Ship the JSON firmware "descriptor files"

From version 4.1 (due in August 2019) onwards, QEMU ships the so-called
firmware "descriptor files".  These are small JSON files that describe
details about UEFI firmware binaries — such as the fimware binary path,
its architecture, supported machine type, NVRAM template and so forth.

You can see examples of these files from the QEMU upstream Git:
https://git.qemu.org/?p=qemu.git;a=tree;f=pc-bios/descriptors

    $> tree descriptors/
    descriptors/
    ├── 50-edk2-i386-secure.json
    ├── 50-edk2-x86_64-secure.json
    ├── 60-edk2-aarch64.json
    ├── 60-edk2-arm.json
    ├── 60-edk2-i386.json
    └── 60-edk2-x86_64.json

QEMU 4.1 itself will ship the above files.  However, Fedora needs to
ship these file as part of its EDK2 package.

Why?
----

(1) Quoting (with minor formatting edits) Laszlo Ersek:

      Distributions providing their own EDK2 packages would not include
      the descriptors from upstream QEMU, even if they otherwise package
      QEMU.  That's beause the descriptor files in QEMU match the
      firmware bundled with QEMU -- but the firmware images in the
      distros' own EDK2 packages are different.  So, if a distro
      provides an EDK2 package, then the same EDK2 package should offer
      matching descriptors.  QEMU offers descriptors (soon) because QEMU
      technically distributes edk2 firmware binaries (soon).  [Where
      "soon" == QEMU 4.1]

(2) And as Dan Berrangé reminded on IRC:

      In Fedora, we need to ship them [the "descriptor files"] as part
      of the EDK2 package, because Fedora throws away all the firmware
      files that QEMU bundles, because we're [Fedora] required to
      rebuild everything from pristine source.

                    - - -

In this patch:

(*) Use the firmware descriptor files provided by Laszlo (thanks!) in
    this comment here:
    https://bugzilla.redhat.com/show_bug.cgi?id=1728652#c2 ("RFE: Ship
    the JSON firmware "descriptor files" as part of EDK2").

    On the double-digit priority prefixes, refer to the rationale here:
    https://src.fedoraproject.org/rpms/edk2/pull-request/3#comment-27523

(*) Install the JSON files for the relevant architectures in
    `/usr/share/qemu/firmware`, as required by specification[+].  And
    make each EDK2 own this directory; multiple RPMs owning the same
    directory is no problem.

[+] https://git.qemu.org/?p=qemu.git;a=blob;f=docs/interop/firmware.json

Resolves: rhbz#1728652

Signed-off-by: Kashyap Chamarthy <kchamart@redhat.com>

40-edk2-ovmf-ia32-sb-enrolled.json

@@ -0,0 +1,35 @@
+{
+    "description": "OVMF for i386, with SB+SMM, SB enabled, MS certs enrolled",
+    "interface-types": [
+        "uefi"
+    ],
+    "mapping": {
+        "device": "flash",
+        "executable": {
+            "filename": "/usr/share/edk2/ovmf-ia32/OVMF_CODE.secboot.fd",
+            "format": "raw"
+        },
+        "nvram-template": {
+            "filename": "/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd",
+            "format": "raw"
+        }
+    },
+    "targets": [
+        {
+            "architecture": "i386",
+            "machines": [
+                "pc-q35-*"
+            ]
+        }
+    ],
+    "features": [
+        "acpi-s3",
+        "enrolled-keys",
+        "requires-smm",
+        "secure-boot",
+        "verbose-dynamic"
+    ],
+    "tags": [
+
+    ]
+}

40-edk2-ovmf-sb-enrolled.json

@@ -0,0 +1,36 @@
+{
+    "description": "OVMF for x86_64, with SB+SMM, SB enabled, MS certs enrolled",
+    "interface-types": [
+        "uefi"
+    ],
+    "mapping": {
+        "device": "flash",
+        "executable": {
+            "filename": "/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd",
+            "format": "raw"
+        },
+        "nvram-template": {
+            "filename": "/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd",
+            "format": "raw"
+        }
+    },
+    "targets": [
+        {
+            "architecture": "x86_64",
+            "machines": [
+                "pc-q35-*"
+            ]
+        }
+    ],
+    "features": [
+        "acpi-s3",
+        "amd-sev",
+        "enrolled-keys",
+        "requires-smm",
+        "secure-boot",
+        "verbose-dynamic"
+    ],
+    "tags": [
+
+    ]
+}

50-edk2-ovmf-ia32-sb.json

@@ -0,0 +1,34 @@
+{
+    "description": "OVMF for i386, with SB+SMM, empty varstore",
+    "interface-types": [
+        "uefi"
+    ],
+    "mapping": {
+        "device": "flash",
+        "executable": {
+            "filename": "/usr/share/edk2/ovmf-ia32/OVMF_CODE.secboot.fd",
+            "format": "raw"
+        },
+        "nvram-template": {
+            "filename": "/usr/share/edk2/ovmf/OVMF_VARS.fd",
+            "format": "raw"
+        }
+    },
+    "targets": [
+        {
+            "architecture": "i386",
+            "machines": [
+                "pc-q35-*"
+            ]
+        }
+    ],
+    "features": [
+        "acpi-s3",
+        "requires-smm",
+        "secure-boot",
+        "verbose-dynamic"
+    ],
+    "tags": [
+
+    ]
+}

50-edk2-ovmf-sb.json

@@ -0,0 +1,35 @@
+{
+    "description": "OVMF for x86_64, with SB+SMM, empty varstore",
+    "interface-types": [
+        "uefi"
+    ],
+    "mapping": {
+        "device": "flash",
+        "executable": {
+            "filename": "/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd",
+            "format": "raw"
+        },
+        "nvram-template": {
+            "filename": "/usr/share/edk2/ovmf/OVMF_VARS.fd",
+            "format": "raw"
+        }
+    },
+    "targets": [
+        {
+            "architecture": "x86_64",
+            "machines": [
+                "pc-q35-*"
+            ]
+        }
+    ],
+    "features": [
+        "acpi-s3",
+        "amd-sev",
+        "requires-smm",
+        "secure-boot",
+        "verbose-dynamic"
+    ],
+    "tags": [
+
+    ]
+}

60-edk2-ovmf-ia32.json

@@ -0,0 +1,33 @@
+{
+    "description": "OVMF for i386, without SB, without SMM, with empty varstore",
+    "interface-types": [
+        "uefi"
+    ],
+    "mapping": {
+        "device": "flash",
+        "executable": {
+            "filename": "/usr/share/edk2/ovmf-ia32/OVMF_CODE.fd",
+            "format": "raw"
+        },
+        "nvram-template": {
+            "filename": "/usr/share/edk2/ovmf/OVMF_VARS.fd",
+            "format": "raw"
+        }
+    },
+    "targets": [
+        {
+            "architecture": "i386",
+            "machines": [
+                "pc-i440fx-*",
+                "pc-q35-*"
+            ]
+        }
+    ],
+    "features": [
+        "acpi-s3",
+        "verbose-dynamic"
+    ],
+    "tags": [
+
+    ]
+}

60-edk2-ovmf.json

@@ -0,0 +1,34 @@
+{
+    "description": "OVMF for x86_64, without SB, without SMM, with empty varstore",
+    "interface-types": [
+        "uefi"
+    ],
+    "mapping": {
+        "device": "flash",
+        "executable": {
+            "filename": "/usr/share/edk2/ovmf/OVMF_CODE.fd",
+            "format": "raw"
+        },
+        "nvram-template": {
+            "filename": "/usr/share/edk2/ovmf/OVMF_VARS.fd",
+            "format": "raw"
+        }
+    },
+    "targets": [
+        {
+            "architecture": "x86_64",
+            "machines": [
+                "pc-i440fx-*",
+                "pc-q35-*"
+            ]
+        }
+    ],
+    "features": [
+        "acpi-s3",
+        "amd-sev",
+        "verbose-dynamic"
+    ],
+    "tags": [
+
+    ]
+}

70-edk2-aarch64-verbose.json

@@ -0,0 +1,31 @@
+{
+    "description": "UEFI firmware for aarch64, verbose logs",
+    "interface-types": [
+        "uefi"
+    ],
+    "mapping": {
+        "device": "flash",
+        "executable": {
+            "filename": "/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw",
+            "format": "raw"
+        },
+        "nvram-template": {
+            "filename": "/usr/share/edk2/aarch64/vars-template-pflash.raw",
+            "format": "raw"
+        }
+    },
+    "targets": [
+        {
+            "architecture": "aarch64",
+            "machines": [
+                "virt-*"
+            ]
+        }
+    ],
+    "features": [
+        "verbose-static"
+    ],
+    "tags": [
+
+    ]
+}

70-edk2-arm-verbose.json

@@ -0,0 +1,31 @@
+{
+    "description": "UEFI firmware for arm, verbose logs",
+    "interface-types": [
+        "uefi"
+    ],
+    "mapping": {
+        "device": "flash",
+        "executable": {
+            "filename": "/usr/share/edk2/arm/QEMU_EFI-pflash.raw",
+            "format": "raw"
+        },
+        "nvram-template": {
+            "filename": "/usr/share/edk2/arm/vars-template-pflash.raw",
+            "format": "raw"
+        }
+    },
+    "targets": [
+        {
+            "architecture": "arm",
+            "machines": [
+                "virt-*"
+            ]
+        }
+    ],
+    "features": [
+        "verbose-static"
+    ],
+    "tags": [
+
+    ]
+}

edk2.spec

@@ -76,6 +76,16 @@ Source11:       build-iso.sh
 Source12:       update-tarball.sh
 Source13:       openssl-patch-to-tarball.sh
 
+# Fedora-specific JSON "descriptor files"
+Source14: 	40-edk2-ovmf-sb-enrolled.json
+Source15: 	50-edk2-ovmf-sb.json
+Source16: 	60-edk2-ovmf.json
+Source17: 	40-edk2-ovmf-ia32-sb-enrolled.json
+Source18: 	50-edk2-ovmf-ia32-sb.json
+Source19: 	60-edk2-ovmf-ia32.json
+Source20: 	70-edk2-aarch64-verbose.json
+Source21: 	70-edk2-arm-verbose.json
+
 # non-upstream patches
 Patch0001: 0001-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch
 Patch0002: 0002-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-the-DXE-.patch
@@ -424,9 +434,27 @@ ln -sf ../%{name}/ovmf/OVMF_CODE.secboot.fd        %{buildroot}/usr/share/OVMF
 ln -sf ../%{name}/ovmf/OVMF_VARS.fd                %{buildroot}/usr/share/OVMF
 ln -sf ../%{name}/ovmf/OVMF_VARS.secboot.fd        %{buildroot}/usr/share/OVMF
 ln -sf ../%{name}/ovmf/UefiShell.iso               %{buildroot}/usr/share/OVMF
+
+# For distro-provided firmware packages, the specification
+# (https://git.qemu.org/?p=qemu.git;a=blob;f=docs/interop/firmware.json)
+# says the JSON "descriptor files" to be searched in this directory:
+# `/usr/share/firmware/`.  Create it.
+mkdir -p %{buildroot}/%{_datadir}/qemu/firmware
+
+# Install the two variants of the x86_64 firmware descriptor files
+# (50-edk2-x86_64-secure.json and 60-edk2-x86_64.json)
+install -pm 644 %{SOURCE14} %{buildroot}/%{_datadir}/qemu/firmware
+install -pm 644 %{SOURCE15} %{buildroot}/%{_datadir}/qemu/firmware
+install -pm 644 %{SOURCE16} %{buildroot}/%{_datadir}/qemu/firmware
 %endif
 %if 0%{?build_ovmf_ia32:1}
 cp -a ovmf-ia32 %{buildroot}/usr/share/%{name}
+
+# Install the two variants of the ia32 firmware descriptor files
+# (50-edk2-i386-secure.json and 60-edk2-i386.json)
+install -pm 644 %{SOURCE17} %{buildroot}/%{_datadir}/qemu/firmware
+install -pm 644 %{SOURCE18} %{buildroot}/%{_datadir}/qemu/firmware
+install -pm 644 %{SOURCE19} %{buildroot}/%{_datadir}/qemu/firmware
 %endif
 %if 0%{?build_aavmf_aarch64:1}
 cp -a aarch64 %{buildroot}/usr/share/%{name}
@@ -434,10 +462,15 @@ cp -a aarch64 %{buildroot}/usr/share/%{name}
 mkdir %{buildroot}/usr/share/AAVMF
 ln -sf ../%{name}/aarch64/QEMU_EFI-pflash.raw      %{buildroot}/usr/share/AAVMF/AAVMF_CODE.fd
 ln -sf ../%{name}/aarch64/vars-template-pflash.raw %{buildroot}/usr/share/AAVMF/AAVMF_VARS.fd
+
+# Install the AArch64 firmware descriptor file (60-edk2-aarch64.json)
+install -pm 644 %{SOURCE20} %{buildroot}/%{_datadir}/qemu/firmware
 %endif
 %if 0%{?build_aavmf_arm:1}
 cp -a arm %{buildroot}/usr/share/%{name}
 ln -sf ../%{name}/arm/QEMU_EFI-pflash.raw          %{buildroot}/usr/share/AAVMF/AAVMF32_CODE.fd
+# Install the ARM firmware descriptor file (60-edk2-arm.json)
+install -pm 644 %{SOURCE21} %{buildroot}/%{_datadir}/qemu/firmware
 %endif
 
 install qemu-ovmf-secureboot-%{qosb_version}/ovmf-vars-generator %{buildroot}%{_bindir}
@@ -495,9 +528,11 @@ install qemu-ovmf-secureboot-%{qosb_version}/ovmf-vars-generator %{buildroot}%{_
 %doc ovmf-whitepaper-c770f8c.txt
 %dir /usr/share/%{name}
 %dir /usr/share/%{name}/ovmf
+%dir /usr/share/qemu/firmware
 /usr/share/%{name}/ovmf/OVMF*.fd
 /usr/share/%{name}/ovmf/*.efi
 /usr/share/%{name}/ovmf/*.iso
+/usr/share/qemu/firmware/*.json
 /usr/share/OVMF
 %endif
 
@@ -509,9 +544,11 @@ install qemu-ovmf-secureboot-%{qosb_version}/ovmf-vars-generator %{buildroot}%{_
 %doc ovmf-whitepaper-c770f8c.txt
 %dir /usr/share/%{name}
 %dir /usr/share/%{name}/ovmf-ia32
+%dir /usr/share/qemu/firmware
 /usr/share/%{name}/ovmf-ia32/OVMF*.fd
 /usr/share/%{name}/ovmf-ia32/*.efi
 /usr/share/%{name}/ovmf-ia32/*.iso
+/usr/share/qemu/firmware/*.json
 %endif
 
 %if 0%{?build_aavmf_aarch64:1}
@@ -520,8 +557,10 @@ install qemu-ovmf-secureboot-%{qosb_version}/ovmf-vars-generator %{buildroot}%{_
 %license LICENSE.openssl
 %dir /usr/share/%{name}
 %dir /usr/share/%{name}/aarch64
+%dir /usr/share/qemu/firmware
 /usr/share/%{name}/aarch64/QEMU*.fd
 /usr/share/%{name}/aarch64/*.raw
+/usr/share/qemu/firmware/*.json
 /usr/share/AAVMF/AAVMF_*
 %endif
 
@@ -531,8 +570,10 @@ install qemu-ovmf-secureboot-%{qosb_version}/ovmf-vars-generator %{buildroot}%{_
 %license LICENSE.openssl
 %dir /usr/share/%{name}
 %dir /usr/share/%{name}/arm
+%dir /usr/share/qemu/firmware
 /usr/share/%{name}/arm/QEMU*.fd
 /usr/share/%{name}/arm/*.raw
+/usr/share/qemu/firmware/*.json
 /usr/share/AAVMF/AAVMF32_*
 %endif
 
@@ -542,6 +583,8 @@ install qemu-ovmf-secureboot-%{qosb_version}/ovmf-vars-generator %{buildroot}%{_
 - Update to stable-201905
 - Update to openssl-1.1.1b
 - Ship VARS file for ovmf-ia32 (bug 1688596)
+- Ship Fedora-variant JSON "firmware descriptor files"
+- Resolves rhbz#1728652
 
 * Mon Mar 18 2019 Cole Robinson <aintdiscole@gmail.com> - 20190308stable-1
 - Use YYYYMMDD versioning to fix upgrade path