|
 |
63d87e |
From 229c88dc3ded9baeaca8b87767dc5c41c05afd6e Mon Sep 17 00:00:00 2001
|
|
|
cc9195 |
From: Laszlo Ersek <lersek@redhat.com>
|
|
|
cc9195 |
Date: Tue, 4 Nov 2014 23:02:53 +0100
|
|
|
cc9195 |
Subject: OvmfPkg: allow exclusion of the shell from the firmware image (RH
|
|
|
cc9195 |
only)
|
|
|
cc9195 |
|
|
|
63d87e |
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
|
|
|
63d87e |
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
|
|
|
63d87e |
|
|
|
63d87e |
- no change
|
|
|
63d87e |
|
|
|
fcd20d |
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
|
|
|
fcd20d |
RHEL-8.1/20190308-89910a39dcfd rebase:
|
|
|
fcd20d |
|
|
|
fcd20d |
- update the patch against the following upstream commits:
|
|
|
fcd20d |
- 4b888334d234 ("OvmfPkg: Remove EdkShellBinPkg in FDF", 2018-11-19)
|
|
|
fcd20d |
- 277a3958d93a ("OvmfPkg: Don't include TftpDynamicCommand in XCODE5
|
|
|
fcd20d |
tool chain", 2018-11-27)
|
|
|
fcd20d |
|
|
|
cc9195 |
Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
|
|
|
cc9195 |
RHEL-8.0/20180508-ee3198e672e2 rebase:
|
|
|
cc9195 |
|
|
|
cc9195 |
- reorder the rebase changelog in the commit message so that it reads like
|
|
|
cc9195 |
a blog: place more recent entries near the top
|
|
|
cc9195 |
- no changes to the patch body
|
|
|
cc9195 |
|
|
|
cc9195 |
Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
|
|
|
cc9195 |
|
|
|
cc9195 |
- no change
|
|
|
cc9195 |
|
|
|
cc9195 |
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
|
|
|
cc9195 |
|
|
|
cc9195 |
- no changes
|
|
|
cc9195 |
|
|
|
cc9195 |
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
|
|
|
cc9195 |
|
|
|
cc9195 |
- no changes
|
|
|
cc9195 |
|
|
|
cc9195 |
Message-id: <1415138578-27173-14-git-send-email-lersek@redhat.com>
|
|
|
cc9195 |
Patchwork-id: 62119
|
|
|
cc9195 |
O-Subject: [RHEL-7.1 ovmf PATCH v2 13/18] OvmfPkg: allow exclusion of the shell
|
|
|
cc9195 |
from the firmware image (RH only)
|
|
|
cc9195 |
Bugzilla: 1147592
|
|
|
cc9195 |
Acked-by: Andrew Jones <drjones@redhat.com>
|
|
|
cc9195 |
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
|
cc9195 |
Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
|
|
cc9195 |
|
|
|
cc9195 |
When '-D EXCLUDE_SHELL_FROM_FD' is passed to 'build', exclude the shell
|
|
|
cc9195 |
binary from the firmware image.
|
|
|
cc9195 |
|
|
|
cc9195 |
Peter Jones advised us that firmware vendors for physical systems disable
|
|
|
cc9195 |
the memory-mapped, firmware image-contained UEFI shell in
|
|
|
cc9195 |
SecureBoot-enabled builds. The reason being that the memory-mapped shell
|
|
|
cc9195 |
can always load, it may have direct access to various hardware in the
|
|
|
cc9195 |
system, and it can run UEFI shell scripts (which cannot be signed at all).
|
|
|
cc9195 |
|
|
|
cc9195 |
Intended use of the new build option:
|
|
|
cc9195 |
|
|
|
cc9195 |
- In-tree builds: don't pass '-D EXCLUDE_SHELL_FROM_FD'. The resultant
|
|
|
cc9195 |
firmware image will contain a shell binary, independently of SecureBoot
|
|
|
cc9195 |
enablement, which is flexible for interactive development. (Ie. no
|
|
|
cc9195 |
change for in-tree builds.)
|
|
|
cc9195 |
|
|
|
cc9195 |
- RPM builds: pass both '-D SECURE_BOOT_ENABLE' and
|
|
|
cc9195 |
'-D EXCLUDE_SHELL_FROM_FD'. The resultant RPM will provide:
|
|
|
cc9195 |
|
|
|
cc9195 |
- OVMF_CODE.fd: SecureBoot-enabled firmware, without builtin UEFI shell,
|
|
|
cc9195 |
|
|
|
cc9195 |
- OVMF_VARS.fd: variable store template matching OVMF_CODE.fd,
|
|
|
cc9195 |
|
|
|
cc9195 |
- UefiShell.iso: a bootable ISO image with the shell on it as default
|
|
|
cc9195 |
boot loader. The shell binary will load when SecureBoot is turned off,
|
|
|
cc9195 |
and won't load when SecureBoot is turned on (because it is not
|
|
|
cc9195 |
signed).
|
|
|
cc9195 |
|
|
|
cc9195 |
UefiShell.iso is the reason we're not excluding the shell from the DSC
|
|
|
cc9195 |
files as well, only the FDF files -- when '-D EXCLUDE_SHELL_FROM_FD'
|
|
|
cc9195 |
is specified, the shell binary needs to be built the same, only it
|
|
|
cc9195 |
will be included in UefiShell.iso.
|
|
|
cc9195 |
|
|
|
cc9195 |
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
|
|
cc9195 |
(cherry picked from commit 9c391def70366cabae08e6008814299c3372fafd)
|
|
|
cc9195 |
(cherry picked from commit d9dd9ee42937b2611fe37183cc9ec7f62d946933)
|
|
|
cc9195 |
(cherry picked from commit 23df46ebbe7b09451d3a05034acd4d3a25e7177b)
|
|
|
cc9195 |
(cherry picked from commit f0303f71d576c51b01c4ff961b429d0e0e707245)
|
|
|
fcd20d |
(cherry picked from commit bbd64eb8658e9a33eab4227d9f4e51ad78d9f687)
|
|
|
63d87e |
(cherry picked from commit 8628ef1b8d675ebec39d83834abbe3c8c8c42cf4)
|
|
|
cc9195 |
---
|
|
|
cc9195 |
OvmfPkg/OvmfPkgIa32.fdf | 2 ++
|
|
|
cc9195 |
OvmfPkg/OvmfPkgIa32X64.fdf | 2 ++
|
|
|
cc9195 |
OvmfPkg/OvmfPkgX64.fdf | 2 ++
|
|
|
cc9195 |
3 files changed, 6 insertions(+)
|
|
|
cc9195 |
|
|
|
cc9195 |
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
|
|
|
63d87e |
index 326f82384e..dff2fcd9f6 100644
|
|
|
cc9195 |
--- a/OvmfPkg/OvmfPkgIa32.fdf
|
|
|
cc9195 |
+++ b/OvmfPkg/OvmfPkgIa32.fdf
|
|
|
63d87e |
@@ -278,10 +278,12 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
|
|
|
cc9195 |
INF FatPkg/EnhancedFatDxe/Fat.inf
|
|
|
cc9195 |
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
|
|
|
cc9195 |
|
|
|
cc9195 |
+!ifndef $(EXCLUDE_SHELL_FROM_FD)
|
|
|
fcd20d |
!if $(TOOL_CHAIN_TAG) != "XCODE5"
|
|
|
cc9195 |
INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
|
|
|
cc9195 |
!endif
|
|
|
fcd20d |
INF ShellPkg/Application/Shell/Shell.inf
|
|
|
cc9195 |
+!endif
|
|
|
cc9195 |
|
|
|
cc9195 |
INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf
|
|
|
fcd20d |
|
|
|
cc9195 |
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
|
|
|
63d87e |
index aefb6614ad..6684a2e799 100644
|
|
|
cc9195 |
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
|
|
|
cc9195 |
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
|
|
|
63d87e |
@@ -279,10 +279,12 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
|
|
|
cc9195 |
INF FatPkg/EnhancedFatDxe/Fat.inf
|
|
|
cc9195 |
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
|
|
|
cc9195 |
|
|
|
cc9195 |
+!ifndef $(EXCLUDE_SHELL_FROM_FD)
|
|
|
fcd20d |
!if $(TOOL_CHAIN_TAG) != "XCODE5"
|
|
|
cc9195 |
INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
|
|
|
cc9195 |
!endif
|
|
|
fcd20d |
INF ShellPkg/Application/Shell/Shell.inf
|
|
|
cc9195 |
+!endif
|
|
|
cc9195 |
|
|
|
cc9195 |
INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf
|
|
|
fcd20d |
|
|
|
cc9195 |
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
|
|
|
63d87e |
index aefb6614ad..6684a2e799 100644
|
|
|
cc9195 |
--- a/OvmfPkg/OvmfPkgX64.fdf
|
|
|
cc9195 |
+++ b/OvmfPkg/OvmfPkgX64.fdf
|
|
|
63d87e |
@@ -279,10 +279,12 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
|
|
|
cc9195 |
INF FatPkg/EnhancedFatDxe/Fat.inf
|
|
|
cc9195 |
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
|
|
|
cc9195 |
|
|
|
cc9195 |
+!ifndef $(EXCLUDE_SHELL_FROM_FD)
|
|
|
fcd20d |
!if $(TOOL_CHAIN_TAG) != "XCODE5"
|
|
|
cc9195 |
INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
|
|
|
cc9195 |
!endif
|
|
|
fcd20d |
INF ShellPkg/Application/Shell/Shell.inf
|
|
|
cc9195 |
+!endif
|
|
|
cc9195 |
|
|
|
cc9195 |
INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf
|
|
|
fcd20d |
|
|
|
cc9195 |
--
|
|
|
fcd20d |
2.18.1
|
|
|
cc9195 |
|