* Mon Jun 30 2025 Miroslav Rezanina <mrezanin@redhat.com> - 20250523-2

- edk2-add-qemu-vars-builds-to-build-config-and-file-lists.patch [RHEL-2908]
- edk2-add-dbx-update-script.patch [RHEL-96866]
- edk2-update-dbx-to-20250610.patch [RHEL-96866]
- Resolves: RHEL-2908
  ([aarch64][EDK2] UEFI writable variable service in QEMU)
- Resolves: RHEL-96866
  ([edk2,rhel-10] dbx update 20250610)
This commit is contained in:
Miroslav Rezanina 2025-06-30 02:52:41 -04:00
parent 97f880305e
commit a00275b080
3 changed files with 47 additions and 3 deletions

View File

@ -18,6 +18,11 @@ SECURE_BOOT_ENABLE = TRUE
SMM_REQUIRE = TRUE
BUILD_SHELL = FALSE
[opts.ovmf.qemu.vars]
QEMU_PV_VARS = TRUE
SECURE_BOOT_ENABLE = TRUE
BUILD_SHELL = FALSE
[opts.ovmf.sb.stateless]
SECURE_BOOT_ENABLE = TRUE
SMM_REQUIRE = FALSE
@ -82,6 +87,19 @@ dest = RHEL-10/ovmf
cpy1 = FV/OVMF_CODE.fd OVMF_CODE.secboot.fd
cpy2 = X64/EnrollDefaultKeys.efi
[build.ovmf.qemu.vars]
desc = ovmf build (64-bit, 4MB, qemu vars, secure boot)
conf = OvmfPkg/OvmfPkgX64.dsc
arch = X64
opts = ovmf.common
ovmf.4m
ovmf.qemu.vars
pcds = nx.strict
la57
plat = OvmfX64
dest = RHEL-10/ovmf
cpy1 = FV/OVMF.fd OVMF.qemuvars.fd
#####################################################################
# stateless ovmf builds (firmware in rom or r/o flash)
@ -143,6 +161,20 @@ cpy1 = FV/QEMU_EFI.fd QEMU_EFI.silent.fd
cpy2 = FV/QEMU_EFI.fd QEMU_EFI-silent-pflash.raw
pad2 = QEMU_EFI-silent-pflash.raw 64m
[build.armvirt.aa64.qemu.vars]
desc = ArmVirt build for qemu, 64-bit (arm v8), qemu vars, secure boot
conf = ArmVirtPkg/ArmVirtQemu.dsc
arch = AARCH64
opts = ovmf.common
ovmf.qemu.vars
armvirt.silent
pcds = nx.strict
plat = ArmVirtQemu-AARCH64
dest = RHEL-10/aarch64
cpy1 = FV/QEMU_EFI.fd QEMU_EFI.qemuvars.fd
cpy2 = FV/QEMU_EFI.fd QEMU_EFI-qemuvars-pflash.raw
pad2 = QEMU_EFI-qemuvars-pflash.raw 64m
#####################################################################
# riscv build

View File

@ -8,7 +8,7 @@ ExclusiveArch: x86_64 aarch64 riscv64
%define OPENSSL_VER 3.5.0
%define OPENSSL_HASH 63b528e6476ff36efcf2cda5c083f3f3d7cf9210
%define DBXDATE 20250224
%define DBXDATE 20250610
%define build_ovmf 0
%define build_aarch64 0
@ -25,7 +25,7 @@ ExclusiveArch: x86_64 aarch64 riscv64
Name: edk2
Version: %{GITDATE}
Release: 1%{?dist}
Release: 2%{?dist}
Summary: UEFI firmware for 64-bit virtual machines
License: BSD-2-Clause-Patent and Apache-2.0 and MIT
URL: http://www.tianocore.org
@ -394,6 +394,7 @@ install -m 0644 \
%{_datadir}/%{name}/ovmf/OVMF.amdsev.fd
%{_datadir}/%{name}/ovmf/OVMF.inteltdx.fd
%{_datadir}/%{name}/ovmf/OVMF.inteltdx.secboot.fd
%{_datadir}/%{name}/ovmf/OVMF.qemuvars.fd
%{_datadir}/%{name}/ovmf/DBXUpdate*.bin
%{_datadir}/%{name}/ovmf/UefiShell.iso
%{_datadir}/OVMF/OVMF_CODE.secboot.fd
@ -417,12 +418,14 @@ install -m 0644 \
%dir %{_datadir}/%{name}/aarch64/
%{_datadir}/%{name}/aarch64/QEMU_EFI-pflash.*
%{_datadir}/%{name}/aarch64/QEMU_EFI-silent-pflash.*
%{_datadir}/%{name}/aarch64/QEMU_EFI-qemuvars-pflash.*
%{_datadir}/%{name}/aarch64/vars-template-pflash.*
%{_datadir}/AAVMF/AAVMF_CODE.verbose.fd
%{_datadir}/AAVMF/AAVMF_CODE.fd
%{_datadir}/AAVMF/AAVMF_VARS.fd
%{_datadir}/%{name}/aarch64/QEMU_EFI.fd
%{_datadir}/%{name}/aarch64/QEMU_EFI.silent.fd
%{_datadir}/%{name}/aarch64/QEMU_EFI.qemuvars.fd
%{_datadir}/%{name}/aarch64/QEMU_VARS.fd
%{_datadir}/qemu/firmware/50-edk2-aarch64-qcow2.json
%{_datadir}/qemu/firmware/51-edk2-aarch64-raw.json
@ -464,6 +467,15 @@ install -m 0644 \
%changelog
* Mon Jun 30 2025 Miroslav Rezanina <mrezanin@redhat.com> - 20250523-2
- edk2-add-qemu-vars-builds-to-build-config-and-file-lists.patch [RHEL-2908]
- edk2-add-dbx-update-script.patch [RHEL-96866]
- edk2-update-dbx-to-20250610.patch [RHEL-96866]
- Resolves: RHEL-2908
([aarch64][EDK2] UEFI writable variable service in QEMU)
- Resolves: RHEL-96866
([edk2,rhel-10] dbx update 20250610)
* Tue Jun 10 2025 Miroslav Rezanina <mrezanin@redhat.com> - 20250523-1
- Rebase to edk2-stable202505 [RHEL-82556]
- Resolves: RHEL-82556

View File

@ -1,4 +1,4 @@
SHA512 (DBXUpdate-20250224.x64.bin) = 05640ada78ce94132670ade66676aacdb6cdc311b992769f2ae0413554aa535b9c15213a513355d5e763bef908b961f1ff1d2226081240a6ebd5d4aef7148828
SHA512 (DBXUpdate-20250610.x64.bin) = be2bea068e6db47b5ad419fe9402035d9f3e1e75166eff50193387d68c209225f0e45a014fc3781718cb494f55ab98f71f5c28c96c7c21988ac050d94b1df881
SHA512 (dtc-1.7.0.tar.xz) = d3ba6902a9a2f2cdbaff55f12fca3cfe4a1ec5779074a38e3d8b88097c7abc981835957e8ce72971e10c131e05fde0b1b961768e888ff96d89e42c75edb53afb
SHA512 (edk2-6951dfe7d59d.tar.xz) = b060dd293110c6f3eabe370b52eda3e56070644923ffb7e7738ceb4f6e00b45aa30f08143b3d39aedfc438cf720d9b8bc2aa248db7511b5356605861ebd068fa
SHA512 (openssl-rhel-63b528e6476ff36efcf2cda5c083f3f3d7cf9210.tar.xz) = 2982f76e5eb2c94e44b32c1af56ec0020d707412ac8add161b466f853988a1f8ba2094e265a39cfe762cdbc195e1c20545aa66b68d7452231f286abdabdd98a0