When the user builds OVMF with -D SMM_REQUIRE, our LockBox implementation must not be used, since it doesn't actually protect data in the LockBox from the runtime guest OS. Add an according assert to LockBoxLibInitialize().
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <ler...@redhat.com> Reviewed-by: Paolo Bonzini <pbonz...@redhat.com> Reviewed-by: Jordan Justen <jordan.l.jus...@intel.com> --- Notes: v5: - split out LockBoxLib changes from "OvmfPkg: LockBox: -D SMM_REQUIRE excludes our fake lockbox" [Jordan] OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf | 3 +++ OvmfPkg/Library/LockBoxLib/LockBoxDxeLib.inf | 3 +++ OvmfPkg/Library/LockBoxLib/LockBoxLib.c | 2 ++ 3 files changed, 8 insertions(+) diff --git a/OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf b/OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf index 7203d07..81c893e 100644 --- a/OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf +++ b/OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf @@ -42,3 +42,6 @@ [LibraryClasses] [Pcd] gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageBase gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageSize + +[FeaturePcd] + gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire diff --git a/OvmfPkg/Library/LockBoxLib/LockBoxDxeLib.inf b/OvmfPkg/Library/LockBoxLib/LockBoxDxeLib.inf index a4d27a5..08973a4 100644 --- a/OvmfPkg/Library/LockBoxLib/LockBoxDxeLib.inf +++ b/OvmfPkg/Library/LockBoxLib/LockBoxDxeLib.inf @@ -43,3 +43,6 @@ [LibraryClasses] [Pcd] gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageBase gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageSize + +[FeaturePcd] + gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire diff --git a/OvmfPkg/Library/LockBoxLib/LockBoxLib.c b/OvmfPkg/Library/LockBoxLib/LockBoxLib.c index 89050ac..45481b9 100644 --- a/OvmfPkg/Library/LockBoxLib/LockBoxLib.c +++ b/OvmfPkg/Library/LockBoxLib/LockBoxLib.c @@ -44,6 +44,8 @@ LockBoxLibInitialize ( { UINTN NumEntries; + ASSERT (!FeaturePcdGet (PcdSmmSmramRequire)); + if (PcdGet32 (PcdOvmfLockBoxStorageSize) < sizeof (LOCK_BOX_GLOBAL)) { return RETURN_UNSUPPORTED; } -- 1.8.3.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel