From e23d2f953bff9f59004957a6958f0b639c7080b4 Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Tue, 5 Dec 2023 16:17:15 +0100 Subject: [PATCH] update build config: 64bit pei, tdx sb Stop using mixed mode builds, switch to 64-bit PEI phase. Enable secure boot for the intel tdx builds. Signed-off-by: Gerd Hoffmann --- edk2-build.fedora | 28 +++++++++++++++------------- edk2-build.rhel-9 | 13 +++++++++---- 2 files changed, 24 insertions(+), 17 deletions(-) diff --git a/edk2-build.fedora b/edk2-build.fedora index 3cdbd60..59a2929 100644 --- a/edk2-build.fedora +++ b/edk2-build.fedora @@ -80,25 +80,25 @@ cpy1 = FV/OVMF_CODE.fd OVMF_CODE_4M.fd cpy2 = FV/OVMF_VARS.fd OVMF_VARS_4M.fd [build.ovmf.2m.sb.smm] -desc = ovmf build (32/64-bit, 2MB, q35 only, needs smm, secure boot) -conf = OvmfPkg/OvmfPkgIa32X64.dsc -arch = IA32 X64 +desc = ovmf build (64-bit, 2MB, q35 only, needs smm, secure boot) +conf = OvmfPkg/OvmfPkgX64.dsc +arch = X64 opts = ovmf.common ovmf.2m ovmf.sb.smm -plat = Ovmf3264 +plat = OvmfX64 dest = Fedora/ovmf cpy1 = FV/OVMF_CODE.fd OVMF_CODE.secboot.fd cpy2 = X64/EnrollDefaultKeys.efi [build.ovmf.4m.sb.smm] -desc = ovmf build (32/64-bit, 4MB, q35 only, needs smm, secure boot) -conf = OvmfPkg/OvmfPkgIa32X64.dsc -arch = IA32 X64 +desc = ovmf build (64-bit, 4MB, q35 only, needs smm, secure boot) +conf = OvmfPkg/OvmfPkgX64.dsc +arch = X64 opts = ovmf.common ovmf.4m ovmf.sb.smm -plat = Ovmf3264 +plat = OvmfX64 dest = Fedora/ovmf cpy1 = FV/OVMF_CODE.fd OVMF_CODE_4M.secboot.fd @@ -140,7 +140,9 @@ cpy1 = FV/OVMF.fd OVMF.amdsev.fd desc = ovmf build for IntelTdx (2MB) conf = OvmfPkg/IntelTdx/IntelTdxX64.dsc arch = X64 -opts = ovmf.common ovmf.2m +opts = ovmf.common + ovmf.2m + ovmf.sb.stateless plat = IntelTdx dest = Fedora/ovmf cpy1 = FV/OVMF.fd OVMF.inteltdx.fd @@ -265,14 +267,14 @@ dest = Fedora/experimental cpy1 = FV/OVMF.fd OVMF.stateless.fd [build.ovmf.strict.nx] -desc = ovmf build (32/64-bit, 4MB, q35 only, needs smm, secure boot, strict nx) -conf = OvmfPkg/OvmfPkgIa32X64.dsc -arch = IA32 X64 +desc = ovmf build (64-bit, 4MB, q35 only, needs smm, secure boot, strict nx) +conf = OvmfPkg/OvmfPkgX64.dsc +arch = X64 opts = ovmf.common ovmf.4m ovmf.sb.smm pcds = nx.strict -plat = Ovmf3264 +plat = OvmfX64 dest = Fedora/experimental cpy1 = FV/OVMF_CODE.fd OVMF_CODE.4m.secboot.strictnx.fd diff --git a/edk2-build.rhel-9 b/edk2-build.rhel-9 index 044c034..e199046 100644 --- a/edk2-build.rhel-9 +++ b/edk2-build.rhel-9 @@ -21,6 +21,10 @@ EXCLUDE_SHELL_FROM_FD = TRUE # new upstream BUILD_SHELL = FALSE +[opts.ovmf.sb.stateless] +SECURE_BOOT_ENABLE = TRUE +SMM_REQUIRE = FALSE + [opts.armvirt.verbose] DEBUG_PRINT_ERROR_LEVEL = 0x8040004F @@ -50,13 +54,13 @@ cpy2 = FV/OVMF_VARS.fd cpy3 = X64/Shell.efi [build.ovmf.4m.sb.smm] -desc = ovmf build (32/64-bit, 4MB, q35 only, needs smm, secure boot) -conf = OvmfPkg/OvmfPkgIa32X64.dsc -arch = IA32 X64 +desc = ovmf build (64-bit, 4MB, q35 only, needs smm, secure boot) +conf = OvmfPkg/OvmfPkgX64.dsc +arch = X64 opts = ovmf.common ovmf.4m ovmf.sb.smm -plat = Ovmf3264 +plat = OvmfX64 dest = RHEL-9/ovmf cpy1 = FV/OVMF_CODE.fd OVMF_CODE.secboot.fd cpy2 = X64/EnrollDefaultKeys.efi @@ -81,6 +85,7 @@ conf = OvmfPkg/IntelTdx/IntelTdxX64.dsc arch = X64 opts = ovmf.common ovmf.4m + ovmf.sb.stateless plat = IntelTdx dest = RHEL-9/ovmf cpy1 = FV/OVMF.fd OVMF.inteltdx.fd