diff options
| author | leegrosenbaum <leegrosenbaum@6f19259b-4bc3-4df7-8a09-765794883524> | 2012-04-11 16:23:41 +0000 |
|---|---|---|
| committer | leegrosenbaum <leegrosenbaum@6f19259b-4bc3-4df7-8a09-765794883524> | 2012-04-11 16:23:41 +0000 |
| commit | 0ff38cbfa31468aaa96fb13aa489a684f22d647f (patch) | |
| tree | c4b6459cced68a7a149a8ffac6921e98a74c4ef7 /Nt32Pkg/Nt32Pkg.dsc | |
| parent | a46c36572d080dbd6c674e156b5ec486517c67c1 (diff) | |
| download | edk2-0ff38cbfa31468aaa96fb13aa489a684f22d647f.tar.gz edk2-0ff38cbfa31468aaa96fb13aa489a684f22d647f.tar.bz2 edk2-0ff38cbfa31468aaa96fb13aa489a684f22d647f.zip | |
Nt32Pkg: Add Secure Boot build option including Custom Mode setup
If –D SECURE_BOOT_ENABLE is specified with the build command, Secure Boot support is enabled including custom mode setup.
This allows Secure Boot to be configured through setup allowing Nt32Pkg to be a fully functional Secure Boot reference platforms.
Signed-off-by: lee.g.rosenbaum@intel.com
Reviewed-by: jiewen.yao@intel.com
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13186 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'Nt32Pkg/Nt32Pkg.dsc')
| -rw-r--r-- | Nt32Pkg/Nt32Pkg.dsc | 51 |
1 files changed, 50 insertions, 1 deletions
diff --git a/Nt32Pkg/Nt32Pkg.dsc b/Nt32Pkg/Nt32Pkg.dsc index e8aeee98da..9538d37d51 100644 --- a/Nt32Pkg/Nt32Pkg.dsc +++ b/Nt32Pkg/Nt32Pkg.dsc @@ -32,6 +32,11 @@ SKUID_IDENTIFIER = DEFAULT
FLASH_DEFINITION = Nt32Pkg/Nt32Pkg.fdf
+ #
+ # Defines for default states. These can be changed on the command line.
+ # -D FLAG=VALUE
+ #
+ DEFINE SECURE_BOOT_ENABLE = FALSE
################################################################################
#
@@ -113,6 +118,12 @@ PerformanceLib|MdePkg/Library/BasePerformanceLibNull/BasePerformanceLibNull.inf
DebugAgentLib|MdeModulePkg/Library/DebugAgentLibNull/DebugAgentLibNull.inf
CpuExceptionHandlerLib|MdeModulePkg/Library/CpuExceptionHandlerLibNull/CpuExceptionHandlerLibNull.inf
+
+!if $(SECURE_BOOT_ENABLE) == TRUE
+ PlatformSecureLib|Nt32Pkg/Library/PlatformSecureLib/PlatformSecureLib.inf
+ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+!endif
[LibraryClasses.common.USER_DEFINED]
DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf
@@ -143,6 +154,9 @@ [LibraryClasses.common.PEIM]
PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
OemHookStatusCodeLib|Nt32Pkg/Library/PeiNt32OemHookStatusCodeLib/PeiNt32OemHookStatusCodeLib.inf
+!if $(SECURE_BOOT_ENABLE) == TRUE
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+!endif
[LibraryClasses.common]
#
@@ -157,6 +171,9 @@ PeCoffExtraActionLib|Nt32Pkg/Library/DxeNt32PeCoffExtraActionLib/DxeNt32PeCoffExtraActionLib.inf
ExtractGuidedSectionLib|MdePkg/Library/DxeExtractGuidedSectionLib/DxeExtractGuidedSectionLib.inf
WinNtLib|Nt32Pkg/Library/DxeWinNtLib/DxeWinNtLib.inf
+!if $(SECURE_BOOT_ENABLE) == TRUE
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+!endif
[LibraryClasses.common.DXE_CORE]
HobLib|MdePkg/Library/DxeCoreHobLib/DxeCoreHobLib.inf
@@ -172,6 +189,12 @@ [LibraryClasses.common.UEFI_APPLICATION]
PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
PrintLib|MdeModulePkg/Library/DxePrintLibPrint2Protocol/DxePrintLibPrint2Protocol.inf
+
+[LibraryClasses.common.DXE_RUNTIME_DRIVER]
+ #
+ # Runtime
+ #
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
################################################################################
#
@@ -194,6 +217,16 @@ gEfiNt32PkgTokenSpaceGuid.PcdWinNtFirmwareBlockSize|0x10000
gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x0f
gEfiMdeModulePkgTokenSpaceGuid.PcdResetOnMemoryTypeInformationChange|FALSE
+!if $(SECURE_BOOT_ENABLE) == TRUE
+ gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
+!endif
+
+!if $(SECURE_BOOT_ENABLE) == TRUE
+ # override the default values from SecurityPkg to ensure images from all sources are verified in secure boot
+ gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x05
+ gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy|0x05
+ gEfiSecurityPkgTokenSpaceGuid.PcdRemovableMediaImageVerificationPolicy|0x05
+!endif
################################################################################
#
@@ -258,7 +291,13 @@ Nt32Pkg/BootModePei/BootModePei.inf
Nt32Pkg/StallPei/StallPei.inf
Nt32Pkg/WinNtFlashMapPei/WinNtFlashMapPei.inf
+
+!if $(SECURE_BOOT_ENABLE) == TRUE
+ SecurityPkg/VariableAuthenticated/Pei/VariablePei.inf
+!else
MdeModulePkg/Universal/Variable/Pei/VariablePei.inf
+!endif
+
Nt32Pkg/WinNtAutoScanPei/WinNtAutoScanPei.inf
Nt32Pkg/WinNtFirmwareVolumePei/WinNtFirmwareVolumePei.inf
Nt32Pkg/WinNtThunkPPIToProtocolPei/WinNtThunkPPIToProtocolPei.inf
@@ -282,7 +321,12 @@ Nt32Pkg/ResetRuntimeDxe/ResetRuntimeDxe.inf
MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
Nt32Pkg/FvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf
- MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
+ MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {
+ <LibraryClasses>
+!if $(SECURE_BOOT_ENABLE) == TRUE
+ NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
+!endif
+ }
MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.inf
MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf
@@ -294,7 +338,12 @@ MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/ReportStatusCodeRouterRuntimeDxe.inf
MdeModulePkg/Universal/StatusCodeHandler/RuntimeDxe/StatusCodeHandlerRuntimeDxe.inf
Nt32Pkg/WinNtOemHookStatusCodeHandlerDxe/WinNtOemHookStatusCodeHandlerDxe.inf
+!if $(SECURE_BOOT_ENABLE) == TRUE
+ SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf
+ SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
+!else
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
+!endif
MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
|