Skip to content

Commit

Permalink
OvmfPkg: only add shell to FV in case secure boot is disabled
Browse files Browse the repository at this point in the history 
The EFI Shell allows to bypass secure boot, do not allow
to include the shell in the firmware images of secure boot
enabled builds.

This prevents misconfigured downstream builds.

Ref: https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2040137
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=4641
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
Message-Id: <20240222101358.67818-13-kraxel@redhat.com>
  • Loading branch information
@kraxel @mergify
kraxel authored and mergify[bot] committed Feb 25, 2024
1 parent bc98286 commit f881b4d
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
# SPDX-License-Identifier: BSD-2-Clause-Patent
##

!if $(BUILD_SHELL) == TRUE
!if $(BUILD_SHELL) == TRUE && $(SECURE_BOOT_ENABLE) == FALSE

!if $(TOOL_CHAIN_TAG) != "XCODE5"
!if $(NETWORK_ENABLE) == TRUE
Expand Down

0 comments on commit f881b4d

Please sign in to comment.