Nt32Pkg: Add Secure Boot build option including Custom Mode setup
If –D SECURE_BOOT_ENABLE is specified with the build command, Secure Boot support is enabled including custom mode setup. This allows Secure Boot to be configured through setup allowing Nt32Pkg to be a fully functional Secure Boot reference platforms. Signed-off-by: lee.g.rosenbaum@intel.com Reviewed-by: jiewen.yao@intel.com git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13186 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
leegrosenbaum
@@ -32,6 +32,11 @@
|
||||
SKUID_IDENTIFIER = DEFAULT
|
||||
FLASH_DEFINITION = Nt32Pkg/Nt32Pkg.fdf
|
||||
|
||||
#
|
||||
# Defines for default states. These can be changed on the command line.
|
||||
# -D FLAG=VALUE
|
||||
#
|
||||
DEFINE SECURE_BOOT_ENABLE = FALSE
|
||||
|
||||
################################################################################
|
||||
#
|
||||
@@ -113,6 +118,12 @@
|
||||
PerformanceLib|MdePkg/Library/BasePerformanceLibNull/BasePerformanceLibNull.inf
|
||||
DebugAgentLib|MdeModulePkg/Library/DebugAgentLibNull/DebugAgentLibNull.inf
|
||||
CpuExceptionHandlerLib|MdeModulePkg/Library/CpuExceptionHandlerLibNull/CpuExceptionHandlerLibNull.inf
|
||||
|
||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
PlatformSecureLib|Nt32Pkg/Library/PlatformSecureLib/PlatformSecureLib.inf
|
||||
IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
|
||||
OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
|
||||
!endif
|
||||
|
||||
[LibraryClasses.common.USER_DEFINED]
|
||||
DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf
|
||||
@@ -143,6 +154,9 @@
|
||||
[LibraryClasses.common.PEIM]
|
||||
PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
|
||||
OemHookStatusCodeLib|Nt32Pkg/Library/PeiNt32OemHookStatusCodeLib/PeiNt32OemHookStatusCodeLib.inf
|
||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
|
||||
!endif
|
||||
|
||||
[LibraryClasses.common]
|
||||
#
|
||||
@@ -157,6 +171,9 @@
|
||||
PeCoffExtraActionLib|Nt32Pkg/Library/DxeNt32PeCoffExtraActionLib/DxeNt32PeCoffExtraActionLib.inf
|
||||
ExtractGuidedSectionLib|MdePkg/Library/DxeExtractGuidedSectionLib/DxeExtractGuidedSectionLib.inf
|
||||
WinNtLib|Nt32Pkg/Library/DxeWinNtLib/DxeWinNtLib.inf
|
||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
|
||||
!endif
|
||||
|
||||
[LibraryClasses.common.DXE_CORE]
|
||||
HobLib|MdePkg/Library/DxeCoreHobLib/DxeCoreHobLib.inf
|
||||
@@ -172,6 +189,12 @@
|
||||
[LibraryClasses.common.UEFI_APPLICATION]
|
||||
PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
|
||||
PrintLib|MdeModulePkg/Library/DxePrintLibPrint2Protocol/DxePrintLibPrint2Protocol.inf
|
||||
|
||||
[LibraryClasses.common.DXE_RUNTIME_DRIVER]
|
||||
#
|
||||
# Runtime
|
||||
#
|
||||
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
|
||||
|
||||
################################################################################
|
||||
#
|
||||
@@ -194,6 +217,16 @@
|
||||
gEfiNt32PkgTokenSpaceGuid.PcdWinNtFirmwareBlockSize|0x10000
|
||||
gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x0f
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdResetOnMemoryTypeInformationChange|FALSE
|
||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
|
||||
!endif
|
||||
|
||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
# override the default values from SecurityPkg to ensure images from all sources are verified in secure boot
|
||||
gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x05
|
||||
gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy|0x05
|
||||
gEfiSecurityPkgTokenSpaceGuid.PcdRemovableMediaImageVerificationPolicy|0x05
|
||||
!endif
|
||||
|
||||
################################################################################
|
||||
#
|
||||
@@ -258,7 +291,13 @@
|
||||
Nt32Pkg/BootModePei/BootModePei.inf
|
||||
Nt32Pkg/StallPei/StallPei.inf
|
||||
Nt32Pkg/WinNtFlashMapPei/WinNtFlashMapPei.inf
|
||||
|
||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
SecurityPkg/VariableAuthenticated/Pei/VariablePei.inf
|
||||
!else
|
||||
MdeModulePkg/Universal/Variable/Pei/VariablePei.inf
|
||||
!endif
|
||||
|
||||
Nt32Pkg/WinNtAutoScanPei/WinNtAutoScanPei.inf
|
||||
Nt32Pkg/WinNtFirmwareVolumePei/WinNtFirmwareVolumePei.inf
|
||||
Nt32Pkg/WinNtThunkPPIToProtocolPei/WinNtThunkPPIToProtocolPei.inf
|
||||
@@ -282,7 +321,12 @@
|
||||
Nt32Pkg/ResetRuntimeDxe/ResetRuntimeDxe.inf
|
||||
MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
|
||||
Nt32Pkg/FvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf
|
||||
MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
|
||||
MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {
|
||||
<LibraryClasses>
|
||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
|
||||
!endif
|
||||
}
|
||||
MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.inf
|
||||
MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
|
||||
MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf
|
||||
@@ -294,7 +338,12 @@
|
||||
MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/ReportStatusCodeRouterRuntimeDxe.inf
|
||||
MdeModulePkg/Universal/StatusCodeHandler/RuntimeDxe/StatusCodeHandlerRuntimeDxe.inf
|
||||
Nt32Pkg/WinNtOemHookStatusCodeHandlerDxe/WinNtOemHookStatusCodeHandlerDxe.inf
|
||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf
|
||||
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
|
||||
!else
|
||||
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
|
||||
!endif
|
||||
MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
|
||||
MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
|
||||
MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
|
||||
|
||||
Reference in New Issue
Block a user