## @file\r
# EFI/Framework Open Virtual Machine Firmware (OVMF) platform\r
#\r
-# Copyright (c) 2006 - 2021, Intel Corporation. All rights reserved.<BR>\r
+# Copyright (c) 2006 - 2022, Intel Corporation. All rights reserved.<BR>\r
# (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>\r
# Copyright (c) Microsoft Corporation.\r
#\r
DEFINE SECURE_BOOT_ENABLE = FALSE\r
DEFINE SMM_REQUIRE = FALSE\r
DEFINE SOURCE_DEBUG_ENABLE = FALSE\r
- DEFINE TPM_ENABLE = FALSE\r
- DEFINE TPM_CONFIG_ENABLE = FALSE\r
+\r
+!include OvmfPkg/OvmfTpmDefines.dsc.inc\r
+\r
+ #\r
+ # Shell can be useful for debugging but should not be enabled for production\r
+ #\r
+ DEFINE BUILD_SHELL = TRUE\r
\r
#\r
# Network definition\r
#\r
# Device drivers\r
#\r
- DEFINE PVSCSI_ENABLE = TRUE\r
- DEFINE MPT_SCSI_ENABLE = TRUE\r
+ DEFINE PVSCSI_ENABLE = FALSE\r
+ DEFINE MPT_SCSI_ENABLE = FALSE\r
DEFINE LSI_SCSI_ENABLE = FALSE\r
\r
#\r
PciCapLib|OvmfPkg/Library/BasePciCapLib/BasePciCapLib.inf\r
PciCapPciSegmentLib|OvmfPkg/Library/BasePciCapPciSegmentLib/BasePciCapPciSegmentLib.inf\r
PciCapPciIoLib|OvmfPkg/Library/UefiPciCapPciIoLib/UefiPciCapPciIoLib.inf\r
+ CcProbeLib|MdePkg/Library/CcProbeLibNull/CcProbeLibNull.inf\r
IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf\r
OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHookStatusCodeLibNull.inf\r
SerialPortLib|PcAtChipsetPkg/Library/SerialIoLib/SerialIoLib.inf\r
VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf\r
LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf\r
MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf\r
+ MemEncryptTdxLib|OvmfPkg/Library/BaseMemEncryptTdxLib/BaseMemEncryptTdxLibNull.inf\r
+ PeiHardwareInfoLib|OvmfPkg/Library/HardwareInfoLib/PeiHardwareInfoLib.inf\r
+ DxeHardwareInfoLib|OvmfPkg/Library/HardwareInfoLib/DxeHardwareInfoLib.inf\r
!if $(SMM_REQUIRE) == FALSE\r
LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf\r
!endif\r
!if $(SECURE_BOOT_ENABLE) == TRUE\r
PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf\r
AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf\r
+ SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf\r
+ PlatformPKProtectionLib|SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.inf\r
+ SecureBootVariableProvisionLib|SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.inf\r
!else\r
AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf\r
!endif\r
VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf\r
VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf\r
VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf\r
+ VariableFlashInfoLib|MdeModulePkg/Library/BaseVariableFlashInfoLib/BaseVariableFlashInfoLib.inf\r
\r
\r
#\r
TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf\r
!endif\r
\r
+!if $(BUILD_SHELL) == TRUE\r
ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf\r
+!endif\r
ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf\r
+\r
S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf\r
SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf\r
OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf\r
- XenPlatformLib|OvmfPkg/Library/XenPlatformLib/XenPlatformLib.inf\r
-\r
-!if $(TPM_ENABLE) == TRUE\r
- Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf\r
- Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf\r
- Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf\r
- Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf\r
- TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf\r
-!else\r
- Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf\r
- TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf\r
-!endif\r
+\r
+!include OvmfPkg/OvmfTpmLibs.dsc.inc\r
\r
[LibraryClasses.common]\r
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf\r
VmgExitLib|UefiCpuPkg/Library/VmgExitLibNull/VmgExitLibNull.inf\r
+ TdxLib|MdePkg/Library/TdxLib/TdxLib.inf\r
+ TdxMailboxLib|OvmfPkg/Library/TdxMailboxLib/TdxMailboxLib.inf\r
\r
[LibraryClasses.common.SEC]\r
TimerLib|OvmfPkg/Library/AcpiTimerLib/BaseRomAcpiTimerLib.inf\r
!else\r
CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf\r
!endif\r
+ MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf\r
\r
[LibraryClasses.common.PEI_CORE]\r
HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf\r
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/PeiQemuFwCfgS3LibFwCfg.inf\r
PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf\r
QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf\r
-\r
-!if $(TPM_ENABLE) == TRUE\r
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf\r
- Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf\r
- Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf\r
-!endif\r
+ PlatformInitLib|OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf\r
\r
MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf\r
\r
MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf\r
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf\r
QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf\r
-!if $(TPM_ENABLE) == TRUE\r
- Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf\r
- Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf\r
-!endif\r
\r
[LibraryClasses.common.UEFI_APPLICATION]\r
PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf\r
!endif\r
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf\r
PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf\r
+ SmmCpuRendezvousLib|UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf\r
\r
[LibraryClasses.common.SMM_CORE]\r
PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf\r
\r
!if $(SMM_REQUIRE) == FALSE\r
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0\r
+ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0\r
+ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase64|0\r
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0\r
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0\r
!endif\r
- gEfiMdeModulePkgTokenSpaceGuid.PcdVideoHorizontalResolution|800\r
- gEfiMdeModulePkgTokenSpaceGuid.PcdVideoVerticalResolution|600\r
+ gEfiMdeModulePkgTokenSpaceGuid.PcdVideoHorizontalResolution|1280\r
+ gEfiMdeModulePkgTokenSpaceGuid.PcdVideoVerticalResolution|800\r
+ gEfiMdeModulePkgTokenSpaceGuid.PcdConOutRow|0\r
+ gEfiMdeModulePkgTokenSpaceGuid.PcdConOutColumn|0\r
gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiS3Enable|FALSE\r
+ gUefiOvmfPkgTokenSpaceGuid.PcdVideoResolutionSource|0\r
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfHostBridgePciDevId|0\r
gUefiOvmfPkgTokenSpaceGuid.PcdPciIoBase|0x0\r
gUefiOvmfPkgTokenSpaceGuid.PcdPciIoSize|0x0\r
\r
# Set memory encryption mask\r
gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0\r
+ gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0\r
\r
# Set SEV-ES defaults\r
gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0\r
\r
gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00\r
\r
-!if $(TPM_ENABLE) == TRUE\r
- gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}\r
+!include OvmfPkg/OvmfTpmPcds.dsc.inc\r
+\r
+ # Set ConfidentialComputing defaults\r
+ gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0\r
+\r
+!if $(CSM_ENABLE) == FALSE\r
+ gEfiMdePkgTokenSpaceGuid.PcdFSBClock|1000000000\r
!endif\r
\r
[PcdsDynamicDefault.X64]\r
gEfiNetworkPkgTokenSpaceGuid.PcdIPv6PXESupport|0x01\r
\r
[PcdsDynamicHii]\r
-!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE\r
- gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS\r
- gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS\r
-!endif\r
+!include OvmfPkg/OvmfTpmPcdsHii.dsc.inc\r
\r
################################################################################\r
#\r
!endif\r
UefiCpuPkg/CpuMpPei/CpuMpPei.inf\r
\r
-!if $(TPM_ENABLE) == TRUE\r
- OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf\r
- OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf\r
- SecurityPkg/Tcg/TcgPei/TcgPei.inf\r
- SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {\r
- <LibraryClasses>\r
- HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf\r
- NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf\r
- NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf\r
- NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf\r
- NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf\r
- NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf\r
- }\r
-!endif\r
+!include OvmfPkg/OvmfTpmComponentsPei.dsc.inc\r
\r
[Components.X64]\r
#\r
!if $(SECURE_BOOT_ENABLE) == TRUE\r
NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf\r
!endif\r
-!if $(TPM_ENABLE) == TRUE\r
- NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf\r
- NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf\r
-!endif\r
+!include OvmfPkg/OvmfTpmSecurityStub.dsc.inc\r
}\r
\r
MdeModulePkg/Universal/EbcDxe/EbcDxe.inf\r
- OvmfPkg/8259InterruptControllerDxe/8259.inf\r
UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf\r
UefiCpuPkg/CpuDxe/CpuDxe.inf\r
+!ifdef $(CSM_ENABLE)\r
+ OvmfPkg/8259InterruptControllerDxe/8259.inf\r
OvmfPkg/8254TimerDxe/8254Timer.inf\r
+!else\r
+ OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf\r
+!endif\r
OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.inf\r
OvmfPkg/PciHotPlugInitDxe/PciHotPlugInit.inf\r
MdeModulePkg/Bus/Pci/PciHostBridgeDxe/PciHostBridgeDxe.inf {\r
MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.inf\r
MdeModulePkg/Universal/BdsDxe/BdsDxe.inf {\r
<LibraryClasses>\r
+ XenPlatformLib|OvmfPkg/Library/XenPlatformLib/XenPlatformLib.inf\r
!ifdef $(CSM_ENABLE)\r
NULL|OvmfPkg/Csm/CsmSupportLib/CsmSupportLib.inf\r
NULL|OvmfPkg/Csm/LegacyBootManagerLib/LegacyBootManagerLib.inf\r
NULL|OvmfPkg/Csm/LegacyBootMaintUiLib/LegacyBootMaintUiLib.inf\r
!endif\r
}\r
- OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf\r
+ OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf {\r
+ <LibraryClasses>\r
+ NULL|OvmfPkg/Library/BlobVerifierLibNull/BlobVerifierLibNull.inf\r
+ }\r
OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf\r
OvmfPkg/Virtio10Dxe/Virtio10.inf\r
OvmfPkg/VirtioBlkDxe/VirtioBlk.inf\r
DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf\r
PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf\r
}\r
- MdeModulePkg/Universal/PrintDxe/PrintDxe.inf\r
MdeModulePkg/Universal/Disk/DiskIoDxe/DiskIoDxe.inf\r
MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf\r
MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf\r
# ACPI Support\r
#\r
MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTableDxe.inf\r
- OvmfPkg/AcpiPlatformDxe/QemuFwCfgAcpiPlatformDxe.inf\r
+ OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf\r
MdeModulePkg/Universal/Acpi/S3SaveStateDxe/S3SaveStateDxe.inf\r
MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf\r
MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf\r
OvmfPkg/Csm/Csm16/Csm16.inf\r
!endif\r
\r
-!if $(TOOL_CHAIN_TAG) != "XCODE5"\r
+!if $(TOOL_CHAIN_TAG) != "XCODE5" && $(BUILD_SHELL) == TRUE\r
ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf {\r
<PcdsFixedAtBuild>\r
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE\r
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE\r
}\r
!endif\r
+!if $(BUILD_SHELL) == TRUE\r
ShellPkg/Application/Shell/Shell.inf {\r
<LibraryClasses>\r
ShellCommandLib|ShellPkg/Library/UefiShellCommandLib/UefiShellCommandLib.inf\r
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE\r
gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000\r
}\r
+!endif\r
\r
!if $(SECURE_BOOT_ENABLE) == TRUE\r
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf\r
!endif\r
\r
OvmfPkg/PlatformDxe/Platform.inf\r
- OvmfPkg/AmdSevDxe/AmdSevDxe.inf\r
+ OvmfPkg/AmdSevDxe/AmdSevDxe.inf {\r
+ <LibraryClasses>\r
+ PciLib|MdePkg/Library/BasePciLibCf8/BasePciLibCf8.inf\r
+ }\r
OvmfPkg/IoMmuDxe/IoMmuDxe.inf\r
\r
!if $(SMM_REQUIRE) == TRUE\r
#\r
# Variable driver stack (SMM)\r
#\r
- OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf\r
+ OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf {\r
+ <LibraryClasses>\r
+ VmgExitLib|UefiCpuPkg/Library/VmgExitLibNull/VmgExitLibNull.inf\r
+ }\r
MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.inf\r
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf {\r
<LibraryClasses>\r
#\r
# TPM support\r
#\r
-!if $(TPM_ENABLE) == TRUE\r
- SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {\r
- <LibraryClasses>\r
- Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf\r
- NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf\r
- HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf\r
- NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf\r
- NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf\r
- NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf\r
- NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf\r
- NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf\r
- }\r
-!if $(TPM_CONFIG_ENABLE) == TRUE\r
- SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf\r
-!endif\r
- SecurityPkg/Tcg/TcgDxe/TcgDxe.inf {\r
- <LibraryClasses>\r
- Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf\r
- }\r
-!endif\r
+!include OvmfPkg/OvmfTpmComponentsDxe.dsc.inc\r