[PATCH 1/1] OvmfPkg/AmdSev: introduce EMBED_GRUB=FALSE to skip including Grub image


Dov Murik
 

The AmdSevX64 target includes an embedded Grub image to support secure
(measured) boot of confidential guests with encrypted root images.

However, it is sometimes convenient to build this target without an
embedded Grub. We introduce the EMBED_GRUB setting (defaults to TRUE),
which conditions the generation (grub.sh) and inclusion of the Grub
image. Now building AmdSevX64 with -DEMBED_GRUB=3DFALSE allows it.

Cc: Laszlo Ersek <lersek@...>
Cc: Ard Biesheuvel <ardb+tianocore@...>
Cc: Jordan Justen <jordan.l.justen@...>
Cc: Ashish Kalra <ashish.kalra@...>
Cc: Brijesh Singh <brijesh.singh@...>
Cc: Erdem Aktas <erdemaktas@...>
Cc: James Bottomley <jejb@...>
Cc: Jiewen Yao <jiewen.yao@...>
Cc: Min Xu <min.m.xu@...>
Cc: Tom Lendacky <thomas.lendacky@...>
Cc: Tobin Feldman-Fitzthum <tobin@...>
Signed-off-by: Dov Murik <dovmurik@...>
---
OvmfPkg/AmdSev/AmdSevX64.dsc | 16 +++++++++++++++-
OvmfPkg/AmdSev/AmdSevX64.fdf | 2 ++
2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index 1d487befae08..ba7d6fe6b749 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -25,7 +25,6 @@ [Defines]
BUILD_TARGETS =3D NOOPT|DEBUG|RELEASE=0D
SKUID_IDENTIFIER =3D DEFAULT=0D
FLASH_DEFINITION =3D OvmfPkg/AmdSev/AmdSevX64.fdf=0D
- PREBUILD =3D sh OvmfPkg/AmdSev/Grub/grub.sh=0D
=0D
#=0D
# Defines for default states. These can be changed on the command line.=
=0D
@@ -40,6 +39,19 @@ [Defines]
#=0D
DEFINE BUILD_SHELL =3D FALSE=0D
=0D
+ #=0D
+ # Embed Grub into the OVMF image so they are measured together when laun=
ching=0D
+ # confidential guest=0D
+ #=0D
+ DEFINE EMBED_GRUB =3D TRUE=0D
+=0D
+!if $(EMBED_GRUB) =3D=3D TRUE=0D
+ #=0D
+ # This step builds the grub.efi binary image if needed=0D
+ #=0D
+ PREBUILD =3D sh OvmfPkg/AmdSev/Grub/grub.sh=0D
+!endif=0D
+=0D
#=0D
# Device drivers=0D
#=0D
@@ -784,7 +796,9 @@ [Components]
}=0D
!endif=0D
OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf=0D
+!if $(EMBED_GRUB) =3D=3D TRUE=0D
OvmfPkg/AmdSev/Grub/Grub.inf=0D
+!endif=0D
!if $(BUILD_SHELL) =3D=3D TRUE=0D
ShellPkg/Application/Shell/Shell.inf {=0D
<LibraryClasses>=0D
diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
index 9977b0f00a18..ee3d96bb813f 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
@@ -270,7 +270,9 @@ [FV.DXEFV]
INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand=
.inf=0D
!endif=0D
INF OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf=0D
+!if $(EMBED_GRUB) =3D=3D TRUE=0D
INF OvmfPkg/AmdSev/Grub/Grub.inf=0D
+!endif=0D
!if $(BUILD_SHELL) =3D=3D TRUE=0D
INF ShellPkg/Application/Shell/Shell.inf=0D
!endif=0D
--=20
2.25.1

Join devel@edk2.groups.io to automatically receive all group messages.