\r
ResetSystemLib|OvmfPkg/Library/ResetSystemLib/ResetSystemLib.inf\r
LocalApicLib|UefiCpuPkg/Library/BaseXApicLib/BaseXApicLib.inf\r
- DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf \r
+ DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf\r
+\r
+!if $(SECURE_BOOT_ENABLE) == TRUE\r
+ PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf\r
+ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf\r
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf\r
+!endif\r
+\r
+[LibraryClasses.common]\r
+!if $(SECURE_BOOT_ENABLE) == TRUE\r
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf\r
+!endif\r
\r
[LibraryClasses.common.SEC]\r
DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf\r
PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf\r
UefiRuntimeLib|MdePkg/Library/UefiRuntimeLib/UefiRuntimeLib.inf\r
DxeServicesTableLib|MdePkg/Library/DxeServicesTableLib/DxeServicesTableLib.inf\r
+!if $(SECURE_BOOT_ENABLE) == TRUE\r
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf\r
+!endif\r
\r
[LibraryClasses.common.UEFI_DRIVER]\r
HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf\r
gEfiMdePkgTokenSpaceGuid.PcdMaximumGuidedExtractHandler|0x10\r
gEfiMdeModulePkgTokenSpaceGuid.PcdPeiCoreMaxFvSupported|6\r
gEfiMdeModulePkgTokenSpaceGuid.PcdPeiCoreMaxPeimPerFv|32\r
+!if $(SECURE_BOOT_ENABLE) == TRUE\r
+ gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x10000\r
+!else\r
gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x400\r
+!endif\r
gEfiMdeModulePkgTokenSpaceGuid.PcdMaxHardwareErrorVariableSize|0x8000\r
gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0xc000\r
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize|0xc000\r
gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x2F\r
!endif\r
\r
+!if $(SECURE_BOOT_ENABLE) == TRUE\r
+ # override the default values from SecurityPkg to ensure images from all sources are verified in secure boot\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x05\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy|0x05\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdRemovableMediaImageVerificationPolicy|0x05\r
+!endif\r
+\r
!ifdef $(SOURCE_DEBUG_ENABLE)\r
gEfiSourceLevelDebugPkgTokenSpaceGuid.PcdDebugLoadImageMethod|0x2\r
!endif\r
}\r
\r
MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf\r
+\r
+!if $(SECURE_BOOT_ENABLE) == TRUE\r
+ MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {\r
+ <LibraryClasses>\r
+ NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf\r
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf\r
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf\r
+ }\r
+!else\r
MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf\r
+!endif\r
+\r
MdeModulePkg/Universal/EbcDxe/EbcDxe.inf\r
PcAtChipsetPkg/8259InterruptControllerDxe/8259.inf\r
UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf\r
}\r
!endif\r
\r
+!if $(SECURE_BOOT_ENABLE) == TRUE\r
+ SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf {\r
+ <LibraryClasses>\r
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf\r
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf\r
+ }\r
+!endif\r