[PATCH 2/2] OvmfPkg/OvmfPkgX64: Allow runtime control of IPv4 and IPv6 support


Gerd Hoffmann
 

On Mon, Aug 15, 2022 at 11:40:30AM +0200, Ard Biesheuvel wrote:
Wire up the newly added DriverLoadInhibitorLib in a way that ties
dispatch of the Ip4Dxe and Ip6Dxe drivers to QEMU fw_cfg variables
'opt/org.tianocore/IPv4Support' and 'opt/org.tianocore/IPv6Support'
respectively.

Setting both variables to 'n' disables IP based networking entirely,
without the need for additional code changes at the NIC driver or
network boot protocol level.

Signed-off-by: Ard Biesheuvel <ardb@...>
---
OvmfPkg/OvmfPkgX64.dsc | 14 ++++++++++++++
1 file changed, 14 insertions(+)

diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 6e68f60dc90f..0c0ded88f86e 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -947,6 +947,20 @@ [Components]
NULL|OvmfPkg/Library/PxeBcPcdProducerLib/PxeBcPcdProducerLib.inf
}

+ NetworkPkg/Ip4Dxe/Ip4Dxe.inf {
+ <LibraryClasses>
+ NULL|OvmfPkg/Library/DriverLoadInhibitorLib/DriverLoadInhibitorLib.inf
+ <PcdsFixedAtBuild>
+ gUefiOvmfPkgTokenSpaceGuid.PcdDriverInhibitorFwCfgVarName|"opt/org.tianocore/IPv4Support"
+ }
+
+ NetworkPkg/Ip6Dxe/Ip6Dxe.inf {
+ <LibraryClasses>
+ NULL|OvmfPkg/Library/DriverLoadInhibitorLib/DriverLoadInhibitorLib.inf
+ <PcdsFixedAtBuild>
+ gUefiOvmfPkgTokenSpaceGuid.PcdDriverInhibitorFwCfgVarName|"opt/org.tianocore/IPv6Support"
+ }
+
Hmm. Not a comment to this specifically, but more to the OVMF *.dsc and
*.fdf files in general. We have a lot of duplication here. I've
already moved some bits to include files (OvmfPkg/OvmfTpm*.inc for
example) to reduce that. Makes maintainance easier and builds more
consistent.

This looks like a prime candidate for a new OvmfNetwork.dsc.inc file,
so we can easily get that for all build variants and not only X64.

And there is more which we can split out. crypto (have an experimental
branch doing that as part of my CryptoPkg/Driver experiments). drivers
(usb / virtio / ...). Shell.efi

Maybe it makes sense to move those include snippets into a subdirectory
so they don't pile up in OvmfPkg/ when we move more stuff to includes?

take care,
Gerd


Ard Biesheuvel
 

Wire up the newly added DriverLoadInhibitorLib in a way that ties
dispatch of the Ip4Dxe and Ip6Dxe drivers to QEMU fw_cfg variables
'opt/org.tianocore/IPv4Support' and 'opt/org.tianocore/IPv6Support'
respectively.

Setting both variables to 'n' disables IP based networking entirely,
without the need for additional code changes at the NIC driver or
network boot protocol level.

Signed-off-by: Ard Biesheuvel <ardb@...>
---
OvmfPkg/OvmfPkgX64.dsc | 14 ++++++++++++++
1 file changed, 14 insertions(+)

diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 6e68f60dc90f..0c0ded88f86e 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -947,6 +947,20 @@ [Components]
NULL|OvmfPkg/Library/PxeBcPcdProducerLib/PxeBcPcdProducerLib.inf=0D
}=0D
=0D
+ NetworkPkg/Ip4Dxe/Ip4Dxe.inf {=0D
+ <LibraryClasses>=0D
+ NULL|OvmfPkg/Library/DriverLoadInhibitorLib/DriverLoadInhibitorLib.i=
nf=0D
+ <PcdsFixedAtBuild>=0D
+ gUefiOvmfPkgTokenSpaceGuid.PcdDriverInhibitorFwCfgVarName|"opt/org.t=
ianocore/IPv4Support"=0D
+ }=0D
+=0D
+ NetworkPkg/Ip6Dxe/Ip6Dxe.inf {=0D
+ <LibraryClasses>=0D
+ NULL|OvmfPkg/Library/DriverLoadInhibitorLib/DriverLoadInhibitorLib.i=
nf=0D
+ <PcdsFixedAtBuild>=0D
+ gUefiOvmfPkgTokenSpaceGuid.PcdDriverInhibitorFwCfgVarName|"opt/org.t=
ianocore/IPv6Support"=0D
+ }=0D
+=0D
!if $(NETWORK_TLS_ENABLE) =3D=3D TRUE=0D
NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf {=0D
<LibraryClasses>=0D
--=20
2.35.1