add stateless secure boot build

2022-11-17 14:20:21 +01:00 · 2022-11-17 14:20:21 +01:00 · 92cf2a314c
commit 92cf2a314c
parent 0d524109ab
2 changed files with 37 additions and 0 deletions
--- a/edk2-build.fedora
+++ b/edk2-build.fedora
@ -24,6 +24,11 @@ EXCLUDE_SHELL_FROM_FD    = TRUE
 # new upstream
 BUILD_SHELL              = FALSE

+# requires edk2 2022-11 or newer
+[opts.ovmf.sb.stateless]
+SECURE_BOOT_ENABLE       = TRUE
+SMM_REQUIRE              = FALSE
+
 [opts.armvirt.verbose]
 DEBUG_PRINT_ERROR_LEVEL  = 0x8040004F

@ -172,3 +177,16 @@ cpy3 = FV/QEMU_EFI.fd  QEMU_EFI-pflash.raw
 cpy4 = FV/QEMU_VARS.fd vars-template-pflash.raw
 pad3 = QEMU_EFI-pflash.raw      64m
 pad4 = vars-template-pflash.raw 64m
+
+
+#####################################################################
+# experimental builds
+
+[build.ovmf.sb.stateless]
+desc = ovmf build (64-bit, stateless secure boot)
+conf = OvmfPkg/OvmfPkgX64.dsc
+arch = X64
+opts = ovmf.common ovmf.4m ovmf.sb.stateless
+plat = OvmfX64
+dest = Fedora/experimental
+cpy1 = FV/OVMF.fd OVMF.stateless.fd
--- a/edk2.spec
+++ b/edk2.spec
@ -194,6 +194,15 @@ BuildArch:      noarch
 EFI Development Kit II
 Open Virtual Machine Firmware (ia32)

+%package ovmf-experimental
+Summary:        Open Virtual Machine Firmware, experimental builds
+License:        BSD-2-Clause-Patent and OpenSSL
+Provides:       bundled(openssl)
+BuildArch:      noarch
+%description ovmf-experimental
+EFI Development Kit II
+Open Virtual Machine Firmware (experimental builds)
+
 %package arm
 Summary:        ARM Virtual Machine Firmware
 BuildArch:      noarch
@ -305,6 +314,11 @@ virt-fw-vars --input  Fedora/ovmf-ia32/OVMF_VARS.fd \
 build_iso Fedora/ovmf
 build_iso Fedora/ovmf-ia32

+# experimental stateless builds
+virt-fw-vars --input  Fedora/experimental/OVMF.stateless.fd \
+             --output Fedora/experimental/OVMF.stateless.secboot.fd \
+             --enroll-redhat --secure-boot
+
 %endif
 %endif

@ -535,6 +549,11 @@ done
 %{_datadir}/qemu/firmware/30-edk2-ovmf-ia32-sb-enrolled.json
 %{_datadir}/qemu/firmware/40-edk2-ovmf-ia32-sb.json
 %{_datadir}/qemu/firmware/50-edk2-ovmf-ia32.json
+
+%files ovmf-experimental
+%common_files
+%dir %{_datadir}/%{name}/experimental
+%{_datadir}/%{name}/experimental/*.fd
 %endif

 %files arm