The EFI Shell allows to bypass secure boot, do not allow to include the shell in the firmware images of secure boot enabled builds.
This prevents misconfigured downstream builds. Ref: https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2040137 Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=4641 Signed-off-by: Gerd Hoffmann <kra...@redhat.com> Reviewed-by: Laszlo Ersek <ler...@redhat.com> Acked-by: Jiewen Yao <jiewen....@intel.com> --- OvmfPkg/Include/Fdf/ShellDxe.fdf.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc b/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc index 3081ac41780a..38f69747b02c 100644 --- a/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc +++ b/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc @@ -2,7 +2,7 @@ # SPDX-License-Identifier: BSD-2-Clause-Patent ## -!if $(BUILD_SHELL) == TRUE +!if $(BUILD_SHELL) == TRUE && $(SECURE_BOOT_ENABLE) == FALSE !if $(TOOL_CHAIN_TAG) != "XCODE5" !if $(NETWORK_ENABLE) == TRUE -- 2.43.2 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#115794): https://edk2.groups.io/g/devel/message/115794 Mute This Topic: https://groups.io/mt/104505816/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
