ArmPlatformPkg/ArmVExpress-FVP: enable UEFI Secure Boot

This allows the FVP target to be built with UEFI Secure Boot enabled, by passing -D SECURE_BOOT_ENABLE to the build command line. Note that this requires the Intel BDS, or you will not be able to enroll certificates, since the ARM BDS does not provide a GUI to do so. The FVP Base model is recommended in this case, since the certificate store is kept in NOR flash. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Ryan Harkin <ryan.harkin@linaro.org> Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18379 6f19259b-4bc3-4df7-8a09-765794883524
author: Ard Biesheuvel <ard.biesheuvel@linaro.org> 2015-09-01 17:29:23 +0000
committer: abiesheuvel <abiesheuvel@Edk2> 2015-09-01 17:29:23 +0000
commit: 465be78e4d7c2ac2c21e5a673afa323d097a4a7b (patch)
tree: 21d47aebcae76e83589540d1783d3a865d7c404d /ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-FVP-AArch64.dsc
parent: f46ac5fb69a31713b551cfade6f42aa6a8996d80 (diff)
download: edk2-465be78e4d7c2ac2c21e5a673afa323d097a4a7b.tar.gz
1 files changed, 12 insertions, 0 deletions
diff --git a/ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-FVP-AArch64.dsc b/ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-FVP-AArch64.dsc
index 159194c8c..ec29e65e3 100644
--- a/ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-FVP-AArch64.dsc
+++ b/ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-FVP-AArch64.dsc
@@ -251,7 +251,15 @@
   #
   ArmPkg/Drivers/CpuDxe/CpuDxe.inf
   MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
+!if $(SECURE_BOOT_ENABLE) == TRUE
+  MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {
+    <LibraryClasses>
+      NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
+  }
+  SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
+!else
   MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
+!endif
   MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
   MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf {
     <LibraryClasses>
@@ -272,7 +280,11 @@
   MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
 
   ArmPkg/Drivers/ArmGic/ArmGicDxe.inf
+!if $(SECURE_BOOT_ENABLE) == TRUE
+  ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashAuthenticatedDxe.inf
+!else
   ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf
+!endif
   ArmPkg/Drivers/TimerDxe/TimerDxe.inf
   ArmPlatformPkg/Drivers/LcdGraphicsOutputDxe/PL111LcdGraphicsOutputDxe.inf
   ArmPlatformPkg/Drivers/SP805WatchdogDxe/SP805WatchdogDxe.inf
author	Ard Biesheuvel <ard.biesheuvel@linaro.org>	2015-09-01 17:29:23 +0000
committer	abiesheuvel <abiesheuvel@Edk2>	2015-09-01 17:29:23 +0000
commit	465be78e4d7c2ac2c21e5a673afa323d097a4a7b (patch)
tree	21d47aebcae76e83589540d1783d3a865d7c404d /ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-FVP-AArch64.dsc
parent	f46ac5fb69a31713b551cfade6f42aa6a8996d80 (diff)
download	edk2-465be78e4d7c2ac2c21e5a673afa323d097a4a7b.tar.gz