summaryrefslogtreecommitdiffstats
path: root/OvmfPkg
diff options
context:
space:
mode:
authorGerd Hoffmann <kraxel@redhat.com>2022-10-06 13:05:25 +0200
committermergify[bot] <37929162+mergify[bot]@users.noreply.github.com>2022-10-07 18:14:05 +0000
commit8916a4f67f3c371b53ab4b0a09a697d40fea44ea (patch)
tree90e2d77ec1b34e092a333c652a20823de2240832 /OvmfPkg
parent9e6b552b4c48bed39e9b8a2936d390fb5b95e07d (diff)
downloadedk2-8916a4f67f3c371b53ab4b0a09a697d40fea44ea.tar.gz
edk2-8916a4f67f3c371b53ab4b0a09a697d40fea44ea.tar.bz2
edk2-8916a4f67f3c371b53ab4b0a09a697d40fea44ea.zip
OvmfPkg/Microvm: add SECURE_BOOT_FEATURE_ENABLED
Compiler flag is needed to make (stateless) secure boot be actually secure, i.e. restore EFI variables from ROM on reset. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Diffstat (limited to 'OvmfPkg')
-rw-r--r--OvmfPkg/Microvm/MicrovmX64.dsc9
1 files changed, 9 insertions, 0 deletions
diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc
index 33d68a5493..e60d3a2071 100644
--- a/OvmfPkg/Microvm/MicrovmX64.dsc
+++ b/OvmfPkg/Microvm/MicrovmX64.dsc
@@ -91,6 +91,15 @@
INTEL:*_*_*_CC_FLAGS = /D DISABLE_NEW_DEPRECATED_INTERFACES
GCC:*_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES
+ #
+ # SECURE_BOOT_FEATURE_ENABLED
+ #
+!if $(SECURE_BOOT_ENABLE) == TRUE
+ MSFT:*_*_*_CC_FLAGS = /D SECURE_BOOT_FEATURE_ENABLED
+ INTEL:*_*_*_CC_FLAGS = /D SECURE_BOOT_FEATURE_ENABLED
+ GCC:*_*_*_CC_FLAGS = -D SECURE_BOOT_FEATURE_ENABLED
+!endif
+
!include NetworkPkg/NetworkBuildOptions.dsc.inc
[BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER]