OvmfPkg forked SecureBootConfigDxe from SecurityPkg in SVN r13635 (git
commit
8c71ec8f). Since then, the original (in
"SecurityPkg/VariableAuthenticated/SecureBootConfigDxe") has diverged
significantly.
The initial diff between the original and the fork, when the fork was made
(ie. at SVN r13635), reads as follows:
> diff -ur SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr OvmfPkg/SecureBootConfigDxe/SecureBootConfig.vfr
> --- SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr 2014-09-30 23:35:28.
598067147 +0200
> +++ OvmfPkg/SecureBootConfigDxe/SecureBootConfig.vfr 2014-08-09 02:40:35.
824851626 +0200
> @@ -51,7 +51,7 @@
> questionid = KEY_SECURE_BOOT_ENABLE,
> prompt = STRING_TOKEN(STR_SECURE_BOOT_PROMPT),
> help = STRING_TOKEN(STR_SECURE_BOOT_HELP),
> - flags = INTERACTIVE | RESET_REQUIRED,
> + flags = INTERACTIVE,
> endcheckbox;
> endif;
>
> @@ -158,7 +158,7 @@
> questionid = KEY_SECURE_BOOT_DELETE_PK,
> prompt = STRING_TOKEN(STR_DELETE_PK),
> help = STRING_TOKEN(STR_DELETE_PK_HELP),
> - flags = INTERACTIVE | RESET_REQUIRED,
> + flags = INTERACTIVE,
> endcheckbox;
> endif;
> endform;
> diff -ur SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf OvmfPkg/SecureBootConfigDxe/SecureBootConfigDxe.inf
> --- SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf 2014-09-30 23:35:28.
598067147 +0200
> +++ OvmfPkg/SecureBootConfigDxe/SecureBootConfigDxe.inf 2014-09-30 23:35:28.
577067027 +0200
> @@ -1,5 +1,8 @@
> ## @file
> -# Component name for SecureBoot configuration module.
> +# Component name for SecureBoot configuration module for OVMF.
> +#
> +# Need custom SecureBootConfigDxe for OVMF that does not force
> +# resets after PK changes since OVMF doesn't have persistent variables
> #
> # Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.<BR>
> # This program and the accompanying materials
> diff -ur SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c OvmfPkg/SecureBootConfigDxe/SecureBootConfigImpl.c
> --- SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c 2014-09-30 23:35:28.
599067153 +0200
> +++ OvmfPkg/SecureBootConfigDxe/SecureBootConfigImpl.c 2014-09-30 23:35:28.
578067033 +0200
> @@ -2559,7 +2559,7 @@
> NULL
> );
> } else {
> - *ActionRequest = EFI_BROWSER_ACTION_REQUEST_RESET;
> + *ActionRequest = EFI_BROWSER_ACTION_REQUEST_SUBMIT;
> }
> break;
The commit message is not overly verbose:
OvmfPkg: Add custom SecureBootConfigDxe that doesn't reset
We don't force a platform reset for OVMF when PK is changed in custom
mode setup.
But the INF file hunk is telling:
Need custom SecureBootConfigDxe for OVMF that does not force resets
after PK changes since OVMF doesn't have persistent variables
We do have persistent variables now. Let's disable the (now obsolete)
OvmfPkg fork, and revert to the (well maintained) SecurityPkg-provided
config driver.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
Tested-by: Gary Lin <glin@suse.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16191
6f19259b-4bc3-4df7-8a09-
765794883524
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf\r
OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf\r
}\r
- OvmfPkg/SecureBootConfigDxe/SecureBootConfigDxe.inf\r
+ SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf\r
!endif\r
\r
OvmfPkg/PlatformDxe/Platform.inf\r
\r
!if $(SECURE_BOOT_ENABLE) == TRUE\r
INF SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf\r
- INF OvmfPkg/SecureBootConfigDxe/SecureBootConfigDxe.inf\r
+ INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf\r
!else\r
INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf\r
!endif\r
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf\r
OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf\r
}\r
- OvmfPkg/SecureBootConfigDxe/SecureBootConfigDxe.inf\r
+ SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf\r
!endif\r
\r
OvmfPkg/PlatformDxe/Platform.inf\r
\r
!if $(SECURE_BOOT_ENABLE) == TRUE\r
INF SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf\r
- INF OvmfPkg/SecureBootConfigDxe/SecureBootConfigDxe.inf\r
+ INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf\r
!else\r
INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf\r
!endif\r
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf\r
OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf\r
}\r
- OvmfPkg/SecureBootConfigDxe/SecureBootConfigDxe.inf\r
+ SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf\r
!endif\r
\r
OvmfPkg/PlatformDxe/Platform.inf\r
\r
!if $(SECURE_BOOT_ENABLE) == TRUE\r
INF SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf\r
- INF OvmfPkg/SecureBootConfigDxe/SecureBootConfigDxe.inf\r
+ INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf\r
!else\r
INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf\r
!endif\r
- Option 1: QEMU 1.6 or newer; Use QEMU -pflash parameter\r
* QEMU/OVMF will use emulated flash, and fully support UEFI variables\r
* Run qemu with: -pflash path/to/OVMF.fd\r
+ * Note that this option is required for running SecureBoot-enabled builds\r
+ (-D SECURE_BOOT_ENABLE).\r
- Option 2: Use QEMU -bios parameter\r
* Note that UEFI variables will be partially emulated, and non-volatile\r
variables may lose their contents after a reboot\r
projects / mirror_edk2.git / commitdiff