diff options
| author | Laszlo Ersek <lersek@redhat.com> | 2017-02-23 21:46:06 +0100 |
|---|---|---|
| committer | Laszlo Ersek <lersek@redhat.com> | 2017-02-25 14:56:53 +0100 |
| commit | df453e1b7c7c3612d1fa3311bfb4c9d153ec9ad8 (patch) | |
| tree | f13f9a63872d8165cc47c858d01540c72bc0596f /OvmfPkg/OvmfPkgIa32X64.dsc | |
| parent | 622627f80f2584c3d1dbe49ce363002381923510 (diff) | |
| download | edk2-df453e1b7c7c3612d1fa3311bfb4c9d153ec9ad8.zip edk2-df453e1b7c7c3612d1fa3311bfb4c9d153ec9ad8.tar.gz edk2-df453e1b7c7c3612d1fa3311bfb4c9d153ec9ad8.tar.bz2 | |
OvmfPkg: exclude libssl functionality from OpensslLib if TLS_ENABLE=FALSE
The OpensslLibCrypto library instance (which does not contain libssl
functions) is sufficient for the Secure Boot feature.
Ease security analysis by excluding libssl functionality from the
OpensslLib instance we use with TLS_ENABLE=FALSE.
Cc: Gary Lin <glin@suse.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Tomas Hoger <thoger@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Gary Lin <glin@suse.com>
Diffstat (limited to 'OvmfPkg/OvmfPkgIa32X64.dsc')
| -rw-r--r-- | OvmfPkg/OvmfPkgIa32X64.dsc | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index f36604e..56f7ff9 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -148,7 +148,11 @@ DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+!if $(TLS_ENABLE) == TRUE
OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+!else
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+!endif
!if $(SECURE_BOOT_ENABLE) == TRUE
PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
|