OvmfPkg: introduce -D SMM_REQUIRE and PcdSmmSmramRequire

This build time flag and corresponding Feature PCD will control whether
OVMF supports (and, equivalently, requires) SMM/SMRAM support from QEMU.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19034 6f19259b-4bc3-4df7-8a09-765794883524

1 files changed, 10 insertions, 0 deletions

diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
index 049f6edd05..47b0e69629 100644
--- a/OvmfPkg/OvmfPkg.dec
+++ b/OvmfPkg/OvmfPkg.dec
@@ -117,3 +117,13 @@
   gUefiOvmfPkgTokenSpaceGuid.PcdSecureBootEnable|FALSE|BOOLEAN|3

   gUefiOvmfPkgTokenSpaceGuid.PcdQemuBootOrderPciTranslation|TRUE|BOOLEAN|0x1c

   gUefiOvmfPkgTokenSpaceGuid.PcdQemuBootOrderMmioTranslation|FALSE|BOOLEAN|0x1d

+

+  ## This feature flag enables SMM/SMRAM support. Note that it also requires

+  #  such support from the underlying QEMU instance; if that support is not

+  #  present, the firmware will reject continuing after a certain point.

+  #

+  #  The flag also acts as a general "security switch"; when TRUE, many

+  #  components will change behavior, with the goal of preventing a malicious

+  #  runtime OS from tampering with firmware structures (special memory ranges

+  #  used by OVMF, the varstore pflash chip, LockBox etc).

+  gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire|FALSE|BOOLEAN|0x1e