diff --git a/40-edk2-ovmf-sb-enrolled.json b/40-edk2-ovmf-sb-enrolled.json deleted file mode 100644 index 6c2225c..0000000 --- a/40-edk2-ovmf-sb-enrolled.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "description": "OVMF for x86_64, with SB+SMM, SB enabled, MS certs enrolled", - "interface-types": [ - "uefi" - ], - "mapping": { - "device": "flash", - "executable": { - "filename": "/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd", - "format": "raw" - }, - "nvram-template": { - "filename": "/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd", - "format": "raw" - } - }, - "targets": [ - { - "architecture": "x86_64", - "machines": [ - "pc-q35-*" - ] - } - ], - "features": [ - "acpi-s3", - "amd-sev", - "enrolled-keys", - "requires-smm", - "secure-boot", - "verbose-dynamic" - ], - "tags": [ - - ] -} diff --git a/40-edk2-ovmf-x64-sb-enrolled.json b/40-edk2-ovmf-x64-sb-enrolled.json new file mode 100644 index 0000000..6c2225c --- /dev/null +++ b/40-edk2-ovmf-x64-sb-enrolled.json @@ -0,0 +1,36 @@ +{ + "description": "OVMF for x86_64, with SB+SMM, SB enabled, MS certs enrolled", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + "executable": { + "filename": "/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd", + "format": "raw" + }, + "nvram-template": { + "filename": "/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd", + "format": "raw" + } + }, + "targets": [ + { + "architecture": "x86_64", + "machines": [ + "pc-q35-*" + ] + } + ], + "features": [ + "acpi-s3", + "amd-sev", + "enrolled-keys", + "requires-smm", + "secure-boot", + "verbose-dynamic" + ], + "tags": [ + + ] +} diff --git a/50-edk2-ovmf-sb.json b/50-edk2-ovmf-sb.json deleted file mode 100644 index 99345ca..0000000 --- a/50-edk2-ovmf-sb.json +++ /dev/null @@ -1,35 +0,0 @@ -{ - "description": "OVMF for x86_64, with SB+SMM, empty varstore", - "interface-types": [ - "uefi" - ], - "mapping": { - "device": "flash", - "executable": { - "filename": "/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd", - "format": "raw" - }, - "nvram-template": { - "filename": "/usr/share/edk2/ovmf/OVMF_VARS.fd", - "format": "raw" - } - }, - "targets": [ - { - "architecture": "x86_64", - "machines": [ - "pc-q35-*" - ] - } - ], - "features": [ - "acpi-s3", - "amd-sev", - "requires-smm", - "secure-boot", - "verbose-dynamic" - ], - "tags": [ - - ] -} diff --git a/50-edk2-ovmf-x64-sb.json b/50-edk2-ovmf-x64-sb.json new file mode 100644 index 0000000..99345ca --- /dev/null +++ b/50-edk2-ovmf-x64-sb.json @@ -0,0 +1,35 @@ +{ + "description": "OVMF for x86_64, with SB+SMM, empty varstore", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + "executable": { + "filename": "/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd", + "format": "raw" + }, + "nvram-template": { + "filename": "/usr/share/edk2/ovmf/OVMF_VARS.fd", + "format": "raw" + } + }, + "targets": [ + { + "architecture": "x86_64", + "machines": [ + "pc-q35-*" + ] + } + ], + "features": [ + "acpi-s3", + "amd-sev", + "requires-smm", + "secure-boot", + "verbose-dynamic" + ], + "tags": [ + + ] +} diff --git a/60-edk2-ovmf-x64.json b/60-edk2-ovmf-x64.json new file mode 100644 index 0000000..355691b --- /dev/null +++ b/60-edk2-ovmf-x64.json @@ -0,0 +1,34 @@ +{ + "description": "OVMF for x86_64, without SB, without SMM, with empty varstore", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + "executable": { + "filename": "/usr/share/edk2/ovmf/OVMF_CODE.fd", + "format": "raw" + }, + "nvram-template": { + "filename": "/usr/share/edk2/ovmf/OVMF_VARS.fd", + "format": "raw" + } + }, + "targets": [ + { + "architecture": "x86_64", + "machines": [ + "pc-i440fx-*", + "pc-q35-*" + ] + } + ], + "features": [ + "acpi-s3", + "amd-sev", + "verbose-dynamic" + ], + "tags": [ + + ] +} diff --git a/60-edk2-ovmf.json b/60-edk2-ovmf.json deleted file mode 100644 index 355691b..0000000 --- a/60-edk2-ovmf.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "description": "OVMF for x86_64, without SB, without SMM, with empty varstore", - "interface-types": [ - "uefi" - ], - "mapping": { - "device": "flash", - "executable": { - "filename": "/usr/share/edk2/ovmf/OVMF_CODE.fd", - "format": "raw" - }, - "nvram-template": { - "filename": "/usr/share/edk2/ovmf/OVMF_VARS.fd", - "format": "raw" - } - }, - "targets": [ - { - "architecture": "x86_64", - "machines": [ - "pc-i440fx-*", - "pc-q35-*" - ] - } - ], - "features": [ - "acpi-s3", - "amd-sev", - "verbose-dynamic" - ], - "tags": [ - - ] -} diff --git a/edk2.spec b/edk2.spec index 62577a2..e48748e 100644 --- a/edk2.spec +++ b/edk2.spec @@ -77,14 +77,14 @@ Source12: update-tarball.sh Source13: openssl-patch-to-tarball.sh # Fedora-specific JSON "descriptor files" -Source14: 40-edk2-ovmf-sb-enrolled.json -Source15: 50-edk2-ovmf-sb.json -Source16: 60-edk2-ovmf.json -Source17: 40-edk2-ovmf-ia32-sb-enrolled.json -Source18: 50-edk2-ovmf-ia32-sb.json -Source19: 60-edk2-ovmf-ia32.json -Source20: 70-edk2-aarch64-verbose.json -Source21: 70-edk2-arm-verbose.json +Source14: 40-edk2-ovmf-x64-sb-enrolled.json +Source15: 50-edk2-ovmf-x64-sb.json +Source16: 60-edk2-ovmf-x64.json +Source17: 40-edk2-ovmf-ia32-sb-enrolled.json +Source18: 50-edk2-ovmf-ia32-sb.json +Source19: 60-edk2-ovmf-ia32.json +Source20: 70-edk2-aarch64-verbose.json +Source21: 70-edk2-arm-verbose.json # non-upstream patches Patch0001: 0001-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch @@ -335,6 +335,10 @@ python3 qemu-ovmf-secureboot-%{qosb_version}/ovmf-vars-generator \ --uefi-shell-iso ovmf/UefiShell.iso \ --skip-testing \ ovmf/OVMF_VARS.secboot.fd +%else +# This isn't going to actually give secureboot, but makes json files happy +# if we need to test disabling ovmf-vars-generator +cp ovmf/OVMF_VARS.fd ovmf/OVMF_VARS.secboot.fd %endif %endif @@ -426,6 +430,12 @@ exec python3 '%{_datadir}/%{name}/Python/$i/$i.py' "$@"' > %{buildroot}%{_bindir chmod +x %{buildroot}%{_bindir}/$i done +# For distro-provided firmware packages, the specification +# (https://git.qemu.org/?p=qemu.git;a=blob;f=docs/interop/firmware.json) +# says the JSON "descriptor files" to be searched in this directory: +# `/usr/share/firmware/`. Create it. +mkdir -p %{buildroot}/%{_datadir}/qemu/firmware + mkdir -p %{buildroot}/usr/share/%{name} %if 0%{?build_ovmf_x64:1} cp -a ovmf %{buildroot}/usr/share/%{name} @@ -437,27 +447,21 @@ ln -sf ../%{name}/ovmf/OVMF_VARS.fd %{buildroot}/usr/share/OVMF ln -sf ../%{name}/ovmf/OVMF_VARS.secboot.fd %{buildroot}/usr/share/OVMF ln -sf ../%{name}/ovmf/UefiShell.iso %{buildroot}/usr/share/OVMF -# For distro-provided firmware packages, the specification -# (https://git.qemu.org/?p=qemu.git;a=blob;f=docs/interop/firmware.json) -# says the JSON "descriptor files" to be searched in this directory: -# `/usr/share/firmware/`. Create it. -mkdir -p %{buildroot}/%{_datadir}/qemu/firmware - -# Install the two variants of the x86_64 firmware descriptor files -# (50-edk2-x86_64-secure.json and 60-edk2-x86_64.json) -install -pm 644 %{SOURCE14} %{buildroot}/%{_datadir}/qemu/firmware -install -pm 644 %{SOURCE15} %{buildroot}/%{_datadir}/qemu/firmware -install -pm 644 %{SOURCE16} %{buildroot}/%{_datadir}/qemu/firmware +for f in %{_sourcedir}/*edk2-ovmf-x64*.json; do + install -pm 644 $f %{buildroot}/%{_datadir}/qemu/firmware +done %endif + + %if 0%{?build_ovmf_ia32:1} cp -a ovmf-ia32 %{buildroot}/usr/share/%{name} -# Install the two variants of the ia32 firmware descriptor files -# (50-edk2-i386-secure.json and 60-edk2-i386.json) -install -pm 644 %{SOURCE17} %{buildroot}/%{_datadir}/qemu/firmware -install -pm 644 %{SOURCE18} %{buildroot}/%{_datadir}/qemu/firmware -install -pm 644 %{SOURCE19} %{buildroot}/%{_datadir}/qemu/firmware +for f in %{_sourcedir}/*edk2-ovmf-ia32*.json; do + install -pm 644 $f %{buildroot}/%{_datadir}/qemu/firmware +done %endif + + %if 0%{?build_aavmf_aarch64:1} cp -a aarch64 %{buildroot}/usr/share/%{name} # Libvirt hardcodes this directory name @@ -465,16 +469,22 @@ mkdir %{buildroot}/usr/share/AAVMF ln -sf ../%{name}/aarch64/QEMU_EFI-pflash.raw %{buildroot}/usr/share/AAVMF/AAVMF_CODE.fd ln -sf ../%{name}/aarch64/vars-template-pflash.raw %{buildroot}/usr/share/AAVMF/AAVMF_VARS.fd -# Install the AArch64 firmware descriptor file (60-edk2-aarch64.json) -install -pm 644 %{SOURCE20} %{buildroot}/%{_datadir}/qemu/firmware +for f in %{_sourcedir}/*edk2-aarch64*.json; do + install -pm 644 $f %{buildroot}/%{_datadir}/qemu/firmware +done %endif + + %if 0%{?build_aavmf_arm:1} cp -a arm %{buildroot}/usr/share/%{name} ln -sf ../%{name}/arm/QEMU_EFI-pflash.raw %{buildroot}/usr/share/AAVMF/AAVMF32_CODE.fd -# Install the ARM firmware descriptor file (60-edk2-arm.json) -install -pm 644 %{SOURCE21} %{buildroot}/%{_datadir}/qemu/firmware + +for f in %{_sourcedir}/*edk2-arm*.json; do + install -pm 644 $f %{buildroot}/%{_datadir}/qemu/firmware +done %endif + install qemu-ovmf-secureboot-%{qosb_version}/ovmf-vars-generator %{buildroot}%{_bindir} @@ -534,7 +544,7 @@ install qemu-ovmf-secureboot-%{qosb_version}/ovmf-vars-generator %{buildroot}%{_ /usr/share/%{name}/ovmf/OVMF*.fd /usr/share/%{name}/ovmf/*.efi /usr/share/%{name}/ovmf/*.iso -/usr/share/qemu/firmware/*.json +/usr/share/qemu/firmware/*edk2-ovmf-x64*.json /usr/share/OVMF %endif @@ -550,7 +560,7 @@ install qemu-ovmf-secureboot-%{qosb_version}/ovmf-vars-generator %{buildroot}%{_ /usr/share/%{name}/ovmf-ia32/OVMF*.fd /usr/share/%{name}/ovmf-ia32/*.efi /usr/share/%{name}/ovmf-ia32/*.iso -/usr/share/qemu/firmware/*.json +/usr/share/qemu/firmware/*edk2-ovmf-ia32*.json %endif %if 0%{?build_aavmf_aarch64:1} @@ -562,7 +572,7 @@ install qemu-ovmf-secureboot-%{qosb_version}/ovmf-vars-generator %{buildroot}%{_ %dir /usr/share/qemu/firmware /usr/share/%{name}/aarch64/QEMU*.fd /usr/share/%{name}/aarch64/*.raw -/usr/share/qemu/firmware/*.json +/usr/share/qemu/firmware/*edk2-aarch64*.json /usr/share/AAVMF/AAVMF_* %endif @@ -575,7 +585,7 @@ install qemu-ovmf-secureboot-%{qosb_version}/ovmf-vars-generator %{buildroot}%{_ %dir /usr/share/qemu/firmware /usr/share/%{name}/arm/QEMU*.fd /usr/share/%{name}/arm/*.raw -/usr/share/qemu/firmware/*.json +/usr/share/qemu/firmware/*edk2-arm*.json /usr/share/AAVMF/AAVMF32_* %endif