkg.dsc

@@ -32,6 +32,7 @@

   DEFINE NETWORK_TLS_ENABLE  &= nbsp;    =3D FALSE

   DEFINE NETWORK_HTTP_BOOT_ENABLE =3D FA= LSE

   DEFINE NETWORK_ISCSI_ENABLE  = ;   =3D FALSE

+  DEFINE SECURE_BOOT_ENABLE   =     =3D FALSE

 [SkuIds]

   0|DEFAULT

@@ -106,12 +107,20 @@

   LockBoxLib|MdeModulePkg/Library/LockBo= xNullLib/LockBoxNullLib.inf

   CpuExceptionHandlerLib|MdeModulePkg/Li= brary/CpuExceptionHandlerLibNull/CpuExceptionHandlerLibNull.inf<= /p>

   TpmMeasurementLib|MdeModulePkg/Library= /TpmMeasurementLibNull/TpmMeasurementLibNull.inf

-  AuthVariableLib|MdeModulePkg/Library/AuthVa= riableLibNull/AuthVariableLibNull.inf

   VarCheckLib|MdeModulePkg/Library/VarCh= eckLib/VarCheckLib.inf

   SortLib|MdeModulePkg/Library/BaseSortL= ib/BaseSortLib.inf

   ShellLib|ShellPkg/Library/UefiShellLib= /UefiShellLib.inf

   FileHandleLib|MdePkg/Library/UefiFileH= andleLib/UefiFileHandleLib.inf

+!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE

+  IntrinsicLib|CryptoPkg/Library/IntrinsicLib= /IntrinsicLib.inf

+  OpensslLib|CryptoPkg/Library/OpensslLib/Ope= nsslLibCrypto.inf

+  PlatformSecureLib|SecurityPkg/Library/Platf= ormSecureLibNull/PlatformSecureLibNull.inf

+  AuthVariableLib|SecurityPkg/Library/AuthVar= iableLib/AuthVariableLib.inf

+!else

+  AuthVariableLib|MdeModulePkg/Library/AuthVa= riableLibNull/AuthVariableLibNull.inf

+!endif

+

[LibraryClasses.common.SEC]

   PeiServicesLib|EmulatorPkg/Library/Sec= PeiServicesLib/SecPeiServicesLib.inf

   PcdLib|MdePkg/Library/BasePcdLibNull/B= asePcdLibNull.inf

@@ -162,6 +171,16 @@

   TimerLib|EmulatorPkg/Library/DxeCoreTi= merLib/DxeCoreTimerLib.inf

  EmuThunkLib|EmulatorPkg/Library/DxeEmuL= ib/DxeEmuLib.inf

+[LibraryClasses.common.DXE_DRIVER, LibraryClasses.= common.UEFI_DRIVER, LibraryClasses.common.UEFI_APPLICATION]

+!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE

+  BaseCryptLib|CryptoPkg/Library/BaseCryptLib= /BaseCryptLib.inf

+!endif

+

+[LibraryClasses.common.DXE_RUNTIME_DRIVER]

+!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE

+  BaseCryptLib|CryptoPkg/Library/BaseCryptLib= /RuntimeCryptLib.inf

+!endif

+

[LibraryClasses.common.DXE_RUNTIME_DRIVER, LibraryC= lasses.common.UEFI_DRIVER, LibraryClasses.common.DXE_DRIVER, LibraryClasses= .common.UEFI_APPLICATION]

   HobLib|MdePkg/Library/DxeHobLib/DxeHob= Lib.inf

   PcdLib|MdePkg/Library/DxePcdLib/DxePcd= Lib.inf

@@ -190,6 +209,10 @@

   gEmulatorPkgTokenSpaceGuid.PcdEmuFirmw= areFdSize|0x002a0000

   gEmulatorPkgTokenSpaceGuid.PcdEmuFirmw= areBlockSize|0x10000

   gEmulatorPkgTokenSpaceGuid.PcdEmuFirmw= areVolume|L"../FV/FV_RECOVERY.fd"

+!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE

+  gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVa= riableSize|0x2800

+  gEfiSecurityPkgTokenSpaceGuid.PcdUserPhysic= alPresence|TRUE

+!endif

   gEmulatorPkgTokenSpaceGuid.PcdEmu= MemorySize|L"64!64"

@@ -306,7 +329,14 @@

   EmulatorPkg/ResetRuntimeDxe/Reset.inf<= o:p>

   MdeModulePkg/Core/RuntimeDxe/RuntimeDx= e.inf

   EmulatorPkg/FvbServicesRuntimeDxe/FvbS= ervicesRuntimeDxe.inf

-  MdeModulePkg/Universal/SecurityStubDxe/Secu= rityStubDxe.inf

+

+  MdeModulePkg/Universal/SecurityStubDxe/Secu= rityStubDxe.inf {

+    <LibraryClasses>

+!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE

+      NULL|SecurityPkg/Li= brary/DxeImageVerificationLib/DxeImageVerificationLib.inf

+!endif

+  }

+

   MdeModulePkg/Universal/EbcDxe/EbcDxe.i= nf

   MdeModulePkg/Universal/MemoryTest/Null= MemoryTestDxe/NullMemoryTestDxe.inf

   EmulatorPkg/EmuThunkDxe/EmuThunk.inf

@@ -315,6 +345,9 @@

   EmulatorPkg/PlatformSmbiosDxe/Platform= SmbiosDxe.inf

   EmulatorPkg/TimerDxe/Timer.inf

+!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE

+  SecurityPkg/VariableAuthenticated/SecureBoo= tConfigDxe/SecureBootConfigDxe.inf

+!endif

   MdeModulePkg/Universal/Variable/R= untimeDxe/VariableRuntimeDxe.inf {

     <LibraryClasses>

diff --git a/EmulatorPkg/EmulatorPkg.fdf b/Emulator= Pkg/EmulatorPkg.fdf

index 295f6f1db8..b256aa9397 100644

--- a/EmulatorPkg/EmulatorPkg.fdf

+++ b/EmulatorPkg/EmulatorPkg.fdf

@@ -46,10 +46,17 @@ DATA =3D {

   # Blockmap[1]: End

   0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x= 00, 0x00,

   ## This is the VARIABLE_STORE_HEADER

+!if $(SECURE_BOOT_ENABLE) =3D=3D FALSE<= /p>

   #Signature: gEfiVariableGuid =3D<= /o:p>

   #  { 0xddcf3616, 0x3275, 0x4164, = { 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d }}

   0x16, 0x36, 0xcf, 0xdd, 0x75, 0x32, 0x= 64, 0x41,

   0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0x= fe, 0x7d,

+!else

+  # Signature: gEfiAuthenticatedVariableGuid = = =3D

+  #  { 0xaaf32c78, 0x947b, 0x439a, { 0xa= 1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 }}

+  0x78, 0x2c, 0xf3, 0xaa, 0x7b, 0x94, 0x9a, 0= x43,

+  0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0= x92,

+!endif

   #Size: 0xc000 (gEfiMdeModulePkgTokenSp= aceGuid.PcdFlashNvStorageVariableSize) - 0x48 (size of EFI_FIRMWARE_VOLUME_= HEADER) =3D 0xBFB8

   # This can speed up the Variable Dispa= tch a bit.

   0xB8, 0xBF, 0x00, 0x00,

@@ -186,6 +193,13 @@ INF  RuleOverride =3D UI = MdeModulePkg/Application/UiApp/UiApp.inf

INF  MdeModulePkg/Application/BootManagerMenuA= pp/BootManagerMenuApp.inf

INF  MdeModulePkg/Universal/DriverSampleDxe/Dr= iverSampleDxe.inf

+#

+# Secure Boot Key Enroll

+#

+!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE

+INF SecurityPkg/VariableAuthenticated/SecureBootCo= nfigDxe/SecureBootConfigDxe.inf

+!endif

+

#

# Network stack drivers

#

--

2.24.1.windows.2

_._,_._,_
Gr= oups.io Links:

You receive all messages sent to this group.

Vie= w/Reply Online (#65335) | | Mute This Topic | New Topic
Your Subscription | Contact Group Owner | Unsubscribe [importer@patchew.org]

_._,_._,_
=20 --_000_DM6PR11MB4315A9FB72F2181A336DCED9CB210DM6PR11MB4315namp_--