#\r
DEFINE SECURE_BOOT_ENABLE = FALSE\r
\r
+ #\r
+ # Shell can be useful for debugging but should not be enabled for production\r
+ #\r
+ DEFINE BUILD_SHELL = TRUE\r
+\r
#\r
# Device drivers\r
#\r
VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf\r
VariableFlashInfoLib|MdeModulePkg/Library/BaseVariableFlashInfoLib/BaseVariableFlashInfoLib.inf\r
\r
+!if $(BUILD_SHELL) == TRUE\r
ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf\r
+!endif\r
ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf\r
S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf\r
SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf\r
\r
[LibraryClasses.common]\r
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf\r
- VmgExitLib|OvmfPkg/Library/VmgExitLib/VmgExitLib.inf\r
+ CcExitLib|OvmfPkg/Library/CcExitLib/CcExitLib.inf\r
TdxLib|MdePkg/Library/TdxLib/TdxLib.inf\r
TdxMailboxLib|OvmfPkg/Library/TdxMailboxLib/TdxMailboxLib.inf\r
PlatformInitLib|OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf\r
!else\r
CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf\r
!endif\r
- VmgExitLib|OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf\r
+ CcExitLib|OvmfPkg/Library/CcExitLib/SecCcExitLib.inf\r
MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf\r
PrePiHobListPointerLib|OvmfPkg/IntelTdx/PrePiHobListPointerLibTdx/PrePiHobListPointerLibTdx.inf\r
HobLib|EmbeddedPkg/Library/PrePiHobLib/PrePiHobLib.inf\r
LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxDxeLib.inf\r
PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf\r
MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf\r
+ NestedInterruptTplLib|OvmfPkg/Library/NestedInterruptTplLib/NestedInterruptTplLib.inf\r
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf\r
QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf\r
\r
!ifdef $(CSM_ENABLE)\r
gUefiOvmfPkgTokenSpaceGuid.PcdCsmEnable|TRUE\r
!endif\r
+!if $(SECURE_BOOT_ENABLE) == TRUE\r
+ gEfiMdeModulePkgTokenSpaceGuid.PcdRequireSelfSignedPk|TRUE\r
+!endif\r
\r
[PcdsFixedAtBuild]\r
gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeMemorySize|1\r
OvmfPkg/IntelTdx/Sec/SecMain.inf {\r
<LibraryClasses>\r
NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompressLib.inf\r
- TpmMeasurementLib|SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLibTdx.inf\r
+ NULL|OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelperLib.inf\r
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf\r
- HashLib|SecurityPkg/Library/HashLibTdx/HashLibTdx.inf\r
- NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf\r
}\r
\r
#\r
MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf\r
MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf\r
\r
-!if $(TOOL_CHAIN_TAG) != "XCODE5"\r
+!if $(TOOL_CHAIN_TAG) != "XCODE5" && $(BUILD_SHELL) == TRUE\r
OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf {\r
<PcdsFixedAtBuild>\r
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE\r
}\r
!endif\r
+!if $(BUILD_SHELL) == TRUE\r
ShellPkg/Application/Shell/Shell.inf {\r
<LibraryClasses>\r
ShellCommandLib|ShellPkg/Library/UefiShellCommandLib/UefiShellCommandLib.inf\r
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE\r
gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000\r
}\r
+!endif\r
\r
!if $(SECURE_BOOT_ENABLE) == TRUE\r
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf\r
#\r
# Cc Measurement Protocol for Td guest\r
#\r
- OvmfPkg/IntelTdx/TdTcg2Dxe/TdTcg2Dxe.inf {\r
+ SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf {\r
<LibraryClasses>\r
HashLib|SecurityPkg/Library/HashLibTdx/HashLibTdx.inf\r
NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf\r