From 2286ed0d42f8c80e2702082c1b546ff6698a4d34 Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Fri, 24 May 2024 12:51:17 +0200 Subject: [PATCH] OvmfPkg: wire up RngDxe Add OvmfRng include snippets with the random number generator configuration for OVMF. Include RngDxe, build with BaseRngLib, so the rdrand instruction is used (if available). Also move VirtioRng to the include snippets. Use the new include snippets for OVMF builds. Signed-off-by: Gerd Hoffmann --- OvmfPkg/AmdSev/AmdSevX64.dsc | 2 +- OvmfPkg/AmdSev/AmdSevX64.fdf | 2 +- OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc | 9 +++++++++ OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc | 6 ++++++ OvmfPkg/IntelTdx/IntelTdxX64.dsc | 2 +- OvmfPkg/IntelTdx/IntelTdxX64.fdf | 2 +- OvmfPkg/Microvm/MicrovmX64.dsc | 2 +- OvmfPkg/Microvm/MicrovmX64.fdf | 2 +- OvmfPkg/OvmfPkgIa32.dsc | 2 +- OvmfPkg/OvmfPkgIa32.fdf | 2 +- OvmfPkg/OvmfPkgIa32X64.dsc | 2 +- OvmfPkg/OvmfPkgIa32X64.fdf | 2 +- OvmfPkg/OvmfPkgX64.dsc | 2 +- OvmfPkg/OvmfPkgX64.fdf | 2 +- 14 files changed, 27 insertions(+), 12 deletions(-) create mode 100644 OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc create mode 100644 OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc index 782218a58f..c525ecac6c 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc @@ -646,7 +646,6 @@ OvmfPkg/Virtio10Dxe/Virtio10.inf OvmfPkg/VirtioBlkDxe/VirtioBlk.inf OvmfPkg/VirtioScsiDxe/VirtioScsi.inf - OvmfPkg/VirtioRngDxe/VirtioRng.inf !if $(PVSCSI_ENABLE) == TRUE OvmfPkg/PvScsiDxe/PvScsiDxe.inf !endif @@ -730,6 +729,7 @@ OvmfPkg/AmdSev/Grub/Grub.inf !include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc +!include OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc OvmfPkg/PlatformDxe/Platform.inf OvmfPkg/AmdSevDxe/AmdSevDxe.inf { diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf index 595945181c..70e6434b09 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.fdf +++ b/OvmfPkg/AmdSev/AmdSevX64.fdf @@ -228,7 +228,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf INF OvmfPkg/Virtio10Dxe/Virtio10.inf INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf -INF OvmfPkg/VirtioRngDxe/VirtioRng.inf !if $(PVSCSI_ENABLE) == TRUE INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf !endif @@ -321,6 +320,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf !include OvmfPkg/Include/Fdf/OvmfTpmDxe.fdf.inc !include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc +!include OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc ################################################################################ diff --git a/OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc b/OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc new file mode 100644 index 0000000000..68839a0caa --- /dev/null +++ b/OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc @@ -0,0 +1,9 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + + SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf { + + RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf + } + OvmfPkg/VirtioRngDxe/VirtioRng.inf diff --git a/OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc b/OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc new file mode 100644 index 0000000000..99cb4a32b1 --- /dev/null +++ b/OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc @@ -0,0 +1,6 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +INF SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf +INF OvmfPkg/VirtioRngDxe/VirtioRng.inf diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc index 240d07e7e1..8ec772977b 100644 --- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc +++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc @@ -640,7 +640,6 @@ OvmfPkg/Virtio10Dxe/Virtio10.inf OvmfPkg/VirtioBlkDxe/VirtioBlk.inf OvmfPkg/VirtioScsiDxe/VirtioScsi.inf - OvmfPkg/VirtioRngDxe/VirtioRng.inf !if $(PVSCSI_ENABLE) == TRUE OvmfPkg/PvScsiDxe/PvScsiDxe.inf !endif @@ -723,6 +722,7 @@ MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf !include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc +!include OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc !if $(SECURE_BOOT_ENABLE) == TRUE SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.fdf b/OvmfPkg/IntelTdx/IntelTdxX64.fdf index a119a91091..83a7a2d8f4 100644 --- a/OvmfPkg/IntelTdx/IntelTdxX64.fdf +++ b/OvmfPkg/IntelTdx/IntelTdxX64.fdf @@ -282,7 +282,6 @@ READ_LOCK_STATUS = TRUE # INF MdeModulePkg/Universal/EbcDxe/EbcDxe.inf INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf -INF OvmfPkg/VirtioRngDxe/VirtioRng.inf !if $(PVSCSI_ENABLE) == TRUE INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf !endif @@ -323,6 +322,7 @@ INF OvmfPkg/VirtioGpuDxe/VirtioGpu.inf INF OvmfPkg/PlatformDxe/Platform.inf !include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc +!include OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc ################################################################################ diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc index cea49513c7..1196ba98c9 100644 --- a/OvmfPkg/Microvm/MicrovmX64.dsc +++ b/OvmfPkg/Microvm/MicrovmX64.dsc @@ -762,7 +762,6 @@ OvmfPkg/Virtio10Dxe/Virtio10.inf OvmfPkg/VirtioBlkDxe/VirtioBlk.inf OvmfPkg/VirtioScsiDxe/VirtioScsi.inf - OvmfPkg/VirtioRngDxe/VirtioRng.inf OvmfPkg/VirtioSerialDxe/VirtioSerial.inf MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf @@ -848,6 +847,7 @@ MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf !include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc +!include OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc !if $(SECURE_BOOT_ENABLE) == TRUE SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf diff --git a/OvmfPkg/Microvm/MicrovmX64.fdf b/OvmfPkg/Microvm/MicrovmX64.fdf index 055e659a35..c8268d7e8c 100644 --- a/OvmfPkg/Microvm/MicrovmX64.fdf +++ b/OvmfPkg/Microvm/MicrovmX64.fdf @@ -207,7 +207,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf INF OvmfPkg/Virtio10Dxe/Virtio10.inf INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf -INF OvmfPkg/VirtioRngDxe/VirtioRng.inf INF OvmfPkg/VirtioSerialDxe/VirtioSerial.inf !if $(SECURE_BOOT_ENABLE) == TRUE @@ -299,6 +298,7 @@ INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf !include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc +!include OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc ################################################################################ diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 2356e4e0b5..aaaccdbced 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -799,7 +799,6 @@ OvmfPkg/Virtio10Dxe/Virtio10.inf OvmfPkg/VirtioBlkDxe/VirtioBlk.inf OvmfPkg/VirtioScsiDxe/VirtioScsi.inf - OvmfPkg/VirtioRngDxe/VirtioRng.inf OvmfPkg/VirtioSerialDxe/VirtioSerial.inf !if $(PVSCSI_ENABLE) == TRUE OvmfPkg/PvScsiDxe/PvScsiDxe.inf @@ -897,6 +896,7 @@ !include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc !include OvmfPkg/Include/Dsc/MorLock.dsc.inc +!include OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc !if $(SECURE_BOOT_ENABLE) == TRUE SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf index 2aa45e34dc..32a695b568 100644 --- a/OvmfPkg/OvmfPkgIa32.fdf +++ b/OvmfPkg/OvmfPkgIa32.fdf @@ -231,7 +231,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf INF OvmfPkg/Virtio10Dxe/Virtio10.inf INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf -INF OvmfPkg/VirtioRngDxe/VirtioRng.inf INF OvmfPkg/VirtioSerialDxe/VirtioSerial.inf !if $(PVSCSI_ENABLE) == TRUE INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf @@ -359,6 +358,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf !include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc !include OvmfPkg/Include/Fdf/MorLock.fdf.inc +!include OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc !if $(LOAD_X64_ON_IA32_ENABLE) == TRUE INF OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 89f5642e1f..5aa1eece44 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -812,7 +812,6 @@ OvmfPkg/Virtio10Dxe/Virtio10.inf OvmfPkg/VirtioBlkDxe/VirtioBlk.inf OvmfPkg/VirtioScsiDxe/VirtioScsi.inf - OvmfPkg/VirtioRngDxe/VirtioRng.inf OvmfPkg/VirtioSerialDxe/VirtioSerial.inf !if $(PVSCSI_ENABLE) == TRUE OvmfPkg/PvScsiDxe/PvScsiDxe.inf @@ -910,6 +909,7 @@ !include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc !include OvmfPkg/Include/Dsc/MorLock.dsc.inc +!include OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc !if $(SECURE_BOOT_ENABLE) == TRUE SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf index 3ad731dcbc..b1e8f68319 100644 --- a/OvmfPkg/OvmfPkgIa32X64.fdf +++ b/OvmfPkg/OvmfPkgIa32X64.fdf @@ -232,7 +232,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf INF OvmfPkg/Virtio10Dxe/Virtio10.inf INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf -INF OvmfPkg/VirtioRngDxe/VirtioRng.inf INF OvmfPkg/VirtioSerialDxe/VirtioSerial.inf !if $(PVSCSI_ENABLE) == TRUE INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf @@ -366,6 +365,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf !include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc !include OvmfPkg/Include/Fdf/MorLock.fdf.inc +!include OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc ################################################################################ diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 13bd6a0c79..aca19de02d 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -856,7 +856,6 @@ OvmfPkg/Virtio10Dxe/Virtio10.inf OvmfPkg/VirtioBlkDxe/VirtioBlk.inf OvmfPkg/VirtioScsiDxe/VirtioScsi.inf - OvmfPkg/VirtioRngDxe/VirtioRng.inf OvmfPkg/VirtioSerialDxe/VirtioSerial.inf !if $(PVSCSI_ENABLE) == TRUE OvmfPkg/PvScsiDxe/PvScsiDxe.inf @@ -954,6 +953,7 @@ !include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc !include OvmfPkg/Include/Dsc/MorLock.dsc.inc +!include OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc !if $(SECURE_BOOT_ENABLE) == TRUE SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index c407bfb926..f7356957af 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -261,7 +261,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf INF OvmfPkg/Virtio10Dxe/Virtio10.inf INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf -INF OvmfPkg/VirtioRngDxe/VirtioRng.inf INF OvmfPkg/VirtioSerialDxe/VirtioSerial.inf !if $(PVSCSI_ENABLE) == TRUE INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf @@ -404,6 +403,7 @@ INF OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf !include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc !include OvmfPkg/Include/Fdf/MorLock.fdf.inc +!include OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc ################################################################################