* Mon May 08 2023 Miroslav Rezanina <mrezanin@redhat.com> - 20230301gitf80f052277c8-3

- edk2-add-aarch64-qcow2-images.patch [bz#2186754]
- edk2-update-json-files.patch [bz#2186754]
- edk2-add-libvirt-version-conflict.patch [bz#2186754]
- edk2-add-dbx-update-blob-rh-only.patch [RHEL-377]
- edk2-spec-apply-dbx-update-rh-only.patch [RHEL-377]
- Resolves: bz#2186754
  (edk2: Add firmware images in qcow2 format)
- Resolves: RHEL-377
  (edk2: ship secure build variable store with latest dbx updates)
This commit is contained in:
Miroslav Rezanina 2023-05-08 08:31:21 -04:00
parent ae1eff6bab
commit a19f633550
7 changed files with 107 additions and 12 deletions

1
.gitignore vendored
View File

@ -9,3 +9,4 @@
/openssl-rhel-a75722161d20fd632f8875585d3aa066ec5fea93.tar.xz /openssl-rhel-a75722161d20fd632f8875585d3aa066ec5fea93.tar.xz
/openssl-rhel-740e53ace8f6771c205bf84780e26bcd7a3275df.tar.xz /openssl-rhel-740e53ace8f6771c205bf84780e26bcd7a3275df.tar.xz
/openssl-rhel-d00c3c5b8a9d6d3ea3dabfcafdf36afd61ba8bcc.tar.xz /openssl-rhel-d00c3c5b8a9d6d3ea3dabfcafdf36afd61ba8bcc.tar.xz
/DBXUpdate-20230314.x64.bin

View File

@ -0,0 +1,31 @@
{
"description": "UEFI firmware for ARM64 virtual machines",
"interface-types": [
"uefi"
],
"mapping": {
"device": "flash",
"executable": {
"filename": "/usr/share/edk2/aarch64/QEMU_EFI-silent-pflash.qcow2",
"format": "qcow2"
},
"nvram-template": {
"filename": "/usr/share/edk2/aarch64/vars-template-pflash.qcow2",
"format": "qcow2"
}
},
"targets": [
{
"architecture": "aarch64",
"machines": [
"virt-*"
]
}
],
"features": [
],
"tags": [
]
}

View File

@ -0,0 +1,31 @@
{
"description": "UEFI firmware for ARM64 virtual machines, verbose logs",
"interface-types": [
"uefi"
],
"mapping": {
"device": "flash",
"executable": {
"filename": "/usr/share/edk2/aarch64/QEMU_EFI-pflash.qcow2",
"format": "qcow2"
},
"nvram-template": {
"filename": "/usr/share/edk2/aarch64/vars-template-pflash.qcow2",
"format": "qcow2"
}
},
"targets": [
{
"architecture": "aarch64",
"machines": [
"virt-*"
]
}
],
"features": [
"verbose-static"
],
"tags": [
]
}

View File

@ -5,6 +5,8 @@ ExclusiveArch: x86_64 aarch64
%define TOOLCHAIN GCC5 %define TOOLCHAIN GCC5
%define OPENSSL_VER 1.1.1k %define OPENSSL_VER 1.1.1k
%define DBXDATE 20230314
%define build_ovmf 0 %define build_ovmf 0
%define build_aarch64 0 %define build_aarch64 0
%ifarch x86_64 %ifarch x86_64
@ -16,7 +18,7 @@ ExclusiveArch: x86_64 aarch64
Name: edk2 Name: edk2
Version: %{GITDATE}git%{GITCOMMIT} Version: %{GITDATE}git%{GITCOMMIT}
Release: 2%{?dist} Release: 3%{?dist}
Summary: UEFI firmware for 64-bit virtual machines Summary: UEFI firmware for 64-bit virtual machines
License: BSD-2-Clause-Patent and OpenSSL and MIT License: BSD-2-Clause-Patent and OpenSSL and MIT
URL: http://www.tianocore.org URL: http://www.tianocore.org
@ -30,8 +32,10 @@ Source1: ovmf-whitepaper-c770f8c.txt
Source2: openssl-rhel-d00c3c5b8a9d6d3ea3dabfcafdf36afd61ba8bcc.tar.xz Source2: openssl-rhel-d00c3c5b8a9d6d3ea3dabfcafdf36afd61ba8bcc.tar.xz
# json description files # json description files
Source10: 50-edk2-aarch64.json Source10: 50-edk2-aarch64-qcow2.json
Source11: 51-edk2-aarch64-verbose.json Source11: 51-edk2-aarch64-raw.json
Source12: 52-edk2-aarch64-verbose-qcow2.json
Source13: 53-edk2-aarch64-verbose-raw.json
Source40: 30-edk2-ovmf-x64-sb-enrolled.json Source40: 30-edk2-ovmf-x64-sb-enrolled.json
Source41: 40-edk2-ovmf-x64-sb.json Source41: 40-edk2-ovmf-x64-sb.json
@ -43,6 +47,8 @@ Source45: 60-edk2-ovmf-x64-inteltdx.json
Source80: edk2-build.py Source80: edk2-build.py
Source82: edk2-build.rhel-9 Source82: edk2-build.rhel-9
Source90: DBXUpdate-%{DBXDATE}.x64.bin
Patch0002: 0002-Remove-submodules.patch Patch0002: 0002-Remove-submodules.patch
Patch0003: 0003-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch Patch0003: 0003-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch
Patch0004: 0004-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch Patch0004: 0004-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch
@ -79,6 +85,7 @@ BuildRequires: python3-devel
BuildRequires: libuuid-devel BuildRequires: libuuid-devel
BuildRequires: /usr/bin/iasl BuildRequires: /usr/bin/iasl
BuildRequires: binutils gcc git gcc-c++ make BuildRequires: binutils gcc git gcc-c++ make
BuildRequires: qemu-img
%if %{build_ovmf} %if %{build_ovmf}
# Only OVMF includes 80x86 assembly files (*.nasm*). # Only OVMF includes 80x86 assembly files (*.nasm*).
@ -91,7 +98,7 @@ BuildRequires: mtools
BuildRequires: xorriso BuildRequires: xorriso
# secure boot enrollment # secure boot enrollment
BuildRequires: python3dist(virt-firmware) BuildRequires: python3dist(virt-firmware) >= 23.4
# endif build_ovmf # endif build_ovmf
%endif %endif
@ -123,6 +130,9 @@ BuildArch: noarch
Provides: AAVMF = %{version}-%{release} Provides: AAVMF = %{version}-%{release}
Obsoletes: AAVMF < 20180508-100.gitee3198e672e2.el7 Obsoletes: AAVMF < 20180508-100.gitee3198e672e2.el7
# need libvirt version with qcow2 support
Conflicts: libvirt-daemon-driver-qemu < 9.2.0
# No Secure Boot for AAVMF yet, but we include OpenSSL for the IPv6 stack. # No Secure Boot for AAVMF yet, but we include OpenSSL for the IPv6 stack.
Provides: bundled(openssl) = %{OPENSSL_VER} Provides: bundled(openssl) = %{OPENSSL_VER}
License: BSD-2-Clause-Patent and OpenSSL License: BSD-2-Clause-Patent and OpenSSL
@ -170,9 +180,10 @@ git config am.keepcr true
%autosetup -T -D -n edk2-%{GITCOMMIT} -S git_am %autosetup -T -D -n edk2-%{GITCOMMIT} -S git_am
cp -a -- %{SOURCE1} . cp -a -- %{SOURCE1} .
cp -a -- %{SOURCE10} %{SOURCE11} . cp -a -- %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} .
cp -a -- %{SOURCE40} %{SOURCE41} %{SOURCE43} %{SOURCE44} %{SOURCE45} . cp -a -- %{SOURCE40} %{SOURCE41} %{SOURCE43} %{SOURCE44} %{SOURCE45} .
cp -a -- %{SOURCE80} %{SOURCE82} . cp -a -- %{SOURCE80} %{SOURCE82} .
cp -a -- %{SOURCE90} .
tar -C CryptoPkg/Library/OpensslLib -a -f %{SOURCE2} -x tar -C CryptoPkg/Library/OpensslLib -a -f %{SOURCE2} -x
# Done by %setup, but we do not use it for the auxiliary tarballs # Done by %setup, but we do not use it for the auxiliary tarballs
@ -225,11 +236,16 @@ touch OvmfPkg/AmdSev/Grub/grub.efi # dummy
build_iso RHEL-9/ovmf build_iso RHEL-9/ovmf
virt-fw-vars --input RHEL-9/ovmf/OVMF_VARS.fd \ virt-fw-vars --input RHEL-9/ovmf/OVMF_VARS.fd \
--output RHEL-9/ovmf/OVMF_VARS.secboot.fd \ --output RHEL-9/ovmf/OVMF_VARS.secboot.fd \
--set-dbx DBXUpdate-%{DBXDATE}.x64.bin \
--enroll-redhat --secure-boot --enroll-redhat --secure-boot
%endif %endif
%if %{build_aarch64} %if %{build_aarch64}
./edk2-build.py --config edk2-build.rhel-9 -m armvirt --release-date "$RELEASE_DATE" ./edk2-build.py --config edk2-build.rhel-9 -m armvirt --release-date "$RELEASE_DATE"
for raw in */aarch64/*.raw; do
qcow2="${raw%.raw}.qcow2"
qemu-img convert -f raw -O qcow2 -o cluster_size=4096 -S 4096 "$raw" "$qcow2"
done
%endif %endif
%install %install
@ -287,8 +303,10 @@ ln -s ../%{name}/aarch64/vars-template-pflash.raw \
%{buildroot}%{_datadir}/AAVMF/AAVMF_VARS.fd %{buildroot}%{_datadir}/AAVMF/AAVMF_VARS.fd
install -m 0644 \ install -m 0644 \
50-edk2-aarch64.json \ 50-edk2-aarch64-qcow2.json \
51-edk2-aarch64-verbose.json \ 51-edk2-aarch64-raw.json \
52-edk2-aarch64-verbose-qcow2.json \
53-edk2-aarch64-verbose-raw.json \
%{buildroot}%{_datadir}/qemu/firmware %{buildroot}%{_datadir}/qemu/firmware
# endif build_aarch64 # endif build_aarch64
@ -336,17 +354,19 @@ install -m 0644 \
%common_files %common_files
%dir %{_datadir}/AAVMF/ %dir %{_datadir}/AAVMF/
%dir %{_datadir}/%{name}/aarch64/ %dir %{_datadir}/%{name}/aarch64/
%{_datadir}/%{name}/aarch64/QEMU_EFI-pflash.raw %{_datadir}/%{name}/aarch64/QEMU_EFI-pflash.*
%{_datadir}/%{name}/aarch64/QEMU_EFI-silent-pflash.raw %{_datadir}/%{name}/aarch64/QEMU_EFI-silent-pflash.*
%{_datadir}/%{name}/aarch64/vars-template-pflash.raw %{_datadir}/%{name}/aarch64/vars-template-pflash.*
%{_datadir}/AAVMF/AAVMF_CODE.verbose.fd %{_datadir}/AAVMF/AAVMF_CODE.verbose.fd
%{_datadir}/AAVMF/AAVMF_CODE.fd %{_datadir}/AAVMF/AAVMF_CODE.fd
%{_datadir}/AAVMF/AAVMF_VARS.fd %{_datadir}/AAVMF/AAVMF_VARS.fd
%{_datadir}/%{name}/aarch64/QEMU_EFI.fd %{_datadir}/%{name}/aarch64/QEMU_EFI.fd
%{_datadir}/%{name}/aarch64/QEMU_EFI.silent.fd %{_datadir}/%{name}/aarch64/QEMU_EFI.silent.fd
%{_datadir}/%{name}/aarch64/QEMU_VARS.fd %{_datadir}/%{name}/aarch64/QEMU_VARS.fd
%{_datadir}/qemu/firmware/50-edk2-aarch64.json %{_datadir}/qemu/firmware/50-edk2-aarch64-qcow2.json
%{_datadir}/qemu/firmware/51-edk2-aarch64-verbose.json %{_datadir}/qemu/firmware/51-edk2-aarch64-raw.json
%{_datadir}/qemu/firmware/52-edk2-aarch64-verbose-qcow2.json
%{_datadir}/qemu/firmware/53-edk2-aarch64-verbose-raw.json
# endif build_aarch64 # endif build_aarch64
%endif %endif
@ -375,6 +395,17 @@ install -m 0644 \
%changelog %changelog
* Mon May 08 2023 Miroslav Rezanina <mrezanin@redhat.com> - 20230301gitf80f052277c8-3
- edk2-add-aarch64-qcow2-images.patch [bz#2186754]
- edk2-update-json-files.patch [bz#2186754]
- edk2-add-libvirt-version-conflict.patch [bz#2186754]
- edk2-add-dbx-update-blob-rh-only.patch [RHEL-377]
- edk2-spec-apply-dbx-update-rh-only.patch [RHEL-377]
- Resolves: bz#2186754
(edk2: Add firmware images in qcow2 format)
- Resolves: RHEL-377
(edk2: ship secure build variable store with latest dbx updates)
* Wed Apr 05 2023 Miroslav Rezanina <mrezanin@redhat.com> - 20230301gitf80f052277c8-2 * Wed Apr 05 2023 Miroslav Rezanina <mrezanin@redhat.com> - 20230301gitf80f052277c8-2
- edk2-build-script-update.patch [bz#2183230] - edk2-build-script-update.patch [bz#2183230]
- edk2-PcdDxeNxMemoryProtectionPolicy-update.patch [bz#2183230] - edk2-PcdDxeNxMemoryProtectionPolicy-update.patch [bz#2183230]

View File

@ -1,2 +1,3 @@
SHA512 (edk2-f80f052277c8.tar.xz) = af802257f010b63d973dc909b57ee845b7734e8d494b081050ba1f197349663b081e1f2edc5244726e2479ff6d16d79d0a6fceb00f4840b59982f10b79facf66 SHA512 (edk2-f80f052277c8.tar.xz) = af802257f010b63d973dc909b57ee845b7734e8d494b081050ba1f197349663b081e1f2edc5244726e2479ff6d16d79d0a6fceb00f4840b59982f10b79facf66
SHA512 (openssl-rhel-d00c3c5b8a9d6d3ea3dabfcafdf36afd61ba8bcc.tar.xz) = 6842e767f767fe79edcb9ba8e32ce2956e8b56f0b265f79a5b4dbd4bba51b63d9733841badee7f2ffdcca803baf82b3e9e132fd465c22027539dcfd02608e99a SHA512 (openssl-rhel-d00c3c5b8a9d6d3ea3dabfcafdf36afd61ba8bcc.tar.xz) = 6842e767f767fe79edcb9ba8e32ce2956e8b56f0b265f79a5b4dbd4bba51b63d9733841badee7f2ffdcca803baf82b3e9e132fd465c22027539dcfd02608e99a
SHA512 (DBXUpdate-20230314.x64.bin) = 55eefa89f84f1d03996cc74e626fd1dc8c0ff3a94ad64c13bdeafdad071150bb7b4dbb46259e0c0412965a474f0c86c0634af71c18503e32c6fbdae35cd6cd06