[edk2-devel] [PATCH v1 2/2] OvmfPkg: Use PcdNetworkSupport to enable/disable VirtIo net

Thu, 04 Aug 2022 09:11:37 -0700 

Enable/Disable VirtIo net based on the value of PcdNetworkSupport which
is controlled in NetworkCfgLib, which sets the PCD based on
"etc/networking" qemu file.

With this change, VMM can disable networking even if it is enabled at
compile time. This will allow to reduce attack surface by simply
providing an "etc/networking" value without having to recompile EDK2
completely.

Cc: Ard Biesheuvel <ardb+tianoc...@kernel.org>
Cc: Jordan Justen <jordan.l.jus...@intel.com>
Cc: Laszlo Ersek <ler...@redhat.com>
Cc: Anthony Perard <anthony.per...@citrix.com>
Cc: Julien Grall <jul...@xen.org>

Signed-off-by: Yuan Yu <yua...@google.com>
---
 OvmfPkg/OvmfPkgX64.dsc             |  7 ++++++-
 OvmfPkg/VirtioNetDxe/VirtioNet.inf |  3 +++
 OvmfPkg/VirtioNetDxe/EntryPoint.c  | 10 ++++++++++
 3 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 6e68f60dc90f..63cce9f65a95 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -686,6 +686,8 @@ [PcdsDynamicDefault]
   gEfiMdePkgTokenSpaceGuid.PcdFSBClock|1000000000
 !endif
 
+  gUefiOvmfPkgTokenSpaceGuid.PcdNetworkSupport|TRUE
+
 [PcdsDynamicHii]
 !include OvmfPkg/OvmfTpmPcdsHii.dsc.inc
 
@@ -953,7 +955,10 @@ [Components]
       NULL|OvmfPkg/Library/TlsAuthConfigLib/TlsAuthConfigLib.inf
   }
 !endif
-  OvmfPkg/VirtioNetDxe/VirtioNet.inf
+  OvmfPkg/VirtioNetDxe/VirtioNet.inf {
+    <LibraryClasses>
+      NULL|OvmfPkg/Library/NetworkCfgLib/NetworkCfgLib.inf
+  }
 
   #
   # Usb Support
diff --git a/OvmfPkg/VirtioNetDxe/VirtioNet.inf 
b/OvmfPkg/VirtioNetDxe/VirtioNet.inf
index ada84ed5543b..37bcf13b7863 100644
--- a/OvmfPkg/VirtioNetDxe/VirtioNet.inf
+++ b/OvmfPkg/VirtioNetDxe/VirtioNet.inf
@@ -54,3 +54,6 @@ [Protocols]
   gEfiSimpleNetworkProtocolGuid  ## BY_START
   gEfiDevicePathProtocolGuid     ## BY_START
   gVirtioDeviceProtocolGuid      ## TO_START
+
+[Pcd]
+  gUefiOvmfPkgTokenSpaceGuid.PcdNetworkSupport       ## CONSUMES
diff --git a/OvmfPkg/VirtioNetDxe/EntryPoint.c 
b/OvmfPkg/VirtioNetDxe/EntryPoint.c
index c3f41dab57bd..9bf220b9ade5 100644
--- a/OvmfPkg/VirtioNetDxe/EntryPoint.c
+++ b/OvmfPkg/VirtioNetDxe/EntryPoint.c
@@ -9,6 +9,8 @@
 
 **/
 
+#include <PiDxe.h>
+
 #include <Library/UefiLib.h>
 
 #include "VirtioNet.h"
@@ -32,6 +34,14 @@ VirtioNetEntryPoint (
   IN EFI_SYSTEM_TABLE  *SystemTable
   )
 {
+  if (PcdGetBool (PcdNetworkSupport)) {
+    DEBUG ((DEBUG_INFO, "[network] %a - Networking enabled.\n", __FUNCTION__));
+  } else {
+    DEBUG ((DEBUG_INFO, "[network] %a - Networking disabled.\n", 
__FUNCTION__));
+
+    return EFI_REQUEST_UNLOAD_IMAGE;
+  }
+
   return EfiLibInstallDriverBindingComponentName2 (
            ImageHandle,
            SystemTable,
-- 
2.37.1.559.g78731f0fdb-goog



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#92120): https://edk2.groups.io/g/devel/message/92120
Mute This Topic: https://groups.io/mt/92816626/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to