2022-05-30 09:31:22 +00:00
|
|
|
From 6c0b7391222b4d33dbcee952b0f785701031e972 Mon Sep 17 00:00:00 2001
|
2017-11-14 15:05:26 +00:00
|
|
|
From: Laszlo Ersek <lersek@redhat.com>
|
|
|
|
|
Date: Tue, 4 Nov 2014 23:02:53 +0100
|
2022-03-23 08:15:34 +00:00
|
|
|
Subject: [PATCH 08/21] OvmfPkg: allow exclusion of the shell from the firmware
|
|
|
|
|
image (RH only)
|
2021-07-15 17:34:57 +00:00
|
|
|
|
|
|
|
|
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
|
|
|
|
|
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
|
|
|
|
|
|
|
|
|
|
- No manual / explicit code change is necessary, because the newly
|
|
|
|
|
inherited OvmfPkg/AmdSev platform already has its own BUILD_SHELL
|
|
|
|
|
build-time macro (feature test flag), with default value FALSE -- from
|
|
|
|
|
upstream commit b261a30c900a ("OvmfPkg/AmdSev: add Grub Firmware Volume
|
|
|
|
|
Package", 2020-12-14).
|
|
|
|
|
|
|
|
|
|
- Contextual differences from new upstream commits 2d8ca4f90eae ("OvmfPkg:
|
|
|
|
|
enable HttpDynamicCommand", 2020-10-01) and 5ab6a0e1c8e9 ("OvmfPkg:
|
|
|
|
|
introduce VirtioFsDxe", 2020-12-21) have been auto-resolved by
|
|
|
|
|
git-cherry-pick.
|
|
|
|
|
|
|
|
|
|
- Remove obsolete commit message tags related to downstream patch
|
|
|
|
|
management: Message-id, Patchwork-id, O-Subject, Acked-by
|
|
|
|
|
(RHBZ#1846481).
|
|
|
|
|
|
|
|
|
|
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
|
|
|
|
|
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
|
|
|
|
|
|
|
|
|
|
- context difference from upstream commit ec41733cfd10 ("OvmfPkg: add the
|
|
|
|
|
'initrd' dynamic shell command", 2020-03-04) correctly auto-resolved
|
|
|
|
|
|
|
|
|
|
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
|
|
|
|
|
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
|
|
|
|
|
|
|
|
|
|
- no change
|
|
|
|
|
|
|
|
|
|
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
|
|
|
|
|
RHEL-8.1/20190308-89910a39dcfd rebase:
|
|
|
|
|
|
|
|
|
|
- update the patch against the following upstream commits:
|
|
|
|
|
- 4b888334d234 ("OvmfPkg: Remove EdkShellBinPkg in FDF", 2018-11-19)
|
|
|
|
|
- 277a3958d93a ("OvmfPkg: Don't include TftpDynamicCommand in XCODE5
|
|
|
|
|
tool chain", 2018-11-27)
|
|
|
|
|
|
|
|
|
|
Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
|
|
|
|
|
RHEL-8.0/20180508-ee3198e672e2 rebase:
|
|
|
|
|
|
|
|
|
|
- reorder the rebase changelog in the commit message so that it reads like
|
|
|
|
|
a blog: place more recent entries near the top
|
|
|
|
|
- no changes to the patch body
|
|
|
|
|
|
|
|
|
|
Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
|
|
|
|
|
|
|
|
|
|
- no change
|
|
|
|
|
|
|
|
|
|
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
|
|
|
|
|
|
|
|
|
|
- no changes
|
|
|
|
|
|
|
|
|
|
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
|
|
|
|
|
|
|
|
|
|
- no changes
|
|
|
|
|
|
|
|
|
|
Bugzilla: 1147592
|
2017-11-14 15:05:26 +00:00
|
|
|
|
|
|
|
|
When '-D EXCLUDE_SHELL_FROM_FD' is passed to 'build', exclude the shell
|
|
|
|
|
binary from the firmware image.
|
|
|
|
|
|
|
|
|
|
Peter Jones advised us that firmware vendors for physical systems disable
|
|
|
|
|
the memory-mapped, firmware image-contained UEFI shell in
|
|
|
|
|
SecureBoot-enabled builds. The reason being that the memory-mapped shell
|
|
|
|
|
can always load, it may have direct access to various hardware in the
|
|
|
|
|
system, and it can run UEFI shell scripts (which cannot be signed at all).
|
|
|
|
|
|
|
|
|
|
Intended use of the new build option:
|
|
|
|
|
|
|
|
|
|
- In-tree builds: don't pass '-D EXCLUDE_SHELL_FROM_FD'. The resultant
|
|
|
|
|
firmware image will contain a shell binary, independently of SecureBoot
|
|
|
|
|
enablement, which is flexible for interactive development. (Ie. no
|
|
|
|
|
change for in-tree builds.)
|
|
|
|
|
|
|
|
|
|
- RPM builds: pass both '-D SECURE_BOOT_ENABLE' and
|
|
|
|
|
'-D EXCLUDE_SHELL_FROM_FD'. The resultant RPM will provide:
|
|
|
|
|
|
|
|
|
|
- OVMF_CODE.fd: SecureBoot-enabled firmware, without builtin UEFI shell,
|
|
|
|
|
|
|
|
|
|
- OVMF_VARS.fd: variable store template matching OVMF_CODE.fd,
|
|
|
|
|
|
|
|
|
|
- UefiShell.iso: a bootable ISO image with the shell on it as default
|
|
|
|
|
boot loader. The shell binary will load when SecureBoot is turned off,
|
|
|
|
|
and won't load when SecureBoot is turned on (because it is not
|
|
|
|
|
signed).
|
|
|
|
|
|
|
|
|
|
UefiShell.iso is the reason we're not excluding the shell from the DSC
|
|
|
|
|
files as well, only the FDF files -- when '-D EXCLUDE_SHELL_FROM_FD'
|
|
|
|
|
is specified, the shell binary needs to be built the same, only it
|
|
|
|
|
will be included in UefiShell.iso.
|
|
|
|
|
|
|
|
|
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
|
|
|
|
(cherry picked from commit 9c391def70366cabae08e6008814299c3372fafd)
|
|
|
|
|
(cherry picked from commit d9dd9ee42937b2611fe37183cc9ec7f62d946933)
|
2021-07-15 17:34:57 +00:00
|
|
|
(cherry picked from commit 23df46ebbe7b09451d3a05034acd4d3a25e7177b)
|
|
|
|
|
(cherry picked from commit f0303f71d576c51b01c4ff961b429d0e0e707245)
|
|
|
|
|
(cherry picked from commit bbd64eb8658e9a33eab4227d9f4e51ad78d9f687)
|
|
|
|
|
(cherry picked from commit 8628ef1b8d675ebec39d83834abbe3c8c8c42cf4)
|
|
|
|
|
(cherry picked from commit 229c88dc3ded9baeaca8b87767dc5c41c05afd6e)
|
|
|
|
|
(cherry picked from commit c2812d7189dee06c780f05a5880eb421c359a687)
|
2017-11-14 15:05:26 +00:00
|
|
|
---
|
|
|
|
|
OvmfPkg/OvmfPkgIa32.fdf | 2 ++
|
2021-07-15 17:34:57 +00:00
|
|
|
OvmfPkg/OvmfPkgIa32X64.fdf | 2 ++
|
|
|
|
|
OvmfPkg/OvmfPkgX64.fdf | 2 ++
|
|
|
|
|
3 files changed, 6 insertions(+)
|
2017-11-14 15:05:26 +00:00
|
|
|
|
|
|
|
|
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
|
2022-05-30 09:31:22 +00:00
|
|
|
index 57d13b7130bc..69044874e2f7 100644
|
2017-11-14 15:05:26 +00:00
|
|
|
--- a/OvmfPkg/OvmfPkgIa32.fdf
|
|
|
|
|
+++ b/OvmfPkg/OvmfPkgIa32.fdf
|
2022-05-30 09:31:22 +00:00
|
|
|
@@ -298,12 +298,14 @@ [FV.DXEFV]
|
2017-11-14 15:05:26 +00:00
|
|
|
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
|
2021-07-15 17:34:57 +00:00
|
|
|
INF OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
|
2017-11-14 15:05:26 +00:00
|
|
|
|
|
|
|
|
+!ifndef $(EXCLUDE_SHELL_FROM_FD)
|
2019-03-15 16:27:02 +00:00
|
|
|
!if $(TOOL_CHAIN_TAG) != "XCODE5"
|
2018-05-29 21:06:35 +00:00
|
|
|
INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
|
2021-07-15 17:34:57 +00:00
|
|
|
INF ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf
|
2020-09-16 14:25:00 +00:00
|
|
|
INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
|
2017-11-14 15:05:26 +00:00
|
|
|
!endif
|
2019-03-15 16:27:02 +00:00
|
|
|
INF ShellPkg/Application/Shell/Shell.inf
|
2017-11-14 15:05:26 +00:00
|
|
|
+!endif
|
|
|
|
|
|
2021-11-29 11:38:42 +00:00
|
|
|
INF MdeModulePkg/Logo/LogoDxe.inf
|
2021-07-15 17:34:57 +00:00
|
|
|
|
2017-11-14 15:05:26 +00:00
|
|
|
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
|
2022-05-30 09:31:22 +00:00
|
|
|
index ccde366887a9..bf535bef4200 100644
|
2017-11-14 15:05:26 +00:00
|
|
|
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
|
|
|
|
|
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
|
2022-05-30 09:31:22 +00:00
|
|
|
@@ -299,12 +299,14 @@ [FV.DXEFV]
|
2017-11-14 15:05:26 +00:00
|
|
|
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
|
2021-07-15 17:34:57 +00:00
|
|
|
INF OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
|
2017-11-14 15:05:26 +00:00
|
|
|
|
|
|
|
|
+!ifndef $(EXCLUDE_SHELL_FROM_FD)
|
2019-03-15 16:27:02 +00:00
|
|
|
!if $(TOOL_CHAIN_TAG) != "XCODE5"
|
2018-05-29 21:06:35 +00:00
|
|
|
INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
|
2021-07-15 17:34:57 +00:00
|
|
|
INF ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf
|
2020-09-16 14:25:00 +00:00
|
|
|
INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
|
2017-11-14 15:05:26 +00:00
|
|
|
!endif
|
2019-03-15 16:27:02 +00:00
|
|
|
INF ShellPkg/Application/Shell/Shell.inf
|
2017-11-14 15:05:26 +00:00
|
|
|
+!endif
|
|
|
|
|
|
2021-11-29 11:38:42 +00:00
|
|
|
INF MdeModulePkg/Logo/LogoDxe.inf
|
2021-07-15 17:34:57 +00:00
|
|
|
|
2017-11-14 15:05:26 +00:00
|
|
|
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
|
2022-05-30 09:31:22 +00:00
|
|
|
index 438806fba8f1..21e4ce00dde6 100644
|
2017-11-14 15:05:26 +00:00
|
|
|
--- a/OvmfPkg/OvmfPkgX64.fdf
|
|
|
|
|
+++ b/OvmfPkg/OvmfPkgX64.fdf
|
2022-05-30 09:31:22 +00:00
|
|
|
@@ -324,12 +324,14 @@ [FV.DXEFV]
|
2017-11-14 15:05:26 +00:00
|
|
|
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
|
2021-07-15 17:34:57 +00:00
|
|
|
INF OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
|
2017-11-14 15:05:26 +00:00
|
|
|
|
|
|
|
|
+!ifndef $(EXCLUDE_SHELL_FROM_FD)
|
2019-03-15 16:27:02 +00:00
|
|
|
!if $(TOOL_CHAIN_TAG) != "XCODE5"
|
2018-05-29 21:06:35 +00:00
|
|
|
INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
|
2021-07-15 17:34:57 +00:00
|
|
|
INF ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf
|
2020-09-16 14:25:00 +00:00
|
|
|
INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
|
2017-11-14 15:05:26 +00:00
|
|
|
!endif
|
2019-03-15 16:27:02 +00:00
|
|
|
INF ShellPkg/Application/Shell/Shell.inf
|
2017-11-14 15:05:26 +00:00
|
|
|
+!endif
|
|
|
|
|
|
2021-11-29 11:38:42 +00:00
|
|
|
INF MdeModulePkg/Logo/LogoDxe.inf
|
2021-07-15 17:34:57 +00:00
|
|
|
|
|
|
|
|
--
|
2022-05-30 09:31:22 +00:00
|
|
|
2.35.3
|
2021-07-15 17:34:57 +00:00
|
|
|
|
