/[packages]/cauldron/edk2/current/SOURCES/0012-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch
ViewVC logotype

Contents of /cauldron/edk2/current/SOURCES/0012-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch

Parent Directory Parent Directory | Revision Log Revision Log

Revision 1378781 - (show annotations) (download)
Tue Mar 19 07:21:32 2019 UTC (5 years, 1 month ago) by tv
File size: 4397 byte(s) 
- Update to stable-201903
- Update to openssl-1.1.0j
- Move to python3 deps
- Use YYYYMMDD versioning to fix upgrade path
1 From 026848dd55609cd184cd8fef3b312236e0ee3024 Mon Sep 17 00:00:00 2001
2 From: Laszlo Ersek <lersek@redhat.com>
3 Date: Tue, 4 Nov 2014 23:02:53 +0100
4 Subject: [PATCH] OvmfPkg: allow exclusion of the shell from the firmware image
5
6 When '-D EXCLUDE_SHELL_FROM_FD' is passed to 'build', exclude the shell
7 binary from the firmware image.
8
9 Peter Jones advised us that firmware vendors for physical systems disable
10 the memory-mapped, firmware image-contained UEFI shell in
11 SecureBoot-enabled builds. The reason being that the memory-mapped shell
12 can always load, it may have direct access to various hardware in the
13 system, and it can run UEFI shell scripts (which cannot be signed at all).
14
15 Intended use of the new build option:
16
17 - In-tree builds: don't pass '-D EXCLUDE_SHELL_FROM_FD'. The resultant
18 firmware image will contain a shell binary, independently of SecureBoot
19 enablement, which is flexible for interactive development. (Ie. no
20 change for in-tree builds.)
21
22 - RPM builds: pass both '-D SECURE_BOOT_ENABLE' and
23 '-D EXCLUDE_SHELL_FROM_FD'. The resultant RPM will provide:
24
25 - OVMF_CODE.fd: SecureBoot-enabled firmware, without builtin UEFI shell,
26
27 - OVMF_VARS.fd: variable store template matching OVMF_CODE.fd,
28
29 - UefiShell.iso: a bootable ISO image with the shell on it as default
30 boot loader. The shell binary will load when SecureBoot is turned off,
31 and won't load when SecureBoot is turned on (because it is not
32 signed).
33
34 UefiShell.iso is the reason we're not excluding the shell from the DSC
35 files as well, only the FDF files -- when '-D EXCLUDE_SHELL_FROM_FD'
36 is specified, the shell binary needs to be built the same, only it
37 will be included in UefiShell.iso.
38
39 Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
40
41 - no changes
42
43 Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
44
45 - no changes
46
47 Signed-off-by: Laszlo Ersek <lersek@redhat.com>
48 (cherry picked from commit 9c391def70366cabae08e6008814299c3372fafd)
49 (cherry picked from commit d9dd9ee42937b2611fe37183cc9ec7f62d946933)
50 Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
51 ---
52 OvmfPkg/OvmfPkgIa32.fdf | 2 ++
53 OvmfPkg/OvmfPkgIa32X64.fdf | 3 +++
54 OvmfPkg/OvmfPkgX64.fdf | 3 +++
55 3 files changed, 8 insertions(+)
56
57 diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
58 index 77d0d3f131..aa07387d19 100644
59 --- a/OvmfPkg/OvmfPkgIa32.fdf
60 +++ b/OvmfPkg/OvmfPkgIa32.fdf
61 @@ -288,10 +288,12 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
62 INF FatPkg/EnhancedFatDxe/Fat.inf
63 INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
64
65 +!ifndef $(EXCLUDE_SHELL_FROM_FD)
66 !if $(TOOL_CHAIN_TAG) != "XCODE5"
67 INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
68 !endif
69 INF ShellPkg/Application/Shell/Shell.inf
70 +!endif
71
72 !if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(NETWORK_IP6_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE)
73 INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf
74 diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
75 index da68440ddb..585d97685a 100644
76 --- a/OvmfPkg/OvmfPkgIa32X64.fdf
77 +++ b/OvmfPkg/OvmfPkgIa32X64.fdf
78 @@ -289,10 +289,13 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
79 INF FatPkg/EnhancedFatDxe/Fat.inf
80 INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
81
82 +!ifndef $(EXCLUDE_SHELL_FROM_FD)
83 !if $(TOOL_CHAIN_TAG) != "XCODE5"
84 INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
85 !endif
86 INF ShellPkg/Application/Shell/Shell.inf
87 +!endif
88 +
89
90 !if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(NETWORK_IP6_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE)
91 INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf
92 diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
93 index da68440ddb..585d97685a 100644
94 --- a/OvmfPkg/OvmfPkgX64.fdf
95 +++ b/OvmfPkg/OvmfPkgX64.fdf
96 @@ -289,10 +289,13 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
97 INF FatPkg/EnhancedFatDxe/Fat.inf
98 INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
99
100 +!ifndef $(EXCLUDE_SHELL_FROM_FD)
101 !if $(TOOL_CHAIN_TAG) != "XCODE5"
102 INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
103 !endif
104 INF ShellPkg/Application/Shell/Shell.inf
105 +!endif
106 +
107
108 !if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(NETWORK_IP6_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE)
109 INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf
  ViewVC Help
Powered by ViewVC 1.1.30