diff --git a/edk2-build.fedora b/edk2-build.fedora new file mode 100644 index 0000000..6107e72 --- /dev/null +++ b/edk2-build.fedora @@ -0,0 +1,174 @@ + +[opts.ovmf.common] +NETWORK_HTTP_BOOT_ENABLE = TRUE +NETWORK_IP6_ENABLE = TRUE +NETWORK_TLS_ENABLE = TRUE +NETWORK_ISCSI_ENABLE = TRUE +NETWORK_ALLOW_HTTP_CONNECTIONS = TRUE +TPM2_ENABLE = TRUE +TPM2_CONFIG_ENABLE = TRUE +TPM1_ENABLE = TRUE + +[opts.ovmf.4m] +FD_SIZE_4MB = TRUE + +[opts.ovmf.2m] +FD_SIZE_2MB = TRUE +NETWORK_ISCSI_ENABLE = FALSE + +[opts.ovmf.sb.smm] +SECURE_BOOT_ENABLE = TRUE +SMM_REQUIRE = TRUE +# old downstream +EXCLUDE_SHELL_FROM_FD = TRUE +# new upstream +BUILD_SHELL = FALSE + +[opts.armvirt.verbose] +DEBUG_PRINT_ERROR_LEVEL = 0x8040004F + +[opts.armvirt.silent] +DEBUG_PRINT_ERROR_LEVEL = 0x80000000 + + +##################################################################### +# stateful ovmf builds (with vars in flash) + +[build.ovmf.2m.default] +desc = ovmf build (64-bit, 2MB) +conf = OvmfPkg/OvmfPkgX64.dsc +arch = X64 +opts = ovmf.common ovmf.2m +plat = OvmfX64 +dest = Fedora/ovmf +cpy1 = FV/OVMF_CODE.fd +cpy2 = FV/OVMF_VARS.fd +cpy3 = X64/Shell.efi + +[build.ovmf.4m.default] +desc = ovmf build (64-bit, 4MB) +conf = OvmfPkg/OvmfPkgX64.dsc +arch = X64 +opts = ovmf.common ovmf.4m +plat = OvmfX64 +dest = Fedora/ovmf-4m +cpy1 = FV/OVMF_CODE.fd +cpy2 = FV/OVMF_VARS.fd + +[build.ovmf.2m.sb.smm] +desc = ovmf build (32/64-bit, 2MB, q35 only, needs smm, secure boot) +conf = OvmfPkg/OvmfPkgIa32X64.dsc +arch = IA32 X64 +opts = ovmf.common ovmf.2m ovmf.sb.smm +plat = Ovmf3264 +dest = Fedora/ovmf +cpy1 = FV/OVMF_CODE.fd OVMF_CODE.secboot.fd +cpy2 = X64/EnrollDefaultKeys.efi + +[build.ovmf.4m.sb.smm] +desc = ovmf build (32/64-bit, 4MB, q35 only, needs smm, secure boot) +conf = OvmfPkg/OvmfPkgIa32X64.dsc +arch = IA32 X64 +opts = ovmf.common ovmf.4m ovmf.sb.smm +plat = Ovmf3264 +dest = Fedora/ovmf-4m +cpy1 = FV/OVMF_CODE.fd OVMF_CODE.secboot.fd + + +##################################################################### +# stateless ovmf builds (firmware in rom or r/o flash) + +[build.ovmf.microvm] +desc = ovmf build for qemu microvm (2MB) +conf = OvmfPkg/Microvm/MicrovmX64.dsc +arch = X64 +opts = ovmf.common ovmf.2m +plat = MicrovmX64 +dest = Fedora/ovmf +cpy1 = FV/MICROVM.fd + +[build.ovmf.amdsev] +desc = ovmf build for AmdSev (2MB) +conf = OvmfPkg/AmdSev/AmdSevX64.dsc +arch = X64 +opts = ovmf.common ovmf.2m +plat = AmdSev +dest = Fedora/ovmf +cpy1 = FV/OVMF.fd OVMF.amdsev.fd + +[build.ovmf.inteltdx] +desc = ovmf build for IntelTdx (2MB) +conf = OvmfPkg/IntelTdx/IntelTdxX64.dsc +arch = X64 +opts = ovmf.common ovmf.2m +plat = IntelTdx +dest = Fedora/ovmf +cpy1 = FV/OVMF.fd OVMF.inteltdx.fd + + +##################################################################### +# armvirt builds + +[build.armvirt.aa64.verbose] +desc = ArmVirt build for qemu, 64-bit (arm v8), verbose +conf = ArmVirtPkg/ArmVirtQemu.dsc +arch = AARCH64 +opts = ovmf.common armvirt.verbose +plat = ArmVirtQemu-AARCH64 +dest = Fedora/aarch64 +cpy1 = FV/QEMU_EFI.fd +cpy2 = FV/QEMU_VARS.fd +cpy3 = FV/QEMU_EFI.fd QEMU_EFI-pflash.raw +cpy4 = FV/QEMU_VARS.fd vars-template-pflash.raw +pad3 = QEMU_EFI-pflash.raw 64m +pad4 = vars-template-pflash.raw 64m + +[build.armvirt.aa64.silent] +desc = ArmVirt build for qemu, 64-bit (arm v8), silent +conf = ArmVirtPkg/ArmVirtQemu.dsc +arch = AARCH64 +opts = ovmf.common armvirt.silent +plat = ArmVirtQemu-AARCH64 +dest = Fedora/aarch64 +cpy1 = FV/QEMU_EFI.fd QEMU_EFI.silent.fd +cpy2 = FV/QEMU_EFI.fd QEMU_EFI-silent-pflash.raw +pad2 = QEMU_EFI-silent-pflash.raw 64m + + +##################################################################### +# 32-bit builds + +[build.ovmf.ia32.default] +desc = ovmf build (32-bit, 2MB) +conf = OvmfPkg/OvmfPkgIa32.dsc +arch = IA32 +opts = ovmf.common ovmf.2m +plat = OvmfIa32 +dest = Fedora/ovmf-ia32 +cpy1 = FV/OVMF_CODE.fd +cpy2 = FV/OVMF_VARS.fd +cpy3 = IA32/Shell.efi + +[build.ovmf.ia32.sb.smm] +desc = ovmf build (32-bit, 2MB, q35 only, needs smm, secure boot) +conf = OvmfPkg/OvmfPkgIa32.dsc +arch = IA32 +opts = ovmf.common ovmf.2m ovmf.sb.smm +plat = OvmfIa32 +dest = Fedora/ovmf-ia32 +cpy1 = FV/OVMF_CODE.fd OVMF_CODE.secboot.fd +cpy2 = IA32/EnrollDefaultKeys.efi + +[build.armvirt.arm] +desc = ArmVirt build for qemu, 32-bit (arm v7) +conf = ArmVirtPkg/ArmVirtQemu.dsc +arch = ARM +opts = ovmf.common +plat = ArmVirtQemu-ARM +dest = Fedora/arm +cpy1 = FV/QEMU_EFI.fd +cpy2 = FV/QEMU_VARS.fd +cpy3 = FV/QEMU_EFI.fd QEMU_EFI-pflash.raw +cpy4 = FV/QEMU_VARS.fd vars-template-pflash.raw +pad3 = QEMU_EFI-pflash.raw 64m +pad4 = vars-template-pflash.raw 64m diff --git a/edk2-build.py b/edk2-build.py new file mode 100755 index 0000000..9aa918e --- /dev/null +++ b/edk2-build.py @@ -0,0 +1,251 @@ +#!/usr/bin/python3 +import os +import sys +import glob +import shutil +import optparse +import subprocess +import configparser + +def check_rebase(): + if not os.path.exists('.git/rebase-merge/msgnum'): + return "" + with open('.git/rebase-merge/msgnum', 'r') as f: + msgnum = int(f.read()) + with open('.git/rebase-merge/end', 'r') as f: + end = int(f.read()) + with open('.git/rebase-merge/head-name', 'r') as f: + head = f.read().strip().split('/') + return f'[ {int(msgnum/2)} / {int(end/2)} - {head[-1]} ] ' + +def get_coredir(cfg): + if cfg.has_option('global', 'core'): + return os.path.abspath(cfg['global']['core']) + else: + return os.getcwd() + +def get_version(cfg): + coredir = get_coredir(cfg) + if os.environ.get('RPM_PACKAGE_NAME'): + version = os.environ.get('RPM_PACKAGE_NAME'); + version += '-' + os.environ.get('RPM_PACKAGE_VERSION'); + version += '-' + os.environ.get('RPM_PACKAGE_RELEASE'); + print('') + print(f'### version [rpmbuild]: {version}') + return version + if os.path.exists(coredir + '/.git'): + cmdline = [ 'git', 'describe', '--tags', '--abbrev=8', '--match=edk2-stable*' ] + result = subprocess.run(cmdline, capture_output = True, cwd = coredir) + version = result.stdout.decode().strip() + print('') + print(f'### version [git]: {version}') + return version + return None + +def pcd_string(name, value): + return f"{name}=L'{value}\\0'" + +def pcd_version(cfg): + version = get_version(cfg) + if version is None: + return [] + return [ '--pcd', pcd_string('PcdFirmwareVersionString', version) ] + +def build_message(line): + prefix = check_rebase() + + if os.environ.get('TERM') in [ 'xterm', 'xterm-256color' ]: + # setxterm title + start = '\x1b]2;' + end = '\x07' + print(f'{start}{prefix}{line}{end}', end = '') + + print('') + print('###') + print(f'### {prefix}{line}') + print('###') + +def build_run(cmdline, name): + print(cmdline) + result = subprocess.run(cmdline) + if result.returncode: + print(f'ERROR: {cmdline[0]} exited with {result.returncode} while building {name}') + sys.exit(result.returncode) + +def build_copy(plat, tgt, dstdir, copy): + srcdir = f'Build/{plat}/{tgt}_GCC5' + names = copy.split() + srcfile = names[0] + if len(names) > 1: + dstfile = names[1] + else: + dstfile = os.path.basename(srcfile) + print(f'# copy: {srcdir} / {srcfile} => {dstdir} / {dstfile}') + + os.makedirs(dstdir, exist_ok = True) + shutil.copy(srcdir + '/' + srcfile, + dstdir + '/' + dstfile) + +def pad_file(dstdir, pad): + args = pad.split() + if len(args) < 2: + raise RuntimeError(f'missing arg for pad ({args})') + name = args[0] + size = args[1] + cmdline = [ + 'truncate', + '--size', size, + dstdir + '/' + name, + ] + print(f'# padding: {dstdir} / {name} => {size}') + subprocess.run(cmdline) + +def build_one(cfg, build, jobs = None): + cmdline = [ 'build' ] + cmdline += [ '-t', 'GCC5' ] + cmdline += [ '-p', cfg[build]['conf'] ] + + if (cfg[build]['conf'].startswith('OvmfPkg/') or + cfg[build]['conf'].startswith('ArmVirtPkg/')): + cmdline += pcd_version(cfg) + + if jobs: + cmdline += [ '-n', jobs ] + for arch in cfg[build]['arch'].split(): + cmdline += [ '-a', arch ] + if 'opts' in cfg[build]: + for name in cfg[build]['opts'].split(): + section = 'opts.' + name + for opt in cfg[section]: + cmdline += [ '-D', opt.upper() + '=' + cfg[section][opt] ] + if 'tgts' in cfg[build]: + tgts = cfg[build]['tgts'].split() + else: + tgts = [ 'DEBUG' ] + for tgt in tgts: + build_message(f'building: {cfg[build]["conf"]} ({cfg[build]["arch"]}, {tgt})') + build_run(cmdline + [ '-b', tgt ], + cfg[build]['conf']) + + if 'plat' in cfg[build]: + # copy files + for cpy in cfg[build]: + if not cpy.startswith('cpy'): + continue + build_copy(cfg[build]['plat'], + tgt, + cfg[build]['dest'], + cfg[build][cpy]) + # pad builds + for pad in cfg[build]: + if not pad.startswith('pad'): + continue + pad_file(cfg[build]['dest'], + cfg[build][pad]) + +def build_basetools(): + build_message(f'building: BaseTools') + basedir = os.environ['EDK_TOOLS_PATH'] + cmdline = [ 'make', '-C', basedir ] + build_run(cmdline, 'BaseTools') + +def binary_exists(name): + for dir in os.environ['PATH'].split(':'): + if os.path.exists(dir + '/' + name): + return True + return False + +def prepare_env(cfg): + """ mimic Conf/BuildEnv.sh """ + workspace = os.getcwd() + packages = [ workspace, ] + path = os.environ['PATH'].split(':') + dirs = [ + 'BaseTools/Bin/Linux-x86_64', + 'BaseTools/BinWrappers/PosixLike' + ] + + coredir = get_coredir(cfg) + if coredir != workspace: + packages.append(coredir) + if cfg.has_option('global', 'pkgs'): + for pkgdir in cfg['global']['pkgs'].split(): + packages.append(os.path.abspath(pkgdir)) + + # add basetools to path + for dir in dirs: + p = coredir + '/' + dir + if not os.path.exists(p): + continue + if p in path: + continue + path.insert(0, p) + + # run edksetup if needed + toolsdef = coredir + '/Conf/tools_def.txt'; + if not os.path.exists(toolsdef): + build_message('running edksetup') + cmdline = [ 'sh', 'edksetup.sh' ] + subprocess.run(cmdline, cwd = coredir) + + # set variables + os.environ['PATH'] = ':'.join(path) + os.environ['PACKAGES_PATH'] = ':'.join(packages) + os.environ['WORKSPACE'] = workspace + os.environ['EDK_TOOLS_PATH'] = coredir + '/BaseTools' + os.environ['CONF_PATH'] = coredir + '/Conf' + os.environ['PYTHON_COMMAND'] = '/usr/bin/python3' + + # for cross builds + if binary_exists('arm-linux-gnu-gcc'): + os.environ['GCC5_ARM_PREFIX'] = 'arm-linux-gnu-' + if binary_exists('aarch64-linux-gnu-gcc'): + os.environ['GCC5_AARCH64_PREFIX'] = 'aarch64-linux-gnu-' + if binary_exists('x86_64-linux-gnu-gcc'): + os.environ['GCC5_IA32_PREFIX'] = 'x86_64-linux-gnu-' + os.environ['GCC5_X64_PREFIX'] = 'x86_64-linux-gnu-' + +def build_list(cfg): + for build in cfg.sections(): + if not build.startswith('build.'): + continue + name = build.lstrip('build.') + desc = 'no description' + if 'desc' in cfg[build]: + desc = cfg[build]['desc'] + print(f'# {name:16s} - {desc}') + +def main(): + parser = optparse.OptionParser() + parser.add_option('-c', '--config', dest = 'configfile', + type = 'string', default = '.edk2.builds') + parser.add_option('-j', '--jobs', dest = 'jobs', type = 'string') + parser.add_option('-m', '--match', dest = 'match', type = 'string') + parser.add_option('-l', '--list', dest = 'list', action = 'store_true') + parser.add_option('--core', dest = 'core', type = 'string') + (options, args) = parser.parse_args() + + cfg = configparser.ConfigParser() + cfg.read(options.configfile) + + if options.list: + build_list(cfg) + return + + if not cfg.has_section('global'): + cfg.add_section('global') + if options.core: + cfg.set('global', 'core', options.core) + + prepare_env(cfg) + build_basetools() + for build in cfg.sections(): + if not build.startswith('build.'): + continue + if options.match and options.match not in build: + print(f'# skipping "{build}" (not matching "{options.match}")') + continue + build_one(cfg, build, options.jobs) + +if __name__ == '__main__': + sys.exit(main()) diff --git a/edk2-build.rhel-9 b/edk2-build.rhel-9 new file mode 100644 index 0000000..ef7df91 --- /dev/null +++ b/edk2-build.rhel-9 @@ -0,0 +1,103 @@ + +[opts.ovmf.common] +NETWORK_HTTP_BOOT_ENABLE = TRUE +NETWORK_IP6_ENABLE = TRUE +NETWORK_TLS_ENABLE = TRUE +NETWORK_ISCSI_ENABLE = TRUE +NETWORK_ALLOW_HTTP_CONNECTIONS = TRUE +TPM2_ENABLE = TRUE +TPM2_CONFIG_ENABLE = TRUE +TPM1_ENABLE = FALSE + +[opts.ovmf.4m] +FD_SIZE_4MB = TRUE + +[opts.ovmf.sb.smm] +SECURE_BOOT_ENABLE = TRUE +SMM_REQUIRE = TRUE +# old downstream +EXCLUDE_SHELL_FROM_FD = TRUE +# new upstream +BUILD_SHELL = FALSE + +[opts.armvirt.verbose] +DEBUG_PRINT_ERROR_LEVEL = 0x8040004F + +[opts.armvirt.silent] +DEBUG_PRINT_ERROR_LEVEL = 0x80000000 + + +##################################################################### +# stateful ovmf builds (with vars in flash) + +[build.ovmf.4m.default] +desc = ovmf build (64-bit, 4MB) +conf = OvmfPkg/OvmfPkgX64.dsc +arch = X64 +opts = ovmf.common ovmf.4m +plat = OvmfX64 +dest = RHEL-9/ovmf +cpy1 = FV/OVMF_CODE.fd OVMF_CODE.fd +cpy2 = FV/OVMF_VARS.fd +cpy3 = X64/Shell.efi + +[build.ovmf.4m.sb.smm] +desc = ovmf build (32/64-bit, 4MB, q35 only, needs smm, secure boot) +conf = OvmfPkg/OvmfPkgIa32X64.dsc +arch = IA32 X64 +opts = ovmf.common ovmf.4m ovmf.sb.smm +plat = Ovmf3264 +dest = RHEL-9/ovmf +cpy1 = FV/OVMF_CODE.fd OVMF_CODE.secboot.fd +cpy2 = X64/EnrollDefaultKeys.efi + + +##################################################################### +# stateless ovmf builds (firmware in rom or r/o flash) + +[build.ovmf.amdsev] +desc = ovmf build for AmdSev (4MB) +conf = OvmfPkg/AmdSev/AmdSevX64.dsc +arch = X64 +opts = ovmf.common ovmf.4m +plat = AmdSev +dest = RHEL-9/ovmf +cpy1 = FV/OVMF.fd OVMF.amdsev.fd + +[build.ovmf.inteltdx] +desc = ovmf build for IntelTdx (4MB) +conf = OvmfPkg/IntelTdx/IntelTdxX64.dsc +arch = X64 +opts = ovmf.common ovmf.4m +plat = IntelTdx +dest = RHEL-9/ovmf +cpy1 = FV/OVMF.fd OVMF.inteltdx.fd + + +##################################################################### +# armvirt builds + +[build.armvirt.aa64.verbose] +desc = ArmVirt build for qemu, 64-bit (arm v8), verbose +conf = ArmVirtPkg/ArmVirtQemu.dsc +arch = AARCH64 +opts = ovmf.common armvirt.verbose +plat = ArmVirtQemu-AARCH64 +dest = RHEL-9/aarch64 +cpy1 = FV/QEMU_EFI.fd +cpy2 = FV/QEMU_VARS.fd +cpy3 = FV/QEMU_EFI.fd QEMU_EFI-pflash.raw +cpy4 = FV/QEMU_VARS.fd vars-template-pflash.raw +pad3 = QEMU_EFI-pflash.raw 64m +pad4 = vars-template-pflash.raw 64m + +[build.armvirt.aa64.silent] +desc = ArmVirt build for qemu, 64-bit (arm v8), silent +conf = ArmVirtPkg/ArmVirtQemu.dsc +arch = AARCH64 +opts = ovmf.common armvirt.silent +plat = ArmVirtQemu-AARCH64 +dest = RHEL-9/aarch64 +cpy1 = FV/QEMU_EFI.fd QEMU_EFI.silent.fd +cpy2 = FV/QEMU_EFI.fd QEMU_EFI-silent-pflash.raw +pad2 = QEMU_EFI-silent-pflash.raw 64m diff --git a/edk2.spec b/edk2.spec index d703c3a..bdfedd6 100644 --- a/edk2.spec +++ b/edk2.spec @@ -23,10 +23,8 @@ ExclusiveArch: x86_64 aarch64 %ifarch aarch64 %define build_aarch64 1 %endif -%define build_ovmf_4m 0 %else %define build_ovmf 1 -%define build_ovmf_4m 1 %define build_aarch64 1 %endif @@ -67,6 +65,11 @@ Source58: edk2-ovmf-nosb.json Source59: 70-edk2-arm-verbose.json Source60: edk2-microvm.json +# https://gitlab.com/kraxel/edk2-build-config +Source80: edk2-build.py +Source81: edk2-build.fedora +Source82: edk2-build.rhel-9 + Patch0001: 0001-BaseTools-do-not-build-BrotliCompress-RH-only.patch Patch0002: 0002-MdeModulePkg-remove-package-private-Brotli-include-p.patch Patch0003: 0003-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch @@ -231,6 +234,7 @@ git config am.keepcr true cp -a -- %{SOURCE1} . cp -a -- %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} . cp -a -- %{SOURCE14} %{SOURCE15} %{SOURCE16} . +cp -a -- %{SOURCE80} %{SOURCE81} %{SOURCE82} . tar -C CryptoPkg/Library/OpensslLib -a -f %{SOURCE2} -x # Done by %setup, but we do not use it for the auxiliary tarballs @@ -241,52 +245,6 @@ tar -xf %{SOURCE50} --strip-components=1 --directory ArmPkg/Library/ArmSoftFloat %build -export PYTHON_COMMAND=%{__python3} -source ./edksetup.sh -%make_build -C "$EDK_TOOLS_PATH" \ - EXTRA_OPTFLAGS="%{optflags}" \ - EXTRA_LDFLAGS="%{__global_ldflags}" - -SMP_MFLAGS="%{?_smp_mflags}" -if [[ x"$SMP_MFLAGS" = x-j* ]]; then - CC_FLAGS="$CC_FLAGS -n ${SMP_MFLAGS#-j}" -elif [ -n "%{?jobs}" ]; then - CC_FLAGS="$CC_FLAGS -n %{?jobs}" -fi - -CC_FLAGS="$CC_FLAGS --cmd-len=65536 -t %{TOOLCHAIN} -b DEBUG --hash" -CC_FLAGS="$CC_FLAGS -D NETWORK_IP6_ENABLE" -CC_FLAGS="$CC_FLAGS -D NETWORK_HTTP_BOOT_ENABLE -D NETWORK_TLS_ENABLE" -CC_FLAGS="$CC_FLAGS -D TPM2_ENABLE" -CC_FLAGS="$CC_FLAGS -D TPM1_ENABLE" - -OVMF_FLAGS="${CC_FLAGS}" -%if %{defined rhel} -OVMF_FLAGS="${OVMF_FLAGS} -D FD_SIZE_4MB" -OVMF_FLAGS="${OVMF_FLAGS} -D PVSCSI_ENABLE=FALSE -D MPT_SCSI_ENABLE=FALSE" -%else -OVMF_FLAGS="${OVMF_FLAGS} -D FD_SIZE_2MB" -%endif - -OVMF_SB_FLAGS="${OVMF_FLAGS}" -OVMF_SB_FLAGS="${OVMF_SB_FLAGS} -D SECURE_BOOT_ENABLE" -OVMF_SB_FLAGS="${OVMF_SB_FLAGS} -D SMM_REQUIRE" -OVMF_SB_FLAGS="${OVMF_SB_FLAGS} -D EXCLUDE_SHELL_FROM_FD" - -OVMF_4M_FLAGS="" -OVMF_4M_FLAGS="${OVMF_4M_FLAGS} -D FD_SIZE_IN_KB=4096" - -%if %{disable_werror} -sed -i -e 's/-Werror//' Conf/tools_def.txt -%endif - - -%if %{cross} -export GCC5_IA32_PREFIX="x86_64-linux-gnu-" -export GCC5_X64_PREFIX="x86_64-linux-gnu-" -export GCC5_AARCH64_PREFIX="aarch64-linux-gnu-" -export GCC5_ARM_PREFIX="arm-linux-gnu-" -%endif build_iso() { dir="$1" @@ -322,104 +280,44 @@ build_iso() { -o "$ISO_IMAGE" "$UEFI_SHELL_IMAGE" } - -%if %{build_ovmf} -%if %{build_ovmf_4m} -build ${OVMF_FLAGS} ${OVMF_4M_FLAGS} -a X64 \ - -p OvmfPkg/OvmfPkgX64.dsc -build ${OVMF_SB_FLAGS} ${OVMF_4M_FLAGS} -a IA32 -a X64 \ - -p OvmfPkg/OvmfPkgIa32X64.dsc - -mkdir ovmf-4m -cp -a Build/OvmfX64/DEBUG_%{TOOLCHAIN}/FV/OVMF_*.fd ovmf-4m -cp -a Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/FV/OVMF_CODE.fd ovmf-4m/OVMF_CODE.secboot.fd -ls -la ovmf-4m -rm -rf Build/OvmfX64 -%endif - -# Build with neither SB nor SMM; include UEFI shell. -build ${OVMF_FLAGS} -a X64 \ - -p OvmfPkg/OvmfPkgX64.dsc - -# Build with SB and SMM; exclude UEFI shell. -build ${OVMF_SB_FLAGS} -a IA32 -a X64 \ - -p OvmfPkg/OvmfPkgIa32X64.dsc - -# Build AmdSev and IntelTdx variants touch OvmfPkg/AmdSev/Grub/grub.efi # dummy -build ${OVMF_FLAGS} -a X64 \ - -p OvmfPkg/AmdSev/AmdSevX64.dsc -build ${OVMF_FLAGS} -a X64 \ - -p OvmfPkg/IntelTdx/IntelTdxX64.dsc -# Sanity check: the varstore templates must be identical. -cmp Build/OvmfX64/DEBUG_%{TOOLCHAIN}/FV/OVMF_VARS.fd \ - Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/FV/OVMF_VARS.fd +%if %{build_ovmf} +%if %{defined rhel} -# Prepare an ISO image that boots the UEFI shell. +./edk2-build.py --config edk2-build.rhel-9 -m ovmf +virt-fw-vars --input RHEL-9/ovmf/OVMF_VARS.fd \ + --output RHEL-9/ovmf/OVMF_VARS.secboot.fd \ + --enroll-redhat --secure-boot build_iso Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/X64 -virt-fw-vars --input Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/FV/OVMF_VARS.fd \ - --output Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/FV/OVMF_VARS.secboot.fd \ +%else + +./edk2-build.py --config edk2-build.fedora -m ovmf +virt-fw-vars --input Fedora/ovmf/OVMF_VARS.fd \ + --output Fedora/ovmf/OVMF_VARS.secboot.fd \ + --enroll-redhat --secure-boot +virt-fw-vars --input Fedora/ovmf-4m/OVMF_VARS.fd \ + --output Fedora/ovmf-4m/OVMF_VARS.secboot.fd \ --enroll-redhat --secure-boot +virt-fw-vars --input Fedora/ovmf-ia32/OVMF_VARS.fd \ + --output Fedora/ovmf-ia32/OVMF_VARS.secboot.fd \ + --enroll-redhat --secure-boot +build_iso Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/X64 +build_iso Build/OvmfIa32/DEBUG_%{TOOLCHAIN}/IA32 -# endif build_ovmf %endif - -%if %{build_aarch64} -# Build with a verbose debug mask first, and stash the binary. -build ${CC_FLAGS} -a AARCH64 \ - -p ArmVirtPkg/ArmVirtQemu.dsc \ - -D DEBUG_PRINT_ERROR_LEVEL=0x8040004F -cp -a Build/ArmVirtQemu-AARCH64/DEBUG_%{TOOLCHAIN}/FV/QEMU_EFI.fd \ - Build/ArmVirtQemu-AARCH64/DEBUG_%{TOOLCHAIN}/FV/QEMU_EFI.verbose.fd - -# Rebuild with a silent (errors only) debug mask. -build ${CC_FLAGS} -a AARCH64 \ - -p ArmVirtPkg/ArmVirtQemu.dsc \ - -D DEBUG_PRINT_ERROR_LEVEL=0x80000000 -# endif build_aarch64 %endif - -%if %{defined fedora} -%if %{build_ovmf} -# build microvm -build ${OVMF_FLAGS} -a X64 -p OvmfPkg/Microvm/MicrovmX64.dsc - -# build ovmf-ia32 -mkdir -p ovmf-ia32 -build ${OVMF_FLAGS} -a IA32 -p OvmfPkg/OvmfPkgIa32.dsc -cp Build/OvmfIa32/*/FV/OVMF_CODE*.fd ovmf-ia32/ -# cp VARS files from from ovmf/, which are all we need -cp -a Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/FV/OVMF_VARS*.fd ovmf-ia32 -rm -rf Build/OvmfIa32 - -# build ovmf-ia32 with secure boot -build ${OVMF_SB_FLAGS} -a IA32 -p OvmfPkg/OvmfPkgIa32.dsc -cp Build/OvmfIa32/*/FV/OVMF_CODE.fd ovmf-ia32/OVMF_CODE.secboot.fd - -# build ovmf-ia32 shell iso with EnrollDefaultKeys -build_iso Build/OvmfIa32/DEBUG_%{TOOLCHAIN}/IA32 -mv Build/OvmfIa32/DEBUG_%{TOOLCHAIN}/IA32/UefiShell.iso ovmf-ia32 -cp -a Build/OvmfIa32/DEBUG_%{TOOLCHAIN}/IA32/Shell.efi ovmf-ia32 -cp -a Build/OvmfIa32/DEBUG_%{TOOLCHAIN}/IA32/EnrollDefaultKeys.efi ovmf-ia32 -# endif build_ovmf +%if %{build_aarch64} +%if %{defined rhel} +./edk2-build.py --config edk2-build.rhel-9 -m armvirt +%else +./edk2-build.py --config edk2-build.fedora -m armvirt %endif - -# build ARMv7 firmware -mkdir -p arm -build ${CC_FLAGS} -a ARM -p ArmVirtPkg/ArmVirtQemu.dsc -cp Build/ArmVirtQemu-ARM/DEBUG_*/FV/*.fd arm -dd of="arm/QEMU_EFI-pflash.raw" if="/dev/zero" bs=1M count=64 -dd of="arm/QEMU_EFI-pflash.raw" if="arm/QEMU_EFI.fd" conv=notrunc -dd of="arm/vars-template-pflash.raw" if="/dev/zero" bs=1M count=64 - -# endif defined fedora %endif - %install cp -a OvmfPkg/License.txt License.OvmfPkg.txt @@ -441,46 +339,28 @@ install BaseTools/Conf/*.template \ install BaseTools/Scripts/GccBase.lds \ %{buildroot}%{_datadir}/%{name}/Scripts +# install firmware images +mkdir -p %{buildroot}%{_datadir}/%{name} +%if %{defined rhel} +cp -av RHEL-9/* %{buildroot}%{_datadir}/%{name} +%else +cp -av Fedora/* %{buildroot}%{_datadir}/%{name} +%endif -%if %{build_ovmf} -mkdir -p \ - %{buildroot}%{_datadir}/OVMF \ - %{buildroot}%{_datadir}/%{name}/ovmf -%if %{build_ovmf_4m} -cp -a ovmf-4m %{buildroot}%{_datadir}/%{name} -%endif +%if %{build_ovmf} -install -m 0644 Build/OvmfX64/DEBUG_%{TOOLCHAIN}/FV/OVMF_CODE.fd \ - %{buildroot}%{_datadir}/%{name}/ovmf/OVMF_CODE.fd -install -m 0644 Build/OvmfX64/DEBUG_%{TOOLCHAIN}/FV/OVMF_CODE.fd \ - %{buildroot}%{_datadir}/%{name}/ovmf/OVMF_CODE.cc.fd -install -m 0644 Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/FV/OVMF_CODE.fd \ - %{buildroot}%{_datadir}/%{name}/ovmf/OVMF_CODE.secboot.fd - -install -m 0644 Build/OvmfX64/DEBUG_%{TOOLCHAIN}/FV/OVMF_VARS.fd \ - %{buildroot}%{_datadir}/%{name}/ovmf/OVMF_VARS.fd -install -m 0644 Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/FV/OVMF_VARS.secboot.fd \ - %{buildroot}%{_datadir}/%{name}/ovmf/OVMF_VARS.secboot.fd -install -m 0644 Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/X64/UefiShell.iso \ - %{buildroot}%{_datadir}/%{name}/ovmf/UefiShell.iso - -install -m 0644 Build/AmdSev/DEBUG_%{TOOLCHAIN}/FV/OVMF.fd \ - %{buildroot}%{_datadir}/%{name}/ovmf/OVMF.amdsev.fd -install -m 0644 Build/IntelTdx/DEBUG_%{TOOLCHAIN}/FV/OVMF.fd \ - %{buildroot}%{_datadir}/%{name}/ovmf/OVMF.inteltdx.fd - -ln -s ../%{name}/ovmf/OVMF_CODE.fd %{buildroot}%{_datadir}/OVMF +# compat symlinks +mkdir -p %{buildroot}%{_datadir}/OVMF +ln -s ../%{name}/ovmf/OVMF_CODE.fd %{buildroot}%{_datadir}/OVMF/ ln -s ../%{name}/ovmf/OVMF_CODE.secboot.fd %{buildroot}%{_datadir}/OVMF/ ln -s ../%{name}/ovmf/OVMF_VARS.fd %{buildroot}%{_datadir}/OVMF/ ln -s ../%{name}/ovmf/OVMF_VARS.secboot.fd %{buildroot}%{_datadir}/OVMF/ ln -s ../%{name}/ovmf/UefiShell.iso %{buildroot}%{_datadir}/OVMF/ +ln -s OVMF_CODE.fd %{buildroot}%{_datadir}/%{name}/ovmf/OVMF_CODE.cc.fd -install -m 0644 Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/X64/Shell.efi \ - %{buildroot}%{_datadir}/%{name}/ovmf/Shell.efi -install -m 0644 Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/X64/EnrollDefaultKeys.efi \ - %{buildroot}%{_datadir}/%{name}/ovmf/EnrollDefaultKeys.efi - +# json description files +mkdir -p %{buildroot}%{_datadir}/qemu/firmware install -m 0644 edk2-ovmf-sb.json \ %{buildroot}%{_datadir}/qemu/firmware/40-edk2-ovmf-sb.json install -m 0644 edk2-ovmf.json \ @@ -491,85 +371,55 @@ install -m 0644 edk2-ovmf-amdsev.json \ %{buildroot}%{_datadir}/qemu/firmware/50-edk2-ovmf-amdsev.json install -m 0644 edk2-ovmf-inteltdx.json \ %{buildroot}%{_datadir}/qemu/firmware/50-edk2-ovmf-inteltdx.json +%if %{defined fedora} +install -p -m 0644 %{_sourcedir}/edk2-microvm.json \ + %{buildroot}%{_datadir}/qemu/firmware/60-edk2-ovmf-microvm.json +install -p -m 0644 %{_sourcedir}/edk2-ovmf-nosb.json \ + %{buildroot}%{_datadir}/qemu/firmware/60-edk2-ovmf-nosb.json +for f in %{_sourcedir}/*edk2-ovmf-ia32*.json; do + install -pm 644 $f %{buildroot}/%{_datadir}/qemu/firmware +done +%endif + +# shell iso +cp Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/X64/UefiShell.iso %{buildroot}%{_datadir}/%{name}/ovmf +%if %{defined fedora} +cp Build/OvmfIa32/DEBUG_%{TOOLCHAIN}/IA32/UefiShell.iso %{buildroot}%{_datadir}/%{name}/ovmf-ia32 +%endif + # endif build_ovmf %endif -mkdir -p %{buildroot}%{_datadir}/AAVMF %if %{build_aarch64} -mkdir -p %{buildroot}%{_datadir}/%{name}/aarch64 - -# Pad and install the verbose binary. -cat Build/ArmVirtQemu-AARCH64/DEBUG_%{TOOLCHAIN}/FV/QEMU_EFI.verbose.fd \ - /dev/zero \ -| head -c 64m \ - > %{buildroot}%{_datadir}/%{name}/aarch64/QEMU_EFI-pflash.raw - -# Pad and install the silent (default) binary. -cat Build/ArmVirtQemu-AARCH64/DEBUG_%{TOOLCHAIN}/FV/QEMU_EFI.fd \ - /dev/zero \ -| head -c 64m \ - > %{buildroot}%{_datadir}/%{name}/aarch64/QEMU_EFI-silent-pflash.raw - -# Create varstore template. -cat Build/ArmVirtQemu-AARCH64/DEBUG_%{TOOLCHAIN}/FV/QEMU_VARS.fd \ - /dev/zero \ -| head -c 64m \ - > %{buildroot}%{_datadir}/%{name}/aarch64/vars-template-pflash.raw +# compat symlinks +mkdir -p %{buildroot}%{_datadir}/AAVMF ln -s ../%{name}/aarch64/QEMU_EFI-pflash.raw \ %{buildroot}%{_datadir}/AAVMF/AAVMF_CODE.verbose.fd ln -s ../%{name}/aarch64/QEMU_EFI-silent-pflash.raw \ %{buildroot}%{_datadir}/AAVMF/AAVMF_CODE.fd ln -s ../%{name}/aarch64/vars-template-pflash.raw \ %{buildroot}%{_datadir}/AAVMF/AAVMF_VARS.fd +%if %{defined fedora} +ln -s ../%{name}/arm/QEMU_EFI-pflash.raw \ + %{buildroot}%{_datadir}/AAVMF/AAVMF32_CODE.fd +%endif -chmod 0644 -- %{buildroot}%{_datadir}/AAVMF/AAVMF_*.fd - -install -m 0644 Build/ArmVirtQemu-AARCH64/DEBUG_%{TOOLCHAIN}/FV/QEMU_EFI.verbose.fd \ - %{buildroot}%{_datadir}/%{name}/aarch64/QEMU_EFI.fd -install -m 0644 Build/ArmVirtQemu-AARCH64/DEBUG_%{TOOLCHAIN}/FV/QEMU_EFI.fd \ - %{buildroot}%{_datadir}/%{name}/aarch64/QEMU_EFI.silent.fd -install -m 0644 Build/ArmVirtQemu-AARCH64/DEBUG_%{TOOLCHAIN}/FV/QEMU_VARS.fd \ - %{buildroot}%{_datadir}/%{name}/aarch64/QEMU_VARS.fd - +# json description files install -m 0644 edk2-aarch64.json \ %{buildroot}%{_datadir}/qemu/firmware/60-edk2-aarch64.json install -m 0644 edk2-aarch64-verbose.json \ %{buildroot}%{_datadir}/qemu/firmware/70-edk2-aarch64-verbose.json -# endif build_aarch64 -%endif - - %if %{defined fedora} -%if %{build_ovmf} -# install microvm -install -m 0644 Build/MicrovmX64/DEBUG_%{TOOLCHAIN}/FV/MICROVM.fd \ - %{buildroot}%{_datadir}/%{name}/ovmf/MICROVM.fd -install -p -m 0644 %{_sourcedir}/edk2-microvm.json \ - %{buildroot}%{_datadir}/qemu/firmware/60-edk2-ovmf-microvm.json - -# Install extra x86_64 json files -install -p -m 0644 %{_sourcedir}/edk2-ovmf-nosb.json \ - %{buildroot}%{_datadir}/qemu/firmware/60-edk2-ovmf-nosb.json - - -# install ia32 -cp -a ovmf-ia32 %{buildroot}%{_datadir}/%{name} - -for f in %{_sourcedir}/*edk2-ovmf-ia32*.json; do +for f in %{_sourcedir}/*edk2-arm-*.json; do install -pm 644 $f %{buildroot}/%{_datadir}/qemu/firmware done -# endif build_ovmf %endif -# install arm32 -cp -a arm %{buildroot}%{_datadir}/%{name} -ln -sf ../%{name}/arm/QEMU_EFI-pflash.raw %{buildroot}%{_datadir}/AAVMF/AAVMF32_CODE.fd - -for f in %{_sourcedir}/*edk2-arm-*.json; do - install -pm 644 $f %{buildroot}/%{_datadir}/qemu/firmware -done +# endif build_aarch64 +%endif +%if %{defined fedora} # edk2-tools-python install cp -R BaseTools/Source/Python %{buildroot}%{_datadir}/%{name}/Python @@ -585,17 +435,13 @@ done %py_byte_compile %{python3} %{buildroot}%{_datadir}/edk2/Python %endif -# endif defined fedora %endif - - %check -%if %{build_ovmf} -virt-fw-vars --input Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/FV/OVMF_VARS.secboot.fd \ - --print | grep "SecureBootEnable.*ON" -# endif build_ovmf -%endif +for file in %{buildroot}%{_datadir}/%{name}/*/*VARS.secboot*; do + test -f "$file" || continue + virt-fw-vars --input $file --print | grep "SecureBootEnable.*ON" || exit 1 +done %global common_files \ %%license License.txt License.OvmfPkg.txt License-History.txt LICENSE.openssl \ @@ -609,6 +455,11 @@ virt-fw-vars --input Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/FV/OVMF_VARS.secboot.fd \ %doc OvmfPkg/README %doc ovmf-whitepaper-c770f8c.txt %dir %{_datadir}/OVMF/ +%{_datadir}/OVMF/OVMF_CODE.fd +%{_datadir}/OVMF/OVMF_CODE.secboot.fd +%{_datadir}/OVMF/OVMF_VARS.fd +%{_datadir}/OVMF/OVMF_VARS.secboot.fd +%{_datadir}/OVMF/UefiShell.iso %dir %{_datadir}/%{name}/ovmf/ %{_datadir}/%{name}/ovmf/OVMF_CODE.fd %{_datadir}/%{name}/ovmf/OVMF_CODE.cc.fd @@ -618,11 +469,6 @@ virt-fw-vars --input Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/FV/OVMF_VARS.secboot.fd \ %{_datadir}/%{name}/ovmf/OVMF.amdsev.fd %{_datadir}/%{name}/ovmf/OVMF.inteltdx.fd %{_datadir}/%{name}/ovmf/UefiShell.iso -%{_datadir}/OVMF/OVMF_CODE.fd -%{_datadir}/OVMF/OVMF_CODE.secboot.fd -%{_datadir}/OVMF/OVMF_VARS.fd -%{_datadir}/OVMF/OVMF_VARS.secboot.fd -%{_datadir}/OVMF/UefiShell.iso %{_datadir}/%{name}/ovmf/Shell.efi %{_datadir}/%{name}/ovmf/EnrollDefaultKeys.efi %{_datadir}/qemu/firmware/40-edk2-ovmf-sb.json @@ -632,13 +478,13 @@ virt-fw-vars --input Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/FV/OVMF_VARS.secboot.fd \ %{_datadir}/qemu/firmware/50-edk2-ovmf.json %if %{defined fedora} %{_datadir}/%{name}/ovmf/MICROVM.fd -%{_datadir}/qemu/firmware/60-edk2-ovmf-nosb.json -%{_datadir}/qemu/firmware/60-edk2-ovmf-microvm.json -%endif -%if %{build_ovmf_4m} +%dir %{_datadir}/%{name}/ovmf-4m/ %{_datadir}/%{name}/ovmf-4m/OVMF_CODE.fd %{_datadir}/%{name}/ovmf-4m/OVMF_CODE.secboot.fd %{_datadir}/%{name}/ovmf-4m/OVMF_VARS.fd +%{_datadir}/%{name}/ovmf-4m/OVMF_VARS.secboot.fd +%{_datadir}/qemu/firmware/60-edk2-ovmf-nosb.json +%{_datadir}/qemu/firmware/60-edk2-ovmf-microvm.json %endif # endif build_ovmf %endif @@ -647,13 +493,13 @@ virt-fw-vars --input Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/FV/OVMF_VARS.secboot.fd \ %files aarch64 %common_files %dir %{_datadir}/AAVMF/ +%{_datadir}/AAVMF/AAVMF_CODE.verbose.fd +%{_datadir}/AAVMF/AAVMF_CODE.fd +%{_datadir}/AAVMF/AAVMF_VARS.fd %dir %{_datadir}/%{name}/aarch64/ %{_datadir}/%{name}/aarch64/QEMU_EFI-pflash.raw %{_datadir}/%{name}/aarch64/QEMU_EFI-silent-pflash.raw %{_datadir}/%{name}/aarch64/vars-template-pflash.raw -%{_datadir}/AAVMF/AAVMF_CODE.verbose.fd -%{_datadir}/AAVMF/AAVMF_CODE.fd -%{_datadir}/AAVMF/AAVMF_VARS.fd %{_datadir}/%{name}/aarch64/QEMU_EFI.fd %{_datadir}/%{name}/aarch64/QEMU_EFI.silent.fd %{_datadir}/%{name}/aarch64/QEMU_VARS.fd @@ -691,7 +537,6 @@ virt-fw-vars --input Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/FV/OVMF_VARS.secboot.fd \ %files ovmf-ia32 %common_files %dir %{_datadir}/%{name}/ovmf-ia32 -%{_datadir}/%{name}/ovmf-ia32 %{_datadir}/%{name}/ovmf-ia32/EnrollDefaultKeys.efi %{_datadir}/%{name}/ovmf-ia32/OVMF_CODE.fd %{_datadir}/%{name}/ovmf-ia32/OVMF_CODE.secboot.fd @@ -706,9 +551,9 @@ virt-fw-vars --input Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/FV/OVMF_VARS.secboot.fd \ %files arm %common_files -%dir %{_datadir}/%{name}/arm +%dir %{_datadir}/AAVMF/ %{_datadir}/AAVMF/AAVMF32_CODE.fd -%{_datadir}/%{name}/arm +%dir %{_datadir}/%{name}/arm %{_datadir}/%{name}/arm/QEMU_EFI-pflash.raw %{_datadir}/%{name}/arm/QEMU_EFI.fd %{_datadir}/%{name}/arm/QEMU_VARS.fd