diff options
author | Gerd Hoffmann <kraxel@redhat.com> | 2024-02-22 11:13:58 +0100 |
---|---|---|
committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2024-02-25 17:38:07 +0000 |
commit | f881b4d129602a49e3403043fc27550a74453234 (patch) | |
tree | 3dee0b298de62df8bda58cb29aeb12e3dfeb1666 /OvmfPkg/Include/Fdf/ShellDxe.fdf.inc | |
parent | bc982869dd3e69ffd374fd968d378b5d954f66e8 (diff) | |
download | edk2-f881b4d129602a49e3403043fc27550a74453234.zip edk2-f881b4d129602a49e3403043fc27550a74453234.tar.gz edk2-f881b4d129602a49e3403043fc27550a74453234.tar.bz2 |
OvmfPkg: only add shell to FV in case secure boot is disabled
The EFI Shell allows to bypass secure boot, do not allow
to include the shell in the firmware images of secure boot
enabled builds.
This prevents misconfigured downstream builds.
Ref: https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2040137
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=4641
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
Message-Id: <20240222101358.67818-13-kraxel@redhat.com>
Diffstat (limited to 'OvmfPkg/Include/Fdf/ShellDxe.fdf.inc')
-rw-r--r-- | OvmfPkg/Include/Fdf/ShellDxe.fdf.inc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc b/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc index 3081ac4..38f6974 100644 --- a/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc +++ b/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc @@ -2,7 +2,7 @@ # SPDX-License-Identifier: BSD-2-Clause-Patent
##
-!if $(BUILD_SHELL) == TRUE
+!if $(BUILD_SHELL) == TRUE && $(SECURE_BOOT_ENABLE) == FALSE
!if $(TOOL_CHAIN_TAG) != "XCODE5"
!if $(NETWORK_ENABLE) == TRUE
|