From e61f3f4ef13ab96746518ca238b42bdc9e00affe Mon Sep 17 00:00:00 2001 From: Oliver Steffen Date: Tue, 30 Aug 2022 18:13:54 +0200 Subject: OvmfPkg: Add BUILD_SHELL flag for IA32, IA32X64, X64 Add BUILD_SHELL flag, similar to the one in OvmfPkg/AmdSev, to enable/disable building of the UefiShell as part of the firmware image. The UefiShell should not be included for secure production systems (e.g. SecureBoot) because it can be used to circumvent security features. The default value for BUILD_SHELL is TRUE to keep the default behavior of the Ovmf build. Note: the default for AmdSev is FALSE. The BUILD_SHELL flag for AmdSev was introduced in b261a30c900a8. Signed-off-by: Oliver Steffen Acked-by: Gerd Hoffmann --- OvmfPkg/OvmfPkgIa32.dsc | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) (limited to 'OvmfPkg/OvmfPkgIa32.dsc') diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 725a01ae9a..797a543b95 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -36,6 +36,11 @@ !include OvmfPkg/OvmfTpmDefines.dsc.inc + # + # Shell can be useful for debugging but should not be enabled for production + # + DEFINE BUILD_SHELL = TRUE + # # Network definition # @@ -229,8 +234,11 @@ TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf !endif +!if $(BUILD_SHELL) == TRUE ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf +!endif ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf + S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf @@ -895,7 +903,7 @@ OvmfPkg/Csm/Csm16/Csm16.inf !endif -!if $(TOOL_CHAIN_TAG) != "XCODE5" +!if $(TOOL_CHAIN_TAG) != "XCODE5" && $(BUILD_SHELL) == TRUE ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf { gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE @@ -909,6 +917,7 @@ gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE } !endif +!if $(BUILD_SHELL) == TRUE ShellPkg/Application/Shell/Shell.inf { ShellCommandLib|ShellPkg/Library/UefiShellCommandLib/UefiShellCommandLib.inf @@ -931,6 +940,7 @@ gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000 } +!endif !if $(SECURE_BOOT_ENABLE) == TRUE SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf -- cgit v1.2.3