This build time flag and corresponding Feature PCD will control whether
OVMF supports (and, equivalently, requires) SMM/SMRAM support from QEMU.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19034
6f19259b-4bc3-4df7-8a09-
765794883524
gUefiOvmfPkgTokenSpaceGuid.PcdSecureBootEnable|FALSE|BOOLEAN|3\r
gUefiOvmfPkgTokenSpaceGuid.PcdQemuBootOrderPciTranslation|TRUE|BOOLEAN|0x1c\r
gUefiOvmfPkgTokenSpaceGuid.PcdQemuBootOrderMmioTranslation|FALSE|BOOLEAN|0x1d\r
+\r
+ ## This feature flag enables SMM/SMRAM support. Note that it also requires\r
+ # such support from the underlying QEMU instance; if that support is not\r
+ # present, the firmware will reject continuing after a certain point.\r
+ #\r
+ # The flag also acts as a general "security switch"; when TRUE, many\r
+ # components will change behavior, with the goal of preventing a malicious\r
+ # runtime OS from tampering with firmware structures (special memory ranges\r
+ # used by OVMF, the varstore pflash chip, LockBox etc).\r
+ gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire|FALSE|BOOLEAN|0x1e\r
DEFINE SECURE_BOOT_ENABLE = FALSE\r
DEFINE NETWORK_IP6_ENABLE = FALSE\r
DEFINE HTTP_BOOT_ENABLE = FALSE\r
+ DEFINE SMM_REQUIRE = FALSE\r
\r
[BuildOptions]\r
GCC:*_UNIXGCC_*_CC_FLAGS = -DMDEPKG_NDEBUG\r
!if $(SECURE_BOOT_ENABLE) == TRUE\r
gUefiOvmfPkgTokenSpaceGuid.PcdSecureBootEnable|TRUE\r
!endif\r
+!if $(SMM_REQUIRE) == TRUE\r
+ gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire|TRUE\r
+!endif\r
\r
[PcdsFixedAtBuild]\r
gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeMemorySize|1\r
DEFINE SECURE_BOOT_ENABLE = FALSE\r
DEFINE NETWORK_IP6_ENABLE = FALSE\r
DEFINE HTTP_BOOT_ENABLE = FALSE\r
+ DEFINE SMM_REQUIRE = FALSE\r
\r
[BuildOptions]\r
GCC:*_UNIXGCC_*_CC_FLAGS = -DMDEPKG_NDEBUG\r
!if $(SECURE_BOOT_ENABLE) == TRUE\r
gUefiOvmfPkgTokenSpaceGuid.PcdSecureBootEnable|TRUE\r
!endif\r
+!if $(SMM_REQUIRE) == TRUE\r
+ gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire|TRUE\r
+!endif\r
\r
[PcdsFixedAtBuild]\r
gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeMemorySize|1\r
DEFINE SECURE_BOOT_ENABLE = FALSE\r
DEFINE NETWORK_IP6_ENABLE = FALSE\r
DEFINE HTTP_BOOT_ENABLE = FALSE\r
+ DEFINE SMM_REQUIRE = FALSE\r
\r
[BuildOptions]\r
GCC:*_UNIXGCC_*_CC_FLAGS = -DMDEPKG_NDEBUG\r
!if $(SECURE_BOOT_ENABLE) == TRUE\r
gUefiOvmfPkgTokenSpaceGuid.PcdSecureBootEnable|TRUE\r
!endif\r
+!if $(SMM_REQUIRE) == TRUE\r
+ gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire|TRUE\r
+!endif\r
\r
[PcdsFixedAtBuild]\r
gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeMemorySize|1\r