From 29f47774f0f5c5a8265be6a40a075a04f7a8030a Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Fri, 5 May 2023 15:22:41 +0200
Subject: [PATCH] add json descriptor files for qcow2 images

---
 30-edk2-ovmf-4m-qcow2-x64-sb-enrolled.json    | 35 ++++++++++++++++++
 ...> 31-edk2-ovmf-2m-raw-x64-sb-enrolled.json |  0
 40-edk2-ovmf-4m-qcow2-x64-sb.json             | 34 ++++++++++++++++++
 ...sb.json => 41-edk2-ovmf-2m-raw-x64-sb.json |  0
 50-edk2-ovmf-4m-qcow2-x64-nosb.json           | 35 ++++++++++++++++++
 ....json => 51-edk2-ovmf-2m-raw-x64-nosb.json |  0
 edk2.spec                                     | 36 ++++++++++++-------
 7 files changed, 127 insertions(+), 13 deletions(-)
 create mode 100644 30-edk2-ovmf-4m-qcow2-x64-sb-enrolled.json
 rename 30-edk2-ovmf-x64-sb-enrolled.json => 31-edk2-ovmf-2m-raw-x64-sb-enrolled.json (100%)
 create mode 100644 40-edk2-ovmf-4m-qcow2-x64-sb.json
 rename 40-edk2-ovmf-x64-sb.json => 41-edk2-ovmf-2m-raw-x64-sb.json (100%)
 create mode 100644 50-edk2-ovmf-4m-qcow2-x64-nosb.json
 rename 50-edk2-ovmf-x64-nosb.json => 51-edk2-ovmf-2m-raw-x64-nosb.json (100%)

diff --git a/30-edk2-ovmf-4m-qcow2-x64-sb-enrolled.json b/30-edk2-ovmf-4m-qcow2-x64-sb-enrolled.json
new file mode 100644
index 0000000..20d9d56
--- /dev/null
+++ b/30-edk2-ovmf-4m-qcow2-x64-sb-enrolled.json
@@ -0,0 +1,35 @@
+{
+    "description": "OVMF with SB+SMM, SB enabled, MS certs enrolled",
+    "interface-types": [
+        "uefi"
+    ],
+    "mapping": {
+        "device": "flash",
+        "executable": {
+            "filename": "/usr/share/edk2/ovmf-4m/OVMF_CODE.secboot.qcow2",
+            "format": "qcow2"
+        },
+        "nvram-template": {
+            "filename": "/usr/share/edk2/ovmf-4m/OVMF_VARS.secboot.qcow2",
+            "format": "qcow2"
+        }
+    },
+    "targets": [
+        {
+            "architecture": "x86_64",
+            "machines": [
+                "pc-q35-*"
+            ]
+        }
+    ],
+    "features": [
+        "acpi-s3",
+        "enrolled-keys",
+        "requires-smm",
+        "secure-boot",
+        "verbose-dynamic"
+    ],
+    "tags": [
+
+    ]
+}
diff --git a/30-edk2-ovmf-x64-sb-enrolled.json b/31-edk2-ovmf-2m-raw-x64-sb-enrolled.json
similarity index 100%
rename from 30-edk2-ovmf-x64-sb-enrolled.json
rename to 31-edk2-ovmf-2m-raw-x64-sb-enrolled.json
diff --git a/40-edk2-ovmf-4m-qcow2-x64-sb.json b/40-edk2-ovmf-4m-qcow2-x64-sb.json
new file mode 100644
index 0000000..7b783cf
--- /dev/null
+++ b/40-edk2-ovmf-4m-qcow2-x64-sb.json
@@ -0,0 +1,34 @@
+{
+    "description": "OVMF with SB+SMM, empty varstore",
+    "interface-types": [
+        "uefi"
+    ],
+    "mapping": {
+        "device": "flash",
+        "executable": {
+            "filename": "/usr/share/edk2/ovmf-4m/OVMF_CODE.secboot.qcow2",
+            "format": "qcow2"
+        },
+        "nvram-template": {
+            "filename": "/usr/share/edk2/ovmf-4m/OVMF_VARS.qcow2",
+            "format": "qcow2"
+        }
+    },
+    "targets": [
+        {
+            "architecture": "x86_64",
+            "machines": [
+                "pc-q35-*"
+            ]
+        }
+    ],
+    "features": [
+        "acpi-s3",
+        "requires-smm",
+        "secure-boot",
+        "verbose-dynamic"
+    ],
+    "tags": [
+
+    ]
+}
diff --git a/40-edk2-ovmf-x64-sb.json b/41-edk2-ovmf-2m-raw-x64-sb.json
similarity index 100%
rename from 40-edk2-ovmf-x64-sb.json
rename to 41-edk2-ovmf-2m-raw-x64-sb.json
diff --git a/50-edk2-ovmf-4m-qcow2-x64-nosb.json b/50-edk2-ovmf-4m-qcow2-x64-nosb.json
new file mode 100644
index 0000000..d6cfcba
--- /dev/null
+++ b/50-edk2-ovmf-4m-qcow2-x64-nosb.json
@@ -0,0 +1,35 @@
+{
+    "description": "OVMF without SB+SMM, empty varstore",
+    "interface-types": [
+        "uefi"
+    ],
+    "mapping": {
+        "device": "flash",
+        "executable": {
+            "filename": "/usr/share/edk2/ovmf-4m/OVMF_CODE.qcow2",
+            "format": "qcow2"
+        },
+        "nvram-template": {
+            "filename": "/usr/share/edk2/ovmf-4m/OVMF_VARS.qcow2",
+            "format": "qcow2"
+        }
+    },
+    "targets": [
+        {
+            "architecture": "x86_64",
+            "machines": [
+                "pc-i440fx-*",
+                "pc-q35-*"
+            ]
+        }
+    ],
+    "features": [
+        "acpi-s3",
+        "amd-sev",
+        "amd-sev-es",
+        "verbose-dynamic"
+    ],
+    "tags": [
+
+    ]
+}
diff --git a/50-edk2-ovmf-x64-nosb.json b/51-edk2-ovmf-2m-raw-x64-nosb.json
similarity index 100%
rename from 50-edk2-ovmf-x64-nosb.json
rename to 51-edk2-ovmf-2m-raw-x64-nosb.json
diff --git a/edk2.spec b/edk2.spec
index c14c6d3..b3fded2 100644
--- a/edk2.spec
+++ b/edk2.spec
@@ -67,12 +67,15 @@ Source30: 30-edk2-ovmf-ia32-sb-enrolled.json
 Source31: 40-edk2-ovmf-ia32-sb.json
 Source32: 50-edk2-ovmf-ia32-nosb.json
 
-Source40: 30-edk2-ovmf-x64-sb-enrolled.json
-Source41: 40-edk2-ovmf-x64-sb.json
-Source42: 50-edk2-ovmf-x64-microvm.json
-Source43: 50-edk2-ovmf-x64-nosb.json
-Source44: 60-edk2-ovmf-x64-amdsev.json
-Source45: 60-edk2-ovmf-x64-inteltdx.json
+Source40: 30-edk2-ovmf-4m-qcow2-x64-sb-enrolled.json
+Source41: 31-edk2-ovmf-2m-raw-x64-sb-enrolled.json
+Source42: 40-edk2-ovmf-4m-qcow2-x64-sb.json
+Source43: 41-edk2-ovmf-2m-raw-x64-sb.json
+Source44: 50-edk2-ovmf-x64-microvm.json
+Source45: 50-edk2-ovmf-4m-qcow2-x64-nosb.json
+Source46: 51-edk2-ovmf-2m-raw-x64-nosb.json
+Source47: 60-edk2-ovmf-x64-amdsev.json
+Source48: 60-edk2-ovmf-x64-inteltdx.json
 
 # https://gitlab.com/kraxel/edk2-build-config
 Source80: edk2-build.py
@@ -293,7 +296,8 @@ cp -a -- \
    %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} \
    %{SOURCE20} \
    %{SOURCE30} %{SOURCE31} %{SOURCE32} \
-   %{SOURCE40} %{SOURCE41} %{SOURCE42} %{SOURCE43} %{SOURCE44} %{SOURCE45} \
+   %{SOURCE40} %{SOURCE41} %{SOURCE42} %{SOURCE43} %{SOURCE44} \
+   %{SOURCE45} %{SOURCE46} %{SOURCE47} %{SOURCE48} \
    %{SOURCE80} %{SOURCE81} %{SOURCE82} %{SOURCE83} \
    %{SOURCE90} %{SOURCE91} \
    .
@@ -459,9 +463,12 @@ ln -s OVMF_CODE.fd %{buildroot}%{_datadir}/%{name}/ovmf/OVMF_CODE.cc.fd
 # json description files
 mkdir -p %{buildroot}%{_datadir}/qemu/firmware
 install -m 0644 \
-        30-edk2-ovmf-x64-sb-enrolled.json \
-        40-edk2-ovmf-x64-sb.json \
-        50-edk2-ovmf-x64-nosb.json \
+        30-edk2-ovmf-4m-qcow2-x64-sb-enrolled.json \
+        31-edk2-ovmf-2m-raw-x64-sb-enrolled.json \
+        40-edk2-ovmf-4m-qcow2-x64-sb.json \
+        41-edk2-ovmf-2m-raw-x64-sb.json \
+        50-edk2-ovmf-4m-qcow2-x64-nosb.json \
+        51-edk2-ovmf-2m-raw-x64-nosb.json \
         60-edk2-ovmf-x64-amdsev.json \
         60-edk2-ovmf-x64-inteltdx.json \
         %{buildroot}%{_datadir}/qemu/firmware
@@ -560,9 +567,12 @@ done
 %{_datadir}/%{name}/ovmf/UefiShell.iso
 %{_datadir}/%{name}/ovmf/Shell.efi
 %{_datadir}/%{name}/ovmf/EnrollDefaultKeys.efi
-%{_datadir}/qemu/firmware/30-edk2-ovmf-x64-sb-enrolled.json
-%{_datadir}/qemu/firmware/40-edk2-ovmf-x64-sb.json
-%{_datadir}/qemu/firmware/50-edk2-ovmf-x64-nosb.json
+%{_datadir}/qemu/firmware/30-edk2-ovmf-4m-qcow2-x64-sb-enrolled.json
+%{_datadir}/qemu/firmware/31-edk2-ovmf-2m-raw-x64-sb-enrolled.json
+%{_datadir}/qemu/firmware/40-edk2-ovmf-4m-qcow2-x64-sb.json
+%{_datadir}/qemu/firmware/41-edk2-ovmf-2m-raw-x64-sb.json
+%{_datadir}/qemu/firmware/50-edk2-ovmf-4m-qcow2-x64-nosb.json
+%{_datadir}/qemu/firmware/51-edk2-ovmf-2m-raw-x64-nosb.json
 %{_datadir}/qemu/firmware/60-edk2-ovmf-x64-amdsev.json
 %{_datadir}/qemu/firmware/60-edk2-ovmf-x64-inteltdx.json
 %if %{defined fedora}