#\r
DEFINE SECURE_BOOT_ENABLE = FALSE\r
\r
+ #\r
+ # Shell can be useful for debugging but should not be enabled for production\r
+ #\r
+ DEFINE BUILD_SHELL = TRUE\r
+\r
#\r
# Device drivers\r
#\r
- DEFINE PVSCSI_ENABLE = TRUE\r
- DEFINE MPT_SCSI_ENABLE = TRUE\r
+ DEFINE PVSCSI_ENABLE = FALSE\r
+ DEFINE MPT_SCSI_ENABLE = FALSE\r
DEFINE LSI_SCSI_ENABLE = FALSE\r
\r
#\r
INTEL:*_*_*_CC_FLAGS = /D TDX_PEI_LESS_BOOT\r
GCC:*_*_*_CC_FLAGS = -D TDX_PEI_LESS_BOOT\r
\r
+ #\r
+ # SECURE_BOOT_FEATURE_ENABLED\r
+ #\r
+!if $(SECURE_BOOT_ENABLE) == TRUE\r
+ MSFT:*_*_*_CC_FLAGS = /D SECURE_BOOT_FEATURE_ENABLED\r
+ INTEL:*_*_*_CC_FLAGS = /D SECURE_BOOT_FEATURE_ENABLED\r
+ GCC:*_*_*_CC_FLAGS = -D SECURE_BOOT_FEATURE_ENABLED\r
+!endif\r
+\r
[BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER]\r
GCC:*_*_*_DLINK_FLAGS = -z common-page-size=0x1000\r
XCODE:*_*_*_DLINK_FLAGS = -seg1addr 0x1000 -segalign 0x1000\r
PciCapLib|OvmfPkg/Library/BasePciCapLib/BasePciCapLib.inf\r
PciCapPciSegmentLib|OvmfPkg/Library/BasePciCapPciSegmentLib/BasePciCapPciSegmentLib.inf\r
PciCapPciIoLib|OvmfPkg/Library/UefiPciCapPciIoLib/UefiPciCapPciIoLib.inf\r
- CcProbeLib|OvmfPkg/Library/CcProbeLib/CcProbeLib.inf\r
+ CcProbeLib|OvmfPkg/Library/CcProbeLib/DxeCcProbeLib.inf\r
IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf\r
OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHookStatusCodeLibNull.inf\r
SerialPortLib|PcAtChipsetPkg/Library/SerialIoLib/SerialIoLib.inf\r
LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf\r
MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf\r
MemEncryptTdxLib|OvmfPkg/Library/BaseMemEncryptTdxLib/BaseMemEncryptTdxLib.inf\r
+ PeiHardwareInfoLib|OvmfPkg/Library/HardwareInfoLib/PeiHardwareInfoLib.inf\r
+ DxeHardwareInfoLib|OvmfPkg/Library/HardwareInfoLib/DxeHardwareInfoLib.inf\r
\r
LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf\r
CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.inf\r
PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf\r
AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf\r
SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf\r
+ PlatformPKProtectionLib|SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.inf\r
SecureBootVariableProvisionLib|SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.inf\r
!else\r
AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf\r
VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf\r
VariableFlashInfoLib|MdeModulePkg/Library/BaseVariableFlashInfoLib/BaseVariableFlashInfoLib.inf\r
\r
+!if $(BUILD_SHELL) == TRUE\r
ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf\r
+!endif\r
ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf\r
S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf\r
SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf\r
OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf\r
\r
Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf\r
- TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf\r
+ TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf\r
\r
[LibraryClasses.common]\r
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf\r
- VmgExitLib|OvmfPkg/Library/VmgExitLib/VmgExitLib.inf\r
+ CcExitLib|OvmfPkg/Library/CcExitLib/CcExitLib.inf\r
TdxLib|MdePkg/Library/TdxLib/TdxLib.inf\r
TdxMailboxLib|OvmfPkg/Library/TdxMailboxLib/TdxMailboxLib.inf\r
PlatformInitLib|OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf\r
!else\r
CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf\r
!endif\r
- VmgExitLib|OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf\r
+ CcExitLib|OvmfPkg/Library/CcExitLib/SecCcExitLib.inf\r
MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf\r
PrePiHobListPointerLib|OvmfPkg/IntelTdx/PrePiHobListPointerLibTdx/PrePiHobListPointerLibTdx.inf\r
HobLib|EmbeddedPkg/Library/PrePiHobLib/PrePiHobLib.inf\r
PrePiLib|EmbeddedPkg/Library/PrePiLib/PrePiLib.inf\r
PeilessStartupLib|OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf\r
+ CcProbeLib|OvmfPkg/Library/CcProbeLib/SecPeiCcProbeLib.inf\r
\r
[LibraryClasses.common.DXE_CORE]\r
HobLib|MdePkg/Library/DxeCoreHobLib/DxeCoreHobLib.inf\r
LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxDxeLib.inf\r
PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf\r
MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf\r
+ NestedInterruptTplLib|OvmfPkg/Library/NestedInterruptTplLib/NestedInterruptTplLib.inf\r
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf\r
QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf\r
\r
!ifdef $(CSM_ENABLE)\r
gUefiOvmfPkgTokenSpaceGuid.PcdCsmEnable|TRUE\r
!endif\r
+!if $(SECURE_BOOT_ENABLE) == TRUE\r
+ gEfiMdeModulePkgTokenSpaceGuid.PcdRequireSelfSignedPk|TRUE\r
+!endif\r
\r
[PcdsFixedAtBuild]\r
gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeMemorySize|1\r
OvmfPkg/IntelTdx/Sec/SecMain.inf {\r
<LibraryClasses>\r
NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompressLib.inf\r
+ NULL|OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelperLib.inf\r
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf\r
}\r
\r
#\r
!if $(SECURE_BOOT_ENABLE) == TRUE\r
NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf\r
!endif\r
+ NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf\r
}\r
\r
MdeModulePkg/Universal/EbcDxe/EbcDxe.inf\r
MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf\r
MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf\r
\r
-!if $(TOOL_CHAIN_TAG) != "XCODE5"\r
+!if $(TOOL_CHAIN_TAG) != "XCODE5" && $(BUILD_SHELL) == TRUE\r
OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf {\r
<PcdsFixedAtBuild>\r
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE\r
}\r
!endif\r
+!if $(BUILD_SHELL) == TRUE\r
ShellPkg/Application/Shell/Shell.inf {\r
<LibraryClasses>\r
ShellCommandLib|ShellPkg/Library/UefiShellCommandLib/UefiShellCommandLib.inf\r
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE\r
gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000\r
}\r
+!endif\r
\r
!if $(SECURE_BOOT_ENABLE) == TRUE\r
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf\r
<LibraryClasses>\r
NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf\r
}\r
+\r
+ #\r
+ # Cc Measurement Protocol for Td guest\r
+ #\r
+ SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf {\r
+ <LibraryClasses>\r
+ HashLib|SecurityPkg/Library/HashLibTdx/HashLibTdx.inf\r
+ NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf\r
+ }\r