X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=ArmVirtPkg%2FArmVirtQemu.dsc;h=5a210a0bac7221c617570c9b37f06ad87b9f2c0f;hb=1c761011340d830a2bf66128325a686ffff3f5e9;hp=aec92c191eca90c62ae09fd697fd3c8e2df502f2;hpb=9a67ba261fe9049376065ef75dd620879413fdd0;p=mirror_edk2.git diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc index aec92c191e..5a210a0bac 100644 --- a/ArmVirtPkg/ArmVirtQemu.dsc +++ b/ArmVirtPkg/ArmVirtQemu.dsc @@ -3,13 +3,7 @@ # Copyright (c) 2014, Linaro Limited. All rights reserved. # Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved. # -# This program and the accompanying materials -# are licensed and made available under the terms and conditions of the BSD License -# which accompanies this distribution. The full text of the license may be found at -# http://opensource.org/licenses/bsd-license.php -# -# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# SPDX-License-Identifier: BSD-2-Clause-Patent # # @@ -33,9 +27,25 @@ # Defines for default states. These can be changed on the command line. # -D FLAG=VALUE # + DEFINE TTY_TERMINAL = FALSE DEFINE SECURE_BOOT_ENABLE = FALSE - DEFINE NETWORK_IP6_ENABLE = FALSE - DEFINE HTTP_BOOT_ENABLE = FALSE + DEFINE TPM2_ENABLE = FALSE + DEFINE TPM2_CONFIG_ENABLE = FALSE + + # + # Network definition + # + DEFINE NETWORK_IP6_ENABLE = FALSE + DEFINE NETWORK_HTTP_BOOT_ENABLE = FALSE + DEFINE NETWORK_SNP_ENABLE = FALSE + DEFINE NETWORK_TLS_ENABLE = FALSE + DEFINE NETWORK_ALLOW_HTTP_CONNECTIONS = TRUE + +!if $(NETWORK_SNP_ENABLE) == TRUE + !error "NETWORK_SNP_ENABLE is IA32/X64/EBC only" +!endif + +!include NetworkPkg/NetworkDefines.dsc.inc !include ArmVirtPkg/ArmVirt.dsc.inc @@ -48,6 +58,7 @@ VirtioMmioDeviceLib|OvmfPkg/Library/VirtioMmioDeviceLib/VirtioMmioDeviceLib.inf QemuFwCfgLib|ArmVirtPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/BaseQemuFwCfgS3LibNull.inf + QemuLoadImageLib|OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.inf ArmPlatformLib|ArmPlatformPkg/Library/ArmPlatformLibNull/ArmPlatformLibNull.inf @@ -57,6 +68,7 @@ CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf BootLogoLib|MdeModulePkg/Library/BootLogoLib/BootLogoLib.inf PlatformBootManagerLib|ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf + PlatformBmPrintScLib|OvmfPkg/Library/PlatformBmPrintScLib/PlatformBmPrintScLib.inf CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.inf FrameBufferBltLib|MdeModulePkg/Library/FrameBufferBltLib/FrameBufferBltLib.inf QemuBootOrderLib|OvmfPkg/Library/QemuBootOrderLib/QemuBootOrderLib.inf @@ -65,9 +77,30 @@ PciSegmentLib|MdePkg/Library/BasePciSegmentLibPci/BasePciSegmentLibPci.inf PciHostBridgeLib|ArmVirtPkg/Library/FdtPciHostBridgeLib/FdtPciHostBridgeLib.inf +!if $(TPM2_ENABLE) == TRUE + Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf + Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf + TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf +!else + TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf +!endif + [LibraryClasses.common.PEIM] ArmVirtMemInfoLib|ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoPeiLib.inf +!if $(TPM2_ENABLE) == TRUE + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf + ResetSystemLib|MdeModulePkg/Library/PeiResetSystemLib/PeiResetSystemLib.inf + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf +!endif + +[LibraryClasses.common.DXE_DRIVER] + ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf + +!if $(TPM2_ENABLE) == TRUE + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf +!endif + [LibraryClasses.common.UEFI_DRIVER] UefiScsiLib|MdePkg/Library/UefiScsiLib/UefiScsiLib.inf @@ -86,8 +119,11 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdConOutGopSupport|TRUE gEfiMdeModulePkgTokenSpaceGuid.PcdConOutUgaSupport|FALSE + gEfiMdeModulePkgTokenSpaceGuid.PcdTurnOffUsbLegacySupport|TRUE + + gArmVirtTokenSpaceGuid.PcdTpm2SupportEnabled|$(TPM2_ENABLE) + [PcdsFixedAtBuild.common] - gArmPlatformTokenSpaceGuid.PcdCoreCount|1 !if $(ARCH) == AARCH64 gArmTokenSpaceGuid.PcdVFPEnabled|1 !endif @@ -96,13 +132,18 @@ gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize|0x4000 gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000 gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800 +!if $(NETWORK_TLS_ENABLE) == TRUE + # + # The cumulative and individual VOLATILE variable size limits should be set + # high enough for accommodating several and/or large CA certificates. + # + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x80000 + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize|0x40000 +!endif # Size of the region used by UEFI in permanent memory (Reserved 64MB) gArmPlatformTokenSpaceGuid.PcdSystemMemoryUefiRegionSize|0x04000000 - ## Trustzone enable (to make the transition from EL3 to EL2 in ArmPlatformPkg/Sec) - gArmTokenSpaceGuid.PcdTrustzoneSupport|FALSE - # # ARM PrimeCell # @@ -114,6 +155,8 @@ ## 0-PCANSI, 1-VT100, 2-VT00+, 3-UTF8, 4-TTYTERM !if $(TTY_TERMINAL) == TRUE gEfiMdePkgTokenSpaceGuid.PcdDefaultTerminalType|4 + # Set terminal type to TtyTerm, the value encoded is EFI_TTY_TERM_GUID + gArmVirtTokenSpaceGuid.PcdTerminalTypeGuidBuffer|{0x80, 0x6d, 0x91, 0x7d, 0xb1, 0x5b, 0x8c, 0x45, 0xa4, 0x8f, 0xe2, 0x5f, 0xdd, 0x51, 0xef, 0x94} !else gEfiMdePkgTokenSpaceGuid.PcdDefaultTerminalType|1 !endif @@ -123,9 +166,10 @@ # gArmTokenSpaceGuid.PcdArmArchTimerFreqInHz|0 -!if $(HTTP_BOOT_ENABLE) == TRUE - gEfiNetworkPkgTokenSpaceGuid.PcdAllowHttpConnections|TRUE -!endif + # + # Network Pcds + # +!include NetworkPkg/NetworkPcds.dsc.inc # System Memory Base -- fixed at 0x4000_0000 gArmTokenSpaceGuid.PcdSystemMemoryBase|0x40000000 @@ -142,6 +186,20 @@ # gEmbeddedTokenSpaceGuid.PcdPrePiCpuIoSize|16 + # + # Enable the non-executable DXE stack. (This gets set up by DxeIpl) + # + gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE + +!if $(SECURE_BOOT_ENABLE) == TRUE + # override the default values from SecurityPkg to ensure images from all sources are verified in secure boot + gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x04 + gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy|0x04 + gEfiSecurityPkgTokenSpaceGuid.PcdRemovableMediaImageVerificationPolicy|0x04 +!endif + + gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|3 + [PcdsFixedAtBuild.AARCH64] # Clearing BIT0 in this PCD prevents installing a 32-bit SMBIOS entry point, # if the entry point version is >= 3.0. AARCH64 OSes cannot assume the @@ -202,9 +260,23 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosDocRev|0x0 gUefiOvmfPkgTokenSpaceGuid.PcdQemuSmbiosValidated|FALSE + # + # TPM2 support + # + gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress|0x0 +!if $(TPM2_ENABLE) == TRUE + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask|0 +!endif + [PcdsDynamicHii] gArmVirtTokenSpaceGuid.PcdForceNoAcpi|L"ForceNoAcpi"|gArmVirtVariableGuid|0x0|FALSE|NV,BS +!if $(TPM2_CONFIG_ENABLE) == TRUE + gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS +!endif + ################################################################################ # # Components Section - list of all EDK II Modules needed by this Platform @@ -226,6 +298,23 @@ MdeModulePkg/Universal/Variable/Pei/VariablePei.inf +!if $(TPM2_ENABLE) == TRUE + MdeModulePkg/Universal/ResetSystemPei/ResetSystemPei.inf { + + ResetSystemLib|ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVirtPsciResetSystemPeiLib.inf + } + OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf + SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { + + HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf + NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf + NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf + NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf + NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf + NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf + } +!endif + MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf { NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompressLib.inf @@ -260,8 +349,12 @@ MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf { NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf +!if $(TPM2_ENABLE) == TRUE + NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf +!endif } SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf + OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf !else MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf !endif @@ -291,6 +384,11 @@ ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf + # + # Status Code Routing + # + MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/ReportStatusCodeRouterRuntimeDxe.inf + # # Platform Driver # @@ -330,32 +428,17 @@ NULL|MdeModulePkg/Library/BootManagerUiLib/BootManagerUiLib.inf NULL|MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenanceManagerUiLib.inf } + OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf # # Networking stack # - MdeModulePkg/Universal/Network/DpcDxe/DpcDxe.inf - MdeModulePkg/Universal/Network/ArpDxe/ArpDxe.inf - MdeModulePkg/Universal/Network/Dhcp4Dxe/Dhcp4Dxe.inf - MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Dxe.inf - MdeModulePkg/Universal/Network/MnpDxe/MnpDxe.inf - MdeModulePkg/Universal/Network/VlanConfigDxe/VlanConfigDxe.inf - MdeModulePkg/Universal/Network/Mtftp4Dxe/Mtftp4Dxe.inf - MdeModulePkg/Universal/Network/Udp4Dxe/Udp4Dxe.inf - NetworkPkg/TcpDxe/TcpDxe.inf - NetworkPkg/UefiPxeBcDxe/UefiPxeBcDxe.inf - NetworkPkg/IScsiDxe/IScsiDxe.inf -!if $(NETWORK_IP6_ENABLE) == TRUE - NetworkPkg/Ip6Dxe/Ip6Dxe.inf - NetworkPkg/Udp6Dxe/Udp6Dxe.inf - NetworkPkg/Dhcp6Dxe/Dhcp6Dxe.inf - NetworkPkg/Mtftp6Dxe/Mtftp6Dxe.inf -!endif -!if $(HTTP_BOOT_ENABLE) == TRUE - NetworkPkg/DnsDxe/DnsDxe.inf - NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf - NetworkPkg/HttpDxe/HttpDxe.inf - NetworkPkg/HttpBootDxe/HttpBootDxe.inf +!include NetworkPkg/NetworkComponents.dsc.inc +!if $(NETWORK_TLS_ENABLE) == TRUE + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf { + + NULL|OvmfPkg/Library/TlsAuthConfigLib/TlsAuthConfigLib.inf + } !endif # @@ -364,6 +447,11 @@ MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf + # + # NVME Driver + # + MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf + # # SMBIOS Support # @@ -405,6 +493,26 @@ MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf + # + # TPM2 support + # +!if $(TPM2_ENABLE) == TRUE + SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { + + HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf + NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf + NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf + NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf + NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf + NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf + NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf + } +!if $(TPM2_CONFIG_ENABLE) == TRUE + SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf +!endif +!endif + # # ACPI Support #