[edk2-devel] [PATCH] EmulatorPkg: Enable support for Secure Boot

Wadhawan, Divneil R posted 1 patch 2 weeks ago
Failed in applying to current master (apply log)
EmulatorPkg/EmulatorPkg.dsc | 40 +++++++++++++++++++++++++++++++++++--
EmulatorPkg/EmulatorPkg.fdf | 21 +++++++++++++++----
2 files changed, 55 insertions(+), 6 deletions(-)

[edk2-devel] [PATCH] EmulatorPkg: Enable support for Secure Boot

Posted by Wadhawan, Divneil R 2 weeks ago
SECURE_BOOT_ENABLE feature flag is introduced to enable Secure Boot.
The following gets enabled with this patch:
o Secure Boot Menu in "Device Manager" for enrolling keys
o Storage space for Authenticated Variables
o Authenticated execution of 3rd party images

Signed-off-by: Divneil Rai Wadhawan <divneil.r.wadhawan@intel.com>
---
 EmulatorPkg/EmulatorPkg.dsc | 40 +++++++++++++++++++++++++++++++++++--
 EmulatorPkg/EmulatorPkg.fdf | 21 +++++++++++++++----
 2 files changed, 55 insertions(+), 6 deletions(-)

diff --git a/EmulatorPkg/EmulatorPkg.dsc b/EmulatorPkg/EmulatorPkg.dsc
index 86a6271735..6591c3e824 100644
--- a/EmulatorPkg/EmulatorPkg.dsc
+++ b/EmulatorPkg/EmulatorPkg.dsc
@@ -32,6 +32,7 @@
   DEFINE NETWORK_TLS_ENABLE       = FALSE
   DEFINE NETWORK_HTTP_BOOT_ENABLE = FALSE
   DEFINE NETWORK_ISCSI_ENABLE     = FALSE
+  DEFINE SECURE_BOOT_ENABLE       = FALSE
 
 [SkuIds]
   0|DEFAULT
@@ -106,12 +107,20 @@
   LockBoxLib|MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf
   CpuExceptionHandlerLib|MdeModulePkg/Library/CpuExceptionHandlerLibNull/CpuExceptionHandlerLibNull.inf
   TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
-  AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
   VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
   SortLib|MdeModulePkg/Library/BaseSortLib/BaseSortLib.inf
   ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf
   FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf
 
+  !if $(SECURE_BOOT_ENABLE) == TRUE
+    IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+    OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+    PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
+    AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+  !else
+    AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
+  !endif
+
 [LibraryClasses.common.SEC]
   PeiServicesLib|EmulatorPkg/Library/SecPeiServicesLib/SecPeiServicesLib.inf
   PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
@@ -162,7 +171,20 @@
   TimerLib|EmulatorPkg/Library/DxeCoreTimerLib/DxeCoreTimerLib.inf
   EmuThunkLib|EmulatorPkg/Library/DxeEmuLib/DxeEmuLib.inf
 
-[LibraryClasses.common.DXE_RUNTIME_DRIVER, LibraryClasses.common.UEFI_DRIVER, LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.UEFI_APPLICATION]
+[LibraryClasses.common.DXE_DRIVER]
+  HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
+  PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
+  MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf
+  ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf
+  EmuThunkLib|EmulatorPkg/Library/DxeEmuLib/DxeEmuLib.inf
+  PeCoffExtraActionLib|EmulatorPkg/Library/DxeEmuPeCoffExtraActionLib/DxeEmuPeCoffExtraActionLib.inf
+  ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf
+  TimerLib|EmulatorPkg/Library/DxeTimerLib/DxeTimerLib.inf
+  !if $(SECURE_BOOT_ENABLE) == TRUE
+    BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+  !endif
+
+[LibraryClasses.common.DXE_RUNTIME_DRIVER, LibraryClasses.common.UEFI_DRIVER, LibraryClasses.common.UEFI_APPLICATION]
   HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
   PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
   MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf
@@ -171,6 +193,9 @@
   PeCoffExtraActionLib|EmulatorPkg/Library/DxeEmuPeCoffExtraActionLib/DxeEmuPeCoffExtraActionLib.inf
   ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf
   TimerLib|EmulatorPkg/Library/DxeTimerLib/DxeTimerLib.inf
+  !if $(SECURE_BOOT_ENABLE) == TRUE
+    BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
+  !endif
 
 [PcdsFeatureFlag]
   gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode|FALSE
@@ -190,6 +215,10 @@
   gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareFdSize|0x002a0000
   gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareBlockSize|0x10000
   gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareVolume|L"../FV/FV_RECOVERY.fd"
+  !if $(SECURE_BOOT_ENABLE) == TRUE
+    gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
+    gEfiSecurityPkgTokenSpaceGuid.PcdUserPhysicalPresence|TRUE
+  !endif
 
   gEmulatorPkgTokenSpaceGuid.PcdEmuMemorySize|L"64!64"
 
@@ -315,6 +344,13 @@
   EmulatorPkg/PlatformSmbiosDxe/PlatformSmbiosDxe.inf
   EmulatorPkg/TimerDxe/Timer.inf
 
+  !if $(SECURE_BOOT_ENABLE) == TRUE
+    SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
+    MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {
+    <LibraryClasses>
+      NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
+  }
+  !endif
 
   MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf {
     <LibraryClasses>
diff --git a/EmulatorPkg/EmulatorPkg.fdf b/EmulatorPkg/EmulatorPkg.fdf
index 295f6f1db8..4bf592e778 100644
--- a/EmulatorPkg/EmulatorPkg.fdf
+++ b/EmulatorPkg/EmulatorPkg.fdf
@@ -46,10 +46,16 @@ DATA = {
   # Blockmap[1]: End
   0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
   ## This is the VARIABLE_STORE_HEADER
-  #Signature: gEfiVariableGuid =
-  #  { 0xddcf3616, 0x3275, 0x4164, { 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d }}
-  0x16, 0x36, 0xcf, 0xdd, 0x75, 0x32, 0x64, 0x41,
-  0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d,
+  !if $(SECURE_BOOT_ENABLE) == FALSE
+    #Signature: gEfiVariableGuid =
+    #  { 0xddcf3616, 0x3275, 0x4164, { 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d }}
+    0x16, 0x36, 0xcf, 0xdd, 0x75, 0x32, 0x64, 0x41,
+    0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d,
+  !else
+    # Signature: gEfiAuthenticatedVariableGuid = { 0xaaf32c78, 0x947b, 0x439a, { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 } }
+    0x78, 0x2c, 0xf3, 0xaa, 0x7b, 0x94, 0x9a, 0x43,
+    0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92,
+  !endif
   #Size: 0xc000 (gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize) - 0x48 (size of EFI_FIRMWARE_VOLUME_HEADER) = 0xBFB8
   # This can speed up the Variable Dispatch a bit.
   0xB8, 0xBF, 0x00, 0x00,
@@ -186,6 +192,13 @@ INF  RuleOverride = UI MdeModulePkg/Application/UiApp/UiApp.inf
 INF  MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenuApp.inf
 INF  MdeModulePkg/Universal/DriverSampleDxe/DriverSampleDxe.inf
 
+#
+# Secure Boot Key Enroll
+#
+!if $(SECURE_BOOT_ENABLE) == TRUE
+INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
+!endif
+
 #
 # Network stack drivers
 #
-- 
2.24.1.windows.2

-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#65013): https://edk2.groups.io/g/devel/message/65013
Mute This Topic: https://groups.io/mt/76613369/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

回复: [edk2-devel] [PATCH] EmulatorPkg: Enable support for Secure Boot

Posted by gaoliming 3 days ago
I think SECURE_BOOT_ENABLE flag is fine. It controls more security related
features. And, this flag is also used in OVMF DSC. 

So, this change is good to me. Reviewed-by: Liming Gao
<gaoliming@byosoft.com.cn>

Ray, Andrew: have you any other comment? 

Thanks
Liming
> -----邮件原件-----
> 发件人: bounce+27952+65013+4905953+8761045@groups.io
> <bounce+27952+65013+4905953+8761045@groups.io> 代表 Wadhawan,
> Divneil R
> 发送时间: 2020年9月4日 2:17
> 收件人: devel@edk2.groups.io
> 抄送: Ni, Ray <ray.ni@intel.com>; Andrew Fish (afish@apple.com)
> <afish@apple.com>; Justen, Jordan L <jordan.l.justen@intel.com>; Kinney,
> Michael D <michael.d.kinney@intel.com>; Wadhawan, Divneil R
> <divneil.r.wadhawan@intel.com>
> 主题: [edk2-devel] [PATCH] EmulatorPkg: Enable support for Secure Boot
> 
> SECURE_BOOT_ENABLE feature flag is introduced to enable Secure Boot.
> The following gets enabled with this patch:
> o Secure Boot Menu in "Device Manager" for enrolling keys
> o Storage space for Authenticated Variables
> o Authenticated execution of 3rd party images
> 
> Signed-off-by: Divneil Rai Wadhawan <divneil.r.wadhawan@intel.com>
> ---
>  EmulatorPkg/EmulatorPkg.dsc | 40
> +++++++++++++++++++++++++++++++++++--
>  EmulatorPkg/EmulatorPkg.fdf | 21 +++++++++++++++----
>  2 files changed, 55 insertions(+), 6 deletions(-)
> 
> diff --git a/EmulatorPkg/EmulatorPkg.dsc b/EmulatorPkg/EmulatorPkg.dsc
> index 86a6271735..6591c3e824 100644
> --- a/EmulatorPkg/EmulatorPkg.dsc
> +++ b/EmulatorPkg/EmulatorPkg.dsc
> @@ -32,6 +32,7 @@
>    DEFINE NETWORK_TLS_ENABLE       = FALSE
>    DEFINE NETWORK_HTTP_BOOT_ENABLE = FALSE
>    DEFINE NETWORK_ISCSI_ENABLE     = FALSE
> +  DEFINE SECURE_BOOT_ENABLE       = FALSE
> 
>  [SkuIds]
>    0|DEFAULT
> @@ -106,12 +107,20 @@
>    LockBoxLib|MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf
> 
> CpuExceptionHandlerLib|MdeModulePkg/Library/CpuExceptionHandlerLibNu
> ll/CpuExceptionHandlerLibNull.inf
> 
> TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/Tpm
> MeasurementLibNull.inf
> -
> AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLi
> bNull.inf
>    VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
>    SortLib|MdeModulePkg/Library/BaseSortLib/BaseSortLib.inf
>    ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf
>    FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf
> 
> +  !if $(SECURE_BOOT_ENABLE) == TRUE
> +    IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
> +    OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> +
> PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecur
> eLibNull.inf
> +
> AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
> +  !else
> +
> AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLi
> bNull.inf
> +  !endif
> +
>  [LibraryClasses.common.SEC]
> 
> PeiServicesLib|EmulatorPkg/Library/SecPeiServicesLib/SecPeiServicesLib.inf
>    PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
> @@ -162,7 +171,20 @@
>    TimerLib|EmulatorPkg/Library/DxeCoreTimerLib/DxeCoreTimerLib.inf
>    EmuThunkLib|EmulatorPkg/Library/DxeEmuLib/DxeEmuLib.inf
> 
> -[LibraryClasses.common.DXE_RUNTIME_DRIVER,
> LibraryClasses.common.UEFI_DRIVER, LibraryClasses.common.DXE_DRIVER,
> LibraryClasses.common.UEFI_APPLICATION]
> +[LibraryClasses.common.DXE_DRIVER]
> +  HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
> +  PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
> +
> MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemor
> yAllocationLib.inf
> +
> ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeR
> eportStatusCodeLib.inf
> +  EmuThunkLib|EmulatorPkg/Library/DxeEmuLib/DxeEmuLib.inf
> +
> PeCoffExtraActionLib|EmulatorPkg/Library/DxeEmuPeCoffExtraActionLib/Dxe
> EmuPeCoffExtraActionLib.inf
> +
> ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeR
> eportStatusCodeLib.inf
> +  TimerLib|EmulatorPkg/Library/DxeTimerLib/DxeTimerLib.inf
> +  !if $(SECURE_BOOT_ENABLE) == TRUE
> +    BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> +  !endif
> +
> +[LibraryClasses.common.DXE_RUNTIME_DRIVER,
> LibraryClasses.common.UEFI_DRIVER,
> LibraryClasses.common.UEFI_APPLICATION]
>    HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
>    PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
> 
> MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemor
> yAllocationLib.inf
> @@ -171,6 +193,9 @@
> 
> PeCoffExtraActionLib|EmulatorPkg/Library/DxeEmuPeCoffExtraActionLib/Dxe
> EmuPeCoffExtraActionLib.inf
> 
> ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeR
> eportStatusCodeLib.inf
>    TimerLib|EmulatorPkg/Library/DxeTimerLib/DxeTimerLib.inf
> +  !if $(SECURE_BOOT_ENABLE) == TRUE
> +    BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> +  !endif
> 
>  [PcdsFeatureFlag]
>    gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode|FALSE
> @@ -190,6 +215,10 @@
>    gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareFdSize|0x002a0000
>    gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareBlockSize|0x10000
> 
> gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareVolume|L"../FV/FV_RECOVE
> RY.fd"
> +  !if $(SECURE_BOOT_ENABLE) == TRUE
> +    gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
> +    gEfiSecurityPkgTokenSpaceGuid.PcdUserPhysicalPresence|TRUE
> +  !endif
> 
>    gEmulatorPkgTokenSpaceGuid.PcdEmuMemorySize|L"64!64"
> 
> @@ -315,6 +344,13 @@
>    EmulatorPkg/PlatformSmbiosDxe/PlatformSmbiosDxe.inf
>    EmulatorPkg/TimerDxe/Timer.inf
> 
> +  !if $(SECURE_BOOT_ENABLE) == TRUE
> +
> SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigD
> xe.inf
> +    MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {
> +    <LibraryClasses>
> +
> NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.i
> nf
> +  }
> +  !endif
> 
>    MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
> {
>      <LibraryClasses>
> diff --git a/EmulatorPkg/EmulatorPkg.fdf b/EmulatorPkg/EmulatorPkg.fdf
> index 295f6f1db8..4bf592e778 100644
> --- a/EmulatorPkg/EmulatorPkg.fdf
> +++ b/EmulatorPkg/EmulatorPkg.fdf
> @@ -46,10 +46,16 @@ DATA = {
>    # Blockmap[1]: End
>    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
>    ## This is the VARIABLE_STORE_HEADER
> -  #Signature: gEfiVariableGuid =
> -  #  { 0xddcf3616, 0x3275, 0x4164, { 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f,
> 0xfe, 0x7d }}
> -  0x16, 0x36, 0xcf, 0xdd, 0x75, 0x32, 0x64, 0x41,
> -  0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d,
> +  !if $(SECURE_BOOT_ENABLE) == FALSE
> +    #Signature: gEfiVariableGuid =
> +    #  { 0xddcf3616, 0x3275, 0x4164, { 0x98, 0xb6, 0xfe, 0x85, 0x70,
0x7f,
> 0xfe, 0x7d }}
> +    0x16, 0x36, 0xcf, 0xdd, 0x75, 0x32, 0x64, 0x41,
> +    0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d,
> +  !else
> +    # Signature: gEfiAuthenticatedVariableGuid = { 0xaaf32c78, 0x947b,
> 0x439a, { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 } }
> +    0x78, 0x2c, 0xf3, 0xaa, 0x7b, 0x94, 0x9a, 0x43,
> +    0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92,
> +  !endif
>    #Size: 0xc000
> (gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize) - 0x48
> (size of EFI_FIRMWARE_VOLUME_HEADER) = 0xBFB8
>    # This can speed up the Variable Dispatch a bit.
>    0xB8, 0xBF, 0x00, 0x00,
> @@ -186,6 +192,13 @@ INF  RuleOverride = UI
> MdeModulePkg/Application/UiApp/UiApp.inf
>  INF
> MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenuApp.i
> nf
>  INF  MdeModulePkg/Universal/DriverSampleDxe/DriverSampleDxe.inf
> 
> +#
> +# Secure Boot Key Enroll
> +#
> +!if $(SECURE_BOOT_ENABLE) == TRUE
> +INF
> SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigD
> xe.inf
> +!endif
> +
>  #
>  # Network stack drivers
>  #
> --
> 2.24.1.windows.2
> 
> 




-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#65303): https://edk2.groups.io/g/devel/message/65303
Mute This Topic: https://groups.io/mt/76879427/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH] EmulatorPkg: Enable support for Secure Boot

Posted by Ni, Ray 3 days ago
1. I prefer to not duplicate the HobLib/PcdLib/.../TimerLib in DSC for runtime drivers just because they need to link a different CryptLib.
2. Why the DSC requires UEFI_DRIVER and UEFI_APPLICATION modules use RuntimeCryptLib? It should cause build failures because RuntimeCryptLib only can support DXE_RUNTIME_DRIVER.
3. SecurityStubDxe is already in DSC file. Why did you add another one?

Thanks,
Ray

> -----Original Message-----
> From: gaoliming <gaoliming@byosoft.com.cn>
> Sent: Wednesday, September 16, 2020 9:49 AM
> To: devel@edk2.groups.io; Wadhawan, Divneil R
> <divneil.r.wadhawan@intel.com>
> Cc: Ni, Ray <ray.ni@intel.com>; 'Andrew Fish' <afish@apple.com>; Justen,
> Jordan L <jordan.l.justen@intel.com>; Kinney, Michael D
> <michael.d.kinney@intel.com>
> Subject: 回复: [edk2-devel] [PATCH] EmulatorPkg: Enable support for Secure
> Boot
> 
> I think SECURE_BOOT_ENABLE flag is fine. It controls more security related
> features. And, this flag is also used in OVMF DSC.
> 
> So, this change is good to me. Reviewed-by: Liming Gao
> <gaoliming@byosoft.com.cn>
> 
> Ray, Andrew: have you any other comment?
> 
> Thanks
> Liming
> > -----邮件原件-----
> > 发件人: bounce+27952+65013+4905953+8761045@groups.io
> > <bounce+27952+65013+4905953+8761045@groups.io> 代表 Wadhawan,
> > Divneil R
> > 发送时间: 2020年9月4日 2:17
> > 收件人: devel@edk2.groups.io
> > 抄送: Ni, Ray <ray.ni@intel.com>; Andrew Fish (afish@apple.com)
> > <afish@apple.com>; Justen, Jordan L <jordan.l.justen@intel.com>; Kinney,
> > Michael D <michael.d.kinney@intel.com>; Wadhawan, Divneil R
> > <divneil.r.wadhawan@intel.com>
> > 主题: [edk2-devel] [PATCH] EmulatorPkg: Enable support for Secure Boot
> >
> > SECURE_BOOT_ENABLE feature flag is introduced to enable Secure Boot.
> > The following gets enabled with this patch:
> > o Secure Boot Menu in "Device Manager" for enrolling keys
> > o Storage space for Authenticated Variables
> > o Authenticated execution of 3rd party images
> >
> > Signed-off-by: Divneil Rai Wadhawan <divneil.r.wadhawan@intel.com>
> > ---
> >  EmulatorPkg/EmulatorPkg.dsc | 40
> > +++++++++++++++++++++++++++++++++++--
> >  EmulatorPkg/EmulatorPkg.fdf | 21 +++++++++++++++----
> >  2 files changed, 55 insertions(+), 6 deletions(-)
> >
> > diff --git a/EmulatorPkg/EmulatorPkg.dsc b/EmulatorPkg/EmulatorPkg.dsc
> > index 86a6271735..6591c3e824 100644
> > --- a/EmulatorPkg/EmulatorPkg.dsc
> > +++ b/EmulatorPkg/EmulatorPkg.dsc
> > @@ -32,6 +32,7 @@
> >    DEFINE NETWORK_TLS_ENABLE       = FALSE
> >    DEFINE NETWORK_HTTP_BOOT_ENABLE = FALSE
> >    DEFINE NETWORK_ISCSI_ENABLE     = FALSE
> > +  DEFINE SECURE_BOOT_ENABLE       = FALSE
> >
> >  [SkuIds]
> >    0|DEFAULT
> > @@ -106,12 +107,20 @@
> >    LockBoxLib|MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf
> >
> > CpuExceptionHandlerLib|MdeModulePkg/Library/CpuExceptionHandlerLibNu
> > ll/CpuExceptionHandlerLibNull.inf
> >
> >
> TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/Tpm
> > MeasurementLibNull.inf
> > -
> > AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLi
> > bNull.inf
> >    VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
> >    SortLib|MdeModulePkg/Library/BaseSortLib/BaseSortLib.inf
> >    ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf
> >    FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf
> >
> > +  !if $(SECURE_BOOT_ENABLE) == TRUE
> > +    IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
> > +    OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> > +
> > PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecur
> > eLibNull.inf
> > +
> > AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
> > +  !else
> > +
> > AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLi
> > bNull.inf
> > +  !endif
> > +
> >  [LibraryClasses.common.SEC]
> >
> > PeiServicesLib|EmulatorPkg/Library/SecPeiServicesLib/SecPeiServicesLib.inf
> >    PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
> > @@ -162,7 +171,20 @@
> >    TimerLib|EmulatorPkg/Library/DxeCoreTimerLib/DxeCoreTimerLib.inf
> >    EmuThunkLib|EmulatorPkg/Library/DxeEmuLib/DxeEmuLib.inf
> >
> > -[LibraryClasses.common.DXE_RUNTIME_DRIVER,
> > LibraryClasses.common.UEFI_DRIVER, LibraryClasses.common.DXE_DRIVER,
> > LibraryClasses.common.UEFI_APPLICATION]
> > +[LibraryClasses.common.DXE_DRIVER]
> > +  HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
> > +  PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
> > +
> > MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemor
> > yAllocationLib.inf
> > +
> > ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeR
> > eportStatusCodeLib.inf
> > +  EmuThunkLib|EmulatorPkg/Library/DxeEmuLib/DxeEmuLib.inf
> > +
> > PeCoffExtraActionLib|EmulatorPkg/Library/DxeEmuPeCoffExtraActionLib/Dxe
> > EmuPeCoffExtraActionLib.inf
> > +
> > ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeR
> > eportStatusCodeLib.inf
> > +  TimerLib|EmulatorPkg/Library/DxeTimerLib/DxeTimerLib.inf
> > +  !if $(SECURE_BOOT_ENABLE) == TRUE
> > +    BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> > +  !endif
> > +
> > +[LibraryClasses.common.DXE_RUNTIME_DRIVER,
> > LibraryClasses.common.UEFI_DRIVER,
> > LibraryClasses.common.UEFI_APPLICATION]
> >    HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
> >    PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
> >
> > MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemor
> > yAllocationLib.inf
> > @@ -171,6 +193,9 @@
> >
> > PeCoffExtraActionLib|EmulatorPkg/Library/DxeEmuPeCoffExtraActionLib/Dxe
> > EmuPeCoffExtraActionLib.inf
> >
> > ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeR
> > eportStatusCodeLib.inf
> >    TimerLib|EmulatorPkg/Library/DxeTimerLib/DxeTimerLib.inf
> > +  !if $(SECURE_BOOT_ENABLE) == TRUE
> > +    BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> > +  !endif
> >
> >  [PcdsFeatureFlag]
> >    gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode|FALSE
> > @@ -190,6 +215,10 @@
> >    gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareFdSize|0x002a0000
> >    gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareBlockSize|0x10000
> >
> > gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareVolume|L"../FV/FV_RECOVE
> > RY.fd"
> > +  !if $(SECURE_BOOT_ENABLE) == TRUE
> > +    gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
> > +    gEfiSecurityPkgTokenSpaceGuid.PcdUserPhysicalPresence|TRUE
> > +  !endif
> >
> >    gEmulatorPkgTokenSpaceGuid.PcdEmuMemorySize|L"64!64"
> >
> > @@ -315,6 +344,13 @@
> >    EmulatorPkg/PlatformSmbiosDxe/PlatformSmbiosDxe.inf
> >    EmulatorPkg/TimerDxe/Timer.inf
> >
> > +  !if $(SECURE_BOOT_ENABLE) == TRUE
> > +
> > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigD
> > xe.inf
> > +    MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {
> > +    <LibraryClasses>
> > +
> >
> NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.i
> > nf
> > +  }
> > +  !endif
> >
> >    MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
> > {
> >      <LibraryClasses>
> > diff --git a/EmulatorPkg/EmulatorPkg.fdf b/EmulatorPkg/EmulatorPkg.fdf
> > index 295f6f1db8..4bf592e778 100644
> > --- a/EmulatorPkg/EmulatorPkg.fdf
> > +++ b/EmulatorPkg/EmulatorPkg.fdf
> > @@ -46,10 +46,16 @@ DATA = {
> >    # Blockmap[1]: End
> >    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> >    ## This is the VARIABLE_STORE_HEADER
> > -  #Signature: gEfiVariableGuid =
> > -  #  { 0xddcf3616, 0x3275, 0x4164, { 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f,
> > 0xfe, 0x7d }}
> > -  0x16, 0x36, 0xcf, 0xdd, 0x75, 0x32, 0x64, 0x41,
> > -  0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d,
> > +  !if $(SECURE_BOOT_ENABLE) == FALSE
> > +    #Signature: gEfiVariableGuid =
> > +    #  { 0xddcf3616, 0x3275, 0x4164, { 0x98, 0xb6, 0xfe, 0x85, 0x70,
> 0x7f,
> > 0xfe, 0x7d }}
> > +    0x16, 0x36, 0xcf, 0xdd, 0x75, 0x32, 0x64, 0x41,
> > +    0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d,
> > +  !else
> > +    # Signature: gEfiAuthenticatedVariableGuid = { 0xaaf32c78, 0x947b,
> > 0x439a, { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 } }
> > +    0x78, 0x2c, 0xf3, 0xaa, 0x7b, 0x94, 0x9a, 0x43,
> > +    0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92,
> > +  !endif
> >    #Size: 0xc000
> > (gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize) - 0x48
> > (size of EFI_FIRMWARE_VOLUME_HEADER) = 0xBFB8
> >    # This can speed up the Variable Dispatch a bit.
> >    0xB8, 0xBF, 0x00, 0x00,
> > @@ -186,6 +192,13 @@ INF  RuleOverride = UI
> > MdeModulePkg/Application/UiApp/UiApp.inf
> >  INF
> >
> MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenuApp.i
> > nf
> >  INF  MdeModulePkg/Universal/DriverSampleDxe/DriverSampleDxe.inf
> >
> > +#
> > +# Secure Boot Key Enroll
> > +#
> > +!if $(SECURE_BOOT_ENABLE) == TRUE
> > +INF
> > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigD
> > xe.inf
> > +!endif
> > +
> >  #
> >  # Network stack drivers
> >  #
> > --
> > 2.24.1.windows.2
> >
> > 
> 
> 



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#65314): https://edk2.groups.io/g/devel/message/65314
Mute This Topic: https://groups.io/mt/76883465/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-


Re: [edk2-devel] [PATCH] EmulatorPkg: Enable support for Secure Boot

Posted by Wadhawan, Divneil R 2 days ago
Hi Ray,

I have fixed the review comments.
I will push a v2 of the patch.

Regards,
Divneil


-----Original Message-----
From: Ni, Ray <ray.ni@intel.com> 
Sent: Wednesday, September 16, 2020 2:16 PM
To: gaoliming <gaoliming@byosoft.com.cn>; devel@edk2.groups.io; Wadhawan, Divneil R <divneil.r.wadhawan@intel.com>
Cc: 'Andrew Fish' <afish@apple.com>; Justen, Jordan L <jordan.l.justen@intel.com>; Kinney, Michael D <michael.d.kinney@intel.com>
Subject: RE: [edk2-devel] [PATCH] EmulatorPkg: Enable support for Secure Boot

1. I prefer to not duplicate the HobLib/PcdLib/.../TimerLib in DSC for runtime drivers just because they need to link a different CryptLib.
2. Why the DSC requires UEFI_DRIVER and UEFI_APPLICATION modules use RuntimeCryptLib? It should cause build failures because RuntimeCryptLib only can support DXE_RUNTIME_DRIVER.
3. SecurityStubDxe is already in DSC file. Why did you add another one?

Thanks,
Ray

> -----Original Message-----
> From: gaoliming <gaoliming@byosoft.com.cn>
> Sent: Wednesday, September 16, 2020 9:49 AM
> To: devel@edk2.groups.io; Wadhawan, Divneil R 
> <divneil.r.wadhawan@intel.com>
> Cc: Ni, Ray <ray.ni@intel.com>; 'Andrew Fish' <afish@apple.com>; 
> Justen, Jordan L <jordan.l.justen@intel.com>; Kinney, Michael D 
> <michael.d.kinney@intel.com>
> Subject: 回复: [edk2-devel] [PATCH] EmulatorPkg: Enable support for 
> Secure Boot
> 
> I think SECURE_BOOT_ENABLE flag is fine. It controls more security 
> related features. And, this flag is also used in OVMF DSC.
> 
> So, this change is good to me. Reviewed-by: Liming Gao 
> <gaoliming@byosoft.com.cn>
> 
> Ray, Andrew: have you any other comment?
> 
> Thanks
> Liming
> > -----邮件原件-----
> > 发件人: bounce+27952+65013+4905953+8761045@groups.io
> > <bounce+27952+65013+4905953+8761045@groups.io> 代表 Wadhawan, Divneil 
> > R
> > 发送时间: 2020年9月4日 2:17
> > 收件人: devel@edk2.groups.io
> > 抄送: Ni, Ray <ray.ni@intel.com>; Andrew Fish (afish@apple.com) 
> > <afish@apple.com>; Justen, Jordan L <jordan.l.justen@intel.com>; 
> > Kinney, Michael D <michael.d.kinney@intel.com>; Wadhawan, Divneil R 
> > <divneil.r.wadhawan@intel.com>
> > 主题: [edk2-devel] [PATCH] EmulatorPkg: Enable support for Secure Boot
> >
> > SECURE_BOOT_ENABLE feature flag is introduced to enable Secure Boot.
> > The following gets enabled with this patch:
> > o Secure Boot Menu in "Device Manager" for enrolling keys o Storage 
> > space for Authenticated Variables o Authenticated execution of 3rd 
> > party images
> >
> > Signed-off-by: Divneil Rai Wadhawan <divneil.r.wadhawan@intel.com>
> > ---
> >  EmulatorPkg/EmulatorPkg.dsc | 40
> > +++++++++++++++++++++++++++++++++++--
> >  EmulatorPkg/EmulatorPkg.fdf | 21 +++++++++++++++----
> >  2 files changed, 55 insertions(+), 6 deletions(-)
> >
> > diff --git a/EmulatorPkg/EmulatorPkg.dsc 
> > b/EmulatorPkg/EmulatorPkg.dsc index 86a6271735..6591c3e824 100644
> > --- a/EmulatorPkg/EmulatorPkg.dsc
> > +++ b/EmulatorPkg/EmulatorPkg.dsc
> > @@ -32,6 +32,7 @@
> >    DEFINE NETWORK_TLS_ENABLE       = FALSE
> >    DEFINE NETWORK_HTTP_BOOT_ENABLE = FALSE
> >    DEFINE NETWORK_ISCSI_ENABLE     = FALSE
> > +  DEFINE SECURE_BOOT_ENABLE       = FALSE
> >
> >  [SkuIds]
> >    0|DEFAULT
> > @@ -106,12 +107,20 @@
> >    LockBoxLib|MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf
> >
> > CpuExceptionHandlerLib|MdeModulePkg/Library/CpuExceptionHandlerLibNu
> > ll/CpuExceptionHandlerLibNull.inf
> >
> >
> TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/Tpm
> > MeasurementLibNull.inf
> > -
> > AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariabl
> > AuthVariableLib|eLi
> > bNull.inf
> >    VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
> >    SortLib|MdeModulePkg/Library/BaseSortLib/BaseSortLib.inf
> >    ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf
> >    
> > FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf
> >
> > +  !if $(SECURE_BOOT_ENABLE) == TRUE
> > +    IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
> > +    OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> > +
> > PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/Platform
> > PlatformSecureLib|Secur
> > eLibNull.inf
> > +
> > AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.
> > AuthVariableLib|inf
> > +  !else
> > +
> > AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariabl
> > AuthVariableLib|eLi
> > bNull.inf
> > +  !endif
> > +
> >  [LibraryClasses.common.SEC]
> >
> > PeiServicesLib|EmulatorPkg/Library/SecPeiServicesLib/SecPeiServicesL
> > PeiServicesLib|ib.inf
> >    PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
> > @@ -162,7 +171,20 @@
> >    TimerLib|EmulatorPkg/Library/DxeCoreTimerLib/DxeCoreTimerLib.inf
> >    EmuThunkLib|EmulatorPkg/Library/DxeEmuLib/DxeEmuLib.inf
> >
> > -[LibraryClasses.common.DXE_RUNTIME_DRIVER,
> > LibraryClasses.common.UEFI_DRIVER, LibraryClasses.common.DXE_DRIVER, 
> > LibraryClasses.common.UEFI_APPLICATION]
> > +[LibraryClasses.common.DXE_DRIVER]
> > +  HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
> > +  PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
> > +
> > MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemor
> > yAllocationLib.inf
> > +
> > ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeR
> > eportStatusCodeLib.inf
> > +  EmuThunkLib|EmulatorPkg/Library/DxeEmuLib/DxeEmuLib.inf
> > +
> > PeCoffExtraActionLib|EmulatorPkg/Library/DxeEmuPeCoffExtraActionLib/
> > PeCoffExtraActionLib|Dxe
> > EmuPeCoffExtraActionLib.inf
> > +
> > ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeR
> > eportStatusCodeLib.inf
> > +  TimerLib|EmulatorPkg/Library/DxeTimerLib/DxeTimerLib.inf
> > +  !if $(SECURE_BOOT_ENABLE) == TRUE
> > +    BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> > +  !endif
> > +
> > +[LibraryClasses.common.DXE_RUNTIME_DRIVER,
> > LibraryClasses.common.UEFI_DRIVER,
> > LibraryClasses.common.UEFI_APPLICATION]
> >    HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
> >    PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
> >
> > MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemor
> > yAllocationLib.inf
> > @@ -171,6 +193,9 @@
> >
> > PeCoffExtraActionLib|EmulatorPkg/Library/DxeEmuPeCoffExtraActionLib/
> > PeCoffExtraActionLib|Dxe
> > EmuPeCoffExtraActionLib.inf
> >
> > ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeR
> > eportStatusCodeLib.inf
> >    TimerLib|EmulatorPkg/Library/DxeTimerLib/DxeTimerLib.inf
> > +  !if $(SECURE_BOOT_ENABLE) == TRUE
> > +    BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> > +  !endif
> >
> >  [PcdsFeatureFlag]
> >    gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode|FALSE
> > @@ -190,6 +215,10 @@
> >    gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareFdSize|0x002a0000
> >    gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareBlockSize|0x10000
> >
> > gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareVolume|L"../FV/FV_RECOVE
> > RY.fd"
> > +  !if $(SECURE_BOOT_ENABLE) == TRUE
> > +    gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
> > +    gEfiSecurityPkgTokenSpaceGuid.PcdUserPhysicalPresence|TRUE
> > +  !endif
> >
> >    gEmulatorPkgTokenSpaceGuid.PcdEmuMemorySize|L"64!64"
> >
> > @@ -315,6 +344,13 @@
> >    EmulatorPkg/PlatformSmbiosDxe/PlatformSmbiosDxe.inf
> >    EmulatorPkg/TimerDxe/Timer.inf
> >
> > +  !if $(SECURE_BOOT_ENABLE) == TRUE
> > +
> > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConf
> > igD
> > xe.inf
> > +    MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {
> > +    <LibraryClasses>
> > +
> >
> NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationL
> NULL|ib.i
> > nf
> > +  }
> > +  !endif
> >
> >    MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
> > {
> >      <LibraryClasses>
> > diff --git a/EmulatorPkg/EmulatorPkg.fdf 
> > b/EmulatorPkg/EmulatorPkg.fdf index 295f6f1db8..4bf592e778 100644
> > --- a/EmulatorPkg/EmulatorPkg.fdf
> > +++ b/EmulatorPkg/EmulatorPkg.fdf
> > @@ -46,10 +46,16 @@ DATA = {
> >    # Blockmap[1]: End
> >    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> >    ## This is the VARIABLE_STORE_HEADER
> > -  #Signature: gEfiVariableGuid =
> > -  #  { 0xddcf3616, 0x3275, 0x4164, { 0x98, 0xb6, 0xfe, 0x85, 0x70, 
> > 0x7f, 0xfe, 0x7d }}
> > -  0x16, 0x36, 0xcf, 0xdd, 0x75, 0x32, 0x64, 0x41,
> > -  0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d,
> > +  !if $(SECURE_BOOT_ENABLE) == FALSE
> > +    #Signature: gEfiVariableGuid =
> > +    #  { 0xddcf3616, 0x3275, 0x4164, { 0x98, 0xb6, 0xfe, 0x85, 
> > + 0x70,
> 0x7f,
> > 0xfe, 0x7d }}
> > +    0x16, 0x36, 0xcf, 0xdd, 0x75, 0x32, 0x64, 0x41,
> > +    0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d,  !else
> > +    # Signature: gEfiAuthenticatedVariableGuid = { 0xaaf32c78, 
> > + 0x947b,
> > 0x439a, { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 } }
> > +    0x78, 0x2c, 0xf3, 0xaa, 0x7b, 0x94, 0x9a, 0x43,
> > +    0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92,  !endif
> >    #Size: 0xc000
> > (gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize) - 
> > 0x48 (size of EFI_FIRMWARE_VOLUME_HEADER) = 0xBFB8
> >    # This can speed up the Variable Dispatch a bit.
> >    0xB8, 0xBF, 0x00, 0x00,
> > @@ -186,6 +192,13 @@ INF  RuleOverride = UI 
> > MdeModulePkg/Application/UiApp/UiApp.inf
> >  INF
> >
> MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenuApp.i
> > nf
> >  INF  MdeModulePkg/Universal/DriverSampleDxe/DriverSampleDxe.inf
> >
> > +#
> > +# Secure Boot Key Enroll
> > +#
> > +!if $(SECURE_BOOT_ENABLE) == TRUE
> > +INF
> > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConf
> > igD
> > xe.inf
> > +!endif
> > +
> >  #
> >  # Network stack drivers
> >  #
> > --
> > 2.24.1.windows.2
> >
> > 
> 
> 



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#65334): https://edk2.groups.io/g/devel/message/65334
Mute This Topic: https://groups.io/mt/76883465/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-


[edk2-devel] update edk2-platforms Vlv2TbltDevicePkg

Posted by Kilian Kegel 2 days ago
Hi Mike,

recently I have updated my CdePkg project from https://github.com/tianocore/edk2-staging.git.

It seems that the ValleyView Package (MinnowBoard) in edk2-platforms<https://github.com/tianocore/edk2-platforms>/Platform<https://github.com/tianocore/edk2-platforms/tree/master/Platform>/Intel<https://github.com/tianocore/edk2-platforms/tree/master/Platform/Intel>/Vlv2TbltDevicePkg
needs an update to support latest FmpDevicePkg from edk2-stable202008.

diff --git a/Platform/Intel/Vlv2TbltDevicePkg/FmpBlueSampleDevice.dsc b/Platform/Intel/Vlv2TbltDevicePkg/FmpBlueSampleDevice.dsc
index 3bd9f150b3..1bf943cf0e 100644
--- a/Platform/Intel/Vlv2TbltDevicePkg/FmpBlueSampleDevice.dsc
+++ b/Platform/Intel/Vlv2TbltDevicePkg/FmpBlueSampleDevice.dsc
@@ -52,4 +52,7 @@
       # Device specific library that processes a capsule and updates the FW storage device
       #
       FmpDeviceLib|Vlv2TbltDevicePkg/Feature/Capsule/Library/FmpDeviceLibSample/FmpDeviceLib.inf
+      FmpDependencyLib|FmpDevicePkg\Library\FmpDependencyLib\FmpDependencyLib.inf
+      FmpDependencyCheckLib|FmpDevicePkg\Library\FmpDependencyCheckLibNull\FmpDependencyCheckLibNull.inf
+      FmpDependencyDeviceLib|FmpDevicePkg\Library\FmpDependencyDeviceLibNull\FmpDependencyDeviceLibNull.inf
   }
diff --git a/Platform/Intel/Vlv2TbltDevicePkg/FmpGreenSampleDevice.dsc b/Platform/Intel/Vlv2TbltDevicePkg/FmpGreenSampleDevice.dsc
index 61bdd36a96..0e6c10e23f 100644
--- a/Platform/Intel/Vlv2TbltDevicePkg/FmpGreenSampleDevice.dsc
+++ b/Platform/Intel/Vlv2TbltDevicePkg/FmpGreenSampleDevice.dsc
@@ -52,4 +52,7 @@
       # Device specific library that processes a capsule and updates the FW storage device
       #
       FmpDeviceLib|Vlv2TbltDevicePkg/Feature/Capsule/Library/FmpDeviceLibSample/FmpDeviceLib.inf
+      FmpDependencyLib|FmpDevicePkg\Library\FmpDependencyLib\FmpDependencyLib.inf
+      FmpDependencyCheckLib|FmpDevicePkg\Library\FmpDependencyCheckLibNull\FmpDependencyCheckLibNull.inf
+      FmpDependencyDeviceLib|FmpDevicePkg\Library\FmpDependencyDeviceLibNull\FmpDependencyDeviceLibNull.inf
   }
diff --git a/Platform/Intel/Vlv2TbltDevicePkg/FmpMinnowMaxSystem.dsc b/Platform/Intel/Vlv2TbltDevicePkg/FmpMinnowMaxSystem.dsc
index 304519b294..eea73c0f06 100644
--- a/Platform/Intel/Vlv2TbltDevicePkg/FmpMinnowMaxSystem.dsc
+++ b/Platform/Intel/Vlv2TbltDevicePkg/FmpMinnowMaxSystem.dsc
@@ -56,4 +56,7 @@
       # Device specific library that processes a capsule and updates the FW storage device
       #
       FmpDeviceLib|Vlv2TbltDevicePkg/Feature/Capsule/Library/FmpDeviceLib/FmpDeviceLib.inf
+      FmpDependencyLib|FmpDevicePkg\Library\FmpDependencyLib\FmpDependencyLib.inf
+      FmpDependencyCheckLib|FmpDevicePkg\Library\FmpDependencyCheckLibNull\FmpDependencyCheckLibNull.inf
+      FmpDependencyDeviceLib|FmpDevicePkg\Library\FmpDependencyDeviceLibNull\FmpDependencyDeviceLibNull.inf
   }
diff --git a/Platform/Intel/Vlv2TbltDevicePkg/FmpRedSampleDevice.dsc b/Platform/Intel/Vlv2TbltDevicePkg/FmpRedSampleDevice.dsc
index 59851f2b41..d37974f9d4 100644
--- a/Platform/Intel/Vlv2TbltDevicePkg/FmpRedSampleDevice.dsc
+++ b/Platform/Intel/Vlv2TbltDevicePkg/FmpRedSampleDevice.dsc
@@ -52,4 +52,7 @@
       # Device specific library that processes a capsule and updates the FW storage device
       #
       FmpDeviceLib|Vlv2TbltDevicePkg/Feature/Capsule/Library/FmpDeviceLibSample/FmpDeviceLib.inf
+      FmpDependencyLib|FmpDevicePkg\Library\FmpDependencyLib\FmpDependencyLib.inf
+      FmpDependencyCheckLib|FmpDevicePkg\Library\FmpDependencyCheckLibNull\FmpDependencyCheckLibNull.inf
+      FmpDependencyDeviceLib|FmpDevicePkg\Library\FmpDependencyDeviceLibNull\FmpDependencyDeviceLibNull.inf
   }

Best Reagrds,
Kilian


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#65338): https://edk2.groups.io/g/devel/message/65338
Mute This Topic: https://groups.io/mt/76893177/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-