From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
 by mx.groups.io with SMTP id smtpd.web11.25055.1662386035950905793
 for <devel@edk2.groups.io>;
 Mon, 05 Sep 2022 06:53:56 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@kernel.org header.s=k20201202 header.b=WEpiftNY;
 spf=pass (domain: kernel.org, ip: 139.178.84.217, mailfrom: ardb@kernel.org)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by dfw.source.kernel.org (Postfix) with ESMTPS id 77D8861136
	for <devel@edk2.groups.io>; Mon,  5 Sep 2022 13:53:55 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id DBBD5C433D7
	for <devel@edk2.groups.io>; Mon,  5 Sep 2022 13:53:54 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1662386034;
	bh=eO5yKqrY8ON/jyhZYDXyyVXiozrmNEIYSOgO8XMd/IA=;
	h=References:In-Reply-To:From:Date:Subject:To:Cc:From;
	b=WEpiftNYuvP6HpDCaXe5inEEVxAA+OHOpzLCI31F6mhxTpG1DBnjQ1LZroAOs2TPo
	 K9rVyusUbxE6qT+5EkiQN89h9D75WnWHlNjRpBVKRfBeT10/RsI0xS20s1dlrnfMhU
	 NMfovRZGH10sy8AMcGGP6w+5H0lQeIDhrXrhZuYdldrdZoqIf7As0YKmSTywwxRvw0
	 VrXAQEr4hFIn9ZouZY4H43oPJgA/UzO4c/1J+envDwJMCfkOZw9rdKnqmq03Y0Gk8I
	 hKqbd4JeW1M3m+1OV3HCK2+xrsgF/85aJOZ0jqh0ZmACm3dYUM4FOcZ1kbKEd6Bxqp
	 cg9Rjnm7EGlYQ==
Received: by mail-lf1-f54.google.com with SMTP id br21so13329764lfb.0
        for <devel@edk2.groups.io>; Mon, 05 Sep 2022 06:53:54 -0700 (PDT)
X-Gm-Message-State: ACgBeo2xVLHgK4hsPDieiVOSIulg/FnaNlU+tsEj+t97noLqqbUray6a
	pZ3qAxSjx8jE5zfC5WG7fuxHlFsXCXq91EiH0RA=
X-Google-Smtp-Source: AA6agR7yWM3mqlS2Hx6KpPN+8FvbTRmqoyjrUov+1tdx0763dTv1qL8mnjZmAeJa/X0wnQt5kWdtRp93koVvC0lojy0=
X-Received: by 2002:a05:6512:402:b0:494:78bb:f538 with SMTP id
 u2-20020a056512040200b0049478bbf538mr10113334lfk.637.1662386032962; Mon, 05
 Sep 2022 06:53:52 -0700 (PDT)
MIME-Version: 1.0
References: <20220830161354.310462-1-osteffen@redhat.com> <20220901160841.rmqghzrhnvrii7h6@sirius.home.kraxel.org>
In-Reply-To: <20220901160841.rmqghzrhnvrii7h6@sirius.home.kraxel.org>
From: "Ard Biesheuvel" <ardb@kernel.org>
Date: Mon, 5 Sep 2022 15:53:41 +0200
X-Gmail-Original-Message-ID: <CAMj1kXGu38vFkyPXTdHLCR1wVcvA1F3KtXyR0V8fXCEx9bBZ1A@mail.gmail.com>
Message-ID: <CAMj1kXGu38vFkyPXTdHLCR1wVcvA1F3KtXyR0V8fXCEx9bBZ1A@mail.gmail.com>
Subject: Re: [edk2-devel] [PATCH 1/1] OvmfPkg: Add BUILD_SHELL flag for IA32, IA32X64, X64
To: devel@edk2.groups.io, kraxel@redhat.com
Cc: Oliver Steffen <osteffen@redhat.com>, Ard Biesheuvel <ardb+tianocore@kernel.org>, 
	Bob Feng <bob.c.feng@intel.com>, Jiewen Yao <jiewen.yao@intel.com>, 
	Jordan Justen <jordan.l.justen@intel.com>, Liming Gao <gaoliming@byosoft.com.cn>, 
	Yuwei Chen <yuwei.chen@intel.com>, Pawel Polawski <ppolawsk@redhat.com>
Content-Type: text/plain; charset="UTF-8"

On Thu, 1 Sept 2022 at 18:08, Gerd Hoffmann <kraxel@redhat.com> wrote:
>
> On Tue, Aug 30, 2022 at 06:13:54PM +0200, Oliver Steffen wrote:
> > Add BUILD_SHELL flag, similar to the one in OvmfPkg/AmdSev,
> > to enable/disable building of the UefiShell as part of
> > the firmware image. The UefiShell should not be included for
> > secure production systems (e.g. SecureBoot) because it can be
> > used to circumvent security features.
> >
> > The default value for BUILD_SHELL is TRUE to keep the default
> > behavior of the Ovmf build.
> > Note: the default for AmdSev is FALSE.
> >
> > The BUILD_SHELL flag for AmdSev was introduced in b261a30c900a8.
>
> Looks good to me and makes the files more consistent.
>
> Acked-by: Gerd Hoffmann <kraxel@redhat.com>
>

Merged as #3287