[opts.ovmf.common] NETWORK_HTTP_BOOT_ENABLE = TRUE NETWORK_IP6_ENABLE = TRUE NETWORK_TLS_ENABLE = TRUE NETWORK_ISCSI_ENABLE = TRUE NETWORK_ALLOW_HTTP_CONNECTIONS = TRUE TPM2_ENABLE = TRUE TPM2_CONFIG_ENABLE = TRUE TPM1_ENABLE = TRUE CAVIUM_ERRATUM_27456 = TRUE [opts.ovmf.4m] FD_SIZE_4MB = TRUE [opts.ovmf.2m] FD_SIZE_2MB = TRUE NETWORK_ISCSI_ENABLE = FALSE NETWORK_TLS_ENABLE = FALSE [opts.ovmf.sb.smm] SECURE_BOOT_ENABLE = TRUE SMM_REQUIRE = TRUE # old downstream EXCLUDE_SHELL_FROM_FD = TRUE # new upstream BUILD_SHELL = FALSE # requires edk2 2022-11 or newer [opts.ovmf.sb.stateless] SECURE_BOOT_ENABLE = TRUE SMM_REQUIRE = FALSE [opts.armvirt.verbose] DEBUG_PRINT_ERROR_LEVEL = 0x8040004F [opts.armvirt.silent] DEBUG_PRINT_ERROR_LEVEL = 0x80000000 [opts.armvirt.sb.testonly] SECURE_BOOT_ENABLE = TRUE [opts.armvirt.kernel] TPM2_ENABLE = FALSE TPM2_CONFIG_ENABLE = FALSE [pcds.nx.strict] PcdDxeNxMemoryProtectionPolicy = 0xC000000000007FD5 PcdImageProtectionPolicy = 0x03 PcdSetNxForStack = TRUE # Default is FALSE, so there no need to actually set it. #PcdUninstallMemAttrProtocol = FALSE [pcds.nx.broken.shim.grub] # grub.efi uses EfiLoaderData for code PcdDxeNxMemoryProtectionPolicy = 0xC000000000007FD1 # shim.efi has broken MemAttr code PcdUninstallMemAttrProtocol = TRUE ##################################################################### # stateful ovmf builds (with vars in flash) [build.ovmf.2m.default] desc = ovmf build (64-bit, 2MB) conf = OvmfPkg/OvmfPkgX64.dsc arch = X64 opts = ovmf.common ovmf.2m plat = OvmfX64 dest = Fedora/ovmf cpy1 = FV/OVMF_CODE.fd cpy2 = FV/OVMF_VARS.fd cpy3 = X64/Shell.efi [build.ovmf.4m.default] desc = ovmf build (64-bit, 4MB) conf = OvmfPkg/OvmfPkgX64.dsc arch = X64 opts = ovmf.common ovmf.4m plat = OvmfX64 dest = Fedora/ovmf cpy1 = FV/OVMF_CODE.fd OVMF_CODE_4M.fd cpy2 = FV/OVMF_VARS.fd OVMF_VARS_4M.fd [build.ovmf.2m.sb.smm] desc = ovmf build (64-bit, 2MB, q35 only, needs smm, secure boot) conf = OvmfPkg/OvmfPkgX64.dsc arch = X64 opts = ovmf.common ovmf.2m ovmf.sb.smm plat = OvmfX64 dest = Fedora/ovmf cpy1 = FV/OVMF_CODE.fd OVMF_CODE.secboot.fd cpy2 = X64/EnrollDefaultKeys.efi [build.ovmf.4m.sb.smm] desc = ovmf build (64-bit, 4MB, q35 only, needs smm, secure boot) conf = OvmfPkg/OvmfPkgX64.dsc arch = X64 opts = ovmf.common ovmf.4m ovmf.sb.smm plat = OvmfX64 dest = Fedora/ovmf cpy1 = FV/OVMF_CODE.fd OVMF_CODE_4M.secboot.fd ##################################################################### # stateless ovmf builds (firmware in rom or r/o flash) [build.ovmf.microvm] desc = ovmf build for qemu microvm (2MB) conf = OvmfPkg/Microvm/MicrovmX64.dsc arch = X64 opts = ovmf.common ovmf.2m plat = MicrovmX64 dest = Fedora/ovmf cpy1 = FV/MICROVM.fd [build.ovmf.xen] desc = ovmf build for Xen conf = OvmfPkg/OvmfXen.dsc arch = X64 opts = ovmf.common ovmf.2m plat = OvmfXen dest = Fedora/xen cpy1 = FV/OVMF.fd [build.ovmf.amdsev] desc = ovmf build for AmdSev (2MB) conf = OvmfPkg/AmdSev/AmdSevX64.dsc arch = X64 opts = ovmf.common ovmf.2m plat = AmdSev dest = Fedora/ovmf cpy1 = FV/OVMF.fd OVMF.amdsev.fd [build.ovmf.inteltdx] desc = ovmf build for IntelTdx (2MB) conf = OvmfPkg/IntelTdx/IntelTdxX64.dsc arch = X64 opts = ovmf.common ovmf.2m ovmf.sb.stateless plat = IntelTdx dest = Fedora/ovmf cpy1 = FV/OVMF.fd OVMF.inteltdx.fd ##################################################################### # armvirt builds [build.armvirt.aa64.verbose] desc = ArmVirt build for qemu, 64-bit (arm v8), verbose conf = ArmVirtPkg/ArmVirtQemu.dsc arch = AARCH64 opts = ovmf.common armvirt.verbose pcds = nx.broken.shim.grub plat = ArmVirtQemu-AARCH64 dest = Fedora/aarch64 cpy1 = FV/QEMU_EFI.fd cpy2 = FV/QEMU_VARS.fd cpy3 = FV/QEMU_EFI.fd QEMU_EFI-pflash.raw cpy4 = FV/QEMU_VARS.fd vars-template-pflash.raw pad3 = QEMU_EFI-pflash.raw 64m pad4 = vars-template-pflash.raw 64m [build.armvirt.aa64.silent] desc = ArmVirt build for qemu, 64-bit (arm v8), silent conf = ArmVirtPkg/ArmVirtQemu.dsc arch = AARCH64 opts = ovmf.common armvirt.silent pcds = nx.broken.shim.grub plat = ArmVirtQemu-AARCH64 dest = Fedora/aarch64 cpy1 = FV/QEMU_EFI.fd QEMU_EFI.silent.fd cpy2 = FV/QEMU_EFI.fd QEMU_EFI-silent-pflash.raw pad2 = QEMU_EFI-silent-pflash.raw 64m [build.armvirt.aa64.kernel] desc = ArmVirt build for qemu, 64-bit (arm v8) conf = ArmVirtPkg/ArmVirtQemuKernel.dsc arch = AARCH64 opts = ovmf.common armvirt.silent armvirt.kernel pcds = nx.broken.shim.grub plat = ArmVirtQemuKernel-AARCH64 dest = Fedora/aarch64 cpy1 = FV/QEMU_EFI.fd QEMU_EFI.kernel.fd ##################################################################### # riscv [build.riscv.qemu] conf = OvmfPkg/RiscVVirt/RiscVVirtQemu.dsc arch = RISCV64 plat = RiscVVirtQemu dest = Fedora/riscv cpy1 = FV/RISCV_VIRT_CODE.fd cpy2 = FV/RISCV_VIRT_CODE.fd RISCV_VIRT_CODE.raw cpy3 = FV/RISCV_VIRT_VARS.fd cpy4 = FV/RISCV_VIRT_VARS.fd RISCV_VIRT_VARS.raw pad1 = RISCV_VIRT_CODE.raw 32m pad2 = RISCV_VIRT_VARS.raw 32m ##################################################################### # 32-bit builds [build.ovmf.ia32.default] desc = ovmf build (32-bit, 2MB) conf = OvmfPkg/OvmfPkgIa32.dsc arch = IA32 opts = ovmf.common ovmf.2m plat = OvmfIa32 dest = Fedora/ovmf-ia32 cpy1 = FV/OVMF_CODE.fd cpy2 = FV/OVMF_VARS.fd cpy3 = IA32/Shell.efi [build.ovmf.ia32.sb.smm] desc = ovmf build (32-bit, 2MB, q35 only, needs smm, secure boot) conf = OvmfPkg/OvmfPkgIa32.dsc arch = IA32 opts = ovmf.common ovmf.2m ovmf.sb.smm plat = OvmfIa32 dest = Fedora/ovmf-ia32 cpy1 = FV/OVMF_CODE.fd OVMF_CODE.secboot.fd cpy2 = IA32/EnrollDefaultKeys.efi [build.armvirt.arm] desc = ArmVirt build for qemu, 32-bit (arm v7) conf = ArmVirtPkg/ArmVirtQemu.dsc arch = ARM opts = ovmf.common pcds = nx.broken.shim.grub plat = ArmVirtQemu-ARM dest = Fedora/arm cpy1 = FV/QEMU_EFI.fd cpy2 = FV/QEMU_VARS.fd cpy3 = FV/QEMU_EFI.fd QEMU_EFI-pflash.raw cpy4 = FV/QEMU_VARS.fd vars-template-pflash.raw pad3 = QEMU_EFI-pflash.raw 64m pad4 = vars-template-pflash.raw 64m ##################################################################### # experimental builds [build.ovmf.sb.stateless] desc = ovmf build (64-bit, stateless secure boot) conf = OvmfPkg/OvmfPkgX64.dsc arch = X64 opts = ovmf.common ovmf.4m ovmf.sb.stateless plat = OvmfX64 dest = Fedora/experimental cpy1 = FV/OVMF.fd OVMF.stateless.fd [build.ovmf.strict.nx] desc = ovmf build (64-bit, 4MB, q35 only, needs smm, secure boot, strict nx) conf = OvmfPkg/OvmfPkgX64.dsc arch = X64 opts = ovmf.common ovmf.4m ovmf.sb.smm pcds = nx.strict plat = OvmfX64 dest = Fedora/experimental cpy1 = FV/OVMF_CODE.fd OVMF_CODE_4M.secboot.strictnx.fd [build.armvirt.aa64.strict.nx] desc = ArmVirt build for qemu, 64-bit (arm v8), verbose conf = ArmVirtPkg/ArmVirtQemu.dsc arch = AARCH64 opts = ovmf.common armvirt.verbose pcds = nx.strict plat = ArmVirtQemu-AARCH64 dest = Fedora/experimental cpy1 = FV/QEMU_EFI.fd QEMU_EFI.strictnx.fd cpy3 = FV/QEMU_EFI.fd QEMU_EFI-strictnx-pflash.raw pad3 = QEMU_EFI-strictnx-pflash.raw 64m [build.armvirt.aa64.secboot.testonly] desc = ArmVirt build for qemu, 64-bit (arm v8), secure boot conf = ArmVirtPkg/ArmVirtQemu.dsc arch = AARCH64 opts = ovmf.common armvirt.verbose armvirt.sb.testonly pcds = nx.strict plat = ArmVirtQemu-AARCH64 dest = Fedora/experimental cpy1 = FV/QEMU_EFI.fd QEMU_EFI.secboot.testonly.fd cpy3 = FV/QEMU_EFI.fd QEMU_EFI-secboot-testonly-pflash.raw pad3 = QEMU_EFI-secboot-testonly-pflash.raw 64m