Blame 0011-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch

fdb3e7
From c1d277217b6d4115277cac4de26943fde3b7f170 Mon Sep 17 00:00:00 2001
Paolo Bonzini 348500
From: Laszlo Ersek <lersek@redhat.com>
Paolo Bonzini 348500
Date: Tue, 4 Nov 2014 23:02:53 +0100
294170
Subject: [PATCH] OvmfPkg: allow exclusion of the shell from the firmware image
Gerd Hoffmann b0c3af
Paolo Bonzini 348500
When '-D EXCLUDE_SHELL_FROM_FD' is passed to 'build', exclude the shell
Paolo Bonzini 348500
binary from the firmware image.
Paolo Bonzini 348500
Paolo Bonzini 348500
Peter Jones advised us that firmware vendors for physical systems disable
Paolo Bonzini 348500
the memory-mapped, firmware image-contained UEFI shell in
Paolo Bonzini 348500
SecureBoot-enabled builds. The reason being that the memory-mapped shell
Paolo Bonzini 348500
can always load, it may have direct access to various hardware in the
Paolo Bonzini 348500
system, and it can run UEFI shell scripts (which cannot be signed at all).
Paolo Bonzini 348500
Paolo Bonzini 348500
Intended use of the new build option:
Paolo Bonzini 348500
Paolo Bonzini 348500
- In-tree builds: don't pass '-D EXCLUDE_SHELL_FROM_FD'. The resultant
Paolo Bonzini 348500
  firmware image will contain a shell binary, independently of SecureBoot
Paolo Bonzini 348500
  enablement, which is flexible for interactive development. (Ie. no
Paolo Bonzini 348500
  change for in-tree builds.)
Paolo Bonzini 348500
Paolo Bonzini 348500
- RPM builds: pass both '-D SECURE_BOOT_ENABLE' and
Paolo Bonzini 348500
  '-D EXCLUDE_SHELL_FROM_FD'. The resultant RPM will provide:
Paolo Bonzini 348500
Paolo Bonzini 348500
  - OVMF_CODE.fd: SecureBoot-enabled firmware, without builtin UEFI shell,
Paolo Bonzini 348500
Paolo Bonzini 348500
  - OVMF_VARS.fd: variable store template matching OVMF_CODE.fd,
Paolo Bonzini 348500
Paolo Bonzini 348500
  - UefiShell.iso: a bootable ISO image with the shell on it as default
Paolo Bonzini 348500
    boot loader. The shell binary will load when SecureBoot is turned off,
Paolo Bonzini 348500
    and won't load when SecureBoot is turned on (because it is not
Paolo Bonzini 348500
    signed).
Paolo Bonzini 348500
Paolo Bonzini 348500
    UefiShell.iso is the reason we're not excluding the shell from the DSC
Paolo Bonzini 348500
    files as well, only the FDF files -- when '-D EXCLUDE_SHELL_FROM_FD'
Paolo Bonzini 348500
    is specified, the shell binary needs to be built the same, only it
Paolo Bonzini 348500
    will be included in UefiShell.iso.
Paolo Bonzini 348500
Paolo Bonzini 348500
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
Paolo Bonzini 348500
Paolo Bonzini 348500
- no changes
Paolo Bonzini 348500
Paolo Bonzini 348500
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
Paolo Bonzini 348500
Paolo Bonzini 348500
- no changes
Paolo Bonzini 348500
Paolo Bonzini 348500
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Paolo Bonzini 348500
(cherry picked from commit 9c391def70366cabae08e6008814299c3372fafd)
Paolo Bonzini 348500
(cherry picked from commit d9dd9ee42937b2611fe37183cc9ec7f62d946933)
Paolo Bonzini 7ae6f1
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Gerd Hoffmann b0c3af
---
Gerd Hoffmann b0c3af
 OvmfPkg/OvmfPkgIa32.fdf    | 2 ++
b846ca
 OvmfPkg/OvmfPkgIa32X64.fdf | 3 +++
b846ca
 OvmfPkg/OvmfPkgX64.fdf     | 3 +++
b846ca
 3 files changed, 8 insertions(+)
Gerd Hoffmann b0c3af
Gerd Hoffmann b0c3af
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
fdb3e7
index 6e1e7f5f44..07c1cdbe81 100644
Gerd Hoffmann b0c3af
--- a/OvmfPkg/OvmfPkgIa32.fdf
Gerd Hoffmann b0c3af
+++ b/OvmfPkg/OvmfPkgIa32.fdf
fdb3e7
@@ -291,11 +291,13 @@ INF  MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
Gerd Hoffmann b0c3af
 INF  FatPkg/EnhancedFatDxe/Fat.inf
Paolo Bonzini 348500
 INF  MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
Gerd Hoffmann b0c3af
 
Gerd Hoffmann b0c3af
+!ifndef $(EXCLUDE_SHELL_FROM_FD)
b846ca
 !if $(TOOL_CHAIN_TAG) != "XCODE5"
Paolo Bonzini 7ae6f1
 INF  ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
fdb3e7
 INF  OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
Gerd Hoffmann b0c3af
 !endif
b846ca
 INF  ShellPkg/Application/Shell/Shell.inf
Gerd Hoffmann b0c3af
+!endif
Gerd Hoffmann b0c3af
 
Paolo Bonzini 720bc3
 !if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(NETWORK_IP6_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE)
Paolo Bonzini 348500
 INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf
Gerd Hoffmann b0c3af
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
fdb3e7
index 1fab3d5014..b1560d6218 100644
Gerd Hoffmann b0c3af
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
Gerd Hoffmann b0c3af
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
fdb3e7
@@ -292,11 +292,14 @@ INF  MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
Gerd Hoffmann b0c3af
 INF  FatPkg/EnhancedFatDxe/Fat.inf
Paolo Bonzini 348500
 INF  MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
Gerd Hoffmann b0c3af
 
Gerd Hoffmann b0c3af
+!ifndef $(EXCLUDE_SHELL_FROM_FD)
b846ca
 !if $(TOOL_CHAIN_TAG) != "XCODE5"
Paolo Bonzini 7ae6f1
 INF  ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
fdb3e7
 INF  OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
Gerd Hoffmann b0c3af
 !endif
b846ca
 INF  ShellPkg/Application/Shell/Shell.inf
Gerd Hoffmann b0c3af
+!endif
b846ca
+
Gerd Hoffmann b0c3af
 
Paolo Bonzini 720bc3
 !if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(NETWORK_IP6_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE)
Paolo Bonzini 348500
 INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf
Gerd Hoffmann b0c3af
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
fdb3e7
index 6dc48977a0..34cd97aac4 100644
Gerd Hoffmann b0c3af
--- a/OvmfPkg/OvmfPkgX64.fdf
Gerd Hoffmann b0c3af
+++ b/OvmfPkg/OvmfPkgX64.fdf
fdb3e7
@@ -301,11 +301,14 @@ INF  MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
Gerd Hoffmann b0c3af
 INF  FatPkg/EnhancedFatDxe/Fat.inf
Paolo Bonzini 348500
 INF  MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
Gerd Hoffmann b0c3af
 
Gerd Hoffmann b0c3af
+!ifndef $(EXCLUDE_SHELL_FROM_FD)
b846ca
 !if $(TOOL_CHAIN_TAG) != "XCODE5"
Paolo Bonzini 7ae6f1
 INF  ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
fdb3e7
 INF  OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
Gerd Hoffmann b0c3af
 !endif
b846ca
 INF  ShellPkg/Application/Shell/Shell.inf
Gerd Hoffmann b0c3af
+!endif
b846ca
+
Gerd Hoffmann b0c3af
 
Paolo Bonzini 720bc3
 !if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(NETWORK_IP6_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE)
Paolo Bonzini 348500
 INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf