From 7d0d4f7e41615d5c90bda1052d2c64acae16152d Mon Sep 17 00:00:00 2001 From: Domenico Panella Date: Thu, 9 Jul 2020 12:15:21 +0200 Subject: [PATCH] New package : edk2-ovmf-202005 --- .../files/50-edk2-ovmf-i386-secure.json | 34 +++ .../files/50-edk2-ovmf-x86_64-secure.json | 35 +++ .../edk2-ovmf/files/60-edk2-ovmf-i386.json | 33 +++ .../edk2-ovmf/files/60-edk2-ovmf-x86_64.json | 34 +++ .../patches/edk2-202005-openssl-1.1.1g.patch | 233 ++++++++++++++++++ srcpkgs/edk2-ovmf/template | 152 ++++++++++++ 6 files changed, 521 insertions(+) create mode 100644 srcpkgs/edk2-ovmf/files/50-edk2-ovmf-i386-secure.json create mode 100644 srcpkgs/edk2-ovmf/files/50-edk2-ovmf-x86_64-secure.json create mode 100644 srcpkgs/edk2-ovmf/files/60-edk2-ovmf-i386.json create mode 100644 srcpkgs/edk2-ovmf/files/60-edk2-ovmf-x86_64.json create mode 100644 srcpkgs/edk2-ovmf/patches/edk2-202005-openssl-1.1.1g.patch create mode 100644 srcpkgs/edk2-ovmf/template diff --git a/srcpkgs/edk2-ovmf/files/50-edk2-ovmf-i386-secure.json b/srcpkgs/edk2-ovmf/files/50-edk2-ovmf-i386-secure.json new file mode 100644 index 00000000000..bc18b3ad59c --- /dev/null +++ b/srcpkgs/edk2-ovmf/files/50-edk2-ovmf-i386-secure.json @@ -0,0 +1,34 @@ +{ + "description": "UEFI firmware for i386, with Secure Boot and SMM", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + "executable": { + "filename": "/usr/share/edk2-ovmf/ia32/OVMF_CODE.secboot.fd", + "format": "raw" + }, + "nvram-template": { + "filename": "/usr/share/edk2-ovmf/ia32/OVMF_VARS.fd", + "format": "raw" + } + }, + "targets": [ + { + "architecture": "i386", + "machines": [ + "pc-q35-*" + ] + } + ], + "features": [ + "acpi-s3", + "requires-smm", + "secure-boot", + "verbose-dynamic" + ], + "tags": [ + + ] +} diff --git a/srcpkgs/edk2-ovmf/files/50-edk2-ovmf-x86_64-secure.json b/srcpkgs/edk2-ovmf/files/50-edk2-ovmf-x86_64-secure.json new file mode 100644 index 00000000000..6ca6cac2e6e --- /dev/null +++ b/srcpkgs/edk2-ovmf/files/50-edk2-ovmf-x86_64-secure.json @@ -0,0 +1,35 @@ +{ + "description": "UEFI firmware for x86_64, with Secure Boot and SMM", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + "executable": { + "filename": "/usr/share/edk2-ovmf/x64/OVMF_CODE.secboot.fd", + "format": "raw" + }, + "nvram-template": { + "filename": "/usr/share/edk2-ovmf/x64/OVMF_VARS.fd", + "format": "raw" + } + }, + "targets": [ + { + "architecture": "x86_64", + "machines": [ + "pc-q35-*" + ] + } + ], + "features": [ + "acpi-s3", + "amd-sev", + "requires-smm", + "secure-boot", + "verbose-dynamic" + ], + "tags": [ + + ] +} diff --git a/srcpkgs/edk2-ovmf/files/60-edk2-ovmf-i386.json b/srcpkgs/edk2-ovmf/files/60-edk2-ovmf-i386.json new file mode 100644 index 00000000000..7920ce97ed5 --- /dev/null +++ b/srcpkgs/edk2-ovmf/files/60-edk2-ovmf-i386.json @@ -0,0 +1,33 @@ +{ + "description": "UEFI firmware for i386", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + "executable": { + "filename": "/usr/share/edk2-ovmf/ia32/OVMF_CODE.fd", + "format": "raw" + }, + "nvram-template": { + "filename": "/usr/share/edk2-ovmf/ia32/OVMF_VARS.fd", + "format": "raw" + } + }, + "targets": [ + { + "architecture": "i386", + "machines": [ + "pc-i440fx-*", + "pc-q35-*" + ] + } + ], + "features": [ + "acpi-s3", + "verbose-dynamic" + ], + "tags": [ + + ] +} diff --git a/srcpkgs/edk2-ovmf/files/60-edk2-ovmf-x86_64.json b/srcpkgs/edk2-ovmf/files/60-edk2-ovmf-x86_64.json new file mode 100644 index 00000000000..23525594687 --- /dev/null +++ b/srcpkgs/edk2-ovmf/files/60-edk2-ovmf-x86_64.json @@ -0,0 +1,34 @@ +{ + "description": "UEFI firmware for x86_64", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + "executable": { + "filename": "/usr/share/edk2-ovmf/x64/OVMF_CODE.fd", + "format": "raw" + }, + "nvram-template": { + "filename": "/usr/share/edk2-ovmf/x64/OVMF_VARS.fd", + "format": "raw" + } + }, + "targets": [ + { + "architecture": "x86_64", + "machines": [ + "pc-i440fx-*", + "pc-q35-*" + ] + } + ], + "features": [ + "acpi-s3", + "amd-sev", + "verbose-dynamic" + ], + "tags": [ + + ] +} diff --git a/srcpkgs/edk2-ovmf/patches/edk2-202005-openssl-1.1.1g.patch b/srcpkgs/edk2-ovmf/patches/edk2-202005-openssl-1.1.1g.patch new file mode 100644 index 00000000000..3857e78c8aa --- /dev/null +++ b/srcpkgs/edk2-ovmf/patches/edk2-202005-openssl-1.1.1g.patch @@ -0,0 +1,233 @@ +diff -ruN a/CryptoPkg/CryptoPkg.dec b/CryptoPkg/CryptoPkg.dec +--- a/CryptoPkg/CryptoPkg.dec 2020-06-02 09:05:21.000000000 +0200 ++++ b/CryptoPkg/CryptoPkg.dec 2020-06-09 15:21:52.055912797 +0200 +@@ -23,7 +23,6 @@ + Private + Library/Include + Library/OpensslLib/openssl/include +- Library/OpensslLib/openssl/crypto/include + + [LibraryClasses] + ## @libraryclass Provides basic library functions for cryptographic primitives. +diff -ruN a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c +--- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c 2020-06-02 09:05:21.000000000 +0200 ++++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c 2020-06-09 15:26:52.686439106 +0200 +@@ -7,7 +7,7 @@ + **/ + + #include "InternalCryptLib.h" +-#include "internal/sm3.h" ++#include + + /** + Retrieves the size, in bytes, of the context buffer required for SM3 hash operations. +diff -ruN a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c +--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c 2020-06-02 09:05:21.000000000 +0200 ++++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c 2020-06-09 15:22:47.512057737 +0200 +@@ -15,13 +15,12 @@ + #include + #include + #include +-#include + #include + #include + #include + #include + #include +-#include ++#include + + /** + This function will return the leaf signer certificate in a chain. This is +diff -ruN a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf +--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf 2020-06-02 09:05:21.000000000 +0200 ++++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf 2020-06-09 11:08:33.349121703 +0200 +@@ -477,45 +477,44 @@ + $(OPENSSL_PATH)/crypto/s390x_arch.h + $(OPENSSL_PATH)/crypto/sparc_arch.h + $(OPENSSL_PATH)/crypto/vms_rms.h +- $(OPENSSL_PATH)/crypto/aes/aes_locl.h ++ $(OPENSSL_PATH)/crypto/aes/aes_local.h + $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h +- $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h ++ $(OPENSSL_PATH)/crypto/asn1/asn1_local.h + $(OPENSSL_PATH)/crypto/asn1/charmap.h + $(OPENSSL_PATH)/crypto/asn1/standard_methods.h + $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h +- $(OPENSSL_PATH)/crypto/async/async_locl.h ++ $(OPENSSL_PATH)/crypto/async/async_local.h + $(OPENSSL_PATH)/crypto/async/arch/async_null.h + $(OPENSSL_PATH)/crypto/async/arch/async_posix.h + $(OPENSSL_PATH)/crypto/async/arch/async_win.h +- $(OPENSSL_PATH)/crypto/bio/bio_lcl.h +- $(OPENSSL_PATH)/crypto/bn/bn_lcl.h ++ $(OPENSSL_PATH)/crypto/bio/bio_local.h ++ $(OPENSSL_PATH)/crypto/bn/bn_local.h + $(OPENSSL_PATH)/crypto/bn/bn_prime.h + $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h +- $(OPENSSL_PATH)/crypto/comp/comp_lcl.h ++ $(OPENSSL_PATH)/crypto/comp/comp_local.h + $(OPENSSL_PATH)/crypto/conf/conf_def.h +- $(OPENSSL_PATH)/crypto/conf/conf_lcl.h +- $(OPENSSL_PATH)/crypto/dh/dh_locl.h +- $(OPENSSL_PATH)/crypto/dso/dso_locl.h +- $(OPENSSL_PATH)/crypto/evp/evp_locl.h +- $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h +- $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h +- $(OPENSSL_PATH)/crypto/md5/md5_locl.h +- $(OPENSSL_PATH)/crypto/modes/modes_lcl.h ++ $(OPENSSL_PATH)/crypto/conf/conf_local.h ++ $(OPENSSL_PATH)/crypto/dh/dh_local.h ++ $(OPENSSL_PATH)/crypto/dso/dso_local.h ++ $(OPENSSL_PATH)/crypto/evp/evp_local.h ++ $(OPENSSL_PATH)/crypto/hmac/hmac_local.h ++ $(OPENSSL_PATH)/crypto/lhash/lhash_local.h ++ $(OPENSSL_PATH)/crypto/md5/md5_local.h ++ $(OPENSSL_PATH)/crypto/modes/modes_local.h + $(OPENSSL_PATH)/crypto/objects/obj_dat.h +- $(OPENSSL_PATH)/crypto/objects/obj_lcl.h ++ $(OPENSSL_PATH)/crypto/objects/obj_local.h + $(OPENSSL_PATH)/crypto/objects/obj_xref.h +- $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h +- $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h +- $(OPENSSL_PATH)/crypto/rand/rand_lcl.h +- $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h +- $(OPENSSL_PATH)/crypto/sha/sha_locl.h ++ $(OPENSSL_PATH)/crypto/ocsp/ocsp_local.h ++ $(OPENSSL_PATH)/crypto/pkcs12/p12_local.h ++ $(OPENSSL_PATH)/crypto/rand/rand_local.h ++ $(OPENSSL_PATH)/crypto/rsa/rsa_local.h ++ $(OPENSSL_PATH)/crypto/sha/sha_local.h + $(OPENSSL_PATH)/crypto/siphash/siphash_local.h +- $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h +- $(OPENSSL_PATH)/crypto/store/store_locl.h +- $(OPENSSL_PATH)/crypto/ui/ui_locl.h +- $(OPENSSL_PATH)/crypto/x509/x509_lcl.h ++ $(OPENSSL_PATH)/crypto/sm3/sm3_local.h ++ $(OPENSSL_PATH)/crypto/store/store_local.h ++ $(OPENSSL_PATH)/crypto/ui/ui_local.h ++ $(OPENSSL_PATH)/crypto/x509/x509_local.h + $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h +- $(OPENSSL_PATH)/crypto/x509v3/pcy_int.h + $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h + $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h + $(OPENSSL_PATH)/ssl/bio_ssl.c +@@ -562,13 +561,13 @@ + $(OPENSSL_PATH)/ssl/t1_trce.c + $(OPENSSL_PATH)/ssl/tls13_enc.c + $(OPENSSL_PATH)/ssl/tls_srp.c +- $(OPENSSL_PATH)/ssl/packet_locl.h ++ $(OPENSSL_PATH)/ssl/packet_local.h + $(OPENSSL_PATH)/ssl/ssl_cert_table.h +- $(OPENSSL_PATH)/ssl/ssl_locl.h ++ $(OPENSSL_PATH)/ssl/ssl_local.h + $(OPENSSL_PATH)/ssl/record/record.h +- $(OPENSSL_PATH)/ssl/record/record_locl.h ++ $(OPENSSL_PATH)/ssl/record/record_local.h + $(OPENSSL_PATH)/ssl/statem/statem.h +- $(OPENSSL_PATH)/ssl/statem/statem_locl.h ++ $(OPENSSL_PATH)/ssl/statem/statem_local.h + # Autogenerated files list ends here + buildinf.h + rand_pool_noise.h +diff -ruN a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf 2020-06-02 09:05:21.000000000 +0200 ++++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf 2020-06-09 11:17:31.877356870 +0200 +@@ -477,45 +477,44 @@ + $(OPENSSL_PATH)/crypto/s390x_arch.h + $(OPENSSL_PATH)/crypto/sparc_arch.h + $(OPENSSL_PATH)/crypto/vms_rms.h +- $(OPENSSL_PATH)/crypto/aes/aes_locl.h ++ $(OPENSSL_PATH)/crypto/aes/aes_local.h + $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h +- $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h ++ $(OPENSSL_PATH)/crypto/asn1/asn1_local.h + $(OPENSSL_PATH)/crypto/asn1/charmap.h + $(OPENSSL_PATH)/crypto/asn1/standard_methods.h + $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h +- $(OPENSSL_PATH)/crypto/async/async_locl.h ++ $(OPENSSL_PATH)/crypto/async/async_local.h + $(OPENSSL_PATH)/crypto/async/arch/async_null.h + $(OPENSSL_PATH)/crypto/async/arch/async_posix.h + $(OPENSSL_PATH)/crypto/async/arch/async_win.h +- $(OPENSSL_PATH)/crypto/bio/bio_lcl.h +- $(OPENSSL_PATH)/crypto/bn/bn_lcl.h ++ $(OPENSSL_PATH)/crypto/bio/bio_local.h ++ $(OPENSSL_PATH)/crypto/bn/bn_local.h + $(OPENSSL_PATH)/crypto/bn/bn_prime.h + $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h +- $(OPENSSL_PATH)/crypto/comp/comp_lcl.h ++ $(OPENSSL_PATH)/crypto/comp/comp_local.h + $(OPENSSL_PATH)/crypto/conf/conf_def.h +- $(OPENSSL_PATH)/crypto/conf/conf_lcl.h +- $(OPENSSL_PATH)/crypto/dh/dh_locl.h +- $(OPENSSL_PATH)/crypto/dso/dso_locl.h +- $(OPENSSL_PATH)/crypto/evp/evp_locl.h +- $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h +- $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h +- $(OPENSSL_PATH)/crypto/md5/md5_locl.h +- $(OPENSSL_PATH)/crypto/modes/modes_lcl.h ++ $(OPENSSL_PATH)/crypto/conf/conf_local.h ++ $(OPENSSL_PATH)/crypto/dh/dh_local.h ++ $(OPENSSL_PATH)/crypto/dso/dso_local.h ++ $(OPENSSL_PATH)/crypto/evp/evp_local.h ++ $(OPENSSL_PATH)/crypto/hmac/hmac_local.h ++ $(OPENSSL_PATH)/crypto/lhash/lhash_local.h ++ $(OPENSSL_PATH)/crypto/md5/md5_local.h ++ $(OPENSSL_PATH)/crypto/modes/modes_local.h + $(OPENSSL_PATH)/crypto/objects/obj_dat.h +- $(OPENSSL_PATH)/crypto/objects/obj_lcl.h ++ $(OPENSSL_PATH)/crypto/objects/obj_local.h + $(OPENSSL_PATH)/crypto/objects/obj_xref.h +- $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h +- $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h +- $(OPENSSL_PATH)/crypto/rand/rand_lcl.h +- $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h +- $(OPENSSL_PATH)/crypto/sha/sha_locl.h ++ $(OPENSSL_PATH)/crypto/ocsp/ocsp_local.h ++ $(OPENSSL_PATH)/crypto/pkcs12/p12_local.h ++ $(OPENSSL_PATH)/crypto/rand/rand_local.h ++ $(OPENSSL_PATH)/crypto/rsa/rsa_local.h ++ $(OPENSSL_PATH)/crypto/sha/sha_local.h + $(OPENSSL_PATH)/crypto/siphash/siphash_local.h +- $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h +- $(OPENSSL_PATH)/crypto/store/store_locl.h +- $(OPENSSL_PATH)/crypto/ui/ui_locl.h +- $(OPENSSL_PATH)/crypto/x509/x509_lcl.h ++ $(OPENSSL_PATH)/crypto/sm3/sm3_local.h ++ $(OPENSSL_PATH)/crypto/store/store_local.h ++ $(OPENSSL_PATH)/crypto/ui/ui_local.h ++ $(OPENSSL_PATH)/crypto/x509/x509_local.h + $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h +- $(OPENSSL_PATH)/crypto/x509v3/pcy_int.h + $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h + $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h + # Autogenerated files list ends here +diff -ruN a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Library/OpensslLib/process_files.pl +--- a/CryptoPkg/Library/OpensslLib/process_files.pl 2020-06-02 09:05:21.000000000 +0200 ++++ b/CryptoPkg/Library/OpensslLib/process_files.pl 2020-06-09 12:36:16.400775802 +0200 +@@ -111,8 +111,8 @@ + # Generate dso_conf.h per config data + system( + "perl -I. -Mconfigdata util/dofile.pl " . +- "crypto/include/internal/dso_conf.h.in " . +- "> include/internal/dso_conf.h" ++ "include/crypto/dso_conf.h.in " . ++ "> include/crypto/dso_conf.h" + ) == 0 || + die "Failed to generate dso_conf.h!\n"; + +diff -ruN a/CryptoPkg/Library/OpensslLib/rand_pool.c b/CryptoPkg/Library/OpensslLib/rand_pool.c +--- a/CryptoPkg/Library/OpensslLib/rand_pool.c 2020-06-02 09:05:21.000000000 +0200 ++++ b/CryptoPkg/Library/OpensslLib/rand_pool.c 2020-06-17 21:00:46.335684557 +0200 +@@ -7,9 +7,8 @@ + + **/ + +-#include "internal/rand_int.h" + #include +- ++#include + #include + #include + diff --git a/srcpkgs/edk2-ovmf/template b/srcpkgs/edk2-ovmf/template new file mode 100644 index 00000000000..b96ba8efa9e --- /dev/null +++ b/srcpkgs/edk2-ovmf/template @@ -0,0 +1,152 @@ +# Template file for 'edk2-ovmf' +_brotli_ver=1.0.7 +_openssl_ver=1.1.1g +pkgname=edk2-ovmf +version=202005 +revision=1 +wrksrc=edk2-edk2-stable202005 +hostmakedepends="python3 nasm acpica-utils" +makedepends="libuuid-devel" +short_desc="Open Virtual Machine Firmware to support firmware for Virtual Machines" +maintainer="Domenico Panella " +license="BSD-2-Clause-Patent" +homepage="https://github.com/tianocore/edk2" +distfiles=" https://github.com/tianocore/edk2/archive/edk2-stable${version}.tar.gz + https://github.com/google/brotli/archive/v${_brotli_ver}.tar.gz + https://www.openssl.org/source/openssl-${_openssl_ver}.tar.gz" +checksum="373c3eff3497316a48fcf4be8dcee227431cbce86dcd80a004950e992f0297e2 + 4c61bfb0faca87219ea587326c467b95acb25555b53d1a421ffa3c8a9296ee2c + ddb04774f1e32f0c49751e21b67216ac87852ceb056b75209af2443400636d46" +_arch_list=('IA32' 'X64') +_build_type='RELEASE' +_build_plugin='GCC5' +patch_args="-Np1 --binary" + + +pre_build() { + + rm -rfv CryptoPkg/Library/OpensslLib/openssl + ln -sfv "${XBPS_BUILDDIR}/openssl-$_openssl_ver" CryptoPkg/Library/OpensslLib/openssl + + # copying required pre-generated header into place (to not also have to patch openssl) + cp -v CryptoPkg/Library/Include/internal/dso_conf.h CryptoPkg/Library/OpensslLib/openssl/include/crypto/ + + rm -rfv BaseTools/Source/C/BrotliCompress/brotli MdeModulePkg/Library/BrotliCustomDecompressLib/brotli + ln -sfv "${XBPS_BUILDDIR}/brotli-${_brotli_ver}" ${wrksrc}/BaseTools/Source/C/BrotliCompress/brotli + ln -sfv "${XBPS_BUILDDIR}/brotli-${_brotli_ver}" ${wrksrc}/MdeModulePkg/Library/BrotliCustomDecompressLib/brotli + + # -Werror, not even once + sed -e 's/ -Werror//g' -i BaseTools/Conf/*.template BaseTools/Source/C/Makefiles/*.makefile + +} + + + +do_build() { + + make -C BaseTools + . edksetup.sh + + local _arch + + for _arch in ${_arch_list[@]}; do + + # ovmf + if [[ "${_arch}" == 'IA32' ]]; then + echo "Building ovmf (${_arch}) with secure boot" + OvmfPkg/build.sh -p OvmfPkg/OvmfPkgIa32.dsc \ + -a "${_arch}" \ + -b "${_build_type}" \ + -n "$(nproc)" \ + -t "${_build_plugin}" \ + -D LOAD_X64_ON_IA32_ENABLE \ + -D NETWORK_IP6_ENABLE \ + -D TPM2_ENABLE \ + -D HTTP_BOOT_ENABLE \ + -D TLS_ENABLE \ + -D FD_SIZE_2MB \ + -D SECURE_BOOT_ENABLE \ + -D SMM_REQUIRE \ + -D EXCLUDE_SHELL_FROM_FD + mv -v Build/Ovmf{Ia32,IA32-secure} + echo "Building ovmf (${_arch}) without secure boot" + OvmfPkg/build.sh -p OvmfPkg/OvmfPkgIa32.dsc \ + -a "${_arch}" \ + -b "${_build_type}" \ + -n "$(nproc)" \ + -t "${_build_plugin}" \ + -D LOAD_X64_ON_IA32_ENABLE \ + -D NETWORK_IP6_ENABLE \ + -D TPM2_ENABLE \ + -D HTTP_BOOT_ENABLE \ + -D TLS_ENABLE \ + -D FD_SIZE_2MB + mv -v Build/Ovmf{Ia32,IA32} + fi + + if [[ "${_arch}" == 'X64' ]]; then + echo "Building ovmf (${_arch}) with secure boot" + OvmfPkg/build.sh -p "OvmfPkg/OvmfPkg${_arch}.dsc" \ + -a "${_arch}" \ + -b "${_build_type}" \ + -n "$(nproc)" \ + -t "${_build_plugin}" \ + -D NETWORK_IP6_ENABLE \ + -D TPM2_ENABLE \ + -D FD_SIZE_2MB \ + -D TLS_ENABLE \ + -D HTTP_BOOT_ENABLE \ + -D SECURE_BOOT_ENABLE \ + -D SMM_REQUIRE \ + -D EXCLUDE_SHELL_FROM_FD + mv -v Build/OvmfX64{,-secure} + echo "Building ovmf (${_arch}) without secure boot" + OvmfPkg/build.sh -p "OvmfPkg/OvmfPkg${_arch}.dsc" \ + -a "${_arch}" \ + -b "${_build_type}" \ + -n "$(nproc)" \ + -t "${_build_plugin}" \ + -D NETWORK_IP6_ENABLE \ + -D TPM2_ENABLE \ + -D FD_SIZE_2MB \ + -D TLS_ENABLE \ + -D HTTP_BOOT_ENABLE + fi + + done + +} + +do_install() { + + local _arch + + # installing the various firmwares + for _arch in ${_arch_list[@]}; do + + # installing OVMF.fd for xen: https://bugs.archlinux.org/task/58635 + vinstall "Build/Ovmf${_arch}/${_build_type}_${_build_plugin}/FV/OVMF.fd" 0644 "usr/share/${pkgname}/${_arch,,}" + + vinstall "Build/Ovmf${_arch}/${_build_type}_${_build_plugin}/FV/OVMF_CODE.fd" 0644 "usr/share/${pkgname}/${_arch,,}" + + vinstall "Build/Ovmf${_arch}/${_build_type}_${_build_plugin}/FV/OVMF_VARS.fd" 0644 "usr/share/${pkgname}/${_arch,,}" + + vinstall "Build/Ovmf${_arch}-secure/${_build_type}_${_build_plugin}/FV/OVMF_CODE.fd" 0644 "usr/share/${pkgname}/${_arch,,}" "OVMF_CODE.secboot.fd" + + done + + # installing qemu descriptors in accordance with qemu: + # https://git.qemu.org/?p=qemu.git;a=tree;f=pc-bios/descriptors + local _file + for _file in ${FILESDIR}/*; do + vinstall ${_file} 0644 "usr/share/qemu/firmware" + done + + vlicense License.txt + vlicense OvmfPkg/License.txt + + vdoc OvmfPkg/README + vdoc ReadMe.rst + vdoc Maintainers.txt + +}