Revision: 19034
http://sourceforge.net/p/edk2/code/19034
Author: lersek
Date: 2015-11-30 18:41:10 +0000 (Mon, 30 Nov 2015)
Log Message:
-----------
OvmfPkg: introduce -D SMM_REQUIRE and PcdSmmSmramRequire
This build time flag and corresponding Feature PCD will control whether
OVMF supports (and, equivalently, requires) SMM/SMRAM support from QEMU.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <[email protected]>
Reviewed-by: Jordan Justen <[email protected]>
Modified Paths:
--------------
trunk/edk2/OvmfPkg/OvmfPkg.dec
trunk/edk2/OvmfPkg/OvmfPkgIa32.dsc
trunk/edk2/OvmfPkg/OvmfPkgIa32X64.dsc
trunk/edk2/OvmfPkg/OvmfPkgX64.dsc
Modified: trunk/edk2/OvmfPkg/OvmfPkg.dec
===================================================================
--- trunk/edk2/OvmfPkg/OvmfPkg.dec 2015-11-30 08:57:26 UTC (rev 19033)
+++ trunk/edk2/OvmfPkg/OvmfPkg.dec 2015-11-30 18:41:10 UTC (rev 19034)
@@ -117,3 +117,13 @@
gUefiOvmfPkgTokenSpaceGuid.PcdSecureBootEnable|FALSE|BOOLEAN|3
gUefiOvmfPkgTokenSpaceGuid.PcdQemuBootOrderPciTranslation|TRUE|BOOLEAN|0x1c
gUefiOvmfPkgTokenSpaceGuid.PcdQemuBootOrderMmioTranslation|FALSE|BOOLEAN|0x1d
+
+ ## This feature flag enables SMM/SMRAM support. Note that it also requires
+ # such support from the underlying QEMU instance; if that support is not
+ # present, the firmware will reject continuing after a certain point.
+ #
+ # The flag also acts as a general "security switch"; when TRUE, many
+ # components will change behavior, with the goal of preventing a malicious
+ # runtime OS from tampering with firmware structures (special memory ranges
+ # used by OVMF, the varstore pflash chip, LockBox etc).
+ gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire|FALSE|BOOLEAN|0x1e
Modified: trunk/edk2/OvmfPkg/OvmfPkgIa32.dsc
===================================================================
--- trunk/edk2/OvmfPkg/OvmfPkgIa32.dsc 2015-11-30 08:57:26 UTC (rev 19033)
+++ trunk/edk2/OvmfPkg/OvmfPkgIa32.dsc 2015-11-30 18:41:10 UTC (rev 19034)
@@ -36,6 +36,7 @@
DEFINE SECURE_BOOT_ENABLE = FALSE
DEFINE NETWORK_IP6_ENABLE = FALSE
DEFINE HTTP_BOOT_ENABLE = FALSE
+ DEFINE SMM_REQUIRE = FALSE
[BuildOptions]
GCC:*_UNIXGCC_*_CC_FLAGS = -DMDEPKG_NDEBUG
@@ -310,6 +311,9 @@
!if $(SECURE_BOOT_ENABLE) == TRUE
gUefiOvmfPkgTokenSpaceGuid.PcdSecureBootEnable|TRUE
!endif
+!if $(SMM_REQUIRE) == TRUE
+ gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire|TRUE
+!endif
[PcdsFixedAtBuild]
gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeMemorySize|1
Modified: trunk/edk2/OvmfPkg/OvmfPkgIa32X64.dsc
===================================================================
--- trunk/edk2/OvmfPkg/OvmfPkgIa32X64.dsc 2015-11-30 08:57:26 UTC (rev
19033)
+++ trunk/edk2/OvmfPkg/OvmfPkgIa32X64.dsc 2015-11-30 18:41:10 UTC (rev
19034)
@@ -36,6 +36,7 @@
DEFINE SECURE_BOOT_ENABLE = FALSE
DEFINE NETWORK_IP6_ENABLE = FALSE
DEFINE HTTP_BOOT_ENABLE = FALSE
+ DEFINE SMM_REQUIRE = FALSE
[BuildOptions]
GCC:*_UNIXGCC_*_CC_FLAGS = -DMDEPKG_NDEBUG
@@ -315,6 +316,9 @@
!if $(SECURE_BOOT_ENABLE) == TRUE
gUefiOvmfPkgTokenSpaceGuid.PcdSecureBootEnable|TRUE
!endif
+!if $(SMM_REQUIRE) == TRUE
+ gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire|TRUE
+!endif
[PcdsFixedAtBuild]
gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeMemorySize|1
Modified: trunk/edk2/OvmfPkg/OvmfPkgX64.dsc
===================================================================
--- trunk/edk2/OvmfPkg/OvmfPkgX64.dsc 2015-11-30 08:57:26 UTC (rev 19033)
+++ trunk/edk2/OvmfPkg/OvmfPkgX64.dsc 2015-11-30 18:41:10 UTC (rev 19034)
@@ -36,6 +36,7 @@
DEFINE SECURE_BOOT_ENABLE = FALSE
DEFINE NETWORK_IP6_ENABLE = FALSE
DEFINE HTTP_BOOT_ENABLE = FALSE
+ DEFINE SMM_REQUIRE = FALSE
[BuildOptions]
GCC:*_UNIXGCC_*_CC_FLAGS = -DMDEPKG_NDEBUG
@@ -315,6 +316,9 @@
!if $(SECURE_BOOT_ENABLE) == TRUE
gUefiOvmfPkgTokenSpaceGuid.PcdSecureBootEnable|TRUE
!endif
+!if $(SMM_REQUIRE) == TRUE
+ gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire|TRUE
+!endif
[PcdsFixedAtBuild]
gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeMemorySize|1
------------------------------------------------------------------------------
Go from Idea to Many App Stores Faster with Intel(R) XDK
Give your users amazing mobile app experiences with Intel(R) XDK.
Use one codebase in this all-in-one HTML5 development environment.
Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140
_______________________________________________
edk2-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/edk2-commits
