2022-01-21 12:45:59 +00:00
|
|
|
# https://fedoraproject.org/wiki/Changes/SetBuildFlagsBuildCheck
|
|
|
|
# breaks cross-building
|
|
|
|
%undefine _auto_set_build_flags
|
|
|
|
|
2021-07-15 20:02:04 +00:00
|
|
|
%if %{defined fedora}
|
|
|
|
# actual firmware builds support cross-compiling. edk2-tools
|
|
|
|
# in theory should build everywhere without much trouble, but
|
|
|
|
# in practice the edk2 build system barfs on archs it doesn't know
|
|
|
|
# (such as ppc), so lets limit things to the known-good ones.
|
2022-04-07 05:42:24 +00:00
|
|
|
ExclusiveArch: x86_64 %{arm} aarch64
|
2021-07-15 20:02:04 +00:00
|
|
|
%else
|
|
|
|
ExclusiveArch: x86_64 aarch64
|
|
|
|
%endif
|
|
|
|
|
2022-03-23 08:15:34 +00:00
|
|
|
# edk2-stable202202
|
|
|
|
%define GITDATE 20220221
|
|
|
|
%define GITCOMMIT b24306f15daa
|
2021-07-15 17:34:57 +00:00
|
|
|
%define TOOLCHAIN GCC5
|
2021-07-15 20:02:04 +00:00
|
|
|
%define OPENSSL_VER 1.1.1k
|
2013-05-02 12:46:06 +00:00
|
|
|
|
2018-04-30 11:57:51 +00:00
|
|
|
%define qosb_testing 0
|
|
|
|
%ifarch x86_64
|
|
|
|
%define qosb_testing 1
|
|
|
|
%endif
|
2021-07-15 17:49:13 +00:00
|
|
|
|
2021-09-01 17:40:04 +00:00
|
|
|
%if %{defined rhel}
|
2021-07-15 20:02:04 +00:00
|
|
|
%define build_ovmf 0
|
|
|
|
%define build_aarch64 0
|
2017-11-13 17:44:20 +00:00
|
|
|
%ifarch x86_64
|
2021-07-15 20:02:04 +00:00
|
|
|
%define build_ovmf 1
|
2017-11-13 17:44:20 +00:00
|
|
|
%endif
|
|
|
|
%ifarch aarch64
|
2021-07-15 20:02:04 +00:00
|
|
|
%define build_aarch64 1
|
2017-11-13 17:44:20 +00:00
|
|
|
%endif
|
2021-07-15 20:02:04 +00:00
|
|
|
%else
|
|
|
|
%define build_ovmf 1
|
|
|
|
%define build_aarch64 1
|
2017-11-13 17:44:20 +00:00
|
|
|
%endif
|
|
|
|
|
2021-07-15 20:02:04 +00:00
|
|
|
%global softfloat_version 20180726-gitb64af41
|
|
|
|
%define cross %{defined fedora}
|
2021-07-20 16:34:13 +00:00
|
|
|
%define disable_werror %{defined fedora}
|
2021-07-15 20:02:04 +00:00
|
|
|
|
|
|
|
|
2021-07-15 17:34:57 +00:00
|
|
|
Name: edk2
|
|
|
|
Version: %{GITDATE}git%{GITCOMMIT}
|
2022-04-19 15:19:52 +00:00
|
|
|
Release: 4%{?dist}
|
2021-07-15 17:34:57 +00:00
|
|
|
Summary: UEFI firmware for 64-bit virtual machines
|
|
|
|
License: BSD-2-Clause-Patent and OpenSSL and MIT
|
|
|
|
URL: http://www.tianocore.org
|
|
|
|
|
|
|
|
# The source tarball is created using following commands:
|
2021-11-29 13:29:46 +00:00
|
|
|
# COMMIT=bb1bba3d7767
|
2021-07-15 17:34:57 +00:00
|
|
|
# git archive --format=tar --prefix=edk2-$COMMIT/ $COMMIT \
|
|
|
|
# | xz -9ev >/tmp/edk2-$COMMIT.tar.xz
|
|
|
|
Source0: edk2-%{GITCOMMIT}.tar.xz
|
|
|
|
Source1: ovmf-whitepaper-c770f8c.txt
|
|
|
|
Source2: openssl-rhel-bdd048e929dcfcf2f046d74e812e0e3d5fc58504.tar.xz
|
2021-07-15 17:49:13 +00:00
|
|
|
Source3: ovmf-vars-generator
|
|
|
|
Source4: LICENSE.qosb
|
|
|
|
Source5: RedHatSecureBootPkKek1.pem
|
|
|
|
|
2021-07-15 22:05:43 +00:00
|
|
|
Source10: edk2-aarch64-verbose.json
|
|
|
|
Source11: edk2-aarch64.json
|
|
|
|
Source12: edk2-ovmf-sb.json
|
|
|
|
Source13: edk2-ovmf.json
|
|
|
|
Source14: edk2-ovmf-cc.json
|
|
|
|
|
2021-07-15 17:49:13 +00:00
|
|
|
# Fedora specific sources
|
|
|
|
Source50: softfloat-%{softfloat_version}.tar.xz
|
|
|
|
Source55: 40-edk2-ovmf-ia32-sb-enrolled.json
|
|
|
|
Source56: 50-edk2-ovmf-ia32-sb.json
|
|
|
|
Source57: 60-edk2-ovmf-ia32.json
|
2021-07-20 16:30:38 +00:00
|
|
|
Source58: edk2-ovmf-nosb.json
|
2021-07-15 17:49:13 +00:00
|
|
|
Source59: 70-edk2-arm-verbose.json
|
2021-12-02 12:24:16 +00:00
|
|
|
Source60: edk2-microvm.json
|
Ship the JSON firmware "descriptor files"
From version 4.1 (due in August 2019) onwards, QEMU ships the so-called
firmware "descriptor files". These are small JSON files that describe
details about UEFI firmware binaries — such as the fimware binary path,
its architecture, supported machine type, NVRAM template and so forth.
You can see examples of these files from the QEMU upstream Git:
https://git.qemu.org/?p=qemu.git;a=tree;f=pc-bios/descriptors
$> tree descriptors/
descriptors/
├── 50-edk2-i386-secure.json
├── 50-edk2-x86_64-secure.json
├── 60-edk2-aarch64.json
├── 60-edk2-arm.json
├── 60-edk2-i386.json
└── 60-edk2-x86_64.json
QEMU 4.1 itself will ship the above files. However, Fedora needs to
ship these file as part of its EDK2 package.
Why?
----
(1) Quoting (with minor formatting edits) Laszlo Ersek:
Distributions providing their own EDK2 packages would not include
the descriptors from upstream QEMU, even if they otherwise package
QEMU. That's beause the descriptor files in QEMU match the
firmware bundled with QEMU -- but the firmware images in the
distros' own EDK2 packages are different. So, if a distro
provides an EDK2 package, then the same EDK2 package should offer
matching descriptors. QEMU offers descriptors (soon) because QEMU
technically distributes edk2 firmware binaries (soon). [Where
"soon" == QEMU 4.1]
(2) And as Dan Berrangé reminded on IRC:
In Fedora, we need to ship them [the "descriptor files"] as part
of the EDK2 package, because Fedora throws away all the firmware
files that QEMU bundles, because we're [Fedora] required to
rebuild everything from pristine source.
- - -
In this patch:
(*) Use the firmware descriptor files provided by Laszlo (thanks!) in
this comment here:
https://bugzilla.redhat.com/show_bug.cgi?id=1728652#c2 ("RFE: Ship
the JSON firmware "descriptor files" as part of EDK2").
On the double-digit priority prefixes, refer to the rationale here:
https://src.fedoraproject.org/rpms/edk2/pull-request/3#comment-27523
(*) Install the JSON files for the relevant architectures in
`/usr/share/qemu/firmware`, as required by specification[+]. And
make each EDK2 own this directory; multiple RPMs owning the same
directory is no problem.
[+] https://git.qemu.org/?p=qemu.git;a=blob;f=docs/interop/firmware.json
Resolves: rhbz#1728652
Signed-off-by: Kashyap Chamarthy <kchamart@redhat.com>
2019-07-12 09:20:38 +00:00
|
|
|
|
2022-03-23 08:15:34 +00:00
|
|
|
Patch0001: 0001-BaseTools-do-not-build-BrotliCompress-RH-only.patch
|
|
|
|
Patch0002: 0002-MdeModulePkg-remove-package-private-Brotli-include-p.patch
|
|
|
|
Patch0003: 0003-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch
|
|
|
|
Patch0004: 0004-MdeModulePkg-TerminalDxe-add-other-text-resolutions-.patch
|
|
|
|
Patch0005: 0005-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch
|
|
|
|
Patch0006: 0006-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch
|
|
|
|
Patch0007: 0007-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch
|
|
|
|
Patch0008: 0008-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch
|
|
|
|
Patch0009: 0009-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch
|
|
|
|
Patch0010: 0010-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch
|
|
|
|
Patch0011: 0011-ArmVirtPkg-set-early-hello-message-RH-only.patch
|
|
|
|
Patch0012: 0012-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch
|
|
|
|
Patch0013: 0013-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch
|
|
|
|
Patch0014: 0014-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch
|
|
|
|
Patch0015: 0015-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch
|
|
|
|
Patch0016: 0016-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch
|
|
|
|
Patch0017: 0017-CryptoPkg-OpensslLib-list-RHEL8-specific-OpenSSL-fil.patch
|
|
|
|
Patch0018: 0018-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch
|
|
|
|
Patch0019: 0019-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch
|
|
|
|
Patch0020: 0020-OvmfPkg-Microvm-take-PcdResizeXterm-from-the-QEMU-co.patch
|
|
|
|
Patch0021: 0021-Tweak-the-tools_def-to-support-cross-compiling.patch
|
2016-04-18 12:16:51 +00:00
|
|
|
|
2022-03-24 12:01:23 +00:00
|
|
|
Patch0030: 0030-BaseTools-fix-gcc12-warning.patch
|
|
|
|
Patch0031: 0031-BaseTools-fix-gcc12-warning.patch
|
|
|
|
Patch0032: 0032-Basetools-turn-off-gcc12-warning.patch
|
|
|
|
|
2021-07-15 20:02:04 +00:00
|
|
|
# python3-devel and libuuid-devel are required for building tools.
|
|
|
|
# python3-devel is also needed for varstore template generation and
|
|
|
|
# verification with "ovmf-vars-generator".
|
|
|
|
BuildRequires: python3-devel
|
2015-12-29 17:03:01 +00:00
|
|
|
BuildRequires: libuuid-devel
|
2021-07-15 20:02:04 +00:00
|
|
|
BuildRequires: /usr/bin/iasl
|
|
|
|
BuildRequires: binutils gcc git gcc-c++ make
|
|
|
|
|
|
|
|
%if %{build_ovmf}
|
|
|
|
# Only OVMF includes 80x86 assembly files (*.nasm*).
|
2016-04-18 12:16:51 +00:00
|
|
|
BuildRequires: nasm
|
2021-07-15 20:02:04 +00:00
|
|
|
|
|
|
|
# Only OVMF includes the Secure Boot feature, for which we need to separate out
|
|
|
|
# the UEFI shell.
|
2021-07-15 18:49:10 +00:00
|
|
|
BuildRequires: dosfstools
|
|
|
|
BuildRequires: mtools
|
2021-07-15 20:02:04 +00:00
|
|
|
BuildRequires: xorriso
|
2013-05-02 12:46:06 +00:00
|
|
|
|
2021-07-15 20:02:04 +00:00
|
|
|
# For generating the variable store template with the default certificates
|
2022-04-19 15:19:52 +00:00
|
|
|
# enrolled.
|
|
|
|
BuildRequires: python3-virt-firmware
|
2016-05-21 14:39:41 +00:00
|
|
|
|
2021-07-15 17:49:13 +00:00
|
|
|
%if %{qosb_testing}
|
|
|
|
# For verifying SB enablement in the above variable store template, we need a
|
|
|
|
# guest kernel that prints "Secure boot enabled".
|
|
|
|
BuildRequires: kernel-core >= 4.18.0-161
|
|
|
|
BuildRequires: rpmdevtools
|
|
|
|
%endif
|
|
|
|
|
2021-07-15 20:02:04 +00:00
|
|
|
# endif build_ovmf
|
|
|
|
%endif
|
|
|
|
|
|
|
|
%if %{cross}
|
|
|
|
BuildRequires: gcc-aarch64-linux-gnu
|
|
|
|
BuildRequires: gcc-arm-linux-gnu
|
|
|
|
BuildRequires: gcc-x86_64-linux-gnu
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
%package ovmf
|
|
|
|
Summary: UEFI firmware for x86_64 virtual machines
|
|
|
|
BuildArch: noarch
|
|
|
|
Provides: OVMF = %{version}-%{release}
|
|
|
|
Obsoletes: OVMF < 20180508-100.gitee3198e672e2.el7
|
|
|
|
|
|
|
|
# OVMF includes the Secure Boot and IPv6 features; it has a builtin OpenSSL
|
|
|
|
# library.
|
|
|
|
Provides: bundled(openssl) = %{OPENSSL_VER}
|
|
|
|
License: BSD-2-Clause-Patent and OpenSSL
|
|
|
|
|
|
|
|
# URL taken from the Maintainers.txt file.
|
|
|
|
URL: http://www.tianocore.org/ovmf/
|
|
|
|
|
|
|
|
%description ovmf
|
|
|
|
OVMF (Open Virtual Machine Firmware) is a project to enable UEFI support for
|
|
|
|
Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU
|
|
|
|
and KVM.
|
|
|
|
|
|
|
|
|
|
|
|
%package aarch64
|
|
|
|
Summary: UEFI firmware for aarch64 virtual machines
|
|
|
|
BuildArch: noarch
|
|
|
|
Provides: AAVMF = %{version}-%{release}
|
|
|
|
Obsoletes: AAVMF < 20180508-100.gitee3198e672e2.el7
|
|
|
|
|
|
|
|
# No Secure Boot for AAVMF yet, but we include OpenSSL for the IPv6 stack.
|
|
|
|
Provides: bundled(openssl) = %{OPENSSL_VER}
|
|
|
|
License: BSD-2-Clause-Patent and OpenSSL
|
|
|
|
|
|
|
|
# URL taken from the Maintainers.txt file.
|
|
|
|
URL: https://github.com/tianocore/tianocore.github.io/wiki/ArmVirtPkg
|
|
|
|
|
|
|
|
%description aarch64
|
|
|
|
AAVMF (ARM Architecture Virtual Machine Firmware) is an EFI Development Kit II
|
|
|
|
platform that enables UEFI support for QEMU/KVM ARM Virtual Machines. This
|
|
|
|
package contains a 64-bit build.
|
2021-07-15 17:49:13 +00:00
|
|
|
|
2013-05-02 12:46:06 +00:00
|
|
|
|
|
|
|
%package tools
|
2015-12-29 17:03:01 +00:00
|
|
|
Summary: EFI Development Kit II Tools
|
2021-07-15 20:02:04 +00:00
|
|
|
License: BSD-2-Clause-Patent
|
|
|
|
URL: https://github.com/tianocore/tianocore.github.io/wiki/BaseTools
|
2013-05-02 12:46:06 +00:00
|
|
|
%description tools
|
|
|
|
This package provides tools that are needed to
|
|
|
|
build EFI executables and ROMs using the GNU tools.
|
|
|
|
|
|
|
|
%package tools-doc
|
2015-12-29 17:03:01 +00:00
|
|
|
Summary: Documentation for EFI Development Kit II Tools
|
2016-04-18 12:16:51 +00:00
|
|
|
BuildArch: noarch
|
2021-07-15 20:02:04 +00:00
|
|
|
License: BSD-2-Clause-Patent
|
|
|
|
URL: https://github.com/tianocore/tianocore.github.io/wiki/BaseTools
|
2013-05-02 12:46:06 +00:00
|
|
|
%description tools-doc
|
|
|
|
This package documents the tools that are needed to
|
|
|
|
build EFI executables and ROMs using the GNU tools.
|
|
|
|
|
2021-07-15 20:02:04 +00:00
|
|
|
%description
|
|
|
|
EDK II is a modern, feature-rich, cross-platform firmware development
|
|
|
|
environment for the UEFI and PI specifications. This package contains sample
|
|
|
|
64-bit UEFI firmware builds for QEMU and KVM.
|
2018-04-30 11:57:51 +00:00
|
|
|
|
2016-04-18 12:16:51 +00:00
|
|
|
|
2021-07-15 20:02:04 +00:00
|
|
|
%if %{defined fedora}
|
2017-03-15 21:56:49 +00:00
|
|
|
%package ovmf-ia32
|
|
|
|
Summary: Open Virtual Machine Firmware
|
2019-07-15 15:37:24 +00:00
|
|
|
License: BSD-2-Clause-Patent and OpenSSL
|
2018-07-23 08:57:29 +00:00
|
|
|
Provides: bundled(openssl)
|
2017-03-15 21:56:49 +00:00
|
|
|
BuildArch: noarch
|
|
|
|
%description ovmf-ia32
|
|
|
|
EFI Development Kit II
|
|
|
|
Open Virtual Machine Firmware (ia32)
|
|
|
|
|
2016-07-21 21:47:43 +00:00
|
|
|
%package arm
|
|
|
|
Summary: ARM Virtual Machine Firmware
|
|
|
|
BuildArch: noarch
|
2020-09-12 11:26:56 +00:00
|
|
|
License: BSD-2-Clause-Patent and OpenSSL
|
2016-07-21 21:47:43 +00:00
|
|
|
%description arm
|
|
|
|
EFI Development Kit II
|
2020-09-12 11:26:56 +00:00
|
|
|
ARMv7 UEFI Firmware
|
2021-07-15 20:02:04 +00:00
|
|
|
|
|
|
|
%package qosb
|
|
|
|
Summary: Tool to enroll secureboot
|
|
|
|
Requires: python3
|
|
|
|
Buildarch: noarch
|
|
|
|
%description qosb
|
|
|
|
This package contains QOSB (QEMU OVMF Secure Boot), which can enroll OVMF
|
|
|
|
variable files to enforce Secure Boot.
|
|
|
|
|
|
|
|
%package tools-python
|
|
|
|
Summary: EFI Development Kit II Tools
|
|
|
|
Requires: python3
|
|
|
|
BuildArch: noarch
|
|
|
|
|
|
|
|
%description tools-python
|
|
|
|
This package provides tools that are needed to build EFI executables
|
|
|
|
and ROMs using the GNU tools. You do not need to install this package;
|
|
|
|
you probably want to install edk2-tools only.
|
|
|
|
# endif fedora
|
2017-11-13 17:44:20 +00:00
|
|
|
%endif
|
2016-07-21 21:47:43 +00:00
|
|
|
|
2016-04-18 12:16:51 +00:00
|
|
|
|
2021-07-15 20:02:04 +00:00
|
|
|
|
2013-05-02 12:46:06 +00:00
|
|
|
%prep
|
2021-07-15 17:34:57 +00:00
|
|
|
# We needs some special git config options that %%autosetup won't give us.
|
|
|
|
# We init the git dir ourselves, then tell %%autosetup not to blow it away.
|
|
|
|
%setup -q -n edk2-%{GITCOMMIT}
|
|
|
|
git init -q
|
|
|
|
git config core.whitespace cr-at-eol
|
|
|
|
git config am.keepcr true
|
|
|
|
# -T is passed to %%setup to not re-extract the archive
|
|
|
|
# -D is passed to %%setup to not delete the existing archive dir
|
|
|
|
%autosetup -T -D -n edk2-%{GITCOMMIT} -S git_am
|
2017-11-14 15:05:26 +00:00
|
|
|
|
2021-07-15 17:49:13 +00:00
|
|
|
cp -a -- %{SOURCE1} %{SOURCE3} .
|
2021-07-15 22:05:43 +00:00
|
|
|
cp -a -- %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} %{SOURCE14} .
|
2021-07-15 17:34:57 +00:00
|
|
|
tar -C CryptoPkg/Library/OpensslLib -a -f %{SOURCE2} -x
|
2021-07-15 17:49:13 +00:00
|
|
|
|
|
|
|
# Format the Red Hat-issued certificate that is to be enrolled as both Platform
|
|
|
|
# Key and first Key Exchange Key, as an SMBIOS OEM String. This means stripping
|
|
|
|
# the PEM header and footer, and prepending the textual representation of the
|
|
|
|
# GUID that identifies this particular OEM String to "EnrollDefaultKeys.efi",
|
|
|
|
# plus the separator ":". For details, see
|
|
|
|
# <https://bugzilla.tianocore.org/show_bug.cgi?id=1747> comments 2, 7, 14.
|
2019-07-15 15:41:49 +00:00
|
|
|
sed \
|
|
|
|
-e 's/^-----BEGIN CERTIFICATE-----$/4e32566d-8e9e-4f52-81d3-5bb9715f9727:/' \
|
|
|
|
-e '/^-----END CERTIFICATE-----$/d' \
|
2021-07-15 17:49:13 +00:00
|
|
|
%{SOURCE5} \
|
|
|
|
> PkKek1.oemstr
|
|
|
|
|
2021-07-15 20:02:04 +00:00
|
|
|
# Done by %setup, but we do not use it for the auxiliary tarballs
|
|
|
|
chmod -Rf a+rX,u+w,g-w,o-w .
|
|
|
|
|
|
|
|
# Fedora specific
|
2021-07-15 17:49:13 +00:00
|
|
|
cp -a -- %{SOURCE4} .
|
2021-07-15 20:02:04 +00:00
|
|
|
# extract softfloat into place
|
|
|
|
tar -xf %{SOURCE50} --strip-components=1 --directory ArmPkg/Library/ArmSoftFloatLib/berkeley-softfloat-3/
|
2019-07-11 23:42:10 +00:00
|
|
|
|
|
|
|
|
2016-04-18 12:16:51 +00:00
|
|
|
%build
|
2020-04-13 22:29:55 +00:00
|
|
|
export PYTHON_COMMAND=%{__python3}
|
2016-04-18 12:16:51 +00:00
|
|
|
source ./edksetup.sh
|
2021-07-15 22:05:43 +00:00
|
|
|
%make_build -C "$EDK_TOOLS_PATH" \
|
|
|
|
EXTRA_OPTFLAGS="%{optflags}" \
|
|
|
|
EXTRA_LDFLAGS="%{__global_ldflags}"
|
2016-04-18 12:16:51 +00:00
|
|
|
|
2021-07-15 22:05:43 +00:00
|
|
|
SMP_MFLAGS="%{?_smp_mflags}"
|
|
|
|
if [[ x"$SMP_MFLAGS" = x-j* ]]; then
|
|
|
|
CC_FLAGS="$CC_FLAGS -n ${SMP_MFLAGS#-j}"
|
|
|
|
elif [ -n "%{?jobs}" ]; then
|
|
|
|
CC_FLAGS="$CC_FLAGS -n %{?jobs}"
|
2016-04-18 12:16:51 +00:00
|
|
|
fi
|
|
|
|
|
2021-07-15 22:05:43 +00:00
|
|
|
CC_FLAGS="$CC_FLAGS --cmd-len=65536 -t %{TOOLCHAIN} -b DEBUG --hash"
|
2018-07-18 14:33:51 +00:00
|
|
|
CC_FLAGS="$CC_FLAGS -D NETWORK_IP6_ENABLE"
|
2021-07-15 22:05:43 +00:00
|
|
|
CC_FLAGS="$CC_FLAGS -D NETWORK_HTTP_BOOT_ENABLE -D NETWORK_TLS_ENABLE"
|
2022-04-07 05:28:55 +00:00
|
|
|
CC_FLAGS="$CC_FLAGS -D TPM2_ENABLE"
|
|
|
|
CC_FLAGS="$CC_FLAGS -D TPM1_ENABLE"
|
2016-04-18 12:16:51 +00:00
|
|
|
|
|
|
|
OVMF_FLAGS="${CC_FLAGS}"
|
2021-07-15 22:05:43 +00:00
|
|
|
%if %{defined rhel}
|
|
|
|
OVMF_FLAGS="${OVMF_FLAGS} -D FD_SIZE_4MB"
|
|
|
|
OVMF_FLAGS="${OVMF_FLAGS} -D PVSCSI_ENABLE=FALSE -D MPT_SCSI_ENABLE=FALSE"
|
|
|
|
%else
|
2017-05-09 17:03:58 +00:00
|
|
|
OVMF_FLAGS="${OVMF_FLAGS} -D FD_SIZE_2MB"
|
2021-07-15 22:05:43 +00:00
|
|
|
%endif
|
2016-04-18 12:16:51 +00:00
|
|
|
|
|
|
|
OVMF_SB_FLAGS="${OVMF_FLAGS}"
|
|
|
|
OVMF_SB_FLAGS="${OVMF_SB_FLAGS} -D SECURE_BOOT_ENABLE"
|
|
|
|
OVMF_SB_FLAGS="${OVMF_SB_FLAGS} -D SMM_REQUIRE"
|
|
|
|
OVMF_SB_FLAGS="${OVMF_SB_FLAGS} -D EXCLUDE_SHELL_FROM_FD"
|
|
|
|
|
2021-07-20 16:34:13 +00:00
|
|
|
%if %{disable_werror}
|
2016-04-18 13:53:38 +00:00
|
|
|
sed -i -e 's/-Werror//' Conf/tools_def.txt
|
2021-07-20 16:34:13 +00:00
|
|
|
%endif
|
2016-04-18 12:16:51 +00:00
|
|
|
|
2017-03-15 21:56:49 +00:00
|
|
|
|
2021-07-15 20:02:04 +00:00
|
|
|
%if %{cross}
|
2018-07-18 14:33:51 +00:00
|
|
|
export GCC5_IA32_PREFIX="x86_64-linux-gnu-"
|
|
|
|
export GCC5_X64_PREFIX="x86_64-linux-gnu-"
|
|
|
|
export GCC5_AARCH64_PREFIX="aarch64-linux-gnu-"
|
|
|
|
export GCC5_ARM_PREFIX="arm-linux-gnu-"
|
2017-11-13 17:44:20 +00:00
|
|
|
%endif
|
|
|
|
|
2021-07-15 18:49:10 +00:00
|
|
|
build_iso() {
|
|
|
|
dir="$1"
|
|
|
|
UEFI_SHELL_BINARY=${dir}/Shell.efi
|
|
|
|
ENROLLER_BINARY=${dir}/EnrollDefaultKeys.efi
|
|
|
|
UEFI_SHELL_IMAGE=uefi_shell.img
|
2021-07-15 22:05:43 +00:00
|
|
|
ISO_IMAGE=${dir}/UefiShell.iso
|
2021-07-15 18:49:10 +00:00
|
|
|
|
|
|
|
UEFI_SHELL_BINARY_BNAME=$(basename -- "$UEFI_SHELL_BINARY")
|
|
|
|
UEFI_SHELL_SIZE=$(stat --format=%s -- "$UEFI_SHELL_BINARY")
|
|
|
|
ENROLLER_SIZE=$(stat --format=%s -- "$ENROLLER_BINARY")
|
|
|
|
|
|
|
|
# add 1MB then 10% for metadata
|
|
|
|
UEFI_SHELL_IMAGE_KB=$((
|
|
|
|
(UEFI_SHELL_SIZE + ENROLLER_SIZE + 1 * 1024 * 1024) * 11 / 10 / 1024
|
|
|
|
))
|
|
|
|
|
|
|
|
# create non-partitioned FAT image
|
|
|
|
rm -f -- "$UEFI_SHELL_IMAGE"
|
|
|
|
mkdosfs -C "$UEFI_SHELL_IMAGE" -n UEFI_SHELL -- "$UEFI_SHELL_IMAGE_KB"
|
|
|
|
|
|
|
|
# copy the shell binary into the FAT image
|
|
|
|
export MTOOLS_SKIP_CHECK=1
|
|
|
|
mmd -i "$UEFI_SHELL_IMAGE" ::efi
|
|
|
|
mmd -i "$UEFI_SHELL_IMAGE" ::efi/boot
|
|
|
|
mcopy -i "$UEFI_SHELL_IMAGE" "$UEFI_SHELL_BINARY" ::efi/boot/bootx64.efi
|
|
|
|
mcopy -i "$UEFI_SHELL_IMAGE" "$ENROLLER_BINARY" ::
|
|
|
|
mdir -i "$UEFI_SHELL_IMAGE" -/ ::
|
|
|
|
|
|
|
|
# build ISO with FAT image file as El Torito EFI boot image
|
|
|
|
mkisofs -input-charset ASCII -J -rational-rock \
|
|
|
|
-e "$UEFI_SHELL_IMAGE" -no-emul-boot \
|
|
|
|
-o "$ISO_IMAGE" "$UEFI_SHELL_IMAGE"
|
|
|
|
}
|
|
|
|
|
2021-07-15 22:05:43 +00:00
|
|
|
|
2021-07-15 20:02:04 +00:00
|
|
|
%if %{build_ovmf}
|
2021-07-15 22:05:43 +00:00
|
|
|
# Build with neither SB nor SMM; include UEFI shell.
|
|
|
|
build ${OVMF_FLAGS} -a X64 \
|
|
|
|
-p OvmfPkg/OvmfPkgX64.dsc
|
2016-04-18 12:16:51 +00:00
|
|
|
|
2021-07-15 22:05:43 +00:00
|
|
|
# Build with SB and SMM; exclude UEFI shell.
|
|
|
|
build ${OVMF_SB_FLAGS} -a IA32 -a X64 \
|
|
|
|
-p OvmfPkg/OvmfPkgIa32X64.dsc
|
2016-04-18 12:16:51 +00:00
|
|
|
|
2021-07-15 22:05:43 +00:00
|
|
|
# Sanity check: the varstore templates must be identical.
|
|
|
|
cmp Build/OvmfX64/DEBUG_%{TOOLCHAIN}/FV/OVMF_VARS.fd \
|
|
|
|
Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/FV/OVMF_VARS.fd
|
|
|
|
|
|
|
|
# Prepare an ISO image that boots the UEFI shell.
|
|
|
|
build_iso Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/X64
|
2018-04-30 11:57:51 +00:00
|
|
|
|
2022-04-19 15:19:52 +00:00
|
|
|
virt-fw-vars --input Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/FV/OVMF_VARS.fd \
|
|
|
|
--output Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/FV/OVMF_VARS.secboot.fd \
|
|
|
|
--enroll-redhat --secure-boot
|
2021-07-15 22:05:43 +00:00
|
|
|
|
2021-07-15 20:02:04 +00:00
|
|
|
# endif build_ovmf
|
2017-11-13 17:44:20 +00:00
|
|
|
%endif
|
2016-04-18 12:16:51 +00:00
|
|
|
|
2021-07-15 20:02:04 +00:00
|
|
|
%if %{build_aarch64}
|
2021-07-15 22:05:43 +00:00
|
|
|
# Build with a verbose debug mask first, and stash the binary.
|
|
|
|
build ${CC_FLAGS} -a AARCH64 \
|
|
|
|
-p ArmVirtPkg/ArmVirtQemu.dsc \
|
|
|
|
-D DEBUG_PRINT_ERROR_LEVEL=0x8040004F
|
|
|
|
cp -a Build/ArmVirtQemu-AARCH64/DEBUG_%{TOOLCHAIN}/FV/QEMU_EFI.fd \
|
|
|
|
Build/ArmVirtQemu-AARCH64/DEBUG_%{TOOLCHAIN}/FV/QEMU_EFI.verbose.fd
|
|
|
|
|
|
|
|
# Rebuild with a silent (errors only) debug mask.
|
|
|
|
build ${CC_FLAGS} -a AARCH64 \
|
|
|
|
-p ArmVirtPkg/ArmVirtQemu.dsc \
|
|
|
|
-D DEBUG_PRINT_ERROR_LEVEL=0x80000000
|
2021-07-15 20:02:04 +00:00
|
|
|
# endif build_aarch64
|
|
|
|
%endif
|
2017-03-15 21:56:49 +00:00
|
|
|
|
2021-07-15 20:02:04 +00:00
|
|
|
|
|
|
|
%if %{defined fedora}
|
2022-03-02 09:45:59 +00:00
|
|
|
%if %{build_ovmf}
|
2021-12-02 12:24:16 +00:00
|
|
|
# build microvm
|
|
|
|
build ${OVMF_FLAGS} -a X64 -p OvmfPkg/Microvm/MicrovmX64.dsc
|
|
|
|
|
2017-03-15 21:56:49 +00:00
|
|
|
# build ovmf-ia32
|
|
|
|
mkdir -p ovmf-ia32
|
|
|
|
build ${OVMF_FLAGS} -a IA32 -p OvmfPkg/OvmfPkgIa32.dsc
|
2019-07-12 18:08:23 +00:00
|
|
|
cp Build/OvmfIa32/*/FV/OVMF_CODE*.fd ovmf-ia32/
|
|
|
|
# cp VARS files from from ovmf/, which are all we need
|
2021-07-15 22:05:43 +00:00
|
|
|
cp -a Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/FV/OVMF_VARS*.fd ovmf-ia32
|
2017-03-15 21:56:49 +00:00
|
|
|
rm -rf Build/OvmfIa32
|
|
|
|
|
|
|
|
# build ovmf-ia32 with secure boot
|
|
|
|
build ${OVMF_SB_FLAGS} -a IA32 -p OvmfPkg/OvmfPkgIa32.dsc
|
|
|
|
cp Build/OvmfIa32/*/FV/OVMF_CODE.fd ovmf-ia32/OVMF_CODE.secboot.fd
|
|
|
|
|
|
|
|
# build ovmf-ia32 shell iso with EnrollDefaultKeys
|
2021-07-15 18:49:10 +00:00
|
|
|
build_iso Build/OvmfIa32/DEBUG_%{TOOLCHAIN}/IA32
|
2021-07-15 22:05:43 +00:00
|
|
|
mv Build/OvmfIa32/DEBUG_%{TOOLCHAIN}/IA32/UefiShell.iso ovmf-ia32
|
|
|
|
cp -a Build/OvmfIa32/DEBUG_%{TOOLCHAIN}/IA32/Shell.efi ovmf-ia32
|
|
|
|
cp -a Build/OvmfIa32/DEBUG_%{TOOLCHAIN}/IA32/EnrollDefaultKeys.efi ovmf-ia32
|
2022-03-02 09:45:59 +00:00
|
|
|
# endif build_ovmf
|
|
|
|
%endif
|
2017-03-15 21:56:49 +00:00
|
|
|
|
2020-09-12 11:26:56 +00:00
|
|
|
# build ARMv7 firmware
|
2016-07-21 21:47:43 +00:00
|
|
|
mkdir -p arm
|
2021-07-15 22:05:43 +00:00
|
|
|
build ${CC_FLAGS} -a ARM -p ArmVirtPkg/ArmVirtQemu.dsc
|
2016-07-21 21:47:43 +00:00
|
|
|
cp Build/ArmVirtQemu-ARM/DEBUG_*/FV/*.fd arm
|
|
|
|
dd of="arm/QEMU_EFI-pflash.raw" if="/dev/zero" bs=1M count=64
|
|
|
|
dd of="arm/QEMU_EFI-pflash.raw" if="arm/QEMU_EFI.fd" conv=notrunc
|
|
|
|
dd of="arm/vars-template-pflash.raw" if="/dev/zero" bs=1M count=64
|
2021-07-15 17:49:13 +00:00
|
|
|
|
2021-07-15 20:02:04 +00:00
|
|
|
# endif defined fedora
|
2021-07-15 17:49:13 +00:00
|
|
|
%endif
|
2019-07-11 23:42:10 +00:00
|
|
|
|
2018-04-30 11:57:51 +00:00
|
|
|
|
2021-07-15 20:02:04 +00:00
|
|
|
|
2013-05-02 12:46:06 +00:00
|
|
|
%install
|
2021-07-15 22:05:43 +00:00
|
|
|
|
2021-07-15 20:02:04 +00:00
|
|
|
cp -a OvmfPkg/License.txt License.OvmfPkg.txt
|
|
|
|
cp -a CryptoPkg/Library/OpensslLib/openssl/LICENSE LICENSE.openssl
|
2021-07-15 22:05:43 +00:00
|
|
|
mkdir -p %{buildroot}%{_datadir}/qemu/firmware
|
2021-07-15 20:02:04 +00:00
|
|
|
|
2021-07-15 22:05:43 +00:00
|
|
|
# install the tools
|
2016-04-18 12:16:51 +00:00
|
|
|
mkdir -p %{buildroot}%{_bindir} \
|
|
|
|
%{buildroot}%{_datadir}/%{name}/Conf \
|
|
|
|
%{buildroot}%{_datadir}/%{name}/Scripts
|
|
|
|
install BaseTools/Source/C/bin/* \
|
2015-12-29 17:03:01 +00:00
|
|
|
%{buildroot}%{_bindir}
|
2016-04-18 12:16:51 +00:00
|
|
|
install BaseTools/BinWrappers/PosixLike/LzmaF86Compress \
|
|
|
|
%{buildroot}%{_bindir}
|
|
|
|
install BaseTools/BuildEnv \
|
2014-06-24 07:50:13 +00:00
|
|
|
%{buildroot}%{_datadir}/%{name}
|
2016-04-18 12:16:51 +00:00
|
|
|
install BaseTools/Conf/*.template \
|
2014-06-23 15:25:24 +00:00
|
|
|
%{buildroot}%{_datadir}/%{name}/Conf
|
2016-04-18 12:16:51 +00:00
|
|
|
install BaseTools/Scripts/GccBase.lds \
|
2014-06-23 15:25:24 +00:00
|
|
|
%{buildroot}%{_datadir}/%{name}/Scripts
|
|
|
|
|
2013-05-02 12:46:06 +00:00
|
|
|
|
2021-07-15 20:02:04 +00:00
|
|
|
%if %{build_ovmf}
|
2021-07-15 22:05:43 +00:00
|
|
|
mkdir -p \
|
|
|
|
%{buildroot}%{_datadir}/OVMF \
|
|
|
|
%{buildroot}%{_datadir}/%{name}/ovmf
|
|
|
|
|
|
|
|
install -m 0644 Build/OvmfX64/DEBUG_%{TOOLCHAIN}/FV/OVMF_CODE.fd \
|
|
|
|
%{buildroot}%{_datadir}/%{name}/ovmf/OVMF_CODE.fd
|
|
|
|
install -m 0644 Build/OvmfX64/DEBUG_%{TOOLCHAIN}/FV/OVMF_CODE.fd \
|
|
|
|
%{buildroot}%{_datadir}/%{name}/ovmf/OVMF_CODE.cc.fd
|
|
|
|
install -m 0644 Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/FV/OVMF_CODE.fd \
|
|
|
|
%{buildroot}%{_datadir}/%{name}/ovmf/OVMF_CODE.secboot.fd
|
|
|
|
|
|
|
|
install -m 0644 Build/OvmfX64/DEBUG_%{TOOLCHAIN}/FV/OVMF_VARS.fd \
|
|
|
|
%{buildroot}%{_datadir}/%{name}/ovmf/OVMF_VARS.fd
|
|
|
|
install -m 0644 Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/FV/OVMF_VARS.secboot.fd \
|
|
|
|
%{buildroot}%{_datadir}/%{name}/ovmf/OVMF_VARS.secboot.fd
|
|
|
|
install -m 0644 Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/X64/UefiShell.iso \
|
|
|
|
%{buildroot}%{_datadir}/%{name}/ovmf/UefiShell.iso
|
|
|
|
|
|
|
|
ln -s ../%{name}/ovmf/OVMF_CODE.fd %{buildroot}%{_datadir}/OVMF
|
|
|
|
ln -s ../%{name}/ovmf/OVMF_CODE.secboot.fd %{buildroot}%{_datadir}/OVMF/
|
|
|
|
ln -s ../%{name}/ovmf/OVMF_VARS.fd %{buildroot}%{_datadir}/OVMF/
|
|
|
|
ln -s ../%{name}/ovmf/OVMF_VARS.secboot.fd %{buildroot}%{_datadir}/OVMF/
|
|
|
|
ln -s ../%{name}/ovmf/UefiShell.iso %{buildroot}%{_datadir}/OVMF/
|
|
|
|
|
|
|
|
install -m 0644 Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/X64/Shell.efi \
|
|
|
|
%{buildroot}%{_datadir}/%{name}/ovmf/Shell.efi
|
|
|
|
install -m 0644 Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/X64/EnrollDefaultKeys.efi \
|
|
|
|
%{buildroot}%{_datadir}/%{name}/ovmf/EnrollDefaultKeys.efi
|
|
|
|
|
|
|
|
install -m 0644 edk2-ovmf-sb.json \
|
|
|
|
%{buildroot}%{_datadir}/qemu/firmware/40-edk2-ovmf-sb.json
|
|
|
|
install -m 0644 edk2-ovmf.json \
|
|
|
|
%{buildroot}%{_datadir}/qemu/firmware/50-edk2-ovmf.json
|
|
|
|
install -m 0644 edk2-ovmf-cc.json \
|
|
|
|
%{buildroot}%{_datadir}/qemu/firmware/50-edk2-ovmf-cc.json
|
2021-07-15 20:02:04 +00:00
|
|
|
# endif build_ovmf
|
2017-11-13 17:44:20 +00:00
|
|
|
%endif
|
2019-07-12 18:11:22 +00:00
|
|
|
|
2022-03-02 09:58:37 +00:00
|
|
|
mkdir -p %{buildroot}%{_datadir}/AAVMF
|
2021-07-15 20:02:04 +00:00
|
|
|
%if %{build_aarch64}
|
2022-03-02 09:58:37 +00:00
|
|
|
mkdir -p %{buildroot}%{_datadir}/%{name}/aarch64
|
2021-07-15 22:05:43 +00:00
|
|
|
|
|
|
|
# Pad and install the verbose binary.
|
|
|
|
cat Build/ArmVirtQemu-AARCH64/DEBUG_%{TOOLCHAIN}/FV/QEMU_EFI.verbose.fd \
|
|
|
|
/dev/zero \
|
|
|
|
| head -c 64m \
|
|
|
|
> %{buildroot}%{_datadir}/%{name}/aarch64/QEMU_EFI-pflash.raw
|
|
|
|
|
|
|
|
# Pad and install the silent (default) binary.
|
|
|
|
cat Build/ArmVirtQemu-AARCH64/DEBUG_%{TOOLCHAIN}/FV/QEMU_EFI.fd \
|
|
|
|
/dev/zero \
|
|
|
|
| head -c 64m \
|
|
|
|
> %{buildroot}%{_datadir}/%{name}/aarch64/QEMU_EFI-silent-pflash.raw
|
|
|
|
|
|
|
|
# Create varstore template.
|
|
|
|
cat Build/ArmVirtQemu-AARCH64/DEBUG_%{TOOLCHAIN}/FV/QEMU_VARS.fd \
|
|
|
|
/dev/zero \
|
|
|
|
| head -c 64m \
|
|
|
|
> %{buildroot}%{_datadir}/%{name}/aarch64/vars-template-pflash.raw
|
|
|
|
|
|
|
|
ln -s ../%{name}/aarch64/QEMU_EFI-pflash.raw \
|
|
|
|
%{buildroot}%{_datadir}/AAVMF/AAVMF_CODE.verbose.fd
|
|
|
|
ln -s ../%{name}/aarch64/QEMU_EFI-silent-pflash.raw \
|
|
|
|
%{buildroot}%{_datadir}/AAVMF/AAVMF_CODE.fd
|
|
|
|
ln -s ../%{name}/aarch64/vars-template-pflash.raw \
|
|
|
|
%{buildroot}%{_datadir}/AAVMF/AAVMF_VARS.fd
|
|
|
|
|
|
|
|
chmod 0644 -- %{buildroot}%{_datadir}/AAVMF/AAVMF_*.fd
|
|
|
|
|
|
|
|
install -m 0644 Build/ArmVirtQemu-AARCH64/DEBUG_%{TOOLCHAIN}/FV/QEMU_EFI.verbose.fd \
|
|
|
|
%{buildroot}%{_datadir}/%{name}/aarch64/QEMU_EFI.fd
|
|
|
|
install -m 0644 Build/ArmVirtQemu-AARCH64/DEBUG_%{TOOLCHAIN}/FV/QEMU_EFI.fd \
|
|
|
|
%{buildroot}%{_datadir}/%{name}/aarch64/QEMU_EFI.silent.fd
|
|
|
|
install -m 0644 Build/ArmVirtQemu-AARCH64/DEBUG_%{TOOLCHAIN}/FV/QEMU_VARS.fd \
|
|
|
|
%{buildroot}%{_datadir}/%{name}/aarch64/QEMU_VARS.fd
|
|
|
|
|
|
|
|
install -m 0644 edk2-aarch64.json \
|
|
|
|
%{buildroot}%{_datadir}/qemu/firmware/60-edk2-aarch64.json
|
|
|
|
install -m 0644 edk2-aarch64-verbose.json \
|
|
|
|
%{buildroot}%{_datadir}/qemu/firmware/70-edk2-aarch64-verbose.json
|
2021-07-15 20:02:04 +00:00
|
|
|
# endif build_aarch64
|
2017-11-13 17:44:20 +00:00
|
|
|
%endif
|
2019-07-12 18:11:22 +00:00
|
|
|
|
|
|
|
|
2021-07-15 20:02:04 +00:00
|
|
|
%if %{defined fedora}
|
2022-03-02 09:45:59 +00:00
|
|
|
%if %{build_ovmf}
|
2021-12-02 12:24:16 +00:00
|
|
|
# install microvm
|
|
|
|
install -m 0644 Build/MicrovmX64/DEBUG_%{TOOLCHAIN}/FV/MICROVM.fd \
|
|
|
|
%{buildroot}%{_datadir}/%{name}/ovmf/MICROVM.fd
|
|
|
|
install -p -m 0644 %{_sourcedir}/edk2-microvm.json \
|
|
|
|
%{buildroot}%{_datadir}/qemu/firmware/60-edk2-ovmf-microvm.json
|
|
|
|
|
2021-07-20 16:30:38 +00:00
|
|
|
# Install extra x86_64 json files
|
2021-07-20 17:50:42 +00:00
|
|
|
install -p -m 0644 %{_sourcedir}/edk2-ovmf-nosb.json \
|
2021-07-20 16:30:38 +00:00
|
|
|
%{buildroot}%{_datadir}/qemu/firmware/60-edk2-ovmf-nosb.json
|
|
|
|
|
|
|
|
|
2021-07-15 20:02:04 +00:00
|
|
|
# install ia32
|
|
|
|
cp -a ovmf-ia32 %{buildroot}%{_datadir}/%{name}
|
Ship the JSON firmware "descriptor files"
From version 4.1 (due in August 2019) onwards, QEMU ships the so-called
firmware "descriptor files". These are small JSON files that describe
details about UEFI firmware binaries — such as the fimware binary path,
its architecture, supported machine type, NVRAM template and so forth.
You can see examples of these files from the QEMU upstream Git:
https://git.qemu.org/?p=qemu.git;a=tree;f=pc-bios/descriptors
$> tree descriptors/
descriptors/
├── 50-edk2-i386-secure.json
├── 50-edk2-x86_64-secure.json
├── 60-edk2-aarch64.json
├── 60-edk2-arm.json
├── 60-edk2-i386.json
└── 60-edk2-x86_64.json
QEMU 4.1 itself will ship the above files. However, Fedora needs to
ship these file as part of its EDK2 package.
Why?
----
(1) Quoting (with minor formatting edits) Laszlo Ersek:
Distributions providing their own EDK2 packages would not include
the descriptors from upstream QEMU, even if they otherwise package
QEMU. That's beause the descriptor files in QEMU match the
firmware bundled with QEMU -- but the firmware images in the
distros' own EDK2 packages are different. So, if a distro
provides an EDK2 package, then the same EDK2 package should offer
matching descriptors. QEMU offers descriptors (soon) because QEMU
technically distributes edk2 firmware binaries (soon). [Where
"soon" == QEMU 4.1]
(2) And as Dan Berrangé reminded on IRC:
In Fedora, we need to ship them [the "descriptor files"] as part
of the EDK2 package, because Fedora throws away all the firmware
files that QEMU bundles, because we're [Fedora] required to
rebuild everything from pristine source.
- - -
In this patch:
(*) Use the firmware descriptor files provided by Laszlo (thanks!) in
this comment here:
https://bugzilla.redhat.com/show_bug.cgi?id=1728652#c2 ("RFE: Ship
the JSON firmware "descriptor files" as part of EDK2").
On the double-digit priority prefixes, refer to the rationale here:
https://src.fedoraproject.org/rpms/edk2/pull-request/3#comment-27523
(*) Install the JSON files for the relevant architectures in
`/usr/share/qemu/firmware`, as required by specification[+]. And
make each EDK2 own this directory; multiple RPMs owning the same
directory is no problem.
[+] https://git.qemu.org/?p=qemu.git;a=blob;f=docs/interop/firmware.json
Resolves: rhbz#1728652
Signed-off-by: Kashyap Chamarthy <kchamart@redhat.com>
2019-07-12 09:20:38 +00:00
|
|
|
|
2021-07-15 20:02:04 +00:00
|
|
|
for f in %{_sourcedir}/*edk2-ovmf-ia32*.json; do
|
2019-07-12 18:11:22 +00:00
|
|
|
install -pm 644 $f %{buildroot}/%{_datadir}/qemu/firmware
|
|
|
|
done
|
2022-03-02 09:45:59 +00:00
|
|
|
# endif build_ovmf
|
|
|
|
%endif
|
2019-07-12 18:11:22 +00:00
|
|
|
|
2021-07-15 20:02:04 +00:00
|
|
|
# install arm32
|
|
|
|
cp -a arm %{buildroot}%{_datadir}/%{name}
|
|
|
|
ln -sf ../%{name}/arm/QEMU_EFI-pflash.raw %{buildroot}%{_datadir}/AAVMF/AAVMF32_CODE.fd
|
2019-07-12 18:11:22 +00:00
|
|
|
|
2021-07-15 22:05:43 +00:00
|
|
|
for f in %{_sourcedir}/*edk2-arm-*.json; do
|
2019-07-12 18:11:22 +00:00
|
|
|
install -pm 644 $f %{buildroot}/%{_datadir}/qemu/firmware
|
|
|
|
done
|
2021-07-15 20:02:04 +00:00
|
|
|
|
|
|
|
|
|
|
|
# edk2-tools-python install
|
|
|
|
cp -R BaseTools/Source/Python %{buildroot}%{_datadir}/%{name}/Python
|
|
|
|
for i in build BPDG Ecc GenDepex GenFds GenPatchPcdTable PatchPcdValue TargetTool Trim UPT; do
|
|
|
|
echo '#!/bin/sh
|
|
|
|
export PYTHONPATH=%{_datadir}/%{name}/Python
|
|
|
|
exec python3 '%{_datadir}/%{name}/Python/$i/$i.py' "$@"' > %{buildroot}%{_bindir}/$i
|
|
|
|
chmod +x %{buildroot}%{_bindir}/$i
|
|
|
|
done
|
2016-05-21 14:39:41 +00:00
|
|
|
|
2020-08-04 21:47:50 +00:00
|
|
|
%if 0%{?py_byte_compile:1}
|
|
|
|
# https://docs.fedoraproject.org/en-US/packaging-guidelines/Python_Appendix/#manual-bytecompilation
|
|
|
|
%py_byte_compile %{python3} %{buildroot}%{_datadir}/edk2/Python
|
|
|
|
%endif
|
|
|
|
|
2021-07-15 20:02:04 +00:00
|
|
|
# edk2-qosb install
|
2021-07-15 17:49:13 +00:00
|
|
|
install -p ovmf-vars-generator %{buildroot}%{_bindir}
|
2018-04-30 11:57:51 +00:00
|
|
|
|
2021-07-15 20:02:04 +00:00
|
|
|
# endif defined fedora
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
%check
|
2021-07-15 22:05:43 +00:00
|
|
|
|
2021-07-15 20:02:04 +00:00
|
|
|
%if %{qosb_testing}
|
2022-04-19 15:19:52 +00:00
|
|
|
virt-fw-vars --input Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/FV/OVMF_VARS.secboot.fd \
|
|
|
|
--print | grep "SecureBootEnable.*ON"
|
2021-07-15 20:02:04 +00:00
|
|
|
|
|
|
|
# endif qosb_testing
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
|
|
%global common_files \
|
|
|
|
%%license License.txt License.OvmfPkg.txt License-History.txt LICENSE.openssl \
|
|
|
|
%%dir %%{_datadir}/%%{name}/ \
|
|
|
|
%%dir %%{_datadir}/qemu \
|
|
|
|
%%dir %%{_datadir}/qemu/firmware
|
|
|
|
|
|
|
|
%if %{build_ovmf}
|
|
|
|
%files ovmf
|
|
|
|
%common_files
|
|
|
|
%doc OvmfPkg/README
|
|
|
|
%doc ovmf-whitepaper-c770f8c.txt
|
|
|
|
%dir %{_datadir}/OVMF/
|
|
|
|
%dir %{_datadir}/%{name}/ovmf/
|
|
|
|
%{_datadir}/%{name}/ovmf/OVMF_CODE.fd
|
2021-07-15 22:05:43 +00:00
|
|
|
%{_datadir}/%{name}/ovmf/OVMF_CODE.cc.fd
|
2021-07-15 20:02:04 +00:00
|
|
|
%{_datadir}/%{name}/ovmf/OVMF_CODE.secboot.fd
|
|
|
|
%{_datadir}/%{name}/ovmf/OVMF_VARS.fd
|
|
|
|
%{_datadir}/%{name}/ovmf/OVMF_VARS.secboot.fd
|
|
|
|
%{_datadir}/%{name}/ovmf/UefiShell.iso
|
|
|
|
%{_datadir}/OVMF/OVMF_CODE.fd
|
|
|
|
%{_datadir}/OVMF/OVMF_CODE.secboot.fd
|
|
|
|
%{_datadir}/OVMF/OVMF_VARS.fd
|
|
|
|
%{_datadir}/OVMF/OVMF_VARS.secboot.fd
|
|
|
|
%{_datadir}/OVMF/UefiShell.iso
|
|
|
|
%{_datadir}/%{name}/ovmf/Shell.efi
|
|
|
|
%{_datadir}/%{name}/ovmf/EnrollDefaultKeys.efi
|
2021-07-15 22:05:43 +00:00
|
|
|
%{_datadir}/qemu/firmware/40-edk2-ovmf-sb.json
|
|
|
|
%{_datadir}/qemu/firmware/50-edk2-ovmf-cc.json
|
|
|
|
%{_datadir}/qemu/firmware/50-edk2-ovmf.json
|
2021-07-20 16:30:38 +00:00
|
|
|
%if %{defined fedora}
|
2021-12-02 12:24:16 +00:00
|
|
|
%{_datadir}/%{name}/ovmf/MICROVM.fd
|
2021-07-20 16:30:38 +00:00
|
|
|
%{_datadir}/qemu/firmware/60-edk2-ovmf-nosb.json
|
2021-12-02 12:24:16 +00:00
|
|
|
%{_datadir}/qemu/firmware/60-edk2-ovmf-microvm.json
|
2021-07-20 16:30:38 +00:00
|
|
|
%endif
|
2021-07-15 20:02:04 +00:00
|
|
|
# endif build_ovmf
|
|
|
|
%endif
|
|
|
|
|
|
|
|
%if %{build_aarch64}
|
|
|
|
%files aarch64
|
|
|
|
%common_files
|
|
|
|
%dir %{_datadir}/AAVMF/
|
|
|
|
%dir %{_datadir}/%{name}/aarch64/
|
|
|
|
%{_datadir}/%{name}/aarch64/QEMU_EFI-pflash.raw
|
2021-07-15 22:05:43 +00:00
|
|
|
%{_datadir}/%{name}/aarch64/QEMU_EFI-silent-pflash.raw
|
2021-07-15 20:02:04 +00:00
|
|
|
%{_datadir}/%{name}/aarch64/vars-template-pflash.raw
|
2021-07-15 22:05:43 +00:00
|
|
|
%{_datadir}/AAVMF/AAVMF_CODE.verbose.fd
|
2021-07-15 20:02:04 +00:00
|
|
|
%{_datadir}/AAVMF/AAVMF_CODE.fd
|
|
|
|
%{_datadir}/AAVMF/AAVMF_VARS.fd
|
|
|
|
%{_datadir}/%{name}/aarch64/QEMU_EFI.fd
|
2021-07-15 22:05:43 +00:00
|
|
|
%{_datadir}/%{name}/aarch64/QEMU_EFI.silent.fd
|
2021-07-15 20:02:04 +00:00
|
|
|
%{_datadir}/%{name}/aarch64/QEMU_VARS.fd
|
2021-07-15 22:05:43 +00:00
|
|
|
%{_datadir}/qemu/firmware/60-edk2-aarch64.json
|
2021-07-15 20:02:04 +00:00
|
|
|
%{_datadir}/qemu/firmware/70-edk2-aarch64-verbose.json
|
|
|
|
# endif build_aarch64
|
|
|
|
%endif
|
2016-04-18 12:16:51 +00:00
|
|
|
|
2013-05-02 12:46:06 +00:00
|
|
|
%files tools
|
2017-11-14 15:05:26 +00:00
|
|
|
%license License.txt
|
2021-07-15 20:02:04 +00:00
|
|
|
%license License-History.txt
|
2018-05-29 21:06:35 +00:00
|
|
|
%{_bindir}/DevicePath
|
2013-05-02 12:46:06 +00:00
|
|
|
%{_bindir}/EfiRom
|
|
|
|
%{_bindir}/GenCrc32
|
|
|
|
%{_bindir}/GenFfs
|
|
|
|
%{_bindir}/GenFv
|
|
|
|
%{_bindir}/GenFw
|
|
|
|
%{_bindir}/GenSec
|
|
|
|
%{_bindir}/LzmaCompress
|
2014-06-23 15:25:24 +00:00
|
|
|
%{_bindir}/LzmaF86Compress
|
|
|
|
%{_bindir}/TianoCompress
|
2013-05-02 12:46:06 +00:00
|
|
|
%{_bindir}/VfrCompile
|
|
|
|
%{_bindir}/VolInfo
|
2016-04-18 12:16:51 +00:00
|
|
|
%dir %{_datadir}/%{name}
|
2014-06-24 07:50:13 +00:00
|
|
|
%{_datadir}/%{name}/BuildEnv
|
2016-04-18 12:16:51 +00:00
|
|
|
%{_datadir}/%{name}/Conf
|
|
|
|
%{_datadir}/%{name}/Scripts
|
2013-05-02 12:46:06 +00:00
|
|
|
|
2021-07-15 20:02:04 +00:00
|
|
|
%files tools-doc
|
|
|
|
%doc BaseTools/UserManuals/*.rtf
|
|
|
|
|
|
|
|
|
|
|
|
%if %{defined fedora}
|
2022-03-02 09:45:59 +00:00
|
|
|
%if %{build_ovmf}
|
2021-07-15 20:02:04 +00:00
|
|
|
%files ovmf-ia32
|
|
|
|
%common_files
|
|
|
|
%dir %{_datadir}/%{name}/ovmf-ia32
|
|
|
|
%{_datadir}/%{name}/ovmf-ia32
|
|
|
|
%{_datadir}/%{name}/ovmf-ia32/EnrollDefaultKeys.efi
|
|
|
|
%{_datadir}/%{name}/ovmf-ia32/OVMF_CODE.fd
|
|
|
|
%{_datadir}/%{name}/ovmf-ia32/OVMF_CODE.secboot.fd
|
|
|
|
%{_datadir}/%{name}/ovmf-ia32/OVMF_VARS.fd
|
|
|
|
%{_datadir}/%{name}/ovmf-ia32/OVMF_VARS.secboot.fd
|
|
|
|
%{_datadir}/%{name}/ovmf-ia32/Shell.efi
|
|
|
|
%{_datadir}/%{name}/ovmf-ia32/UefiShell.iso
|
|
|
|
%{_datadir}/qemu/firmware/40-edk2-ovmf-ia32-sb-enrolled.json
|
|
|
|
%{_datadir}/qemu/firmware/50-edk2-ovmf-ia32-sb.json
|
|
|
|
%{_datadir}/qemu/firmware/60-edk2-ovmf-ia32.json
|
2022-03-02 09:45:59 +00:00
|
|
|
%endif
|
2021-07-15 20:02:04 +00:00
|
|
|
|
|
|
|
%files arm
|
|
|
|
%common_files
|
|
|
|
%dir %{_datadir}/%{name}/arm
|
|
|
|
%{_datadir}/AAVMF/AAVMF32_CODE.fd
|
|
|
|
%{_datadir}/%{name}/arm
|
|
|
|
%{_datadir}/%{name}/arm/QEMU_EFI-pflash.raw
|
|
|
|
%{_datadir}/%{name}/arm/QEMU_EFI.fd
|
|
|
|
%{_datadir}/%{name}/arm/QEMU_VARS.fd
|
|
|
|
%{_datadir}/%{name}/arm/vars-template-pflash.raw
|
|
|
|
%{_datadir}/qemu/firmware/70-edk2-arm-verbose.json
|
|
|
|
|
|
|
|
|
2013-05-02 12:46:06 +00:00
|
|
|
%files tools-python
|
2014-06-23 15:25:24 +00:00
|
|
|
%{_bindir}/build
|
2013-05-02 12:46:06 +00:00
|
|
|
%{_bindir}/BPDG
|
2014-06-23 15:25:24 +00:00
|
|
|
%{_bindir}/Ecc
|
2013-05-02 12:46:06 +00:00
|
|
|
%{_bindir}/GenDepex
|
|
|
|
%{_bindir}/GenFds
|
|
|
|
%{_bindir}/GenPatchPcdTable
|
|
|
|
%{_bindir}/PatchPcdValue
|
|
|
|
%{_bindir}/TargetTool
|
|
|
|
%{_bindir}/Trim
|
|
|
|
%{_bindir}/UPT
|
2016-04-18 12:16:51 +00:00
|
|
|
%dir %{_datadir}/%{name}
|
|
|
|
%{_datadir}/%{name}/Python
|
2013-05-02 12:46:06 +00:00
|
|
|
|
2016-04-18 12:16:51 +00:00
|
|
|
|
2018-04-30 11:57:51 +00:00
|
|
|
%files qosb
|
|
|
|
%license LICENSE.qosb
|
|
|
|
%{_bindir}/ovmf-vars-generator
|
|
|
|
|
2021-07-15 20:02:04 +00:00
|
|
|
# endif fedora
|
2017-11-13 17:44:20 +00:00
|
|
|
%endif
|
2016-07-21 21:47:43 +00:00
|
|
|
|
2013-05-02 12:46:06 +00:00
|
|
|
|
|
|
|
%changelog
|
2022-04-19 15:19:52 +00:00
|
|
|
* Tue Apr 19 2022 Gerd Hoffmann <kraxel@redhat.com> - 20220221gitb24306f15daa-4
|
|
|
|
- switch to virt-firmware for secure boot key enrollment
|
|
|
|
|
2022-04-07 05:28:55 +00:00
|
|
|
* Thu Apr 07 2022 Gerd Hoffmann <kraxel@redhat.com> - 20220221gitb24306f15daa-3
|
|
|
|
- Fix TPM build options.
|
2022-04-07 05:42:24 +00:00
|
|
|
- Stop builds on i686 (iasl missing).
|
2022-04-07 05:28:55 +00:00
|
|
|
- Resolves rhbz#2072827
|
|
|
|
|
2022-03-23 08:15:34 +00:00
|
|
|
* Wed Mar 23 2022 Gerd Hoffmann <kraxel@redhat.com> - 20220221gitb24306f15daa-1
|
|
|
|
- Update to edk2-stable202202
|
|
|
|
|
2022-01-20 01:39:04 +00:00
|
|
|
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 20211126gitbb1bba3d7767-2
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
|
|
|
|
|
2021-11-29 13:29:46 +00:00
|
|
|
* Mon Dec 6 2021 Gerd Hoffmann <kraxel@redhat.com> - 20211126gitbb1bba3d7767-1
|
|
|
|
- Update to edk2-stable202111
|
|
|
|
- Resolves rhbz#1978966
|
|
|
|
- Resolves rhbz#2026744
|
|
|
|
|
2021-12-06 10:26:36 +00:00
|
|
|
* Mon Dec 6 2021 Daniel P. Berrangé <berrange@redhat.com> - 20210527gite1999b264f1f-5
|
|
|
|
- Drop glibc strcmp workaround
|
|
|
|
|
2021-11-29 11:38:42 +00:00
|
|
|
* Mon Nov 29 2021 Daniel P. Berrangé <berrange@redhat.com> - 20210527gite1999b264f1f-4
|
|
|
|
- Drop customized splash screen boot logo
|
2021-12-03 15:44:42 +00:00
|
|
|
- Temporary workaround for suspected glibc strcmp bug breaking builds in koji
|
2021-11-29 11:38:42 +00:00
|
|
|
|
2021-09-01 17:40:04 +00:00
|
|
|
* Wed Sep 1 2021 Daniel P. Berrangé <berrange@redhat.com> - 20210527gite1999b264f1f-3
|
|
|
|
- Fix qemu packaging conditionals for ELN builds
|
|
|
|
|
2021-07-21 21:41:20 +00:00
|
|
|
* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 20210527gite1999b264f1f-2
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
|
|
|
|
|
2021-07-20 22:29:15 +00:00
|
|
|
* Tue Jul 20 2021 Cole Robinson <crobinso@redhat.com> - 20210527gite1999b264f1f-1
|
|
|
|
- Update to git snapshot
|
|
|
|
- Sync with c9s packaging
|
|
|
|
|
2021-06-14 19:51:32 +00:00
|
|
|
* Mon Jun 14 2021 Jiri Kucera <jkucera@redhat.com> - 20200801stable-5
|
|
|
|
- Replace genisoimage with xorriso
|
|
|
|
|
2021-01-26 04:20:12 +00:00
|
|
|
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 20200801stable-4
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
|
|
|
|
2020-12-03 16:37:35 +00:00
|
|
|
* Thu Dec 03 2020 Cole Robinson <aintdiscole@gmail.com> - 20200801stable-3
|
|
|
|
- Really fix TPM breakage (bz 1897367)
|
|
|
|
|
2020-11-24 15:23:08 +00:00
|
|
|
* Tue Nov 24 2020 Cole Robinson <aintdiscole@gmail.com> - 20200801stable-2
|
|
|
|
- Fix openssl usage, unbreak TPM (bz 1897367)
|
|
|
|
|
2020-09-16 14:25:00 +00:00
|
|
|
* Wed Sep 16 2020 Cole Robinson <crobinso@redhat.com> - 20200801stable-1
|
|
|
|
- Update to edk2 stable 202008
|
|
|
|
|
2020-09-12 11:26:56 +00:00
|
|
|
* Sat Sep 12 2020 Peter Robinson <pbrobinson@fedoraproject.org> - 20200201stable-6
|
|
|
|
- Tweaks for aarch64/ARMv7 builds
|
|
|
|
- Minor cleanups
|
|
|
|
|
2020-08-04 21:47:50 +00:00
|
|
|
* Tue Aug 04 2020 Cole Robinson <aintdiscole@gmail.com> - 20200201stable-5
|
|
|
|
- Fix build failures on rawhide
|
|
|
|
|
2020-08-01 00:43:57 +00:00
|
|
|
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 20200201stable-4
|
|
|
|
- Second attempt - Rebuilt for
|
|
|
|
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
|
|
|
|
2020-07-27 16:19:15 +00:00
|
|
|
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 20200201stable-3
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
|
|
|
|
2020-07-13 19:20:26 +00:00
|
|
|
* Mon Jul 13 2020 Tom Stellard <tstellar@redhat.com> - 20200201stable-2
|
|
|
|
- Use make macros
|
|
|
|
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
|
|
|
|
|
2020-04-13 22:29:55 +00:00
|
|
|
* Mon Apr 13 2020 Cole Robinson <aintdiscole@gmail.com> - 20200201stable-1
|
|
|
|
- Update to stable-202002
|
|
|
|
|
2020-01-28 17:00:29 +00:00
|
|
|
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 20190501stable-5
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
|
|
|
|
2019-09-06 17:10:17 +00:00
|
|
|
* Fri Sep 06 2019 Patrick Uiterwijk <puiterwijk@redhat.com> - 20190501stable-4
|
|
|
|
- Updated HTTP_BOOT option to new upstream value
|
|
|
|
|
2019-07-24 23:12:49 +00:00
|
|
|
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 20190501stable-3
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
|
|
|
|
2019-07-15 15:41:49 +00:00
|
|
|
* Mon Jul 15 2019 Cole Robinson <aintdiscole@gmail.com> - 20190501stable-2
|
|
|
|
- License is now BSD-2-Clause-Patent
|
|
|
|
- Re-enable secureboot enrollment
|
|
|
|
- Use qemu-ovmf-secureboot from git
|
|
|
|
|
2019-07-11 23:42:10 +00:00
|
|
|
* Thu Jul 11 2019 Cole Robinson <crobinso@redhat.com> - 20190501stable-1
|
|
|
|
- Update to stable-201905
|
|
|
|
- Update to openssl-1.1.1b
|
2019-07-12 17:06:37 +00:00
|
|
|
- Ship VARS file for ovmf-ia32 (bug 1688596)
|
Ship the JSON firmware "descriptor files"
From version 4.1 (due in August 2019) onwards, QEMU ships the so-called
firmware "descriptor files". These are small JSON files that describe
details about UEFI firmware binaries — such as the fimware binary path,
its architecture, supported machine type, NVRAM template and so forth.
You can see examples of these files from the QEMU upstream Git:
https://git.qemu.org/?p=qemu.git;a=tree;f=pc-bios/descriptors
$> tree descriptors/
descriptors/
├── 50-edk2-i386-secure.json
├── 50-edk2-x86_64-secure.json
├── 60-edk2-aarch64.json
├── 60-edk2-arm.json
├── 60-edk2-i386.json
└── 60-edk2-x86_64.json
QEMU 4.1 itself will ship the above files. However, Fedora needs to
ship these file as part of its EDK2 package.
Why?
----
(1) Quoting (with minor formatting edits) Laszlo Ersek:
Distributions providing their own EDK2 packages would not include
the descriptors from upstream QEMU, even if they otherwise package
QEMU. That's beause the descriptor files in QEMU match the
firmware bundled with QEMU -- but the firmware images in the
distros' own EDK2 packages are different. So, if a distro
provides an EDK2 package, then the same EDK2 package should offer
matching descriptors. QEMU offers descriptors (soon) because QEMU
technically distributes edk2 firmware binaries (soon). [Where
"soon" == QEMU 4.1]
(2) And as Dan Berrangé reminded on IRC:
In Fedora, we need to ship them [the "descriptor files"] as part
of the EDK2 package, because Fedora throws away all the firmware
files that QEMU bundles, because we're [Fedora] required to
rebuild everything from pristine source.
- - -
In this patch:
(*) Use the firmware descriptor files provided by Laszlo (thanks!) in
this comment here:
https://bugzilla.redhat.com/show_bug.cgi?id=1728652#c2 ("RFE: Ship
the JSON firmware "descriptor files" as part of EDK2").
On the double-digit priority prefixes, refer to the rationale here:
https://src.fedoraproject.org/rpms/edk2/pull-request/3#comment-27523
(*) Install the JSON files for the relevant architectures in
`/usr/share/qemu/firmware`, as required by specification[+]. And
make each EDK2 own this directory; multiple RPMs owning the same
directory is no problem.
[+] https://git.qemu.org/?p=qemu.git;a=blob;f=docs/interop/firmware.json
Resolves: rhbz#1728652
Signed-off-by: Kashyap Chamarthy <kchamart@redhat.com>
2019-07-12 09:20:38 +00:00
|
|
|
- Ship Fedora-variant JSON "firmware descriptor files"
|
|
|
|
- Resolves rhbz#1728652
|
2019-07-11 23:42:10 +00:00
|
|
|
|
2019-03-18 15:03:41 +00:00
|
|
|
* Mon Mar 18 2019 Cole Robinson <aintdiscole@gmail.com> - 20190308stable-1
|
|
|
|
- Use YYYYMMDD versioning to fix upgrade path
|
|
|
|
|
|
|
|
* Fri Mar 15 2019 Cole Robinson <aintdiscole@gmail.com> - 201903stable-1
|
2019-03-15 16:27:02 +00:00
|
|
|
- Update to stable-201903
|
|
|
|
- Update to openssl-1.1.0j
|
|
|
|
- Move to python3 deps
|
|
|
|
|
2019-01-31 18:22:54 +00:00
|
|
|
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 20180815gitcb5f4f45ce-6
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
|
|
|
|
2018-11-14 16:10:37 +00:00
|
|
|
* Wed Nov 14 2018 Patrick Uiterwijk <puiterwijk@redhat.com> - 20180815gitcb5f4f45ce-5
|
|
|
|
- Add -qosb dependency on python3
|
|
|
|
|
2018-11-09 20:13:58 +00:00
|
|
|
* Fri Nov 9 2018 Paolo Bonzini <pbonzini@redhat.com> - 20180815gitcb5f4f45ce-4
|
|
|
|
- Fix network boot via grub (bz 1648476)
|
|
|
|
|
2018-09-12 13:50:36 +00:00
|
|
|
* Wed Sep 12 2018 Paolo Bonzini <pbonzini@redhat.com> - 20180815gitcb5f4f45ce-3
|
|
|
|
- Explicitly compile the scripts using py_byte_compile
|
|
|
|
|
2018-08-31 17:07:49 +00:00
|
|
|
* Fri Aug 31 2018 Cole Robinson <crobinso@redhat.com> - 20180815gitcb5f4f45ce-2
|
|
|
|
- Fix passing through RPM build flags (bz 1540244)
|
|
|
|
|
2018-08-16 19:50:44 +00:00
|
|
|
* Tue Aug 21 2018 Cole Robinson <crobinso@redhat.com> - 20180815gitcb5f4f45ce-1
|
|
|
|
- Update to edk2 git cb5f4f45ce, edk2-stable201808
|
2018-08-22 23:03:42 +00:00
|
|
|
- Update to qemu-ovmf-secureboot-1.1.3
|
|
|
|
- Enable TPM2 support
|
2018-08-16 19:50:44 +00:00
|
|
|
|
2018-07-23 08:57:29 +00:00
|
|
|
* Mon Jul 23 2018 Paolo Bonzini <pbonzini@redhat.com> - 20180529gitee3198e672e2-5
|
|
|
|
- Fixes for AMD SEV on OVMF_CODE.fd
|
|
|
|
- Add Provides for bundled OpenSSL
|
|
|
|
|
2018-07-18 14:33:51 +00:00
|
|
|
* Wed Jul 18 2018 Paolo Bonzini <pbonzini@redhat.com> - 20180529gitee3198e672e2-4
|
|
|
|
- Enable IPv6
|
|
|
|
|
2018-07-12 23:41:16 +00:00
|
|
|
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 20180529gitee3198e672e2-3
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
|
|
|
|
2018-06-20 08:09:08 +00:00
|
|
|
* Wed Jun 20 2018 Paolo Bonzini <pbonzini@redhat.com> - 20180529gitee3198e672e2-2
|
|
|
|
- Backport two bug fixes from RHEL: connect again virtio-rng devices, and
|
|
|
|
connect consoles unconditionally in OVMF (ARM firmware already did it)
|
|
|
|
|
2018-05-29 21:06:35 +00:00
|
|
|
* Tue May 29 2018 Paolo Bonzini <pbonzini@redhat.com> - 20180529gitee3198e672e2-1
|
2018-06-20 08:09:08 +00:00
|
|
|
- Rebase to ee3198e672e2
|
2018-05-29 21:06:35 +00:00
|
|
|
|
2018-05-01 17:58:41 +00:00
|
|
|
* Tue May 01 2018 Cole Robinson <crobinso@redhat.com> - 20171011git92d07e4-7
|
|
|
|
- Bump release for new build
|
|
|
|
|
2018-04-30 11:57:51 +00:00
|
|
|
* Fri Mar 30 2018 Patrick Uiterwijk <puiterwijk@redhat.com> - 20171011git92d07e4-6
|
|
|
|
- Add qemu-ovmf-secureboot (qosb)
|
|
|
|
- Generate pre-enrolled Secure Boot OVMF VARS files
|
|
|
|
|
2018-03-08 10:38:21 +00:00
|
|
|
* Wed Mar 07 2018 Paolo Bonzini <pbonzini@redhat.com> - 20171011git92d07e4-5
|
|
|
|
- Fix GCC 8 compilation
|
|
|
|
- Replace dosfstools and mtools with qemu-img vvfat
|
|
|
|
|
2018-02-07 08:12:29 +00:00
|
|
|
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 20171011git92d07e4-4
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
|
|
|
|
2018-01-19 08:36:03 +00:00
|
|
|
* Fri Jan 19 2018 Paolo Bonzini <pbonzini@redhat.com> - 20170209git296153c5-3
|
|
|
|
- Add OpenSSL patches from Fedora
|
|
|
|
- Enable TLS_MODE
|
|
|
|
|
2017-11-17 07:49:48 +00:00
|
|
|
* Fri Nov 17 2017 Paolo Bonzini <pbonzini@redhat.com> - 20170209git296153c5-2
|
|
|
|
- Backport patches 19-21 from RHEL
|
|
|
|
- Add patches 22-24 to fix SEV slowness
|
|
|
|
- Add fedora conditionals
|
|
|
|
|
|
|
|
* Tue Nov 14 2017 Paolo Bonzini <pbonzini@redhat.com> - 20171011git92d07e4-1
|
2017-11-14 15:05:26 +00:00
|
|
|
- Import source and patches from RHEL version
|
|
|
|
- Update OpenSSL to 1.1.0e
|
|
|
|
- Refresh 0099-Tweak-the-tools_def-to-support-cross-compiling.patch
|
|
|
|
|
2017-11-13 17:44:20 +00:00
|
|
|
* Mon Nov 13 2017 Paolo Bonzini <pbonzini@redhat.com> - 20170209git296153c5-6
|
|
|
|
- Allow non-cross builds
|
|
|
|
- Install /usr/share/OVMF and /usr/share/AAVMF
|
|
|
|
|
2017-08-02 19:57:57 +00:00
|
|
|
* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 20170209git296153c5-5
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
|
|
|
|
2017-07-26 07:12:50 +00:00
|
|
|
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 20170209git296153c5-4
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
|
|
|
|
2017-03-15 21:56:49 +00:00
|
|
|
* Wed Mar 15 2017 Cole Robinson <crobinso@redhat.com> - 20170209git296153c5-3
|
|
|
|
- Ship ovmf-ia32 package (bz 1424722)
|
|
|
|
|
2017-02-16 19:15:14 +00:00
|
|
|
* Thu Feb 16 2017 Cole Robinson <crobinso@redhat.com> - 20170209git296153c5-2
|
|
|
|
- Update EnrollDefaultKeys patch (bz #1398743)
|
|
|
|
|
2017-02-13 11:15:58 +00:00
|
|
|
* Mon Feb 13 2017 Paolo Bonzini <pbonzini@redhat.com> - 20170209git296153c5-1
|
|
|
|
- Rebase to git master
|
|
|
|
- New patch 0010 fixes failure to build from source.
|
|
|
|
|
2017-02-10 09:03:46 +00:00
|
|
|
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 20161105git3b25ca8-2
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
|
|
|
|
2016-11-06 20:04:24 +00:00
|
|
|
* Sun Nov 06 2016 Cole Robinson <crobinso@redhat.com> - 20161105git3b25ca8-1
|
|
|
|
- Rebase to git master
|
|
|
|
|
2016-09-09 15:13:22 +00:00
|
|
|
* Fri Sep 9 2016 Tom Callaway <spot@fedoraproject.org> - 20160418gita8c39ba-5
|
|
|
|
- replace legally problematic openssl source with "hobbled" tarball
|
|
|
|
|
2016-07-21 21:47:43 +00:00
|
|
|
* Thu Jul 21 2016 Gerd Hoffmann <kraxel@redhat.com> - 20160418gita8c39ba-4
|
|
|
|
- Also build for armv7.
|
|
|
|
|
|
|
|
* Tue Jul 19 2016 Gerd Hoffmann <kraxel@redhat.com> 20160418gita8c39ba-3
|
2016-07-19 06:36:46 +00:00
|
|
|
- Update EnrollDefaultKeys patch.
|
|
|
|
|
2016-07-08 11:16:59 +00:00
|
|
|
* Fri Jul 8 2016 Paolo Bonzini <pbonzini@redhat.com> - 20160418gita8c39ba-2
|
|
|
|
- Distribute edk2-ovmf on aarch64
|
|
|
|
|
2016-05-21 14:39:41 +00:00
|
|
|
* Sat May 21 2016 Cole Robinson <crobinso@redhat.com> - 20160418gita8c39ba-1
|
|
|
|
- Distribute edk2-aarch64 on x86 (bz #1338027)
|
|
|
|
|
2016-04-18 12:16:51 +00:00
|
|
|
* Mon Apr 18 2016 Gerd Hoffmann <kraxel@redhat.com> 20160418gita8c39ba-0
|
|
|
|
- Update to latest git.
|
|
|
|
- Add firmware builds (FatPkg is free now).
|
|
|
|
|
2016-02-15 17:30:33 +00:00
|
|
|
* Mon Feb 15 2016 Cole Robinson <crobinso@redhat.com> 20151127svn18975-3
|
|
|
|
- Fix FTBFS gcc warning (bz 1307439)
|
|
|
|
|
2016-02-03 19:40:27 +00:00
|
|
|
* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 20151127svn18975-2
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
|
|
|
|
2016-02-15 17:30:33 +00:00
|
|
|
* Fri Nov 27 2015 Paolo Bonzini <pbonzini@redhat.com> - 20151127svn18975-1
|
2015-11-27 13:00:44 +00:00
|
|
|
- Rebase to 20151127svn18975-1
|
|
|
|
- Linker script renamed to GccBase.lds
|
|
|
|
|
2015-06-17 05:16:07 +00:00
|
|
|
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 20150519svn17469-2
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
|
|
|
|
2015-11-27 13:00:44 +00:00
|
|
|
* Tue May 19 2015 Paolo Bonzini <pbonzini@redhat.com> - 20150519svn17469-1
|
2015-05-19 10:46:43 +00:00
|
|
|
- Rebase to 20150519svn17469-1
|
|
|
|
- edk2-remove-tree-check.patch now upstream
|
|
|
|
|
2015-05-02 11:27:18 +00:00
|
|
|
* Sat May 02 2015 Kalev Lember <kalevlember@gmail.com> - 20140724svn2670-6
|
|
|
|
- Rebuilt for GCC 5 C++11 ABI change
|
|
|
|
|
2014-08-16 10:25:01 +00:00
|
|
|
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 20140724svn2670-5
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
|
|
|
|
|
2014-07-24 12:27:29 +00:00
|
|
|
* Thu Jul 24 2014 Paolo Bonzini <pbonzini@redhat.com> - 20140724svn2670-1
|
|
|
|
- Rebase to 20140724svn2670-1
|
|
|
|
|
2014-06-24 08:43:55 +00:00
|
|
|
* Tue Jun 24 2014 Paolo Bonzini <pbonzini@redhat.com> - 20140624svn2649-1
|
|
|
|
- Use standalone .tar.xz from buildtools repo
|
|
|
|
|
2014-06-24 07:50:13 +00:00
|
|
|
* Tue Jun 24 2014 Paolo Bonzini <pbonzini@redhat.com> - 20140328svn15376-4
|
|
|
|
- Install BuildTools/BaseEnv
|
|
|
|
|
2014-06-23 15:25:24 +00:00
|
|
|
* Mon Jun 23 2014 Paolo Bonzini <pbonzini@redhat.com> - 20140328svn15376-3
|
|
|
|
- Rebase to get GCC48 configuration
|
|
|
|
- Package EDK_TOOLS_PATH as /usr/share/edk2
|
|
|
|
- Package "build" and LzmaF86Compress too, as well as the new
|
|
|
|
tools Ecc and TianoCompress.
|
|
|
|
|
2014-06-07 09:55:49 +00:00
|
|
|
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 20131114svn14844-2
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
|
|
|
|
|
2013-11-14 14:50:55 +00:00
|
|
|
* Thu Nov 14 2013 Paolo Bonzini <pbonzini@redhat.com> - 20131114svn14844-1
|
|
|
|
- Upgrade to r14844.
|
2013-11-14 15:30:12 +00:00
|
|
|
- Remove upstreamed parts of patch 1.
|
2013-11-14 14:50:55 +00:00
|
|
|
|
2013-11-08 13:34:26 +00:00
|
|
|
* Fri Nov 8 2013 Paolo Bonzini <pbonzini@redhat.com> - 20130515svn14365-7
|
|
|
|
- Make BaseTools compile on ARM.
|
|
|
|
|
2013-08-30 07:52:03 +00:00
|
|
|
* Fri Aug 30 2013 Paolo Bonzini <pbonzini@redhat.com> - 20130515svn14365-6
|
|
|
|
- Revert previous change; firmware packages should be noarch, and building
|
|
|
|
BaseTools twice is simply wrong.
|
|
|
|
|
2013-08-19 16:24:02 +00:00
|
|
|
* Mon Aug 19 2013 Kay Sievers <kay@redhat.com> - 20130515svn14365-5
|
|
|
|
- Add sub-package with EFI shell
|
|
|
|
|
2013-08-03 09:22:44 +00:00
|
|
|
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 20130515svn14365-4
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
|
|
|
|
|
2013-05-23 06:16:31 +00:00
|
|
|
* Thu May 23 2013 Dan Horák <dan[at]danny.cz> 20130515svn14365-3
|
|
|
|
- set ExclusiveArch
|
|
|
|
|
2013-05-02 12:46:06 +00:00
|
|
|
* Thu May 16 2013 Paolo Bonzini <pbonzini@redhat.com> 20130515svn14365-2
|
|
|
|
- Fix edk2-tools-python Requires
|
|
|
|
|
|
|
|
* Wed May 15 2013 Paolo Bonzini <pbonzini@redhat.com> 20130515svn14365-1
|
|
|
|
- Split edk2-tools-doc and edk2-tools-python
|
|
|
|
- Fix Python BuildRequires
|
|
|
|
- Remove FatBinPkg at package creation time.
|
|
|
|
- Use fully versioned dependency.
|
|
|
|
- Add comment on how to generate the sources.
|
|
|
|
|
|
|
|
* Thu May 2 2013 Paolo Bonzini <pbonzini@redhat.com> 20130502.g732d199-1
|
|
|
|
- Create.
|