When -D SMM_REQUIRE is given, replace both - OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf and - OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.inf with - OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf.
The outermost (= runtime DXE driver) VariableSmmRuntimeDxe enters SMM, and the rest: - the privileged half of the variable driver, VariableSmm, - the fault tolerant write driver, FaultTolerantWriteSmm, - and the FVB driver, FvbServicesSmm, work in SMM purely. We also resolve the BaseCryptLib class for DXE_SMM_DRIVER modules, for the authenticated VariableSmm driver's sake. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <[email protected]> --- OvmfPkg/OvmfPkgIa32.dsc | 15 +++++++++++++-- OvmfPkg/OvmfPkgIa32.fdf | 16 ++++++++++++++-- OvmfPkg/OvmfPkgIa32X64.dsc | 15 +++++++++++++-- OvmfPkg/OvmfPkgIa32X64.fdf | 16 ++++++++++++++-- OvmfPkg/OvmfPkgX64.dsc | 15 +++++++++++++-- OvmfPkg/OvmfPkgX64.fdf | 16 ++++++++++++++-- 6 files changed, 81 insertions(+), 12 deletions(-) diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 23761e1..e3c0a2f 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -298,6 +298,7 @@ [LibraryClasses.common.DXE_SMM_DRIVER] !else DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf !endif + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf [LibraryClasses.common.SMM_CORE] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf @@ -697,10 +698,19 @@ [Components] <LibraryClasses> SmmCpuPlatformHookLib|OvmfPkg/QuarkPort/Library/SmmCpuPlatformHookLibNull/SmmCpuPlatformHookLibNull.inf } -!endif # - # Variable driver stack + # Variable driver stack (SMM) + # + OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf + MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.inf + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf + +!else + + # + # Variable driver stack (non-SMM) # OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.inf { @@ -709,3 +719,4 @@ [Components] } MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf +!endif diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf index 881aeff..3f13ad7 100644 --- a/OvmfPkg/OvmfPkgIa32.fdf +++ b/OvmfPkg/OvmfPkgIa32.fdf @@ -199,7 +199,9 @@ [FV.DXEFV] APRIORI DXE { INF MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf +!if $(SMM_REQUIRE) == FALSE INF OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf +!endif } # @@ -353,15 +355,25 @@ [FV.DXEFV] INF UefiCpuPkg/CpuIo2Smm/CpuIo2Smm.inf INF MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.inf INF OvmfPkg/QuarkPort/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf -!endif # -# Variable driver stack +# Variable driver stack (SMM) +# +INF OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf +INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.inf +INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf +INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf + +!else + +# +# Variable driver stack (non-SMM) # INF OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf INF OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.inf INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf +!endif ################################################################################ diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 76f331d..c9d1ad5 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -303,6 +303,7 @@ [LibraryClasses.common.DXE_SMM_DRIVER] !else DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf !endif + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf [LibraryClasses.common.SMM_CORE] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf @@ -704,10 +705,19 @@ [Components.X64] <LibraryClasses> SmmCpuPlatformHookLib|OvmfPkg/QuarkPort/Library/SmmCpuPlatformHookLibNull/SmmCpuPlatformHookLibNull.inf } -!endif # - # Variable driver stack + # Variable driver stack (SMM) + # + OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf + MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.inf + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf + +!else + + # + # Variable driver stack (non-SMM) # OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.inf { @@ -716,3 +726,4 @@ [Components.X64] } MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf +!endif diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf index 76c1f97..ec57da6 100644 --- a/OvmfPkg/OvmfPkgIa32X64.fdf +++ b/OvmfPkg/OvmfPkgIa32X64.fdf @@ -199,7 +199,9 @@ [FV.DXEFV] APRIORI DXE { INF MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf +!if $(SMM_REQUIRE) == FALSE INF OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf +!endif } # @@ -353,15 +355,25 @@ [FV.DXEFV] INF UefiCpuPkg/CpuIo2Smm/CpuIo2Smm.inf INF MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.inf INF OvmfPkg/QuarkPort/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf -!endif # -# Variable driver stack +# Variable driver stack (SMM) +# +INF OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf +INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.inf +INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf +INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf + +!else + +# +# Variable driver stack (non-SMM) # INF OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf INF OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.inf INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf +!endif ################################################################################ diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index d889fb7..bff8456 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -303,6 +303,7 @@ [LibraryClasses.common.DXE_SMM_DRIVER] !else DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf !endif + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf [LibraryClasses.common.SMM_CORE] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf @@ -702,10 +703,19 @@ [Components] <LibraryClasses> SmmCpuPlatformHookLib|OvmfPkg/QuarkPort/Library/SmmCpuPlatformHookLibNull/SmmCpuPlatformHookLibNull.inf } -!endif # - # Variable driver stack + # Variable driver stack (SMM) + # + OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf + MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.inf + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf + +!else + + # + # Variable driver stack (non-SMM) # OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.inf { @@ -714,3 +724,4 @@ [Components] } MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf +!endif diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index ef6011b..0aea6b4 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -199,7 +199,9 @@ [FV.DXEFV] APRIORI DXE { INF MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf +!if $(SMM_REQUIRE) == FALSE INF OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf +!endif } # @@ -353,15 +355,25 @@ [FV.DXEFV] INF UefiCpuPkg/CpuIo2Smm/CpuIo2Smm.inf INF MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.inf INF OvmfPkg/QuarkPort/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf -!endif # -# Variable driver stack +# Variable driver stack (SMM) +# +INF OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf +INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.inf +INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf +INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf + +!else + +# +# Variable driver stack (non-SMM) # INF OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf INF OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.inf INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf +!endif ################################################################################ -- 1.8.3.1 _______________________________________________ edk2-devel mailing list [email protected] https://lists.01.org/mailman/listinfo/edk2-devel
