diff options
| author | Oliver Steffen <osteffen@redhat.com> | 2022-08-30 18:13:54 +0200 |
|---|---|---|
| committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2022-09-05 13:52:51 +0000 |
| commit | e61f3f4ef13ab96746518ca238b42bdc9e00affe (patch) | |
| tree | 7dff66cf5eac40925b985d3db22aa2dd34e25eb4 /OvmfPkg/OvmfPkgIa32.dsc | |
| parent | 08522341c4935f27cd7d3dbfd38ffa8329cdc2cb (diff) | |
| download | edk2-e61f3f4ef13ab96746518ca238b42bdc9e00affe.tar.gz edk2-e61f3f4ef13ab96746518ca238b42bdc9e00affe.tar.bz2 edk2-e61f3f4ef13ab96746518ca238b42bdc9e00affe.zip | |
OvmfPkg: Add BUILD_SHELL flag for IA32, IA32X64, X64
Add BUILD_SHELL flag, similar to the one in OvmfPkg/AmdSev,
to enable/disable building of the UefiShell as part of
the firmware image. The UefiShell should not be included for
secure production systems (e.g. SecureBoot) because it can be
used to circumvent security features.
The default value for BUILD_SHELL is TRUE to keep the default
behavior of the Ovmf build.
Note: the default for AmdSev is FALSE.
The BUILD_SHELL flag for AmdSev was introduced in b261a30c900a8.
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Diffstat (limited to 'OvmfPkg/OvmfPkgIa32.dsc')
| -rw-r--r-- | OvmfPkg/OvmfPkgIa32.dsc | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 725a01ae9a..797a543b95 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -37,6 +37,11 @@ !include OvmfPkg/OvmfTpmDefines.dsc.inc
#
+ # Shell can be useful for debugging but should not be enabled for production
+ #
+ DEFINE BUILD_SHELL = TRUE
+
+ #
# Network definition
#
DEFINE NETWORK_TLS_ENABLE = FALSE
@@ -229,8 +234,11 @@ TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
!endif
+!if $(BUILD_SHELL) == TRUE
ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf
+!endif
ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf
+
S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf
SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf
OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf
@@ -895,7 +903,7 @@ OvmfPkg/Csm/Csm16/Csm16.inf
!endif
-!if $(TOOL_CHAIN_TAG) != "XCODE5"
+!if $(TOOL_CHAIN_TAG) != "XCODE5" && $(BUILD_SHELL) == TRUE
ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf {
<PcdsFixedAtBuild>
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
@@ -909,6 +917,7 @@ gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
}
!endif
+!if $(BUILD_SHELL) == TRUE
ShellPkg/Application/Shell/Shell.inf {
<LibraryClasses>
ShellCommandLib|ShellPkg/Library/UefiShellCommandLib/UefiShellCommandLib.inf
@@ -931,6 +940,7 @@ gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000
}
+!endif
!if $(SECURE_BOOT_ENABLE) == TRUE
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
|