Revision: 16191
http://sourceforge.net/p/edk2/code/16191
Author: lersek
Date: 2014-10-02 08:08:05 +0000 (Thu, 02 Oct 2014)
Log Message:
-----------
OvmfPkg: disable stale fork of SecureBootConfigDxe
OvmfPkg forked SecureBootConfigDxe from SecurityPkg in SVN r13635 (git
commit 8c71ec8f). Since then, the original (in
"SecurityPkg/VariableAuthenticated/SecureBootConfigDxe") has diverged
significantly.
The initial diff between the original and the fork, when the fork was made
(ie. at SVN r13635), reads as follows:
> diff -ur
> SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr
> OvmfPkg/SecureBootConfigDxe/SecureBootConfig.vfr
> ---
> SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr
> 2014-09-30 23:35:28.598067147 +0200
> +++ OvmfPkg/SecureBootConfigDxe/SecureBootConfig.vfr 2014-08-09
> 02:40:35.824851626 +0200
> @@ -51,7 +51,7 @@
> questionid = KEY_SECURE_BOOT_ENABLE,
> prompt = STRING_TOKEN(STR_SECURE_BOOT_PROMPT),
> help = STRING_TOKEN(STR_SECURE_BOOT_HELP),
> - flags = INTERACTIVE | RESET_REQUIRED,
> + flags = INTERACTIVE,
> endcheckbox;
> endif;
>
> @@ -158,7 +158,7 @@
> questionid = KEY_SECURE_BOOT_DELETE_PK,
> prompt = STRING_TOKEN(STR_DELETE_PK),
> help = STRING_TOKEN(STR_DELETE_PK_HELP),
> - flags = INTERACTIVE | RESET_REQUIRED,
> + flags = INTERACTIVE,
> endcheckbox;
> endif;
> endform;
> diff -ur
> SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
> OvmfPkg/SecureBootConfigDxe/SecureBootConfigDxe.inf
> ---
> SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
> 2014-09-30 23:35:28.598067147 +0200
> +++ OvmfPkg/SecureBootConfigDxe/SecureBootConfigDxe.inf 2014-09-30
> 23:35:28.577067027 +0200
> @@ -1,5 +1,8 @@
> ## @file
> -# Component name for SecureBoot configuration module.
> +# Component name for SecureBoot configuration module for OVMF.
> +#
> +# Need custom SecureBootConfigDxe for OVMF that does not force
> +# resets after PK changes since OVMF doesn't have persistent variables
> #
> # Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.<BR>
> # This program and the accompanying materials
> diff -ur
> SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
> OvmfPkg/SecureBootConfigDxe/SecureBootConfigImpl.c
> ---
> SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
> 2014-09-30 23:35:28.599067153 +0200
> +++ OvmfPkg/SecureBootConfigDxe/SecureBootConfigImpl.c 2014-09-30
> 23:35:28.578067033 +0200
> @@ -2559,7 +2559,7 @@
> NULL
> );
> } else {
> - *ActionRequest = EFI_BROWSER_ACTION_REQUEST_RESET;
> + *ActionRequest = EFI_BROWSER_ACTION_REQUEST_SUBMIT;
> }
> break;
The commit message is not overly verbose:
OvmfPkg: Add custom SecureBootConfigDxe that doesn't reset
We don't force a platform reset for OVMF when PK is changed in custom
mode setup.
But the INF file hunk is telling:
Need custom SecureBootConfigDxe for OVMF that does not force resets
after PK changes since OVMF doesn't have persistent variables
We do have persistent variables now. Let's disable the (now obsolete)
OvmfPkg fork, and revert to the (well maintained) SecurityPkg-provided
config driver.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <[email protected]>
Reviewed-by: Jordan Justen <[email protected]>
Tested-by: Gary Lin <[email protected]>
Revision Links:
--------------
http://sourceforge.net/p/edk2/code/13635
http://sourceforge.net/p/edk2/code/13635
Modified Paths:
--------------
trunk/edk2/OvmfPkg/OvmfPkgIa32.dsc
trunk/edk2/OvmfPkg/OvmfPkgIa32.fdf
trunk/edk2/OvmfPkg/OvmfPkgIa32X64.dsc
trunk/edk2/OvmfPkg/OvmfPkgIa32X64.fdf
trunk/edk2/OvmfPkg/OvmfPkgX64.dsc
trunk/edk2/OvmfPkg/OvmfPkgX64.fdf
trunk/edk2/OvmfPkg/README
Modified: trunk/edk2/OvmfPkg/OvmfPkgIa32.dsc
===================================================================
--- trunk/edk2/OvmfPkg/OvmfPkgIa32.dsc 2014-09-30 00:59:04 UTC (rev 16190)
+++ trunk/edk2/OvmfPkg/OvmfPkgIa32.dsc 2014-10-02 08:08:05 UTC (rev 16191)
@@ -562,7 +562,7 @@
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
}
- OvmfPkg/SecureBootConfigDxe/SecureBootConfigDxe.inf
+ SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
!endif
OvmfPkg/PlatformDxe/Platform.inf
Modified: trunk/edk2/OvmfPkg/OvmfPkgIa32.fdf
===================================================================
--- trunk/edk2/OvmfPkg/OvmfPkgIa32.fdf 2014-09-30 00:59:04 UTC (rev 16190)
+++ trunk/edk2/OvmfPkg/OvmfPkgIa32.fdf 2014-10-02 08:08:05 UTC (rev 16191)
@@ -230,7 +230,7 @@
!if $(SECURE_BOOT_ENABLE) == TRUE
INF SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf
- INF OvmfPkg/SecureBootConfigDxe/SecureBootConfigDxe.inf
+ INF
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
!else
INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
!endif
Modified: trunk/edk2/OvmfPkg/OvmfPkgIa32X64.dsc
===================================================================
--- trunk/edk2/OvmfPkg/OvmfPkgIa32X64.dsc 2014-09-30 00:59:04 UTC (rev
16190)
+++ trunk/edk2/OvmfPkg/OvmfPkgIa32X64.dsc 2014-10-02 08:08:05 UTC (rev
16191)
@@ -569,7 +569,7 @@
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
}
- OvmfPkg/SecureBootConfigDxe/SecureBootConfigDxe.inf
+ SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
!endif
OvmfPkg/PlatformDxe/Platform.inf
Modified: trunk/edk2/OvmfPkg/OvmfPkgIa32X64.fdf
===================================================================
--- trunk/edk2/OvmfPkg/OvmfPkgIa32X64.fdf 2014-09-30 00:59:04 UTC (rev
16190)
+++ trunk/edk2/OvmfPkg/OvmfPkgIa32X64.fdf 2014-10-02 08:08:05 UTC (rev
16191)
@@ -230,7 +230,7 @@
!if $(SECURE_BOOT_ENABLE) == TRUE
INF SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf
- INF OvmfPkg/SecureBootConfigDxe/SecureBootConfigDxe.inf
+ INF
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
!else
INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
!endif
Modified: trunk/edk2/OvmfPkg/OvmfPkgX64.dsc
===================================================================
--- trunk/edk2/OvmfPkg/OvmfPkgX64.dsc 2014-09-30 00:59:04 UTC (rev 16190)
+++ trunk/edk2/OvmfPkg/OvmfPkgX64.dsc 2014-10-02 08:08:05 UTC (rev 16191)
@@ -567,7 +567,7 @@
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
}
- OvmfPkg/SecureBootConfigDxe/SecureBootConfigDxe.inf
+ SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
!endif
OvmfPkg/PlatformDxe/Platform.inf
Modified: trunk/edk2/OvmfPkg/OvmfPkgX64.fdf
===================================================================
--- trunk/edk2/OvmfPkg/OvmfPkgX64.fdf 2014-09-30 00:59:04 UTC (rev 16190)
+++ trunk/edk2/OvmfPkg/OvmfPkgX64.fdf 2014-10-02 08:08:05 UTC (rev 16191)
@@ -230,7 +230,7 @@
!if $(SECURE_BOOT_ENABLE) == TRUE
INF SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf
- INF OvmfPkg/SecureBootConfigDxe/SecureBootConfigDxe.inf
+ INF
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
!else
INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
!endif
Modified: trunk/edk2/OvmfPkg/README
===================================================================
--- trunk/edk2/OvmfPkg/README 2014-09-30 00:59:04 UTC (rev 16190)
+++ trunk/edk2/OvmfPkg/README 2014-10-02 08:08:05 UTC (rev 16191)
@@ -66,6 +66,8 @@
- Option 1: QEMU 1.6 or newer; Use QEMU -pflash parameter
* QEMU/OVMF will use emulated flash, and fully support UEFI variables
* Run qemu with: -pflash path/to/OVMF.fd
+ * Note that this option is required for running SecureBoot-enabled builds
+ (-D SECURE_BOOT_ENABLE).
- Option 2: Use QEMU -bios parameter
* Note that UEFI variables will be partially emulated, and non-volatile
variables may lose their contents after a reboot
------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
edk2-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/edk2-commits
