| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
This now installs arm64 firmware.
Signed-off-by: James Le Cuirot <chewi@gentoo.org>
|
|
|
|
|
|
| |
The source package now supports other platforms so follow suit.
Signed-off-by: James Le Cuirot <chewi@gentoo.org>
|
|
|
|
| |
Signed-off-by: James Le Cuirot <chewi@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The filenames used here differ from Fedora, which ships far more
variants. I felt it unnecessary to include the raw and unpadded images
when the padded QCOW2 images should be all you need.
QEMU_EFI.secboot_INSECURE.qcow2 does have Secure Boot enabled, but it
must not be used in production. The lack of an SMM implementation for
arm64 in this firmware means that the EFI variable store is unprotected,
making the firmware unsafe.
Signed-off-by: James Le Cuirot <chewi@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The ebuild has been largely rewritten. It now:
* Respects CC, CXX, and flags when building the base tools.
* Doesn't use gcc/cc when building the firmware, enabling cross.
* Prepares the ground for supporting platforms other than OVMF for x64.
* Installs OVMF_VARS.secboot.fd prepared with virt-fw-vars.
* Includes the latest UEFI DBX update in OVMF_VARS.secboot.fd.
* Adds 4MB variants of the .fd images (in QCOW2 format).
* Fixes network support broken by a recent bump.
* Drops EnrollDefaultKeys.efi and UefiShell.img
The enrollment tool hasn't actually worked for a while and is no longer needed
now that we provide OVMF_VARS.secboot.fd. UefiShell.img is therefore of little
use, and other distros now provide UefiShell.iso instead anyway. We can do the
same if there is sufficient interest.
This moves us closer to Fedora, but they ship far more variants. They
have a large Python wrapper around upstream's build system, which is
unusual in itself. Building all these would make the ebuild much more
complex, take a long time, and use up more disk space. Perhaps USE flags
could help here, but I'm not sure what all these variants are for.
I also decided to install to paths based on upstream's names, e.g.
edk2/ArmVirtQemu-AARCH64 as opposed to Fedora's edk2/aarch64 because
mixing QEMU with Xen and others would be confusing when there are many
similarly named files, even within a single architecture.
Closes: https://bugs.gentoo.org/891191
Closes: https://bugs.gentoo.org/921819
Closes: https://bugs.gentoo.org/929838
Signed-off-by: James Le Cuirot <chewi@gentoo.org>
|
|
|
|
|
|
|
| |
The new version bump won't use this.
Closes: https://bugs.gentoo.org/853271
Signed-off-by: James Le Cuirot <chewi@gentoo.org>
|
|
|
|
|
| |
Closes: https://bugs.gentoo.org/937610
Signed-off-by: James Le Cuirot <chewi@gentoo.org>
|
|
|
|
|
|
|
|
| |
I don't think using UefiShell.img actually works any more, but the new version
bump will automatically create OVMF_VARS.secboot.fd for you.
Closes: https://bugs.gentoo.org/926630
Signed-off-by: James Le Cuirot <chewi@gentoo.org>
|
|
|
|
|
|
|
| |
There is a lot of overlap in building firmware for other platforms from
source, so it makes sense to have one source package.
Signed-off-by: James Le Cuirot <chewi@gentoo.org>
|
|
|
|
| |
Signed-off-by: James Le Cuirot <chewi@gentoo.org>
|
|
|
|
|
|
|
| |
This was the last version supporting x86_64 firmware on other platforms via the
binary USE flag. edk2-ovmf-bin has superseded this.
Signed-off-by: James Le Cuirot <chewi@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Pagano <mpagano@gentoo.org>
|
|
|
|
| |
Signed-off-by: Sam James <sam@gentoo.org>
|
|
|
|
| |
Signed-off-by: Pacho Ramos <pacho@gentoo.org>
|
|
|
|
| |
Signed-off-by: Sam James <sam@gentoo.org>
|
|
|
|
| |
Signed-off-by: Sam James <sam@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Pagano <mpagano@gentoo.org>
|
|
|
|
|
|
|
|
| |
Change was created by running the following command::
ekeyword ^ia64 */*/*.ebuild
Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org>
|
|
|
|
| |
Signed-off-by: James Le Cuirot <chewi@gentoo.org>
|
|
|
|
| |
Signed-off-by: James Le Cuirot <chewi@gentoo.org>
|
|
|
|
|
| |
Closes: https://bugs.gentoo.org/932242
Signed-off-by: James Le Cuirot <chewi@gentoo.org>
|
|
|
|
|
|
|
|
| |
This was written over 10 years ago, and we do build our own -bin package
with the regular Gentoo toolchain. Upstream does not give any such
warning, at least in https://www.seabios.org/Build_overview.
Signed-off-by: James Le Cuirot <chewi@gentoo.org>
|
|
|
|
|
|
|
| |
Bug: https://bugs.gentoo.org/933284
Signed-off-by: Chris Mayo <aklhfex@gmail.com>
Closes: https://github.com/gentoo/gentoo/pull/38372
Signed-off-by: James Le Cuirot <chewi@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Pagano <mpagano@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Pagano <mpagano@gentoo.org>
|
|
|
|
| |
Signed-off-by: Sven Wegener <swegener@gentoo.org>
|
|
|
|
| |
Signed-off-by: Jakov Smolić <jsmolic@gentoo.org>
|
|
|
|
| |
Signed-off-by: Jakov Smolić <jsmolic@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Pagano <mpagano@gentoo.org>
|
|
|
|
|
|
|
|
| |
Reflected review comments from https://github.com/gentoo/gentoo/pull/37704
Signed-off-by: Takaki Suzuki <takaki-s@users.noreply.github.com>
Closes: https://github.com/gentoo/gentoo/pull/37981
Signed-off-by: Joonas Niilola <juippis@gentoo.org>
|
|
|
|
|
|
| |
Signed-off-by: Filip Kobierski <fkobi@pm.me>
Closes: https://github.com/gentoo/gentoo/pull/37808
Signed-off-by: Joonas Niilola <juippis@gentoo.org>
|
|
|
|
|
|
| |
Signed-off-by: Takaki Suzuki <takaki-s@users.noreply.github.com>
Closes: https://github.com/gentoo/gentoo/pull/37704
Signed-off-by: Joonas Niilola <juippis@gentoo.org>
|
|
|
|
|
| |
Closes: https://bugs.gentoo.org/929840
Signed-off-by: Pacho Ramos <pacho@gentoo.org>
|
|
|
|
| |
Signed-off-by: Jakov Smolić <jsmolic@gentoo.org>
|
|
|
|
| |
Signed-off-by: Sam James <sam@gentoo.org>
|
|
|
|
| |
Signed-off-by: Pacho Ramos <pacho@gentoo.org>
|
|
|
|
| |
Signed-off-by: Pacho Ramos <pacho@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
and:
- rdep on iucode_tool for .install hook
- USE=hostonly: iucode_tool is executed in pkg_preinst and should therefore be
an idep instead of a rdep (not that it really makes a functional difference
since it is bdep anyway)
- rework REQUIRED_USE: the *.install hooks require the split-ucode to be
present. Since with USE=dist-kernel, USE=initramfs does not install intel-uc.img
(instead it is delegared to installkernel via the *.install hooks) we need
always split-ucode with dist-kernel.
- *.install: exit gracefully if no ucode installed
this mirrors recent changes in sys-kernel/linux-firmware
Signed-off-by: Andrew Ammerlaan <andrewammerlaan@gentoo.org>
|
|
|
|
| |
Signed-off-by: Sam James <sam@gentoo.org>
|
|
|
|
| |
Signed-off-by: Matthias Maier <tamiko@gentoo.org>
|
|
|
|
| |
Signed-off-by: Matthias Maier <tamiko@gentoo.org>
|
|
|
|
| |
Signed-off-by: Matthias Maier <tamiko@gentoo.org>
|
|
|
|
| |
Signed-off-by: Matthias Maier <tamiko@gentoo.org>
|
|
|
|
| |
Signed-off-by: Matthias Maier <tamiko@gentoo.org>
|
|
|
|
|
|
|
|
|
| |
When using dist-kernel users can correct the problem and then
emerge --config ...
Signed-off-by: Andrew Ammerlaan <andrewammerlaan@gentoo.org>
Closes: https://github.com/gentoo/gentoo/pull/37292
Signed-off-by: Andrew Ammerlaan <andrewammerlaan@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This creates a intel microcode image when installing the kernel and when
installkernel/kernel-install is configured to use an initramfs generator other
then dracut. Dracut bundles the microcode in the image it generates, many
other initramfs generators do not and we want these users to also get the
latest CPU microcode.
installkernel-gentoo.git has recently gained support for handling these ucode
images and passing them on to bootloaders and UKI generators.
Note that this should be here and not in installkernel-gentoo.git because we
only want to install this when the initramfs flag is enabled to avoid the
situation where users who don't want an ucode.img get one anyway.
Note that we don't have to worry about MICROCODE_SIGNATURES and
MICROCODE_BLAKCLIST since this selection is taken into account when installing
the microcode to /lib/firmware, at run-time when we read the files from there
we therefore automatically get only the files we want.
Signed-off-by: Andrew Ammerlaan <andrewammerlaan@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added in a global rewrite that was apparently not tested as well as it
ideally could have been, since it added some pretty wild changes.
Non-exhaustive -- I caught these in passing and haven't really vetted
the tree.
Fixes: 67064ef687e8b3a61f5a4698ae1b029e2e70822c
Fixes: 92715265f5e37292e57673f39c5372a268778c44
Signed-off-by: Eli Schwartz <eschwartz93@gmail.com>
Signed-off-by: Sam James <sam@gentoo.org>
|
|
|
|
| |
Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org>
|
|
|
|
| |
Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org>
|
|
|
|
| |
Signed-off-by: Michał Górny <mgorny@gentoo.org>
|