|
 |
bdb79c |
From f0303f71d576c51b01c4ff961b429d0e0e707245 Mon Sep 17 00:00:00 2001
|
|
|
bdb79c |
From: Laszlo Ersek <lersek@redhat.com>
|
|
|
bdb79c |
Date: Tue, 4 Nov 2014 23:02:53 +0100
|
|
|
bdb79c |
Subject: OvmfPkg: allow exclusion of the shell from the firmware image (RH
|
|
|
bdb79c |
only)
|
|
|
bdb79c |
|
|
|
bdb79c |
Message-id: <1415138578-27173-14-git-send-email-lersek@redhat.com>
|
|
|
bdb79c |
Patchwork-id: 62119
|
|
|
bdb79c |
O-Subject: [RHEL-7.1 ovmf PATCH v2 13/18] OvmfPkg: allow exclusion of the shell
|
|
|
bdb79c |
from the firmware image (RH only)
|
|
|
bdb79c |
Bugzilla: 1147592
|
|
|
bdb79c |
Acked-by: Andrew Jones <drjones@redhat.com>
|
|
|
bdb79c |
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
|
bdb79c |
Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
|
|
bdb79c |
|
|
|
bdb79c |
When '-D EXCLUDE_SHELL_FROM_FD' is passed to 'build', exclude the shell
|
|
|
bdb79c |
binary from the firmware image.
|
|
|
bdb79c |
|
|
|
bdb79c |
Peter Jones advised us that firmware vendors for physical systems disable
|
|
|
bdb79c |
the memory-mapped, firmware image-contained UEFI shell in
|
|
|
bdb79c |
SecureBoot-enabled builds. The reason being that the memory-mapped shell
|
|
|
bdb79c |
can always load, it may have direct access to various hardware in the
|
|
|
bdb79c |
system, and it can run UEFI shell scripts (which cannot be signed at all).
|
|
|
bdb79c |
|
|
|
bdb79c |
Intended use of the new build option:
|
|
|
bdb79c |
|
|
|
bdb79c |
- In-tree builds: don't pass '-D EXCLUDE_SHELL_FROM_FD'. The resultant
|
|
|
bdb79c |
firmware image will contain a shell binary, independently of SecureBoot
|
|
|
bdb79c |
enablement, which is flexible for interactive development. (Ie. no
|
|
|
bdb79c |
change for in-tree builds.)
|
|
|
bdb79c |
|
|
|
bdb79c |
- RPM builds: pass both '-D SECURE_BOOT_ENABLE' and
|
|
|
bdb79c |
'-D EXCLUDE_SHELL_FROM_FD'. The resultant RPM will provide:
|
|
|
bdb79c |
|
|
|
bdb79c |
- OVMF_CODE.fd: SecureBoot-enabled firmware, without builtin UEFI shell,
|
|
|
bdb79c |
|
|
|
bdb79c |
- OVMF_VARS.fd: variable store template matching OVMF_CODE.fd,
|
|
|
bdb79c |
|
|
|
bdb79c |
- UefiShell.iso: a bootable ISO image with the shell on it as default
|
|
|
bdb79c |
boot loader. The shell binary will load when SecureBoot is turned off,
|
|
|
bdb79c |
and won't load when SecureBoot is turned on (because it is not
|
|
|
bdb79c |
signed).
|
|
|
bdb79c |
|
|
|
bdb79c |
UefiShell.iso is the reason we're not excluding the shell from the DSC
|
|
|
bdb79c |
files as well, only the FDF files -- when '-D EXCLUDE_SHELL_FROM_FD'
|
|
|
bdb79c |
is specified, the shell binary needs to be built the same, only it
|
|
|
bdb79c |
will be included in UefiShell.iso.
|
|
|
bdb79c |
|
|
|
bdb79c |
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
|
|
|
bdb79c |
|
|
|
bdb79c |
- no changes
|
|
|
bdb79c |
|
|
|
bdb79c |
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
|
|
|
bdb79c |
|
|
|
bdb79c |
- no changes
|
|
|
bdb79c |
|
|
|
bdb79c |
Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
|
|
|
bdb79c |
|
|
|
bdb79c |
- no change
|
|
|
bdb79c |
|
|
|
bdb79c |
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
|
|
bdb79c |
(cherry picked from commit 9c391def70366cabae08e6008814299c3372fafd)
|
|
|
bdb79c |
(cherry picked from commit d9dd9ee42937b2611fe37183cc9ec7f62d946933)
|
|
|
bdb79c |
(cherry picked from commit 23df46ebbe7b09451d3a05034acd4d3a25e7177b)
|
|
|
bdb79c |
---
|
|
|
bdb79c |
OvmfPkg/OvmfPkgIa32.fdf | 2 ++
|
|
|
bdb79c |
OvmfPkg/OvmfPkgIa32X64.fdf | 2 ++
|
|
|
bdb79c |
OvmfPkg/OvmfPkgX64.fdf | 2 ++
|
|
|
bdb79c |
3 files changed, 6 insertions(+)
|
|
|
bdb79c |
|
|
|
bdb79c |
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
|
|
|
bdb79c |
index f552bc9..73007dd 100644
|
|
|
bdb79c |
--- a/OvmfPkg/OvmfPkgIa32.fdf
|
|
|
bdb79c |
+++ b/OvmfPkg/OvmfPkgIa32.fdf
|
|
|
bdb79c |
@@ -288,12 +288,14 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
|
|
|
bdb79c |
INF FatPkg/EnhancedFatDxe/Fat.inf
|
|
|
bdb79c |
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
|
|
|
bdb79c |
|
|
|
bdb79c |
+!ifndef $(EXCLUDE_SHELL_FROM_FD)
|
|
|
bdb79c |
!ifndef $(USE_OLD_SHELL)
|
|
|
bdb79c |
INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
|
|
|
bdb79c |
INF ShellPkg/Application/Shell/Shell.inf
|
|
|
bdb79c |
!else
|
|
|
bdb79c |
INF RuleOverride = BINARY EdkShellBinPkg/FullShell/FullShell.inf
|
|
|
bdb79c |
!endif
|
|
|
bdb79c |
+!endif
|
|
|
bdb79c |
|
|
|
bdb79c |
!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE)
|
|
|
bdb79c |
INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf
|
|
|
bdb79c |
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
|
|
|
bdb79c |
index ee77ae1..116b3c6 100644
|
|
|
bdb79c |
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
|
|
|
bdb79c |
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
|
|
|
bdb79c |
@@ -289,12 +289,14 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
|
|
|
bdb79c |
INF FatPkg/EnhancedFatDxe/Fat.inf
|
|
|
bdb79c |
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
|
|
|
bdb79c |
|
|
|
bdb79c |
+!ifndef $(EXCLUDE_SHELL_FROM_FD)
|
|
|
bdb79c |
!ifndef $(USE_OLD_SHELL)
|
|
|
bdb79c |
INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
|
|
|
bdb79c |
INF ShellPkg/Application/Shell/Shell.inf
|
|
|
bdb79c |
!else
|
|
|
bdb79c |
INF RuleOverride = BINARY USE = X64 EdkShellBinPkg/FullShell/FullShell.inf
|
|
|
bdb79c |
!endif
|
|
|
bdb79c |
+!endif
|
|
|
bdb79c |
|
|
|
bdb79c |
!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE)
|
|
|
bdb79c |
INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf
|
|
|
bdb79c |
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
|
|
|
bdb79c |
index 505d25d..84d5845 100644
|
|
|
bdb79c |
--- a/OvmfPkg/OvmfPkgX64.fdf
|
|
|
bdb79c |
+++ b/OvmfPkg/OvmfPkgX64.fdf
|
|
|
bdb79c |
@@ -289,12 +289,14 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
|
|
|
bdb79c |
INF FatPkg/EnhancedFatDxe/Fat.inf
|
|
|
bdb79c |
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
|
|
|
bdb79c |
|
|
|
bdb79c |
+!ifndef $(EXCLUDE_SHELL_FROM_FD)
|
|
|
bdb79c |
!ifndef $(USE_OLD_SHELL)
|
|
|
bdb79c |
INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
|
|
|
bdb79c |
INF ShellPkg/Application/Shell/Shell.inf
|
|
|
bdb79c |
!else
|
|
|
bdb79c |
INF RuleOverride = BINARY EdkShellBinPkg/FullShell/FullShell.inf
|
|
|
bdb79c |
!endif
|
|
|
bdb79c |
+!endif
|
|
|
bdb79c |
|
|
|
bdb79c |
!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE)
|
|
|
bdb79c |
INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf
|
|
|
bdb79c |
--
|
|
|
bdb79c |
1.8.3.1
|
|
|
bdb79c |
|