summaryrefslogtreecommitdiff
path: root/ArmPlatformPkg/ArmVirtualizationPkg/ArmVirtualization.dsc.inc
diff options
context:
space:
mode:
Diffstat (limited to 'ArmPlatformPkg/ArmVirtualizationPkg/ArmVirtualization.dsc.inc')
-rw-r--r--ArmPlatformPkg/ArmVirtualizationPkg/ArmVirtualization.dsc.inc24
1 files changed, 24 insertions, 0 deletions
diff --git a/ArmPlatformPkg/ArmVirtualizationPkg/ArmVirtualization.dsc.inc b/ArmPlatformPkg/ArmVirtualizationPkg/ArmVirtualization.dsc.inc
index 59a08640ae..2fa0aeba19 100644
--- a/ArmPlatformPkg/ArmVirtualizationPkg/ArmVirtualization.dsc.inc
+++ b/ArmPlatformPkg/ArmVirtualizationPkg/ArmVirtualization.dsc.inc
@@ -113,6 +113,19 @@
XenIoMmioLib|OvmfPkg/Library/XenIoMmioLib/XenIoMmioLib.inf
+ #
+ # Secure Boot dependencies
+ #
+!if $(SECURE_BOOT_ENABLE) == TRUE
+ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+ TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+
+ # re-use the UserPhysicalPresent() dummy implementation from the ovmf tree
+ PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
+!endif
+
[LibraryClasses.common.SEC]
PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
ArmPlatformSecExtraActionLib|ArmPlatformPkg/Library/DebugSecExtraActionLib/DebugSecExtraActionLib.inf
@@ -198,6 +211,10 @@
ReportStatusCodeLib|IntelFrameworkModulePkg/Library/DxeReportStatusCodeLibFramework/DxeReportStatusCodeLib.inf
CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf
+!if $(SECURE_BOOT_ENABLE) == TRUE
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
+!endif
+
[LibraryClasses.ARM]
#
# It is not possible to prevent the ARM compiler for generic intrinsic functions.
@@ -324,6 +341,13 @@
#
gArmTokenSpaceGuid.PcdArmUncachedMemoryMask|0x0000000000000000
+!if $(SECURE_BOOT_ENABLE) == TRUE
+ # override the default values from SecurityPkg to ensure images from all sources are verified in secure boot
+ gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x04
+ gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy|0x04
+ gEfiSecurityPkgTokenSpaceGuid.PcdRemovableMediaImageVerificationPolicy|0x04
+!endif
+
[Components.common]
#
# Networking stack
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-13 13:41:41 +0000