tyler.durden/audk
1
0
Fork 0
mirror of https://github.com/acidanthera/audk.git synced 2025-07-27 07:34:06 +02:00
Code Issues Packages Projects Releases Wiki Activity

OvmfPkg: Add BUILD_SHELL flag for IA32, IA32X64, X64

Browse Source 
Add BUILD_SHELL flag, similar to the one in OvmfPkg/AmdSev,
to enable/disable building of the UefiShell as part of
the firmware image. The UefiShell should not be included for
secure production systems (e.g. SecureBoot) because it can be
used to circumvent security features.

The default value for BUILD_SHELL is TRUE to keep the default
behavior of the Ovmf build.
Note: the default for AmdSev is FALSE.

The BUILD_SHELL flag for AmdSev was introduced in b261a30c900a8.

Signed-off-by: Oliver Steffen <osteffen@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
This commit is contained in:
Oliver Steffen 2022-08-30 18:13:54 +02:00 committed by mergify[bot]
parent 08522341c4
commit e61f3f4ef1
6 changed files with 42 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
OvmfPkg/OvmfPkgIa32.dsc
View File

@ -36,6 +36,11 @@
!include OvmfPkg/OvmfTpmDefines.dsc.inc !include OvmfPkg/OvmfTpmDefines.dsc.inc
#
# Shell can be useful for debugging but should not be enabled for production
#
DEFINE BUILD_SHELL = TRUE
# #
# Network definition # Network definition
# #
@ -229,8 +234,11 @@
TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
!endif !endif
!if $(BUILD_SHELL) == TRUE
ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf
!endif
ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf
S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf
SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf
OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf
@ -895,7 +903,7 @@
OvmfPkg/Csm/Csm16/Csm16.inf OvmfPkg/Csm/Csm16/Csm16.inf
!endif !endif
!if $(TOOL_CHAIN_TAG) != "XCODE5" !if $(TOOL_CHAIN_TAG) != "XCODE5" && $(BUILD_SHELL) == TRUE
ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf { ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf {
<PcdsFixedAtBuild> <PcdsFixedAtBuild>
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
@ -909,6 +917,7 @@
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
} }
!endif !endif
!if $(BUILD_SHELL) == TRUE
ShellPkg/Application/Shell/Shell.inf { ShellPkg/Application/Shell/Shell.inf {
<LibraryClasses> <LibraryClasses>
ShellCommandLib|ShellPkg/Library/UefiShellCommandLib/UefiShellCommandLib.inf ShellCommandLib|ShellPkg/Library/UefiShellCommandLib/UefiShellCommandLib.inf
@ -931,6 +940,7 @@
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000 gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000
} }
!endif
!if $(SECURE_BOOT_ENABLE) == TRUE !if $(SECURE_BOOT_ENABLE) == TRUE
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf

4
OvmfPkg/OvmfPkgIa32.fdf
View File

@ -298,12 +298,14 @@ INF FatPkg/EnhancedFatDxe/Fat.inf
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
INF OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf INF OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
!if $(TOOL_CHAIN_TAG) != "XCODE5" !if $(BUILD_SHELL) == TRUE && $(TOOL_CHAIN_TAG) != "XCODE5"
INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
INF ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf INF ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf
INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
!endif !endif
!if $(BUILD_SHELL) == TRUE
INF ShellPkg/Application/Shell/Shell.inf INF ShellPkg/Application/Shell/Shell.inf
!endif
INF MdeModulePkg/Logo/LogoDxe.inf INF MdeModulePkg/Logo/LogoDxe.inf

12
OvmfPkg/OvmfPkgIa32X64.dsc
View File

@ -35,6 +35,11 @@
!include OvmfPkg/OvmfTpmDefines.dsc.inc !include OvmfPkg/OvmfTpmDefines.dsc.inc
#
# Shell can be useful for debugging but should not be enabled for production
#
DEFINE BUILD_SHELL = TRUE
# #
# Network definition # Network definition
# #
@ -233,8 +238,11 @@
TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
!endif !endif
!if $(BUILD_SHELL) == TRUE
ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf
!endif
ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf
S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf
SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf
OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf
@ -909,7 +917,7 @@
OvmfPkg/Csm/Csm16/Csm16.inf OvmfPkg/Csm/Csm16/Csm16.inf
!endif !endif
!if $(TOOL_CHAIN_TAG) != "XCODE5" !if $(TOOL_CHAIN_TAG) != "XCODE5" && $(BUILD_SHELL) == TRUE
ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf { ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf {
<PcdsFixedAtBuild> <PcdsFixedAtBuild>
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
@ -923,6 +931,7 @@
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
} }
!endif !endif
!if $(BUILD_SHELL) == TRUE
ShellPkg/Application/Shell/Shell.inf { ShellPkg/Application/Shell/Shell.inf {
<LibraryClasses> <LibraryClasses>
ShellCommandLib|ShellPkg/Library/UefiShellCommandLib/UefiShellCommandLib.inf ShellCommandLib|ShellPkg/Library/UefiShellCommandLib/UefiShellCommandLib.inf
@ -945,6 +954,7 @@
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000 gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000
} }
!endif
!if $(SECURE_BOOT_ENABLE) == TRUE !if $(SECURE_BOOT_ENABLE) == TRUE
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf

4
OvmfPkg/OvmfPkgIa32X64.fdf
View File

@ -299,12 +299,14 @@ INF FatPkg/EnhancedFatDxe/Fat.inf
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
INF OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf INF OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
!if $(TOOL_CHAIN_TAG) != "XCODE5" !if $(BUILD_SHELL) == TRUE && $(TOOL_CHAIN_TAG) != "XCODE5"
INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
INF ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf INF ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf
INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
!endif !endif
!if $(BUILD_SHELL) == TRUE
INF ShellPkg/Application/Shell/Shell.inf INF ShellPkg/Application/Shell/Shell.inf
!endif
INF MdeModulePkg/Logo/LogoDxe.inf INF MdeModulePkg/Logo/LogoDxe.inf

12
OvmfPkg/OvmfPkgX64.dsc
View File

@ -35,6 +35,11 @@
!include OvmfPkg/OvmfTpmDefines.dsc.inc !include OvmfPkg/OvmfTpmDefines.dsc.inc
#
# Shell can be useful for debugging but should not be enabled for production
#
DEFINE BUILD_SHELL = TRUE
# #
# Network definition # Network definition
# #
@ -249,8 +254,11 @@
TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
!endif !endif
!if $(BUILD_SHELL) == TRUE
ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf
!endif
ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf
S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf
SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf
OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf
@ -974,7 +982,7 @@
OvmfPkg/Csm/Csm16/Csm16.inf OvmfPkg/Csm/Csm16/Csm16.inf
!endif !endif
!if $(TOOL_CHAIN_TAG) != "XCODE5" !if $(TOOL_CHAIN_TAG) != "XCODE5" && $(BUILD_SHELL) == TRUE
ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf { ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf {
<PcdsFixedAtBuild> <PcdsFixedAtBuild>
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
@ -988,6 +996,7 @@
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
} }
!endif !endif
!if $(BUILD_SHELL) == TRUE
ShellPkg/Application/Shell/Shell.inf { ShellPkg/Application/Shell/Shell.inf {
<LibraryClasses> <LibraryClasses>
ShellCommandLib|ShellPkg/Library/UefiShellCommandLib/UefiShellCommandLib.inf ShellCommandLib|ShellPkg/Library/UefiShellCommandLib/UefiShellCommandLib.inf
@ -1010,6 +1019,7 @@
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000 gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000
} }
!endif
!if $(SECURE_BOOT_ENABLE) == TRUE !if $(SECURE_BOOT_ENABLE) == TRUE
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf

4
OvmfPkg/OvmfPkgX64.fdf
View File

@ -324,12 +324,14 @@ INF FatPkg/EnhancedFatDxe/Fat.inf
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
INF OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf INF OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
!if $(TOOL_CHAIN_TAG) != "XCODE5" !if $(BUILD_SHELL) == TRUE && $(TOOL_CHAIN_TAG) != "XCODE5"
INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
INF ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf INF ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf
INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
!endif !endif
!if $(BUILD_SHELL) == TRUE
INF ShellPkg/Application/Shell/Shell.inf INF ShellPkg/Application/Shell/Shell.inf
!endif
INF MdeModulePkg/Logo/LogoDxe.inf INF MdeModulePkg/Logo/LogoDxe.inf