# https://fedoraproject.org/wiki/Changes/SetBuildFlagsBuildCheck # breaks cross-building %undefine _auto_set_build_flags # actual firmware builds support cross-compiling. edk2-tools # in theory should build everywhere without much trouble, but # in practice the edk2 build system barfs on archs it doesn't know # (such as ppc), so lets limit things to the known-good ones. ExclusiveArch: x86_64 aarch64 riscv64 # edk2-stable202308 %define GITDATE 20231122 %define GITCOMMIT 8736b8fdca85 %define TOOLCHAIN GCC %define PLATFORMS_COMMIT 10e2eb030de3 %define OPENSSL_VER 3.0.7 %define OPENSSL_COMMIT db0287935122edceb91dcda8dfb53b4090734e22 %define DBXDATE 20230509 # Undefine this to get *HUGE* (50MB+) verbose build logs %define silent --silent %if %{defined rhel} %define build_ovmf 0 %define build_aarch64 0 %ifarch x86_64 %define build_ovmf 1 %endif %ifarch aarch64 %define build_aarch64 1 %endif %define build_riscv64 0 %else %define build_ovmf 1 %define build_aarch64 1 %define build_riscv64 1 %endif %global softfloat_version 20180726-gitb64af41 %define cross %{defined fedora} %define disable_werror %{defined fedora} Name: edk2 Version: %{GITDATE} Release: %autorelease Summary: UEFI firmware for 64-bit virtual machines License: Apache-2.0 AND (BSD-2-Clause OR GPL-2.0-or-later) AND BSD-2-Clause-Patent AND BSD-3-Clause AND BSD-4-Clause AND ISC AND MIT AND LicenseRef-Fedora-Public-Domain URL: http://www.tianocore.org # The source tarball is created using following commands: # COMMIT=bb1bba3d7767 # git archive --format=tar --prefix=edk2-$COMMIT/ $COMMIT \ # | xz -9ev >/tmp/edk2-$COMMIT.tar.xz Source0: edk2-%{GITCOMMIT}.tar.xz Source1: ovmf-whitepaper-c770f8c.txt Source2: openssl-rhel-%{OPENSSL_COMMIT}.tar.xz Source3: softfloat-%{softfloat_version}.tar.xz Source4: edk2-platforms-%{PLATFORMS_COMMIT}.tar.xz Source5: jansson-2.13.1.tar.bz2 Source6: README.experimental # json description files Source10: 50-edk2-aarch64-qcow2.json Source11: 51-edk2-aarch64-raw.json Source12: 52-edk2-aarch64-verbose-qcow2.json Source13: 53-edk2-aarch64-verbose-raw.json Source20: 50-edk2-arm-verbose.json Source30: 30-edk2-ovmf-ia32-sb-enrolled.json Source31: 40-edk2-ovmf-ia32-sb.json Source32: 50-edk2-ovmf-ia32-nosb.json Source40: 30-edk2-ovmf-4m-qcow2-x64-sb-enrolled.json Source41: 31-edk2-ovmf-2m-raw-x64-sb-enrolled.json Source42: 40-edk2-ovmf-4m-qcow2-x64-sb.json Source43: 41-edk2-ovmf-2m-raw-x64-sb.json Source44: 50-edk2-ovmf-x64-microvm.json Source45: 50-edk2-ovmf-4m-qcow2-x64-nosb.json Source46: 51-edk2-ovmf-2m-raw-x64-nosb.json Source47: 60-edk2-ovmf-x64-amdsev.json Source48: 60-edk2-ovmf-x64-inteltdx.json Source50: 50-edk2-riscv-qcow2.json # https://gitlab.com/kraxel/edk2-build-config Source80: edk2-build.py Source81: edk2-build.fedora Source82: edk2-build.fedora.platforms Source83: edk2-build.rhel-9 Source90: DBXUpdate-%{DBXDATE}.x64.bin Source91: DBXUpdate-%{DBXDATE}.ia32.bin Patch0001: 0001-BaseTools-do-not-build-BrotliCompress-RH-only.patch Patch0002: 0002-MdeModulePkg-remove-package-private-Brotli-include-p.patch Patch0003: 0003-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch Patch0004: 0004-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch Patch0005: 0005-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch Patch0006: 0006-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch Patch0007: 0007-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch Patch0008: 0008-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch Patch0009: 0009-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch Patch0010: 0010-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch Patch0011: 0011-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch Patch0012: 0012-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch Patch0013: 0013-UefiCpuPkg-MpInitLib-fix-apic-mode-for-cpu-hotplug.patch Patch0015: 0015-CryptoPkg-CrtLib-add-stat.h.patch Patch0016: 0016-CryptoPkg-CrtLib-add-access-open-read-write-close-sy.patch Patch0017: 0017-OvmfPkg-set-PcdVariableStoreSize-PcdMaxVolatileVaria.patch %if 0%{?fedora} >= 38 || 0%{?rhel} >= 10 Patch0018: 0018-silence-.-has-a-LOAD-segment-with-RWX-permissions-wa.patch %endif Patch0019: 0019-ArmVirt-Allow-memory-attributes-protocol-to-be-disab.patch # python3-devel and libuuid-devel are required for building tools. # python3-devel is also needed for varstore template generation and # verification with "ovmf-vars-generator". BuildRequires: python3-devel BuildRequires: libuuid-devel BuildRequires: /usr/bin/iasl BuildRequires: binutils gcc git gcc-c++ make BuildRequires: qemu-img # openssl configure BuildRequires: perl(FindBin) BuildRequires: perl(IPC::Cmd) BuildRequires: perl(File::Compare) BuildRequires: perl(File::Copy) BuildRequires: perl(JSON) %if %{build_ovmf} # Only OVMF includes 80x86 assembly files (*.nasm*). BuildRequires: nasm # Only OVMF includes the Secure Boot feature, for which we need to separate out # the UEFI shell. BuildRequires: dosfstools BuildRequires: mtools BuildRequires: xorriso # For generating the variable store template with the default certificates # enrolled. BuildRequires: python3-virt-firmware >= 23.5 # endif build_ovmf %endif %if %{cross} BuildRequires: gcc-aarch64-linux-gnu BuildRequires: gcc-arm-linux-gnu BuildRequires: gcc-x86_64-linux-gnu BuildRequires: gcc-riscv64-linux-gnu %endif %package ovmf Summary: UEFI firmware for x86_64 virtual machines BuildArch: noarch Provides: OVMF = %{version}-%{release} Obsoletes: OVMF < 20180508-100.gitee3198e672e2.el7 # need libvirt version with qcow2 support Conflicts: libvirt-daemon-driver-qemu < 9.7.0 # OVMF includes the Secure Boot and IPv6 features; it has a builtin OpenSSL # library. Provides: bundled(openssl) = %{OPENSSL_VER} License: Apache-2.0 AND (BSD-2-Clause OR GPL-2.0-or-later) AND BSD-2-Clause-Patent AND BSD-4-Clause AND ISC AND LicenseRef-Fedora-Public-Domain # URL taken from the Maintainers.txt file. URL: http://www.tianocore.org/ovmf/ %description ovmf OVMF (Open Virtual Machine Firmware) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. %package aarch64 Summary: UEFI firmware for aarch64 virtual machines BuildArch: noarch Provides: AAVMF = %{version}-%{release} Obsoletes: AAVMF < 20180508-100.gitee3198e672e2.el7 # need libvirt version with qcow2 support Conflicts: libvirt-daemon-driver-qemu < 9.7.0 # No Secure Boot for AAVMF yet, but we include OpenSSL for the IPv6 stack. Provides: bundled(openssl) = %{OPENSSL_VER} License: Apache-2.0 AND (BSD-2-Clause OR GPL-2.0-or-later) AND BSD-2-Clause-Patent AND BSD-4-Clause AND ISC AND LicenseRef-Fedora-Public-Domain # URL taken from the Maintainers.txt file. URL: https://github.com/tianocore/tianocore.github.io/wiki/ArmVirtPkg %description aarch64 AAVMF (ARM Architecture Virtual Machine Firmware) is an EFI Development Kit II platform that enables UEFI support for QEMU/KVM ARM Virtual Machines. This package contains a 64-bit build. %package tools Summary: EFI Development Kit II Tools License: BSD-2-Clause-Patent AND LicenseRef-Fedora-Public-Domain URL: https://github.com/tianocore/tianocore.github.io/wiki/BaseTools %description tools This package provides tools that are needed to build EFI executables and ROMs using the GNU tools. %package tools-doc Summary: Documentation for EFI Development Kit II Tools BuildArch: noarch License: BSD-2-Clause-Patent URL: https://github.com/tianocore/tianocore.github.io/wiki/BaseTools %description tools-doc This package documents the tools that are needed to build EFI executables and ROMs using the GNU tools. %description EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. This package contains sample 64-bit UEFI firmware builds for QEMU and KVM. %if %{defined fedora} %package ovmf-ia32 Summary: Open Virtual Machine Firmware License: Apache-2.0 AND BSD-2-Clause-Patent AND BSD-4-Clause AND ISC AND LicenseRef-Fedora-Public-Domain Provides: bundled(openssl) BuildArch: noarch %description ovmf-ia32 EFI Development Kit II Open Virtual Machine Firmware (ia32) %package ovmf-xen Summary: Open Virtual Machine Firmware, Xen build License: Apache-2.0 AND BSD-2-Clause-Patent AND BSD-4-Clause AND ISC AND LicenseRef-Fedora-Public-Domain Provides: bundled(openssl) BuildArch: noarch %description ovmf-xen EFI Development Kit II Open Virtual Machine Firmware (Xen build) %package experimental Summary: Open Virtual Machine Firmware, experimental builds License: Apache-2.0 AND BSD-2-Clause-Patent AND BSD-4-Clause AND ISC AND LicenseRef-Fedora-Public-Domain Provides: bundled(openssl) Obsoletes: edk2-ovmf-experimental < 20230825 BuildArch: noarch %description experimental EFI Development Kit II Open Virtual Machine Firmware (experimental builds) %package arm Summary: ARM Virtual Machine Firmware BuildArch: noarch License: Apache-2.0 AND (BSD-2-Clause OR GPL-2.0-or-later) AND BSD-2-Clause-Patent AND BSD-3-Clause AND BSD-4-Clause AND ISC AND LicenseRef-Fedora-Public-Domain %description arm EFI Development Kit II ARMv7 UEFI Firmware %package riscv64 Summary: RISC-V Virtual Machine Firmware BuildArch: noarch License: Apache-2.0 AND (BSD-2-Clause OR GPL-2.0-or-later) AND BSD-2-Clause-Patent AND LicenseRef-Fedora-Public-Domain # need libvirt version with qcow2 support Conflicts: libvirt-daemon-driver-qemu < 9.7.0 %description riscv64 EFI Development Kit II RISC-V UEFI Firmware %package ext4 Summary: Ext4 filesystem driver License: Apache-2.0 AND BSD-2-Clause-Patent BuildArch: noarch %description ext4 EFI Development Kit II Ext4 filesystem driver %package tools-python Summary: EFI Development Kit II Tools Requires: python3 BuildArch: noarch %description tools-python This package provides tools that are needed to build EFI executables and ROMs using the GNU tools. You do not need to install this package; you probably want to install edk2-tools only. # endif fedora %endif %prep # We needs some special git config options that %%autosetup won't give us. # We init the git dir ourselves, then tell %%autosetup not to blow it away. %setup -q -n edk2-%{GITCOMMIT} git init -q git config core.whitespace cr-at-eol git config am.keepcr true # -T is passed to %%setup to not re-extract the archive # -D is passed to %%setup to not delete the existing archive dir %autosetup -T -D -n edk2-%{GITCOMMIT} -S git_am cp -a -- %{SOURCE1} . tar -C CryptoPkg/Library/OpensslLib -a -f %{SOURCE2} -x # extract softfloat into place tar -xf %{SOURCE3} --strip-components=1 --directory ArmPkg/Library/ArmSoftFloatLib/berkeley-softfloat-3/ tar -xf %{SOURCE4} --strip-components=1 "*/Drivers" "*/Features" "*/Platform" "*/Silicon" tar -xf %{SOURCE5} --strip-components=1 --directory RedfishPkg/Library/JsonLib/jansson # include paths pointing to unused submodules mkdir -p MdePkg/Library/MipiSysTLib/mipisyst/library/include mkdir -p CryptoPkg/Library/MbedTlsLib/mbedtls/include mkdir -p CryptoPkg/Library/MbedTlsLib/mbedtls/include/mbedtls mkdir -p CryptoPkg/Library/MbedTlsLib/mbedtls/library # Done by %setup, but we do not use it for the auxiliary tarballs chmod -Rf a+rX,u+w,g-w,o-w . cp -a -- \ %{SOURCE6} \ %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} \ %{SOURCE20} \ %{SOURCE30} %{SOURCE31} %{SOURCE32} \ %{SOURCE40} %{SOURCE41} %{SOURCE42} %{SOURCE43} %{SOURCE44} \ %{SOURCE45} %{SOURCE46} %{SOURCE47} %{SOURCE48} \ %{SOURCE50} \ %{SOURCE80} %{SOURCE81} %{SOURCE82} %{SOURCE83} \ %{SOURCE90} %{SOURCE91} \ . %build build_iso() { dir="$1" UEFI_SHELL_BINARY=${dir}/Shell.efi ENROLLER_BINARY=${dir}/EnrollDefaultKeys.efi UEFI_SHELL_IMAGE=uefi_shell.img ISO_IMAGE=${dir}/UefiShell.iso UEFI_SHELL_BINARY_BNAME=$(basename -- "$UEFI_SHELL_BINARY") UEFI_SHELL_SIZE=$(stat --format=%s -- "$UEFI_SHELL_BINARY") ENROLLER_SIZE=$(stat --format=%s -- "$ENROLLER_BINARY") # add 1MB then 10% for metadata UEFI_SHELL_IMAGE_KB=$(( (UEFI_SHELL_SIZE + ENROLLER_SIZE + 1 * 1024 * 1024) * 11 / 10 / 1024 )) # create non-partitioned FAT image rm -f -- "$UEFI_SHELL_IMAGE" mkdosfs -C "$UEFI_SHELL_IMAGE" -n UEFI_SHELL -- "$UEFI_SHELL_IMAGE_KB" # copy the shell binary into the FAT image export MTOOLS_SKIP_CHECK=1 mmd -i "$UEFI_SHELL_IMAGE" ::efi mmd -i "$UEFI_SHELL_IMAGE" ::efi/boot mcopy -i "$UEFI_SHELL_IMAGE" "$UEFI_SHELL_BINARY" ::efi/boot/bootx64.efi mcopy -i "$UEFI_SHELL_IMAGE" "$ENROLLER_BINARY" :: mdir -i "$UEFI_SHELL_IMAGE" -/ :: # build ISO with FAT image file as El Torito EFI boot image mkisofs -input-charset ASCII -J -rational-rock \ -e "$UEFI_SHELL_IMAGE" -no-emul-boot \ -o "$ISO_IMAGE" "$UEFI_SHELL_IMAGE" } export EXTRA_OPTFLAGS="%{optflags}" export EXTRA_LDFLAGS="%{__global_ldflags}" export RELEASE_DATE="$(echo %{GITDATE} | sed -e 's|\(....\)\(..\)\(..\)|\2/\3/\1|')" touch OvmfPkg/AmdSev/Grub/grub.efi # dummy python3 CryptoPkg/Library/OpensslLib/configure.py %if %{build_ovmf} %if %{defined rhel} ./edk2-build.py --config edk2-build.rhel-9 %{?silent} --release-date "$RELEASE_DATE" -m ovmf virt-fw-vars --input RHEL-9/ovmf/OVMF_VARS.fd \ --output RHEL-9/ovmf/OVMF_VARS.secboot.fd \ --set-dbx DBXUpdate-%{DBXDATE}.x64.bin \ --enroll-redhat --secure-boot virt-fw-vars --input RHEL-9/ovmf/OVMF.inteltdx.fd \ --output RHEL-9/ovmf/OVMF.inteltdx.secboot.fd \ --set-dbx DBXUpdate-%{DBXDATE}.x64.bin \ --enroll-redhat --secure-boot build_iso RHEL-9/ovmf cp DBXUpdate-%{DBXDATE}.x64.bin RHEL-9/ovmf %else ./edk2-build.py --config edk2-build.fedora %{?silent} --release-date "$RELEASE_DATE" -m ovmf ./edk2-build.py --config edk2-build.fedora.platforms %{?silent} -m x64 virt-fw-vars --input Fedora/ovmf/OVMF_VARS.fd \ --output Fedora/ovmf/OVMF_VARS.secboot.fd \ --set-dbx DBXUpdate-%{DBXDATE}.x64.bin \ --enroll-redhat --secure-boot virt-fw-vars --input Fedora/ovmf/OVMF_VARS_4M.fd \ --output Fedora/ovmf/OVMF_VARS_4M.secboot.fd \ --set-dbx DBXUpdate-%{DBXDATE}.x64.bin \ --enroll-redhat --secure-boot virt-fw-vars --input Fedora/ovmf/OVMF.inteltdx.fd \ --output Fedora/ovmf/OVMF.inteltdx.secboot.fd \ --set-dbx DBXUpdate-%{DBXDATE}.x64.bin \ --enroll-redhat --secure-boot virt-fw-vars --input Fedora/ovmf-ia32/OVMF_VARS.fd \ --output Fedora/ovmf-ia32/OVMF_VARS.secboot.fd \ --set-dbx DBXUpdate-%{DBXDATE}.ia32.bin \ --enroll-redhat --secure-boot build_iso Fedora/ovmf build_iso Fedora/ovmf-ia32 cp DBXUpdate-%{DBXDATE}.x64.bin Fedora/ovmf cp DBXUpdate-%{DBXDATE}.ia32.bin Fedora/ovmf-ia32 for raw in */ovmf/*_4M*.fd; do qcow2="${raw%.fd}.qcow2" qemu-img convert -f raw -O qcow2 -o cluster_size=4096 -S 4096 "$raw" "$qcow2" rm -f "$raw" done # experimental stateless builds virt-fw-vars --input Fedora/experimental/OVMF.stateless.fd \ --output Fedora/experimental/OVMF.stateless.secboot.fd \ --set-dbx DBXUpdate-%{DBXDATE}.x64.bin \ --enroll-redhat --secure-boot \ --set-fallback-no-reboot for image in \ Fedora/ovmf/OVMF_CODE.secboot.fd \ Fedora/ovmf/OVMF_CODE_4M.secboot.qcow2 \ Fedora/experimental/OVMF.stateless.secboot.fd \ ; do pcr="${image}" pcr="${pcr%.fd}" pcr="${pcr%.qcow2}" pcr="${pcr}.pcr" python3 /usr/share/doc/python3-virt-firmware/experimental/measure.py \ --image "$image" \ --version "%{name}-%{version}-%{release}" \ --no-shim \ > "$pcr" done %endif %endif %if %{build_aarch64} %if %{defined rhel} ./edk2-build.py --config edk2-build.rhel-9 %{?silent} --release-date "$RELEASE_DATE" -m armvirt %else ./edk2-build.py --config edk2-build.fedora %{?silent} --release-date "$RELEASE_DATE" -m armvirt ./edk2-build.py --config edk2-build.fedora.platforms %{?silent} -m aa64 virt-fw-vars --input Fedora/aarch64/vars-template-pflash.raw \ --output Fedora/experimental/vars-template-secboot-testonly-pflash.raw \ --enroll-redhat --secure-boot --distro-keys rhel %endif for raw in */aarch64/*.raw; do qcow2="${raw%.raw}.qcow2" qemu-img convert -f raw -O qcow2 -o cluster_size=4096 -S 4096 "$raw" "$qcow2" done %endif %if %{build_riscv64} ./edk2-build.py --config edk2-build.fedora %{?silent} --release-date "$RELEASE_DATE" -m riscv ./edk2-build.py --config edk2-build.fedora.platforms %{?silent} -m riscv for raw in */riscv/*.raw; do qcow2="${raw%.raw}.qcow2" qemu-img convert -f raw -O qcow2 -o cluster_size=4096 -S 4096 "$raw" "$qcow2" rm -f "$raw" done %endif %install cp -a OvmfPkg/License.txt License.OvmfPkg.txt cp -a CryptoPkg/Library/OpensslLib/openssl/LICENSE.txt LICENSE.openssl mkdir -p %{buildroot}%{_datadir}/qemu/firmware # install the tools mkdir -p %{buildroot}%{_bindir} \ %{buildroot}%{_datadir}/%{name}/Conf \ %{buildroot}%{_datadir}/%{name}/Scripts install BaseTools/Source/C/bin/* \ %{buildroot}%{_bindir} install BaseTools/BinWrappers/PosixLike/LzmaF86Compress \ %{buildroot}%{_bindir} install BaseTools/BuildEnv \ %{buildroot}%{_datadir}/%{name} install BaseTools/Conf/*.template \ %{buildroot}%{_datadir}/%{name}/Conf install BaseTools/Scripts/GccBase.lds \ %{buildroot}%{_datadir}/%{name}/Scripts # install firmware images mkdir -p %{buildroot}%{_datadir}/%{name} %if %{defined rhel} cp -av RHEL-9/* %{buildroot}%{_datadir}/%{name} %else cp -av Fedora/* %{buildroot}%{_datadir}/%{name} %endif %if %{build_ovmf} # compat symlinks mkdir -p %{buildroot}%{_datadir}/OVMF ln -s ../%{name}/ovmf/OVMF_CODE.fd %{buildroot}%{_datadir}/OVMF/ ln -s ../%{name}/ovmf/OVMF_CODE.secboot.fd %{buildroot}%{_datadir}/OVMF/ ln -s ../%{name}/ovmf/OVMF_VARS.fd %{buildroot}%{_datadir}/OVMF/ ln -s ../%{name}/ovmf/OVMF_VARS.secboot.fd %{buildroot}%{_datadir}/OVMF/ ln -s ../%{name}/ovmf/UefiShell.iso %{buildroot}%{_datadir}/OVMF/ ln -s OVMF_CODE.fd %{buildroot}%{_datadir}/%{name}/ovmf/OVMF_CODE.cc.fd # json description files mkdir -p %{buildroot}%{_datadir}/qemu/firmware install -m 0644 \ 30-edk2-ovmf-4m-qcow2-x64-sb-enrolled.json \ 31-edk2-ovmf-2m-raw-x64-sb-enrolled.json \ 40-edk2-ovmf-4m-qcow2-x64-sb.json \ 41-edk2-ovmf-2m-raw-x64-sb.json \ 50-edk2-ovmf-4m-qcow2-x64-nosb.json \ 51-edk2-ovmf-2m-raw-x64-nosb.json \ 60-edk2-ovmf-x64-amdsev.json \ 60-edk2-ovmf-x64-inteltdx.json \ %{buildroot}%{_datadir}/qemu/firmware %if %{defined fedora} install -m 0644 \ 50-edk2-ovmf-x64-microvm.json \ 30-edk2-ovmf-ia32-sb-enrolled.json \ 40-edk2-ovmf-ia32-sb.json \ 50-edk2-ovmf-ia32-nosb.json \ %{buildroot}%{_datadir}/qemu/firmware %endif # endif build_ovmf %endif %if %{build_aarch64} # compat symlinks mkdir -p %{buildroot}%{_datadir}/AAVMF ln -s ../%{name}/aarch64/QEMU_EFI-pflash.raw \ %{buildroot}%{_datadir}/AAVMF/AAVMF_CODE.verbose.fd ln -s ../%{name}/aarch64/QEMU_EFI-silent-pflash.raw \ %{buildroot}%{_datadir}/AAVMF/AAVMF_CODE.fd ln -s ../%{name}/aarch64/vars-template-pflash.raw \ %{buildroot}%{_datadir}/AAVMF/AAVMF_VARS.fd %if %{defined fedora} ln -s ../%{name}/arm/QEMU_EFI-pflash.raw \ %{buildroot}%{_datadir}/AAVMF/AAVMF32_CODE.fd %endif # json description files install -m 0644 \ 50-edk2-aarch64-qcow2.json \ 51-edk2-aarch64-raw.json \ 52-edk2-aarch64-verbose-qcow2.json \ 53-edk2-aarch64-verbose-raw.json \ %{buildroot}%{_datadir}/qemu/firmware %if %{defined fedora} install -m 0644 \ 50-edk2-arm-verbose.json \ %{buildroot}%{_datadir}/qemu/firmware %endif # endif build_aarch64 %endif %if %{build_riscv64} install -m 0644 \ 50-edk2-riscv-qcow2.json \ %{buildroot}%{_datadir}/qemu/firmware # endif build_riscv64 %endif %if %{defined fedora} # edk2-tools-python install cp -R BaseTools/Source/Python %{buildroot}%{_datadir}/%{name}/Python for i in build BPDG Ecc GenDepex GenFds GenPatchPcdTable PatchPcdValue TargetTool Trim UPT; do echo '#!/bin/sh export PYTHONPATH=%{_datadir}/%{name}/Python exec python3 '%{_datadir}/%{name}/Python/$i/$i.py' "$@"' > %{buildroot}%{_bindir}/$i chmod +x %{buildroot}%{_bindir}/$i done %if 0%{?py_byte_compile:1} # https://docs.fedoraproject.org/en-US/packaging-guidelines/Python_Appendix/#manual-bytecompilation %py_byte_compile %{python3} %{buildroot}%{_datadir}/edk2/Python %endif %endif %check for file in %{buildroot}%{_datadir}/%{name}/*/*VARS.secboot.fd; do test -f "$file" || continue virt-fw-vars --input $file --print | grep "SecureBootEnable.*ON" || exit 1 done %global common_files \ %%license License.txt License.OvmfPkg.txt License-History.txt LICENSE.openssl \ %%dir %%{_datadir}/%%{name}/ \ %%dir %%{_datadir}/qemu \ %%dir %%{_datadir}/qemu/firmware %if %{build_ovmf} %files ovmf %common_files %doc OvmfPkg/README %doc ovmf-whitepaper-c770f8c.txt %dir %{_datadir}/OVMF/ %{_datadir}/OVMF/OVMF_CODE.fd %{_datadir}/OVMF/OVMF_CODE.secboot.fd %{_datadir}/OVMF/OVMF_VARS.fd %{_datadir}/OVMF/OVMF_VARS.secboot.fd %{_datadir}/OVMF/UefiShell.iso %dir %{_datadir}/%{name}/ovmf/ %{_datadir}/%{name}/ovmf/OVMF_CODE.fd %{_datadir}/%{name}/ovmf/OVMF_CODE.cc.fd %{_datadir}/%{name}/ovmf/OVMF_CODE.secboot.fd %{_datadir}/%{name}/ovmf/OVMF_VARS.fd %{_datadir}/%{name}/ovmf/OVMF_VARS.secboot.fd %{_datadir}/%{name}/ovmf/OVMF.amdsev.fd %{_datadir}/%{name}/ovmf/OVMF.inteltdx.fd %{_datadir}/%{name}/ovmf/OVMF.inteltdx.secboot.fd %{_datadir}/%{name}/ovmf/UefiShell.iso %{_datadir}/%{name}/ovmf/Shell.efi %{_datadir}/%{name}/ovmf/EnrollDefaultKeys.efi %{_datadir}/%{name}/ovmf/DBXUpdate*.bin %{_datadir}/qemu/firmware/30-edk2-ovmf-4m-qcow2-x64-sb-enrolled.json %{_datadir}/qemu/firmware/31-edk2-ovmf-2m-raw-x64-sb-enrolled.json %{_datadir}/qemu/firmware/40-edk2-ovmf-4m-qcow2-x64-sb.json %{_datadir}/qemu/firmware/41-edk2-ovmf-2m-raw-x64-sb.json %{_datadir}/qemu/firmware/50-edk2-ovmf-4m-qcow2-x64-nosb.json %{_datadir}/qemu/firmware/51-edk2-ovmf-2m-raw-x64-nosb.json %{_datadir}/qemu/firmware/60-edk2-ovmf-x64-amdsev.json %{_datadir}/qemu/firmware/60-edk2-ovmf-x64-inteltdx.json %if %{defined fedora} %{_datadir}/%{name}/ovmf/MICROVM.fd %{_datadir}/qemu/firmware/50-edk2-ovmf-x64-microvm.json %{_datadir}/%{name}/ovmf/OVMF_CODE_4M.qcow2 %{_datadir}/%{name}/ovmf/OVMF_CODE_4M.secboot.qcow2 %{_datadir}/%{name}/ovmf/OVMF_VARS_4M.qcow2 %{_datadir}/%{name}/ovmf/OVMF_VARS_4M.secboot.qcow2 %{_datadir}/%{name}/ovmf/*.pcr %endif # endif build_ovmf %endif %if %{build_aarch64} %files aarch64 %common_files %dir %{_datadir}/AAVMF/ %{_datadir}/AAVMF/AAVMF_CODE.verbose.fd %{_datadir}/AAVMF/AAVMF_CODE.fd %{_datadir}/AAVMF/AAVMF_VARS.fd %dir %{_datadir}/%{name}/aarch64/ %{_datadir}/%{name}/aarch64/QEMU_EFI-pflash.* %{_datadir}/%{name}/aarch64/QEMU_EFI-silent-pflash.* %{_datadir}/%{name}/aarch64/vars-template-pflash.* %{_datadir}/%{name}/aarch64/QEMU_EFI.fd %{_datadir}/%{name}/aarch64/QEMU_EFI.silent.fd %{_datadir}/%{name}/aarch64/QEMU_VARS.fd %if %{defined fedora} %{_datadir}/%{name}/aarch64/BL32_AP_MM.fd %{_datadir}/%{name}/aarch64/QEMU_EFI.kernel.fd %endif %{_datadir}/qemu/firmware/50-edk2-aarch64-qcow2.json %{_datadir}/qemu/firmware/51-edk2-aarch64-raw.json %{_datadir}/qemu/firmware/52-edk2-aarch64-verbose-qcow2.json %{_datadir}/qemu/firmware/53-edk2-aarch64-verbose-raw.json # endif build_aarch64 %endif %files tools %license License.txt %license License-History.txt %{_bindir}/DevicePath %{_bindir}/EfiRom %{_bindir}/GenCrc32 %{_bindir}/GenFfs %{_bindir}/GenFv %{_bindir}/GenFw %{_bindir}/GenSec %{_bindir}/LzmaCompress %{_bindir}/LzmaF86Compress %{_bindir}/TianoCompress %{_bindir}/VfrCompile %{_bindir}/VolInfo %dir %{_datadir}/%{name} %{_datadir}/%{name}/BuildEnv %{_datadir}/%{name}/Conf %{_datadir}/%{name}/Scripts %files tools-doc %doc BaseTools/UserManuals/*.rtf %if %{defined fedora} %if %{build_ovmf} %files ovmf-ia32 %common_files %dir %{_datadir}/%{name}/ovmf-ia32 %{_datadir}/%{name}/ovmf-ia32/EnrollDefaultKeys.efi %{_datadir}/%{name}/ovmf-ia32/OVMF_CODE.fd %{_datadir}/%{name}/ovmf-ia32/OVMF_CODE.secboot.fd %{_datadir}/%{name}/ovmf-ia32/OVMF_VARS.fd %{_datadir}/%{name}/ovmf-ia32/OVMF_VARS.secboot.fd %{_datadir}/%{name}/ovmf-ia32/Shell.efi %{_datadir}/%{name}/ovmf-ia32/UefiShell.iso %{_datadir}/%{name}/ovmf-ia32/DBXUpdate*.bin %{_datadir}/qemu/firmware/30-edk2-ovmf-ia32-sb-enrolled.json %{_datadir}/qemu/firmware/40-edk2-ovmf-ia32-sb.json %{_datadir}/qemu/firmware/50-edk2-ovmf-ia32-nosb.json %files experimental %common_files %doc README.experimental %dir %{_datadir}/%{name}/experimental %{_datadir}/%{name}/experimental/*.fd %{_datadir}/%{name}/experimental/*.raw %{_datadir}/%{name}/experimental/*.pcr %files ovmf-xen %common_files %dir %{_datadir}/%{name}/xen %{_datadir}/%{name}/xen/*.fd %endif %files arm %common_files %dir %{_datadir}/AAVMF/ %{_datadir}/AAVMF/AAVMF32_CODE.fd %dir %{_datadir}/%{name}/arm %{_datadir}/%{name}/arm/QEMU_EFI-pflash.raw %{_datadir}/%{name}/arm/QEMU_EFI.fd %{_datadir}/%{name}/arm/QEMU_VARS.fd %{_datadir}/%{name}/arm/vars-template-pflash.raw %{_datadir}/qemu/firmware/50-edk2-arm-verbose.json %files riscv64 %common_files %{_datadir}/%{name}/riscv/*.fd %{_datadir}/%{name}/riscv/*.qcow2 %{_datadir}/qemu/firmware/50-edk2-riscv-qcow2.json %files ext4 %common_files %dir %{_datadir}/%{name}/drivers %{_datadir}/%{name}/drivers/ext4*.efi %files tools-python %{_bindir}/build %{_bindir}/BPDG %{_bindir}/Ecc %{_bindir}/GenDepex %{_bindir}/GenFds %{_bindir}/GenPatchPcdTable %{_bindir}/PatchPcdValue %{_bindir}/TargetTool %{_bindir}/Trim %{_bindir}/UPT %dir %{_datadir}/%{name} %{_datadir}/%{name}/Python # endif fedora %endif %changelog %autochangelog