Create include files for crypto support, so the configuration can be
shared for all OVMF build variants. Also add support for using the
Crypto Driver.
The Crypto Driver is enabled by default and can be disabled by setting
USE_CRYPTO_DRIVER to FALSE. The config option is intended to be
temporary and will probably stay for one or two releases as fallback,
then be removed.
The configuration follows mostly the recommendations given in
CryptoPkg/Readme.md, with some minor exceptions like only compiling
TLS support in case NETWORK_TLS_ENABLE is TRUE.
Signed-off-by: Gerd Hoffmann <kra...@redhat.com>
---
.../Dsc/OvmfCryptoComponentsDxe.dsc.inc | 23 ++++++++
.../Dsc/OvmfCryptoComponentsPei.dsc.inc | 19 +++++++
.../Dsc/OvmfCryptoComponentsSmm.dsc.inc | 18 ++++++
OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc | 5 ++
OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc | 57 +++++++++++++++++++
OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc | 12 ++++
OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc | 9 +++
7 files changed, 143 insertions(+)
create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc
create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc
create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc
create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc
create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc
create mode 100644 OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc
create mode 100644 OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc
diff --git a/OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc
b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc
new file mode 100644
index 000000000000..46518cdd33a7
--- /dev/null
+++ b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc
@@ -0,0 +1,23 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+# mostly following CryptoPkg/Readme.md recommendations
+##
+
+!if $(USE_CRYPTO_DRIVER) == TRUE
+
+ CryptoPkg/Driver/CryptoDxe.inf {
+ <LibraryClasses>
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+!if $(NETWORK_TLS_ENABLE) == TRUE
+ TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+!else
+ TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+!endif
+ <PcdsFixedAtBuild>
+!include CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc
+ }
+
+!endif
diff --git a/OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc
b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc
new file mode 100644
index 000000000000..3cfe541315ca
--- /dev/null
+++ b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc
@@ -0,0 +1,19 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+# mostly following CryptoPkg/Readme.md recommendations
+##
+
+!if $(USE_CRYPTO_DRIVER) == TRUE
+
+ CryptoPkg/Driver/CryptoPei.inf {
+ <LibraryClasses>
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+ TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+ <PcdsFixedAtBuild>
+#!include CryptoPkg/Include/Dsc/CryptoServicePcd.min_pei.dsc.inc
+!include CryptoPkg/Include/Dsc/CryptoServicePcd.hash_only.dsc.inc
+ }
+
+!endif
diff --git a/OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc
b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc
new file mode 100644
index 000000000000..ca64ea8e5b26
--- /dev/null
+++ b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc
@@ -0,0 +1,18 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+# mostly following CryptoPkg/Readme.md recommendations
+##
+
+!if $(USE_CRYPTO_DRIVER) == TRUE && $(SMM_REQUIRE) == TRUE
+
+ CryptoPkg/Driver/CryptoSmm.inf {
+ <LibraryClasses>
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+ TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+ <PcdsFixedAtBuild>
+!include CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc
+ }
+
+!endif
diff --git a/OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc
b/OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc
new file mode 100644
index 000000000000..42934c3d3855
--- /dev/null
+++ b/OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc
@@ -0,0 +1,5 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+ DEFINE USE_CRYPTO_DRIVER = TRUE
diff --git a/OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc
b/OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc
new file mode 100644
index 000000000000..4f979274a61e
--- /dev/null
+++ b/OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc
@@ -0,0 +1,57 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+# mostly following CryptoPkg/Readme.md recommendations
+##
+
+[LibraryClasses]
+ HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
+ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+
+[LibraryClasses.common.SEC]
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
+ TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+
+[LibraryClasses.common.DXE_RUNTIME_DRIVER]
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
+ TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+
+!if $(USE_CRYPTO_DRIVER) == TRUE
+
+[LibraryClasses.common.PEIM]
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/PeiCryptLib.inf
+ TlsLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/PeiCryptLib.inf
+
+[LibraryClasses.common.DXE_SMM_DRIVER]
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptLib.inf
+ TlsLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptLib.inf
+
+[LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.UEFI_DRIVER,
LibraryClasses.common.UEFI_APPLICATION]
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptLib.inf
+ TlsLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptLib.inf
+
+!else
+
+[LibraryClasses.common]
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+!if $(NETWORK_TLS_ENABLE) == TRUE
+ TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+!else
+ TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+!endif
+
+[LibraryClasses.common.PEIM]
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+ TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+
+[LibraryClasses.common.DXE_SMM_DRIVER]
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+ TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+
+!endif
diff --git a/OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc
b/OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc
new file mode 100644
index 000000000000..ad425a7acfaf
--- /dev/null
+++ b/OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc
@@ -0,0 +1,12 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+!if $(USE_CRYPTO_DRIVER) == TRUE
+
+INF CryptoPkg/Driver/CryptoDxe.inf
+!if $(SMM_REQUIRE) == TRUE
+INF CryptoPkg/Driver/CryptoSmm.inf
+!endif
+
+!endif
diff --git a/OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc
b/OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc
new file mode 100644
index 000000000000..7c357d748acb
--- /dev/null
+++ b/OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc
@@ -0,0 +1,9 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+!if $(USE_CRYPTO_DRIVER) == TRUE
+
+INF CryptoPkg/Driver/CryptoPei.inf
+
+!endif
--
2.39.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#99879): https://edk2.groups.io/g/devel/message/99879
Mute This Topic: https://groups.io/mt/96850399/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
