EmulatorPkg: Enable support for Secure Boot

SECURE_BOOT_ENABLE feature flag is introduced to enable Secure Boot.
The following gets enabled with this patch:
* Secure Boot Menu in "Device Manager" for enrolling keys
* Storage space for Authenticated Variables
* Authenticated execution of 3rd party images

Signed-off-by: Divneil Rai Wadhawan <divneil.r.wadhawan@intel.com>
Reviewed-by: Ray Ni <ray.ni@intel.com>

1 files changed, 14 insertions, 0 deletions

diff --git a/EmulatorPkg/EmulatorPkg.fdf b/EmulatorPkg/EmulatorPkg.fdf
index 295f6f1db8..b256aa9397 100644
--- a/EmulatorPkg/EmulatorPkg.fdf
+++ b/EmulatorPkg/EmulatorPkg.fdf
@@ -46,10 +46,17 @@ DATA = {
   # Blockmap[1]: End

   0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

   ## This is the VARIABLE_STORE_HEADER

+!if $(SECURE_BOOT_ENABLE) == FALSE

   #Signature: gEfiVariableGuid =

   #  { 0xddcf3616, 0x3275, 0x4164, { 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d }}

   0x16, 0x36, 0xcf, 0xdd, 0x75, 0x32, 0x64, 0x41,

   0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d,

+!else

+  # Signature: gEfiAuthenticatedVariableGuid =

+  #  { 0xaaf32c78, 0x947b, 0x439a, { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 }}

+  0x78, 0x2c, 0xf3, 0xaa, 0x7b, 0x94, 0x9a, 0x43,

+  0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92,

+!endif

   #Size: 0xc000 (gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize) - 0x48 (size of EFI_FIRMWARE_VOLUME_HEADER) = 0xBFB8

   # This can speed up the Variable Dispatch a bit.

   0xB8, 0xBF, 0x00, 0x00,

@@ -187,6 +194,13 @@ INF  MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenuApp.inf
 INF  MdeModulePkg/Universal/DriverSampleDxe/DriverSampleDxe.inf

 

 #

+# Secure Boot Key Enroll

+#

+!if $(SECURE_BOOT_ENABLE) == TRUE

+INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf

+!endif

+

+#

 # Network stack drivers

 #

 !if $(NETWORK_SUPPORT)