]> git.proxmox.com Git - mirror_edk2.git/commitdiff
projects / mirror_edk2.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 566cdfc)
OvmfPkg: require self-signed PK when secure boot is enabled
authorJan Bobek <jbobek@nvidia.com>
Fri, 20 Jan 2023 22:58:33 +0000 (06:58 +0800)
committermergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
Sat, 4 Feb 2023 11:53:59 +0000 (11:53 +0000)
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2506

In all DSC files that define SECURE_BOOT_ENABLE, opt-in into requiring
self-signed PK when SECURE_BOOT_ENABLE is TRUE.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Rebecca Cran <rebecca@bsdio.com>
Cc: Peter Grehan <grehan@freebsd.org>
Cc: Sebastien Boeuf <sebastien.boeuf@intel.com>
Signed-off-by: Jan Bobek <jbobek@nvidia.com>
Reviewed-by: Sean Brogan <sean.brogan@microsoft.com>
Acked-by: Jiewen Yao <jiewen.yao@intel.com>
OvmfPkg/Bhyve/BhyveX64.dsc patch | blob | blame | history
OvmfPkg/CloudHv/CloudHvX64.dsc patch | blob | blame | history
OvmfPkg/IntelTdx/IntelTdxX64.dsc patch | blob | blame | history
OvmfPkg/Microvm/MicrovmX64.dsc patch | blob | blame | history
OvmfPkg/OvmfPkgIa32.dsc patch | blob | blame | history
OvmfPkg/OvmfPkgIa32X64.dsc patch | blob | blame | history
OvmfPkg/OvmfPkgX64.dsc patch | blob | blame | history

diff --git a/OvmfPkg/Bhyve/BhyveX64.dsc b/OvmfPkg/Bhyve/BhyveX64.dsc
index befec670d4f32a735a69da07277ba7da4ac0e473..66a2ae8868e515365c9c46cb23907483c49f51d9 100644 (file)
--- a/OvmfPkg/Bhyve/BhyveX64.dsc
+++ b/OvmfPkg/Bhyve/BhyveX64.dsc
@@ -422,6 +422,9 @@
   gEfiMdeModulePkgTokenSpaceGuid.PcdConOutGopSupport|TRUE\r
   gEfiMdeModulePkgTokenSpaceGuid.PcdConOutUgaSupport|FALSE\r
   gEfiMdeModulePkgTokenSpaceGuid.PcdInstallAcpiSdtProtocol|TRUE\r
+!if $(SECURE_BOOT_ENABLE) == TRUE\r
+  gEfiMdeModulePkgTokenSpaceGuid.PcdRequireSelfSignedPk|TRUE\r
+!endif\r
 \r
 [PcdsFixedAtBuild]\r
   gEfiMdeModulePkgTokenSpaceGuid.PcdPciDisableBusEnumeration|TRUE\r
diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc b/OvmfPkg/CloudHv/CloudHvX64.dsc
index fc5e73158a711b83b0a8026b2d52d29b6f90953b..fda7d2b9e52f19ddf0648389dc2428e5a0afbc5f 100644 (file)
--- a/OvmfPkg/CloudHv/CloudHvX64.dsc
+++ b/OvmfPkg/CloudHv/CloudHvX64.dsc
@@ -480,6 +480,9 @@
   gUefiCpuPkgTokenSpaceGuid.PcdCpuHotPlugSupport|TRUE\r
   gEfiMdeModulePkgTokenSpaceGuid.PcdEnableVariableRuntimeCache|FALSE\r
 !endif\r
+!if $(SECURE_BOOT_ENABLE) == TRUE\r
+  gEfiMdeModulePkgTokenSpaceGuid.PcdRequireSelfSignedPk|TRUE\r
+!endif\r
 \r
 [PcdsFixedAtBuild]\r
   gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeMemorySize|1\r
diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
index 41de2e9428171f662db63e0ac6813a85485d4e6f..95b9594ddce038f9f12400d30935571f3b71c65c 100644 (file)
--- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc
+++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
@@ -390,6 +390,9 @@
 !ifdef $(CSM_ENABLE)\r
   gUefiOvmfPkgTokenSpaceGuid.PcdCsmEnable|TRUE\r
 !endif\r
+!if $(SECURE_BOOT_ENABLE) == TRUE\r
+  gEfiMdeModulePkgTokenSpaceGuid.PcdRequireSelfSignedPk|TRUE\r
+!endif\r
 \r
 [PcdsFixedAtBuild]\r
   gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeMemorySize|1\r
diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc
index 1161e1f39bf29e188354d197ff9ca476c19b6ae0..0d65d21e651c07a40bce62feda72edb0ed0c5f0b 100644 (file)
--- a/OvmfPkg/Microvm/MicrovmX64.dsc
+++ b/OvmfPkg/Microvm/MicrovmX64.dsc
@@ -476,6 +476,9 @@
   gEfiMdeModulePkgTokenSpaceGuid.PcdConOutGopSupport|TRUE\r
   gEfiMdeModulePkgTokenSpaceGuid.PcdConOutUgaSupport|FALSE\r
   gEfiMdeModulePkgTokenSpaceGuid.PcdInstallAcpiSdtProtocol|TRUE\r
+!if $(SECURE_BOOT_ENABLE) == TRUE\r
+  gEfiMdeModulePkgTokenSpaceGuid.PcdRequireSelfSignedPk|TRUE\r
+!endif\r
 \r
 [PcdsFixedAtBuild]\r
   gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeMemorySize|1\r
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index f232de13a7b6ec00229c9dd376a6dbaf04eaf3ac..22dc29330d2ded0c7c8fc90887ad6a6628c64aa7 100644 (file)
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -488,6 +488,9 @@
   gUefiCpuPkgTokenSpaceGuid.PcdCpuHotPlugSupport|TRUE\r
   gEfiMdeModulePkgTokenSpaceGuid.PcdEnableVariableRuntimeCache|FALSE\r
 !endif\r
+!if $(SECURE_BOOT_ENABLE) == TRUE\r
+  gEfiMdeModulePkgTokenSpaceGuid.PcdRequireSelfSignedPk|TRUE\r
+!endif\r
 \r
 [PcdsFixedAtBuild]\r
   gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeMemorySize|1\r
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index a9d422bd916971a398527b401ead307a14f97566..6b539814bdb039f18e45d5f283b1e140e63e1104 100644 (file)
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -493,6 +493,9 @@
   gUefiCpuPkgTokenSpaceGuid.PcdCpuHotPlugSupport|TRUE\r
   gEfiMdeModulePkgTokenSpaceGuid.PcdEnableVariableRuntimeCache|FALSE\r
 !endif\r
+!if $(SECURE_BOOT_ENABLE) == TRUE\r
+  gEfiMdeModulePkgTokenSpaceGuid.PcdRequireSelfSignedPk|TRUE\r
+!endif\r
 \r
 [PcdsFixedAtBuild]\r
   gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeMemorySize|1\r
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 8f9355f5447cee4d45132bccb09d1ba650fe5546..e3c64456dfef48bcf202a9609510fed5fa97462d 100644 (file)
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -514,6 +514,9 @@
   gUefiCpuPkgTokenSpaceGuid.PcdCpuHotPlugSupport|TRUE\r
   gEfiMdeModulePkgTokenSpaceGuid.PcdEnableVariableRuntimeCache|FALSE\r
 !endif\r
+!if $(SECURE_BOOT_ENABLE) == TRUE\r
+  gEfiMdeModulePkgTokenSpaceGuid.PcdRequireSelfSignedPk|TRUE\r
+!endif\r
 \r
 [PcdsFixedAtBuild]\r
   gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeMemorySize|1\r
EFI Development Kit II mirror for PVE