[edk2-devel] [PATCH v1 2/2] OvmfPkg: Use PcdNetworkSupport to enable/disable VirtIo net
Yuan Yu via groups.io
yuanyu=google.com at groups.io
Thu Aug 4 02:52:39 UTC 2022
Enable/Disable VirtIo net based on the value of PcdNetworkSupport which
is controlled in NetworkCfgLib, which sets the PCD based on
"etc/networking" qemu file.
With this change, VMM can disable networking even if it is enabled at
compile time. This will allow to reduce attack surface by simply
providing an "etc/networking" value without having to recompile EDK2
completely.
Cc: Ard Biesheuvel <ardb+tianocore at kernel.org>
Cc: Jordan Justen <jordan.l.justen at intel.com>
Cc: Laszlo Ersek <lersek at redhat.com>
Cc: Anthony Perard <anthony.perard at citrix.com>
Cc: Julien Grall <julien at xen.org>
Signed-off-by: Yuan Yu <yuanyu at google.com>
---
OvmfPkg/OvmfPkgX64.dsc | 7 ++++++-
OvmfPkg/VirtioNetDxe/VirtioNet.inf | 3 +++
OvmfPkg/VirtioNetDxe/EntryPoint.c | 10 ++++++++++
3 files changed, 19 insertions(+), 1 deletion(-)
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 6e68f60dc90f..63cce9f65a95 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -686,6 +686,8 @@ [PcdsDynamicDefault]
gEfiMdePkgTokenSpaceGuid.PcdFSBClock|1000000000
!endif
+ gUefiOvmfPkgTokenSpaceGuid.PcdNetworkSupport|TRUE
+
[PcdsDynamicHii]
!include OvmfPkg/OvmfTpmPcdsHii.dsc.inc
@@ -953,7 +955,10 @@ [Components]
NULL|OvmfPkg/Library/TlsAuthConfigLib/TlsAuthConfigLib.inf
}
!endif
- OvmfPkg/VirtioNetDxe/VirtioNet.inf
+ OvmfPkg/VirtioNetDxe/VirtioNet.inf {
+ <LibraryClasses>
+ NULL|OvmfPkg/Library/NetworkCfgLib/NetworkCfgLib.inf
+ }
#
# Usb Support
diff --git a/OvmfPkg/VirtioNetDxe/VirtioNet.inf b/OvmfPkg/VirtioNetDxe/VirtioNet.inf
index ada84ed5543b..37bcf13b7863 100644
--- a/OvmfPkg/VirtioNetDxe/VirtioNet.inf
+++ b/OvmfPkg/VirtioNetDxe/VirtioNet.inf
@@ -54,3 +54,6 @@ [Protocols]
gEfiSimpleNetworkProtocolGuid ## BY_START
gEfiDevicePathProtocolGuid ## BY_START
gVirtioDeviceProtocolGuid ## TO_START
+
+[Pcd]
+ gUefiOvmfPkgTokenSpaceGuid.PcdNetworkSupport ## CONSUMES
diff --git a/OvmfPkg/VirtioNetDxe/EntryPoint.c b/OvmfPkg/VirtioNetDxe/EntryPoint.c
index c3f41dab57bd..9bf220b9ade5 100644
--- a/OvmfPkg/VirtioNetDxe/EntryPoint.c
+++ b/OvmfPkg/VirtioNetDxe/EntryPoint.c
@@ -9,6 +9,8 @@
**/
+#include <PiDxe.h>
+
#include <Library/UefiLib.h>
#include "VirtioNet.h"
@@ -32,6 +34,14 @@ VirtioNetEntryPoint (
IN EFI_SYSTEM_TABLE *SystemTable
)
{
+ if (PcdGetBool (PcdNetworkSupport)) {
+ DEBUG ((DEBUG_INFO, "[network] %a - Networking enabled.\n", __FUNCTION__));
+ } else {
+ DEBUG ((DEBUG_INFO, "[network] %a - Networking disabled.\n", __FUNCTION__));
+
+ return EFI_REQUEST_UNLOAD_IMAGE;
+ }
+
return EfiLibInstallDriverBindingComponentName2 (
ImageHandle,
SystemTable,
--
2.37.1.559.g78731f0fdb-goog
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#92120): https://edk2.groups.io/g/devel/message/92120
Mute This Topic: https://groups.io/mt/92816626/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list