* Mon May 08 2023 Miroslav Rezanina <mrezanin@redhat.com> - 20230301gitf80f052277c8-3
- edk2-add-aarch64-qcow2-images.patch [bz#2186754] - edk2-update-json-files.patch [bz#2186754] - edk2-add-libvirt-version-conflict.patch [bz#2186754] - edk2-add-dbx-update-blob-rh-only.patch [RHEL-377] - edk2-spec-apply-dbx-update-rh-only.patch [RHEL-377] - Resolves: bz#2186754 (edk2: Add firmware images in qcow2 format) - Resolves: RHEL-377 (edk2: ship secure build variable store with latest dbx updates)
This commit is contained in:
parent
ae1eff6bab
commit
a19f633550
1
.gitignore
vendored
1
.gitignore
vendored
@ -9,3 +9,4 @@
|
|||||||
/openssl-rhel-a75722161d20fd632f8875585d3aa066ec5fea93.tar.xz
|
/openssl-rhel-a75722161d20fd632f8875585d3aa066ec5fea93.tar.xz
|
||||||
/openssl-rhel-740e53ace8f6771c205bf84780e26bcd7a3275df.tar.xz
|
/openssl-rhel-740e53ace8f6771c205bf84780e26bcd7a3275df.tar.xz
|
||||||
/openssl-rhel-d00c3c5b8a9d6d3ea3dabfcafdf36afd61ba8bcc.tar.xz
|
/openssl-rhel-d00c3c5b8a9d6d3ea3dabfcafdf36afd61ba8bcc.tar.xz
|
||||||
|
/DBXUpdate-20230314.x64.bin
|
||||||
|
31
50-edk2-aarch64-qcow2.json
Normal file
31
50-edk2-aarch64-qcow2.json
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
{
|
||||||
|
"description": "UEFI firmware for ARM64 virtual machines",
|
||||||
|
"interface-types": [
|
||||||
|
"uefi"
|
||||||
|
],
|
||||||
|
"mapping": {
|
||||||
|
"device": "flash",
|
||||||
|
"executable": {
|
||||||
|
"filename": "/usr/share/edk2/aarch64/QEMU_EFI-silent-pflash.qcow2",
|
||||||
|
"format": "qcow2"
|
||||||
|
},
|
||||||
|
"nvram-template": {
|
||||||
|
"filename": "/usr/share/edk2/aarch64/vars-template-pflash.qcow2",
|
||||||
|
"format": "qcow2"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"architecture": "aarch64",
|
||||||
|
"machines": [
|
||||||
|
"virt-*"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"features": [
|
||||||
|
|
||||||
|
],
|
||||||
|
"tags": [
|
||||||
|
|
||||||
|
]
|
||||||
|
}
|
31
52-edk2-aarch64-verbose-qcow2.json
Normal file
31
52-edk2-aarch64-verbose-qcow2.json
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
{
|
||||||
|
"description": "UEFI firmware for ARM64 virtual machines, verbose logs",
|
||||||
|
"interface-types": [
|
||||||
|
"uefi"
|
||||||
|
],
|
||||||
|
"mapping": {
|
||||||
|
"device": "flash",
|
||||||
|
"executable": {
|
||||||
|
"filename": "/usr/share/edk2/aarch64/QEMU_EFI-pflash.qcow2",
|
||||||
|
"format": "qcow2"
|
||||||
|
},
|
||||||
|
"nvram-template": {
|
||||||
|
"filename": "/usr/share/edk2/aarch64/vars-template-pflash.qcow2",
|
||||||
|
"format": "qcow2"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"architecture": "aarch64",
|
||||||
|
"machines": [
|
||||||
|
"virt-*"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"features": [
|
||||||
|
"verbose-static"
|
||||||
|
],
|
||||||
|
"tags": [
|
||||||
|
|
||||||
|
]
|
||||||
|
}
|
55
edk2.spec
55
edk2.spec
@ -5,6 +5,8 @@ ExclusiveArch: x86_64 aarch64
|
|||||||
%define TOOLCHAIN GCC5
|
%define TOOLCHAIN GCC5
|
||||||
%define OPENSSL_VER 1.1.1k
|
%define OPENSSL_VER 1.1.1k
|
||||||
|
|
||||||
|
%define DBXDATE 20230314
|
||||||
|
|
||||||
%define build_ovmf 0
|
%define build_ovmf 0
|
||||||
%define build_aarch64 0
|
%define build_aarch64 0
|
||||||
%ifarch x86_64
|
%ifarch x86_64
|
||||||
@ -16,7 +18,7 @@ ExclusiveArch: x86_64 aarch64
|
|||||||
|
|
||||||
Name: edk2
|
Name: edk2
|
||||||
Version: %{GITDATE}git%{GITCOMMIT}
|
Version: %{GITDATE}git%{GITCOMMIT}
|
||||||
Release: 2%{?dist}
|
Release: 3%{?dist}
|
||||||
Summary: UEFI firmware for 64-bit virtual machines
|
Summary: UEFI firmware for 64-bit virtual machines
|
||||||
License: BSD-2-Clause-Patent and OpenSSL and MIT
|
License: BSD-2-Clause-Patent and OpenSSL and MIT
|
||||||
URL: http://www.tianocore.org
|
URL: http://www.tianocore.org
|
||||||
@ -30,8 +32,10 @@ Source1: ovmf-whitepaper-c770f8c.txt
|
|||||||
Source2: openssl-rhel-d00c3c5b8a9d6d3ea3dabfcafdf36afd61ba8bcc.tar.xz
|
Source2: openssl-rhel-d00c3c5b8a9d6d3ea3dabfcafdf36afd61ba8bcc.tar.xz
|
||||||
|
|
||||||
# json description files
|
# json description files
|
||||||
Source10: 50-edk2-aarch64.json
|
Source10: 50-edk2-aarch64-qcow2.json
|
||||||
Source11: 51-edk2-aarch64-verbose.json
|
Source11: 51-edk2-aarch64-raw.json
|
||||||
|
Source12: 52-edk2-aarch64-verbose-qcow2.json
|
||||||
|
Source13: 53-edk2-aarch64-verbose-raw.json
|
||||||
|
|
||||||
Source40: 30-edk2-ovmf-x64-sb-enrolled.json
|
Source40: 30-edk2-ovmf-x64-sb-enrolled.json
|
||||||
Source41: 40-edk2-ovmf-x64-sb.json
|
Source41: 40-edk2-ovmf-x64-sb.json
|
||||||
@ -43,6 +47,8 @@ Source45: 60-edk2-ovmf-x64-inteltdx.json
|
|||||||
Source80: edk2-build.py
|
Source80: edk2-build.py
|
||||||
Source82: edk2-build.rhel-9
|
Source82: edk2-build.rhel-9
|
||||||
|
|
||||||
|
Source90: DBXUpdate-%{DBXDATE}.x64.bin
|
||||||
|
|
||||||
Patch0002: 0002-Remove-submodules.patch
|
Patch0002: 0002-Remove-submodules.patch
|
||||||
Patch0003: 0003-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch
|
Patch0003: 0003-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch
|
||||||
Patch0004: 0004-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch
|
Patch0004: 0004-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch
|
||||||
@ -79,6 +85,7 @@ BuildRequires: python3-devel
|
|||||||
BuildRequires: libuuid-devel
|
BuildRequires: libuuid-devel
|
||||||
BuildRequires: /usr/bin/iasl
|
BuildRequires: /usr/bin/iasl
|
||||||
BuildRequires: binutils gcc git gcc-c++ make
|
BuildRequires: binutils gcc git gcc-c++ make
|
||||||
|
BuildRequires: qemu-img
|
||||||
|
|
||||||
%if %{build_ovmf}
|
%if %{build_ovmf}
|
||||||
# Only OVMF includes 80x86 assembly files (*.nasm*).
|
# Only OVMF includes 80x86 assembly files (*.nasm*).
|
||||||
@ -91,7 +98,7 @@ BuildRequires: mtools
|
|||||||
BuildRequires: xorriso
|
BuildRequires: xorriso
|
||||||
|
|
||||||
# secure boot enrollment
|
# secure boot enrollment
|
||||||
BuildRequires: python3dist(virt-firmware)
|
BuildRequires: python3dist(virt-firmware) >= 23.4
|
||||||
|
|
||||||
# endif build_ovmf
|
# endif build_ovmf
|
||||||
%endif
|
%endif
|
||||||
@ -123,6 +130,9 @@ BuildArch: noarch
|
|||||||
Provides: AAVMF = %{version}-%{release}
|
Provides: AAVMF = %{version}-%{release}
|
||||||
Obsoletes: AAVMF < 20180508-100.gitee3198e672e2.el7
|
Obsoletes: AAVMF < 20180508-100.gitee3198e672e2.el7
|
||||||
|
|
||||||
|
# need libvirt version with qcow2 support
|
||||||
|
Conflicts: libvirt-daemon-driver-qemu < 9.2.0
|
||||||
|
|
||||||
# No Secure Boot for AAVMF yet, but we include OpenSSL for the IPv6 stack.
|
# No Secure Boot for AAVMF yet, but we include OpenSSL for the IPv6 stack.
|
||||||
Provides: bundled(openssl) = %{OPENSSL_VER}
|
Provides: bundled(openssl) = %{OPENSSL_VER}
|
||||||
License: BSD-2-Clause-Patent and OpenSSL
|
License: BSD-2-Clause-Patent and OpenSSL
|
||||||
@ -170,9 +180,10 @@ git config am.keepcr true
|
|||||||
%autosetup -T -D -n edk2-%{GITCOMMIT} -S git_am
|
%autosetup -T -D -n edk2-%{GITCOMMIT} -S git_am
|
||||||
|
|
||||||
cp -a -- %{SOURCE1} .
|
cp -a -- %{SOURCE1} .
|
||||||
cp -a -- %{SOURCE10} %{SOURCE11} .
|
cp -a -- %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} .
|
||||||
cp -a -- %{SOURCE40} %{SOURCE41} %{SOURCE43} %{SOURCE44} %{SOURCE45} .
|
cp -a -- %{SOURCE40} %{SOURCE41} %{SOURCE43} %{SOURCE44} %{SOURCE45} .
|
||||||
cp -a -- %{SOURCE80} %{SOURCE82} .
|
cp -a -- %{SOURCE80} %{SOURCE82} .
|
||||||
|
cp -a -- %{SOURCE90} .
|
||||||
tar -C CryptoPkg/Library/OpensslLib -a -f %{SOURCE2} -x
|
tar -C CryptoPkg/Library/OpensslLib -a -f %{SOURCE2} -x
|
||||||
|
|
||||||
# Done by %setup, but we do not use it for the auxiliary tarballs
|
# Done by %setup, but we do not use it for the auxiliary tarballs
|
||||||
@ -225,11 +236,16 @@ touch OvmfPkg/AmdSev/Grub/grub.efi # dummy
|
|||||||
build_iso RHEL-9/ovmf
|
build_iso RHEL-9/ovmf
|
||||||
virt-fw-vars --input RHEL-9/ovmf/OVMF_VARS.fd \
|
virt-fw-vars --input RHEL-9/ovmf/OVMF_VARS.fd \
|
||||||
--output RHEL-9/ovmf/OVMF_VARS.secboot.fd \
|
--output RHEL-9/ovmf/OVMF_VARS.secboot.fd \
|
||||||
|
--set-dbx DBXUpdate-%{DBXDATE}.x64.bin \
|
||||||
--enroll-redhat --secure-boot
|
--enroll-redhat --secure-boot
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%if %{build_aarch64}
|
%if %{build_aarch64}
|
||||||
./edk2-build.py --config edk2-build.rhel-9 -m armvirt --release-date "$RELEASE_DATE"
|
./edk2-build.py --config edk2-build.rhel-9 -m armvirt --release-date "$RELEASE_DATE"
|
||||||
|
for raw in */aarch64/*.raw; do
|
||||||
|
qcow2="${raw%.raw}.qcow2"
|
||||||
|
qemu-img convert -f raw -O qcow2 -o cluster_size=4096 -S 4096 "$raw" "$qcow2"
|
||||||
|
done
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%install
|
%install
|
||||||
@ -287,8 +303,10 @@ ln -s ../%{name}/aarch64/vars-template-pflash.raw \
|
|||||||
%{buildroot}%{_datadir}/AAVMF/AAVMF_VARS.fd
|
%{buildroot}%{_datadir}/AAVMF/AAVMF_VARS.fd
|
||||||
|
|
||||||
install -m 0644 \
|
install -m 0644 \
|
||||||
50-edk2-aarch64.json \
|
50-edk2-aarch64-qcow2.json \
|
||||||
51-edk2-aarch64-verbose.json \
|
51-edk2-aarch64-raw.json \
|
||||||
|
52-edk2-aarch64-verbose-qcow2.json \
|
||||||
|
53-edk2-aarch64-verbose-raw.json \
|
||||||
%{buildroot}%{_datadir}/qemu/firmware
|
%{buildroot}%{_datadir}/qemu/firmware
|
||||||
|
|
||||||
# endif build_aarch64
|
# endif build_aarch64
|
||||||
@ -336,17 +354,19 @@ install -m 0644 \
|
|||||||
%common_files
|
%common_files
|
||||||
%dir %{_datadir}/AAVMF/
|
%dir %{_datadir}/AAVMF/
|
||||||
%dir %{_datadir}/%{name}/aarch64/
|
%dir %{_datadir}/%{name}/aarch64/
|
||||||
%{_datadir}/%{name}/aarch64/QEMU_EFI-pflash.raw
|
%{_datadir}/%{name}/aarch64/QEMU_EFI-pflash.*
|
||||||
%{_datadir}/%{name}/aarch64/QEMU_EFI-silent-pflash.raw
|
%{_datadir}/%{name}/aarch64/QEMU_EFI-silent-pflash.*
|
||||||
%{_datadir}/%{name}/aarch64/vars-template-pflash.raw
|
%{_datadir}/%{name}/aarch64/vars-template-pflash.*
|
||||||
%{_datadir}/AAVMF/AAVMF_CODE.verbose.fd
|
%{_datadir}/AAVMF/AAVMF_CODE.verbose.fd
|
||||||
%{_datadir}/AAVMF/AAVMF_CODE.fd
|
%{_datadir}/AAVMF/AAVMF_CODE.fd
|
||||||
%{_datadir}/AAVMF/AAVMF_VARS.fd
|
%{_datadir}/AAVMF/AAVMF_VARS.fd
|
||||||
%{_datadir}/%{name}/aarch64/QEMU_EFI.fd
|
%{_datadir}/%{name}/aarch64/QEMU_EFI.fd
|
||||||
%{_datadir}/%{name}/aarch64/QEMU_EFI.silent.fd
|
%{_datadir}/%{name}/aarch64/QEMU_EFI.silent.fd
|
||||||
%{_datadir}/%{name}/aarch64/QEMU_VARS.fd
|
%{_datadir}/%{name}/aarch64/QEMU_VARS.fd
|
||||||
%{_datadir}/qemu/firmware/50-edk2-aarch64.json
|
%{_datadir}/qemu/firmware/50-edk2-aarch64-qcow2.json
|
||||||
%{_datadir}/qemu/firmware/51-edk2-aarch64-verbose.json
|
%{_datadir}/qemu/firmware/51-edk2-aarch64-raw.json
|
||||||
|
%{_datadir}/qemu/firmware/52-edk2-aarch64-verbose-qcow2.json
|
||||||
|
%{_datadir}/qemu/firmware/53-edk2-aarch64-verbose-raw.json
|
||||||
# endif build_aarch64
|
# endif build_aarch64
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
@ -375,6 +395,17 @@ install -m 0644 \
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon May 08 2023 Miroslav Rezanina <mrezanin@redhat.com> - 20230301gitf80f052277c8-3
|
||||||
|
- edk2-add-aarch64-qcow2-images.patch [bz#2186754]
|
||||||
|
- edk2-update-json-files.patch [bz#2186754]
|
||||||
|
- edk2-add-libvirt-version-conflict.patch [bz#2186754]
|
||||||
|
- edk2-add-dbx-update-blob-rh-only.patch [RHEL-377]
|
||||||
|
- edk2-spec-apply-dbx-update-rh-only.patch [RHEL-377]
|
||||||
|
- Resolves: bz#2186754
|
||||||
|
(edk2: Add firmware images in qcow2 format)
|
||||||
|
- Resolves: RHEL-377
|
||||||
|
(edk2: ship secure build variable store with latest dbx updates)
|
||||||
|
|
||||||
* Wed Apr 05 2023 Miroslav Rezanina <mrezanin@redhat.com> - 20230301gitf80f052277c8-2
|
* Wed Apr 05 2023 Miroslav Rezanina <mrezanin@redhat.com> - 20230301gitf80f052277c8-2
|
||||||
- edk2-build-script-update.patch [bz#2183230]
|
- edk2-build-script-update.patch [bz#2183230]
|
||||||
- edk2-PcdDxeNxMemoryProtectionPolicy-update.patch [bz#2183230]
|
- edk2-PcdDxeNxMemoryProtectionPolicy-update.patch [bz#2183230]
|
||||||
|
1
sources
1
sources
@ -1,2 +1,3 @@
|
|||||||
SHA512 (edk2-f80f052277c8.tar.xz) = af802257f010b63d973dc909b57ee845b7734e8d494b081050ba1f197349663b081e1f2edc5244726e2479ff6d16d79d0a6fceb00f4840b59982f10b79facf66
|
SHA512 (edk2-f80f052277c8.tar.xz) = af802257f010b63d973dc909b57ee845b7734e8d494b081050ba1f197349663b081e1f2edc5244726e2479ff6d16d79d0a6fceb00f4840b59982f10b79facf66
|
||||||
SHA512 (openssl-rhel-d00c3c5b8a9d6d3ea3dabfcafdf36afd61ba8bcc.tar.xz) = 6842e767f767fe79edcb9ba8e32ce2956e8b56f0b265f79a5b4dbd4bba51b63d9733841badee7f2ffdcca803baf82b3e9e132fd465c22027539dcfd02608e99a
|
SHA512 (openssl-rhel-d00c3c5b8a9d6d3ea3dabfcafdf36afd61ba8bcc.tar.xz) = 6842e767f767fe79edcb9ba8e32ce2956e8b56f0b265f79a5b4dbd4bba51b63d9733841badee7f2ffdcca803baf82b3e9e132fd465c22027539dcfd02608e99a
|
||||||
|
SHA512 (DBXUpdate-20230314.x64.bin) = 55eefa89f84f1d03996cc74e626fd1dc8c0ff3a94ad64c13bdeafdad071150bb7b4dbb46259e0c0412965a474f0c86c0634af71c18503e32c6fbdae35cd6cd06
|
||||||
|
Loading…
Reference in New Issue
Block a user