Here is a proof of concept patch that disables the Shell only in SecureBoot and non-Setup mode.
I've tested this to build and correctly enroll the variables. Then when used as previously in a Secure Boot enabled VM, the Shell does not launch due to the returned EFI_SECURITY_VIOLATION.
Here is a proof of concept patch that disables the Shell only in SecureBoot and non-Setup mode.
I've tested this to build and correctly enroll the variables. Then when used as previously in a Secure Boot enabled VM, the Shell does not launch due to the returned EFI_SECURITY_ VIOLATION.