OvmfPkg/TlsAuthConfigLib: configure trusted CA certs for HTTPS boot

[mirror_edk2.git] / OvmfPkg / OvmfPkgIa32.dsc
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc

index 5bd3f4f977df08ac3c7953eaed9ef5761737d9d8..c9eb248506c5a2ac78a2c051cc9eecd26527a09e 100644 (file)
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -39,6 +39,7 @@
    DEFINE HTTP_BOOT_ENABLE        = FALSE\r
    DEFINE SMM_REQUIRE             = FALSE\r
    DEFINE TLS_ENABLE              = FALSE\r
+  DEFINE TPM2_ENABLE             = FALSE\r
  \r
    #\r
    # Flash size selection. Setting FD_SIZE_IN_KB on the command line directly to\r
@@ -203,6 +204,12 @@
    OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf\r
    XenHypercallLib|OvmfPkg/Library/XenHypercallLib/XenHypercallLib.inf\r
  \r
+!if $(TPM2_ENABLE) == TRUE\r
+  Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf\r
+  Tcg2PhysicalPresenceLib|SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf\r
+  Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf\r
+!endif\r
+\r
  [LibraryClasses.common]\r
    BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf\r
  \r
@@ -267,6 +274,11 @@
    PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf\r
    QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf\r
  \r
+!if $(TPM2_ENABLE) == TRUE\r
+  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf\r
+  Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf\r
+!endif\r
+\r
  [LibraryClasses.common.DXE_CORE]\r
    HobLib|MdePkg/Library/DxeCoreHobLib/DxeCoreHobLib.inf\r
    DxeCoreEntryPoint|MdePkg/Library/DxeCoreEntryPoint/DxeCoreEntryPoint.inf\r
@@ -346,6 +358,9 @@
    PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf\r
    MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf\r
    QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf\r
+!if $(TPM2_ENABLE) == TRUE\r
+  Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf\r
+!endif\r
  \r
  [LibraryClasses.common.UEFI_APPLICATION]\r
    PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf\r
@@ -424,13 +439,23 @@
  !if ($(FD_SIZE_IN_KB) == 1024) || ($(FD_SIZE_IN_KB) == 2048)\r
    gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000\r
    gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800\r
+!if $(TLS_ENABLE) == FALSE\r
+  # match PcdFlashNvStorageVariableSize purely for convenience\r
    gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0xe000\r
  !endif\r
+!endif\r
  !if $(FD_SIZE_IN_KB) == 4096\r
    gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x8400\r
    gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x8400\r
+!if $(TLS_ENABLE) == FALSE\r
+  # match PcdFlashNvStorageVariableSize purely for convenience\r
    gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x40000\r
  !endif\r
+!endif\r
+!if $(TLS_ENABLE) == TRUE\r
+  gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x80000\r
+  gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize|0x40000\r
+!endif\r
  \r
    gEfiMdeModulePkgTokenSpaceGuid.PcdVpdBaseAddress|0x0\r
  \r
@@ -547,6 +572,10 @@
  \r
    gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00\r
  \r
+!if $(TPM2_ENABLE) == TRUE\r
+  gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}\r
+!endif\r
+\r
  ################################################################################\r
  #\r
  # Components Section - list of all EDK II Modules needed by this Platform.\r
@@ -593,6 +622,16 @@
  !endif\r
    UefiCpuPkg/CpuMpPei/CpuMpPei.inf\r
  \r
+!if $(TPM2_ENABLE) == TRUE\r
+  OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf\r
+  SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {\r
+    <LibraryClasses>\r
+      HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf\r
+      NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf\r
+      NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf\r
+  }\r
+!endif\r
+\r
    #\r
    # DXE Phase modules\r
    #\r
@@ -615,6 +654,9 @@
      <LibraryClasses>\r
  !if $(SECURE_BOOT_ENABLE) == TRUE\r
        NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf\r
+!endif\r
+!if $(TPM2_ENABLE) == TRUE\r
+      NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf\r
  !endif\r
    }\r
  \r
@@ -762,7 +804,10 @@
  !endif\r
  !if $(TLS_ENABLE) == TRUE\r
    NetworkPkg/TlsDxe/TlsDxe.inf\r
-  NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf\r
+  NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf {\r
+    <LibraryClasses>\r
+      NULL|OvmfPkg/Library/TlsAuthConfigLib/TlsAuthConfigLib.inf\r
+  }\r
  !endif\r
    OvmfPkg/VirtioNetDxe/VirtioNet.inf\r
  \r
@@ -877,3 +922,14 @@
        NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf\r
    }\r
  !endif\r
+\r
+!if $(TPM2_ENABLE) == TRUE\r
+  SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {\r
+    <LibraryClasses>\r
+      Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf\r
+      NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf\r
+      HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf\r
+      NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf\r
+      NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf\r
+  }\r
+!endif\r