New upstream version 15.3upstream/15.3

1 files changed, 20 insertions, 2 deletions

diff --git a/BUILDING b/BUILDING
index 533c646f..ff1390fa 100644
--- a/BUILDING
+++ b/BUILDING
@@ -31,8 +31,20 @@ Variables you could set to customize the build:
   generate keys during the build and sign MokManager and fallback with
   them, and the signed version will be what gets installed with the
   install targets
-- ENABLE_HTTPBOOT
-  build support for http booting
+- ENABLE_SHIM_DEVEL
+  If this is set, we look for SHIM_DEVEL_DEBUG instead of SHIM_DEBUG in
+  our debugger delay hook, thus meaning you can have it pause for a
+  debugger only on the development branch and not the OS you need to boot
+  to scp in a new development build.
+- DISABLE_EBS_PROTECTION
+  On systems where a second stage bootloader is not used, and the Linux
+  Kernel is embedded in the same EFI image as shim and booted directly
+  from shim, shim's ExitBootServices() hook can cause problems as the
+  kernel never calls the shim's verification protocol.  In this case
+  calling the shim verification protocol is unnecessary and redundant as
+  shim has already verified the kernel when shim loaded the kernel as the
+  second stage loader.  In such a case, and only in this case, you should
+  use DISABLE_EBS_PROTECTION=y to build.
 - REQUIRE_TPM
   if tpm logging or extends return an error code, treat that as a fatal error.
 - ARCH
@@ -60,4 +72,10 @@ Variables you could set to customize the build:
   This is the label that will be put in BOOT$(EFI_ARCH).CSV for your OS.
   By default this is the same value as EFIDIR .
 
+Vendor SBAT data:
+It will sometimes be requested by reviewers that a build includes extra
+.sbat data.  The mechanism to do so is to add a CSV file in data/ with the
+name sbat.FOO.csv, where foo is your EFI subdirectory name.  The build
+system will automatically include any such files.
+
 # vim:filetype=mail:tw=74