ArmVirtPkg: resolve OpensslLib to OpensslLibCrypto

The OpensslLibCrypto library instance (which does not contain libssl
functions) is sufficient for the Secure Boot feature. It would not be
sufficient for HTTPS booting (which requires TLS), but in ArmVirtPkg, we
don't even enable plaintext HTTP booting for the time being.

Ease security analysis by excluding libssl functionality from the
OpensslLib instance we use.

Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Tomas Hoger <thoger@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>

diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
index 61d4a6642eb760350da86899f7e538ec9fbf36ec..8e3d298723f1e4a0c318beb5e330ff64d88b52a4 100644 (file)
--- a/ArmVirtPkg/ArmVirt.dsc.inc
+++ b/ArmVirtPkg/ArmVirt.dsc.inc
@@ -139,7 +139,7 @@
   #\r
 !if $(SECURE_BOOT_ENABLE) == TRUE\r
   IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf\r
-  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf\r
+  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf\r
   TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf\r
   AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf\r
   BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf\r