From 08c69a778e4c821ac2ac9fee562697290c322be2 Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Tue, 5 Sep 2023 13:43:13 +0200 Subject: [PATCH] add experimental + testonly secure boot build for armvirt It isn't actually secure, but exposes the secure boot APIs and might be useful for development + CI purposes. --- edk2-build.fedora | 17 +++++++++++++++++ edk2.spec | 3 +++ 2 files changed, 20 insertions(+) diff --git a/edk2-build.fedora b/edk2-build.fedora index ebebb16..3cdbd60 100644 --- a/edk2-build.fedora +++ b/edk2-build.fedora @@ -37,6 +37,9 @@ DEBUG_PRINT_ERROR_LEVEL = 0x8040004F [opts.armvirt.silent] DEBUG_PRINT_ERROR_LEVEL = 0x80000000 +[opts.armvirt.sb.testonly] +SECURE_BOOT_ENABLE = TRUE + [opts.armvirt.kernel] TPM2_ENABLE = FALSE TPM2_CONFIG_ENABLE = FALSE @@ -285,3 +288,17 @@ dest = Fedora/experimental cpy1 = FV/QEMU_EFI.fd QEMU_EFI.strictnx.fd cpy3 = FV/QEMU_EFI.fd QEMU_EFI-strictnx-pflash.raw pad3 = QEMU_EFI-strictnx-pflash.raw 64m + +[build.armvirt.aa64.secboot.testonly] +desc = ArmVirt build for qemu, 64-bit (arm v8), secure boot +conf = ArmVirtPkg/ArmVirtQemu.dsc +arch = AARCH64 +opts = ovmf.common + armvirt.verbose + armvirt.sb.testonly +pcds = nx.strict +plat = ArmVirtQemu-AARCH64 +dest = Fedora/experimental +cpy1 = FV/QEMU_EFI.fd QEMU_EFI.secboot.testonly.fd +cpy3 = FV/QEMU_EFI.fd QEMU_EFI-secboot-testonly-pflash.raw +pad3 = QEMU_EFI-secboot-testonly-pflash.raw 64m diff --git a/edk2.spec b/edk2.spec index 2a619ea..2cd526b 100644 --- a/edk2.spec +++ b/edk2.spec @@ -426,6 +426,9 @@ done %else ./edk2-build.py --config edk2-build.fedora --silent --release-date "$RELEASE_DATE" -m armvirt ./edk2-build.py --config edk2-build.fedora.platforms --silent -m aa64 +virt-fw-vars --input Fedora/aarch64/vars-template-pflash.raw \ + --output Fedora/experimental/vars-template-secboot-testonly-pflash.raw \ + --enroll-redhat --secure-boot --distro-keys rhel %endif for raw in */aarch64/*.raw; do qcow2="${raw%.raw}.qcow2"