## @file\r
# EFI/Framework Open Virtual Machine Firmware (OVMF) platform\r
#\r
-# Copyright (c) 2006 - 2022, Intel Corporation. All rights reserved.<BR>\r
+# Copyright (c) 2006 - 2023, Intel Corporation. All rights reserved.<BR>\r
# (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>\r
# Copyright (c) Microsoft Corporation.\r
#\r
DEFINE SMM_REQUIRE = FALSE\r
DEFINE SOURCE_DEBUG_ENABLE = FALSE\r
\r
-!include OvmfPkg/OvmfTpmDefines.dsc.inc\r
+!include OvmfPkg/Include/Dsc/OvmfTpmDefines.dsc.inc\r
+\r
+ #\r
+ # Shell can be useful for debugging but should not be enabled for production\r
+ #\r
+ DEFINE BUILD_SHELL = TRUE\r
\r
#\r
# Network definition\r
#\r
# Device drivers\r
#\r
- DEFINE PVSCSI_ENABLE = TRUE\r
- DEFINE MPT_SCSI_ENABLE = TRUE\r
+ DEFINE PVSCSI_ENABLE = FALSE\r
+ DEFINE MPT_SCSI_ENABLE = FALSE\r
DEFINE LSI_SCSI_ENABLE = FALSE\r
\r
#\r
INTEL:*_*_*_CC_FLAGS = /D DISABLE_NEW_DEPRECATED_INTERFACES\r
GCC:*_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES\r
\r
+ #\r
+ # SECURE_BOOT_FEATURE_ENABLED\r
+ #\r
+!if $(SECURE_BOOT_ENABLE) == TRUE\r
+ MSFT:*_*_*_CC_FLAGS = /D SECURE_BOOT_FEATURE_ENABLED\r
+ INTEL:*_*_*_CC_FLAGS = /D SECURE_BOOT_FEATURE_ENABLED\r
+ GCC:*_*_*_CC_FLAGS = -D SECURE_BOOT_FEATURE_ENABLED\r
+!endif\r
+\r
!include NetworkPkg/NetworkBuildOptions.dsc.inc\r
\r
[BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER]\r
PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf\r
AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf\r
SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf\r
+ PlatformPKProtectionLib|SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.inf\r
SecureBootVariableProvisionLib|SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.inf\r
!else\r
AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf\r
TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf\r
!endif\r
\r
+!if $(BUILD_SHELL) == TRUE\r
ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf\r
+!endif\r
ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf\r
+\r
S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf\r
SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf\r
OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf\r
\r
-!include OvmfPkg/OvmfTpmLibs.dsc.inc\r
+!include OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc\r
\r
[LibraryClasses.common]\r
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf\r
- VmgExitLib|UefiCpuPkg/Library/VmgExitLibNull/VmgExitLibNull.inf\r
+ CcExitLib|UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf\r
TdxLib|MdePkg/Library/TdxLib/TdxLib.inf\r
- TdxMailboxLib|OvmfPkg/Library/TdxMailboxLib/TdxMailboxLib.inf\r
+ TdxMailboxLib|OvmfPkg/Library/TdxMailboxLib/TdxMailboxLibNull.inf\r
\r
[LibraryClasses.common.SEC]\r
TimerLib|OvmfPkg/Library/AcpiTimerLib/BaseRomAcpiTimerLib.inf\r
!ifdef $(DEBUG_ON_SERIAL_PORT)\r
DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf\r
!else\r
- DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf\r
+ DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformRomDebugLibIoPort.inf\r
!endif\r
PeCoffLib|MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf\r
\r
!ifdef $(DEBUG_ON_SERIAL_PORT)\r
DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf\r
!else\r
- DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf\r
+ DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformRomDebugLibIoPort.inf\r
!endif\r
PeCoffLib|MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf\r
ResourcePublicationLib|MdePkg/Library/PeiResourcePublicationLib/PeiResourcePublicationLib.inf\r
DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/DxeDebugAgentLib.inf\r
!endif\r
PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf\r
+ CpuPageTableLib|UefiCpuPkg/Library/CpuPageTableLib/CpuPageTableLib.inf\r
MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf\r
+ NestedInterruptTplLib|OvmfPkg/Library/NestedInterruptTplLib/NestedInterruptTplLib.inf\r
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf\r
QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf\r
\r
gUefiCpuPkgTokenSpaceGuid.PcdCpuHotPlugSupport|TRUE\r
gEfiMdeModulePkgTokenSpaceGuid.PcdEnableVariableRuntimeCache|FALSE\r
!endif\r
+!if $(SECURE_BOOT_ENABLE) == TRUE\r
+ gEfiMdeModulePkgTokenSpaceGuid.PcdRequireSelfSignedPk|TRUE\r
+!endif\r
\r
[PcdsFixedAtBuild]\r
gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeMemorySize|1\r
# unknown) workloads / boot paths.\r
#\r
gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiACPIMemoryNVS|0x80\r
- gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiACPIReclaimMemory|0x10\r
+ gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiACPIReclaimMemory|0x12\r
gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiReservedMemoryType|0x80\r
gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesCode|0x100\r
gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesData|0x100\r
\r
gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00\r
\r
-!include OvmfPkg/OvmfTpmPcds.dsc.inc\r
+!include OvmfPkg/Include/Dsc/OvmfTpmPcds.dsc.inc\r
\r
# Set ConfidentialComputing defaults\r
gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0\r
gEfiNetworkPkgTokenSpaceGuid.PcdIPv6PXESupport|0x01\r
\r
[PcdsDynamicHii]\r
-!include OvmfPkg/OvmfTpmPcdsHii.dsc.inc\r
+!include OvmfPkg/Include/Dsc/OvmfTpmPcdsHii.dsc.inc\r
\r
################################################################################\r
#\r
!endif\r
UefiCpuPkg/CpuMpPei/CpuMpPei.inf\r
\r
-!include OvmfPkg/OvmfTpmComponentsPei.dsc.inc\r
+!include OvmfPkg/Include/Dsc/OvmfTpmComponentsPei.dsc.inc\r
\r
[Components.X64]\r
#\r
!if $(SECURE_BOOT_ENABLE) == TRUE\r
NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf\r
!endif\r
-!include OvmfPkg/OvmfTpmSecurityStub.dsc.inc\r
+!include OvmfPkg/Include/Dsc/OvmfTpmSecurityStub.dsc.inc\r
}\r
\r
MdeModulePkg/Universal/EbcDxe/EbcDxe.inf\r
# Network Support\r
#\r
!include NetworkPkg/NetworkComponents.dsc.inc\r
+!include OvmfPkg/Include/Dsc/NetworkComponents.dsc.inc\r
\r
- NetworkPkg/UefiPxeBcDxe/UefiPxeBcDxe.inf {\r
- <LibraryClasses>\r
- NULL|OvmfPkg/Library/PxeBcPcdProducerLib/PxeBcPcdProducerLib.inf\r
- }\r
-\r
-!if $(NETWORK_TLS_ENABLE) == TRUE\r
- NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf {\r
- <LibraryClasses>\r
- NULL|OvmfPkg/Library/TlsAuthConfigLib/TlsAuthConfigLib.inf\r
- }\r
-!endif\r
OvmfPkg/VirtioNetDxe/VirtioNet.inf\r
\r
#\r
OvmfPkg/Csm/Csm16/Csm16.inf\r
!endif\r
\r
-!if $(TOOL_CHAIN_TAG) != "XCODE5"\r
+!if $(TOOL_CHAIN_TAG) != "XCODE5" && $(BUILD_SHELL) == TRUE\r
ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf {\r
<PcdsFixedAtBuild>\r
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE\r
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE\r
}\r
!endif\r
+!if $(BUILD_SHELL) == TRUE\r
ShellPkg/Application/Shell/Shell.inf {\r
<LibraryClasses>\r
ShellCommandLib|ShellPkg/Library/UefiShellCommandLib/UefiShellCommandLib.inf\r
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE\r
gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000\r
}\r
+!endif\r
\r
!if $(SECURE_BOOT_ENABLE) == TRUE\r
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf\r
#\r
OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf {\r
<LibraryClasses>\r
- VmgExitLib|UefiCpuPkg/Library/VmgExitLibNull/VmgExitLibNull.inf\r
+ CcExitLib|UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf\r
}\r
MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.inf\r
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf {\r
#\r
# TPM support\r
#\r
-!include OvmfPkg/OvmfTpmComponentsDxe.dsc.inc\r
+!include OvmfPkg/Include/Dsc/OvmfTpmComponentsDxe.dsc.inc\r