From 39596c41c82d9472f8a9f448b435e77afccc23a5 Mon Sep 17 00:00:00 2001 From: Min M Xu Date: Fri, 24 Jun 2022 08:33:58 +0800 Subject: [PATCH] OvmfPkg: Add build-flag SECURE_BOOT_FEATURE_ENABLED SECURE_BOOT_FEATURE_ENABLED is the build-flag defined when secure boot is enabled. Currently this flag is used in below lib: - OvmfPkg/PlatformPei - PeilessStartupLib So it is defined in below 5 .dsc - OvmfPkg/CloudHv/CloudHvX64.dsc - OvmfPkg/IntelTdx/IntelTdxX64.dsc - OvmfPkg/OvmfPkgIa32.dsc - OvmfPkg/OvmfPkgIa32X64.dsc - OvmfPkg/OvmfPkgX64.dsc Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lendacky Cc: Gerd Hoffmann Acked-by: Gerd Hoffmann Signed-off-by: Min Xu Reviewed-by: Jiewen Yao --- OvmfPkg/CloudHv/CloudHvX64.dsc | 9 +++++++++ OvmfPkg/IntelTdx/IntelTdxX64.dsc | 9 +++++++++ OvmfPkg/OvmfPkgIa32.dsc | 9 +++++++++ OvmfPkg/OvmfPkgIa32X64.dsc | 9 +++++++++ OvmfPkg/OvmfPkgX64.dsc | 9 +++++++++ 5 files changed, 45 insertions(+) diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc b/OvmfPkg/CloudHv/CloudHvX64.dsc index f0d700f144..0f0fc9a1de 100644 --- a/OvmfPkg/CloudHv/CloudHvX64.dsc +++ b/OvmfPkg/CloudHv/CloudHvX64.dsc @@ -93,6 +93,15 @@ INTEL:*_*_*_CC_FLAGS = /D DISABLE_NEW_DEPRECATED_INTERFACES GCC:*_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES + # + # SECURE_BOOT_FEATURE_ENABLED + # +!if $(SECURE_BOOT_ENABLE) == TRUE + MSFT:*_*_*_CC_FLAGS = /D SECURE_BOOT_FEATURE_ENABLED + INTEL:*_*_*_CC_FLAGS = /D SECURE_BOOT_FEATURE_ENABLED + GCC:*_*_*_CC_FLAGS = -D SECURE_BOOT_FEATURE_ENABLED +!endif + !include NetworkPkg/NetworkBuildOptions.dsc.inc [BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER] diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc index 1a7ecd503e..c0c1a15b09 100644 --- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc +++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc @@ -85,6 +85,15 @@ INTEL:*_*_*_CC_FLAGS = /D TDX_PEI_LESS_BOOT GCC:*_*_*_CC_FLAGS = -D TDX_PEI_LESS_BOOT + # + # SECURE_BOOT_FEATURE_ENABLED + # +!if $(SECURE_BOOT_ENABLE) == TRUE + MSFT:*_*_*_CC_FLAGS = /D SECURE_BOOT_FEATURE_ENABLED + INTEL:*_*_*_CC_FLAGS = /D SECURE_BOOT_FEATURE_ENABLED + GCC:*_*_*_CC_FLAGS = -D SECURE_BOOT_FEATURE_ENABLED +!endif + [BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER] GCC:*_*_*_DLINK_FLAGS = -z common-page-size=0x1000 XCODE:*_*_*_DLINK_FLAGS = -seg1addr 0x1000 -segalign 0x1000 diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 797a543b95..367ddeb2da 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -94,6 +94,15 @@ INTEL:*_*_*_CC_FLAGS = /D DISABLE_NEW_DEPRECATED_INTERFACES GCC:*_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES + # + # SECURE_BOOT_FEATURE_ENABLED + # +!if $(SECURE_BOOT_ENABLE) == TRUE + MSFT:*_*_*_CC_FLAGS = /D SECURE_BOOT_FEATURE_ENABLED + INTEL:*_*_*_CC_FLAGS = /D SECURE_BOOT_FEATURE_ENABLED + GCC:*_*_*_CC_FLAGS = -D SECURE_BOOT_FEATURE_ENABLED +!endif + !include NetworkPkg/NetworkBuildOptions.dsc.inc [BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER] diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 9b1228e850..37c4c2fadc 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -98,6 +98,15 @@ INTEL:*_*_*_CC_FLAGS = /D DISABLE_NEW_DEPRECATED_INTERFACES GCC:*_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES + # + # SECURE_BOOT_FEATURE_ENABLED + # +!if $(SECURE_BOOT_ENABLE) == TRUE + MSFT:*_*_*_CC_FLAGS = /D SECURE_BOOT_FEATURE_ENABLED + INTEL:*_*_*_CC_FLAGS = /D SECURE_BOOT_FEATURE_ENABLED + GCC:*_*_*_CC_FLAGS = -D SECURE_BOOT_FEATURE_ENABLED +!endif + !include NetworkPkg/NetworkBuildOptions.dsc.inc [BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER] diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 56012fba8e..bd1a104608 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -111,6 +111,15 @@ INTEL:*_*_*_CC_FLAGS = /D TDX_GUEST_SUPPORTED GCC:*_*_*_CC_FLAGS = -D TDX_GUEST_SUPPORTED + # + # SECURE_BOOT_FEATURE_ENABLED + # +!if $(SECURE_BOOT_ENABLE) == TRUE + MSFT:*_*_*_CC_FLAGS = /D SECURE_BOOT_FEATURE_ENABLED + INTEL:*_*_*_CC_FLAGS = /D SECURE_BOOT_FEATURE_ENABLED + GCC:*_*_*_CC_FLAGS = -D SECURE_BOOT_FEATURE_ENABLED +!endif + !include NetworkPkg/NetworkBuildOptions.dsc.inc [BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER]