Reviewed-by: Jordan Justen <jordan.l.jus...@intel.com>
On 2015-07-24 16:00:08, Laszlo Ersek wrote: > This build time flag and corresponding Feature PCD will control whether > OVMF supports (and, equivalently, requires) SMM/SMRAM support from QEMU. > > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Laszlo Ersek <ler...@redhat.com> > --- > OvmfPkg/OvmfPkg.dec | 10 ++++++++++ > OvmfPkg/OvmfPkgIa32.dsc | 4 ++++ > OvmfPkg/OvmfPkgIa32X64.dsc | 4 ++++ > OvmfPkg/OvmfPkgX64.dsc | 4 ++++ > 4 files changed, 22 insertions(+) > > diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec > index 80816e9..54df0ef 100644 > --- a/OvmfPkg/OvmfPkg.dec > +++ b/OvmfPkg/OvmfPkg.dec > @@ -120,3 +120,13 @@ [PcdsFeatureFlag] > gUefiOvmfPkgTokenSpaceGuid.PcdSecureBootEnable|FALSE|BOOLEAN|3 > gUefiOvmfPkgTokenSpaceGuid.PcdQemuBootOrderPciTranslation|TRUE|BOOLEAN|0x1c > > gUefiOvmfPkgTokenSpaceGuid.PcdQemuBootOrderMmioTranslation|FALSE|BOOLEAN|0x1d > + > + ## This feature flag enables SMM/SMRAM support. Note that it also requires > + # such support from the underlying QEMU instance; if that support is not > + # present, the firmware will reject continuing after a certain point. > + # > + # The flag also acts as a general "security switch"; when TRUE, many > + # components will change behavior, with the goal of preventing a malicious > + # runtime OS from tampering with firmware structures (special memory > ranges > + # used by OVMF, the varstore pflash chip, LockBox etc). > + gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire|FALSE|BOOLEAN|0x1e > diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc > index 04c4204..1ca12e8 100644 > --- a/OvmfPkg/OvmfPkgIa32.dsc > +++ b/OvmfPkg/OvmfPkgIa32.dsc > @@ -35,6 +35,7 @@ [Defines] > # > DEFINE SECURE_BOOT_ENABLE = FALSE > DEFINE NETWORK_IP6_ENABLE = FALSE > + DEFINE SMM_REQUIRE = FALSE > > [BuildOptions] > GCC:*_UNIXGCC_*_CC_FLAGS = -DMDEPKG_NDEBUG > @@ -301,6 +302,9 @@ [PcdsFeatureFlag] > !if $(SECURE_BOOT_ENABLE) == TRUE > gUefiOvmfPkgTokenSpaceGuid.PcdSecureBootEnable|TRUE > !endif > +!if $(SMM_REQUIRE) == TRUE > + gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire|TRUE > +!endif > > [PcdsFixedAtBuild] > gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeMemorySize|1 > diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc > index 652126e..4cda03c 100644 > --- a/OvmfPkg/OvmfPkgIa32X64.dsc > +++ b/OvmfPkg/OvmfPkgIa32X64.dsc > @@ -35,6 +35,7 @@ [Defines] > # > DEFINE SECURE_BOOT_ENABLE = FALSE > DEFINE NETWORK_IP6_ENABLE = FALSE > + DEFINE SMM_REQUIRE = FALSE > > [BuildOptions] > GCC:*_UNIXGCC_*_CC_FLAGS = -DMDEPKG_NDEBUG > @@ -306,6 +307,9 @@ [PcdsFeatureFlag] > !if $(SECURE_BOOT_ENABLE) == TRUE > gUefiOvmfPkgTokenSpaceGuid.PcdSecureBootEnable|TRUE > !endif > +!if $(SMM_REQUIRE) == TRUE > + gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire|TRUE > +!endif > > [PcdsFixedAtBuild] > gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeMemorySize|1 > diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc > index da820b0..e3be189 100644 > --- a/OvmfPkg/OvmfPkgX64.dsc > +++ b/OvmfPkg/OvmfPkgX64.dsc > @@ -35,6 +35,7 @@ [Defines] > # > DEFINE SECURE_BOOT_ENABLE = FALSE > DEFINE NETWORK_IP6_ENABLE = FALSE > + DEFINE SMM_REQUIRE = FALSE > > [BuildOptions] > GCC:*_UNIXGCC_*_CC_FLAGS = -DMDEPKG_NDEBUG > @@ -306,6 +307,9 @@ [PcdsFeatureFlag] > !if $(SECURE_BOOT_ENABLE) == TRUE > gUefiOvmfPkgTokenSpaceGuid.PcdSecureBootEnable|TRUE > !endif > +!if $(SMM_REQUIRE) == TRUE > + gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire|TRUE > +!endif > > [PcdsFixedAtBuild] > gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeMemorySize|1 > -- > 1.8.3.1 > > > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel