OvmfPkg: require self-signed PK when secure boot is enabled

[mirror_edk2.git] / OvmfPkg / IntelTdx / IntelTdxX64.dsc

diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
index 920f1c6080d40269f999249f5fdd3e0e205317f6..95b9594ddce038f9f12400d30935571f3b71c65c 100644 (file)
--- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc
+++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
@@ -390,6 +390,9 @@
 !ifdef $(CSM_ENABLE)\r
   gUefiOvmfPkgTokenSpaceGuid.PcdCsmEnable|TRUE\r
 !endif\r
+!if $(SECURE_BOOT_ENABLE) == TRUE\r
+  gEfiMdeModulePkgTokenSpaceGuid.PcdRequireSelfSignedPk|TRUE\r
+!endif\r
 \r
 [PcdsFixedAtBuild]\r
   gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeMemorySize|1\r
@@ -548,11 +551,8 @@
   OvmfPkg/IntelTdx/Sec/SecMain.inf {\r
     <LibraryClasses>\r
       NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompressLib.inf\r
-      TpmMeasurementLib|SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLibTdx.inf\r
       NULL|OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelperLib.inf\r
       BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf\r
-      HashLib|SecurityPkg/Library/HashLibTdx/HashLibTdx.inf\r
-      NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf\r
   }\r
 \r
   #\r