mirror of
https://git.proxmox.com/git/mirror_edk2
synced 2025-11-04 09:12:31 +00:00
Nt32Pkg: Add Secure Boot build option including Custom Mode setup
If –D SECURE_BOOT_ENABLE is specified with the build command, Secure Boot support is enabled including custom mode setup. This allows Secure Boot to be configured through setup allowing Nt32Pkg to be a fully functional Secure Boot reference platforms. Signed-off-by: lee.g.rosenbaum@intel.com Reviewed-by: jiewen.yao@intel.com git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13186 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
leegrosenbaum
parent
a46c36572d
commit
0ff38cbfa3
41
Nt32Pkg/Library/PlatformSecureLib/PlatformSecureLib.c
Normal file
41
Nt32Pkg/Library/PlatformSecureLib/PlatformSecureLib.c
Normal file
@ -0,0 +1,41 @@
|
||||
/** @file
|
||||
Provides a platform-specific method to enable Secure Boot Custom Mode setup.
|
||||
|
||||
Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
#include <Library/PcdLib.h>
|
||||
|
||||
|
||||
/**
|
||||
|
||||
This function provides a platform-specific method to detect whether the platform
|
||||
is operating by a physically present user.
|
||||
|
||||
Programmatic changing of platform security policy (such as disable Secure Boot,
|
||||
or switch between Standard/Custom Secure Boot mode) MUST NOT be possible during
|
||||
Boot Services or after exiting EFI Boot Services. Only a physically present user
|
||||
is allowed to perform these operations.
|
||||
|
||||
NOTE THAT: This function cannot depend on any EFI Variable Service since they are
|
||||
not available when this function is called in AuthenticateVariable driver.
|
||||
|
||||
@retval TRUE The platform is operated by a physically present user.
|
||||
@retval FALSE The platform is NOT operated by a physically present user.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
UserPhysicalPresent (
|
||||
VOID
|
||||
)
|
||||
{
|
||||
return TRUE;
|
||||
}
|
||||
33
Nt32Pkg/Library/PlatformSecureLib/PlatformSecureLib.inf
Normal file
33
Nt32Pkg/Library/PlatformSecureLib/PlatformSecureLib.inf
Normal file
@ -0,0 +1,33 @@
|
||||
## @file
|
||||
# Provides a platform-specific method to enable Secure Boot Custom Mode setup.
|
||||
#
|
||||
# Copyright (c) 2008 - 2012, Intel Corporation. All rights reserved.<BR>
|
||||
#
|
||||
# This program and the accompanying materials
|
||||
# are licensed and made available under the terms and conditions of the BSD License
|
||||
# which accompanies this distribution. The full text of the license may be found at
|
||||
# http://opensource.org/licenses/bsd-license.php
|
||||
# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
#
|
||||
##
|
||||
|
||||
[Defines]
|
||||
INF_VERSION = 0x00010005
|
||||
BASE_NAME = PlatformSecureLib
|
||||
FILE_GUID = F263EC2A-F0DB-4640-8B12-4ED22A506FB1
|
||||
MODULE_TYPE = DXE_DRIVER
|
||||
VERSION_STRING = 1.0
|
||||
LIBRARY_CLASS = PlatformSecureLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER DXE_DRIVER
|
||||
|
||||
#
|
||||
# The following information is for reference only and not required by the build tools.
|
||||
#
|
||||
# VALID_ARCHITECTURES = IA32 X64 IPF EBC
|
||||
#
|
||||
|
||||
[Sources]
|
||||
PlatformSecureLib.c
|
||||
|
||||
[Packages]
|
||||
MdePkg/MdePkg.dec
|
||||
@ -32,6 +32,11 @@
|
||||
SKUID_IDENTIFIER = DEFAULT
|
||||
FLASH_DEFINITION = Nt32Pkg/Nt32Pkg.fdf
|
||||
|
||||
#
|
||||
# Defines for default states. These can be changed on the command line.
|
||||
# -D FLAG=VALUE
|
||||
#
|
||||
DEFINE SECURE_BOOT_ENABLE = FALSE
|
||||
|
||||
################################################################################
|
||||
#
|
||||
@ -113,6 +118,12 @@
|
||||
PerformanceLib|MdePkg/Library/BasePerformanceLibNull/BasePerformanceLibNull.inf
|
||||
DebugAgentLib|MdeModulePkg/Library/DebugAgentLibNull/DebugAgentLibNull.inf
|
||||
CpuExceptionHandlerLib|MdeModulePkg/Library/CpuExceptionHandlerLibNull/CpuExceptionHandlerLibNull.inf
|
||||
|
||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
PlatformSecureLib|Nt32Pkg/Library/PlatformSecureLib/PlatformSecureLib.inf
|
||||
IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
|
||||
OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
|
||||
!endif
|
||||
|
||||
[LibraryClasses.common.USER_DEFINED]
|
||||
DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf
|
||||
@ -143,6 +154,9 @@
|
||||
[LibraryClasses.common.PEIM]
|
||||
PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
|
||||
OemHookStatusCodeLib|Nt32Pkg/Library/PeiNt32OemHookStatusCodeLib/PeiNt32OemHookStatusCodeLib.inf
|
||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
|
||||
!endif
|
||||
|
||||
[LibraryClasses.common]
|
||||
#
|
||||
@ -157,6 +171,9 @@
|
||||
PeCoffExtraActionLib|Nt32Pkg/Library/DxeNt32PeCoffExtraActionLib/DxeNt32PeCoffExtraActionLib.inf
|
||||
ExtractGuidedSectionLib|MdePkg/Library/DxeExtractGuidedSectionLib/DxeExtractGuidedSectionLib.inf
|
||||
WinNtLib|Nt32Pkg/Library/DxeWinNtLib/DxeWinNtLib.inf
|
||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
|
||||
!endif
|
||||
|
||||
[LibraryClasses.common.DXE_CORE]
|
||||
HobLib|MdePkg/Library/DxeCoreHobLib/DxeCoreHobLib.inf
|
||||
@ -172,6 +189,12 @@
|
||||
[LibraryClasses.common.UEFI_APPLICATION]
|
||||
PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
|
||||
PrintLib|MdeModulePkg/Library/DxePrintLibPrint2Protocol/DxePrintLibPrint2Protocol.inf
|
||||
|
||||
[LibraryClasses.common.DXE_RUNTIME_DRIVER]
|
||||
#
|
||||
# Runtime
|
||||
#
|
||||
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
|
||||
|
||||
################################################################################
|
||||
#
|
||||
@ -194,6 +217,16 @@
|
||||
gEfiNt32PkgTokenSpaceGuid.PcdWinNtFirmwareBlockSize|0x10000
|
||||
gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x0f
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdResetOnMemoryTypeInformationChange|FALSE
|
||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
|
||||
!endif
|
||||
|
||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
# override the default values from SecurityPkg to ensure images from all sources are verified in secure boot
|
||||
gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x05
|
||||
gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy|0x05
|
||||
gEfiSecurityPkgTokenSpaceGuid.PcdRemovableMediaImageVerificationPolicy|0x05
|
||||
!endif
|
||||
|
||||
################################################################################
|
||||
#
|
||||
@ -258,7 +291,13 @@
|
||||
Nt32Pkg/BootModePei/BootModePei.inf
|
||||
Nt32Pkg/StallPei/StallPei.inf
|
||||
Nt32Pkg/WinNtFlashMapPei/WinNtFlashMapPei.inf
|
||||
|
||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
SecurityPkg/VariableAuthenticated/Pei/VariablePei.inf
|
||||
!else
|
||||
MdeModulePkg/Universal/Variable/Pei/VariablePei.inf
|
||||
!endif
|
||||
|
||||
Nt32Pkg/WinNtAutoScanPei/WinNtAutoScanPei.inf
|
||||
Nt32Pkg/WinNtFirmwareVolumePei/WinNtFirmwareVolumePei.inf
|
||||
Nt32Pkg/WinNtThunkPPIToProtocolPei/WinNtThunkPPIToProtocolPei.inf
|
||||
@ -282,7 +321,12 @@
|
||||
Nt32Pkg/ResetRuntimeDxe/ResetRuntimeDxe.inf
|
||||
MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
|
||||
Nt32Pkg/FvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf
|
||||
MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
|
||||
MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {
|
||||
<LibraryClasses>
|
||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
|
||||
!endif
|
||||
}
|
||||
MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.inf
|
||||
MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
|
||||
MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf
|
||||
@ -294,7 +338,12 @@
|
||||
MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/ReportStatusCodeRouterRuntimeDxe.inf
|
||||
MdeModulePkg/Universal/StatusCodeHandler/RuntimeDxe/StatusCodeHandlerRuntimeDxe.inf
|
||||
Nt32Pkg/WinNtOemHookStatusCodeHandlerDxe/WinNtOemHookStatusCodeHandlerDxe.inf
|
||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf
|
||||
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
|
||||
!else
|
||||
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
|
||||
!endif
|
||||
MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
|
||||
MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
|
||||
MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
|
||||
|
||||
@ -74,10 +74,17 @@ DATA = {
|
||||
#Blockmap[1]: End
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
## This is the VARIABLE_STORE_HEADER
|
||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
#Signature: gEfiAuthenticatedVariableGuid =
|
||||
# { 0xaaf32c78, 0x947b, 0x439a, { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 }}
|
||||
0x78, 0x2c, 0xf3, 0xaa, 0x7b, 0x94, 0x9a, 0x43,
|
||||
0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92,
|
||||
!else
|
||||
#Signature: gEfiVariableGuid =
|
||||
# { 0xddcf3616, 0x3275, 0x4164, { 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d }}
|
||||
0x16, 0x36, 0xcf, 0xdd, 0x75, 0x32, 0x64, 0x41,
|
||||
0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d,
|
||||
!endif
|
||||
#Size: 0xc000 (gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize) - 0x48 (size of EFI_FIRMWARE_VOLUME_HEADER) = 0xBFB8
|
||||
# This can speed up the Variable Dispatch a bit.
|
||||
0xB8, 0xBF, 0x00, 0x00,
|
||||
@ -174,7 +181,13 @@ INF Nt32Pkg/StallPei/StallPei.inf
|
||||
INF Nt32Pkg/WinNtFlashMapPei/WinNtFlashMapPei.inf
|
||||
INF Nt32Pkg/WinNtAutoScanPei/WinNtAutoScanPei.inf
|
||||
INF Nt32Pkg/WinNtFirmwareVolumePei/WinNtFirmwareVolumePei.inf
|
||||
|
||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
INF SecurityPkg/VariableAuthenticated/Pei/VariablePei.inf
|
||||
!else
|
||||
INF MdeModulePkg/Universal/Variable/Pei/VariablePei.inf
|
||||
!endif
|
||||
|
||||
INF Nt32Pkg/WinNtThunkPPIToProtocolPei/WinNtThunkPPIToProtocolPei.inf
|
||||
INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
|
||||
|
||||
@ -202,7 +215,12 @@ INF Nt32Pkg/TimerDxe/TimerDxe.inf
|
||||
INF MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/ReportStatusCodeRouterRuntimeDxe.inf
|
||||
INF MdeModulePkg/Universal/StatusCodeHandler/RuntimeDxe/StatusCodeHandlerRuntimeDxe.inf
|
||||
INF Nt32Pkg/WinNtOemHookStatusCodeHandlerDxe/WinNtOemHookStatusCodeHandlerDxe.inf
|
||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
INF SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf
|
||||
INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
|
||||
!else
|
||||
INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
|
||||
!endif
|
||||
INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
|
||||
INF MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
|
||||
INF MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
|
||||
|
||||
Loading…
Reference in New Issue
Block a user