SKUID_IDENTIFIER = DEFAULT\r
FLASH_DEFINITION = Nt32Pkg/Nt32Pkg.fdf\r
\r
+ #\r
+ # Defines for default states. These can be changed on the command line.\r
+ # -D FLAG=VALUE\r
+ #\r
+ DEFINE SECURE_BOOT_ENABLE = FALSE\r
\r
################################################################################\r
#\r
PerformanceLib|MdePkg/Library/BasePerformanceLibNull/BasePerformanceLibNull.inf\r
DebugAgentLib|MdeModulePkg/Library/DebugAgentLibNull/DebugAgentLibNull.inf\r
CpuExceptionHandlerLib|MdeModulePkg/Library/CpuExceptionHandlerLibNull/CpuExceptionHandlerLibNull.inf\r
+ \r
+!if $(SECURE_BOOT_ENABLE) == TRUE\r
+ PlatformSecureLib|Nt32Pkg/Library/PlatformSecureLib/PlatformSecureLib.inf\r
+ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf\r
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf\r
+!endif\r
\r
[LibraryClasses.common.USER_DEFINED]\r
DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf\r
[LibraryClasses.common.PEIM]\r
PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf\r
OemHookStatusCodeLib|Nt32Pkg/Library/PeiNt32OemHookStatusCodeLib/PeiNt32OemHookStatusCodeLib.inf\r
+!if $(SECURE_BOOT_ENABLE) == TRUE \r
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf\r
+!endif\r
\r
[LibraryClasses.common]\r
#\r
PeCoffExtraActionLib|Nt32Pkg/Library/DxeNt32PeCoffExtraActionLib/DxeNt32PeCoffExtraActionLib.inf\r
ExtractGuidedSectionLib|MdePkg/Library/DxeExtractGuidedSectionLib/DxeExtractGuidedSectionLib.inf\r
WinNtLib|Nt32Pkg/Library/DxeWinNtLib/DxeWinNtLib.inf\r
+!if $(SECURE_BOOT_ENABLE) == TRUE\r
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf\r
+!endif\r
\r
[LibraryClasses.common.DXE_CORE]\r
HobLib|MdePkg/Library/DxeCoreHobLib/DxeCoreHobLib.inf\r
[LibraryClasses.common.UEFI_APPLICATION]\r
PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf\r
PrintLib|MdeModulePkg/Library/DxePrintLibPrint2Protocol/DxePrintLibPrint2Protocol.inf\r
+ \r
+[LibraryClasses.common.DXE_RUNTIME_DRIVER]\r
+ #\r
+ # Runtime\r
+ #\r
+!if $(SECURE_BOOT_ENABLE) == TRUE\r
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf\r
+!endif\r
\r
################################################################################\r
#\r
gEfiNt32PkgTokenSpaceGuid.PcdWinNtFirmwareBlockSize|0x10000\r
gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x0f\r
gEfiMdeModulePkgTokenSpaceGuid.PcdResetOnMemoryTypeInformationChange|FALSE\r
+!if $(SECURE_BOOT_ENABLE) == TRUE\r
+ gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000\r
+!endif\r
+\r
+!if $(SECURE_BOOT_ENABLE) == TRUE\r
+ # override the default values from SecurityPkg to ensure images from all sources are verified in secure boot\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x05\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy|0x05\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdRemovableMediaImageVerificationPolicy|0x05\r
+!endif\r
\r
################################################################################\r
#\r
Nt32Pkg/BootModePei/BootModePei.inf\r
Nt32Pkg/StallPei/StallPei.inf\r
Nt32Pkg/WinNtFlashMapPei/WinNtFlashMapPei.inf\r
+ \r
+!if $(SECURE_BOOT_ENABLE) == TRUE\r
+ SecurityPkg/VariableAuthenticated/Pei/VariablePei.inf\r
+!else\r
MdeModulePkg/Universal/Variable/Pei/VariablePei.inf\r
+!endif\r
+\r
Nt32Pkg/WinNtAutoScanPei/WinNtAutoScanPei.inf\r
Nt32Pkg/WinNtFirmwareVolumePei/WinNtFirmwareVolumePei.inf\r
Nt32Pkg/WinNtThunkPPIToProtocolPei/WinNtThunkPPIToProtocolPei.inf\r
Nt32Pkg/ResetRuntimeDxe/ResetRuntimeDxe.inf\r
MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf\r
Nt32Pkg/FvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf\r
- MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf\r
+ MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {\r
+ <LibraryClasses>\r
+!if $(SECURE_BOOT_ENABLE) == TRUE\r
+ NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf\r
+!endif \r
+ }\r
MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.inf\r
MdeModulePkg/Universal/EbcDxe/EbcDxe.inf\r
MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf\r
MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/ReportStatusCodeRouterRuntimeDxe.inf\r
MdeModulePkg/Universal/StatusCodeHandler/RuntimeDxe/StatusCodeHandlerRuntimeDxe.inf\r
Nt32Pkg/WinNtOemHookStatusCodeHandlerDxe/WinNtOemHookStatusCodeHandlerDxe.inf\r
+!if $(SECURE_BOOT_ENABLE) == TRUE\r
+ SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf \r
+ SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf\r
+!else\r
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf\r
+!endif\r
MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf\r
MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf\r
MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf\r