X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=OvmfPkg%2FOvmfPkgX64.dsc;h=e0c60bc5dc33f788cd6cd60b69880c8370e1dd34;hb=HEAD;hp=2e534d0d2478890fa3b9e4a8bf334c75818ba99e;hpb=2a7e1e890d9afe7c62d56538627bbe53180368b8;p=mirror_edk2.git
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 2e534d0d24..04d50704c7 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -1,7 +1,7 @@
## @file
# EFI/Framework Open Virtual Machine Firmware (OVMF) platform
#
-# Copyright (c) 2006 - 2022, Intel Corporation. All rights reserved.
+# Copyright (c) 2006 - 2023, Intel Corporation. All rights reserved.
# (C) Copyright 2016 Hewlett Packard Enterprise Development LP
# Copyright (c) Microsoft Corporation.
#
@@ -32,8 +32,14 @@
DEFINE SECURE_BOOT_ENABLE = FALSE
DEFINE SMM_REQUIRE = FALSE
DEFINE SOURCE_DEBUG_ENABLE = FALSE
+ DEFINE CC_MEASUREMENT_ENABLE = FALSE
-!include OvmfPkg/OvmfTpmDefines.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfTpmDefines.dsc.inc
+
+ #
+ # Shell can be useful for debugging but should not be enabled for production
+ #
+ DEFINE BUILD_SHELL = TRUE
#
# Network definition
@@ -49,8 +55,8 @@
#
# Device drivers
#
- DEFINE PVSCSI_ENABLE = TRUE
- DEFINE MPT_SCSI_ENABLE = TRUE
+ DEFINE PVSCSI_ENABLE = FALSE
+ DEFINE MPT_SCSI_ENABLE = FALSE
DEFINE LSI_SCSI_ENABLE = FALSE
#
@@ -72,6 +78,12 @@
!endif
!endif
+ #
+ # Define the FILE_GUID of CpuMpPei/CpuDxe for unique-processor version.
+ #
+ DEFINE UP_CPU_PEI_GUID = 280251c4-1d09-4035-9062-839acb5f18c1
+ DEFINE UP_CPU_DXE_GUID = 6490f1c5-ebcc-4665-8892-0075b9bb49b7
+
[BuildOptions]
GCC:RELEASE_*_*_CC_FLAGS = -DMDEPKG_NDEBUG
INTEL:RELEASE_*_*_CC_FLAGS = /D MDEPKG_NDEBUG
@@ -100,6 +112,15 @@
INTEL:*_*_*_CC_FLAGS = /D TDX_GUEST_SUPPORTED
GCC:*_*_*_CC_FLAGS = -D TDX_GUEST_SUPPORTED
+ #
+ # SECURE_BOOT_FEATURE_ENABLED
+ #
+!if $(SECURE_BOOT_ENABLE) == TRUE
+ MSFT:*_*_*_CC_FLAGS = /D SECURE_BOOT_FEATURE_ENABLED
+ INTEL:*_*_*_CC_FLAGS = /D SECURE_BOOT_FEATURE_ENABLED
+ GCC:*_*_*_CC_FLAGS = -D SECURE_BOOT_FEATURE_ENABLED
+!endif
+
!include NetworkPkg/NetworkBuildOptions.dsc.inc
[BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER]
@@ -165,7 +186,6 @@
PciCapLib|OvmfPkg/Library/BasePciCapLib/BasePciCapLib.inf
PciCapPciSegmentLib|OvmfPkg/Library/BasePciCapPciSegmentLib/BasePciCapPciSegmentLib.inf
PciCapPciIoLib|OvmfPkg/Library/UefiPciCapPciIoLib/UefiPciCapPciIoLib.inf
- CcProbeLib|OvmfPkg/Library/CcProbeLib/CcProbeLib.inf
IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf
OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHookStatusCodeLibNull.inf
SerialPortLib|PcAtChipsetPkg/Library/SerialIoLib/SerialIoLib.inf
@@ -189,9 +209,14 @@
LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf
MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
MemEncryptTdxLib|OvmfPkg/Library/BaseMemEncryptTdxLib/BaseMemEncryptTdxLib.inf
+ PeiHardwareInfoLib|OvmfPkg/Library/HardwareInfoLib/PeiHardwareInfoLib.inf
+ DxeHardwareInfoLib|OvmfPkg/Library/HardwareInfoLib/DxeHardwareInfoLib.inf
!if $(SMM_REQUIRE) == FALSE
LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf
+ CcProbeLib|OvmfPkg/Library/CcProbeLib/DxeCcProbeLib.inf
+!else
+ CcProbeLib|MdePkg/Library/CcProbeLibNull/CcProbeLibNull.inf
!endif
CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.inf
FrameBufferBltLib|MdeModulePkg/Library/FrameBufferBltLib/FrameBufferBltLib.inf
@@ -219,6 +244,7 @@
PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
+ PlatformPKProtectionLib|SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.inf
SecureBootVariableProvisionLib|SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.inf
!else
AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
@@ -226,6 +252,7 @@
VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
+ VariableFlashInfoLib|MdeModulePkg/Library/BaseVariableFlashInfoLib/BaseVariableFlashInfoLib.inf
#
@@ -237,17 +264,20 @@
TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
!endif
+!if $(BUILD_SHELL) == TRUE
ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf
+!endif
ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf
+
S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf
SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf
OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf
-!include OvmfPkg/OvmfTpmLibs.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc
[LibraryClasses.common]
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
- VmgExitLib|OvmfPkg/Library/VmgExitLib/VmgExitLib.inf
+ CcExitLib|OvmfPkg/Library/CcExitLib/CcExitLib.inf
TdxLib|MdePkg/Library/TdxLib/TdxLib.inf
TdxMailboxLib|OvmfPkg/Library/TdxMailboxLib/TdxMailboxLib.inf
@@ -273,8 +303,9 @@
!else
CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf
!endif
- VmgExitLib|OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf
+ CcExitLib|OvmfPkg/Library/CcExitLib/SecCcExitLib.inf
MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf
+ CcProbeLib|OvmfPkg/Library/CcProbeLib/SecPeiCcProbeLib.inf
[LibraryClasses.common.PEI_CORE]
HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf
@@ -288,9 +319,10 @@
!ifdef $(DEBUG_ON_SERIAL_PORT)
DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf
!else
- DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf
+ DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformRomDebugLibIoPort.inf
!endif
PeCoffLib|MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf
+ CcProbeLib|OvmfPkg/Library/CcProbeLib/SecPeiCcProbeLib.inf
[LibraryClasses.common.PEIM]
HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf
@@ -304,7 +336,7 @@
!ifdef $(DEBUG_ON_SERIAL_PORT)
DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf
!else
- DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf
+ DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformRomDebugLibIoPort.inf
!endif
PeCoffLib|MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf
ResourcePublicationLib|MdePkg/Library/PeiResourcePublicationLib/PeiResourcePublicationLib.inf
@@ -319,9 +351,8 @@
QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf
PlatformInitLib|OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf
-!include OvmfPkg/OvmfTpmLibsPeim.dsc.inc
-
MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf
+ CcProbeLib|OvmfPkg/Library/CcProbeLib/SecPeiCcProbeLib.inf
[LibraryClasses.common.DXE_CORE]
HobLib|MdePkg/Library/DxeCoreHobLib/DxeCoreHobLib.inf
@@ -404,12 +435,12 @@
DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/DxeDebugAgentLib.inf
!endif
PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
+ CpuPageTableLib|UefiCpuPkg/Library/CpuPageTableLib/CpuPageTableLib.inf
MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
+ NestedInterruptTplLib|OvmfPkg/Library/NestedInterruptTplLib/NestedInterruptTplLib.inf
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf
-!include OvmfPkg/OvmfTpmLibsDxe.dsc.inc
-
[LibraryClasses.common.UEFI_APPLICATION]
PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
TimerLib|OvmfPkg/Library/AcpiTimerLib/DxeAcpiTimerLib.inf
@@ -484,6 +515,9 @@
gUefiCpuPkgTokenSpaceGuid.PcdCpuHotPlugSupport|TRUE
gEfiMdeModulePkgTokenSpaceGuid.PcdEnableVariableRuntimeCache|FALSE
!endif
+!if $(SECURE_BOOT_ENABLE) == TRUE
+ gEfiMdeModulePkgTokenSpaceGuid.PcdRequireSelfSignedPk|TRUE
+!endif
[PcdsFixedAtBuild]
gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeMemorySize|1
@@ -566,7 +600,7 @@
# unknown) workloads / boot paths.
#
gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiACPIMemoryNVS|0x80
- gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiACPIReclaimMemory|0x10
+ gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiACPIReclaimMemory|0x12
gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiReservedMemoryType|0x80
gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesCode|0x100
gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesData|0x100
@@ -612,6 +646,8 @@
!endif
gEfiMdeModulePkgTokenSpaceGuid.PcdVideoHorizontalResolution|1280
gEfiMdeModulePkgTokenSpaceGuid.PcdVideoVerticalResolution|800
+ gEfiMdeModulePkgTokenSpaceGuid.PcdConOutRow|0
+ gEfiMdeModulePkgTokenSpaceGuid.PcdConOutColumn|0
gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiS3Enable|FALSE
gUefiOvmfPkgTokenSpaceGuid.PcdVideoResolutionSource|0
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfHostBridgePciDevId|0
@@ -663,7 +699,7 @@
gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00
-!include OvmfPkg/OvmfTpmPcds.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfTpmPcds.dsc.inc
# IPv4 and IPv6 PXE Boot support.
gEfiNetworkPkgTokenSpaceGuid.PcdIPv4PXESupport|0x01
@@ -673,11 +709,11 @@
gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0
!if $(CSM_ENABLE) == FALSE
- gEfiMdePkgTokenSpaceGuid.PcdFSBClock|100000000
+ gEfiMdePkgTokenSpaceGuid.PcdFSBClock|1000000000
!endif
[PcdsDynamicHii]
-!include OvmfPkg/OvmfTpmPcdsHii.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfTpmPcdsHii.dsc.inc
################################################################################
#
@@ -693,7 +729,8 @@
OvmfPkg/Sec/SecMain.inf {
NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompressLib.inf
- NULL|OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf
+ NULL|OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelperLib.inf
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
}
#
@@ -714,7 +751,10 @@
}
MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
- OvmfPkg/PlatformPei/PlatformPei.inf
+ OvmfPkg/PlatformPei/PlatformPei.inf {
+
+ NULL|OvmfPkg/IntelTdx/TdxHelperLib/PeiTdxHelperLib.inf
+ }
UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf {
!if $(SMM_REQUIRE) == TRUE
@@ -726,9 +766,31 @@
MdeModulePkg/Universal/Variable/Pei/VariablePei.inf
OvmfPkg/SmmAccess/SmmAccessPei.inf
!endif
- UefiCpuPkg/CpuMpPei/CpuMpPei.inf
-!include OvmfPkg/OvmfTpmComponentsPei.dsc.inc
+ UefiCpuPkg/CpuMpPei/CpuMpPei.inf {
+
+ #
+ # Directly use PeiMpInitLib. It depends on PeiMpInitLibMpDepLib which
+ # checks the PPI of gEfiPeiMpInitLibMpDepPpiGuid.
+ #
+ MpInitLib|UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf
+ NULL|OvmfPkg/Library/MpInitLibDepLib/PeiMpInitLibMpDepLib.inf
+ }
+
+ UefiCpuPkg/CpuMpPei/CpuMpPei.inf {
+
+ FILE_GUID = $(UP_CPU_PEI_GUID)
+
+
+ #
+ # Directly use MpInitLibUp. It depends on PeiMpInitLibUpDepLib which
+ # checks the PPI of gEfiPeiMpInitLibUpDepPpiGuid.
+ #
+ MpInitLib|UefiCpuPkg/Library/MpInitLibUp/MpInitLibUp.inf
+ NULL|OvmfPkg/Library/MpInitLibDepLib/PeiMpInitLibUpDepLib.inf
+ }
+
+!include OvmfPkg/Include/Dsc/OvmfTpmComponentsPei.dsc.inc
#
# DXE Phase modules
@@ -752,13 +814,37 @@
!if $(SECURE_BOOT_ENABLE) == TRUE
NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
-!include OvmfPkg/OvmfTpmSecurityStub.dsc.inc
!endif
+!include OvmfPkg/Include/Dsc/OvmfTpmSecurityStub.dsc.inc
}
MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf
- UefiCpuPkg/CpuDxe/CpuDxe.inf
+
+ UefiCpuPkg/CpuDxe/CpuDxe.inf {
+
+ #
+ # Directly use DxeMpInitLib. It depends on DxeMpInitLibMpDepLib which
+ # checks the Protocol of gEfiMpInitLibMpDepProtocolGuid.
+ #
+ CpuPageTableLib|UefiCpuPkg/Library/CpuPageTableLib/CpuPageTableLib.inf
+ MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
+ NULL|OvmfPkg/Library/MpInitLibDepLib/DxeMpInitLibMpDepLib.inf
+ }
+
+ UefiCpuPkg/CpuDxe/CpuDxe.inf {
+
+ FILE_GUID = $(UP_CPU_DXE_GUID)
+
+
+ #
+ # Directly use MpInitLibUp. It depends on DxeMpInitLibUpDepLib which
+ # checks the Protocol of gEfiMpInitLibUpDepProtocolGuid.
+ #
+ MpInitLib|UefiCpuPkg/Library/MpInitLibUp/MpInitLibUp.inf
+ NULL|OvmfPkg/Library/MpInitLibDepLib/DxeMpInitLibUpDepLib.inf
+ }
+
!ifdef $(CSM_ENABLE)
OvmfPkg/8259InterruptControllerDxe/8259.inf
OvmfPkg/8254TimerDxe/8254Timer.inf
@@ -886,18 +972,8 @@
# Network Support
#
!include NetworkPkg/NetworkComponents.dsc.inc
+!include OvmfPkg/Include/Dsc/NetworkComponents.dsc.inc
- NetworkPkg/UefiPxeBcDxe/UefiPxeBcDxe.inf {
-
- NULL|OvmfPkg/Library/PxeBcPcdProducerLib/PxeBcPcdProducerLib.inf
- }
-
-!if $(NETWORK_TLS_ENABLE) == TRUE
- NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf {
-
- NULL|OvmfPkg/Library/TlsAuthConfigLib/TlsAuthConfigLib.inf
- }
-!endif
OvmfPkg/VirtioNetDxe/VirtioNet.inf
#
@@ -919,7 +995,7 @@
OvmfPkg/Csm/Csm16/Csm16.inf
!endif
-!if $(TOOL_CHAIN_TAG) != "XCODE5"
+!if $(TOOL_CHAIN_TAG) != "XCODE5" && $(BUILD_SHELL) == TRUE
ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf {
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
@@ -933,6 +1009,7 @@
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
}
!endif
+!if $(BUILD_SHELL) == TRUE
ShellPkg/Application/Shell/Shell.inf {
ShellCommandLib|ShellPkg/Library/UefiShellCommandLib/UefiShellCommandLib.inf
@@ -955,6 +1032,7 @@
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000
}
+!endif
!if $(SECURE_BOOT_ENABLE) == TRUE
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
@@ -1005,7 +1083,7 @@
#
OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf {
- VmgExitLib|UefiCpuPkg/Library/VmgExitLibNull/VmgExitLibNull.inf
+ CcExitLib|UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf
}
MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.inf
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf {
@@ -1032,7 +1110,18 @@
}
!endif
+ #
+ # Cc Measurement Protocol for Td guest
+ #
+!if $(CC_MEASUREMENT_ENABLE) == TRUE
+ SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf {
+
+ HashLib|SecurityPkg/Library/HashLibTdx/HashLibTdx.inf
+ NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
+ }
+!endif
+
#
# TPM support
#
-!include OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfTpmComponentsDxe.dsc.inc