From 7ece9892529e7690a1c763a4ab7f33046bc069ae Mon Sep 17 00:00:00 2001 From: Matthias Maier Date: Sun, 27 Jun 2021 02:10:30 -0500 Subject: sys-firmware/edk2-ovmf: enable tpm2 support Bug: https://bugs.gentoo.org/798777 Package-Manager: Portage-3.0.20, Repoman-3.0.3 Signed-off-by: Matthias Maier --- sys-firmware/edk2-ovmf/Manifest | 2 +- sys-firmware/edk2-ovmf/edk2-ovmf-202105-r1.ebuild | 175 ++++++++++++++++++++++ sys-firmware/edk2-ovmf/edk2-ovmf-202105.ebuild | 173 --------------------- 3 files changed, 176 insertions(+), 174 deletions(-) create mode 100644 sys-firmware/edk2-ovmf/edk2-ovmf-202105-r1.ebuild delete mode 100644 sys-firmware/edk2-ovmf/edk2-ovmf-202105.ebuild (limited to 'sys-firmware') diff --git a/sys-firmware/edk2-ovmf/Manifest b/sys-firmware/edk2-ovmf/Manifest index cabce2d6cd20..7f818651cef3 100644 --- a/sys-firmware/edk2-ovmf/Manifest +++ b/sys-firmware/edk2-ovmf/Manifest @@ -5,7 +5,7 @@ DIST edk2-ovmf-201905.tar.gz 14551747 BLAKE2B 6fb3385445fd01c0dea26295a68de26915 DIST edk2-ovmf-202008-bin.tar.xz 3486024 BLAKE2B 8283db554ad7024e3a55b62ed0a560ed9f729d728f1dee3806814b1eb8d89dabc4fd70433f7f77656b65d9af7919d036074a53a95190a1aa8b65ab7d73495ffc SHA512 d0c8b249a7a2124e8bb63a4358466e86a3a837e76586565dd4762351998d8561374eabb8a1303dbf71ac269c15552d9e8cff71d65bc6fe8a3a81fb4fb032e0d8 DIST edk2-ovmf-202008-qemu-firmware.tar.xz 680 BLAKE2B 176f8e94a3f605acc72850634cbf155619490f5998125521a392a8e9c7d2b78841b841f0cb5ea860f14645b124cf1921256bbe46960efbe3401805d89bbfbed6 SHA512 b72f248ab4d49503c3e8e686e22beb77f0e48d2c6c9523f389f20504e0c30fa11fa0fcb5607d7d5bb1ba2433894fa458864c5761335e39de4b2a40b01203f043 DIST edk2-ovmf-202008.tar.gz 13172590 BLAKE2B 10acf77d0e70e21ca425ea41c0062f8cebe2cc607b93a2a253bcd87cea1546e791776a34d43fbf4f1040f4fc32e3ee413d44873d0f00b9e523816519cfed634e SHA512 c32340104f27b9b85f79e934cc9eeb739d47b01e13975c88f39b053e9bc5a1ecfe579ab3b63fc7747cc328e104b337b53d41deb4470c3f20dbbd5552173a4666 -DIST edk2-ovmf-202105-bin.tar.xz 2573424 BLAKE2B f6b80bbd756287ec1f8f581e977eeacf06ba9b2cd2ea917a1824ce94d23f1a3c5034de2044f52e1d83a48d2bf8e2389bbad93cbf0c779d2cc880fbfd9c147867 SHA512 384e3324fb2483f378d79bddc3c43381e5c5fde662566f3c406dbaaa78185526894552b79246087d7fe1f89ae6a47d033cdbbe8ec4e1109a801f1b5085e24aeb DIST edk2-ovmf-202105-qemu-firmware.tar.xz 672 BLAKE2B e87845a84c83f65db836fd054c81a4f3062d5e0fcc51aa0ecf9c2d23c8741f218d38ef737d140f5935ce8d9c34508e5f3b9f54bf9c547a391fa63cdc2ecf1233 SHA512 6100502f26db26e407dacce57c96b1abfd372bcb31767a068332afa09ac435a092fd2a73db27670d27c6e927c26e88315346bbac70578571108434b9683bd00c +DIST edk2-ovmf-202105-r1-bin.tar.xz 2633188 BLAKE2B 93b4bd1c75da69406b5d27ac32d8b7c63dc8248bcd5d54832e520a4b009be4b7f215eb7d489ecb7cb16d31e02452dfa06b8fa709f37c44e59b4ff70a550076c7 SHA512 356c2110abce43da9c0654324e222cbbab7085e3aa23d1ba4c98011e4d4992a37d61fa45394305b748d119dba12f65d7c7d630b9f8038065ba4672d758c702be DIST edk2-ovmf-202105.tar.gz 13702868 BLAKE2B 3ec01d467562380ca2fd3bd807d2f6c55e4637c1afd71533f8f5b22cc634dc4c8cb63dab921677f8b315d17b3c9d0b6b00a0e2f3f8da61107033e9e81bf5a64d SHA512 c263345cbb243c63985f974a61f37c577a139d6a7099d2b8c9e1a553e5ebf16de12fb711b72624081c6bf637f8084bbf71731ab99e5747d81da460388ac25791 DIST openssl-e2e09d9fba1187f8d6aafaa34d4172f56f1ffb72.tar.gz 9981169 BLAKE2B 33aac7364cdd45fec5654ab6caef84e1a829464380419c8a6bb311055c5a01c0aaff6e046a7c541a87e908fa9d26bae652f5be901461d03df36f2522f9c34b0c SHA512 db2087c04f0b428b3f4e1c8b3ac53cce69e0fd331ed2b86ba00facafd1685864d73f71c13eee48f4fe0af2bddad848f84a2b8ed2a17fabdf7fa2ed7d9eb39371 diff --git a/sys-firmware/edk2-ovmf/edk2-ovmf-202105-r1.ebuild b/sys-firmware/edk2-ovmf/edk2-ovmf-202105-r1.ebuild new file mode 100644 index 000000000000..11376aff5d43 --- /dev/null +++ b/sys-firmware/edk2-ovmf/edk2-ovmf-202105-r1.ebuild @@ -0,0 +1,175 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_REQ_USE="sqlite" +PYTHON_COMPAT=( python3_{7,8,9} ) + +inherit python-any-r1 readme.gentoo-r1 + +DESCRIPTION="UEFI firmware for 64-bit x86 virtual machines" +HOMEPAGE="https://github.com/tianocore/edk2" + +BUNDLED_OPENSSL_SUBMODULE_SHA="e2e09d9fba1187f8d6aafaa34d4172f56f1ffb72" +BUNDLED_BROTLI_SUBMODULE_SHA="666c3280cc11dc433c303d79a83d4ffbdd12cc8d" + +# TODO: talk with tamiko about unbundling (mva) + +# TODO: the binary 202105 package currently lacks the preseeded +# OVMF_VARS.secboot.fd file (that we typically get from fedora) + +SRC_URI=" + !binary? ( + https://github.com/tianocore/edk2/archive/edk2-stable${PV}.tar.gz -> ${P}.tar.gz + https://github.com/openssl/openssl/archive/${BUNDLED_OPENSSL_SUBMODULE_SHA}.tar.gz -> openssl-${BUNDLED_OPENSSL_SUBMODULE_SHA}.tar.gz + https://github.com/google/brotli/archive/${BUNDLED_BROTLI_SUBMODULE_SHA}.tar.gz -> brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}.tar.gz + ) + binary? ( https://dev.gentoo.org/~tamiko/distfiles/${PF}-bin.tar.xz ) + https://dev.gentoo.org/~tamiko/distfiles/${P}-qemu-firmware.tar.xz +" + +LICENSE="BSD-2 MIT" +SLOT="0" +KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86" + +IUSE="+binary" +REQUIRED_USE+=" + !amd64? ( binary ) +" + +NON_BINARY_DEPEND=" + app-emulation/qemu + >=dev-lang/nasm-2.0.7 + >=sys-power/iasl-20160729 + ${PYTHON_DEPS} +" + +DEPEND+=" + !binary? ( + amd64? ( + ${NON_BINARY_DEPEND} + ) + )" +RDEPEND="" + +PATCHES=( +) + +S="${WORKDIR}/edk2-edk2-stable${PV}" + +DISABLE_AUTOFORMATTING=true +DOC_CONTENTS="This package contains the tianocore edk2 UEFI firmware for 64-bit x86 +virtual machines. The firmware is located under + /usr/share/edk2-ovmf/OVMF_CODE.fd + /usr/share/edk2-ovmf/OVMF_VARS.fd + /usr/share/edk2-ovmf/OVMF_CODE.secboot.fd + +If USE=binary is enabled, we also install an OVMF variables file (coming from +fedora) that contains secureboot default keys + + /usr/share/edk2-ovmf/OVMF_VARS.secboot.fd + +If you have compiled this package by hand, you need to either populate all +necessary EFI variables by hand by booting + /usr/share/edk2-ovmf/UefiShell.(iso|img) +or creating OVMF_VARS.secboot.fd by hand: + https://github.com/puiterwijk/qemu-ovmf-secureboot + +The firmware does not support csm (due to no free csm implementation +available). If you need a firmware with csm support you have to download +one for yourself. Firmware blobs are commonly labeled + OVMF{,_CODE,_VARS}-with-csm.fd + +In order to use the firmware you can run qemu the following way + + $ qemu-system-x86_64 \ + -drive file=/usr/share/edk2-ovmf/OVMF.fd,if=pflash,format=raw,unit=0,readonly=on \ + ..." + +pkg_setup() { + [[ ${PV} != "999999" ]] && use binary || python-any-r1_pkg_setup +} + +src_prepare() { + if use binary; then + eapply_user + else + # Bundled submodules + cp -rl "${WORKDIR}/openssl-${BUNDLED_OPENSSL_SUBMODULE_SHA}"/* "CryptoPkg/Library/OpensslLib/openssl/" + cp -rl "${WORKDIR}/brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}"/* "BaseTools/Source/C/BrotliCompress/brotli/" + cp -rl "${WORKDIR}/brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}"/* "MdeModulePkg/Library/BrotliCustomDecompressLib/brotli/" + + sed -i -r \ + -e "/function SetupPython3/,/\}/{s,\\\$\(whereis python3\),${EPYTHON},g}" \ + "${S}"/edksetup.sh || die "Fixing for correct Python3 support failed" + + default + fi +} + +src_compile() { + TARGET_ARCH=X64 + TARGET_NAME=RELEASE + TARGET_TOOLS=GCC49 + + BUILD_FLAGS="-D TLS_ENABLE \ + -D HTTP_BOOT_ENABLE \ + -D NETWORK_IP6_ENABLE \ + -D TPM_ENABLE \ + -D TPM2_ENABLE -D TPM2_CONFIG_ENABLE \ + -D FD_SIZE_2MB" + + SECUREBOOT_BUILD_FLAGS="${BUILD_FLAGS} \ + -D SECURE_BOOT_ENABLE \ + -D SMM_REQUIRE \ + -D EXCLUDE_SHELL_FROM_FD" + + [[ ${PV} != "999999" ]] && use binary && return + + emake ARCH=${TARGET_ARCH} -C BaseTools + + . ./edksetup.sh + + # Build all EFI firmware blobs: + + mkdir -p ovmf + + ./OvmfPkg/build.sh \ + -a "${TARGET_ARCH}" -b "${TARGET_NAME}" -t "${TARGET_TOOLS}" \ + ${BUILD_FLAGS} || die "OvmfPkg/build.sh failed" + + cp Build/OvmfX64/*/FV/OVMF_*.fd ovmf/ + rm -rf Build/OvmfX64 + + ./OvmfPkg/build.sh \ + -a "${TARGET_ARCH}" -b "${TARGET_NAME}" -t "${TARGET_TOOLS}" \ + ${SECUREBOOT_BUILD_FLAGS} || die "OvmfPkg/build.sh failed" + + cp Build/OvmfX64/*/FV/OVMF_CODE.fd ovmf/OVMF_CODE.secboot.fd || die "cp failed" + cp Build/OvmfX64/*/X64/Shell.efi ovmf/ || die "cp failed" + cp Build/OvmfX64/*/X64/EnrollDefaultKeys.efi ovmf || die "cp failed" + + # Build a convenience UefiShell.img: + + mkdir -p iso_image/efi/boot || die "mkdir failed" + cp ovmf/Shell.efi iso_image/efi/boot/bootx64.efi || die "cp failed" + cp ovmf/EnrollDefaultKeys.efi iso_image || die "cp failed" + qemu-img convert --image-opts \ + driver=vvfat,floppy=on,fat-type=12,label=UEFI_SHELL,dir=iso_image \ + ovmf/UefiShell.img || die "qemu-img failed" +} + +src_install() { + insinto /usr/share/${PN} + doins ovmf/* + + insinto /usr/share/qemu/firmware + doins qemu/* + + readme.gentoo_create_doc +} + +pkg_postinst() { + readme.gentoo_print_elog +} diff --git a/sys-firmware/edk2-ovmf/edk2-ovmf-202105.ebuild b/sys-firmware/edk2-ovmf/edk2-ovmf-202105.ebuild deleted file mode 100644 index e21a2c3a95dc..000000000000 --- a/sys-firmware/edk2-ovmf/edk2-ovmf-202105.ebuild +++ /dev/null @@ -1,173 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -PYTHON_REQ_USE="sqlite" -PYTHON_COMPAT=( python3_{7,8,9} ) - -inherit python-any-r1 readme.gentoo-r1 - -DESCRIPTION="UEFI firmware for 64-bit x86 virtual machines" -HOMEPAGE="https://github.com/tianocore/edk2" - -BUNDLED_OPENSSL_SUBMODULE_SHA="e2e09d9fba1187f8d6aafaa34d4172f56f1ffb72" -BUNDLED_BROTLI_SUBMODULE_SHA="666c3280cc11dc433c303d79a83d4ffbdd12cc8d" - -# TODO: talk with tamiko about unbundling (mva) - -# TODO: the binary 202105 package currently lacks the preseeded -# OVMF_VARS.secboot.fd file (that we typically get from fedora) - -SRC_URI=" - !binary? ( - https://github.com/tianocore/edk2/archive/edk2-stable${PV}.tar.gz -> ${P}.tar.gz - https://github.com/openssl/openssl/archive/${BUNDLED_OPENSSL_SUBMODULE_SHA}.tar.gz -> openssl-${BUNDLED_OPENSSL_SUBMODULE_SHA}.tar.gz - https://github.com/google/brotli/archive/${BUNDLED_BROTLI_SUBMODULE_SHA}.tar.gz -> brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}.tar.gz - ) - binary? ( https://dev.gentoo.org/~tamiko/distfiles/${P}-bin.tar.xz ) - https://dev.gentoo.org/~tamiko/distfiles/${P}-qemu-firmware.tar.xz -" - -LICENSE="BSD-2 MIT" -SLOT="0" -KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86" - -IUSE="+binary" -REQUIRED_USE+=" - !amd64? ( binary ) -" - -NON_BINARY_DEPEND=" - app-emulation/qemu - >=dev-lang/nasm-2.0.7 - >=sys-power/iasl-20160729 - ${PYTHON_DEPS} -" - -DEPEND+=" - !binary? ( - amd64? ( - ${NON_BINARY_DEPEND} - ) - )" -RDEPEND="" - -PATCHES=( -) - -S="${WORKDIR}/edk2-edk2-stable${PV}" - -DISABLE_AUTOFORMATTING=true -DOC_CONTENTS="This package contains the tianocore edk2 UEFI firmware for 64-bit x86 -virtual machines. The firmware is located under - /usr/share/edk2-ovmf/OVMF_CODE.fd - /usr/share/edk2-ovmf/OVMF_VARS.fd - /usr/share/edk2-ovmf/OVMF_CODE.secboot.fd - -If USE=binary is enabled, we also install an OVMF variables file (coming from -fedora) that contains secureboot default keys - - /usr/share/edk2-ovmf/OVMF_VARS.secboot.fd - -If you have compiled this package by hand, you need to either populate all -necessary EFI variables by hand by booting - /usr/share/edk2-ovmf/UefiShell.(iso|img) -or creating OVMF_VARS.secboot.fd by hand: - https://github.com/puiterwijk/qemu-ovmf-secureboot - -The firmware does not support csm (due to no free csm implementation -available). If you need a firmware with csm support you have to download -one for yourself. Firmware blobs are commonly labeled - OVMF{,_CODE,_VARS}-with-csm.fd - -In order to use the firmware you can run qemu the following way - - $ qemu-system-x86_64 \ - -drive file=/usr/share/edk2-ovmf/OVMF.fd,if=pflash,format=raw,unit=0,readonly=on \ - ..." - -pkg_setup() { - [[ ${PV} != "999999" ]] && use binary || python-any-r1_pkg_setup -} - -src_prepare() { - if use binary; then - eapply_user - else - # Bundled submodules - cp -rl "${WORKDIR}/openssl-${BUNDLED_OPENSSL_SUBMODULE_SHA}"/* "CryptoPkg/Library/OpensslLib/openssl/" - cp -rl "${WORKDIR}/brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}"/* "BaseTools/Source/C/BrotliCompress/brotli/" - cp -rl "${WORKDIR}/brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}"/* "MdeModulePkg/Library/BrotliCustomDecompressLib/brotli/" - - sed -i -r \ - -e "/function SetupPython3/,/\}/{s,\\\$\(whereis python3\),${EPYTHON},g}" \ - "${S}"/edksetup.sh || die "Fixing for correct Python3 support failed" - - default - fi -} - -src_compile() { - TARGET_ARCH=X64 - TARGET_NAME=RELEASE - TARGET_TOOLS=GCC49 - - BUILD_FLAGS="-D TLS_ENABLE \ - -D HTTP_BOOT_ENABLE \ - -D NETWORK_IP6_ENABLE \ - -D FD_SIZE_2MB" - - SECUREBOOT_BUILD_FLAGS="${BUILD_FLAGS} \ - -D SECURE_BOOT_ENABLE \ - -D SMM_REQUIRE \ - -D EXCLUDE_SHELL_FROM_FD" - - [[ ${PV} != "999999" ]] && use binary && return - - emake ARCH=${TARGET_ARCH} -C BaseTools - - . ./edksetup.sh - - # Build all EFI firmware blobs: - - mkdir -p ovmf - - ./OvmfPkg/build.sh \ - -a "${TARGET_ARCH}" -b "${TARGET_NAME}" -t "${TARGET_TOOLS}" \ - ${BUILD_FLAGS} || die "OvmfPkg/build.sh failed" - - cp Build/OvmfX64/*/FV/OVMF_*.fd ovmf/ - rm -rf Build/OvmfX64 - - ./OvmfPkg/build.sh \ - -a "${TARGET_ARCH}" -b "${TARGET_NAME}" -t "${TARGET_TOOLS}" \ - ${SECUREBOOT_BUILD_FLAGS} || die "OvmfPkg/build.sh failed" - - cp Build/OvmfX64/*/FV/OVMF_CODE.fd ovmf/OVMF_CODE.secboot.fd || die "cp failed" - cp Build/OvmfX64/*/X64/Shell.efi ovmf/ || die "cp failed" - cp Build/OvmfX64/*/X64/EnrollDefaultKeys.efi ovmf || die "cp failed" - - # Build a convenience UefiShell.img: - - mkdir -p iso_image/efi/boot || die "mkdir failed" - cp ovmf/Shell.efi iso_image/efi/boot/bootx64.efi || die "cp failed" - cp ovmf/EnrollDefaultKeys.efi iso_image || die "cp failed" - qemu-img convert --image-opts \ - driver=vvfat,floppy=on,fat-type=12,label=UEFI_SHELL,dir=iso_image \ - ovmf/UefiShell.img || die "qemu-img failed" -} - -src_install() { - insinto /usr/share/${PN} - doins ovmf/* - - insinto /usr/share/qemu/firmware - doins qemu/* - - readme.gentoo_create_doc -} - -pkg_postinst() { - readme.gentoo_print_elog -} -- cgit v1.2.3-65-gdbad