From: Marc-André Lureau <marcandre.lur...@redhat.com> The library registers a security management handler, to measure images that are not measure in PEI phase.
This seems to work for example with the qemu PXE rom: Loading driver at 0x0003E6C2000 EntryPoint=0x0003E6C9076 8086100e.efi And the following binary_bios_measurements log entry seems to be added: PCR: 2 type: EV_EFI_BOOT_SERVICES_DRIVER size: 0x4e digest: 70a22475e9f18806d2ed9193b48d80d26779d9a4 Cc: Laszlo Ersek <ler...@redhat.com> Cc: Stefan Berger <stef...@linux.vnet.ibm.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Marc-André Lureau <marcandre.lur...@redhat.com> --- OvmfPkg/OvmfPkgX64.dsc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 7753852144fb..9db1712e3623 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -662,6 +662,9 @@ [Components] <LibraryClasses> !if $(SECURE_BOOT_ENABLE) == TRUE NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf +!endif +!if $(TPM2_ENABLE) == TRUE + NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf !endif } -- 2.16.2.346.g9779355e34 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel