|
|
9fc821 |
From 84570add9731d2099c6e5be43f96aed508fd4c39 Mon Sep 17 00:00:00 2001
|
|
|
9fc821 |
Message-Id: <84570add9731d2099c6e5be43f96aed508fd4c39.1534970217.git.crobinso@redhat.com>
|
|
|
9fc821 |
In-Reply-To: <37942481c89eca732239c23fe606680e6e3faf77.1534970217.git.crobinso@redhat.com>
|
|
|
9fc821 |
References: <37942481c89eca732239c23fe606680e6e3faf77.1534970217.git.crobinso@redhat.com>
|
|
Paolo Bonzini |
348500 |
From: Laszlo Ersek <lersek@redhat.com>
|
|
Paolo Bonzini |
348500 |
Date: Tue, 4 Nov 2014 23:02:53 +0100
|
|
|
9fc821 |
Subject: [PATCH 12/17] OvmfPkg: allow exclusion of the shell from the firmware
|
|
Paolo Bonzini |
7ae6f1 |
image
|
|
Gerd Hoffmann |
b0c3af |
|
|
Paolo Bonzini |
348500 |
When '-D EXCLUDE_SHELL_FROM_FD' is passed to 'build', exclude the shell
|
|
Paolo Bonzini |
348500 |
binary from the firmware image.
|
|
Paolo Bonzini |
348500 |
|
|
Paolo Bonzini |
348500 |
Peter Jones advised us that firmware vendors for physical systems disable
|
|
Paolo Bonzini |
348500 |
the memory-mapped, firmware image-contained UEFI shell in
|
|
Paolo Bonzini |
348500 |
SecureBoot-enabled builds. The reason being that the memory-mapped shell
|
|
Paolo Bonzini |
348500 |
can always load, it may have direct access to various hardware in the
|
|
Paolo Bonzini |
348500 |
system, and it can run UEFI shell scripts (which cannot be signed at all).
|
|
Paolo Bonzini |
348500 |
|
|
Paolo Bonzini |
348500 |
Intended use of the new build option:
|
|
Paolo Bonzini |
348500 |
|
|
Paolo Bonzini |
348500 |
- In-tree builds: don't pass '-D EXCLUDE_SHELL_FROM_FD'. The resultant
|
|
Paolo Bonzini |
348500 |
firmware image will contain a shell binary, independently of SecureBoot
|
|
Paolo Bonzini |
348500 |
enablement, which is flexible for interactive development. (Ie. no
|
|
Paolo Bonzini |
348500 |
change for in-tree builds.)
|
|
Paolo Bonzini |
348500 |
|
|
Paolo Bonzini |
348500 |
- RPM builds: pass both '-D SECURE_BOOT_ENABLE' and
|
|
Paolo Bonzini |
348500 |
'-D EXCLUDE_SHELL_FROM_FD'. The resultant RPM will provide:
|
|
Paolo Bonzini |
348500 |
|
|
Paolo Bonzini |
348500 |
- OVMF_CODE.fd: SecureBoot-enabled firmware, without builtin UEFI shell,
|
|
Paolo Bonzini |
348500 |
|
|
Paolo Bonzini |
348500 |
- OVMF_VARS.fd: variable store template matching OVMF_CODE.fd,
|
|
Paolo Bonzini |
348500 |
|
|
Paolo Bonzini |
348500 |
- UefiShell.iso: a bootable ISO image with the shell on it as default
|
|
Paolo Bonzini |
348500 |
boot loader. The shell binary will load when SecureBoot is turned off,
|
|
Paolo Bonzini |
348500 |
and won't load when SecureBoot is turned on (because it is not
|
|
Paolo Bonzini |
348500 |
signed).
|
|
Paolo Bonzini |
348500 |
|
|
Paolo Bonzini |
348500 |
UefiShell.iso is the reason we're not excluding the shell from the DSC
|
|
Paolo Bonzini |
348500 |
files as well, only the FDF files -- when '-D EXCLUDE_SHELL_FROM_FD'
|
|
Paolo Bonzini |
348500 |
is specified, the shell binary needs to be built the same, only it
|
|
Paolo Bonzini |
348500 |
will be included in UefiShell.iso.
|
|
Paolo Bonzini |
348500 |
|
|
Paolo Bonzini |
348500 |
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
|
|
Paolo Bonzini |
348500 |
|
|
Paolo Bonzini |
348500 |
- no changes
|
|
Paolo Bonzini |
348500 |
|
|
Paolo Bonzini |
348500 |
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
|
|
Paolo Bonzini |
348500 |
|
|
Paolo Bonzini |
348500 |
- no changes
|
|
Paolo Bonzini |
348500 |
|
|
Paolo Bonzini |
348500 |
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
|
Paolo Bonzini |
348500 |
(cherry picked from commit 9c391def70366cabae08e6008814299c3372fafd)
|
|
Paolo Bonzini |
348500 |
(cherry picked from commit d9dd9ee42937b2611fe37183cc9ec7f62d946933)
|
|
Paolo Bonzini |
7ae6f1 |
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
|
9fc821 |
Signed-off-by: Cole Robinson <crobinso@redhat.com>
|
|
Gerd Hoffmann |
b0c3af |
---
|
|
Gerd Hoffmann |
b0c3af |
OvmfPkg/OvmfPkgIa32.fdf | 2 ++
|
|
Gerd Hoffmann |
b0c3af |
OvmfPkg/OvmfPkgIa32X64.fdf | 2 ++
|
|
Gerd Hoffmann |
b0c3af |
OvmfPkg/OvmfPkgX64.fdf | 2 ++
|
|
Gerd Hoffmann |
b0c3af |
3 files changed, 6 insertions(+)
|
|
Gerd Hoffmann |
b0c3af |
|
|
Gerd Hoffmann |
b0c3af |
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
|
|
|
9fc821 |
index 4177379a23..8c0b6ee1bd 100644
|
|
Gerd Hoffmann |
b0c3af |
--- a/OvmfPkg/OvmfPkgIa32.fdf
|
|
Gerd Hoffmann |
b0c3af |
+++ b/OvmfPkg/OvmfPkgIa32.fdf
|
|
Paolo Bonzini |
7ae6f1 |
@@ -288,12 +288,14 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
|
|
Gerd Hoffmann |
b0c3af |
INF FatPkg/EnhancedFatDxe/Fat.inf
|
|
Paolo Bonzini |
348500 |
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
|
|
Gerd Hoffmann |
b0c3af |
|
|
Gerd Hoffmann |
b0c3af |
+!ifndef $(EXCLUDE_SHELL_FROM_FD)
|
|
Gerd Hoffmann |
b0c3af |
!ifndef $(USE_OLD_SHELL)
|
|
Paolo Bonzini |
7ae6f1 |
INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
|
|
Gerd Hoffmann |
b0c3af |
INF ShellPkg/Application/Shell/Shell.inf
|
|
Gerd Hoffmann |
b0c3af |
!else
|
|
Gerd Hoffmann |
b0c3af |
INF RuleOverride = BINARY EdkShellBinPkg/FullShell/FullShell.inf
|
|
Gerd Hoffmann |
b0c3af |
!endif
|
|
Gerd Hoffmann |
b0c3af |
+!endif
|
|
Gerd Hoffmann |
b0c3af |
|
|
Paolo Bonzini |
720bc3 |
!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(NETWORK_IP6_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE)
|
|
Paolo Bonzini |
348500 |
INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf
|
|
Gerd Hoffmann |
b0c3af |
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
|
|
|
9fc821 |
index 5e57161154..8de20366d2 100644
|
|
Gerd Hoffmann |
b0c3af |
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
|
|
Gerd Hoffmann |
b0c3af |
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
|
|
Paolo Bonzini |
7ae6f1 |
@@ -289,12 +289,14 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
|
|
Gerd Hoffmann |
b0c3af |
INF FatPkg/EnhancedFatDxe/Fat.inf
|
|
Paolo Bonzini |
348500 |
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
|
|
Gerd Hoffmann |
b0c3af |
|
|
Gerd Hoffmann |
b0c3af |
+!ifndef $(EXCLUDE_SHELL_FROM_FD)
|
|
Gerd Hoffmann |
b0c3af |
!ifndef $(USE_OLD_SHELL)
|
|
Paolo Bonzini |
7ae6f1 |
INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
|
|
Gerd Hoffmann |
b0c3af |
INF ShellPkg/Application/Shell/Shell.inf
|
|
Gerd Hoffmann |
b0c3af |
!else
|
|
Gerd Hoffmann |
b0c3af |
INF RuleOverride = BINARY USE = X64 EdkShellBinPkg/FullShell/FullShell.inf
|
|
Gerd Hoffmann |
b0c3af |
!endif
|
|
Gerd Hoffmann |
b0c3af |
+!endif
|
|
Gerd Hoffmann |
b0c3af |
|
|
Paolo Bonzini |
720bc3 |
!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(NETWORK_IP6_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE)
|
|
Paolo Bonzini |
348500 |
INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf
|
|
Gerd Hoffmann |
b0c3af |
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
|
|
|
9fc821 |
index c81b422517..49ef829a3a 100644
|
|
Gerd Hoffmann |
b0c3af |
--- a/OvmfPkg/OvmfPkgX64.fdf
|
|
Gerd Hoffmann |
b0c3af |
+++ b/OvmfPkg/OvmfPkgX64.fdf
|
|
Paolo Bonzini |
7ae6f1 |
@@ -289,12 +289,14 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
|
|
Gerd Hoffmann |
b0c3af |
INF FatPkg/EnhancedFatDxe/Fat.inf
|
|
Paolo Bonzini |
348500 |
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
|
|
Gerd Hoffmann |
b0c3af |
|
|
Gerd Hoffmann |
b0c3af |
+!ifndef $(EXCLUDE_SHELL_FROM_FD)
|
|
Gerd Hoffmann |
b0c3af |
!ifndef $(USE_OLD_SHELL)
|
|
Paolo Bonzini |
7ae6f1 |
INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
|
|
Gerd Hoffmann |
b0c3af |
INF ShellPkg/Application/Shell/Shell.inf
|
|
Gerd Hoffmann |
b0c3af |
!else
|
|
Gerd Hoffmann |
b0c3af |
INF RuleOverride = BINARY EdkShellBinPkg/FullShell/FullShell.inf
|
|
Gerd Hoffmann |
b0c3af |
!endif
|
|
Gerd Hoffmann |
b0c3af |
+!endif
|
|
Gerd Hoffmann |
b0c3af |
|
|
Paolo Bonzini |
720bc3 |
!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(NETWORK_IP6_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE)
|
|
Paolo Bonzini |
348500 |
INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf
|
|
Paolo Bonzini |
348500 |
--
|
|
|
9fc821 |
2.17.1
|
|
Paolo Bonzini |
348500 |
|