Remove boilerplate from the QEMU platforms by including ConfigPkg/Security/Security.{dsc|fdf}.inc.
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Leif Lindholm <leif.lindh...@linaro.org> --- ArmVirtPkg/ArmVirt.dsc.inc | 19 +++---------------- ArmVirtPkg/ArmVirtQemu.dsc | 12 ++---------- ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 1 + ArmVirtPkg/ArmVirtQemuKernel.dsc | 12 ++---------- 4 files changed, 8 insertions(+), 36 deletions(-) diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc index a9fdddcd6c..5c8be2d689 100644 --- a/ArmVirtPkg/ArmVirt.dsc.inc +++ b/ArmVirtPkg/ArmVirt.dsc.inc @@ -131,18 +131,9 @@ # # Secure Boot dependencies # -!if $(SECURE_BOOT_ENABLE) == TRUE - IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf - OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf - TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf - AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf - +!if $(CONFIG_SECURE_BOOT_ENABLE) == TRUE # re-use the UserPhysicalPresent() dummy implementation from the ovmf tree PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf -!else - TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf - AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf !endif VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf UefiBootManagerLib|MdeModulePkg/Library/UefiBootManagerLib/UefiBootManagerLib.inf @@ -225,10 +216,6 @@ MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf -!if $(SECURE_BOOT_ENABLE) == TRUE - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf -!endif - [LibraryClasses.ARM] ArmSoftFloatLib|ArmPkg/Library/ArmSoftFloatLib/ArmSoftFloatLib.inf @@ -323,7 +310,7 @@ gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiACPIReclaimMemory|0 gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiACPIMemoryNVS|0 gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiReservedMemoryType|0 -!if $(SECURE_BOOT_ENABLE) == TRUE +!if $(CONFIG_SECURE_BOOT_ENABLE) == TRUE gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesData|600 gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesCode|400 gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiBootServicesCode|1500 @@ -336,7 +323,7 @@ gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiLoaderCode|20 gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiLoaderData|0 -!if $(SECURE_BOOT_ENABLE) == TRUE +!if $(CONFIG_SECURE_BOOT_ENABLE) == TRUE # override the default values from SecurityPkg to ensure images from all sources are verified in secure boot gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x04 gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy|0x04 diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc index 71d3fb252f..635309c346 100644 --- a/ArmVirtPkg/ArmVirtQemu.dsc +++ b/ArmVirtPkg/ArmVirtQemu.dsc @@ -36,10 +36,11 @@ DEFINE CONFIG_HTTP_BOOT_ENABLE = FALSE DEFINE CONFIG_NETWORK_IP6_ENABLE = FALSE DEFINE CONFIG_TLS_ENABLE = FALSE - DEFINE SECURE_BOOT_ENABLE = FALSE + DEFINE CONFIG_SECURE_BOOT_ENABLE = FALSE !include ArmVirtPkg/ArmVirt.dsc.inc !include ConfigPkg/Network/Network.dsc.inc +!include ConfigPkg/Security/Security.dsc.inc [LibraryClasses.common] ArmLib|ArmPkg/Library/ArmLib/ArmBaseLib.inf @@ -257,15 +258,6 @@ <LibraryClasses> NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf } -!if $(SECURE_BOOT_ENABLE) == TRUE - MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf { - <LibraryClasses> - NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf - } - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf -!else - MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf -!endif MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc index 504fdf5fa9..9cff352416 100644 --- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc +++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc @@ -45,6 +45,7 @@ READ_LOCK_CAP = TRUE READ_LOCK_STATUS = TRUE !include ConfigPkg/Network/Network.fdf.inc +!include ConfigPkg/Security/Security.fdf.inc INF MdeModulePkg/Core/Dxe/DxeMain.inf INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc index db62c1d611..59ad54c3fb 100644 --- a/ArmVirtPkg/ArmVirtQemuKernel.dsc +++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc @@ -35,11 +35,12 @@ # DEFINE CONFIG_HTTP_BOOT_ENABLE = FALSE DEFINE CONFIG_NETWORK_IP6_ENABLE = FALSE + DEFINE CONFIG_SECURE_BOOT_ENABLE = FALSE DEFINE CONFIG_TLS_ENABLE = FALSE - DEFINE SECURE_BOOT_ENABLE = FALSE !include ArmVirtPkg/ArmVirt.dsc.inc !include ConfigPkg/Network/Network.dsc.inc +!include ConfigPkg/Security/Security.dsc.inc [LibraryClasses.common] ArmLib|ArmPkg/Library/ArmLib/ArmBaseLib.inf @@ -248,15 +249,6 @@ <LibraryClasses> NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf } -!if $(SECURE_BOOT_ENABLE) == TRUE - MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf { - <LibraryClasses> - NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf - } - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf -!else - MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf -!endif MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf -- 2.11.0 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel