diff --git a/build-iso.sh b/build-iso.sh deleted file mode 100644 index 1313d5e..0000000 --- a/build-iso.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/sh - -set -ex - -# args -dir="$1" - -# cfg -shell="$dir/Shell.efi" -enroll="$dir/EnrollDefaultKeys.efi" -root="$dir/image" -vfat="$dir/shell.img" -iso="$dir/UefiShell.iso" - -# create non-partitioned (1.44 MB floppy disk) FAT image -mkdir "$root" -mkdir "$root"/efi -mkdir "$root"/efi/boot -cp "$shell" "$root"/efi/boot/bootx64.efi -cp "$enroll" "$root" -qemu-img convert --image-opts \ - driver=vvfat,floppy=on,fat-type=12,label=UEFI_SHELL,dir="$root/" \ - $vfat - -# build ISO with FAT image file as El Torito EFI boot image -mkisofs -input-charset ASCII -J -rational-rock \ - -e "${vfat##*/}" -no-emul-boot -o "$iso" "$vfat" -rm -rf "$root/" "$vfat" diff --git a/edk2.spec b/edk2.spec index 2e5598f..ecaa171 100644 --- a/edk2.spec +++ b/edk2.spec @@ -56,7 +56,6 @@ Source5: RedHatSecureBootPkKek1.pem # Fedora specific sources Source50: softfloat-%{softfloat_version}.tar.xz -Source51: build-iso.sh Source52: 40-edk2-ovmf-x64-sb-enrolled.json Source53: 50-edk2-ovmf-x64-sb.json Source54: 60-edk2-ovmf-x64.json @@ -113,12 +112,13 @@ BuildRequires: gcc-x86_64-linux-gnu %endif BuildRequires: iasl BuildRequires: nasm -BuildRequires: qemu-img BuildRequires: xorriso BuildRequires: bc BuildRequires: sed BuildRequires: perl BuildRequires: findutils +BuildRequires: dosfstools +BuildRequires: mtools # These are for QOSB BuildRequires: python3-requests @@ -303,6 +303,41 @@ export GCC5_AARCH64_PREFIX="aarch64-linux-gnu-" export GCC5_ARM_PREFIX="arm-linux-gnu-" %endif +build_iso() { + # Prepare an ISO image that boots the UEFI shell. + dir="$1" + UEFI_SHELL_BINARY=${dir}/Shell.efi + ENROLLER_BINARY=${dir}/EnrollDefaultKeys.efi + UEFI_SHELL_IMAGE=uefi_shell.img + ISO_IMAGE=UefiShell.iso + + UEFI_SHELL_BINARY_BNAME=$(basename -- "$UEFI_SHELL_BINARY") + UEFI_SHELL_SIZE=$(stat --format=%s -- "$UEFI_SHELL_BINARY") + ENROLLER_SIZE=$(stat --format=%s -- "$ENROLLER_BINARY") + + # add 1MB then 10% for metadata + UEFI_SHELL_IMAGE_KB=$(( + (UEFI_SHELL_SIZE + ENROLLER_SIZE + 1 * 1024 * 1024) * 11 / 10 / 1024 + )) + + # create non-partitioned FAT image + rm -f -- "$UEFI_SHELL_IMAGE" + mkdosfs -C "$UEFI_SHELL_IMAGE" -n UEFI_SHELL -- "$UEFI_SHELL_IMAGE_KB" + + # copy the shell binary into the FAT image + export MTOOLS_SKIP_CHECK=1 + mmd -i "$UEFI_SHELL_IMAGE" ::efi + mmd -i "$UEFI_SHELL_IMAGE" ::efi/boot + mcopy -i "$UEFI_SHELL_IMAGE" "$UEFI_SHELL_BINARY" ::efi/boot/bootx64.efi + mcopy -i "$UEFI_SHELL_IMAGE" "$ENROLLER_BINARY" :: + mdir -i "$UEFI_SHELL_IMAGE" -/ :: + + # build ISO with FAT image file as El Torito EFI boot image + mkisofs -input-charset ASCII -J -rational-rock \ + -e "$UEFI_SHELL_IMAGE" -no-emul-boot \ + -o "$ISO_IMAGE" "$UEFI_SHELL_IMAGE" +} + # build ovmf (x64) %if 0%{?build_ovmf_x64:1} mkdir -p ovmf @@ -316,8 +351,9 @@ cp Build/Ovmf3264/*/FV/OVMF_CODE.fd ovmf/OVMF_CODE.secboot.fd # build ovmf (x64) shell iso with EnrollDefaultKeys cp Build/Ovmf3264/*/X64/Shell.efi ovmf/ -cp Build/Ovmf3264/*/X64/EnrollDefaultKeys.efi ovmf -sh %{_sourcedir}/build-iso.sh ovmf/ +cp Build/Ovmf3264/*/X64/EnrollDefaultKeys.efi ovmf/ +build_iso ovmf/ +mv UefiShell.iso ovmf # Enroll the default certificates in a separate variable store template. %{__python3} ovmf-vars-generator --verbose --verbose \ @@ -345,9 +381,8 @@ build ${OVMF_SB_FLAGS} -a IA32 -p OvmfPkg/OvmfPkgIa32.dsc cp Build/OvmfIa32/*/FV/OVMF_CODE.fd ovmf-ia32/OVMF_CODE.secboot.fd # build ovmf-ia32 shell iso with EnrollDefaultKeys -cp Build/OvmfIa32/*/IA32/Shell.efi ovmf-ia32/Shell.efi -cp Build/OvmfIa32/*/IA32/EnrollDefaultKeys.efi ovmf-ia32/EnrollDefaultKeys.efi -sh %{_sourcedir}/build-iso.sh ovmf-ia32/ +build_iso Build/OvmfIa32/DEBUG_%{TOOLCHAIN}/IA32 +mv UefiShell.iso ovmf-ia32 %endif