diff --git a/.gitignore b/.gitignore index caedbe6..ab68227 100644 --- a/.gitignore +++ b/.gitignore @@ -9,3 +9,4 @@ /openssl-rhel-a75722161d20fd632f8875585d3aa066ec5fea93.tar.xz /openssl-rhel-740e53ace8f6771c205bf84780e26bcd7a3275df.tar.xz /openssl-rhel-d00c3c5b8a9d6d3ea3dabfcafdf36afd61ba8bcc.tar.xz +/DBXUpdate-20230314.x64.bin diff --git a/50-edk2-aarch64-qcow2.json b/50-edk2-aarch64-qcow2.json new file mode 100644 index 0000000..ec0f00f --- /dev/null +++ b/50-edk2-aarch64-qcow2.json @@ -0,0 +1,31 @@ +{ + "description": "UEFI firmware for ARM64 virtual machines", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + "executable": { + "filename": "/usr/share/edk2/aarch64/QEMU_EFI-silent-pflash.qcow2", + "format": "qcow2" + }, + "nvram-template": { + "filename": "/usr/share/edk2/aarch64/vars-template-pflash.qcow2", + "format": "qcow2" + } + }, + "targets": [ + { + "architecture": "aarch64", + "machines": [ + "virt-*" + ] + } + ], + "features": [ + + ], + "tags": [ + + ] +} diff --git a/50-edk2-aarch64.json b/51-edk2-aarch64-raw.json similarity index 100% rename from 50-edk2-aarch64.json rename to 51-edk2-aarch64-raw.json diff --git a/52-edk2-aarch64-verbose-qcow2.json b/52-edk2-aarch64-verbose-qcow2.json new file mode 100644 index 0000000..203be4b --- /dev/null +++ b/52-edk2-aarch64-verbose-qcow2.json @@ -0,0 +1,31 @@ +{ + "description": "UEFI firmware for ARM64 virtual machines, verbose logs", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + "executable": { + "filename": "/usr/share/edk2/aarch64/QEMU_EFI-pflash.qcow2", + "format": "qcow2" + }, + "nvram-template": { + "filename": "/usr/share/edk2/aarch64/vars-template-pflash.qcow2", + "format": "qcow2" + } + }, + "targets": [ + { + "architecture": "aarch64", + "machines": [ + "virt-*" + ] + } + ], + "features": [ + "verbose-static" + ], + "tags": [ + + ] +} diff --git a/51-edk2-aarch64-verbose.json b/53-edk2-aarch64-verbose-raw.json similarity index 100% rename from 51-edk2-aarch64-verbose.json rename to 53-edk2-aarch64-verbose-raw.json diff --git a/edk2.spec b/edk2.spec index 8c3770b..083bfbf 100644 --- a/edk2.spec +++ b/edk2.spec @@ -5,6 +5,8 @@ ExclusiveArch: x86_64 aarch64 %define TOOLCHAIN GCC5 %define OPENSSL_VER 1.1.1k +%define DBXDATE 20230314 + %define build_ovmf 0 %define build_aarch64 0 %ifarch x86_64 @@ -16,7 +18,7 @@ ExclusiveArch: x86_64 aarch64 Name: edk2 Version: %{GITDATE}git%{GITCOMMIT} -Release: 2%{?dist} +Release: 3%{?dist} Summary: UEFI firmware for 64-bit virtual machines License: BSD-2-Clause-Patent and OpenSSL and MIT URL: http://www.tianocore.org @@ -30,8 +32,10 @@ Source1: ovmf-whitepaper-c770f8c.txt Source2: openssl-rhel-d00c3c5b8a9d6d3ea3dabfcafdf36afd61ba8bcc.tar.xz # json description files -Source10: 50-edk2-aarch64.json -Source11: 51-edk2-aarch64-verbose.json +Source10: 50-edk2-aarch64-qcow2.json +Source11: 51-edk2-aarch64-raw.json +Source12: 52-edk2-aarch64-verbose-qcow2.json +Source13: 53-edk2-aarch64-verbose-raw.json Source40: 30-edk2-ovmf-x64-sb-enrolled.json Source41: 40-edk2-ovmf-x64-sb.json @@ -43,6 +47,8 @@ Source45: 60-edk2-ovmf-x64-inteltdx.json Source80: edk2-build.py Source82: edk2-build.rhel-9 +Source90: DBXUpdate-%{DBXDATE}.x64.bin + Patch0002: 0002-Remove-submodules.patch Patch0003: 0003-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch Patch0004: 0004-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch @@ -79,6 +85,7 @@ BuildRequires: python3-devel BuildRequires: libuuid-devel BuildRequires: /usr/bin/iasl BuildRequires: binutils gcc git gcc-c++ make +BuildRequires: qemu-img %if %{build_ovmf} # Only OVMF includes 80x86 assembly files (*.nasm*). @@ -91,7 +98,7 @@ BuildRequires: mtools BuildRequires: xorriso # secure boot enrollment -BuildRequires: python3dist(virt-firmware) +BuildRequires: python3dist(virt-firmware) >= 23.4 # endif build_ovmf %endif @@ -123,6 +130,9 @@ BuildArch: noarch Provides: AAVMF = %{version}-%{release} Obsoletes: AAVMF < 20180508-100.gitee3198e672e2.el7 +# need libvirt version with qcow2 support +Conflicts: libvirt-daemon-driver-qemu < 9.2.0 + # No Secure Boot for AAVMF yet, but we include OpenSSL for the IPv6 stack. Provides: bundled(openssl) = %{OPENSSL_VER} License: BSD-2-Clause-Patent and OpenSSL @@ -170,9 +180,10 @@ git config am.keepcr true %autosetup -T -D -n edk2-%{GITCOMMIT} -S git_am cp -a -- %{SOURCE1} . -cp -a -- %{SOURCE10} %{SOURCE11} . +cp -a -- %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} . cp -a -- %{SOURCE40} %{SOURCE41} %{SOURCE43} %{SOURCE44} %{SOURCE45} . cp -a -- %{SOURCE80} %{SOURCE82} . +cp -a -- %{SOURCE90} . tar -C CryptoPkg/Library/OpensslLib -a -f %{SOURCE2} -x # Done by %setup, but we do not use it for the auxiliary tarballs @@ -225,11 +236,16 @@ touch OvmfPkg/AmdSev/Grub/grub.efi # dummy build_iso RHEL-9/ovmf virt-fw-vars --input RHEL-9/ovmf/OVMF_VARS.fd \ --output RHEL-9/ovmf/OVMF_VARS.secboot.fd \ + --set-dbx DBXUpdate-%{DBXDATE}.x64.bin \ --enroll-redhat --secure-boot %endif %if %{build_aarch64} ./edk2-build.py --config edk2-build.rhel-9 -m armvirt --release-date "$RELEASE_DATE" +for raw in */aarch64/*.raw; do + qcow2="${raw%.raw}.qcow2" + qemu-img convert -f raw -O qcow2 -o cluster_size=4096 -S 4096 "$raw" "$qcow2" +done %endif %install @@ -287,8 +303,10 @@ ln -s ../%{name}/aarch64/vars-template-pflash.raw \ %{buildroot}%{_datadir}/AAVMF/AAVMF_VARS.fd install -m 0644 \ - 50-edk2-aarch64.json \ - 51-edk2-aarch64-verbose.json \ + 50-edk2-aarch64-qcow2.json \ + 51-edk2-aarch64-raw.json \ + 52-edk2-aarch64-verbose-qcow2.json \ + 53-edk2-aarch64-verbose-raw.json \ %{buildroot}%{_datadir}/qemu/firmware # endif build_aarch64 @@ -336,17 +354,19 @@ install -m 0644 \ %common_files %dir %{_datadir}/AAVMF/ %dir %{_datadir}/%{name}/aarch64/ -%{_datadir}/%{name}/aarch64/QEMU_EFI-pflash.raw -%{_datadir}/%{name}/aarch64/QEMU_EFI-silent-pflash.raw -%{_datadir}/%{name}/aarch64/vars-template-pflash.raw +%{_datadir}/%{name}/aarch64/QEMU_EFI-pflash.* +%{_datadir}/%{name}/aarch64/QEMU_EFI-silent-pflash.* +%{_datadir}/%{name}/aarch64/vars-template-pflash.* %{_datadir}/AAVMF/AAVMF_CODE.verbose.fd %{_datadir}/AAVMF/AAVMF_CODE.fd %{_datadir}/AAVMF/AAVMF_VARS.fd %{_datadir}/%{name}/aarch64/QEMU_EFI.fd %{_datadir}/%{name}/aarch64/QEMU_EFI.silent.fd %{_datadir}/%{name}/aarch64/QEMU_VARS.fd -%{_datadir}/qemu/firmware/50-edk2-aarch64.json -%{_datadir}/qemu/firmware/51-edk2-aarch64-verbose.json +%{_datadir}/qemu/firmware/50-edk2-aarch64-qcow2.json +%{_datadir}/qemu/firmware/51-edk2-aarch64-raw.json +%{_datadir}/qemu/firmware/52-edk2-aarch64-verbose-qcow2.json +%{_datadir}/qemu/firmware/53-edk2-aarch64-verbose-raw.json # endif build_aarch64 %endif @@ -375,6 +395,17 @@ install -m 0644 \ %changelog +* Mon May 08 2023 Miroslav Rezanina - 20230301gitf80f052277c8-3 +- edk2-add-aarch64-qcow2-images.patch [bz#2186754] +- edk2-update-json-files.patch [bz#2186754] +- edk2-add-libvirt-version-conflict.patch [bz#2186754] +- edk2-add-dbx-update-blob-rh-only.patch [RHEL-377] +- edk2-spec-apply-dbx-update-rh-only.patch [RHEL-377] +- Resolves: bz#2186754 + (edk2: Add firmware images in qcow2 format) +- Resolves: RHEL-377 + (edk2: ship secure build variable store with latest dbx updates) + * Wed Apr 05 2023 Miroslav Rezanina - 20230301gitf80f052277c8-2 - edk2-build-script-update.patch [bz#2183230] - edk2-PcdDxeNxMemoryProtectionPolicy-update.patch [bz#2183230] diff --git a/sources b/sources index 9d5c7e1..cf25eb2 100644 --- a/sources +++ b/sources @@ -1,2 +1,3 @@ SHA512 (edk2-f80f052277c8.tar.xz) = af802257f010b63d973dc909b57ee845b7734e8d494b081050ba1f197349663b081e1f2edc5244726e2479ff6d16d79d0a6fceb00f4840b59982f10b79facf66 SHA512 (openssl-rhel-d00c3c5b8a9d6d3ea3dabfcafdf36afd61ba8bcc.tar.xz) = 6842e767f767fe79edcb9ba8e32ce2956e8b56f0b265f79a5b4dbd4bba51b63d9733841badee7f2ffdcca803baf82b3e9e132fd465c22027539dcfd02608e99a +SHA512 (DBXUpdate-20230314.x64.bin) = 55eefa89f84f1d03996cc74e626fd1dc8c0ff3a94ad64c13bdeafdad071150bb7b4dbb46259e0c0412965a474f0c86c0634af71c18503e32c6fbdae35cd6cd06