edk2/edk2-build.fedora
Gerd Hoffmann e23d2f953b update build config: 64bit pei, tdx sb
Stop using mixed mode builds, switch to 64-bit PEI phase.
Enable secure boot for the intel tdx builds.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2023-12-05 16:17:19 +01:00

307 lines
7.3 KiB
Plaintext

[opts.ovmf.common]
NETWORK_HTTP_BOOT_ENABLE = TRUE
NETWORK_IP6_ENABLE = TRUE
NETWORK_TLS_ENABLE = TRUE
NETWORK_ISCSI_ENABLE = TRUE
NETWORK_ALLOW_HTTP_CONNECTIONS = TRUE
TPM2_ENABLE = TRUE
TPM2_CONFIG_ENABLE = TRUE
TPM1_ENABLE = TRUE
CAVIUM_ERRATUM_27456 = TRUE
[opts.ovmf.4m]
FD_SIZE_4MB = TRUE
[opts.ovmf.2m]
FD_SIZE_2MB = TRUE
NETWORK_ISCSI_ENABLE = FALSE
NETWORK_TLS_ENABLE = FALSE
[opts.ovmf.sb.smm]
SECURE_BOOT_ENABLE = TRUE
SMM_REQUIRE = TRUE
# old downstream
EXCLUDE_SHELL_FROM_FD = TRUE
# new upstream
BUILD_SHELL = FALSE
# requires edk2 2022-11 or newer
[opts.ovmf.sb.stateless]
SECURE_BOOT_ENABLE = TRUE
SMM_REQUIRE = FALSE
[opts.armvirt.verbose]
DEBUG_PRINT_ERROR_LEVEL = 0x8040004F
[opts.armvirt.silent]
DEBUG_PRINT_ERROR_LEVEL = 0x80000000
[opts.armvirt.sb.testonly]
SECURE_BOOT_ENABLE = TRUE
[opts.armvirt.kernel]
TPM2_ENABLE = FALSE
TPM2_CONFIG_ENABLE = FALSE
[pcds.nx.strict]
PcdDxeNxMemoryProtectionPolicy = 0xC000000000007FD5
[pcds.nx.broken.grub]
# grub.efi uses EfiLoaderData for code
PcdDxeNxMemoryProtectionPolicy = 0xC000000000007FD1
#####################################################################
# stateful ovmf builds (with vars in flash)
[build.ovmf.2m.default]
desc = ovmf build (64-bit, 2MB)
conf = OvmfPkg/OvmfPkgX64.dsc
arch = X64
opts = ovmf.common
ovmf.2m
plat = OvmfX64
dest = Fedora/ovmf
cpy1 = FV/OVMF_CODE.fd
cpy2 = FV/OVMF_VARS.fd
cpy3 = X64/Shell.efi
[build.ovmf.4m.default]
desc = ovmf build (64-bit, 4MB)
conf = OvmfPkg/OvmfPkgX64.dsc
arch = X64
opts = ovmf.common
ovmf.4m
plat = OvmfX64
dest = Fedora/ovmf
cpy1 = FV/OVMF_CODE.fd OVMF_CODE_4M.fd
cpy2 = FV/OVMF_VARS.fd OVMF_VARS_4M.fd
[build.ovmf.2m.sb.smm]
desc = ovmf build (64-bit, 2MB, q35 only, needs smm, secure boot)
conf = OvmfPkg/OvmfPkgX64.dsc
arch = X64
opts = ovmf.common
ovmf.2m
ovmf.sb.smm
plat = OvmfX64
dest = Fedora/ovmf
cpy1 = FV/OVMF_CODE.fd OVMF_CODE.secboot.fd
cpy2 = X64/EnrollDefaultKeys.efi
[build.ovmf.4m.sb.smm]
desc = ovmf build (64-bit, 4MB, q35 only, needs smm, secure boot)
conf = OvmfPkg/OvmfPkgX64.dsc
arch = X64
opts = ovmf.common
ovmf.4m
ovmf.sb.smm
plat = OvmfX64
dest = Fedora/ovmf
cpy1 = FV/OVMF_CODE.fd OVMF_CODE_4M.secboot.fd
#####################################################################
# stateless ovmf builds (firmware in rom or r/o flash)
[build.ovmf.microvm]
desc = ovmf build for qemu microvm (2MB)
conf = OvmfPkg/Microvm/MicrovmX64.dsc
arch = X64
opts = ovmf.common
ovmf.2m
plat = MicrovmX64
dest = Fedora/ovmf
cpy1 = FV/MICROVM.fd
[build.ovmf.xen]
desc = ovmf build for Xen
conf = OvmfPkg/OvmfXen.dsc
arch = X64
opts = ovmf.common
ovmf.2m
plat = OvmfXen
dest = Fedora/xen
cpy1 = FV/OVMF.fd
[build.ovmf.amdsev]
desc = ovmf build for AmdSev (2MB)
conf = OvmfPkg/AmdSev/AmdSevX64.dsc
arch = X64
opts = ovmf.common
ovmf.2m
plat = AmdSev
dest = Fedora/ovmf
cpy1 = FV/OVMF.fd OVMF.amdsev.fd
[build.ovmf.inteltdx]
desc = ovmf build for IntelTdx (2MB)
conf = OvmfPkg/IntelTdx/IntelTdxX64.dsc
arch = X64
opts = ovmf.common
ovmf.2m
ovmf.sb.stateless
plat = IntelTdx
dest = Fedora/ovmf
cpy1 = FV/OVMF.fd OVMF.inteltdx.fd
#####################################################################
# armvirt builds
[build.armvirt.aa64.verbose]
desc = ArmVirt build for qemu, 64-bit (arm v8), verbose
conf = ArmVirtPkg/ArmVirtQemu.dsc
arch = AARCH64
opts = ovmf.common
armvirt.verbose
pcds = nx.broken.grub
plat = ArmVirtQemu-AARCH64
dest = Fedora/aarch64
cpy1 = FV/QEMU_EFI.fd
cpy2 = FV/QEMU_VARS.fd
cpy3 = FV/QEMU_EFI.fd QEMU_EFI-pflash.raw
cpy4 = FV/QEMU_VARS.fd vars-template-pflash.raw
pad3 = QEMU_EFI-pflash.raw 64m
pad4 = vars-template-pflash.raw 64m
[build.armvirt.aa64.silent]
desc = ArmVirt build for qemu, 64-bit (arm v8), silent
conf = ArmVirtPkg/ArmVirtQemu.dsc
arch = AARCH64
opts = ovmf.common
armvirt.silent
pcds = nx.broken.grub
plat = ArmVirtQemu-AARCH64
dest = Fedora/aarch64
cpy1 = FV/QEMU_EFI.fd QEMU_EFI.silent.fd
cpy2 = FV/QEMU_EFI.fd QEMU_EFI-silent-pflash.raw
pad2 = QEMU_EFI-silent-pflash.raw 64m
[build.armvirt.aa64.kernel]
desc = ArmVirt build for qemu, 64-bit (arm v8)
conf = ArmVirtPkg/ArmVirtQemuKernel.dsc
arch = AARCH64
opts = ovmf.common
armvirt.silent
armvirt.kernel
pcds = nx.broken.grub
plat = ArmVirtQemuKernel-AARCH64
dest = Fedora/aarch64
cpy1 = FV/QEMU_EFI.fd QEMU_EFI.kernel.fd
#####################################################################
# riscv
[build.riscv.qemu]
conf = OvmfPkg/RiscVVirt/RiscVVirtQemu.dsc
arch = RISCV64
plat = RiscVVirtQemu
dest = Fedora/riscv
cpy1 = FV/RISCV_VIRT_CODE.fd
cpy2 = FV/RISCV_VIRT_CODE.fd RISCV_VIRT_CODE.raw
cpy3 = FV/RISCV_VIRT_VARS.fd
cpy4 = FV/RISCV_VIRT_VARS.fd RISCV_VIRT_VARS.raw
pad1 = RISCV_VIRT_CODE.raw 32m
pad2 = RISCV_VIRT_VARS.raw 32m
#####################################################################
# 32-bit builds
[build.ovmf.ia32.default]
desc = ovmf build (32-bit, 2MB)
conf = OvmfPkg/OvmfPkgIa32.dsc
arch = IA32
opts = ovmf.common
ovmf.2m
plat = OvmfIa32
dest = Fedora/ovmf-ia32
cpy1 = FV/OVMF_CODE.fd
cpy2 = FV/OVMF_VARS.fd
cpy3 = IA32/Shell.efi
[build.ovmf.ia32.sb.smm]
desc = ovmf build (32-bit, 2MB, q35 only, needs smm, secure boot)
conf = OvmfPkg/OvmfPkgIa32.dsc
arch = IA32
opts = ovmf.common
ovmf.2m
ovmf.sb.smm
plat = OvmfIa32
dest = Fedora/ovmf-ia32
cpy1 = FV/OVMF_CODE.fd OVMF_CODE.secboot.fd
cpy2 = IA32/EnrollDefaultKeys.efi
[build.armvirt.arm]
desc = ArmVirt build for qemu, 32-bit (arm v7)
conf = ArmVirtPkg/ArmVirtQemu.dsc
arch = ARM
opts = ovmf.common
pcds = nx.broken.grub
plat = ArmVirtQemu-ARM
dest = Fedora/arm
cpy1 = FV/QEMU_EFI.fd
cpy2 = FV/QEMU_VARS.fd
cpy3 = FV/QEMU_EFI.fd QEMU_EFI-pflash.raw
cpy4 = FV/QEMU_VARS.fd vars-template-pflash.raw
pad3 = QEMU_EFI-pflash.raw 64m
pad4 = vars-template-pflash.raw 64m
#####################################################################
# experimental builds
[build.ovmf.sb.stateless]
desc = ovmf build (64-bit, stateless secure boot)
conf = OvmfPkg/OvmfPkgX64.dsc
arch = X64
opts = ovmf.common
ovmf.4m
ovmf.sb.stateless
plat = OvmfX64
dest = Fedora/experimental
cpy1 = FV/OVMF.fd OVMF.stateless.fd
[build.ovmf.strict.nx]
desc = ovmf build (64-bit, 4MB, q35 only, needs smm, secure boot, strict nx)
conf = OvmfPkg/OvmfPkgX64.dsc
arch = X64
opts = ovmf.common
ovmf.4m
ovmf.sb.smm
pcds = nx.strict
plat = OvmfX64
dest = Fedora/experimental
cpy1 = FV/OVMF_CODE.fd OVMF_CODE.4m.secboot.strictnx.fd
[build.armvirt.aa64.strict.nx]
desc = ArmVirt build for qemu, 64-bit (arm v8), verbose
conf = ArmVirtPkg/ArmVirtQemu.dsc
arch = AARCH64
opts = ovmf.common
armvirt.verbose
pcds = nx.strict
plat = ArmVirtQemu-AARCH64
dest = Fedora/experimental
cpy1 = FV/QEMU_EFI.fd QEMU_EFI.strictnx.fd
cpy3 = FV/QEMU_EFI.fd QEMU_EFI-strictnx-pflash.raw
pad3 = QEMU_EFI-strictnx-pflash.raw 64m
[build.armvirt.aa64.secboot.testonly]
desc = ArmVirt build for qemu, 64-bit (arm v8), secure boot
conf = ArmVirtPkg/ArmVirtQemu.dsc
arch = AARCH64
opts = ovmf.common
armvirt.verbose
armvirt.sb.testonly
pcds = nx.strict
plat = ArmVirtQemu-AARCH64
dest = Fedora/experimental
cpy1 = FV/QEMU_EFI.fd QEMU_EFI.secboot.testonly.fd
cpy3 = FV/QEMU_EFI.fd QEMU_EFI-secboot-testonly-pflash.raw
pad3 = QEMU_EFI-secboot-testonly-pflash.raw 64m