From 8916a4f67f3c371b53ab4b0a09a697d40fea44ea Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Thu, 6 Oct 2022 13:05:25 +0200 Subject: OvmfPkg/Microvm: add SECURE_BOOT_FEATURE_ENABLED Compiler flag is needed to make (stateless) secure boot be actually secure, i.e. restore EFI variables from ROM on reset. Signed-off-by: Gerd Hoffmann Reviewed-by: Ard Biesheuvel --- OvmfPkg/Microvm/MicrovmX64.dsc | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'OvmfPkg') diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc index 33d68a5493..e60d3a2071 100644 --- a/OvmfPkg/Microvm/MicrovmX64.dsc +++ b/OvmfPkg/Microvm/MicrovmX64.dsc @@ -91,6 +91,15 @@ INTEL:*_*_*_CC_FLAGS = /D DISABLE_NEW_DEPRECATED_INTERFACES GCC:*_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES + # + # SECURE_BOOT_FEATURE_ENABLED + # +!if $(SECURE_BOOT_ENABLE) == TRUE + MSFT:*_*_*_CC_FLAGS = /D SECURE_BOOT_FEATURE_ENABLED + INTEL:*_*_*_CC_FLAGS = /D SECURE_BOOT_FEATURE_ENABLED + GCC:*_*_*_CC_FLAGS = -D SECURE_BOOT_FEATURE_ENABLED +!endif + !include NetworkPkg/NetworkBuildOptions.dsc.inc [BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER] -- cgit v1.2.3