EmulatorPkg/EmulatorPkg.dsc | 40 +++++++++++++++++++++++++++++++++++-- EmulatorPkg/EmulatorPkg.fdf | 21 +++++++++++++++---- 2 files changed, 55 insertions(+), 6 deletions(-)
SECURE_BOOT_ENABLE feature flag is introduced to enable Secure Boot.
The following gets enabled with this patch:
o Secure Boot Menu in "Device Manager" for enrolling keys
o Storage space for Authenticated Variables
o Authenticated execution of 3rd party images
Signed-off-by: Divneil Rai Wadhawan <divneil.r.wadhawan@intel.com>
---
EmulatorPkg/EmulatorPkg.dsc | 40 +++++++++++++++++++++++++++++++++++--
EmulatorPkg/EmulatorPkg.fdf | 21 +++++++++++++++----
2 files changed, 55 insertions(+), 6 deletions(-)
diff --git a/EmulatorPkg/EmulatorPkg.dsc b/EmulatorPkg/EmulatorPkg.dsc
index 86a6271735..6591c3e824 100644
--- a/EmulatorPkg/EmulatorPkg.dsc
+++ b/EmulatorPkg/EmulatorPkg.dsc
@@ -32,6 +32,7 @@
DEFINE NETWORK_TLS_ENABLE = FALSE
DEFINE NETWORK_HTTP_BOOT_ENABLE = FALSE
DEFINE NETWORK_ISCSI_ENABLE = FALSE
+ DEFINE SECURE_BOOT_ENABLE = FALSE
[SkuIds]
0|DEFAULT
@@ -106,12 +107,20 @@
LockBoxLib|MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf
CpuExceptionHandlerLib|MdeModulePkg/Library/CpuExceptionHandlerLibNull/CpuExceptionHandlerLibNull.inf
TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
- AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
SortLib|MdeModulePkg/Library/BaseSortLib/BaseSortLib.inf
ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf
FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf
+ !if $(SECURE_BOOT_ENABLE) == TRUE
+ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+ PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
+ AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+ !else
+ AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
+ !endif
+
[LibraryClasses.common.SEC]
PeiServicesLib|EmulatorPkg/Library/SecPeiServicesLib/SecPeiServicesLib.inf
PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
@@ -162,7 +171,20 @@
TimerLib|EmulatorPkg/Library/DxeCoreTimerLib/DxeCoreTimerLib.inf
EmuThunkLib|EmulatorPkg/Library/DxeEmuLib/DxeEmuLib.inf
-[LibraryClasses.common.DXE_RUNTIME_DRIVER, LibraryClasses.common.UEFI_DRIVER, LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.UEFI_APPLICATION]
+[LibraryClasses.common.DXE_DRIVER]
+ HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
+ PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
+ MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf
+ ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf
+ EmuThunkLib|EmulatorPkg/Library/DxeEmuLib/DxeEmuLib.inf
+ PeCoffExtraActionLib|EmulatorPkg/Library/DxeEmuPeCoffExtraActionLib/DxeEmuPeCoffExtraActionLib.inf
+ ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf
+ TimerLib|EmulatorPkg/Library/DxeTimerLib/DxeTimerLib.inf
+ !if $(SECURE_BOOT_ENABLE) == TRUE
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+ !endif
+
+[LibraryClasses.common.DXE_RUNTIME_DRIVER, LibraryClasses.common.UEFI_DRIVER, LibraryClasses.common.UEFI_APPLICATION]
HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf
@@ -171,6 +193,9 @@
PeCoffExtraActionLib|EmulatorPkg/Library/DxeEmuPeCoffExtraActionLib/DxeEmuPeCoffExtraActionLib.inf
ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf
TimerLib|EmulatorPkg/Library/DxeTimerLib/DxeTimerLib.inf
+ !if $(SECURE_BOOT_ENABLE) == TRUE
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
+ !endif
[PcdsFeatureFlag]
gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode|FALSE
@@ -190,6 +215,10 @@
gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareFdSize|0x002a0000
gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareBlockSize|0x10000
gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareVolume|L"../FV/FV_RECOVERY.fd"
+ !if $(SECURE_BOOT_ENABLE) == TRUE
+ gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
+ gEfiSecurityPkgTokenSpaceGuid.PcdUserPhysicalPresence|TRUE
+ !endif
gEmulatorPkgTokenSpaceGuid.PcdEmuMemorySize|L"64!64"
@@ -315,6 +344,13 @@
EmulatorPkg/PlatformSmbiosDxe/PlatformSmbiosDxe.inf
EmulatorPkg/TimerDxe/Timer.inf
+ !if $(SECURE_BOOT_ENABLE) == TRUE
+ SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
+ MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {
+ <LibraryClasses>
+ NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
+ }
+ !endif
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf {
<LibraryClasses>
diff --git a/EmulatorPkg/EmulatorPkg.fdf b/EmulatorPkg/EmulatorPkg.fdf
index 295f6f1db8..4bf592e778 100644
--- a/EmulatorPkg/EmulatorPkg.fdf
+++ b/EmulatorPkg/EmulatorPkg.fdf
@@ -46,10 +46,16 @@ DATA = {
# Blockmap[1]: End
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
## This is the VARIABLE_STORE_HEADER
- #Signature: gEfiVariableGuid =
- # { 0xddcf3616, 0x3275, 0x4164, { 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d }}
- 0x16, 0x36, 0xcf, 0xdd, 0x75, 0x32, 0x64, 0x41,
- 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d,
+ !if $(SECURE_BOOT_ENABLE) == FALSE
+ #Signature: gEfiVariableGuid =
+ # { 0xddcf3616, 0x3275, 0x4164, { 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d }}
+ 0x16, 0x36, 0xcf, 0xdd, 0x75, 0x32, 0x64, 0x41,
+ 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d,
+ !else
+ # Signature: gEfiAuthenticatedVariableGuid = { 0xaaf32c78, 0x947b, 0x439a, { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 } }
+ 0x78, 0x2c, 0xf3, 0xaa, 0x7b, 0x94, 0x9a, 0x43,
+ 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92,
+ !endif
#Size: 0xc000 (gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize) - 0x48 (size of EFI_FIRMWARE_VOLUME_HEADER) = 0xBFB8
# This can speed up the Variable Dispatch a bit.
0xB8, 0xBF, 0x00, 0x00,
@@ -186,6 +192,13 @@ INF RuleOverride = UI MdeModulePkg/Application/UiApp/UiApp.inf
INF MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenuApp.inf
INF MdeModulePkg/Universal/DriverSampleDxe/DriverSampleDxe.inf
+#
+# Secure Boot Key Enroll
+#
+!if $(SECURE_BOOT_ENABLE) == TRUE
+INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
+!endif
+
#
# Network stack drivers
#
--
2.24.1.windows.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#65013): https://edk2.groups.io/g/devel/message/65013
Mute This Topic: https://groups.io/mt/76613369/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
I think SECURE_BOOT_ENABLE flag is fine. It controls more security related features. And, this flag is also used in OVMF DSC. So, this change is good to me. Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn> Ray, Andrew: have you any other comment? Thanks Liming > -----邮件原件----- > 发件人: bounce+27952+65013+4905953+8761045@groups.io > <bounce+27952+65013+4905953+8761045@groups.io> 代表 Wadhawan, > Divneil R > 发送时间: 2020年9月4日 2:17 > 收件人: devel@edk2.groups.io > 抄送: Ni, Ray <ray.ni@intel.com>; Andrew Fish (afish@apple.com) > <afish@apple.com>; Justen, Jordan L <jordan.l.justen@intel.com>; Kinney, > Michael D <michael.d.kinney@intel.com>; Wadhawan, Divneil R > <divneil.r.wadhawan@intel.com> > 主题: [edk2-devel] [PATCH] EmulatorPkg: Enable support for Secure Boot > > SECURE_BOOT_ENABLE feature flag is introduced to enable Secure Boot. > The following gets enabled with this patch: > o Secure Boot Menu in "Device Manager" for enrolling keys > o Storage space for Authenticated Variables > o Authenticated execution of 3rd party images > > Signed-off-by: Divneil Rai Wadhawan <divneil.r.wadhawan@intel.com> > --- > EmulatorPkg/EmulatorPkg.dsc | 40 > +++++++++++++++++++++++++++++++++++-- > EmulatorPkg/EmulatorPkg.fdf | 21 +++++++++++++++---- > 2 files changed, 55 insertions(+), 6 deletions(-) > > diff --git a/EmulatorPkg/EmulatorPkg.dsc b/EmulatorPkg/EmulatorPkg.dsc > index 86a6271735..6591c3e824 100644 > --- a/EmulatorPkg/EmulatorPkg.dsc > +++ b/EmulatorPkg/EmulatorPkg.dsc > @@ -32,6 +32,7 @@ > DEFINE NETWORK_TLS_ENABLE = FALSE > DEFINE NETWORK_HTTP_BOOT_ENABLE = FALSE > DEFINE NETWORK_ISCSI_ENABLE = FALSE > + DEFINE SECURE_BOOT_ENABLE = FALSE > > [SkuIds] > 0|DEFAULT > @@ -106,12 +107,20 @@ > LockBoxLib|MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf > > CpuExceptionHandlerLib|MdeModulePkg/Library/CpuExceptionHandlerLibNu > ll/CpuExceptionHandlerLibNull.inf > > TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/Tpm > MeasurementLibNull.inf > - > AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLi > bNull.inf > VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf > SortLib|MdeModulePkg/Library/BaseSortLib/BaseSortLib.inf > ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf > FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf > > + !if $(SECURE_BOOT_ENABLE) == TRUE > + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf > + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > + > PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecur > eLibNull.inf > + > AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf > + !else > + > AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLi > bNull.inf > + !endif > + > [LibraryClasses.common.SEC] > > PeiServicesLib|EmulatorPkg/Library/SecPeiServicesLib/SecPeiServicesLib.inf > PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf > @@ -162,7 +171,20 @@ > TimerLib|EmulatorPkg/Library/DxeCoreTimerLib/DxeCoreTimerLib.inf > EmuThunkLib|EmulatorPkg/Library/DxeEmuLib/DxeEmuLib.inf > > -[LibraryClasses.common.DXE_RUNTIME_DRIVER, > LibraryClasses.common.UEFI_DRIVER, LibraryClasses.common.DXE_DRIVER, > LibraryClasses.common.UEFI_APPLICATION] > +[LibraryClasses.common.DXE_DRIVER] > + HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf > + PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf > + > MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemor > yAllocationLib.inf > + > ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeR > eportStatusCodeLib.inf > + EmuThunkLib|EmulatorPkg/Library/DxeEmuLib/DxeEmuLib.inf > + > PeCoffExtraActionLib|EmulatorPkg/Library/DxeEmuPeCoffExtraActionLib/Dxe > EmuPeCoffExtraActionLib.inf > + > ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeR > eportStatusCodeLib.inf > + TimerLib|EmulatorPkg/Library/DxeTimerLib/DxeTimerLib.inf > + !if $(SECURE_BOOT_ENABLE) == TRUE > + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > + !endif > + > +[LibraryClasses.common.DXE_RUNTIME_DRIVER, > LibraryClasses.common.UEFI_DRIVER, > LibraryClasses.common.UEFI_APPLICATION] > HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf > PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf > > MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemor > yAllocationLib.inf > @@ -171,6 +193,9 @@ > > PeCoffExtraActionLib|EmulatorPkg/Library/DxeEmuPeCoffExtraActionLib/Dxe > EmuPeCoffExtraActionLib.inf > > ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeR > eportStatusCodeLib.inf > TimerLib|EmulatorPkg/Library/DxeTimerLib/DxeTimerLib.inf > + !if $(SECURE_BOOT_ENABLE) == TRUE > + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf > + !endif > > [PcdsFeatureFlag] > gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode|FALSE > @@ -190,6 +215,10 @@ > gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareFdSize|0x002a0000 > gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareBlockSize|0x10000 > > gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareVolume|L"../FV/FV_RECOVE > RY.fd" > + !if $(SECURE_BOOT_ENABLE) == TRUE > + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800 > + gEfiSecurityPkgTokenSpaceGuid.PcdUserPhysicalPresence|TRUE > + !endif > > gEmulatorPkgTokenSpaceGuid.PcdEmuMemorySize|L"64!64" > > @@ -315,6 +344,13 @@ > EmulatorPkg/PlatformSmbiosDxe/PlatformSmbiosDxe.inf > EmulatorPkg/TimerDxe/Timer.inf > > + !if $(SECURE_BOOT_ENABLE) == TRUE > + > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigD > xe.inf > + MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf { > + <LibraryClasses> > + > NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.i > nf > + } > + !endif > > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf > { > <LibraryClasses> > diff --git a/EmulatorPkg/EmulatorPkg.fdf b/EmulatorPkg/EmulatorPkg.fdf > index 295f6f1db8..4bf592e778 100644 > --- a/EmulatorPkg/EmulatorPkg.fdf > +++ b/EmulatorPkg/EmulatorPkg.fdf > @@ -46,10 +46,16 @@ DATA = { > # Blockmap[1]: End > 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, > ## This is the VARIABLE_STORE_HEADER > - #Signature: gEfiVariableGuid = > - # { 0xddcf3616, 0x3275, 0x4164, { 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, > 0xfe, 0x7d }} > - 0x16, 0x36, 0xcf, 0xdd, 0x75, 0x32, 0x64, 0x41, > - 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d, > + !if $(SECURE_BOOT_ENABLE) == FALSE > + #Signature: gEfiVariableGuid = > + # { 0xddcf3616, 0x3275, 0x4164, { 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, > 0xfe, 0x7d }} > + 0x16, 0x36, 0xcf, 0xdd, 0x75, 0x32, 0x64, 0x41, > + 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d, > + !else > + # Signature: gEfiAuthenticatedVariableGuid = { 0xaaf32c78, 0x947b, > 0x439a, { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 } } > + 0x78, 0x2c, 0xf3, 0xaa, 0x7b, 0x94, 0x9a, 0x43, > + 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92, > + !endif > #Size: 0xc000 > (gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize) - 0x48 > (size of EFI_FIRMWARE_VOLUME_HEADER) = 0xBFB8 > # This can speed up the Variable Dispatch a bit. > 0xB8, 0xBF, 0x00, 0x00, > @@ -186,6 +192,13 @@ INF RuleOverride = UI > MdeModulePkg/Application/UiApp/UiApp.inf > INF > MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenuApp.i > nf > INF MdeModulePkg/Universal/DriverSampleDxe/DriverSampleDxe.inf > > +# > +# Secure Boot Key Enroll > +# > +!if $(SECURE_BOOT_ENABLE) == TRUE > +INF > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigD > xe.inf > +!endif > + > # > # Network stack drivers > # > -- > 2.24.1.windows.2 > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#65303): https://edk2.groups.io/g/devel/message/65303 Mute This Topic: https://groups.io/mt/76879427/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
1. I prefer to not duplicate the HobLib/PcdLib/.../TimerLib in DSC for runtime drivers just because they need to link a different CryptLib. 2. Why the DSC requires UEFI_DRIVER and UEFI_APPLICATION modules use RuntimeCryptLib? It should cause build failures because RuntimeCryptLib only can support DXE_RUNTIME_DRIVER. 3. SecurityStubDxe is already in DSC file. Why did you add another one? Thanks, Ray > -----Original Message----- > From: gaoliming <gaoliming@byosoft.com.cn> > Sent: Wednesday, September 16, 2020 9:49 AM > To: devel@edk2.groups.io; Wadhawan, Divneil R > <divneil.r.wadhawan@intel.com> > Cc: Ni, Ray <ray.ni@intel.com>; 'Andrew Fish' <afish@apple.com>; Justen, > Jordan L <jordan.l.justen@intel.com>; Kinney, Michael D > <michael.d.kinney@intel.com> > Subject: 回复: [edk2-devel] [PATCH] EmulatorPkg: Enable support for Secure > Boot > > I think SECURE_BOOT_ENABLE flag is fine. It controls more security related > features. And, this flag is also used in OVMF DSC. > > So, this change is good to me. Reviewed-by: Liming Gao > <gaoliming@byosoft.com.cn> > > Ray, Andrew: have you any other comment? > > Thanks > Liming > > -----邮件原件----- > > 发件人: bounce+27952+65013+4905953+8761045@groups.io > > <bounce+27952+65013+4905953+8761045@groups.io> 代表 Wadhawan, > > Divneil R > > 发送时间: 2020年9月4日 2:17 > > 收件人: devel@edk2.groups.io > > 抄送: Ni, Ray <ray.ni@intel.com>; Andrew Fish (afish@apple.com) > > <afish@apple.com>; Justen, Jordan L <jordan.l.justen@intel.com>; Kinney, > > Michael D <michael.d.kinney@intel.com>; Wadhawan, Divneil R > > <divneil.r.wadhawan@intel.com> > > 主题: [edk2-devel] [PATCH] EmulatorPkg: Enable support for Secure Boot > > > > SECURE_BOOT_ENABLE feature flag is introduced to enable Secure Boot. > > The following gets enabled with this patch: > > o Secure Boot Menu in "Device Manager" for enrolling keys > > o Storage space for Authenticated Variables > > o Authenticated execution of 3rd party images > > > > Signed-off-by: Divneil Rai Wadhawan <divneil.r.wadhawan@intel.com> > > --- > > EmulatorPkg/EmulatorPkg.dsc | 40 > > +++++++++++++++++++++++++++++++++++-- > > EmulatorPkg/EmulatorPkg.fdf | 21 +++++++++++++++---- > > 2 files changed, 55 insertions(+), 6 deletions(-) > > > > diff --git a/EmulatorPkg/EmulatorPkg.dsc b/EmulatorPkg/EmulatorPkg.dsc > > index 86a6271735..6591c3e824 100644 > > --- a/EmulatorPkg/EmulatorPkg.dsc > > +++ b/EmulatorPkg/EmulatorPkg.dsc > > @@ -32,6 +32,7 @@ > > DEFINE NETWORK_TLS_ENABLE = FALSE > > DEFINE NETWORK_HTTP_BOOT_ENABLE = FALSE > > DEFINE NETWORK_ISCSI_ENABLE = FALSE > > + DEFINE SECURE_BOOT_ENABLE = FALSE > > > > [SkuIds] > > 0|DEFAULT > > @@ -106,12 +107,20 @@ > > LockBoxLib|MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf > > > > CpuExceptionHandlerLib|MdeModulePkg/Library/CpuExceptionHandlerLibNu > > ll/CpuExceptionHandlerLibNull.inf > > > > > TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/Tpm > > MeasurementLibNull.inf > > - > > AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLi > > bNull.inf > > VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf > > SortLib|MdeModulePkg/Library/BaseSortLib/BaseSortLib.inf > > ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf > > FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf > > > > + !if $(SECURE_BOOT_ENABLE) == TRUE > > + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf > > + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > > + > > PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecur > > eLibNull.inf > > + > > AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf > > + !else > > + > > AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLi > > bNull.inf > > + !endif > > + > > [LibraryClasses.common.SEC] > > > > PeiServicesLib|EmulatorPkg/Library/SecPeiServicesLib/SecPeiServicesLib.inf > > PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf > > @@ -162,7 +171,20 @@ > > TimerLib|EmulatorPkg/Library/DxeCoreTimerLib/DxeCoreTimerLib.inf > > EmuThunkLib|EmulatorPkg/Library/DxeEmuLib/DxeEmuLib.inf > > > > -[LibraryClasses.common.DXE_RUNTIME_DRIVER, > > LibraryClasses.common.UEFI_DRIVER, LibraryClasses.common.DXE_DRIVER, > > LibraryClasses.common.UEFI_APPLICATION] > > +[LibraryClasses.common.DXE_DRIVER] > > + HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf > > + PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf > > + > > MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemor > > yAllocationLib.inf > > + > > ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeR > > eportStatusCodeLib.inf > > + EmuThunkLib|EmulatorPkg/Library/DxeEmuLib/DxeEmuLib.inf > > + > > PeCoffExtraActionLib|EmulatorPkg/Library/DxeEmuPeCoffExtraActionLib/Dxe > > EmuPeCoffExtraActionLib.inf > > + > > ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeR > > eportStatusCodeLib.inf > > + TimerLib|EmulatorPkg/Library/DxeTimerLib/DxeTimerLib.inf > > + !if $(SECURE_BOOT_ENABLE) == TRUE > > + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > > + !endif > > + > > +[LibraryClasses.common.DXE_RUNTIME_DRIVER, > > LibraryClasses.common.UEFI_DRIVER, > > LibraryClasses.common.UEFI_APPLICATION] > > HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf > > PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf > > > > MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemor > > yAllocationLib.inf > > @@ -171,6 +193,9 @@ > > > > PeCoffExtraActionLib|EmulatorPkg/Library/DxeEmuPeCoffExtraActionLib/Dxe > > EmuPeCoffExtraActionLib.inf > > > > ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeR > > eportStatusCodeLib.inf > > TimerLib|EmulatorPkg/Library/DxeTimerLib/DxeTimerLib.inf > > + !if $(SECURE_BOOT_ENABLE) == TRUE > > + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf > > + !endif > > > > [PcdsFeatureFlag] > > gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode|FALSE > > @@ -190,6 +215,10 @@ > > gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareFdSize|0x002a0000 > > gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareBlockSize|0x10000 > > > > gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareVolume|L"../FV/FV_RECOVE > > RY.fd" > > + !if $(SECURE_BOOT_ENABLE) == TRUE > > + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800 > > + gEfiSecurityPkgTokenSpaceGuid.PcdUserPhysicalPresence|TRUE > > + !endif > > > > gEmulatorPkgTokenSpaceGuid.PcdEmuMemorySize|L"64!64" > > > > @@ -315,6 +344,13 @@ > > EmulatorPkg/PlatformSmbiosDxe/PlatformSmbiosDxe.inf > > EmulatorPkg/TimerDxe/Timer.inf > > > > + !if $(SECURE_BOOT_ENABLE) == TRUE > > + > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigD > > xe.inf > > + MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf { > > + <LibraryClasses> > > + > > > NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.i > > nf > > + } > > + !endif > > > > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf > > { > > <LibraryClasses> > > diff --git a/EmulatorPkg/EmulatorPkg.fdf b/EmulatorPkg/EmulatorPkg.fdf > > index 295f6f1db8..4bf592e778 100644 > > --- a/EmulatorPkg/EmulatorPkg.fdf > > +++ b/EmulatorPkg/EmulatorPkg.fdf > > @@ -46,10 +46,16 @@ DATA = { > > # Blockmap[1]: End > > 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, > > ## This is the VARIABLE_STORE_HEADER > > - #Signature: gEfiVariableGuid = > > - # { 0xddcf3616, 0x3275, 0x4164, { 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, > > 0xfe, 0x7d }} > > - 0x16, 0x36, 0xcf, 0xdd, 0x75, 0x32, 0x64, 0x41, > > - 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d, > > + !if $(SECURE_BOOT_ENABLE) == FALSE > > + #Signature: gEfiVariableGuid = > > + # { 0xddcf3616, 0x3275, 0x4164, { 0x98, 0xb6, 0xfe, 0x85, 0x70, > 0x7f, > > 0xfe, 0x7d }} > > + 0x16, 0x36, 0xcf, 0xdd, 0x75, 0x32, 0x64, 0x41, > > + 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d, > > + !else > > + # Signature: gEfiAuthenticatedVariableGuid = { 0xaaf32c78, 0x947b, > > 0x439a, { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 } } > > + 0x78, 0x2c, 0xf3, 0xaa, 0x7b, 0x94, 0x9a, 0x43, > > + 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92, > > + !endif > > #Size: 0xc000 > > (gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize) - 0x48 > > (size of EFI_FIRMWARE_VOLUME_HEADER) = 0xBFB8 > > # This can speed up the Variable Dispatch a bit. > > 0xB8, 0xBF, 0x00, 0x00, > > @@ -186,6 +192,13 @@ INF RuleOverride = UI > > MdeModulePkg/Application/UiApp/UiApp.inf > > INF > > > MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenuApp.i > > nf > > INF MdeModulePkg/Universal/DriverSampleDxe/DriverSampleDxe.inf > > > > +# > > +# Secure Boot Key Enroll > > +# > > +!if $(SECURE_BOOT_ENABLE) == TRUE > > +INF > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigD > > xe.inf > > +!endif > > + > > # > > # Network stack drivers > > # > > -- > > 2.24.1.windows.2 > > > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#65314): https://edk2.groups.io/g/devel/message/65314 Mute This Topic: https://groups.io/mt/76883465/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
Hi Ray, I have fixed the review comments. I will push a v2 of the patch. Regards, Divneil -----Original Message----- From: Ni, Ray <ray.ni@intel.com> Sent: Wednesday, September 16, 2020 2:16 PM To: gaoliming <gaoliming@byosoft.com.cn>; devel@edk2.groups.io; Wadhawan, Divneil R <divneil.r.wadhawan@intel.com> Cc: 'Andrew Fish' <afish@apple.com>; Justen, Jordan L <jordan.l.justen@intel.com>; Kinney, Michael D <michael.d.kinney@intel.com> Subject: RE: [edk2-devel] [PATCH] EmulatorPkg: Enable support for Secure Boot 1. I prefer to not duplicate the HobLib/PcdLib/.../TimerLib in DSC for runtime drivers just because they need to link a different CryptLib. 2. Why the DSC requires UEFI_DRIVER and UEFI_APPLICATION modules use RuntimeCryptLib? It should cause build failures because RuntimeCryptLib only can support DXE_RUNTIME_DRIVER. 3. SecurityStubDxe is already in DSC file. Why did you add another one? Thanks, Ray > -----Original Message----- > From: gaoliming <gaoliming@byosoft.com.cn> > Sent: Wednesday, September 16, 2020 9:49 AM > To: devel@edk2.groups.io; Wadhawan, Divneil R > <divneil.r.wadhawan@intel.com> > Cc: Ni, Ray <ray.ni@intel.com>; 'Andrew Fish' <afish@apple.com>; > Justen, Jordan L <jordan.l.justen@intel.com>; Kinney, Michael D > <michael.d.kinney@intel.com> > Subject: 回复: [edk2-devel] [PATCH] EmulatorPkg: Enable support for > Secure Boot > > I think SECURE_BOOT_ENABLE flag is fine. It controls more security > related features. And, this flag is also used in OVMF DSC. > > So, this change is good to me. Reviewed-by: Liming Gao > <gaoliming@byosoft.com.cn> > > Ray, Andrew: have you any other comment? > > Thanks > Liming > > -----邮件原件----- > > 发件人: bounce+27952+65013+4905953+8761045@groups.io > > <bounce+27952+65013+4905953+8761045@groups.io> 代表 Wadhawan, Divneil > > R > > 发送时间: 2020年9月4日 2:17 > > 收件人: devel@edk2.groups.io > > 抄送: Ni, Ray <ray.ni@intel.com>; Andrew Fish (afish@apple.com) > > <afish@apple.com>; Justen, Jordan L <jordan.l.justen@intel.com>; > > Kinney, Michael D <michael.d.kinney@intel.com>; Wadhawan, Divneil R > > <divneil.r.wadhawan@intel.com> > > 主题: [edk2-devel] [PATCH] EmulatorPkg: Enable support for Secure Boot > > > > SECURE_BOOT_ENABLE feature flag is introduced to enable Secure Boot. > > The following gets enabled with this patch: > > o Secure Boot Menu in "Device Manager" for enrolling keys o Storage > > space for Authenticated Variables o Authenticated execution of 3rd > > party images > > > > Signed-off-by: Divneil Rai Wadhawan <divneil.r.wadhawan@intel.com> > > --- > > EmulatorPkg/EmulatorPkg.dsc | 40 > > +++++++++++++++++++++++++++++++++++-- > > EmulatorPkg/EmulatorPkg.fdf | 21 +++++++++++++++---- > > 2 files changed, 55 insertions(+), 6 deletions(-) > > > > diff --git a/EmulatorPkg/EmulatorPkg.dsc > > b/EmulatorPkg/EmulatorPkg.dsc index 86a6271735..6591c3e824 100644 > > --- a/EmulatorPkg/EmulatorPkg.dsc > > +++ b/EmulatorPkg/EmulatorPkg.dsc > > @@ -32,6 +32,7 @@ > > DEFINE NETWORK_TLS_ENABLE = FALSE > > DEFINE NETWORK_HTTP_BOOT_ENABLE = FALSE > > DEFINE NETWORK_ISCSI_ENABLE = FALSE > > + DEFINE SECURE_BOOT_ENABLE = FALSE > > > > [SkuIds] > > 0|DEFAULT > > @@ -106,12 +107,20 @@ > > LockBoxLib|MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf > > > > CpuExceptionHandlerLib|MdeModulePkg/Library/CpuExceptionHandlerLibNu > > ll/CpuExceptionHandlerLibNull.inf > > > > > TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/Tpm > > MeasurementLibNull.inf > > - > > AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariabl > > AuthVariableLib|eLi > > bNull.inf > > VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf > > SortLib|MdeModulePkg/Library/BaseSortLib/BaseSortLib.inf > > ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf > > > > FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf > > > > + !if $(SECURE_BOOT_ENABLE) == TRUE > > + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf > > + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > > + > > PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/Platform > > PlatformSecureLib|Secur > > eLibNull.inf > > + > > AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib. > > AuthVariableLib|inf > > + !else > > + > > AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariabl > > AuthVariableLib|eLi > > bNull.inf > > + !endif > > + > > [LibraryClasses.common.SEC] > > > > PeiServicesLib|EmulatorPkg/Library/SecPeiServicesLib/SecPeiServicesL > > PeiServicesLib|ib.inf > > PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf > > @@ -162,7 +171,20 @@ > > TimerLib|EmulatorPkg/Library/DxeCoreTimerLib/DxeCoreTimerLib.inf > > EmuThunkLib|EmulatorPkg/Library/DxeEmuLib/DxeEmuLib.inf > > > > -[LibraryClasses.common.DXE_RUNTIME_DRIVER, > > LibraryClasses.common.UEFI_DRIVER, LibraryClasses.common.DXE_DRIVER, > > LibraryClasses.common.UEFI_APPLICATION] > > +[LibraryClasses.common.DXE_DRIVER] > > + HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf > > + PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf > > + > > MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemor > > yAllocationLib.inf > > + > > ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeR > > eportStatusCodeLib.inf > > + EmuThunkLib|EmulatorPkg/Library/DxeEmuLib/DxeEmuLib.inf > > + > > PeCoffExtraActionLib|EmulatorPkg/Library/DxeEmuPeCoffExtraActionLib/ > > PeCoffExtraActionLib|Dxe > > EmuPeCoffExtraActionLib.inf > > + > > ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeR > > eportStatusCodeLib.inf > > + TimerLib|EmulatorPkg/Library/DxeTimerLib/DxeTimerLib.inf > > + !if $(SECURE_BOOT_ENABLE) == TRUE > > + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > > + !endif > > + > > +[LibraryClasses.common.DXE_RUNTIME_DRIVER, > > LibraryClasses.common.UEFI_DRIVER, > > LibraryClasses.common.UEFI_APPLICATION] > > HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf > > PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf > > > > MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemor > > yAllocationLib.inf > > @@ -171,6 +193,9 @@ > > > > PeCoffExtraActionLib|EmulatorPkg/Library/DxeEmuPeCoffExtraActionLib/ > > PeCoffExtraActionLib|Dxe > > EmuPeCoffExtraActionLib.inf > > > > ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeR > > eportStatusCodeLib.inf > > TimerLib|EmulatorPkg/Library/DxeTimerLib/DxeTimerLib.inf > > + !if $(SECURE_BOOT_ENABLE) == TRUE > > + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf > > + !endif > > > > [PcdsFeatureFlag] > > gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode|FALSE > > @@ -190,6 +215,10 @@ > > gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareFdSize|0x002a0000 > > gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareBlockSize|0x10000 > > > > gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareVolume|L"../FV/FV_RECOVE > > RY.fd" > > + !if $(SECURE_BOOT_ENABLE) == TRUE > > + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800 > > + gEfiSecurityPkgTokenSpaceGuid.PcdUserPhysicalPresence|TRUE > > + !endif > > > > gEmulatorPkgTokenSpaceGuid.PcdEmuMemorySize|L"64!64" > > > > @@ -315,6 +344,13 @@ > > EmulatorPkg/PlatformSmbiosDxe/PlatformSmbiosDxe.inf > > EmulatorPkg/TimerDxe/Timer.inf > > > > + !if $(SECURE_BOOT_ENABLE) == TRUE > > + > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConf > > igD > > xe.inf > > + MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf { > > + <LibraryClasses> > > + > > > NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationL > NULL|ib.i > > nf > > + } > > + !endif > > > > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf > > { > > <LibraryClasses> > > diff --git a/EmulatorPkg/EmulatorPkg.fdf > > b/EmulatorPkg/EmulatorPkg.fdf index 295f6f1db8..4bf592e778 100644 > > --- a/EmulatorPkg/EmulatorPkg.fdf > > +++ b/EmulatorPkg/EmulatorPkg.fdf > > @@ -46,10 +46,16 @@ DATA = { > > # Blockmap[1]: End > > 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, > > ## This is the VARIABLE_STORE_HEADER > > - #Signature: gEfiVariableGuid = > > - # { 0xddcf3616, 0x3275, 0x4164, { 0x98, 0xb6, 0xfe, 0x85, 0x70, > > 0x7f, 0xfe, 0x7d }} > > - 0x16, 0x36, 0xcf, 0xdd, 0x75, 0x32, 0x64, 0x41, > > - 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d, > > + !if $(SECURE_BOOT_ENABLE) == FALSE > > + #Signature: gEfiVariableGuid = > > + # { 0xddcf3616, 0x3275, 0x4164, { 0x98, 0xb6, 0xfe, 0x85, > > + 0x70, > 0x7f, > > 0xfe, 0x7d }} > > + 0x16, 0x36, 0xcf, 0xdd, 0x75, 0x32, 0x64, 0x41, > > + 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d, !else > > + # Signature: gEfiAuthenticatedVariableGuid = { 0xaaf32c78, > > + 0x947b, > > 0x439a, { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 } } > > + 0x78, 0x2c, 0xf3, 0xaa, 0x7b, 0x94, 0x9a, 0x43, > > + 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92, !endif > > #Size: 0xc000 > > (gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize) - > > 0x48 (size of EFI_FIRMWARE_VOLUME_HEADER) = 0xBFB8 > > # This can speed up the Variable Dispatch a bit. > > 0xB8, 0xBF, 0x00, 0x00, > > @@ -186,6 +192,13 @@ INF RuleOverride = UI > > MdeModulePkg/Application/UiApp/UiApp.inf > > INF > > > MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenuApp.i > > nf > > INF MdeModulePkg/Universal/DriverSampleDxe/DriverSampleDxe.inf > > > > +# > > +# Secure Boot Key Enroll > > +# > > +!if $(SECURE_BOOT_ENABLE) == TRUE > > +INF > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConf > > igD > > xe.inf > > +!endif > > + > > # > > # Network stack drivers > > # > > -- > > 2.24.1.windows.2 > > > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#65334): https://edk2.groups.io/g/devel/message/65334 Mute This Topic: https://groups.io/mt/76883465/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
Hi Mike,
recently I have updated my CdePkg project from https://github.com/tianocore/edk2-staging.git.
It seems that the ValleyView Package (MinnowBoard) in edk2-platforms<https://github.com/tianocore/edk2-platforms>/Platform<https://github.com/tianocore/edk2-platforms/tree/master/Platform>/Intel<https://github.com/tianocore/edk2-platforms/tree/master/Platform/Intel>/Vlv2TbltDevicePkg
needs an update to support latest FmpDevicePkg from edk2-stable202008.
diff --git a/Platform/Intel/Vlv2TbltDevicePkg/FmpBlueSampleDevice.dsc b/Platform/Intel/Vlv2TbltDevicePkg/FmpBlueSampleDevice.dsc
index 3bd9f150b3..1bf943cf0e 100644
--- a/Platform/Intel/Vlv2TbltDevicePkg/FmpBlueSampleDevice.dsc
+++ b/Platform/Intel/Vlv2TbltDevicePkg/FmpBlueSampleDevice.dsc
@@ -52,4 +52,7 @@
# Device specific library that processes a capsule and updates the FW storage device
#
FmpDeviceLib|Vlv2TbltDevicePkg/Feature/Capsule/Library/FmpDeviceLibSample/FmpDeviceLib.inf
+ FmpDependencyLib|FmpDevicePkg\Library\FmpDependencyLib\FmpDependencyLib.inf
+ FmpDependencyCheckLib|FmpDevicePkg\Library\FmpDependencyCheckLibNull\FmpDependencyCheckLibNull.inf
+ FmpDependencyDeviceLib|FmpDevicePkg\Library\FmpDependencyDeviceLibNull\FmpDependencyDeviceLibNull.inf
}
diff --git a/Platform/Intel/Vlv2TbltDevicePkg/FmpGreenSampleDevice.dsc b/Platform/Intel/Vlv2TbltDevicePkg/FmpGreenSampleDevice.dsc
index 61bdd36a96..0e6c10e23f 100644
--- a/Platform/Intel/Vlv2TbltDevicePkg/FmpGreenSampleDevice.dsc
+++ b/Platform/Intel/Vlv2TbltDevicePkg/FmpGreenSampleDevice.dsc
@@ -52,4 +52,7 @@
# Device specific library that processes a capsule and updates the FW storage device
#
FmpDeviceLib|Vlv2TbltDevicePkg/Feature/Capsule/Library/FmpDeviceLibSample/FmpDeviceLib.inf
+ FmpDependencyLib|FmpDevicePkg\Library\FmpDependencyLib\FmpDependencyLib.inf
+ FmpDependencyCheckLib|FmpDevicePkg\Library\FmpDependencyCheckLibNull\FmpDependencyCheckLibNull.inf
+ FmpDependencyDeviceLib|FmpDevicePkg\Library\FmpDependencyDeviceLibNull\FmpDependencyDeviceLibNull.inf
}
diff --git a/Platform/Intel/Vlv2TbltDevicePkg/FmpMinnowMaxSystem.dsc b/Platform/Intel/Vlv2TbltDevicePkg/FmpMinnowMaxSystem.dsc
index 304519b294..eea73c0f06 100644
--- a/Platform/Intel/Vlv2TbltDevicePkg/FmpMinnowMaxSystem.dsc
+++ b/Platform/Intel/Vlv2TbltDevicePkg/FmpMinnowMaxSystem.dsc
@@ -56,4 +56,7 @@
# Device specific library that processes a capsule and updates the FW storage device
#
FmpDeviceLib|Vlv2TbltDevicePkg/Feature/Capsule/Library/FmpDeviceLib/FmpDeviceLib.inf
+ FmpDependencyLib|FmpDevicePkg\Library\FmpDependencyLib\FmpDependencyLib.inf
+ FmpDependencyCheckLib|FmpDevicePkg\Library\FmpDependencyCheckLibNull\FmpDependencyCheckLibNull.inf
+ FmpDependencyDeviceLib|FmpDevicePkg\Library\FmpDependencyDeviceLibNull\FmpDependencyDeviceLibNull.inf
}
diff --git a/Platform/Intel/Vlv2TbltDevicePkg/FmpRedSampleDevice.dsc b/Platform/Intel/Vlv2TbltDevicePkg/FmpRedSampleDevice.dsc
index 59851f2b41..d37974f9d4 100644
--- a/Platform/Intel/Vlv2TbltDevicePkg/FmpRedSampleDevice.dsc
+++ b/Platform/Intel/Vlv2TbltDevicePkg/FmpRedSampleDevice.dsc
@@ -52,4 +52,7 @@
# Device specific library that processes a capsule and updates the FW storage device
#
FmpDeviceLib|Vlv2TbltDevicePkg/Feature/Capsule/Library/FmpDeviceLibSample/FmpDeviceLib.inf
+ FmpDependencyLib|FmpDevicePkg\Library\FmpDependencyLib\FmpDependencyLib.inf
+ FmpDependencyCheckLib|FmpDevicePkg\Library\FmpDependencyCheckLibNull\FmpDependencyCheckLibNull.inf
+ FmpDependencyDeviceLib|FmpDevicePkg\Library\FmpDependencyDeviceLibNull\FmpDependencyDeviceLibNull.inf
}
Best Reagrds,
Kilian
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#65338): https://edk2.groups.io/g/devel/message/65338
Mute This Topic: https://groups.io/mt/76893177/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
© 2016 - 2024 Red Hat, Inc.