1958124a6cb0b48a3b6e78726fbbac95e77f2408
I missed the following, both while reviewing and while testing commit6041ac65ae
("OvmfPkg/PlatformPei: DENY_EXECUTE_ON_SECURITY_VIOLATION when SEV is active", 2017-10-05): If "-D SECURE_BOOT_ENABLE" is not passed on the "build" command line, then OVMF has no dynamic default at all for "PcdOptionRomImageVerificationPolicy". This means that the PcdSet32S() call added in the subject commit doesn't even compile: > OvmfPkg/PlatformPei/AmdSev.c: In function 'AmdSevInitialize': > OvmfPkg/PlatformPei/AmdSev.c:67:3: error: implicit declaration of > function '_PCD_SET_MODE_32_S_PcdOptionRomImageVerificationPolicy' > [-Werror=implicit-function-declaration] > PcdStatus = PcdSet32S (PcdOptionRomImageVerificationPolicy, 0x4); > ^ > cc1: all warnings being treated as errors Make the current, SB-only, 0x00 dynamic default unconditional. This is the simplest approach, and it reflects the intent of original commit1fea9ddb4e
("OvmfPkg: execute option ROM images regardless of Secure Boot", 2016-01-07). Without SECURE_BOOT_ENABLE, "SecurityPkg/Library/DxeImageVerificationLib" is not used anyway, so the PCD is never read. This issue was first caught and reported by Gerd Hoffmann <kraxel@redhat.com>'s Jenkins CI. Later it was also reported in <https://bugzilla.tianocore.org/show_bug.cgi?id=737>. Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Brijesh Singh <brijesh.singh@amd.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Fixes:6041ac65ae
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Laszlo Ersek <lersek@redhat.com> [lersek@redhat.com: trim commit message as suggested by Jordan] Reviewed-by: Jordan Justen <jordan.l.justen@intel.com> [lersek@redhat.com: add reference to TianoCore BZ#737]
EDK II Project
A modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications from www.uefi.org.
Contributions to the EDK II open source project are covered by the TianoCore Contribution Agreement 1.1
The majority of the content in the EDK II open source project uses a BSD 2-Clause License. The EDK II open source project contains the following components that are covered by additional licenses:
- AppPkg/Applications/Python/Python-2.7.2/Tools/pybench
- AppPkg/Applications/Python/Python-2.7.2
- AppPkg/Applications/Python/Python-2.7.10
- BaseTools/Source/C/BrotliCompress
- MdeModulePkg/Library/BrotliCustomDecompressLib
- OvmfPkg
- CryptoPkg/Library/OpensslLib/openssl
The EDK II Project is composed of packages. The maintainers for each package are listed in Maintainers.txt.
Resources
Description
Languages
C
82.2%
Python
10.3%
Assembly
3.4%
Rich Text Format
1.8%
C++
0.7%
Other
1.2%