tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

OvmfPkg: only add shell to FV in case secure boot is disabled 

The EFI Shell allows to bypass secure boot, do not allow
to include the shell in the firmware images of secure boot
enabled builds.

This prevents misconfigured downstream builds.

Ref: https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2040137
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=4641
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
Message-Id: <20240222101358.67818-13-kraxel@redhat.com>
This commit is contained in:
Gerd Hoffmann 2024-02-22 11:13:58 +01:00 committed by mergify[bot]
parent bc982869dd
commit f881b4d129
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
View File

@ -2,7 +2,7 @@
# SPDX-License-Identifier: BSD-2-Clause-Patent # SPDX-License-Identifier: BSD-2-Clause-Patent
## ##
!if $(BUILD_SHELL) == TRUE !if $(BUILD_SHELL) == TRUE && $(SECURE_BOOT_ENABLE) == FALSE
!if $(TOOL_CHAIN_TAG) != "XCODE5" !if $(TOOL_CHAIN_TAG) != "XCODE5"
!if $(NETWORK_ENABLE) == TRUE !if $(NETWORK_ENABLE) == TRUE