OvmfPkg: only add shell to FV in case secure boot is disabled

The EFI Shell allows to bypass secure boot, do not allow to include the shell in the firmware images of secure boot enabled builds. This prevents misconfigured downstream builds. Ref: https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2040137 Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=4641 Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Acked-by: Jiewen Yao <Jiewen.yao@intel.com> Message-Id: <20240222101358.67818-13-kraxel@redhat.com>
author: Gerd Hoffmann <kraxel@redhat.com> 2024-02-22 11:13:58 +0100
committer: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> 2024-02-25 17:38:07 +0000
commit: f881b4d129602a49e3403043fc27550a74453234 (patch)
tree: 3dee0b298de62df8bda58cb29aeb12e3dfeb1666
parent: bc982869dd3e69ffd374fd968d378b5d954f66e8 (diff)
download: edk2-f881b4d129602a49e3403043fc27550a74453234.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc b/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
index 3081ac4178..38f69747b0 100644
--- a/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
+++ b/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
@@ -2,7 +2,7 @@
 #    SPDX-License-Identifier: BSD-2-Clause-Patent
 ##
 
-!if $(BUILD_SHELL) == TRUE
+!if $(BUILD_SHELL) == TRUE && $(SECURE_BOOT_ENABLE) == FALSE
 
 !if $(TOOL_CHAIN_TAG) != "XCODE5"
 !if $(NETWORK_ENABLE) == TRUE
author	Gerd Hoffmann <kraxel@redhat.com>	2024-02-22 11:13:58 +0100
committer	mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>	2024-02-25 17:38:07 +0000
commit	f881b4d129602a49e3403043fc27550a74453234 (patch)
tree	3dee0b298de62df8bda58cb29aeb12e3dfeb1666
parent	bc982869dd3e69ffd374fd968d378b5d954f66e8 (diff)
download	edk2-f881b4d129602a49e3403043fc27550a74453234.tar.gz