diff --git a/40-edk2-ovmf-x64-sb-enrolled.json b/40-edk2-ovmf-x64-sb-enrolled.json
deleted file mode 100644
index 6c2225c..0000000
--- a/40-edk2-ovmf-x64-sb-enrolled.json
+++ /dev/null
@@ -1,36 +0,0 @@
-{
- "description": "OVMF for x86_64, with SB+SMM, SB enabled, MS certs enrolled",
- "interface-types": [
- "uefi"
- ],
- "mapping": {
- "device": "flash",
- "executable": {
- "filename": "/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd",
- "format": "raw"
- },
- "nvram-template": {
- "filename": "/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd",
- "format": "raw"
- }
- },
- "targets": [
- {
- "architecture": "x86_64",
- "machines": [
- "pc-q35-*"
- ]
- }
- ],
- "features": [
- "acpi-s3",
- "amd-sev",
- "enrolled-keys",
- "requires-smm",
- "secure-boot",
- "verbose-dynamic"
- ],
- "tags": [
-
- ]
-}
diff --git a/50-edk2-ovmf-x64-sb.json b/50-edk2-ovmf-x64-sb.json
deleted file mode 100644
index 99345ca..0000000
--- a/50-edk2-ovmf-x64-sb.json
+++ /dev/null
@@ -1,35 +0,0 @@
-{
- "description": "OVMF for x86_64, with SB+SMM, empty varstore",
- "interface-types": [
- "uefi"
- ],
- "mapping": {
- "device": "flash",
- "executable": {
- "filename": "/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd",
- "format": "raw"
- },
- "nvram-template": {
- "filename": "/usr/share/edk2/ovmf/OVMF_VARS.fd",
- "format": "raw"
- }
- },
- "targets": [
- {
- "architecture": "x86_64",
- "machines": [
- "pc-q35-*"
- ]
- }
- ],
- "features": [
- "acpi-s3",
- "amd-sev",
- "requires-smm",
- "secure-boot",
- "verbose-dynamic"
- ],
- "tags": [
-
- ]
-}
diff --git a/60-edk2-ovmf-x64.json b/60-edk2-ovmf-x64.json
deleted file mode 100644
index 355691b..0000000
--- a/60-edk2-ovmf-x64.json
+++ /dev/null
@@ -1,34 +0,0 @@
-{
- "description": "OVMF for x86_64, without SB, without SMM, with empty varstore",
- "interface-types": [
- "uefi"
- ],
- "mapping": {
- "device": "flash",
- "executable": {
- "filename": "/usr/share/edk2/ovmf/OVMF_CODE.fd",
- "format": "raw"
- },
- "nvram-template": {
- "filename": "/usr/share/edk2/ovmf/OVMF_VARS.fd",
- "format": "raw"
- }
- },
- "targets": [
- {
- "architecture": "x86_64",
- "machines": [
- "pc-i440fx-*",
- "pc-q35-*"
- ]
- }
- ],
- "features": [
- "acpi-s3",
- "amd-sev",
- "verbose-dynamic"
- ],
- "tags": [
-
- ]
-}
diff --git a/70-edk2-aarch64-verbose.json b/70-edk2-aarch64-verbose.json
deleted file mode 100644
index a553dc1..0000000
--- a/70-edk2-aarch64-verbose.json
+++ /dev/null
@@ -1,31 +0,0 @@
-{
- "description": "UEFI firmware for aarch64, verbose logs",
- "interface-types": [
- "uefi"
- ],
- "mapping": {
- "device": "flash",
- "executable": {
- "filename": "/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw",
- "format": "raw"
- },
- "nvram-template": {
- "filename": "/usr/share/edk2/aarch64/vars-template-pflash.raw",
- "format": "raw"
- }
- },
- "targets": [
- {
- "architecture": "aarch64",
- "machines": [
- "virt-*"
- ]
- }
- ],
- "features": [
- "verbose-static"
- ],
- "tags": [
-
- ]
-}
diff --git a/edk2-aarch64-verbose.json b/edk2-aarch64-verbose.json
new file mode 100644
index 0000000..ceec878
--- /dev/null
+++ b/edk2-aarch64-verbose.json
@@ -0,0 +1,31 @@
+{
+ "description": "UEFI firmware for ARM64 virtual machines, verbose logs",
+ "interface-types": [
+ "uefi"
+ ],
+ "mapping": {
+ "device": "flash",
+ "executable": {
+ "filename": "/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw",
+ "format": "raw"
+ },
+ "nvram-template": {
+ "filename": "/usr/share/edk2/aarch64/vars-template-pflash.raw",
+ "format": "raw"
+ }
+ },
+ "targets": [
+ {
+ "architecture": "aarch64",
+ "machines": [
+ "virt-*"
+ ]
+ }
+ ],
+ "features": [
+ "verbose-static"
+ ],
+ "tags": [
+
+ ]
+}
diff --git a/edk2-aarch64.json b/edk2-aarch64.json
new file mode 100644
index 0000000..c5a73cb
--- /dev/null
+++ b/edk2-aarch64.json
@@ -0,0 +1,31 @@
+{
+ "description": "UEFI firmware for ARM64 virtual machines",
+ "interface-types": [
+ "uefi"
+ ],
+ "mapping": {
+ "device": "flash",
+ "executable": {
+ "filename": "/usr/share/edk2/aarch64/QEMU_EFI-silent-pflash.raw",
+ "format": "raw"
+ },
+ "nvram-template": {
+ "filename": "/usr/share/edk2/aarch64/vars-template-pflash.raw",
+ "format": "raw"
+ }
+ },
+ "targets": [
+ {
+ "architecture": "aarch64",
+ "machines": [
+ "virt-*"
+ ]
+ }
+ ],
+ "features": [
+
+ ],
+ "tags": [
+
+ ]
+}
diff --git a/edk2-ovmf-cc.json b/edk2-ovmf-cc.json
new file mode 100644
index 0000000..2e52745
--- /dev/null
+++ b/edk2-ovmf-cc.json
@@ -0,0 +1,33 @@
+{
+ "description": "OVMF with SEV-ES support",
+ "interface-types": [
+ "uefi"
+ ],
+ "mapping": {
+ "device": "flash",
+ "executable": {
+ "filename": "/usr/share/edk2/ovmf/OVMF_CODE.cc.fd",
+ "format": "raw"
+ },
+ "nvram-template": {
+ "filename": "/usr/share/edk2/ovmf/OVMF_VARS.fd",
+ "format": "raw"
+ }
+ },
+ "targets": [
+ {
+ "architecture": "x86_64",
+ "machines": [
+ "pc-q35-rhel8.5.0"
+ ]
+ }
+ ],
+ "features": [
+ "amd-sev",
+ "amd-sev-es",
+ "verbose-dynamic"
+ ],
+ "tags": [
+
+ ]
+}
diff --git a/edk2-ovmf-sb.json b/edk2-ovmf-sb.json
new file mode 100644
index 0000000..a0203e8
--- /dev/null
+++ b/edk2-ovmf-sb.json
@@ -0,0 +1,36 @@
+{
+ "description": "OVMF with SB+SMM, SB enabled, MS certs enrolled",
+ "interface-types": [
+ "uefi"
+ ],
+ "mapping": {
+ "device": "flash",
+ "executable": {
+ "filename": "/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd",
+ "format": "raw"
+ },
+ "nvram-template": {
+ "filename": "/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd",
+ "format": "raw"
+ }
+ },
+ "targets": [
+ {
+ "architecture": "x86_64",
+ "machines": [
+ "pc-q35-*"
+ ]
+ }
+ ],
+ "features": [
+ "acpi-s3",
+ "amd-sev",
+ "enrolled-keys",
+ "requires-smm",
+ "secure-boot",
+ "verbose-dynamic"
+ ],
+ "tags": [
+
+ ]
+}
diff --git a/edk2-ovmf.json b/edk2-ovmf.json
new file mode 100644
index 0000000..74d00e3
--- /dev/null
+++ b/edk2-ovmf.json
@@ -0,0 +1,35 @@
+{
+ "description": "OVMF with SB+SMM, empty varstore",
+ "interface-types": [
+ "uefi"
+ ],
+ "mapping": {
+ "device": "flash",
+ "executable": {
+ "filename": "/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd",
+ "format": "raw"
+ },
+ "nvram-template": {
+ "filename": "/usr/share/edk2/ovmf/OVMF_VARS.fd",
+ "format": "raw"
+ }
+ },
+ "targets": [
+ {
+ "architecture": "x86_64",
+ "machines": [
+ "pc-q35-*"
+ ]
+ }
+ ],
+ "features": [
+ "acpi-s3",
+ "amd-sev",
+ "requires-smm",
+ "secure-boot",
+ "verbose-dynamic"
+ ],
+ "tags": [
+
+ ]
+}
diff --git a/edk2.spec b/edk2.spec
index 3f05018..13d0d5e 100644
--- a/edk2.spec
+++ b/edk2.spec
@@ -59,15 +59,17 @@ Source3: ovmf-vars-generator
Source4: LICENSE.qosb
Source5: RedHatSecureBootPkKek1.pem
+Source10: edk2-aarch64-verbose.json
+Source11: edk2-aarch64.json
+Source12: edk2-ovmf-sb.json
+Source13: edk2-ovmf.json
+Source14: edk2-ovmf-cc.json
+
# Fedora specific sources
Source50: softfloat-%{softfloat_version}.tar.xz
-Source52: 40-edk2-ovmf-x64-sb-enrolled.json
-Source53: 50-edk2-ovmf-x64-sb.json
-Source54: 60-edk2-ovmf-x64.json
Source55: 40-edk2-ovmf-ia32-sb-enrolled.json
Source56: 50-edk2-ovmf-ia32-sb.json
Source57: 60-edk2-ovmf-ia32.json
-Source58: 70-edk2-aarch64-verbose.json
Source59: 70-edk2-arm-verbose.json
Patch0008: 0008-BaseTools-do-not-build-BrotliCompress-RH-only.patch
@@ -246,6 +248,7 @@ git config am.keepcr true
%autosetup -T -D -n edk2-%{GITCOMMIT} -S git_am
cp -a -- %{SOURCE1} %{SOURCE3} .
+cp -a -- %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} %{SOURCE14} .
tar -C CryptoPkg/Library/OpensslLib -a -f %{SOURCE2} -x
# Format the Red Hat-issued certificate that is to be enrolled as both Platform
@@ -272,41 +275,35 @@ tar -xf %{SOURCE50} --strip-components=1 --directory ArmPkg/Library/ArmSoftFloat
%build
export PYTHON_COMMAND=%{__python3}
source ./edksetup.sh
+%make_build -C "$EDK_TOOLS_PATH" \
+ EXTRA_OPTFLAGS="%{optflags}" \
+ EXTRA_LDFLAGS="%{__global_ldflags}"
-# compiler
-CC_FLAGS="-t GCC5"
-
-# parallel builds
-JOBS="%{?_smp_mflags}"
-JOBS="${JOBS#-j}"
-if test "$JOBS" != ""; then
- CC_FLAGS="${CC_FLAGS} -n $JOBS"
+SMP_MFLAGS="%{?_smp_mflags}"
+if [[ x"$SMP_MFLAGS" = x-j* ]]; then
+ CC_FLAGS="$CC_FLAGS -n ${SMP_MFLAGS#-j}"
+elif [ -n "%{?jobs}" ]; then
+ CC_FLAGS="$CC_FLAGS -n %{?jobs}"
fi
-# common features
-CC_FLAGS="$CC_FLAGS --cmd-len=65536 -b DEBUG --hash"
+CC_FLAGS="$CC_FLAGS --cmd-len=65536 -t %{TOOLCHAIN} -b DEBUG --hash"
CC_FLAGS="$CC_FLAGS -D NETWORK_IP6_ENABLE"
-CC_FLAGS="$CC_FLAGS -D NETWORK_TLS_ENABLE"
-CC_FLAGS="$CC_FLAGS -D NETWORK_HTTP_BOOT_ENABLE"
+CC_FLAGS="$CC_FLAGS -D NETWORK_HTTP_BOOT_ENABLE -D NETWORK_TLS_ENABLE"
CC_FLAGS="$CC_FLAGS -D TPM_ENABLE"
-# ovmf features
OVMF_FLAGS="${CC_FLAGS}"
+%if %{defined rhel}
+OVMF_FLAGS="${OVMF_FLAGS} -D FD_SIZE_4MB"
+OVMF_FLAGS="${OVMF_FLAGS} -D PVSCSI_ENABLE=FALSE -D MPT_SCSI_ENABLE=FALSE"
+%else
OVMF_FLAGS="${OVMF_FLAGS} -D FD_SIZE_2MB"
+%endif
-# ovmf + secure boot features
OVMF_SB_FLAGS="${OVMF_FLAGS}"
OVMF_SB_FLAGS="${OVMF_SB_FLAGS} -D SECURE_BOOT_ENABLE"
OVMF_SB_FLAGS="${OVMF_SB_FLAGS} -D SMM_REQUIRE"
OVMF_SB_FLAGS="${OVMF_SB_FLAGS} -D EXCLUDE_SHELL_FROM_FD"
-# arm firmware features
-ARM_FLAGS="${CC_FLAGS}"
-
-unset MAKEFLAGS
-%make_build -C BaseTools \
- EXTRA_OPTFLAGS="%{optflags}" \
- EXTRA_LDFLAGS="%{__global_ldflags}"
sed -i -e 's/-Werror//' Conf/tools_def.txt
@@ -322,7 +319,7 @@ build_iso() {
UEFI_SHELL_BINARY=${dir}/Shell.efi
ENROLLER_BINARY=${dir}/EnrollDefaultKeys.efi
UEFI_SHELL_IMAGE=uefi_shell.img
- ISO_IMAGE=UefiShell.iso
+ ISO_IMAGE=${dir}/UefiShell.iso
UEFI_SHELL_BINARY_BNAME=$(basename -- "$UEFI_SHELL_BINARY")
UEFI_SHELL_SIZE=$(stat --format=%s -- "$UEFI_SHELL_BINARY")
@@ -351,43 +348,48 @@ build_iso() {
-o "$ISO_IMAGE" "$UEFI_SHELL_IMAGE"
}
-# build ovmf (x64)
+
%if %{build_ovmf}
-mkdir -p ovmf
-build ${OVMF_FLAGS} -a X64 -p OvmfPkg/OvmfPkgX64.dsc
-cp Build/OvmfX64/*/FV/OVMF_*.fd ovmf/
-rm -rf Build/OvmfX64
+# Build with neither SB nor SMM; include UEFI shell.
+build ${OVMF_FLAGS} -a X64 \
+ -p OvmfPkg/OvmfPkgX64.dsc
-# build ovmf (x64) with secure boot
-build ${OVMF_SB_FLAGS} -a IA32 -a X64 -p OvmfPkg/OvmfPkgIa32X64.dsc
-cp Build/Ovmf3264/*/FV/OVMF_CODE.fd ovmf/OVMF_CODE.secboot.fd
+# Build with SB and SMM; exclude UEFI shell.
+build ${OVMF_SB_FLAGS} -a IA32 -a X64 \
+ -p OvmfPkg/OvmfPkgIa32X64.dsc
-# build ovmf (x64) shell iso with EnrollDefaultKeys
-cp Build/Ovmf3264/*/X64/Shell.efi ovmf/
-cp Build/Ovmf3264/*/X64/EnrollDefaultKeys.efi ovmf/
-build_iso ovmf/
-mv UefiShell.iso ovmf
+# Sanity check: the varstore templates must be identical.
+cmp Build/OvmfX64/DEBUG_%{TOOLCHAIN}/FV/OVMF_VARS.fd \
+ Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/FV/OVMF_VARS.fd
+
+# Prepare an ISO image that boots the UEFI shell.
+build_iso Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/X64
# Enroll the default certificates in a separate variable store template.
%{__python3} ovmf-vars-generator --verbose --verbose \
- --qemu-binary %{qemu_binary} \
- --ovmf-binary ovmf/OVMF_CODE.secboot.fd \
- --ovmf-template-vars ovmf/OVMF_VARS.fd \
- --uefi-shell-iso ovmf/UefiShell.iso \
- --oem-string "$(< PkKek1.oemstr)" \
- --skip-testing \
- ovmf/OVMF_VARS.secboot.fd
+ --qemu-binary %{qemu_binary} \
+ --ovmf-binary Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/FV/OVMF_CODE.fd \
+ --ovmf-template-vars Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/FV/OVMF_VARS.fd \
+ --uefi-shell-iso Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/X64/UefiShell.iso \
+ --oem-string "$(< PkKek1.oemstr)" \
+ --skip-testing \
+ Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/FV/OVMF_VARS.secboot.fd
+
# endif build_ovmf
%endif
-# build aarch64 firmware
%if %{build_aarch64}
-mkdir -p aarch64
-build $ARM_FLAGS -a AARCH64 -p ArmVirtPkg/ArmVirtQemu.dsc
-cp Build/ArmVirtQemu-AARCH64/DEBUG_*/FV/*.fd aarch64
-dd of="aarch64/QEMU_EFI-pflash.raw" if="/dev/zero" bs=1M count=64
-dd of="aarch64/QEMU_EFI-pflash.raw" if="aarch64/QEMU_EFI.fd" conv=notrunc
-dd of="aarch64/vars-template-pflash.raw" if="/dev/zero" bs=1M count=64
+# Build with a verbose debug mask first, and stash the binary.
+build ${CC_FLAGS} -a AARCH64 \
+ -p ArmVirtPkg/ArmVirtQemu.dsc \
+ -D DEBUG_PRINT_ERROR_LEVEL=0x8040004F
+cp -a Build/ArmVirtQemu-AARCH64/DEBUG_%{TOOLCHAIN}/FV/QEMU_EFI.fd \
+ Build/ArmVirtQemu-AARCH64/DEBUG_%{TOOLCHAIN}/FV/QEMU_EFI.verbose.fd
+
+# Rebuild with a silent (errors only) debug mask.
+build ${CC_FLAGS} -a AARCH64 \
+ -p ArmVirtPkg/ArmVirtQemu.dsc \
+ -D DEBUG_PRINT_ERROR_LEVEL=0x80000000
# endif build_aarch64
%endif
@@ -398,7 +400,7 @@ mkdir -p ovmf-ia32
build ${OVMF_FLAGS} -a IA32 -p OvmfPkg/OvmfPkgIa32.dsc
cp Build/OvmfIa32/*/FV/OVMF_CODE*.fd ovmf-ia32/
# cp VARS files from from ovmf/, which are all we need
-cp ovmf/OVMF_VARS*.fd ovmf-ia32/
+cp -a Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/FV/OVMF_VARS*.fd ovmf-ia32
rm -rf Build/OvmfIa32
# build ovmf-ia32 with secure boot
@@ -407,12 +409,14 @@ cp Build/OvmfIa32/*/FV/OVMF_CODE.fd ovmf-ia32/OVMF_CODE.secboot.fd
# build ovmf-ia32 shell iso with EnrollDefaultKeys
build_iso Build/OvmfIa32/DEBUG_%{TOOLCHAIN}/IA32
-mv UefiShell.iso ovmf-ia32
+mv Build/OvmfIa32/DEBUG_%{TOOLCHAIN}/IA32/UefiShell.iso ovmf-ia32
+cp -a Build/OvmfIa32/DEBUG_%{TOOLCHAIN}/IA32/Shell.efi ovmf-ia32
+cp -a Build/OvmfIa32/DEBUG_%{TOOLCHAIN}/IA32/EnrollDefaultKeys.efi ovmf-ia32
# build ARMv7 firmware
mkdir -p arm
-build $ARM_FLAGS -a ARM -p ArmVirtPkg/ArmVirtQemu.dsc
+build ${CC_FLAGS} -a ARM -p ArmVirtPkg/ArmVirtQemu.dsc
cp Build/ArmVirtQemu-ARM/DEBUG_*/FV/*.fd arm
dd of="arm/QEMU_EFI-pflash.raw" if="/dev/zero" bs=1M count=64
dd of="arm/QEMU_EFI-pflash.raw" if="arm/QEMU_EFI.fd" conv=notrunc
@@ -424,11 +428,12 @@ dd of="arm/vars-template-pflash.raw" if="/dev/zero" bs=1M count=64
%install
+
cp -a OvmfPkg/License.txt License.OvmfPkg.txt
cp -a CryptoPkg/Library/OpensslLib/openssl/LICENSE LICENSE.openssl
-mkdir -p %{buildroot}/%{_datadir}/qemu/firmware
-mkdir -p %{buildroot}%{_datadir}/%{name}
+mkdir -p %{buildroot}%{_datadir}/qemu/firmware
+# install the tools
mkdir -p %{buildroot}%{_bindir} \
%{buildroot}%{_datadir}/%{name}/Conf \
%{buildroot}%{_datadir}/%{name}/Scripts
@@ -445,32 +450,87 @@ install BaseTools/Scripts/GccBase.lds \
%if %{build_ovmf}
-cp -a ovmf %{buildroot}%{_datadir}/%{name}
-# Libvirt hardcodes this directory name
-mkdir %{buildroot}%{_datadir}/OVMF
-ln -sf ../%{name}/ovmf/OVMF_CODE.fd %{buildroot}%{_datadir}/OVMF
-ln -sf ../%{name}/ovmf/OVMF_CODE.secboot.fd %{buildroot}%{_datadir}/OVMF
-ln -sf ../%{name}/ovmf/OVMF_VARS.fd %{buildroot}%{_datadir}/OVMF
-ln -sf ../%{name}/ovmf/OVMF_VARS.secboot.fd %{buildroot}%{_datadir}/OVMF
-ln -sf ../%{name}/ovmf/UefiShell.iso %{buildroot}%{_datadir}/OVMF
-
-for f in %{_sourcedir}/*edk2-ovmf-x64*.json; do
- install -pm 644 $f %{buildroot}/%{_datadir}/qemu/firmware
-done
+mkdir -p \
+ %{buildroot}%{_datadir}/OVMF \
+ %{buildroot}%{_datadir}/%{name}/ovmf
+
+install -m 0644 Build/OvmfX64/DEBUG_%{TOOLCHAIN}/FV/OVMF_CODE.fd \
+ %{buildroot}%{_datadir}/%{name}/ovmf/OVMF_CODE.fd
+install -m 0644 Build/OvmfX64/DEBUG_%{TOOLCHAIN}/FV/OVMF_CODE.fd \
+ %{buildroot}%{_datadir}/%{name}/ovmf/OVMF_CODE.cc.fd
+install -m 0644 Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/FV/OVMF_CODE.fd \
+ %{buildroot}%{_datadir}/%{name}/ovmf/OVMF_CODE.secboot.fd
+
+install -m 0644 Build/OvmfX64/DEBUG_%{TOOLCHAIN}/FV/OVMF_VARS.fd \
+ %{buildroot}%{_datadir}/%{name}/ovmf/OVMF_VARS.fd
+install -m 0644 Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/FV/OVMF_VARS.secboot.fd \
+ %{buildroot}%{_datadir}/%{name}/ovmf/OVMF_VARS.secboot.fd
+install -m 0644 Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/X64/UefiShell.iso \
+ %{buildroot}%{_datadir}/%{name}/ovmf/UefiShell.iso
+
+ln -s ../%{name}/ovmf/OVMF_CODE.fd %{buildroot}%{_datadir}/OVMF
+ln -s ../%{name}/ovmf/OVMF_CODE.secboot.fd %{buildroot}%{_datadir}/OVMF/
+ln -s ../%{name}/ovmf/OVMF_VARS.fd %{buildroot}%{_datadir}/OVMF/
+ln -s ../%{name}/ovmf/OVMF_VARS.secboot.fd %{buildroot}%{_datadir}/OVMF/
+ln -s ../%{name}/ovmf/UefiShell.iso %{buildroot}%{_datadir}/OVMF/
+
+install -m 0644 Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/X64/Shell.efi \
+ %{buildroot}%{_datadir}/%{name}/ovmf/Shell.efi
+install -m 0644 Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/X64/EnrollDefaultKeys.efi \
+ %{buildroot}%{_datadir}/%{name}/ovmf/EnrollDefaultKeys.efi
+
+install -m 0644 edk2-ovmf-sb.json \
+ %{buildroot}%{_datadir}/qemu/firmware/40-edk2-ovmf-sb.json
+install -m 0644 edk2-ovmf.json \
+ %{buildroot}%{_datadir}/qemu/firmware/50-edk2-ovmf.json
+install -m 0644 edk2-ovmf-cc.json \
+ %{buildroot}%{_datadir}/qemu/firmware/50-edk2-ovmf-cc.json
# endif build_ovmf
%endif
-
%if %{build_aarch64}
-cp -a aarch64 %{buildroot}%{_datadir}/%{name}
-# Libvirt hardcodes this directory name
-mkdir %{buildroot}%{_datadir}/AAVMF
-ln -sf ../%{name}/aarch64/QEMU_EFI-pflash.raw %{buildroot}%{_datadir}/AAVMF/AAVMF_CODE.fd
-ln -sf ../%{name}/aarch64/vars-template-pflash.raw %{buildroot}%{_datadir}/AAVMF/AAVMF_VARS.fd
-
-for f in %{_sourcedir}/*edk2-aarch64*.json; do
- install -pm 644 $f %{buildroot}/%{_datadir}/qemu/firmware
-done
+mkdir -p \
+ %{buildroot}%{_datadir}/AAVMF \
+ %{buildroot}%{_datadir}/%{name}/aarch64
+
+# Pad and install the verbose binary.
+cat Build/ArmVirtQemu-AARCH64/DEBUG_%{TOOLCHAIN}/FV/QEMU_EFI.verbose.fd \
+ /dev/zero \
+| head -c 64m \
+ > %{buildroot}%{_datadir}/%{name}/aarch64/QEMU_EFI-pflash.raw
+
+# Pad and install the silent (default) binary.
+cat Build/ArmVirtQemu-AARCH64/DEBUG_%{TOOLCHAIN}/FV/QEMU_EFI.fd \
+ /dev/zero \
+| head -c 64m \
+ > %{buildroot}%{_datadir}/%{name}/aarch64/QEMU_EFI-silent-pflash.raw
+
+# Create varstore template.
+cat Build/ArmVirtQemu-AARCH64/DEBUG_%{TOOLCHAIN}/FV/QEMU_VARS.fd \
+ /dev/zero \
+| head -c 64m \
+ > %{buildroot}%{_datadir}/%{name}/aarch64/vars-template-pflash.raw
+
+ln -s ../%{name}/aarch64/QEMU_EFI-pflash.raw \
+ %{buildroot}%{_datadir}/AAVMF/AAVMF_CODE.verbose.fd
+ln -s ../%{name}/aarch64/QEMU_EFI-silent-pflash.raw \
+ %{buildroot}%{_datadir}/AAVMF/AAVMF_CODE.fd
+ln -s ../%{name}/aarch64/vars-template-pflash.raw \
+ %{buildroot}%{_datadir}/AAVMF/AAVMF_VARS.fd
+
+chmod 0644 -- %{buildroot}%{_datadir}/AAVMF/AAVMF_*.fd
+
+install -m 0644 Build/ArmVirtQemu-AARCH64/DEBUG_%{TOOLCHAIN}/FV/QEMU_EFI.verbose.fd \
+ %{buildroot}%{_datadir}/%{name}/aarch64/QEMU_EFI.fd
+install -m 0644 Build/ArmVirtQemu-AARCH64/DEBUG_%{TOOLCHAIN}/FV/QEMU_EFI.fd \
+ %{buildroot}%{_datadir}/%{name}/aarch64/QEMU_EFI.silent.fd
+install -m 0644 Build/ArmVirtQemu-AARCH64/DEBUG_%{TOOLCHAIN}/FV/QEMU_VARS.fd \
+ %{buildroot}%{_datadir}/%{name}/aarch64/QEMU_VARS.fd
+
+install -m 0644 edk2-aarch64.json \
+ %{buildroot}%{_datadir}/qemu/firmware/60-edk2-aarch64.json
+install -m 0644 edk2-aarch64-verbose.json \
+ %{buildroot}%{_datadir}/qemu/firmware/70-edk2-aarch64-verbose.json
# endif build_aarch64
%endif
@@ -488,7 +548,7 @@ done
cp -a arm %{buildroot}%{_datadir}/%{name}
ln -sf ../%{name}/arm/QEMU_EFI-pflash.raw %{buildroot}%{_datadir}/AAVMF/AAVMF32_CODE.fd
-for f in %{_sourcedir}/*edk2-arm*.json; do
+for f in %{_sourcedir}/*edk2-arm-*.json; do
install -pm 644 $f %{buildroot}/%{_datadir}/qemu/firmware
done
@@ -516,6 +576,7 @@ install -p ovmf-vars-generator %{buildroot}%{_bindir}
%check
+
%if %{qosb_testing}
# Of the installed host kernels, boot the one with the highest Version-Release
# under OVMF, and check if it prints "Secure boot enabled".
@@ -524,13 +585,13 @@ KERNEL_IMG=$(rpm -q -l $KERNEL_PKG | egrep '^/lib/modules/[^/]+/vmlinuz$')
%{__python3} ovmf-vars-generator --verbose --verbose \
--qemu-binary %{qemu_binary} \
- --ovmf-binary ovmf/OVMF_CODE.secboot.fd \
- --ovmf-template-vars ovmf/OVMF_VARS.fd \
- --uefi-shell-iso ovmf/UefiShell.iso \
+ --ovmf-binary Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/FV/OVMF_CODE.fd \
+ --ovmf-template-vars Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/FV/OVMF_VARS.fd \
+ --uefi-shell-iso Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/X64/UefiShell.iso \
--kernel-path $KERNEL_IMG \
--skip-enrollment \
--no-download \
- ovmf/OVMF_VARS.secboot.fd
+ Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/FV/OVMF_VARS.secboot.fd
# endif qosb_testing
%endif
@@ -550,6 +611,7 @@ KERNEL_IMG=$(rpm -q -l $KERNEL_PKG | egrep '^/lib/modules/[^/]+/vmlinuz$')
%dir %{_datadir}/OVMF/
%dir %{_datadir}/%{name}/ovmf/
%{_datadir}/%{name}/ovmf/OVMF_CODE.fd
+%{_datadir}/%{name}/ovmf/OVMF_CODE.cc.fd
%{_datadir}/%{name}/ovmf/OVMF_CODE.secboot.fd
%{_datadir}/%{name}/ovmf/OVMF_VARS.fd
%{_datadir}/%{name}/ovmf/OVMF_VARS.secboot.fd
@@ -561,9 +623,9 @@ KERNEL_IMG=$(rpm -q -l $KERNEL_PKG | egrep '^/lib/modules/[^/]+/vmlinuz$')
%{_datadir}/OVMF/UefiShell.iso
%{_datadir}/%{name}/ovmf/Shell.efi
%{_datadir}/%{name}/ovmf/EnrollDefaultKeys.efi
-%{_datadir}/qemu/firmware/40-edk2-ovmf-x64-sb-enrolled.json
-%{_datadir}/qemu/firmware/50-edk2-ovmf-x64-sb.json
-%{_datadir}/qemu/firmware/60-edk2-ovmf-x64.json
+%{_datadir}/qemu/firmware/40-edk2-ovmf-sb.json
+%{_datadir}/qemu/firmware/50-edk2-ovmf-cc.json
+%{_datadir}/qemu/firmware/50-edk2-ovmf.json
# endif build_ovmf
%endif
@@ -573,11 +635,15 @@ KERNEL_IMG=$(rpm -q -l $KERNEL_PKG | egrep '^/lib/modules/[^/]+/vmlinuz$')
%dir %{_datadir}/AAVMF/
%dir %{_datadir}/%{name}/aarch64/
%{_datadir}/%{name}/aarch64/QEMU_EFI-pflash.raw
+%{_datadir}/%{name}/aarch64/QEMU_EFI-silent-pflash.raw
%{_datadir}/%{name}/aarch64/vars-template-pflash.raw
+%{_datadir}/AAVMF/AAVMF_CODE.verbose.fd
%{_datadir}/AAVMF/AAVMF_CODE.fd
%{_datadir}/AAVMF/AAVMF_VARS.fd
%{_datadir}/%{name}/aarch64/QEMU_EFI.fd
+%{_datadir}/%{name}/aarch64/QEMU_EFI.silent.fd
%{_datadir}/%{name}/aarch64/QEMU_VARS.fd
+%{_datadir}/qemu/firmware/60-edk2-aarch64.json
%{_datadir}/qemu/firmware/70-edk2-aarch64-verbose.json
# endif build_aarch64
%endif