[edk2-devel] [PATCH v3 05/11] OvmfPkg: add OvmfCrypto*.inc
Gerd Hoffmann
kraxel at redhat.com
Thu Mar 9 11:09:28 UTC 2023
Create include files for crypto support, so the configuration can be
shared for all OVMF build variants. Also add support for using the
Crypto Driver.
The Crypto Driver is by default for enabled SMM + DXE and disabled for
PEI. This can be changed using the {PEI,SMM,DXE}_USE_CRYPTO_DRIVER
options. The config option is intended to be temporary and will
probably stay for one or two releases as fallback, then be removed.
The configuration follows mostly the recommendations given in
CryptoPkg/Readme.md, with some minor exceptions like only compiling
TLS support in case NETWORK_TLS_ENABLE is TRUE.
Signed-off-by: Gerd Hoffmann <kraxel at redhat.com>
---
.../Dsc/OvmfCryptoComponentsDxe.dsc.inc | 23 ++++++
.../Dsc/OvmfCryptoComponentsPei.dsc.inc | 19 +++++
.../Dsc/OvmfCryptoComponentsSmm.dsc.inc | 18 +++++
OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc | 7 ++
OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc | 72 +++++++++++++++++++
OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc | 12 ++++
OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc | 7 ++
7 files changed, 158 insertions(+)
create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc
create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc
create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc
create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc
create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc
create mode 100644 OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc
create mode 100644 OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc
diff --git a/OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc
new file mode 100644
index 000000000000..72728aea68f5
--- /dev/null
+++ b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc
@@ -0,0 +1,23 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+# mostly following CryptoPkg/Readme.md recommendations
+##
+
+!if $(DXE_USE_CRYPTO_DRIVER) == TRUE
+
+ CryptoPkg/Driver/CryptoDxe.inf {
+ <LibraryClasses>
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+!if $(NETWORK_TLS_ENABLE) == TRUE
+ TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+!else
+ TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+!endif
+ <PcdsFixedAtBuild>
+!include CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc
+ }
+
+!endif
diff --git a/OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc
new file mode 100644
index 000000000000..0457235f8eb0
--- /dev/null
+++ b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc
@@ -0,0 +1,19 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+# mostly following CryptoPkg/Readme.md recommendations
+##
+
+!if $(PEI_USE_CRYPTO_DRIVER) == TRUE
+
+ CryptoPkg/Driver/CryptoPei.inf {
+ <LibraryClasses>
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+ TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+ <PcdsFixedAtBuild>
+#!include CryptoPkg/Include/Dsc/CryptoServicePcd.min_pei.dsc.inc
+!include CryptoPkg/Include/Dsc/CryptoServicePcd.hash_only.dsc.inc
+ }
+
+!endif
diff --git a/OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc
new file mode 100644
index 000000000000..be1647397a60
--- /dev/null
+++ b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc
@@ -0,0 +1,18 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+# mostly following CryptoPkg/Readme.md recommendations
+##
+
+!if $(SMM_USE_CRYPTO_DRIVER) == TRUE && $(SMM_REQUIRE) == TRUE
+
+ CryptoPkg/Driver/CryptoSmm.inf {
+ <LibraryClasses>
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+ TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+ <PcdsFixedAtBuild>
+!include CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc
+ }
+
+!endif
diff --git a/OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc b/OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc
new file mode 100644
index 000000000000..f005f593b4eb
--- /dev/null
+++ b/OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc
@@ -0,0 +1,7 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+ DEFINE PEI_USE_CRYPTO_DRIVER = FALSE
+ DEFINE SMM_USE_CRYPTO_DRIVER = TRUE
+ DEFINE DXE_USE_CRYPTO_DRIVER = TRUE
diff --git a/OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc b/OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc
new file mode 100644
index 000000000000..f9fdf36c1dab
--- /dev/null
+++ b/OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc
@@ -0,0 +1,72 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+# mostly following CryptoPkg/Readme.md recommendations
+##
+
+[LibraryClasses]
+ HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
+ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+
+[LibraryClasses.common.SEC]
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
+ TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+
+[LibraryClasses.common.DXE_RUNTIME_DRIVER]
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
+ TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+
+
+!if $(PEI_USE_CRYPTO_DRIVER) == TRUE
+
+[LibraryClasses.common.PEIM]
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/PeiCryptLib.inf
+ TlsLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/PeiCryptLib.inf
+
+!else
+
+[LibraryClasses.common.PEIM]
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+ TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+
+!endif
+
+
+!if $(SMM_USE_CRYPTO_DRIVER) == TRUE
+
+[LibraryClasses.common.DXE_SMM_DRIVER]
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptLib.inf
+ TlsLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptLib.inf
+
+!else
+
+[LibraryClasses.common.DXE_SMM_DRIVER]
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+ TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+
+!endif
+
+
+!if $(DXE_USE_CRYPTO_DRIVER) == TRUE
+
+[LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.UEFI_DRIVER, LibraryClasses.common.UEFI_APPLICATION]
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptLib.inf
+ TlsLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptLib.inf
+
+!else
+
+[LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.UEFI_DRIVER, LibraryClasses.common.UEFI_APPLICATION]
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+!if $(NETWORK_TLS_ENABLE) == TRUE
+ TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+!else
+ TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+!endif
+
+!endif
diff --git a/OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc b/OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc
new file mode 100644
index 000000000000..6fc12ed8656f
--- /dev/null
+++ b/OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc
@@ -0,0 +1,12 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+!if $(DXE_USE_CRYPTO_DRIVER) == TRUE
+INF CryptoPkg/Driver/CryptoDxe.inf
+!endif
+
+!if $(SMM_USE_CRYPTO_DRIVER) == TRUE && $(SMM_REQUIRE) == TRUE
+INF CryptoPkg/Driver/CryptoSmm.inf
+!endif
+
diff --git a/OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc b/OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc
new file mode 100644
index 000000000000..8b42c2da7b2a
--- /dev/null
+++ b/OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc
@@ -0,0 +1,7 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+!if $(PEI_USE_CRYPTO_DRIVER) == TRUE
+INF CryptoPkg/Driver/CryptoPei.inf
+!endif
--
2.39.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#100936): https://edk2.groups.io/g/devel/message/100936
Mute This Topic: https://groups.io/mt/97493574/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list