add experimental + testonly secure boot build for armvirt

It isn't actually secure, but exposes the secure boot APIs and might be useful for development + CI purposes.
2023-09-05 13:43:13 +02:00 · 2023-09-05 13:43:13 +02:00 · 08c69a778e
commit 08c69a778e
parent 58f180d4ee
2 changed files with 20 additions and 0 deletions
--- a/edk2-build.fedora
+++ b/edk2-build.fedora
@ -37,6 +37,9 @@ DEBUG_PRINT_ERROR_LEVEL  = 0x8040004F
 [opts.armvirt.silent]
 DEBUG_PRINT_ERROR_LEVEL  = 0x80000000

+[opts.armvirt.sb.testonly]
+SECURE_BOOT_ENABLE       = TRUE
+
 [opts.armvirt.kernel]
 TPM2_ENABLE              = FALSE
 TPM2_CONFIG_ENABLE       = FALSE
@ -285,3 +288,17 @@ dest = Fedora/experimental
 cpy1 = FV/QEMU_EFI.fd  QEMU_EFI.strictnx.fd
 cpy3 = FV/QEMU_EFI.fd  QEMU_EFI-strictnx-pflash.raw
 pad3 = QEMU_EFI-strictnx-pflash.raw  64m
+
+[build.armvirt.aa64.secboot.testonly]
+desc = ArmVirt build for qemu, 64-bit (arm v8), secure boot
+conf = ArmVirtPkg/ArmVirtQemu.dsc
+arch = AARCH64
+opts = ovmf.common
+       armvirt.verbose
+       armvirt.sb.testonly
+pcds = nx.strict
+plat = ArmVirtQemu-AARCH64
+dest = Fedora/experimental
+cpy1 = FV/QEMU_EFI.fd  QEMU_EFI.secboot.testonly.fd
+cpy3 = FV/QEMU_EFI.fd  QEMU_EFI-secboot-testonly-pflash.raw
+pad3 = QEMU_EFI-secboot-testonly-pflash.raw  64m
--- a/edk2.spec
+++ b/edk2.spec
@ -426,6 +426,9 @@ done
 %else
 ./edk2-build.py --config edk2-build.fedora --silent --release-date "$RELEASE_DATE" -m armvirt
 ./edk2-build.py --config edk2-build.fedora.platforms --silent -m aa64
+virt-fw-vars --input   Fedora/aarch64/vars-template-pflash.raw \
+             --output  Fedora/experimental/vars-template-secboot-testonly-pflash.raw \
+             --enroll-redhat --secure-boot --distro-keys rhel
 %endif
 for raw in */aarch64/*.raw; do
    qcow2="${raw%.raw}.qcow2"