render / rpms / edk2

Forked from rpms/edk2 3 months ago
Clone

Blame SOURCES/0015-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch

c49882
From e8e12cb7d3a47e5823cf2cb12c9bfe5901d3b100 Mon Sep 17 00:00:00 2001
6009e6
From: Laszlo Ersek <lersek@redhat.com>
6009e6
Date: Tue, 4 Nov 2014 23:02:53 +0100
6009e6
Subject: OvmfPkg: allow exclusion of the shell from the firmware image (RH
6009e6
 only)
6009e6
94daa4
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
94daa4
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
94daa4
94daa4
- No manual / explicit code change is necessary, because the newly
94daa4
  inherited OvmfPkg/AmdSev platform already has its own BUILD_SHELL
94daa4
  build-time macro (feature test flag), with default value FALSE -- from
94daa4
  upstream commit b261a30c900a ("OvmfPkg/AmdSev: add Grub Firmware Volume
94daa4
  Package", 2020-12-14).
94daa4
94daa4
- Contextual differences from new upstream commits 2d8ca4f90eae ("OvmfPkg:
94daa4
  enable HttpDynamicCommand", 2020-10-01) and 5ab6a0e1c8e9 ("OvmfPkg:
94daa4
  introduce VirtioFsDxe", 2020-12-21) have been auto-resolved by
94daa4
  git-cherry-pick.
94daa4
94daa4
- Remove obsolete commit message tags related to downstream patch
94daa4
  management: Message-id, Patchwork-id, O-Subject, Acked-by
94daa4
  (RHBZ#1846481).
94daa4
3e2dc0
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
3e2dc0
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
3e2dc0
3e2dc0
- context difference from upstream commit ec41733cfd10 ("OvmfPkg: add the
3e2dc0
  'initrd' dynamic shell command", 2020-03-04) correctly auto-resolved
3e2dc0
6009e6
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
6009e6
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
6009e6
6009e6
- no change
6009e6
6009e6
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
6009e6
RHEL-8.1/20190308-89910a39dcfd rebase:
6009e6
6009e6
- update the patch against the following upstream commits:
6009e6
  - 4b888334d234 ("OvmfPkg: Remove EdkShellBinPkg in FDF", 2018-11-19)
6009e6
  - 277a3958d93a ("OvmfPkg: Don't include TftpDynamicCommand in XCODE5
6009e6
                  tool chain", 2018-11-27)
6009e6
6009e6
Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
6009e6
RHEL-8.0/20180508-ee3198e672e2 rebase:
6009e6
6009e6
- reorder the rebase changelog in the commit message so that it reads like
6009e6
  a blog: place more recent entries near the top
6009e6
- no changes to the patch body
6009e6
6009e6
Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
6009e6
6009e6
- no change
6009e6
6009e6
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
6009e6
6009e6
- no changes
6009e6
6009e6
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
6009e6
6009e6
- no changes
6009e6
6009e6
Bugzilla: 1147592
6009e6
6009e6
When '-D EXCLUDE_SHELL_FROM_FD' is passed to 'build', exclude the shell
6009e6
binary from the firmware image.
6009e6
6009e6
Peter Jones advised us that firmware vendors for physical systems disable
6009e6
the memory-mapped, firmware image-contained UEFI shell in
6009e6
SecureBoot-enabled builds. The reason being that the memory-mapped shell
6009e6
can always load, it may have direct access to various hardware in the
6009e6
system, and it can run UEFI shell scripts (which cannot be signed at all).
6009e6
6009e6
Intended use of the new build option:
6009e6
6009e6
- In-tree builds: don't pass '-D EXCLUDE_SHELL_FROM_FD'. The resultant
6009e6
  firmware image will contain a shell binary, independently of SecureBoot
6009e6
  enablement, which is flexible for interactive development. (Ie. no
6009e6
  change for in-tree builds.)
6009e6
6009e6
- RPM builds: pass both '-D SECURE_BOOT_ENABLE' and
6009e6
  '-D EXCLUDE_SHELL_FROM_FD'. The resultant RPM will provide:
6009e6
6009e6
  - OVMF_CODE.fd: SecureBoot-enabled firmware, without builtin UEFI shell,
6009e6
6009e6
  - OVMF_VARS.fd: variable store template matching OVMF_CODE.fd,
6009e6
6009e6
  - UefiShell.iso: a bootable ISO image with the shell on it as default
6009e6
    boot loader. The shell binary will load when SecureBoot is turned off,
6009e6
    and won't load when SecureBoot is turned on (because it is not
6009e6
    signed).
6009e6
6009e6
    UefiShell.iso is the reason we're not excluding the shell from the DSC
6009e6
    files as well, only the FDF files -- when '-D EXCLUDE_SHELL_FROM_FD'
6009e6
    is specified, the shell binary needs to be built the same, only it
6009e6
    will be included in UefiShell.iso.
6009e6
6009e6
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
6009e6
(cherry picked from commit 9c391def70366cabae08e6008814299c3372fafd)
6009e6
(cherry picked from commit d9dd9ee42937b2611fe37183cc9ec7f62d946933)
6009e6
(cherry picked from commit 23df46ebbe7b09451d3a05034acd4d3a25e7177b)
6009e6
(cherry picked from commit f0303f71d576c51b01c4ff961b429d0e0e707245)
6009e6
(cherry picked from commit bbd64eb8658e9a33eab4227d9f4e51ad78d9f687)
6009e6
(cherry picked from commit 8628ef1b8d675ebec39d83834abbe3c8c8c42cf4)
3e2dc0
(cherry picked from commit 229c88dc3ded9baeaca8b87767dc5c41c05afd6e)
94daa4
(cherry picked from commit c2812d7189dee06c780f05a5880eb421c359a687)
6009e6
---
6009e6
 OvmfPkg/OvmfPkgIa32.fdf    | 2 ++
6009e6
 OvmfPkg/OvmfPkgIa32X64.fdf | 2 ++
6009e6
 OvmfPkg/OvmfPkgX64.fdf     | 2 ++
6009e6
 3 files changed, 6 insertions(+)
6009e6
6009e6
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
c49882
index 775ea2d710..00ea14adf0 100644
6009e6
--- a/OvmfPkg/OvmfPkgIa32.fdf
6009e6
+++ b/OvmfPkg/OvmfPkgIa32.fdf
c49882
@@ -290,12 +290,14 @@ INF  FatPkg/EnhancedFatDxe/Fat.inf
6009e6
 INF  MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
94daa4
 INF  OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
6009e6
 
6009e6
+!ifndef $(EXCLUDE_SHELL_FROM_FD)
6009e6
 !if $(TOOL_CHAIN_TAG) != "XCODE5"
6009e6
 INF  ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
94daa4
 INF  ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf
3e2dc0
 INF  OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
6009e6
 !endif
6009e6
 INF  ShellPkg/Application/Shell/Shell.inf
6009e6
+!endif
6009e6
 
c49882
 INF MdeModulePkg/Logo/LogoDxe.inf
6009e6
 
6009e6
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
c49882
index 9d8695922f..e33a40c44e 100644
6009e6
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
6009e6
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
94daa4
@@ -294,12 +294,14 @@ INF  FatPkg/EnhancedFatDxe/Fat.inf
6009e6
 INF  MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
94daa4
 INF  OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
6009e6
 
6009e6
+!ifndef $(EXCLUDE_SHELL_FROM_FD)
6009e6
 !if $(TOOL_CHAIN_TAG) != "XCODE5"
6009e6
 INF  ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
94daa4
 INF  ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf
3e2dc0
 INF  OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
6009e6
 !endif
6009e6
 INF  ShellPkg/Application/Shell/Shell.inf
6009e6
+!endif
6009e6
 
c49882
 INF MdeModulePkg/Logo/LogoDxe.inf
6009e6
 
6009e6
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
c49882
index b6cc3cabdd..85b4b23857 100644
6009e6
--- a/OvmfPkg/OvmfPkgX64.fdf
6009e6
+++ b/OvmfPkg/OvmfPkgX64.fdf
c49882
@@ -310,12 +310,14 @@ INF  FatPkg/EnhancedFatDxe/Fat.inf
6009e6
 INF  MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
94daa4
 INF  OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
6009e6
 
6009e6
+!ifndef $(EXCLUDE_SHELL_FROM_FD)
6009e6
 !if $(TOOL_CHAIN_TAG) != "XCODE5"
6009e6
 INF  ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
94daa4
 INF  ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf
3e2dc0
 INF  OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
6009e6
 !endif
6009e6
 INF  ShellPkg/Application/Shell/Shell.inf
6009e6
+!endif
6009e6
 
c49882
 INF MdeModulePkg/Logo/LogoDxe.inf
6009e6
 
6009e6
-- 
94daa4
2.27.0
6009e6