Comment 22 for bug 2040137

@seth-arnold The patch proposed here patches the Shell binary to exit with "EFI_SECURITY_VIOLATION" if the following condition is true: "SecureBootEnabled() && !SetupMode".

I suppose it is closer to "enumerating environments where Shell is disabled", but I also believe it is sufficient to restrict access to Shell to environments where unsigned code execution was allowed anyhow.