UefiPayloadPkg: Add Secure Boot support

Cc: Guo Dong <guo.dong@intel.com> Cc: Ray Ni <ray.ni@intel.com> Cc: Maurice Ma <maurice.ma@intel.com> Cc: Benjamin You <benjamin.you@intel.com> Signed-off-by: Sean Rhodes <sean@starlabs.systems> Change-Id: I4f44e29bc967b7d2208193e21aeeef8b96afcc69
2022-01-03 15:56:05 +00:00
parent 35dde2452d
commit 2dc1e51593
14 changed files with 674 additions and 12 deletions
--- a/UefiPayloadPkg/UefiPayloadPkg.fdf
+++ b/UefiPayloadPkg/UefiPayloadPkg.fdf
@@ -61,7 +61,6 @@ FILE FV_IMAGE = 4E35FD93-9C72-4c15-8C4B-E77F1DB2D793 {
 }

 ################################################################################
-
 [FV.DXEFV]
 FvNameGuid         = 8063C21A-8E58-4576-95CE-089E87975D23
 BlockSize          = $(FD_BLOCK_SIZE)
@@ -89,6 +88,11 @@ APRIORI DXE {
  INF  MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/ReportStatusCodeRouterRuntimeDxe.inf
  INF  MdeModulePkg/Universal/StatusCodeHandler/RuntimeDxe/StatusCodeHandlerRuntimeDxe.inf
  INF  UefiPayloadPkg/BlSupportDxe/BlSupportDxe.inf
+!if $(SECURE_BOOT_ENABLE) == TRUE
+  INF  PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe/PcatRealTimeClockRuntimeDxe.inf
+  INF  SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.inf # After SMBusConfigLoader and PcatRealTimeClockRuntimeDxe, before Tcg2Dxe
+  INF  UefiPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetup.inf
+!endif
 }

 #
@@ -272,6 +276,19 @@ INF SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
  !include NetworkPkg/Network.fdf.inc
 !endif

+#
+# Security
+#
+!if $(SECURE_BOOT_ENABLE) == TRUE
+  INF  SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
+  INF  SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.inf
+  INF  UefiPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetup.inf
+
+  FILE FREEFORM = PCD(gUefiPayloadPkgTokenSpaceGuid.PcdNvsDataFile) {
+    SECTION RAW = UefiVariableBinary/SECUREBOOT.Fv
+  }
+!endif
+
 #
 # Shell
 #
@@ -415,3 +432,17 @@ INF ShellPkg/Application/Shell/Shell.inf
    UI        STRING="Enter Setup"
    VERSION   STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER)
  }
+
+[RULE.COMMON.USER_DEFINED]
+  FILE FREEFORM = $(NAMED_GUID) {
+    RAW BIN                |.crt
+    RAW BIN                |.bin
+  }
+
+[RULE.COMMON.USER_DEFINED.BINARY]
+  FILE FREEFORM = $(NAMED_GUID) {
+    RAW BIN                |.crt
+    RAW BIN                |.bin
+    UI       STRING="$(MODULE_NAME)" Optional
+  }
+