OvmfPkg/Microvm: add SECURE_BOOT_FEATURE_ENABLED

Compiler flag is needed to make (stateless) secure boot be actually secure, i.e. restore EFI variables from ROM on reset. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
author: Gerd Hoffmann <kraxel@redhat.com> 2022-10-06 13:05:25 +0200
committer: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> 2022-10-07 18:14:05 +0000
commit: 8916a4f67f3c371b53ab4b0a09a697d40fea44ea (patch)
tree: 90e2d77ec1b34e092a333c652a20823de2240832 /OvmfPkg
parent: 9e6b552b4c48bed39e9b8a2936d390fb5b95e07d (diff)
download: edk2-8916a4f67f3c371b53ab4b0a09a697d40fea44ea.tar.gz
edk2-8916a4f67f3c371b53ab4b0a09a697d40fea44ea.tar.bz2
edk2-8916a4f67f3c371b53ab4b0a09a697d40fea44ea.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc
index 33d68a5493..e60d3a2071 100644
--- a/OvmfPkg/Microvm/MicrovmX64.dsc
+++ b/OvmfPkg/Microvm/MicrovmX64.dsc
@@ -91,6 +91,15 @@
   INTEL:*_*_*_CC_FLAGS = /D DISABLE_NEW_DEPRECATED_INTERFACES
   GCC:*_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES
 
+  #
+  # SECURE_BOOT_FEATURE_ENABLED
+  #
+!if $(SECURE_BOOT_ENABLE) == TRUE
+  MSFT:*_*_*_CC_FLAGS = /D SECURE_BOOT_FEATURE_ENABLED
+  INTEL:*_*_*_CC_FLAGS = /D SECURE_BOOT_FEATURE_ENABLED
+  GCC:*_*_*_CC_FLAGS = -D SECURE_BOOT_FEATURE_ENABLED
+!endif
+
 !include NetworkPkg/NetworkBuildOptions.dsc.inc
 
 [BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER]
author	Gerd Hoffmann <kraxel@redhat.com>	2022-10-06 13:05:25 +0200
committer	mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>	2022-10-07 18:14:05 +0000
commit	8916a4f67f3c371b53ab4b0a09a697d40fea44ea (patch)
tree	90e2d77ec1b34e092a333c652a20823de2240832 /OvmfPkg
parent	9e6b552b4c48bed39e9b8a2936d390fb5b95e07d (diff)
download	edk2-8916a4f67f3c371b53ab4b0a09a697d40fea44ea.tar.gz edk2-8916a4f67f3c371b53ab4b0a09a697d40fea44ea.tar.bz2 edk2-8916a4f67f3c371b53ab4b0a09a697d40fea44ea.zip