mirror of
https://github.com/ipxe/ipxe
synced 2026-01-20 16:39:14 +03:00
[build] Extend default configuration for non-BIOS builds
The current usage model for iPXE is that the default configuration is relatively minimal to reduce code size, with users encouraged to build from source if necessary to enable additional features. This approach is somewhat incompatible with the Secure Boot model, which by design makes it prohibitively difficult for users to use their own compiled binaries. For published Secure Boot signed binaries to be useful, they will have to already include all features that the majority of users will need. Extend the default configuration for EFI (and other non-BIOS platforms) to include HTTPS support, framebuffer support, and a selection of commands and features that are reasonably expected to be used by large numbers of users. The default configuration for BIOS platforms is deliberately left unchanged, since BIOS binaries are typically subject to severe size constraints. Signed-off-by: Michael Brown <mcb30@ipxe.org>
This commit is contained in:
Michael Brown
@@ -22,9 +22,9 @@ FILE_SECBOOT ( PERMITTED );
|
||||
*/
|
||||
|
||||
/* Console types supported on all platforms */
|
||||
//#define CONSOLE_FRAMEBUFFER /* Graphical framebuffer console */
|
||||
//#define CONSOLE_SYSLOG /* Syslog console */
|
||||
//#define CONSOLE_SYSLOGS /* Encrypted syslog console */
|
||||
#define CONSOLE_FRAMEBUFFER /* Graphical framebuffer console */
|
||||
#define CONSOLE_SYSLOG /* Syslog console */
|
||||
#define CONSOLE_SYSLOGS /* Encrypted syslog console */
|
||||
|
||||
/* Console types supported only on systems with serial ports */
|
||||
#if ! defined ( SERIAL_NULL )
|
||||
@@ -65,6 +65,13 @@ FILE_SECBOOT ( PERMITTED );
|
||||
#define CONSOLE_SERIAL
|
||||
#endif
|
||||
|
||||
/* Disable console types not historically included in BIOS builds */
|
||||
#if defined ( PLATFORM_pcbios )
|
||||
#undef CONSOLE_FRAMEBUFFER
|
||||
#undef CONSOLE_SYSLOG
|
||||
#undef CONSOLE_SYSLOGS
|
||||
#endif
|
||||
|
||||
/*****************************************************************************
|
||||
*
|
||||
* Keyboard maps
|
||||
|
||||
@@ -27,8 +27,8 @@ FILE_SECBOOT ( PERMITTED );
|
||||
#define NET_PROTO_LLDP /* Link Layer Discovery protocol */
|
||||
#define NET_PROTO_STP /* Spanning Tree protocol */
|
||||
|
||||
/* Disable protocols not historically included in 32-bit BIOS builds */
|
||||
#if defined ( PLATFORM_pcbios ) && ! defined ( __x86_64__ )
|
||||
/* Disable protocols not historically included in BIOS builds */
|
||||
#if defined ( PLATFORM_pcbios )
|
||||
#undef NET_PROTO_IPV6
|
||||
#undef NET_PROTO_LLDP
|
||||
#endif
|
||||
@@ -42,7 +42,7 @@ FILE_SECBOOT ( PERMITTED );
|
||||
/* Protocols supported on all platforms */
|
||||
#define DOWNLOAD_PROTO_TFTP /* Trivial File Transfer Protocol */
|
||||
#define DOWNLOAD_PROTO_HTTP /* Hypertext Transfer Protocol */
|
||||
//#define DOWNLOAD_PROTO_HTTPS /* Secure Hypertext Transfer Protocol */
|
||||
#define DOWNLOAD_PROTO_HTTPS /* Secure Hypertext Transfer Protocol */
|
||||
//#define DOWNLOAD_PROTO_FTP /* File Transfer Protocol */
|
||||
//#define DOWNLOAD_PROTO_SLAM /* Scalable Local Area Multicast */
|
||||
//#define DOWNLOAD_PROTO_NFS /* Network File System Protocol */
|
||||
@@ -55,10 +55,16 @@ FILE_SECBOOT ( PERMITTED );
|
||||
/* HTTP(S) protocol extensions */
|
||||
#define HTTP_AUTH_BASIC /* Basic authentication */
|
||||
#define HTTP_AUTH_DIGEST /* Digest authentication */
|
||||
//#define HTTP_AUTH_NTLM /* NTLM authentication */
|
||||
#define HTTP_AUTH_NTLM /* NTLM authentication */
|
||||
//#define HTTP_ENC_PEERDIST /* PeerDist content encoding */
|
||||
//#define HTTP_HACK_GCE /* Google Compute Engine hacks */
|
||||
|
||||
/* Disable protocols not historically included in BIOS builds */
|
||||
#if defined ( PLATFORM_pcbios )
|
||||
#undef DOWNLOAD_PROTO_HTTPS
|
||||
#undef HTTP_AUTH_NTLM
|
||||
#endif
|
||||
|
||||
/*****************************************************************************
|
||||
*
|
||||
* SAN boot protocols
|
||||
@@ -82,10 +88,10 @@ FILE_SECBOOT ( PERMITTED );
|
||||
|
||||
/* Commands supported on all platforms */
|
||||
#define AUTOBOOT_CMD /* Automatic booting */
|
||||
//#define CERT_CMD /* Certificate management commands */
|
||||
#define CERT_CMD /* Certificate management commands */
|
||||
#define CONFIG_CMD /* Option configuration console */
|
||||
//#define CONSOLE_CMD /* Console command */
|
||||
//#define DIGEST_CMD /* Image crypto digest commands */
|
||||
#define CONSOLE_CMD /* Console command */
|
||||
#define DIGEST_CMD /* Image crypto digest commands */
|
||||
#define DHCP_CMD /* DHCP management commands */
|
||||
#define FCMGMT_CMD /* Fibre Channel management commands */
|
||||
#define FORM_CMD /* Form commands */
|
||||
@@ -103,10 +109,10 @@ FILE_SECBOOT ( PERMITTED );
|
||||
#define MENU_CMD /* Menu commands */
|
||||
//#define NEIGHBOUR_CMD /* Neighbour management commands */
|
||||
//#define NSLOOKUP_CMD /* DNS resolving command */
|
||||
//#define NTP_CMD /* NTP commands */
|
||||
#define NTP_CMD /* NTP commands */
|
||||
#define NVO_CMD /* Non-volatile option storage commands */
|
||||
//#define PARAM_CMD /* Request parameter commands */
|
||||
//#define PCI_CMD /* PCI commands */
|
||||
#define PARAM_CMD /* Request parameter commands */
|
||||
#define PCI_CMD /* PCI commands */
|
||||
//#define PING_CMD /* Ping command */
|
||||
//#define PROFSTAT_CMD /* Profiling commands */
|
||||
//#define PXE_CMD /* PXE commands */
|
||||
@@ -116,8 +122,8 @@ FILE_SECBOOT ( PERMITTED );
|
||||
#define SHIM_CMD /* EFI shim command (or dummy command) */
|
||||
#define SYNC_CMD /* Sync command */
|
||||
//#define TIME_CMD /* Time commands */
|
||||
//#define USB_CMD /* USB commands */
|
||||
//#define VLAN_CMD /* VLAN commands */
|
||||
#define USB_CMD /* USB commands */
|
||||
#define VLAN_CMD /* VLAN commands */
|
||||
|
||||
/* Commands supported only on systems capable of rebooting */
|
||||
#if ! defined ( REBOOT_NULL )
|
||||
@@ -135,6 +141,18 @@ FILE_SECBOOT ( PERMITTED );
|
||||
#define CPUID_CMD /* x86 CPU feature detection command */
|
||||
#endif
|
||||
|
||||
/* Disable commands not historically included in BIOS builds */
|
||||
#if defined ( PLATFORM_pcbios )
|
||||
#undef CERT_CMD
|
||||
#undef CONSOLE_CMD
|
||||
#undef DIGEST_CMD
|
||||
#undef NTP_CMD
|
||||
#undef PARAM_CMD
|
||||
#undef PCI_CMD
|
||||
#undef USB_CMD
|
||||
#undef VLAN_CMD
|
||||
#endif
|
||||
|
||||
/*****************************************************************************
|
||||
*
|
||||
* Image types
|
||||
|
||||
@@ -13,7 +13,7 @@ FILE_SECBOOT ( PERMITTED );
|
||||
#include <config/defaults.h>
|
||||
|
||||
/* Settings sources supported on all platforms */
|
||||
//#define ACPI_SETTINGS /* ACPI settings */
|
||||
#define ACPI_SETTINGS /* ACPI settings */
|
||||
#define PCI_SETTINGS /* PCI device settings */
|
||||
#define USB_SETTINGS /* USB device settings */
|
||||
|
||||
@@ -29,11 +29,17 @@ FILE_SECBOOT ( PERMITTED );
|
||||
|
||||
/* Settings sources supported only on x86 CPUs */
|
||||
#if defined ( __i386__ ) || defined ( __x86_64__ )
|
||||
//#define CPUID_SETTINGS /* CPUID settings */
|
||||
#define CPUID_SETTINGS /* CPUID settings */
|
||||
//#define VMWARE_SETTINGS /* VMware GuestInfo settings */
|
||||
//#define VRAM_SETTINGS /* Video RAM dump settings */
|
||||
#endif
|
||||
|
||||
/* Disable settings sources not historically included in BIOS builds */
|
||||
#if defined ( PLATFORM_pcbios )
|
||||
#undef ACPI_SETTINGS
|
||||
#undef CPUID_SETTINGS
|
||||
#endif
|
||||
|
||||
#include <config/named.h>
|
||||
#include NAMED_CONFIG(settings.h)
|
||||
#include <config/local/settings.h>
|
||||
|
||||
Reference in New Issue
Block a user