]> git.proxmox.com Git - mirror_edk2.git/commitdiff
projects / mirror_edk2.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0852234)
OvmfPkg: Add BUILD_SHELL flag for IA32, IA32X64, X64
authorOliver Steffen <osteffen@redhat.com>
Tue, 30 Aug 2022 16:13:54 +0000 (18:13 +0200)
committermergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
Mon, 5 Sep 2022 13:52:51 +0000 (13:52 +0000)
Add BUILD_SHELL flag, similar to the one in OvmfPkg/AmdSev,
to enable/disable building of the UefiShell as part of
the firmware image. The UefiShell should not be included for
secure production systems (e.g. SecureBoot) because it can be
used to circumvent security features.

The default value for BUILD_SHELL is TRUE to keep the default
behavior of the Ovmf build.
Note: the default for AmdSev is FALSE.

The BUILD_SHELL flag for AmdSev was introduced in b261a30c900a8.

Signed-off-by: Oliver Steffen <osteffen@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
OvmfPkg/OvmfPkgIa32.dsc patch | blob | blame | history
OvmfPkg/OvmfPkgIa32.fdf patch | blob | blame | history
OvmfPkg/OvmfPkgIa32X64.dsc patch | blob | blame | history
OvmfPkg/OvmfPkgIa32X64.fdf patch | blob | blame | history
OvmfPkg/OvmfPkgX64.dsc patch | blob | blame | history
OvmfPkg/OvmfPkgX64.fdf patch | blob | blame | history

diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 725a01ae9a20ef6d305e95e873c9ccb0b86459de..797a543b95a90077cbb4346604f196676ede16fb 100644 (file)
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -36,6 +36,11 @@
 \r
 !include OvmfPkg/OvmfTpmDefines.dsc.inc\r
 \r
+  #\r
+  # Shell can be useful for debugging but should not be enabled for production\r
+  #\r
+  DEFINE BUILD_SHELL             = TRUE\r
+\r
   #\r
   # Network definition\r
   #\r
@@ -229,8 +234,11 @@
   TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf\r
 !endif\r
 \r
+!if $(BUILD_SHELL) == TRUE\r
   ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf\r
+!endif\r
   ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf\r
+\r
   S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf\r
   SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf\r
   OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf\r
@@ -895,7 +903,7 @@
   OvmfPkg/Csm/Csm16/Csm16.inf\r
 !endif\r
 \r
-!if $(TOOL_CHAIN_TAG) != "XCODE5"\r
+!if $(TOOL_CHAIN_TAG) != "XCODE5" && $(BUILD_SHELL) == TRUE\r
   ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf {\r
     <PcdsFixedAtBuild>\r
       gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE\r
@@ -909,6 +917,7 @@
       gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE\r
   }\r
 !endif\r
+!if $(BUILD_SHELL) == TRUE\r
   ShellPkg/Application/Shell/Shell.inf {\r
     <LibraryClasses>\r
       ShellCommandLib|ShellPkg/Library/UefiShellCommandLib/UefiShellCommandLib.inf\r
@@ -931,6 +940,7 @@
       gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE\r
       gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000\r
   }\r
+!endif\r
 \r
 !if $(SECURE_BOOT_ENABLE) == TRUE\r
   SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf\r
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index 57d13b7130bc6b90e653e848cd82120f14d66a47..7023ade8cebe2e2c06ffd2ce28b6abd56e90d7b9 100644 (file)
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -298,12 +298,14 @@ INF  FatPkg/EnhancedFatDxe/Fat.inf
 INF  MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf\r
 INF  OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf\r
 \r
-!if $(TOOL_CHAIN_TAG) != "XCODE5"\r
+!if $(BUILD_SHELL) == TRUE && $(TOOL_CHAIN_TAG) != "XCODE5"\r
 INF  ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf\r
 INF  ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf\r
 INF  OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf\r
 !endif\r
+!if $(BUILD_SHELL) == TRUE\r
 INF  ShellPkg/Application/Shell/Shell.inf\r
+!endif\r
 \r
 INF MdeModulePkg/Logo/LogoDxe.inf\r
 \r
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index adc813ba2e1eb1bcf55fd79c16fc5cecf1f5ebfb..9b1228e85024e4c89ec4ff0f5b126d9ce22a2288 100644 (file)
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -35,6 +35,11 @@
 \r
 !include OvmfPkg/OvmfTpmDefines.dsc.inc\r
 \r
+  #\r
+  # Shell can be useful for debugging but should not be enabled for production\r
+  #\r
+  DEFINE BUILD_SHELL             = TRUE\r
+\r
   #\r
   # Network definition\r
   #\r
@@ -233,8 +238,11 @@
   TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf\r
 !endif\r
 \r
+!if $(BUILD_SHELL) == TRUE\r
   ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf\r
+!endif\r
   ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf\r
+\r
   S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf\r
   SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf\r
   OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf\r
@@ -909,7 +917,7 @@
   OvmfPkg/Csm/Csm16/Csm16.inf\r
 !endif\r
 \r
-!if $(TOOL_CHAIN_TAG) != "XCODE5"\r
+!if $(TOOL_CHAIN_TAG) != "XCODE5" && $(BUILD_SHELL) == TRUE\r
   ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf {\r
     <PcdsFixedAtBuild>\r
       gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE\r
@@ -923,6 +931,7 @@
       gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE\r
   }\r
 !endif\r
+!if $(BUILD_SHELL) == TRUE\r
   ShellPkg/Application/Shell/Shell.inf {\r
     <LibraryClasses>\r
       ShellCommandLib|ShellPkg/Library/UefiShellCommandLib/UefiShellCommandLib.inf\r
@@ -945,6 +954,7 @@
       gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE\r
       gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000\r
   }\r
+!endif\r
 \r
 !if $(SECURE_BOOT_ENABLE) == TRUE\r
   SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf\r
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index ccde366887a907e06a320c69c88071109e8a247e..80de4fa2c0df3587160418e3eca54ca9916fabef 100644 (file)
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -299,12 +299,14 @@ INF  FatPkg/EnhancedFatDxe/Fat.inf
 INF  MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf\r
 INF  OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf\r
 \r
-!if $(TOOL_CHAIN_TAG) != "XCODE5"\r
+!if $(BUILD_SHELL) == TRUE && $(TOOL_CHAIN_TAG) != "XCODE5"\r
 INF  ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf\r
 INF  ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf\r
 INF  OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf\r
 !endif\r
+!if $(BUILD_SHELL) == TRUE\r
 INF  ShellPkg/Application/Shell/Shell.inf\r
+!endif\r
 \r
 INF MdeModulePkg/Logo/LogoDxe.inf\r
 \r
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 6e68f60dc90f5451735a799adb6cf8d2fbf5e554..5a6b68bcb106d4c89e99af5311b2af9272f71dc2 100644 (file)
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -35,6 +35,11 @@
 \r
 !include OvmfPkg/OvmfTpmDefines.dsc.inc\r
 \r
+  #\r
+  # Shell can be useful for debugging but should not be enabled for production\r
+  #\r
+  DEFINE BUILD_SHELL             = TRUE\r
+\r
   #\r
   # Network definition\r
   #\r
@@ -249,8 +254,11 @@
   TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf\r
 !endif\r
 \r
+!if $(BUILD_SHELL) == TRUE\r
   ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf\r
+!endif\r
   ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf\r
+\r
   S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf\r
   SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf\r
   OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf\r
@@ -974,7 +982,7 @@
   OvmfPkg/Csm/Csm16/Csm16.inf\r
 !endif\r
 \r
-!if $(TOOL_CHAIN_TAG) != "XCODE5"\r
+!if $(TOOL_CHAIN_TAG) != "XCODE5" && $(BUILD_SHELL) == TRUE\r
   ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf {\r
     <PcdsFixedAtBuild>\r
       gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE\r
@@ -988,6 +996,7 @@
       gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE\r
   }\r
 !endif\r
+!if $(BUILD_SHELL) == TRUE\r
   ShellPkg/Application/Shell/Shell.inf {\r
     <LibraryClasses>\r
       ShellCommandLib|ShellPkg/Library/UefiShellCommandLib/UefiShellCommandLib.inf\r
@@ -1010,6 +1019,7 @@
       gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE\r
       gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000\r
   }\r
+!endif\r
 \r
 !if $(SECURE_BOOT_ENABLE) == TRUE\r
   SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf\r
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index 438806fba8f1acb30f8698171636e68785ec338f..c0f5a1ef3c30c7ba28569e4b34868907c3af0ef1 100644 (file)
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -324,12 +324,14 @@ INF  FatPkg/EnhancedFatDxe/Fat.inf
 INF  MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf\r
 INF  OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf\r
 \r
-!if $(TOOL_CHAIN_TAG) != "XCODE5"\r
+!if $(BUILD_SHELL) == TRUE && $(TOOL_CHAIN_TAG) != "XCODE5"\r
 INF  ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf\r
 INF  ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf\r
 INF  OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf\r
 !endif\r
+!if $(BUILD_SHELL) == TRUE\r
 INF  ShellPkg/Application/Shell/Shell.inf\r
+!endif\r
 \r
 INF MdeModulePkg/Logo/LogoDxe.inf\r
 \r
EFI Development Kit II mirror for PVE