Add BUILD_SHELL flag, similar to the one in OvmfPkg/AmdSev,
to enable/disable building of the UefiShell as part of
the firmware image. The UefiShell should not be included for
secure production systems (e.g. SecureBoot) because it can be
used to circumvent security features.
The default value for BUILD_SHELL is TRUE to keep the default
behavior of the Ovmf build.
Note: the default for AmdSev is FALSE.
The BUILD_SHELL flag for AmdSev was introduced in
b261a30c900a8.
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
\r
!include OvmfPkg/OvmfTpmDefines.dsc.inc\r
\r
+ #\r
+ # Shell can be useful for debugging but should not be enabled for production\r
+ #\r
+ DEFINE BUILD_SHELL = TRUE\r
+\r
#\r
# Network definition\r
#\r
TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf\r
!endif\r
\r
+!if $(BUILD_SHELL) == TRUE\r
ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf\r
+!endif\r
ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf\r
+\r
S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf\r
SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf\r
OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf\r
OvmfPkg/Csm/Csm16/Csm16.inf\r
!endif\r
\r
-!if $(TOOL_CHAIN_TAG) != "XCODE5"\r
+!if $(TOOL_CHAIN_TAG) != "XCODE5" && $(BUILD_SHELL) == TRUE\r
ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf {\r
<PcdsFixedAtBuild>\r
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE\r
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE\r
}\r
!endif\r
+!if $(BUILD_SHELL) == TRUE\r
ShellPkg/Application/Shell/Shell.inf {\r
<LibraryClasses>\r
ShellCommandLib|ShellPkg/Library/UefiShellCommandLib/UefiShellCommandLib.inf\r
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE\r
gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000\r
}\r
+!endif\r
\r
!if $(SECURE_BOOT_ENABLE) == TRUE\r
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf\r
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf\r
INF OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf\r
\r
-!if $(TOOL_CHAIN_TAG) != "XCODE5"\r
+!if $(BUILD_SHELL) == TRUE && $(TOOL_CHAIN_TAG) != "XCODE5"\r
INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf\r
INF ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf\r
INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf\r
!endif\r
+!if $(BUILD_SHELL) == TRUE\r
INF ShellPkg/Application/Shell/Shell.inf\r
+!endif\r
\r
INF MdeModulePkg/Logo/LogoDxe.inf\r
\r
\r
!include OvmfPkg/OvmfTpmDefines.dsc.inc\r
\r
+ #\r
+ # Shell can be useful for debugging but should not be enabled for production\r
+ #\r
+ DEFINE BUILD_SHELL = TRUE\r
+\r
#\r
# Network definition\r
#\r
TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf\r
!endif\r
\r
+!if $(BUILD_SHELL) == TRUE\r
ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf\r
+!endif\r
ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf\r
+\r
S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf\r
SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf\r
OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf\r
OvmfPkg/Csm/Csm16/Csm16.inf\r
!endif\r
\r
-!if $(TOOL_CHAIN_TAG) != "XCODE5"\r
+!if $(TOOL_CHAIN_TAG) != "XCODE5" && $(BUILD_SHELL) == TRUE\r
ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf {\r
<PcdsFixedAtBuild>\r
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE\r
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE\r
}\r
!endif\r
+!if $(BUILD_SHELL) == TRUE\r
ShellPkg/Application/Shell/Shell.inf {\r
<LibraryClasses>\r
ShellCommandLib|ShellPkg/Library/UefiShellCommandLib/UefiShellCommandLib.inf\r
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE\r
gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000\r
}\r
+!endif\r
\r
!if $(SECURE_BOOT_ENABLE) == TRUE\r
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf\r
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf\r
INF OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf\r
\r
-!if $(TOOL_CHAIN_TAG) != "XCODE5"\r
+!if $(BUILD_SHELL) == TRUE && $(TOOL_CHAIN_TAG) != "XCODE5"\r
INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf\r
INF ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf\r
INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf\r
!endif\r
+!if $(BUILD_SHELL) == TRUE\r
INF ShellPkg/Application/Shell/Shell.inf\r
+!endif\r
\r
INF MdeModulePkg/Logo/LogoDxe.inf\r
\r
\r
!include OvmfPkg/OvmfTpmDefines.dsc.inc\r
\r
+ #\r
+ # Shell can be useful for debugging but should not be enabled for production\r
+ #\r
+ DEFINE BUILD_SHELL = TRUE\r
+\r
#\r
# Network definition\r
#\r
TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf\r
!endif\r
\r
+!if $(BUILD_SHELL) == TRUE\r
ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf\r
+!endif\r
ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf\r
+\r
S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf\r
SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf\r
OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf\r
OvmfPkg/Csm/Csm16/Csm16.inf\r
!endif\r
\r
-!if $(TOOL_CHAIN_TAG) != "XCODE5"\r
+!if $(TOOL_CHAIN_TAG) != "XCODE5" && $(BUILD_SHELL) == TRUE\r
ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf {\r
<PcdsFixedAtBuild>\r
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE\r
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE\r
}\r
!endif\r
+!if $(BUILD_SHELL) == TRUE\r
ShellPkg/Application/Shell/Shell.inf {\r
<LibraryClasses>\r
ShellCommandLib|ShellPkg/Library/UefiShellCommandLib/UefiShellCommandLib.inf\r
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE\r
gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000\r
}\r
+!endif\r
\r
!if $(SECURE_BOOT_ENABLE) == TRUE\r
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf\r
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf\r
INF OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf\r
\r
-!if $(TOOL_CHAIN_TAG) != "XCODE5"\r
+!if $(BUILD_SHELL) == TRUE && $(TOOL_CHAIN_TAG) != "XCODE5"\r
INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf\r
INF ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf\r
INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf\r
!endif\r
+!if $(BUILD_SHELL) == TRUE\r
INF ShellPkg/Application/Shell/Shell.inf\r
+!endif\r
\r
INF MdeModulePkg/Logo/LogoDxe.inf\r
\r