Sync from SUSE:SLFO:Main ovmf revision 3ab028ed4c13f59ac8d37812d342bd6c
This commit is contained in:
commit
e3fd4e1de9
23
.gitattributes
vendored
Normal file
23
.gitattributes
vendored
Normal file
@ -0,0 +1,23 @@
|
||||
## Default LFS
|
||||
*.7z filter=lfs diff=lfs merge=lfs -text
|
||||
*.bsp filter=lfs diff=lfs merge=lfs -text
|
||||
*.bz2 filter=lfs diff=lfs merge=lfs -text
|
||||
*.gem filter=lfs diff=lfs merge=lfs -text
|
||||
*.gz filter=lfs diff=lfs merge=lfs -text
|
||||
*.jar filter=lfs diff=lfs merge=lfs -text
|
||||
*.lz filter=lfs diff=lfs merge=lfs -text
|
||||
*.lzma filter=lfs diff=lfs merge=lfs -text
|
||||
*.obscpio filter=lfs diff=lfs merge=lfs -text
|
||||
*.oxt filter=lfs diff=lfs merge=lfs -text
|
||||
*.pdf filter=lfs diff=lfs merge=lfs -text
|
||||
*.png filter=lfs diff=lfs merge=lfs -text
|
||||
*.rpm filter=lfs diff=lfs merge=lfs -text
|
||||
*.tbz filter=lfs diff=lfs merge=lfs -text
|
||||
*.tbz2 filter=lfs diff=lfs merge=lfs -text
|
||||
*.tgz filter=lfs diff=lfs merge=lfs -text
|
||||
*.ttf filter=lfs diff=lfs merge=lfs -text
|
||||
*.txz filter=lfs diff=lfs merge=lfs -text
|
||||
*.whl filter=lfs diff=lfs merge=lfs -text
|
||||
*.xz filter=lfs diff=lfs merge=lfs -text
|
||||
*.zip filter=lfs diff=lfs merge=lfs -text
|
||||
*.zst filter=lfs diff=lfs merge=lfs -text
|
185
README
Normal file
185
README
Normal file
@ -0,0 +1,185 @@
|
||||
Running the OVMF image in qemu
|
||||
==============================
|
||||
|
||||
The easiest way to run the OVMF image is to specify a pflash device for the
|
||||
firmware file. Here is the example to use OVMF in the flash mode:
|
||||
|
||||
$ cp /usr/share/qemu/ovmf-x86_64.bin .
|
||||
$ qemu-system-x86_64 -pflash ovmf-x86_64.bin
|
||||
|
||||
Please make sure the file is writable before using the flash mode, or all
|
||||
your changes won't be saved.
|
||||
|
||||
Starting from r15670, two extra firmware files are provided for the flash mode:
|
||||
ovmf-*-code.bin and ovmf-*-vars.bin, and all non-volatile variables will be
|
||||
stored in ovmf-*-vars.bin. Example:
|
||||
|
||||
$ cp /usr/share/qemu/ovmf-x86_64-vars.bin .
|
||||
$ qemu-system-x86_64 \
|
||||
-drive if=pflash,format=raw,unit=0,readonly,file=/usr/share/qemu/ovmf-x86_64-code.bin \
|
||||
-drive if=pflash,format=raw,unit=1,file=ovmf-x86_64-vars.bin
|
||||
|
||||
It would be easier to manage the NV variables with the separated vars firmware.
|
||||
|
||||
NOTE: Running OVMF with '-bios' is deprecated and should not be used anymore.
|
||||
|
||||
Variable Stores with preloaded keys
|
||||
-----------------------------------
|
||||
|
||||
Besides the generic OVMF images, there are images preloaded with different
|
||||
vendor keys.
|
||||
|
||||
ovmf-x86_64-smm-ms-vars.bin
|
||||
- PK: SUSE Linux Enterprise Secure Boot CA
|
||||
- KEK: Microsoft Corporation KEK CA 2011, SUSE Linux Enterprise Secure Boot CA
|
||||
- db: Microsoft Corporation UEFI CA 2011, Microsoft Windows Production PCA 2011
|
||||
|
||||
ovmf-x86_64-smm-opensuse-vars.bin
|
||||
- PK: openSUSE Secure Boot CA
|
||||
- KEK: openSUSE Secure Boot CA
|
||||
- db: openSUSE Secure Boot CA
|
||||
|
||||
ovmf-x86_64-smm-suse-vars.bin
|
||||
- PK: SUSE Linux Enterprise Secure Boot CA
|
||||
- KEK: SUSE Linux Enterprise Secure Boot CA
|
||||
- db: SUSE Linux Enterprise Secure Boot CA
|
||||
|
||||
Note that the preloaded key images are all 64 bit because openSUSE/SLE and
|
||||
Windows only support Secure Boot in 64 bit mode.
|
||||
|
||||
Those variable stores are created with EnrollDefaultKeys.efi which enrolls
|
||||
the Microsoft keys into KEK and db. It also reads the key from SMBIOS Type 11
|
||||
and enrolls the key into PK and KEK. If the "--no-default" switch is provided,
|
||||
the program will ignore the Microsoft keys and enroll the key from SMBIOS into
|
||||
db instead.
|
||||
|
||||
x86_64 4MB images
|
||||
-----------------
|
||||
|
||||
The OVMF upstream decides to switch the default flash size to 4MB since
|
||||
the edk2 commit 1c47fcd465a496. It's mainly for Windows HCK which requests
|
||||
a larger variable store. To maintain the backward compatibility, the 4MB
|
||||
images are built separately. Only those images with 4m, e.g. ovmf-x86_64-4m.bin,
|
||||
are the 4MB images. Otherwise, it's built with FD_SIZE_2MB, i.e. a 2MB image.
|
||||
|
||||
x86_64 SMM Support
|
||||
------------------
|
||||
The image files with "-smm", e.g. ovmf-x86_64-smm.bin, are the images
|
||||
with SMM support. SMM provides better (virtual) hardware separation between
|
||||
the guest OS and the firmware to prevent the runtime guest OS from tampering
|
||||
with the variable store and S3 areas, so it's recommended to enable SMM along
|
||||
with Secure Boot. Here are the requirements to use the SMM images:
|
||||
|
||||
* SMM support requires QEMU 2.5.
|
||||
* The minimum required QEMU machine type is "pc-q35-2.5".
|
||||
* SMM with KVM requires Linux 4.4 (host).
|
||||
|
||||
Here are the qemu commands to start a VM with SMM support:
|
||||
|
||||
$ cp /usr/share/qemu/ovmf-x86_64-smm-vars.bin .
|
||||
$ qemu-system-x86_64 \
|
||||
-machine q35,smm=on,accel=(tcg|kvm) \
|
||||
-global driver=cfi.pflash01,property=secure,value=on \
|
||||
-drive if=pflash,format=raw,unit=0,readonly,file=/usr/share/qemu/ovmf-x86_64-smm-code.bin \
|
||||
-drive if=pflash,format=raw,unit=1,file=ovmf-x86_64-smm-vars.bin \
|
||||
-global ICH9-LPC.disable_s3=1 \
|
||||
...
|
||||
|
||||
NOTE: The pflash variable store is required to use OVMF with SMM.
|
||||
|
||||
Creating Platform and Key Exchange keys
|
||||
=======================================
|
||||
|
||||
A note about terminology. In UEFI terms, "key" means certificate (not the
|
||||
openssl key). UEFI keys are required to be based on RSA 2048 bit keys.
|
||||
|
||||
The Platform key and Key Exchange Keys should be the equivalent of CA root
|
||||
certificates (i.e. a self signed certificate). Note that in current tianocore
|
||||
OVMF, the input certificates, if taken from external media, *must* be in a
|
||||
file with a .cer extension and in DER format.
|
||||
|
||||
The platform key is the key which controls updates to the Key Exchange Key
|
||||
database. The Key Exchange Key controls updates to the signature databases.
|
||||
Note that if the Key Exchange Key is an X509 key, any key which has the KEK as
|
||||
its root signature can also be used to validate an efi binary without need for
|
||||
any entries in the signatures database.
|
||||
|
||||
|
||||
Create Platform Key (PK)
|
||||
------------------------
|
||||
|
||||
openssl req -new -x509 -newkey rsa:2048 -keyout PK.key -out PK.crt -days <length>
|
||||
|
||||
Note that the Key is PK.crt (PK.key is the private key you use to sign other
|
||||
certificates)
|
||||
|
||||
Now convert to DER format
|
||||
|
||||
openssl x509 -in PK.crt -out PK.cer -outform DER
|
||||
|
||||
The file PK.cer can be placed on a USB key for enrolling as the platform key.
|
||||
|
||||
Create Key Exchange Key (KEK)
|
||||
-----------------------------
|
||||
|
||||
This is done exactly as the Platform key above, except call the file KEK.cer
|
||||
instead.
|
||||
|
||||
Note, for expermentation purposes, there's no reason the KEK and the PK can't
|
||||
be the same certificate.
|
||||
|
||||
Creating derived keys from the KEK
|
||||
----------------------------------
|
||||
|
||||
This process can be used to create subordinate keys which can be used to sign
|
||||
efi binaries (since their roots can be traced back to the KEK).
|
||||
|
||||
openssl req -new -newkey rsa:2048 -keyout new.key -out new.csr -days <length>
|
||||
|
||||
Now sign the certificate request with the KEK:
|
||||
|
||||
openssl x509 -req -in new.csr -CA KEK.crt -CAkey KEK.key -set_serial 1 -out new.crt
|
||||
|
||||
Note that since the new key doesn't have to be enrolled in the platform
|
||||
because its root of trust can be traced back to the KEK, there's no need to
|
||||
create a DER form of the key (the sbsign utilites used to sign efi binaries
|
||||
take the key.crt file which is in PEM form).
|
||||
|
||||
Running the UEFI ARM image in qemu
|
||||
==================================
|
||||
There are two flavors of the UEFI ARM images: AArch32 and AArch64.
|
||||
For the AArch64 image, use the following command:
|
||||
|
||||
qemu-system-aarch64 -m 1024 -M virt -cpu cortex-a57 -bios /usr/share/qemu/qemu-uefi-aarch64.bin -serial stdio
|
||||
|
||||
For AArch32:
|
||||
qemu-system-arm -m 1024 -M virt -cpu cortex-a15 -bios /usr/share/qemu/qemu-uefi-aarch32.bin -serial stdio
|
||||
|
||||
Source Level Debugging
|
||||
======================
|
||||
It's possible to debug OVMF with gdb connecting to qemu with the following
|
||||
steps:
|
||||
|
||||
(1) install the debug package: qemu-ovmf-x86_64-debug
|
||||
|
||||
(2) Start the virtual machine with '-s' or "-gdb tcp::1234"
|
||||
|
||||
(3) Start gdb in another terminal and issue the following commands:
|
||||
|
||||
(gdb) set architecture i386:x86-64:intel
|
||||
(gdb) target remote localhost:1234
|
||||
(gdb) source /usr/share/ovmf-x86_64/gdb_uefi-ovmf-x86_64-<flavor>.py
|
||||
(gdb) reload-uefi -o /usr/lib/debug/ovmf-x86_64/DebugPkg/GdbSyms/GdbSyms/DEBUG/GdbSyms.dll
|
||||
|
||||
(4) Happy debugging
|
||||
|
||||
Reference: https://www.mail-archive.com/edk2-devel@lists.sourceforge.net/msg07075.html
|
||||
|
||||
Note: It's also possible to debug OVMF with Xen, but the way to set up the port
|
||||
is differnt. Instead of adding the port number to qemu, you need gdbsx.
|
||||
Before starting gdb, execute this command:
|
||||
|
||||
# gdbsx -a <domainid> 64 1234
|
||||
|
||||
Then gdbsx will listen to port 1234 for the specific domainU. The rest is
|
||||
the same as qemu.
|
29
SLES-UEFI-CA-Certificate-2048.crt
Normal file
29
SLES-UEFI-CA-Certificate-2048.crt
Normal file
@ -0,0 +1,29 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIE5TCCA82gAwIBAgIBATANBgkqhkiG9w0BAQsFADCBpjEtMCsGA1UEAwwkU1VT
|
||||
RSBMaW51eCBFbnRlcnByaXNlIFNlY3VyZSBCb290IENBMQswCQYDVQQGEwJERTES
|
||||
MBAGA1UEBwwJTnVyZW1iZXJnMSEwHwYDVQQKDBhTVVNFIExpbnV4IFByb2R1Y3Rz
|
||||
IEdtYkgxEzARBgNVBAsMCkJ1aWxkIFRlYW0xHDAaBgkqhkiG9w0BCQEWDWJ1aWxk
|
||||
QHN1c2UuZGUwHhcNMTMwNDE4MTQzMzQxWhcNMzUwMzE0MTQzMzQxWjCBpjEtMCsG
|
||||
A1UEAwwkU1VTRSBMaW51eCBFbnRlcnByaXNlIFNlY3VyZSBCb290IENBMQswCQYD
|
||||
VQQGEwJERTESMBAGA1UEBwwJTnVyZW1iZXJnMSEwHwYDVQQKDBhTVVNFIExpbnV4
|
||||
IFByb2R1Y3RzIEdtYkgxEzARBgNVBAsMCkJ1aWxkIFRlYW0xHDAaBgkqhkiG9w0B
|
||||
CQEWDWJ1aWxkQHN1c2UuZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
|
||||
AQDN/avXKoT4gcM2NVA1LMfsBPH01sxgS8gTs3SbvfbEP2M+ZlHyfj9ufHZ7cZ1p
|
||||
ISoVm6ql5VbIeZgSNc17Y4y4Nynud1C8t2SP/iZK5YMYHGxdtIfv1zPE+Bo/KZqE
|
||||
WgHg2YFtMXdiKfXBZRTfSh37t0pGO/OQi6K4JioKw55UtQNggePZWDXtsAviT2vv
|
||||
abqLR9+kxdrQ0iWqhWM+LwXbTGkCpg41s8KucLD/JYAxxw05dKPApFDNnz+Ft2L7
|
||||
e5JtyB4S0u4PlvQBMNHt4hDs0rK4oeHFLbOxHvjF+nloneWhkg9eT0VCfpAYVYz+
|
||||
whMxuCHerDCdmeFrRGEMQz11AgMBAAGjggEaMIIBFjAPBgNVHRMBAf8EBTADAQH/
|
||||
MB0GA1UdDgQWBBTsqw1CxFbPdwQ2uXOZOGKWXocmLzCB0wYDVR0jBIHLMIHIgBTs
|
||||
qw1CxFbPdwQ2uXOZOGKWXocmL6GBrKSBqTCBpjEtMCsGA1UEAwwkU1VTRSBMaW51
|
||||
eCBFbnRlcnByaXNlIFNlY3VyZSBCb290IENBMQswCQYDVQQGEwJERTESMBAGA1UE
|
||||
BwwJTnVyZW1iZXJnMSEwHwYDVQQKDBhTVVNFIExpbnV4IFByb2R1Y3RzIEdtYkgx
|
||||
EzARBgNVBAsMCkJ1aWxkIFRlYW0xHDAaBgkqhkiG9w0BCQEWDWJ1aWxkQHN1c2Uu
|
||||
ZGWCAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IBAQASviyFhVqU
|
||||
Wc1JUQgXwdljJynTnp0/FQOZJBSe7XdBGPmy91+3ITqrXgyqo/218KISiQl53Qlw
|
||||
pq+cIiGRAia1D7p7wbg7wsg+Trt0zZFXes30wfYq5pjfWadEBAgNCffkBz10TSjL
|
||||
jQrVwW5N+yUJMoq+r843TzV56Huy6LBOVhI5yTz7X7i2rSJYfyQWM8oeHLj8Yl5M
|
||||
rOB9gyTumxB4mOLmSqwKzJiUB0ppGPohdLUSSEKDdo6KSH/GjR7M7uBicwnzwJD3
|
||||
SVfT9nx9HKF2nXZlHvs5ViQQru3qP1tc6i0eXEnPTYW2+zkZcN0e5iHyozEZHsO0
|
||||
rvc1p6G0YWtO
|
||||
-----END CERTIFICATE-----
|
7
_constraints
Normal file
7
_constraints
Normal file
@ -0,0 +1,7 @@
|
||||
<constraints>
|
||||
<hardware>
|
||||
<disk>
|
||||
<size unit="G">6</size>
|
||||
</disk>
|
||||
</hardware>
|
||||
</constraints>
|
14
_service
Normal file
14
_service
Normal file
@ -0,0 +1,14 @@
|
||||
<services>
|
||||
<service name="tar_scm" mode="disabled">
|
||||
<param name="filename">ovmf</param>
|
||||
<param name="versionformat">2017+git%at.%h</param>
|
||||
<param name="revision">UDK2017</param>
|
||||
<param name="url">https://github.com/tianocore/edk2.git</param>
|
||||
<param name="scm">git</param>
|
||||
</service>
|
||||
<service name="recompress" mode="disabled">
|
||||
<param name="compression">xz</param>
|
||||
<param name="file">*.tar</param>
|
||||
</service>
|
||||
<service name="set_version" mode="disabled"/>
|
||||
</services>
|
BIN
berkeley-softfloat-3-b64af41c3276f.tar.xz
(Stored with Git LFS)
Normal file
BIN
berkeley-softfloat-3-b64af41c3276f.tar.xz
(Stored with Git LFS)
Normal file
Binary file not shown.
BIN
descriptors.tar.xz
(Stored with Git LFS)
Normal file
BIN
descriptors.tar.xz
(Stored with Git LFS)
Normal file
Binary file not shown.
BIN
edk2-edk2-stable202305.tar.gz
(Stored with Git LFS)
Normal file
BIN
edk2-edk2-stable202305.tar.gz
(Stored with Git LFS)
Normal file
Binary file not shown.
365
gdb_uefi.py.in
Normal file
365
gdb_uefi.py.in
Normal file
@ -0,0 +1,365 @@
|
||||
"""
|
||||
Allows loading TianoCore symbols into a GDB session attached to EFI
|
||||
Firmware.
|
||||
|
||||
This is how it works: build GdbSyms - it's a dummy binary that
|
||||
contains the relevant symbols needed to find and load image symbols.
|
||||
|
||||
$ gdb
|
||||
(gdb) taget remote ....
|
||||
(gdb) source Scripts/gdb_uefi.py
|
||||
(gdb) reload-uefi -o /path/to/GdbSyms.dll
|
||||
|
||||
The -o option should be used if you've debugging EFI, where the PE
|
||||
images were converted from MACH-O or ELF binaries.
|
||||
|
||||
"""
|
||||
|
||||
import array
|
||||
import getopt
|
||||
import binascii
|
||||
import re
|
||||
|
||||
__license__ = "BSD"
|
||||
__version = "1.0.0"
|
||||
__maintainer__ = "Andrei Warkentin"
|
||||
__email__ = "andrey.warkentin@gmail.com"
|
||||
__status__ = "Works"
|
||||
|
||||
|
||||
# FOR RPM PACKAGE replace the strings in the spec file
|
||||
build_path="__BUILD_PATH__"
|
||||
source_path="__SOURCE_PATH__"
|
||||
gdb_src_path="__GDB_SRC_PATH__"
|
||||
flavor="__FLAVOR__"
|
||||
|
||||
class ReloadUefi (gdb.Command):
|
||||
"""Reload UEFI symbols"""
|
||||
|
||||
#
|
||||
# Various constants.
|
||||
#
|
||||
|
||||
EINVAL = 0xffffffff
|
||||
CV_NB10 = 0x3031424E
|
||||
CV_RSDS = 0x53445352
|
||||
CV_MTOC = 0x434F544D
|
||||
DOS_MAGIC = 0x5A4D
|
||||
PE32PLUS_MAGIC = 0x20b
|
||||
EST_SIGNATURE = 0x5453595320494249
|
||||
DEBUG_GUID = [0x49152E77, 0x1ADA, 0x4764,
|
||||
[0xB7,0xA2,0x7A,0xFE,
|
||||
0xFE,0xD9,0x5E, 0x8B]]
|
||||
DEBUG_IS_UPDATING = 0x1
|
||||
|
||||
#
|
||||
# If the images were built as ELF/MACH-O and then converted to PE,
|
||||
# then the base address needs to be offset by PE headers.
|
||||
#
|
||||
|
||||
offset_by_headers = False
|
||||
|
||||
def __init__ (self):
|
||||
super (ReloadUefi, self).__init__ ("reload-uefi", gdb.COMMAND_OBSCURE)
|
||||
|
||||
#
|
||||
# Returns gdb.Type for a type.
|
||||
#
|
||||
|
||||
def type (self, typename):
|
||||
return gdb.lookup_type (typename)
|
||||
|
||||
#
|
||||
# Returns gdb.Type for a pointer to a type.
|
||||
#
|
||||
|
||||
def ptype (self, typename):
|
||||
return gdb.lookup_type (typename).pointer ()
|
||||
|
||||
#
|
||||
# Computes CRC32 on an array of data.
|
||||
#
|
||||
|
||||
def crc32 (self, data):
|
||||
return binascii.crc32 (data) & 0xFFFFFFFF
|
||||
|
||||
#
|
||||
# Sets a field in a struct to a value, i.e.
|
||||
# value->field_name = data.
|
||||
#
|
||||
# Newer Py bindings to Gdb provide access to the inferior
|
||||
# memory, but not all, so have to do it this awkward way.
|
||||
#
|
||||
|
||||
def set_field (self, value, field_name, data):
|
||||
gdb.execute ("set *(%s *) 0x%x = 0x%x" % \
|
||||
(str (value[field_name].type), \
|
||||
int (value[field_name].address), \
|
||||
data))
|
||||
|
||||
#
|
||||
# Returns data backing a gdb.Value as an array.
|
||||
# Same comment as above regarding newer Py bindings...
|
||||
#
|
||||
|
||||
def value_data (self, value, bytes=0):
|
||||
value_address = gdb.Value (value.address)
|
||||
array_t = self.ptype ('UINT8')
|
||||
value_array = value_address.cast (array_t)
|
||||
if bytes == 0:
|
||||
bytes = value.type.sizeof
|
||||
data = array.array ('B')
|
||||
for i in range (0, bytes):
|
||||
data.append (value_array[i])
|
||||
return data
|
||||
|
||||
#
|
||||
# Locates the EFI_SYSTEM_TABLE as per UEFI spec 17.4.
|
||||
# Returns base address or -1.
|
||||
#
|
||||
|
||||
def search_est (self):
|
||||
address = 0
|
||||
estp_t = self.ptype ('EFI_SYSTEM_TABLE_POINTER')
|
||||
while True:
|
||||
estp = gdb.Value(address).cast(estp_t)
|
||||
if estp['Signature'] == self.EST_SIGNATURE:
|
||||
oldcrc = int (estp['Crc32'])
|
||||
self.set_field (estp, 'Crc32', 0)
|
||||
newcrc = self.crc32 (self.value_data (estp.dereference (), 0))
|
||||
self.set_field (estp, 'Crc32', int (oldcrc))
|
||||
if newcrc == oldcrc:
|
||||
return estp['EfiSystemTableBase']
|
||||
|
||||
address = address + 4*1024*1024
|
||||
if int (address) == 0:
|
||||
return gdb.Value(self.EINVAL)
|
||||
|
||||
#
|
||||
# Searches for a vendor-specific configuration table (in EST),
|
||||
# given a vendor-specific table GUID. GUID is a list like -
|
||||
# [32-bit, 16-bit, 16-bit, [8 bytes]]
|
||||
#
|
||||
|
||||
def search_config (self, cfg_table, count, guid):
|
||||
index = 0
|
||||
while index != count:
|
||||
cfg_entry = cfg_table[index]['VendorGuid']
|
||||
if cfg_entry['Data1'] == guid[0] and \
|
||||
cfg_entry['Data2'] == guid[1] and \
|
||||
cfg_entry['Data3'] == guid[2] and \
|
||||
self.value_data (cfg_entry['Data4']).tolist () == guid[3]:
|
||||
return cfg_table[index]['VendorTable']
|
||||
index = index + 1
|
||||
return gdb.Value(self.EINVAL)
|
||||
|
||||
#
|
||||
# Returns a UTF16 string corresponding to a (CHAR16 *) value in EFI.
|
||||
#
|
||||
|
||||
def parse_utf16 (self, value):
|
||||
index = 0
|
||||
data = array.array ('H')
|
||||
while value[index] != 0:
|
||||
data.append (value[index])
|
||||
index = index + 1
|
||||
return data.tostring ().decode ('utf-16')
|
||||
|
||||
#
|
||||
# Returns offset of a field within structure. Useful
|
||||
# for getting container of a structure.
|
||||
#
|
||||
|
||||
def offsetof (self, typename, field):
|
||||
t = gdb.Value (0).cast (self.ptype (typename))
|
||||
return int (t[field].address)
|
||||
|
||||
#
|
||||
# Returns sizeof of a type.
|
||||
#
|
||||
|
||||
def sizeof (self, typename):
|
||||
return self.type (typename).sizeof
|
||||
|
||||
#
|
||||
# Returns the EFI_IMAGE_NT_HEADERS32 pointer, given
|
||||
# an ImageBase address as a gdb.Value.
|
||||
#
|
||||
|
||||
def pe_headers (self, imagebase):
|
||||
dosh_t = self.ptype ('EFI_IMAGE_DOS_HEADER')
|
||||
head_t = self.ptype ('EFI_IMAGE_OPTIONAL_HEADER_UNION')
|
||||
dosh = imagebase.cast(dosh_t)
|
||||
h_addr = imagebase
|
||||
if dosh['e_magic'] == self.DOS_MAGIC:
|
||||
h_addr = h_addr + dosh['e_lfanew']
|
||||
return gdb.Value(h_addr).cast (head_t)
|
||||
|
||||
#
|
||||
# Returns True if pe_headers refer to a PE32+ image.
|
||||
#
|
||||
|
||||
def pe_is_64 (self, pe_headers):
|
||||
if pe_headers['Pe32']['OptionalHeader']['Magic'] == self.PE32PLUS_MAGIC:
|
||||
return True
|
||||
return False
|
||||
|
||||
#
|
||||
# Returns the PE (not so) optional header.
|
||||
#
|
||||
|
||||
def pe_optional (self, pe):
|
||||
if self.pe_is_64 (pe):
|
||||
return pe['Pe32Plus']['OptionalHeader']
|
||||
else:
|
||||
return pe['Pe32']['OptionalHeader']
|
||||
|
||||
#
|
||||
# Returns the symbol file name for a PE image.
|
||||
#
|
||||
|
||||
def pe_parse_debug (self, pe):
|
||||
opt = self.pe_optional (pe)
|
||||
debug_dir_entry = opt['DataDirectory'][6]
|
||||
dep = debug_dir_entry['VirtualAddress'] + opt['ImageBase']
|
||||
dep = dep.cast (self.ptype ('EFI_IMAGE_DEBUG_DIRECTORY_ENTRY'))
|
||||
cvp = dep.dereference ()['RVA'] + opt['ImageBase']
|
||||
cvv = cvp.cast(self.ptype ('UINT32')).dereference ()
|
||||
if cvv == self.CV_NB10:
|
||||
return cvp + self.sizeof('EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY')
|
||||
elif cvv == self.CV_RSDS:
|
||||
return cvp + self.sizeof('EFI_IMAGE_DEBUG_CODEVIEW_RSDS_ENTRY')
|
||||
elif cvv == self.CV_MTOC:
|
||||
return cvp + self.sizeof('EFI_IMAGE_DEBUG_CODEVIEW_MTOC_ENTRY')
|
||||
return gdb.Value(self.EINVAL)
|
||||
|
||||
#
|
||||
# Parses an EFI_LOADED_IMAGE_PROTOCOL, figuring out the symbol file name.
|
||||
# This file name is then appended to list of loaded symbols.
|
||||
#
|
||||
# TBD: Support TE images.
|
||||
#
|
||||
|
||||
def parse_image (self, image, syms):
|
||||
base = image['ImageBase']
|
||||
pe = self.pe_headers (base)
|
||||
opt = self.pe_optional (pe)
|
||||
sym_name = self.pe_parse_debug (pe)
|
||||
|
||||
# For ELF and Mach-O-derived images...
|
||||
if self.offset_by_headers:
|
||||
base = base + opt['SizeOfHeaders']
|
||||
if sym_name != self.EINVAL:
|
||||
sym_name = sym_name.cast (self.ptype('CHAR8')).string ()
|
||||
# Ignore the driver from qemu
|
||||
if re.search (r"\.efidrv$", sym_name):
|
||||
return
|
||||
# FOR RPM PACKAGE substitute the build path
|
||||
sym_name = re.sub(r"^"+re.escape(build_path), "/usr/lib/debug/"+flavor, sym_name)
|
||||
sym_name = re.sub(r"\.dll$", ".debug", sym_name)
|
||||
syms.append ("add-symbol-file %s 0x%x" % \
|
||||
(sym_name,
|
||||
int (base)))
|
||||
|
||||
#
|
||||
# Parses table EFI_DEBUG_IMAGE_INFO structures, builds
|
||||
# a list of add-symbol-file commands, and reloads debugger
|
||||
# symbols.
|
||||
#
|
||||
|
||||
def parse_edii (self, edii, count):
|
||||
index = 0
|
||||
syms = []
|
||||
while index != count:
|
||||
entry = edii[index]
|
||||
if entry['ImageInfoType'].dereference () == 1:
|
||||
entry = entry['NormalImage']
|
||||
self.parse_image(entry['LoadedImageProtocolInstance'], syms)
|
||||
else:
|
||||
print ('Skipping unknown EFI_DEBUG_IMAGE_INFO (Type 0x%x)' % \
|
||||
entry['ImageInfoType'].dereference ())
|
||||
index = index + 1
|
||||
gdb.execute ("symbol-file")
|
||||
print ('Loading new symbols...')
|
||||
for sym in syms:
|
||||
print (sym)
|
||||
gdb.execute (sym)
|
||||
|
||||
#
|
||||
# Parses EFI_DEBUG_IMAGE_INFO_TABLE_HEADER, in order to load
|
||||
# image symbols.
|
||||
#
|
||||
|
||||
def parse_dh (self, dh):
|
||||
dh_t = self.ptype ('EFI_DEBUG_IMAGE_INFO_TABLE_HEADER')
|
||||
dh = dh.cast (dh_t)
|
||||
print ('DebugImageInfoTable @ 0x%x, 0x%x entries' \
|
||||
% (int (dh['EfiDebugImageInfoTable']), dh['TableSize']))
|
||||
if dh['UpdateStatus'] & self.DEBUG_IS_UPDATING:
|
||||
print ('EfiDebugImageInfoTable update in progress, retry later')
|
||||
return
|
||||
self.parse_edii (dh['EfiDebugImageInfoTable'], dh['TableSize'])
|
||||
|
||||
#
|
||||
# Parses EFI_SYSTEM_TABLE, in order to load image symbols.
|
||||
#
|
||||
|
||||
def parse_est (self, est):
|
||||
est_t = self.ptype ('EFI_SYSTEM_TABLE')
|
||||
est = est.cast (est_t)
|
||||
print ('Connected to %s (Rev. 0x%x)' % \
|
||||
(self.parse_utf16 (est['FirmwareVendor']), \
|
||||
int (est['FirmwareRevision'])))
|
||||
print ('ConfigurationTable @ 0x%x, 0x%x entries' \
|
||||
% (int (est['ConfigurationTable']), est['NumberOfTableEntries']))
|
||||
|
||||
dh = self.search_config(est['ConfigurationTable'],
|
||||
est['NumberOfTableEntries'],
|
||||
self.DEBUG_GUID)
|
||||
if dh == self.EINVAL:
|
||||
print ('No EFI_DEBUG_IMAGE_INFO_TABLE_HEADER')
|
||||
return
|
||||
self.parse_dh (dh)
|
||||
|
||||
#
|
||||
# Usage information.
|
||||
#
|
||||
|
||||
def usage (self):
|
||||
print ('Usage: reload-uefi [-o] /path/to/GdbSyms.dll')
|
||||
|
||||
#
|
||||
# Handler for reload-uefi.
|
||||
#
|
||||
|
||||
def invoke (self, arg, from_tty):
|
||||
args = arg.split(' ')
|
||||
try:
|
||||
opts, args = getopt.getopt(args, "o", ["offset-by-headers"])
|
||||
except (getopt.GetoptError, err):
|
||||
self.usage ()
|
||||
return
|
||||
for opt, arg in opts:
|
||||
if opt == "-o":
|
||||
self.offset_by_headers = True
|
||||
|
||||
if len(args) < 1:
|
||||
self.usage ()
|
||||
return
|
||||
|
||||
# FOR RPM PACKAGE substitute the path of the source code
|
||||
gdb.execute ("set substitute-path "+source_path+" "+gdb_src_path)
|
||||
|
||||
gdb.execute ("symbol-file")
|
||||
gdb.execute ("symbol-file %s" % args[0])
|
||||
est = self.search_est ()
|
||||
if est == self.EINVAL:
|
||||
print ('No EFI_SYSTEM_TABLE...')
|
||||
return
|
||||
|
||||
print ('EFI_SYSTEM_TABLE @ 0x%x' % est)
|
||||
self.parse_est (est)
|
||||
|
||||
ReloadUefi ()
|
||||
|
||||
|
113
gen-key-enrollment-iso.sh
Normal file
113
gen-key-enrollment-iso.sh
Normal file
@ -0,0 +1,113 @@
|
||||
#!/bin/bash -e
|
||||
# The script to generate the key enrollment iso file
|
||||
# based on build_iso() in https://git.kraxel.org/cgit/jenkins/edk2/tree/edk2.git.spec
|
||||
|
||||
# Example: $0 X64 Shell.efi EnrollDefaultKeys.efi default key.iso
|
||||
|
||||
usage()
|
||||
{
|
||||
PROG_NAME=$1
|
||||
echo "Usage: $PROG_NAME <Arch> <Shell> <Enroller> <Type> <ISO NAME>"
|
||||
echo "ex: $PROG_NAME X64 Shell.efi EnrollDefaultKeys.efi default key.iso"
|
||||
}
|
||||
|
||||
ARCH=$(echo $1 | tr '[:lower:'] '[:upper:]')
|
||||
UEFI_SHELL_BINARY="$2"
|
||||
ENROLLER_BINARY="$3"
|
||||
TYPE="$4"
|
||||
ISO_NAME="$5"
|
||||
|
||||
# Check the arguments
|
||||
if [ x$ARCH != xX64 ] && [ x$ARCH != xAARCH64 ]; then
|
||||
echo "Supported architecture: X64, AARCH64"
|
||||
usage $0
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ x$UEFI_SHELL_BINARY == x ] || [ ! -e "$UEFI_SHELL_BINARY" ]; then
|
||||
echo "Please specify the UEFI shell binary"
|
||||
usage $0
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ x$ENROLLER_BINARY == x ] || [ ! -e "$ENROLLER_BINARY" ]; then
|
||||
echo "Please specify the enroller binary"
|
||||
usage $0
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ x$TYPE == x ]; then
|
||||
echo "Please specify the type of image: default or no-default"
|
||||
usage $0
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ x$ISO_NAME == x ]; then
|
||||
echo "Please specify the name of output iso"
|
||||
usage $0
|
||||
exit 1
|
||||
fi
|
||||
|
||||
ISO_PATH=$(realpath $ISO_NAME)
|
||||
|
||||
TMP_DIR=$(mktemp -d)
|
||||
|
||||
cp $UEFI_SHELL_BINARY $TMP_DIR/Shell.efi
|
||||
cp $ENROLLER_BINARY $TMP_DIR/EnrollDefaultKeys.efi
|
||||
|
||||
UEFI_BOOT_EFI=$(
|
||||
if [ $ARCH == "X64" ]; then
|
||||
echo bootx64.efi
|
||||
elif [ $ARCH == "AARCH64" ]; then
|
||||
echo bootaa64.efi
|
||||
else
|
||||
exit 1
|
||||
fi
|
||||
)
|
||||
|
||||
UEFI_SHELL_SIZE=$(stat --format=%s -- "$UEFI_SHELL_BINARY")
|
||||
ENROLLER_SIZE=$(stat --format=%s -- "$ENROLLER_BINARY")
|
||||
START_SCRIPT=$TMP_DIR/"startup.nsh"
|
||||
|
||||
# Enter the first ESP
|
||||
echo "fs0:" > $START_SCRIPT
|
||||
# Enroll the keys
|
||||
if [ $TYPE == "default" ]; then
|
||||
echo "EnrollDefaultKeys.efi" >> $START_SCRIPT
|
||||
else
|
||||
echo "EnrollDefaultKeys.efi --no-default" >> $START_SCRIPT
|
||||
fi
|
||||
# Reset BootOrder
|
||||
echo "setvar BootOrder -guid 8be4df61-93ca-11d2-aa0d-00e098032b8c -bs -rt -nv =" >> $START_SCRIPT
|
||||
# Shutdown the system
|
||||
echo "reset -s" >> $START_SCRIPT
|
||||
|
||||
UEFI_SHELL_IMAGE=uefi_shell_${ARCH}_${TYPE}.img
|
||||
# Add 1MB then 10% for metadata
|
||||
UEFI_SHELL_IMAGE_KB=$((
|
||||
(UEFI_SHELL_SIZE + ENROLLER_SIZE +
|
||||
1 * 1024 * 1024) * 11 / 10 / 1024
|
||||
))
|
||||
|
||||
pushd $TMP_DIR
|
||||
|
||||
# Create non-partitioned FAT image
|
||||
rm -f -- "$UEFI_SHELL_IMAGE"
|
||||
/usr/sbin/mkdosfs -C "$UEFI_SHELL_IMAGE" -n UEFI_SHELL -- "$UEFI_SHELL_IMAGE_KB"
|
||||
|
||||
export MTOOLS_SKIP_CHECK=1
|
||||
mmd -i "$UEFI_SHELL_IMAGE" ::efi
|
||||
mmd -i "$UEFI_SHELL_IMAGE" ::efi/boot
|
||||
mcopy -i "$UEFI_SHELL_IMAGE" Shell.efi ::efi/boot/$UEFI_BOOT_EFI
|
||||
mcopy -i "$UEFI_SHELL_IMAGE" "$START_SCRIPT" ::efi/boot/startup.nsh
|
||||
mcopy -i "$UEFI_SHELL_IMAGE" EnrollDefaultKeys.efi ::EnrollDefaultKeys.efi
|
||||
mdir -i "$UEFI_SHELL_IMAGE" -/ ::
|
||||
|
||||
# build ISO with FAT image file as El Torito EFI boot image
|
||||
mkisofs -input-charset ASCII -J -rational-rock \
|
||||
-eltorito-platform efi -eltorito-boot "$UEFI_SHELL_IMAGE" \
|
||||
-no-emul-boot -o "$ISO_PATH" -- "$UEFI_SHELL_IMAGE"
|
||||
|
||||
popd
|
||||
|
||||
#rm -rf $TMP_DIR
|
BIN
oniguruma-v6.9.4_mark1-src.tar.xz
(Stored with Git LFS)
Normal file
BIN
oniguruma-v6.9.4_mark1-src.tar.xz
(Stored with Git LFS)
Normal file
Binary file not shown.
26
openSUSE-UEFI-CA-Certificate-2048.crt
Normal file
26
openSUSE-UEFI-CA-Certificate-2048.crt
Normal file
@ -0,0 +1,26 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIEdDCCA1ygAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgTEgMB4GA1UEAwwXb3Bl
|
||||
blNVU0UgU2VjdXJlIEJvb3QgQ0ExCzAJBgNVBAYTAkRFMRIwEAYDVQQHDAlOdXJl
|
||||
bWJlcmcxGTAXBgNVBAoMEG9wZW5TVVNFIFByb2plY3QxITAfBgkqhkiG9w0BCQEW
|
||||
EmJ1aWxkQG9wZW5zdXNlLm9yZzAeFw0xMzA4MjYxNjEyMDdaFw0zNTA3MjIxNjEy
|
||||
MDdaMIGBMSAwHgYDVQQDDBdvcGVuU1VTRSBTZWN1cmUgQm9vdCBDQTELMAkGA1UE
|
||||
BhMCREUxEjAQBgNVBAcMCU51cmVtYmVyZzEZMBcGA1UECgwQb3BlblNVU0UgUHJv
|
||||
amVjdDEhMB8GCSqGSIb3DQEJARYSYnVpbGRAb3BlbnN1c2Uub3JnMIIBIjANBgkq
|
||||
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3t9hknqk/oPRfTtoDrGn8E6Sk/xHPnAt
|
||||
Tojcmp76M7Sm2w4jwQ2owdVlBIQE/zpIGE85MuTKTvkEnp8PzSBdYaunANil/yt/
|
||||
vuhHwy9bAsi73o4a6UbThu//iJmQ6xCJuIs/PqgHxlV6btNf/IM8PRbtJsUTc5Kx
|
||||
cB4ilcgAbCV2RvGi2dCwmGgPpy2xDWeJypRK6hLFkVV2f2x6LvkYiZ/49CRD1TVq
|
||||
ywAOLu1L4l0J2BuXcJmeWm+mgaidqVh2fWlxgtO6OpZDm/DaFcZO6cgVuenLx+Rx
|
||||
zuoQG2vEKnABqVK0F94AUs995P0PTQMYspAo1G/Erla8NmBJRotrCwIDAQABo4H0
|
||||
MIHxMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFGhCYA3iLExHfpW+I9/qlRPl
|
||||
lxdiMIGuBgNVHSMEgaYwgaOAFGhCYA3iLExHfpW+I9/qlRPllxdioYGHpIGEMIGB
|
||||
MSAwHgYDVQQDDBdvcGVuU1VTRSBTZWN1cmUgQm9vdCBDQTELMAkGA1UEBhMCREUx
|
||||
EjAQBgNVBAcMCU51cmVtYmVyZzEZMBcGA1UECgwQb3BlblNVU0UgUHJvamVjdDEh
|
||||
MB8GCSqGSIb3DQEJARYSYnVpbGRAb3BlbnN1c2Uub3JnggEBMA4GA1UdDwEB/wQE
|
||||
AwIBhjANBgkqhkiG9w0BAQsFAAOCAQEAiqOJwo7Z+YIL8zPO6RkXF6NlgM0zrgZR
|
||||
Vim2OId79J38KI6q4FMSDjpgxwbYOmF2O3cI9JSkjHxHOpnYhJsXzCBiLuJ25MY2
|
||||
DSbpLlM1Cvs6NZNFw5OCwQvzCOlXH1k3qdBsafto6n87r9P3WSeO1MeWc/QMCvc+
|
||||
5K9sjMd6bwl59EEf428R+z5ssaB75JK3yvky9d7DsHN947OCXc3sYdz+DD7Gteds
|
||||
LV2Sc//tqmqpm2aeXjptcLAxwM7fLyEQaAyH83egMzEKDxX27jKIxZpTcc0NGqEo
|
||||
idC/9lasSzs2BisBxevl3HKDPZSsKIMT+8FdJ5wT9jJf9h9Ktz5Tig==
|
||||
-----END CERTIFICATE-----
|
27
openSUSE-UEFI-SIGN-Certificate-2048.crt
Normal file
27
openSUSE-UEFI-SIGN-Certificate-2048.crt
Normal file
@ -0,0 +1,27 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIEjTCCA3WgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgTEgMB4GA1UEAwwXb3Bl
|
||||
blNVU0UgU2VjdXJlIEJvb3QgQ0ExCzAJBgNVBAYTAkRFMRIwEAYDVQQHDAlOdXJl
|
||||
bWJlcmcxGTAXBgNVBAoMEG9wZW5TVVNFIFByb2plY3QxITAfBgkqhkiG9w0BCQEW
|
||||
EmJ1aWxkQG9wZW5zdXNlLm9yZzAeFw0xMzA4MjYxNjE4MzdaFw0yMzA3MDUxNjE4
|
||||
MzdaMIGGMSUwIwYDVQQDDBxvcGVuU1VTRSBTZWN1cmUgQm9vdCBTaWdua2V5MQsw
|
||||
CQYDVQQGEwJERTESMBAGA1UEBwwJTnVyZW1iZXJnMRkwFwYDVQQKDBBvcGVuU1VT
|
||||
RSBQcm9qZWN0MSEwHwYJKoZIhvcNAQkBFhJidWlsZEBvcGVuc3VzZS5vcmcwggEi
|
||||
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLNeCcz9j3S+vjlCzyEXczhpwo
|
||||
HRneRWkhXqCUSgu1QS5nAWuRdjqFZipji4cr6JSKEm4lE7AHPygrdiU+KbJVQuc7
|
||||
RCQdt5kyy0TStIjLqU+nswa+XKruKwQJquxYY1rIYsfZaEP7vQ6S/0zsAkS8lcmf
|
||||
0b4h+PSybVoK1U2YZczBjO/f8p/aRQV2+RrAi9UcBfLAuEqwEt9DytULGEazA77N
|
||||
p9cBgPHFyu7ZOh9KM31QAavXOkhuYllzYh447zIx7lgYfVkFivt91A1enUeb2K+2
|
||||
EZ885xOE5ADsCpeJIpDzFObfwXUHrSQ42OCP9rnA20XjboFcHinQeK5sp0sfAgMB
|
||||
AAGjggEHMIIBAzAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQDMvqcvw2IvyGSSw3o
|
||||
KgmlTV3vyDCBrgYDVR0jBIGmMIGjgBRoQmAN4ixMR36VviPf6pUT5ZcXYqGBh6SB
|
||||
hDCBgTEgMB4GA1UEAwwXb3BlblNVU0UgU2VjdXJlIEJvb3QgQ0ExCzAJBgNVBAYT
|
||||
AkRFMRIwEAYDVQQHDAlOdXJlbWJlcmcxGTAXBgNVBAoMEG9wZW5TVVNFIFByb2pl
|
||||
Y3QxITAfBgkqhkiG9w0BCQEWEmJ1aWxkQG9wZW5zdXNlLm9yZ4IBATAOBgNVHQ8B
|
||||
Af8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwMwDQYJKoZIhvcNAQELBQADggEB
|
||||
AI3sxNvPFB/+Cjj9GVCvNbaOGFV+5X6Dd7ZMJat0xI93GS+FvUOO1i53iCpnfSld
|
||||
gE+2chifX2W3u6RyiJTTfwke4EVU4GWjFy78WwwszCih0byVa/YSQguvPuMjvQY6
|
||||
mw+exom0ri68328yWb1oCDaPOhI9Fr51hj50yUWWBbmpu2YPi5blN6CBE+9B2cbp
|
||||
HVDPxoUWjYJ9leK951nfSu0E1+cLNYDpZ39h4dBHNvU1a3AueVKIXyEYaiwy0VDS
|
||||
8CQJluUCE4eLlt/cbJqMs0/iY7nRnbVOOyZUYTYxq7ACvDrMyStkfdR4KLDzvLWo
|
||||
8Gu+1aY2qw6wZ+TKiiRRYjQ=
|
||||
-----END CERTIFICATE-----
|
BIN
openssl-1.1.1t.tar.gz
(Stored with Git LFS)
Normal file
BIN
openssl-1.1.1t.tar.gz
(Stored with Git LFS)
Normal file
Binary file not shown.
16
openssl-1.1.1t.tar.gz.asc
Normal file
16
openssl-1.1.1t.tar.gz.asc
Normal file
@ -0,0 +1,16 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCgAdFiEEeVOsH7w9yLOykjk+1enkP3357owFAmPiVA4ACgkQ1enkP335
|
||||
7owO9Q/+I6mvbNQeSgpOaOu//sVRGVkOD9pfZJsxZJtQuiYPQtXLlwkZyoh3Ft8b
|
||||
Gty7sC6zXwWA2sbo4LGeum3jnjb7nb/x3+5O8KARPLFRpy2/4okL3uZnAw8Pr5ps
|
||||
8VjCEIm9l9UmuWNZPWRQZPtup6Uz5u97/kVLQE17qFQW1bwiUixR+Yc+ICyW/hUQ
|
||||
F13tbV2GVkoVdJKwD9UpwAs6ft0+faXtkEASNyLykcrTbGbBPVVpieXiH/Vuv6BX
|
||||
1Ax/oBR5Xem9bGSZkCa5KZMDOqR08GUEA1zqa9Hh8VN4hH11w0cjyKPK9U6dQmAH
|
||||
P6clMEtbNMYPr3pHO4Ufgwf0OzdnLfxIf8qCiqQcNLmBnCG0NHM0/8zJmiGg1O6r
|
||||
Fy0P9/nSQ5CIT3t27Xcn8RciwTR7YClEyBtNGS1JdDzGJmomTqmxBns/QyZyKtlG
|
||||
V+7IsNfUBVdCF4AUP7BRC+SkHf/2/fDyCPETg27AQz/iOUC9KU0DgKLQtmnnRKk0
|
||||
Uz49l/WSVJARzPS5y55o8NUEv/QhnSct2eGjYeO3RiikuHDVQoH9R663G6E1koMq
|
||||
fahxEs0FX39hALOt/CVisZ/H8trIy3r3Buc7EmqLHj/Q40I5IJA9ZCzi1e8UviQV
|
||||
pQpkVru5VJVwNsm8KB/aBOm6J00mi2kbXMPrW1zwfmJAwt+iSJ4=
|
||||
=nNu+
|
||||
-----END PGP SIGNATURE-----
|
94
openssl.keyring
Normal file
94
openssl.keyring
Normal file
@ -0,0 +1,94 @@
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
Comment: 7953 AC1F BC3D C8B3 B292 393E D5E9 E43F 7DF9 EE8C
|
||||
Comment: Richard Levitte <levitte@lp.se>
|
||||
Comment: Richard Levitte <levitte@openssl.org>
|
||||
Comment: Richard Levitte <richard@levitte.org>
|
||||
|
||||
xsFNBFQwazYBEAC01v949yFYzwbn0UkEkM3MHTrDqWbp+erhXqdVD5ymG/pXvmqx
|
||||
5KlxL1TZMuWEFuaq9EVkW8Wm5glk4D14IalIVKARAMDwqgNrPnw0GCAmNIf+Omvl
|
||||
G7gdsSR93eALJp1vvKZpeEVZj0M0gQ1i4QIIR8PMqs+2jaYyed4HhRYzUbGKZMnr
|
||||
94Onby8FIAYq0B79VqBv5NfMc2KEKrLXwuDSjtZd2TGB7qeLF7sCczyFoi5XTj+B
|
||||
iVfdxCzoYEa1Rjp5hGllVj85w2DdfKED/BW7VCel4H+WTZGqTFQ1e3kPo1KdqlwD
|
||||
F+Ci2JFU6myPy0LpHrNhn6FsdQGOuRKgYPycol7VzJHKtcGNMDkUFGV2DsgljQuW
|
||||
Sj5TNNX5umFCIIN94eLvHtV9bXP98yKB/5pr2JhagL6kdU7OE0c/mugA05gGQTUJ
|
||||
DeLNsRq54YC+CLyM9dxMvH7yB43yMfUvgKcSRt0sHUo8g5aOYdFq0SXQUr8+t/iH
|
||||
3t5/JxhqBik8FBiu0aISsTDUbvbxQQQe/LhfR+FWDZRFwHOL0VELapfw1whitGG+
|
||||
y+F9fQIJfa5yzEiC9AWYZjHRaFB7q6LAvF0V8vP+pkT157fTK63W53mt1+VPMt2L
|
||||
732i+/Cqy/6HzwOdnNnNyfEdvm2Jojs8KXN20vChnfUGifvTjxuiFib9sQARAQAB
|
||||
zR9SaWNoYXJkIExldml0dGUgPGxldml0dGVAbHAuc2U+wsGPBBMBAgAiBQJUMGwd
|
||||
AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAhCRDV6eQ/ffnujBYhBHlTrB+8
|
||||
PcizspI5PtXp5D99+e6Mq7QP/iNhBEDJYRTrYc6JAmRIg6YyiKjeOx8kXtVCe9+q
|
||||
CzC+Y9ehyZB5Dyl0Ybej9jNJdEDJzDHKzVwU4NrfefcTWqUOQDNbpClGtXcQHlUt
|
||||
hjREPWpyAEH1OhD5NDTSMI5YYKZDEfiN6oEpWlc7WK0mXZuY5mHOo0B3yNDfV845
|
||||
+7CGPK9zuE56/f9SLmCaFsCkNMGbvV4ybLRoBfZdnC5NPOKyJXQ0TG0CbxGMgIN5
|
||||
cOrBphU+ZrPYY+p4jEoD5rvFugQl4+oRsvxygpJV5t8pe1ihNMhmzu3CpRtMjmRA
|
||||
dzK+27Z8p7m8BORuoC+NbXVpcmjIueXDkYdxP+09qUyw8xE398tAuEXpbCVoQ68b
|
||||
6NDCBpowgvUu34zxDn0wKdt2YGHB6z7Kl7b8RycWG3Y8u/Hs+l6QehEmiy6UKXl7
|
||||
zW3PIi3192WzElUi7TtG/btqC6YPs0U3SQMkNWzwkjbKM9bC4gPFMK05a8QENc66
|
||||
M+USWjNg0TiAkGP9PDlpYyhtjicCTgL51lDm8LBXr9cbzvXav7Jc6NVh7Zby89r1
|
||||
DsPFzfDkccOX6nSnqYMISmvRUGrGfgrkeeM0MNu93aPTrs+0fxq+HJIZEhX/YCyQ
|
||||
N4jqM+hQGh9bOwM7BacaP9F9vnq2hDK2WIXlWChX9Q70xArViJqzI8/76Ph1inPb
|
||||
jbJczSVSaWNoYXJkIExldml0dGUgPGxldml0dGVAb3BlbnNzbC5vcmc+wsGPBBMB
|
||||
AgAiBQJUMGwKAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAhCRDV6eQ/ffnu
|
||||
jBYhBHlTrB+8PcizspI5PtXp5D99+e6M1bAP/0byoJMiMsswapbBypQCT/vQmaoX
|
||||
jZzNcU4qAKlB5EMlHkxl1T8ytEXxmNMd/e0ltV9HALeBqX1eYHS7oTG3rMXKuYVY
|
||||
TO19eM2wLiCW664EUtOsB9zAnpp6X+8UWMoNEpWlEHgkdlADQ0xIrrH3pt29SAbd
|
||||
x0QsvwkWPawEoKMoUiGPnVY4hAt7Xx9gDmWEa2T6tExd9soBBTIuIpTH3MbAEHsv
|
||||
nBbdyarNltGF/pXYGMmGaYmU0WujqKzqpBpy3zwd0Rx1Kms5e0ZcypVzqx3Xgcue
|
||||
W8fbMPTZbG+Z922GUFDJ139WjAA2FsMJ9ES7XIIoJh/4nfBwk+PXcj29TieDnl2r
|
||||
d4x7Yxnqp4Vzau+IARz9Vr1OIFVlQbaSdXfmDFi/fvVf9CJZnWwcSwkqp4pk50Zy
|
||||
nEA+8TzEQj08jdj0+yrJNvbRxqbIafzSmoU77bANs4gc0WOdTTpvv4honUQROARp
|
||||
G/JT47hE7ATVGNdF7bmWNEyEYFtZMdGP0xD+K0xEgsir65aruVixVrNKxOX9wqx6
|
||||
JGzHTSTgtAVYAvMIsWJTLuCXZbMRmmmmubfyVaMAisz5UIYD+TCPncuJ1dMUW9WI
|
||||
uLNFGLTRGHri01EWe2epaHZWA0WB0cQZaeGpc7C986WskDi9SA9ZzCIGW4oQIBQX
|
||||
lRJjjYxIBCnjxtUWzSVSaWNoYXJkIExldml0dGUgPHJpY2hhcmRAbGV2aXR0ZS5v
|
||||
cmc+wsGSBBMBAgAlAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAUCVDBtJgIZ
|
||||
AQAhCRDV6eQ/ffnujBYhBHlTrB+8PcizspI5PtXp5D99+e6MmN0P/AmpB8DasBnj
|
||||
h9fAlBM8kEZ23MHVdEguPWX8KBML4L6eVlWRn7hdfpvOS90Ll5LTdtWPAQs8lDYh
|
||||
4V86hIYgLK9tisZyby+5NT4dEl6CXgHbRjdDbp0xKfGc5F9jWzPZpG8ZdDz6Zbvd
|
||||
ooy/4ThXNS16HcsJRckan6oFjCNAWSNpXDYcLtA7+9ncimrC/C+kGYlyPWJGYZu1
|
||||
C3I+oL3+qWwiqAG9hp/zedsIsNP7o24wb0SgD0dTzphmOAPwTRfGS2DHhpbAH9P6
|
||||
MZPiFBRGsARRRFfTRGkzI9W1M4bv9l/L8s6STpjD8+40f+aUE8cyUcNj1ycyRGFA
|
||||
nwf5MeO3MqzvjocoUyoZNc4t7/6rh6sceFjgMt/DFFZbi3kvz9cJBcaN6TWWktd4
|
||||
+1WmLxwcF0n3xaB04KCvXTaBZ5f/Hz5D4O8HyYsS6GlW6yIUiuAOvav8WizaTMbY
|
||||
k81XfXBuBKv7Vxk0fRYf9+HJ7fyWyIlIN9FqrSiiopA3JR+8gP8ueFcycmLnl2D9
|
||||
fyZn/sv+UCLrMR6fyD/5EtzgzW0AJ8BDJw5n7ctmZ6UhuasDZZMPC2uB9LVhpQ8W
|
||||
3mDDxJoaYe5bE2p0ca+mwEHZQpbpjmtT/2x5rGFZYxBUOhuGn/94zEYSqLLDirlF
|
||||
IEUgucXLOLQHyEl+kEkCLEmSbn71WsM8wsGPBBMBAgAiBQJUMGs2AhsDBgsJCAcD
|
||||
AgYVCAIJCgsEFgIDAQIeAQIXgAAhCRDV6eQ/ffnujBYhBHlTrB+8PcizspI5PtXp
|
||||
5D99+e6MbdMP/1yj/fl/t8sl6ZH8v26uBBLSUeZPJYef9TCoe6akV//x4JLujB8y
|
||||
dGGW8bToC680zpuYlNn+avMwmjyocPwe7Cqgev6AyO+CjspoodM9Xai0y10CAHCl
|
||||
vGAW8mX7c79jtLcMB/Z/0+5u4ErkzfwyURRpB5deLcQ4LhyRVZbLQ72fdCrmPYzO
|
||||
e6Rhmfr9nWKL/oHDTLDUtRjAXdurI8YQKK9nCtbsM2uytvYkzpD2wx0B16rB7N04
|
||||
QLJBNDyOUJwnm4K+Xt9LLs8NUJ8JXCdwXKXGrFFbt2b3vmy0y4/NR5AUoS444ao5
|
||||
1mybA19WkCcCj5mSKmfZ9Dfbv6K3JCJx4ra5uJT2HP2M3NugtumQ1KPBUlNApVC6
|
||||
u+Vn7SMqFW/KFRCxOjXDWWU+F4prqzOVc5SYqIUOk7XVxgj1FBryw5Wel5iq1Bn8
|
||||
La1Fv3Hs/+pUKHRYYIC48kRET7h6oCmBiNn+XmU0A2qZnIyblmVpmfYftj3UWUC0
|
||||
S86qf/dRi8unTXYl8qEQyOSPz8g6t2RDgEsJOzKhiO+j+wcBYVOgrSgsawC8yxjA
|
||||
zfVwkprUJognVBJFCv4sKMb9wg99iEacI6O401w3FQy5FyokjmxXzrhn0UPj3t35
|
||||
wd81WZ5HWaBSLnBo8HklfDyaybPlXODldSI7OGOch/0/CZEQzQwzsmnazsFNBFQw
|
||||
azYBEADPNcBdaXTUwkG81K9NRKsKGVZ1coVRxkOx2+VD2THTY45sBx9MGmQsmSpj
|
||||
U45kx/wO5KiTVj+bM+scSzwNgERqLiyf/2hgOIDYaoyKSfAfIVCmm5pSa2Ad01RV
|
||||
9qT3i0eSSpa1Kpx8eAHKcVsDsWb2ZCd8/MI9778cCjrCbPI4o9zEVK+fjtmYKtdk
|
||||
HsEoMSVU6Jy86E908OLaJbOeo1a7bSKs4tU8zGWAX+ddY5Cb+w3cHQb4QheDWZHM
|
||||
el8ZcEgTah7huS6lUA4seQnTKXHmkIZ+uNtB3gFMKso/6GoOGZnUTk8dPY3POLY1
|
||||
nbMQ/dEvMQpFxLCOBNQP0lhO4DGP0KuwLXzq2XAxrylX5tY0bNmZKLTjhi4CbKAt
|
||||
c/+iwMUkQQXJRw7Vlp9Fp9ogOvzx/YlMaZQZZixg5uN2b4UD5cWliHn4Aq7DkTzQ
|
||||
Je31m7sezA3cLnFR86ol2X77y79n0GRjGsMa+b+e9NRWNKs28JiCPF3ya31Kk+3+
|
||||
sjauCZQW3KYx31Il5bO3ulLHOtxhSkCUHx5sJ81NJIhZFr+7yAel/ECCiT9KbVbh
|
||||
ddJBHsd7GNkwzb1QivcqnYiBW9QzXkQ+xAKHfS7YM5ooYcg6G7jw89/W0xznnGiz
|
||||
5JTjMkj1s9cppQ8tdqiV4Uemvx/96Nr5F7n++UJZ7Oval9/zswARAQABwsF2BBgB
|
||||
AgAJBQJUMGs2AhsMACEJENXp5D99+e6MFiEEeVOsH7w9yLOykjk+1enkP3357ozr
|
||||
2A//YzMQJ6Mo+/SU328dOeoseI/sFypuK882pPhXfJqX8l8H1zyHbKWy5lLLiv1M
|
||||
oNOC/8pWbpv2QlWyN3PKrB6srClnpPyiHIO37/lQBcpjvAfy9HWpl21FDxn9Ruxn
|
||||
a/IMYwq60EjE5h8NynNn57vydF3qTcTqkhtHW61L3vbBAcz9VMSay9QVm1f6qzM5
|
||||
WbbLxp1sfNjQWKSo381kjs1Vj7yCTBrJul3qSeX0CsRB7WF5VYMalpNTHPRIqCWp
|
||||
zTMcO3E5SSGIJy+AqwAZZvFiylGrSsux6TnVEVJ07s0nn1yj3q7Ii7av+waGmTf7
|
||||
9B0AyZv0IZ4j4NUWFNnGhsG1bEumFLkQl7Id/M61k0yKOusHdzDcZbCzecyww1w3
|
||||
WD+j4wvGkfBy4mQRqLiyjutsN/dpxRRkULATME+TH9J5eNq0A5sRRaayEiA1TDcA
|
||||
WfF0PtA4smNy1GyIarobC+xn8AENi4eeYZBbfDfh8oRhEsICQ6rs098wiYz8jtZ/
|
||||
pOruzbiD7ZKDy+vjKtYqgjGnioHQalJCZrKTUnREpH102pg1Cw6v2OcjiXsqU5L7
|
||||
Yrhv1jQIluII051VIJ/QBWe5uT7YiJOsMLMQGWvkObPXEYLld2UF6hK6MH4epkwV
|
||||
/w1uNqnlvIeEFgHTKmSHvfwlAF64lUiDCUdWExXybKkE2NY=
|
||||
=1H60
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
63
openssl.keyring.README
Normal file
63
openssl.keyring.README
Normal file
@ -0,0 +1,63 @@
|
||||
Upgrade openssl tarball
|
||||
======================
|
||||
|
||||
Sometimes you need also update openssl source code tarball when
|
||||
upgrading EDK2 source code. Normally you should see similar patch
|
||||
commit in EDK2 git repo:
|
||||
|
||||
commit 4ca4041b0dbb310109d9cb047ed428a0082df395
|
||||
Author: Sheng Wei <w.sheng@intel.com>
|
||||
Date: Tue Feb 28 10:43:57 2023 +0800
|
||||
|
||||
CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1t
|
||||
|
||||
Then you will need to update openssl-%{openssl_version}.tar.gz and
|
||||
openssl-%{openssl_version}.tar.gz.asc signature. You can find them
|
||||
from https://www.openssl.org/source/old/1.1.1/
|
||||
e.g.
|
||||
https://www.openssl.org/source/old/1.1.1/openssl-1.1.1t.tar.gz
|
||||
https://www.openssl.org/source/old/1.1.1/openssl-1.1.1t.tar.gz.asc
|
||||
|
||||
Update the key of signature for tarball
|
||||
----------------------------------------
|
||||
You will use "osc ci" command to commit new openssl tarball to OBS.
|
||||
But sometimes you will see fail like this:
|
||||
|
||||
ovmf> osc ci -m "Upgrade OpenSSL to 1.1.1t"
|
||||
- package has ovmf-rpmlintrc: (unchanged)
|
||||
gpg: Signature made Tue 07 Feb 2023 09:37:18 PM CST
|
||||
gpg: using RSA key 7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C
|
||||
gpg: Can't check signature: No public key
|
||||
ERROR: signature ovmf/openssl-1.1.1t.tar.gz.asc does not validate
|
||||
|
||||
It means that osc caommand didn't find corresponding key to validate
|
||||
openssl-%{openssl_version}.tar.gz.asc. It will stop to submit your change
|
||||
to OBS.
|
||||
|
||||
In the above example, it indicates that the signature is using RSA key
|
||||
7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C. You should go to openssl's
|
||||
"OpenSSL Technical Committee" page to download the corresponding key
|
||||
to local. In this case:
|
||||
|
||||
https://www.openssl.org/community/otc.html
|
||||
Richard Levitte (I) 7953 AC1F BC3D C8B3 B292 393E D5E9 E43F 7DF9 EE8C
|
||||
|
||||
Then you just use downloaded key to overwrite openssl.keyring file.
|
||||
e.g.
|
||||
ovmf> cp 7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C openssl.keyring
|
||||
|
||||
Then the osc verification of openssl-%{openssl_version}.tar.gz.asc will pass.
|
||||
Like this:
|
||||
|
||||
ovmf> osc ci -m "Upgrade OpenSSL to 1.1.1t"
|
||||
(W) Attention, 7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C is not mentioned in spec files as source or patch.
|
||||
###ASK ovmf/7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C
|
||||
- package has ovmf-rpmlintrc: (unchanged)
|
||||
gpg: Signature made Tue 07 Feb 2023 09:37:18 PM CST
|
||||
gpg: using RSA key 7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C
|
||||
gpg: Good signature from "Richard Levitte <richard@levitte.org>" [unknown]
|
||||
gpg: aka "Richard Levitte <levitte@lp.se>" [unknown]
|
||||
gpg: aka "Richard Levitte <levitte@openssl.org>" [unknown]
|
||||
|
||||
Please maintain the openssl.keyring file in ovmf package with new openssl
|
||||
tarball and signature.
|
@ -0,0 +1,13 @@
|
||||
Index: edk2-edk2-stable202305/ArmVirtPkg/ArmVirt.dsc.inc
|
||||
===================================================================
|
||||
--- edk2-edk2-stable202305.orig/ArmVirtPkg/ArmVirt.dsc.inc
|
||||
+++ edk2-edk2-stable202305/ArmVirtPkg/ArmVirt.dsc.inc
|
||||
@@ -365,7 +365,7 @@
|
||||
# reserved ones, with the exception of LoaderData regions, of which OS loaders
|
||||
# (i.e., GRUB) may assume that its contents are executable.
|
||||
#
|
||||
- gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xC000000000007FD5
|
||||
+ gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xC000000000007FD1
|
||||
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard|TRUE
|
||||
|
60
ovmf-Revert-OvmfPkg-OvmfXen-Set-PcdFSBClock.patch
Normal file
60
ovmf-Revert-OvmfPkg-OvmfXen-Set-PcdFSBClock.patch
Normal file
@ -0,0 +1,60 @@
|
||||
From b8324bc3d5d44e5b1644a66f1b6e07b6e4ad9350 Mon Sep 17 00:00:00 2001
|
||||
From: "Lee, Chun-Yi" <jlee@suse.com>
|
||||
Date: Wed, 15 Feb 2023 14:39:37 +0800
|
||||
Subject: [PATCH] Revert "OvmfPkg/OvmfXen: Set PcdFSBClock"
|
||||
|
||||
This reverts commit 71cdb91f313380152d7bf38cfeebe76f5b2d39ac.
|
||||
---
|
||||
OvmfPkg/OvmfXen.dsc | 4 +++-
|
||||
OvmfPkg/XenPlatformPei/Xen.c | 4 ----
|
||||
OvmfPkg/XenPlatformPei/XenPlatformPei.inf | 1 -
|
||||
3 files changed, 3 insertions(+), 6 deletions(-)
|
||||
|
||||
Index: edk2-edk2-stable202302/OvmfPkg/OvmfXen.dsc
|
||||
===================================================================
|
||||
--- edk2-edk2-stable202302.orig/OvmfPkg/OvmfXen.dsc
|
||||
+++ edk2-edk2-stable202302/OvmfPkg/OvmfXen.dsc
|
||||
@@ -456,6 +456,9 @@
|
||||
# Point to the MdeModulePkg/Application/UiApp/UiApp.inf
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdBootManagerMenuFile|{ 0x21, 0xaa, 0x2c, 0x46, 0x14, 0x76, 0x03, 0x45, 0x83, 0x6e, 0x8a, 0xb6, 0xf4, 0x66, 0x23, 0x31 }
|
||||
|
||||
+ ## Xen vlapic's frequence is 100 MHz
|
||||
+ gEfiMdePkgTokenSpaceGuid.PcdFSBClock|100000000
|
||||
+
|
||||
# We populate DXE IPL tables with 1G pages preferably on Xen
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable|TRUE
|
||||
|
||||
@@ -486,7 +489,6 @@
|
||||
gUefiOvmfPkgTokenSpaceGuid.PcdPciMmio64Base|0x0
|
||||
gUefiOvmfPkgTokenSpaceGuid.PcdPciMmio64Size|0x800000000
|
||||
|
||||
- gEfiMdePkgTokenSpaceGuid.PcdFSBClock|100000000
|
||||
gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut|0
|
||||
|
||||
# Set video resolution for text setup.
|
||||
Index: edk2-edk2-stable202302/OvmfPkg/XenPlatformPei/Xen.c
|
||||
===================================================================
|
||||
--- edk2-edk2-stable202302.orig/OvmfPkg/XenPlatformPei/Xen.c
|
||||
+++ edk2-edk2-stable202302/OvmfPkg/XenPlatformPei/Xen.c
|
||||
@@ -634,9 +634,5 @@ CalibrateLapicTimer (
|
||||
Freq = DivU64x64Remainder (Dividend, TscTick2 - TscTick, NULL);
|
||||
DEBUG ((DEBUG_INFO, "APIC Freq % 8lu Hz\n", Freq));
|
||||
|
||||
- ASSERT (Freq <= MAX_UINT32);
|
||||
- Status = PcdSet32S (PcdFSBClock, (UINT32)Freq);
|
||||
- ASSERT_EFI_ERROR (Status);
|
||||
-
|
||||
UnmapXenPage (SharedInfo);
|
||||
}
|
||||
Index: edk2-edk2-stable202302/OvmfPkg/XenPlatformPei/XenPlatformPei.inf
|
||||
===================================================================
|
||||
--- edk2-edk2-stable202302.orig/OvmfPkg/XenPlatformPei/XenPlatformPei.inf
|
||||
+++ edk2-edk2-stable202302/OvmfPkg/XenPlatformPei/XenPlatformPei.inf
|
||||
@@ -86,7 +86,6 @@
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask
|
||||
- gEfiMdePkgTokenSpaceGuid.PcdFSBClock
|
||||
gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy
|
||||
gUefiCpuPkgTokenSpaceGuid.PcdCpuLocalApicBaseAddress
|
||||
|
@ -0,0 +1,28 @@
|
||||
From 5b3a40038886774228826b42c9aa3c9645a799a9 Mon Sep 17 00:00:00 2001
|
||||
From: "Lee, Chun-Yi" <jlee@suse.com>
|
||||
Date: Wed, 15 Mar 2023 17:21:25 +0800
|
||||
Subject: [PATCH 6/6] Revert "OvmfPkg/PlatformInitLib: dynamic mmio window
|
||||
size"
|
||||
|
||||
This reverts commit ecb778d0ac62560aa172786ba19521f27bc3f650.
|
||||
|
||||
Joey Lee:
|
||||
Only revert one line to keep this workaround patch simple. Because
|
||||
bsc#1205588 is a SUSE specific issue.
|
||||
|
||||
---
|
||||
OvmfPkg/Library/PlatformInitLib/MemDetect.c | 28 ---------------------
|
||||
1 file changed, 28 deletions(-)
|
||||
|
||||
Index: edk2-edk2-stable202305/OvmfPkg/Library/PlatformInitLib/MemDetect.c
|
||||
===================================================================
|
||||
--- edk2-edk2-stable202305.orig/OvmfPkg/Library/PlatformInitLib/MemDetect.c
|
||||
+++ edk2-edk2-stable202305/OvmfPkg/Library/PlatformInitLib/MemDetect.c
|
||||
@@ -855,7 +855,6 @@ PlatformAddressWidthInitialization (
|
||||
PlatformAddressWidthFromCpuid (PlatformInfoHob, TRUE);
|
||||
if (PlatformInfoHob->PhysMemAddressWidth != 0) {
|
||||
// physical address width is known
|
||||
- PlatformDynamicMmioWindow (PlatformInfoHob);
|
||||
return;
|
||||
}
|
||||
|
@ -0,0 +1,51 @@
|
||||
From 251820bfcd28abecf8a67ee94d82c8ab47547b0b Mon Sep 17 00:00:00 2001
|
||||
From: Joey Lee <jlee@suse.com>
|
||||
Date: Mon, 20 Mar 2023 13:14:57 +0100
|
||||
Subject: [PATCH] Revert "OvmfPkg/PlatformPei: Update
|
||||
ReserveEmuVariableNvStore"
|
||||
|
||||
This reverts commit 58eb8517ad7b56574f8f04b770a59a9cbed796c4.
|
||||
(bsc#1209266)
|
||||
|
||||
Signed-off-by: Joey Lee <jlee@suse.com>
|
||||
---
|
||||
OvmfPkg/PlatformPei/Platform.c | 25 ++++++++++++++++++-------
|
||||
1 file changed, 18 insertions(+), 7 deletions(-)
|
||||
|
||||
Index: edk2-edk2-stable202305/OvmfPkg/PlatformPei/Platform.c
|
||||
===================================================================
|
||||
--- edk2-edk2-stable202305.orig/OvmfPkg/PlatformPei/Platform.c
|
||||
+++ edk2-edk2-stable202305/OvmfPkg/PlatformPei/Platform.c
|
||||
@@ -219,14 +219,24 @@ ReserveEmuVariableNvStore (
|
||||
EFI_PHYSICAL_ADDRESS VariableStore;
|
||||
RETURN_STATUS PcdStatus;
|
||||
|
||||
- VariableStore = (EFI_PHYSICAL_ADDRESS)(UINTN)PlatformReserveEmuVariableNvStore ();
|
||||
- PcdStatus = PcdSet64S (PcdEmuVariableNvStoreReserved, VariableStore);
|
||||
-
|
||||
- if (FeaturePcdGet (PcdSecureBootSupported)) {
|
||||
- // restore emulated VarStore from pristine ROM copy
|
||||
- PlatformInitEmuVariableNvStore ((VOID *)(UINTN)VariableStore);
|
||||
- }
|
||||
-
|
||||
+ //
|
||||
+ // Allocate storage for NV variables early on so it will be
|
||||
+ // at a consistent address. Since VM memory is preserved
|
||||
+ // across reboots, this allows the NV variable storage to survive
|
||||
+ // a VM reboot.
|
||||
+ //
|
||||
+ VariableStore =
|
||||
+ (EFI_PHYSICAL_ADDRESS)(UINTN)
|
||||
+ AllocateRuntimePages (
|
||||
+ EFI_SIZE_TO_PAGES (2 * PcdGet32 (PcdFlashNvStorageFtwSpareSize))
|
||||
+ );
|
||||
+ DEBUG ((
|
||||
+ DEBUG_INFO,
|
||||
+ "Reserved variable store memory: 0x%lX; size: %dkb\n",
|
||||
+ VariableStore,
|
||||
+ (2 * PcdGet32 (PcdFlashNvStorageFtwSpareSize)) / 1024
|
||||
+ ));
|
||||
+ PcdStatus = PcdSet64S (PcdEmuVariableNvStoreReserved, VariableStore);
|
||||
ASSERT_RETURN_ERROR (PcdStatus);
|
||||
}
|
||||
|
90
ovmf-build-funcs.sh
Normal file
90
ovmf-build-funcs.sh
Normal file
@ -0,0 +1,90 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Generate PK/KEK OEM strings
|
||||
pkkek_oemstr()
|
||||
{
|
||||
local CERT_FILE=$1
|
||||
sed \
|
||||
-e 's/^-----BEGIN CERTIFICATE-----$/4e32566d-8e9e-4f52-81d3-5bb9715f9727:/' \
|
||||
-e '/^-----END CERTIFICATE-----$/d' \
|
||||
$CERT_FILE \
|
||||
| tr -d '\n'
|
||||
}
|
||||
|
||||
# Build the varstore template
|
||||
build_template()
|
||||
{
|
||||
local ARCH=$(echo $1 | tr '[:lower:'] '[:upper:]')
|
||||
local PREFIX="$2"
|
||||
local KEY="$3"
|
||||
local PKKEK_FILE="$4"
|
||||
local ISO_FILE="$5"
|
||||
local TYPE="$6"
|
||||
|
||||
# QEMU parameters
|
||||
# pflash parameters
|
||||
local PFLASH=""
|
||||
if [ $TYPE == "separate" ]; then
|
||||
local FW_CODE_ORIG="${PREFIX}-code.bin"
|
||||
local FW_VARS_ORIG="${PREFIX}-vars.bin"
|
||||
local FW_CODE="${PREFIX}-${KEY}-code.bin"
|
||||
local FW_VARS="${PREFIX}-${KEY}-vars.bin"
|
||||
local PFLASH_CODE="-drive if=pflash,format=raw,unit=0,readonly=on,file=$FW_CODE"
|
||||
local PFLASH_VARS="-drive if=pflash,format=raw,unit=1,file=$FW_VARS"
|
||||
|
||||
ln -s "$FW_CODE_ORIG" "$FW_CODE"
|
||||
cp "$FW_VARS_ORIG" "$FW_VARS"
|
||||
|
||||
PFLASH="$PFLASH_CODE $PFLASH_VARS"
|
||||
elif [ $TYPE == "unified" ]; then
|
||||
local UNIFIED_FW_ORIG="${PREFIX}.bin"
|
||||
local UNIFIED_FW="${PREFIX}-${KEY}.bin"
|
||||
|
||||
cp "$UNIFIED_FW_ORIG" "$UNIFIED_FW"
|
||||
|
||||
PFLASH="-drive if=pflash,format=raw,unit=0,file=$UNIFIED_FW"
|
||||
fi
|
||||
|
||||
# smbios parameters for PK and KEK
|
||||
local SMBIOS="-smbios type=11,value=$(pkkek_oemstr $PKKEK_FILE)"
|
||||
|
||||
# memory: 256MB
|
||||
local MEMORY="-m 256"
|
||||
|
||||
# kvm
|
||||
local FW_CFG="-fw_cfg name=opt/org.tianocore/X-Cpuhp-Bugcheck-Override,string=yes"
|
||||
|
||||
# redirect display to stdio and disable network
|
||||
local MISC="-display none -no-user-config -nodefaults -smp 1"
|
||||
MISC="$MISC -serial stdio"
|
||||
|
||||
# set cdrom device
|
||||
local CDROM="-device virtio-scsi-pci,id=scsi0"
|
||||
CDROM="$CDROM -device scsi-cd,drive=cd0,bus=scsi0.0,bootindex=0"
|
||||
CDROM="$CDROM -drive media=cdrom,if=none,id=cd0,format=raw,readonly=on"
|
||||
CDROM="$CDROM,file=${ISO_FILE}"
|
||||
|
||||
if [ $ARCH == "X64" ]; then
|
||||
# qemu command
|
||||
local QEMU="qemu-system-x86_64"
|
||||
|
||||
# machine parameters
|
||||
local MACHINE="-machine q35"
|
||||
if [[ "$PREFIX" == *"-smm" ]]; then
|
||||
MACHINE="$MACHINE,smm=on,accel=tcg"
|
||||
MACHINE="$MACHINE -global driver=cfi.pflash01,property=secure,value=on"
|
||||
MACHINE="$MACHINE -global ICH9-LPC.disable_s3=1"
|
||||
fi
|
||||
MACHINE="$MACHINE -chardev pty,id=charserial1"
|
||||
MACHINE="$MACHINE -device isa-serial,chardev=charserial1,id=serial1"
|
||||
elif [ $ARCH == "AARCH64" ]; then
|
||||
# qemu command
|
||||
local QEMU="qemu-system-aarch64"
|
||||
|
||||
# machine parameters
|
||||
local MACHINE="-cpu cortex-a57 -machine virt"
|
||||
fi
|
||||
|
||||
# Launch the VM
|
||||
$QEMU $MACHINE $MEMORY $FW_CFG $PFLASH $SMBIOS $CDROM $MISC
|
||||
}
|
54
ovmf-disable-brotli.patch
Normal file
54
ovmf-disable-brotli.patch
Normal file
@ -0,0 +1,54 @@
|
||||
From 278d7e48deeaf8fcf2ac347a452c4e7ca0389007 Mon Sep 17 00:00:00 2001
|
||||
From: Gary Lin <glin@suse.com>
|
||||
Date: Thu, 1 Apr 2021 17:25:59 +0800
|
||||
Subject: [PATCH 1/1] Disable brotli
|
||||
|
||||
The brotli compression/decompression function was never used and it
|
||||
requires additional source tarball for packaging. Remove brotli from
|
||||
building for good.
|
||||
|
||||
Signed-off-by: Gary Lin <glin@suse.com>
|
||||
---
|
||||
BaseTools/Source/C/GNUmakefile | 1 -
|
||||
MdeModulePkg/MdeModulePkg.dec | 3 ---
|
||||
MdeModulePkg/MdeModulePkg.dsc | 1 -
|
||||
3 files changed, 5 deletions(-)
|
||||
|
||||
Index: edk2-edk2-stable202305/BaseTools/Source/C/GNUmakefile
|
||||
===================================================================
|
||||
--- edk2-edk2-stable202305.orig/BaseTools/Source/C/GNUmakefile
|
||||
+++ edk2-edk2-stable202305/BaseTools/Source/C/GNUmakefile
|
||||
@@ -51,7 +51,6 @@ all: makerootdir subdirs
|
||||
LIBRARIES = Common
|
||||
VFRAUTOGEN = VfrCompile/VfrLexer.h
|
||||
APPLICATIONS = \
|
||||
- BrotliCompress \
|
||||
VfrCompile \
|
||||
EfiRom \
|
||||
GenFfs \
|
||||
Index: edk2-edk2-stable202305/MdeModulePkg/MdeModulePkg.dec
|
||||
===================================================================
|
||||
--- edk2-edk2-stable202305.orig/MdeModulePkg/MdeModulePkg.dec
|
||||
+++ edk2-edk2-stable202305/MdeModulePkg/MdeModulePkg.dec
|
||||
@@ -26,9 +26,6 @@
|
||||
Include
|
||||
Test/Mock/Include
|
||||
|
||||
-[Includes.Common.Private]
|
||||
- Library/BrotliCustomDecompressLib/brotli/c/include
|
||||
-
|
||||
[LibraryClasses]
|
||||
## @libraryclass Defines a set of methods to reset whole system.
|
||||
ResetSystemLib|Include/Library/ResetSystemLib.h
|
||||
Index: edk2-edk2-stable202305/MdeModulePkg/MdeModulePkg.dsc
|
||||
===================================================================
|
||||
--- edk2-edk2-stable202305.orig/MdeModulePkg/MdeModulePkg.dsc
|
||||
+++ edk2-edk2-stable202305/MdeModulePkg/MdeModulePkg.dsc
|
||||
@@ -453,7 +453,6 @@
|
||||
MdeModulePkg/Universal/EbcDxe/EbcDebuggerConfig.inf
|
||||
|
||||
[Components.IA32, Components.X64, Components.ARM, Components.AARCH64]
|
||||
- MdeModulePkg/Library/BrotliCustomDecompressLib/BrotliCustomDecompressLib.inf
|
||||
MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompressLib.inf
|
||||
MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf
|
||||
MdeModulePkg/Core/Dxe/DxeMain.inf {
|
13
ovmf-disable-ia32-firmware-piepic.patch
Normal file
13
ovmf-disable-ia32-firmware-piepic.patch
Normal file
@ -0,0 +1,13 @@
|
||||
Index: edk2-edk2-stable202302/BaseTools/Conf/tools_def.template
|
||||
===================================================================
|
||||
--- edk2-edk2-stable202302.orig/BaseTools/Conf/tools_def.template
|
||||
+++ edk2-edk2-stable202302/BaseTools/Conf/tools_def.template
|
||||
@@ -1888,7 +1888,7 @@ DEFINE GCC_DEPS_FLAGS = -MM
|
||||
|
||||
DEFINE GCC48_ALL_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -ffunction-sections -fdata-sections -DSTRING_ARRAY_NAME=$(BASE_NAME)Strings
|
||||
DEFINE GCC48_IA32_X64_DLINK_COMMON = -nostdlib -Wl,-n,-q,--gc-sections -z common-page-size=0x20
|
||||
-DEFINE GCC48_IA32_CC_FLAGS = DEF(GCC48_ALL_CC_FLAGS) -m32 -march=i586 -malign-double -fno-stack-protector -D EFI32 -fno-asynchronous-unwind-tables -Wno-address -fno-omit-frame-pointer
|
||||
+DEFINE GCC48_IA32_CC_FLAGS = DEF(GCC48_ALL_CC_FLAGS) -m32 -march=i586 -malign-double -fno-stack-protector -D EFI32 -fno-asynchronous-unwind-tables -Wno-address -fno-omit-frame-pointer -fno-pic -fno-pie
|
||||
DEFINE GCC48_X64_CC_FLAGS = DEF(GCC48_ALL_CC_FLAGS) -m64 -fno-stack-protector "-DEFIAPI=__attribute__((ms_abi))" -maccumulate-outgoing-args -mno-red-zone -Wno-address -mcmodel=small -fpie -fno-asynchronous-unwind-tables -Wno-address -fno-omit-frame-pointer
|
||||
DEFINE GCC48_IA32_X64_ASLDLINK_FLAGS = DEF(GCC48_IA32_X64_DLINK_COMMON) -Wl,--entry,ReferenceAcpiTable -u ReferenceAcpiTable
|
||||
DEFINE GCC48_IA32_X64_DLINK_FLAGS = DEF(GCC48_IA32_X64_DLINK_COMMON) -Wl,--entry,$(IMAGE_ENTRY_POINT) -u $(IMAGE_ENTRY_POINT) -Wl,-Map,$(DEST_DIR_DEBUG)/$(BASE_NAME).map,--whole-archive
|
565
ovmf-gdb-symbols.patch
Normal file
565
ovmf-gdb-symbols.patch
Normal file
@ -0,0 +1,565 @@
|
||||
From 263791566fbe25755aebde54c98d5aea061414f3 Mon Sep 17 00:00:00 2001
|
||||
From: Gary Ching-Pang Lin <glin@suse.com>
|
||||
Date: Tue, 24 Jun 2014 11:57:32 +0800
|
||||
Subject: [PATCH 1/3] Add DebugPkg
|
||||
|
||||
---
|
||||
DebugPkg/DebugPkg.dec | 34 ++++
|
||||
DebugPkg/GdbSyms/GdbSyms.c | 70 +++++++
|
||||
DebugPkg/GdbSyms/GdbSyms.inf | 57 ++++++
|
||||
DebugPkg/Scripts/gdb_uefi.py | 348 +++++++++++++++++++++++++++++++++++
|
||||
4 files changed, 509 insertions(+)
|
||||
create mode 100644 DebugPkg/DebugPkg.dec
|
||||
create mode 100644 DebugPkg/GdbSyms/GdbSyms.c
|
||||
create mode 100644 DebugPkg/GdbSyms/GdbSyms.inf
|
||||
create mode 100644 DebugPkg/Scripts/gdb_uefi.py
|
||||
|
||||
Index: edk2-edk2-stable202302/DebugPkg/DebugPkg.dec
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ edk2-edk2-stable202302/DebugPkg/DebugPkg.dec
|
||||
@@ -0,0 +1,34 @@
|
||||
+## @file
|
||||
+# Debug package - various useful stuff for debugging.
|
||||
+#
|
||||
+# Copyright (c) 2006 - 2011, Andrei Warkentin <andreiw@motorola.com>
|
||||
+#
|
||||
+# This program and the accompanying materials
|
||||
+# are licensed and made available under the terms and conditions of the BSD License
|
||||
+# which accompanies this distribution. The full text of the license may be found at
|
||||
+# http://opensource.org/licenses/bsd-license.php
|
||||
+#
|
||||
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
+#
|
||||
+##
|
||||
+
|
||||
+[Defines]
|
||||
+ DEC_VERSION = 0x00010005
|
||||
+ PACKAGE_NAME = DebugPkg
|
||||
+ PACKAGE_GUID = 2d234f34-50e5-4b9d-b8e3-5562334d87e5
|
||||
+ PACKAGE_VERSION = 0.1
|
||||
+
|
||||
+[Includes]
|
||||
+ Include
|
||||
+
|
||||
+[Guids]
|
||||
+
|
||||
+[Protocols]
|
||||
+
|
||||
+[PcdsFixedAtBuild]
|
||||
+
|
||||
+[PcdsDynamic]
|
||||
+
|
||||
+[LibraryClasses]
|
||||
+
|
||||
Index: edk2-edk2-stable202302/DebugPkg/GdbSyms/GdbSyms.c
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ edk2-edk2-stable202302/DebugPkg/GdbSyms/GdbSyms.c
|
||||
@@ -0,0 +1,78 @@
|
||||
+/** @file
|
||||
+
|
||||
+ Bare-minimum GDB symbols needed for reloading symbols.
|
||||
+
|
||||
+ This is not a "driver" and should not be placed in a FD.
|
||||
+
|
||||
+ Copyright (c) 2011, Andrei Warkentin <andreiw@motorola.com>
|
||||
+
|
||||
+ This program and the accompanying materials
|
||||
+ are licensed and made available under the terms and conditions of the BSD License
|
||||
+ which accompanies this distribution. The full text of the license may be found at
|
||||
+ http://opensource.org/licenses/bsd-license.php
|
||||
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
+
|
||||
+**/
|
||||
+
|
||||
+#include "PiDxe.h"
|
||||
+
|
||||
+#include <Library/UefiLib.h>
|
||||
+#include <Library/UefiDriverEntryPoint.h>
|
||||
+#include <Library/BaseLib.h>
|
||||
+#include <Library/UefiRuntimeLib.h>
|
||||
+#include <Library/DebugLib.h>
|
||||
+#include <Library/BaseMemoryLib.h>
|
||||
+#include <Library/MemoryAllocationLib.h>
|
||||
+#include <Library/UefiBootServicesTableLib.h>
|
||||
+#include <Library/DevicePathLib.h>
|
||||
+#include <Library/PcdLib.h>
|
||||
+#include <Guid/DebugImageInfoTable.h>
|
||||
+
|
||||
+/**
|
||||
+ Main entry point.
|
||||
+
|
||||
+ @param[in] ImageHandle The firmware allocated handle for the EFI image.
|
||||
+ @param[in] SystemTable A pointer to the EFI System Table.
|
||||
+
|
||||
+ @retval EFI_SUCCESS Successfully initialized.
|
||||
+
|
||||
+**/
|
||||
+EFI_STATUS
|
||||
+EFIAPI
|
||||
+Initialize (
|
||||
+ IN EFI_HANDLE ImageHandle,
|
||||
+ IN EFI_SYSTEM_TABLE *SystemTable
|
||||
+ )
|
||||
+{
|
||||
+ EFI_SYSTEM_TABLE_POINTER ESTP;
|
||||
+ EFI_DEBUG_IMAGE_INFO_TABLE_HEADER EDIITH;
|
||||
+ EFI_IMAGE_DOS_HEADER EIDH;
|
||||
+ EFI_IMAGE_OPTIONAL_HEADER_UNION EIOHU;
|
||||
+ EFI_IMAGE_DEBUG_DIRECTORY_ENTRY EIDDE;
|
||||
+ EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY EIDCNE;
|
||||
+ EFI_IMAGE_DEBUG_CODEVIEW_RSDS_ENTRY EIDCRE;
|
||||
+ EFI_IMAGE_DEBUG_CODEVIEW_MTOC_ENTRY EIDCME;
|
||||
+ UINTN Dummy =
|
||||
+ (UINTN) &ESTP |
|
||||
+ (UINTN) &EDIITH |
|
||||
+ (UINTN) &EIDH |
|
||||
+ (UINTN) &EIOHU |
|
||||
+ (UINTN) &EIDDE |
|
||||
+ (UINTN) &EIDCNE |
|
||||
+ (UINTN) &EIDCRE |
|
||||
+ (UINTN) &EIDCME |
|
||||
+ 1
|
||||
+ ;
|
||||
+ DEBUG ((DEBUG_VERBOSE, "%a: %llx\n", __FUNCTION__, &ESTP));
|
||||
+ DEBUG ((DEBUG_VERBOSE, "%a: %llx\n", __FUNCTION__, &EDIITH));
|
||||
+ DEBUG ((DEBUG_VERBOSE, "%a: %llx\n", __FUNCTION__, &EIDH));
|
||||
+ DEBUG ((DEBUG_VERBOSE, "%a: %llx\n", __FUNCTION__, &EIOHU));
|
||||
+ DEBUG ((DEBUG_VERBOSE, "%a: %llx\n", __FUNCTION__, &EIDDE));
|
||||
+ DEBUG ((DEBUG_VERBOSE, "%a: %llx\n", __FUNCTION__, &EIDCNE));
|
||||
+ DEBUG ((DEBUG_VERBOSE, "%a: %llx\n", __FUNCTION__, &EIDCRE));
|
||||
+ DEBUG ((DEBUG_VERBOSE, "%a: %llx\n", __FUNCTION__, &EIDCME));
|
||||
+ return !!Dummy & EFI_SUCCESS;
|
||||
+}
|
||||
+
|
||||
+
|
||||
Index: edk2-edk2-stable202302/DebugPkg/GdbSyms/GdbSyms.inf
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ edk2-edk2-stable202302/DebugPkg/GdbSyms/GdbSyms.inf
|
||||
@@ -0,0 +1,57 @@
|
||||
+## @file
|
||||
+#
|
||||
+# Bare-minimum GDB symbols needed for reloading symbols.
|
||||
+#
|
||||
+# This is not a "driver" and should not be placed in a FD.
|
||||
+#
|
||||
+# Copyright (c) 2011, Andrei Warkentin <andreiw@motorola.com>
|
||||
+#
|
||||
+# This program and the accompanying materials
|
||||
+# are licensed and made available under the terms and conditions of the BSD License
|
||||
+# which accompanies this distribution. The full text of the license may be found at
|
||||
+# http://opensource.org/licenses/bsd-license.php
|
||||
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
+#
|
||||
+##
|
||||
+
|
||||
+[Defines]
|
||||
+ INF_VERSION = 0x00010005
|
||||
+ BASE_NAME = GdbSyms
|
||||
+ FILE_GUID = 22abcb60-fb40-42ac-b01f-3ab1fad9aad8
|
||||
+ MODULE_TYPE = DXE_DRIVER
|
||||
+ VERSION_STRING = 1.0
|
||||
+ ENTRY_POINT = Initialize
|
||||
+
|
||||
+#
|
||||
+# The following information is for reference only and not required by the build tools.
|
||||
+#
|
||||
+# VALID_ARCHITECTURES = IA32 X64 IPF EBC ARM
|
||||
+#
|
||||
+
|
||||
+[Sources]
|
||||
+ GdbSyms.c
|
||||
+
|
||||
+[Packages]
|
||||
+ MdePkg/MdePkg.dec
|
||||
+ MdeModulePkg/MdeModulePkg.dec
|
||||
+
|
||||
+[LibraryClasses]
|
||||
+ BaseLib
|
||||
+ BaseMemoryLib
|
||||
+ DebugLib
|
||||
+ DxeServicesTableLib
|
||||
+ HobLib
|
||||
+ MemoryAllocationLib
|
||||
+ PcdLib
|
||||
+ UefiBootServicesTableLib
|
||||
+ UefiDriverEntryPoint
|
||||
+ UefiLib
|
||||
+
|
||||
+[Guids]
|
||||
+
|
||||
+[Protocols]
|
||||
+
|
||||
+[Depex]
|
||||
+ TRUE
|
||||
+
|
||||
Index: edk2-edk2-stable202302/DebugPkg/Scripts/gdb_uefi.py
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ edk2-edk2-stable202302/DebugPkg/Scripts/gdb_uefi.py
|
||||
@@ -0,0 +1,350 @@
|
||||
+"""
|
||||
+Allows loading TianoCore symbols into a GDB session attached to EFI
|
||||
+Firmware.
|
||||
+
|
||||
+This is how it works: build GdbSyms - it's a dummy binary that
|
||||
+contains the relevant symbols needed to find and load image symbols.
|
||||
+
|
||||
+$ gdb
|
||||
+(gdb) taget remote ....
|
||||
+(gdb) source Scripts/gdb_uefi.py
|
||||
+(gdb) reload-uefi -o /path/to/GdbSyms.dll
|
||||
+
|
||||
+The -o option should be used if you've debugging EFI, where the PE
|
||||
+images were converted from MACH-O or ELF binaries.
|
||||
+
|
||||
+"""
|
||||
+
|
||||
+import array
|
||||
+import getopt
|
||||
+import binascii
|
||||
+import re
|
||||
+
|
||||
+__license__ = "BSD"
|
||||
+__version = "1.0.0"
|
||||
+__maintainer__ = "Andrei Warkentin"
|
||||
+__email__ = "andrey.warkentin@gmail.com"
|
||||
+__status__ = "Works"
|
||||
+
|
||||
+class ReloadUefi (gdb.Command):
|
||||
+ """Reload UEFI symbols"""
|
||||
+
|
||||
+ #
|
||||
+ # Various constants.
|
||||
+ #
|
||||
+
|
||||
+ EINVAL = 0xffffffff
|
||||
+ CV_NB10 = 0x3031424E
|
||||
+ CV_RSDS = 0x53445352
|
||||
+ CV_MTOC = 0x434F544D
|
||||
+ DOS_MAGIC = 0x5A4D
|
||||
+ PE32PLUS_MAGIC = 0x20b
|
||||
+ EST_SIGNATURE = 0x5453595320494249L
|
||||
+ DEBUG_GUID = [0x49152E77, 0x1ADA, 0x4764,
|
||||
+ [0xB7,0xA2,0x7A,0xFE,
|
||||
+ 0xFE,0xD9,0x5E, 0x8B]]
|
||||
+ DEBUG_IS_UPDATING = 0x1
|
||||
+
|
||||
+ #
|
||||
+ # If the images were built as ELF/MACH-O and then converted to PE,
|
||||
+ # then the base address needs to be offset by PE headers.
|
||||
+ #
|
||||
+
|
||||
+ offset_by_headers = False
|
||||
+
|
||||
+ def __init__ (self):
|
||||
+ super (ReloadUefi, self).__init__ ("reload-uefi", gdb.COMMAND_OBSCURE)
|
||||
+
|
||||
+ #
|
||||
+ # Returns gdb.Type for a type.
|
||||
+ #
|
||||
+
|
||||
+ def type (self, typename):
|
||||
+ return gdb.lookup_type (typename)
|
||||
+
|
||||
+ #
|
||||
+ # Returns gdb.Type for a pointer to a type.
|
||||
+ #
|
||||
+
|
||||
+ def ptype (self, typename):
|
||||
+ return gdb.lookup_type (typename).pointer ()
|
||||
+
|
||||
+ #
|
||||
+ # Computes CRC32 on an array of data.
|
||||
+ #
|
||||
+
|
||||
+ def crc32 (self, data):
|
||||
+ return binascii.crc32 (data) & 0xFFFFFFFF
|
||||
+
|
||||
+ #
|
||||
+ # Sets a field in a struct to a value, i.e.
|
||||
+ # value->field_name = data.
|
||||
+ #
|
||||
+ # Newer Py bindings to Gdb provide access to the inferior
|
||||
+ # memory, but not all, so have to do it this awkward way.
|
||||
+ #
|
||||
+
|
||||
+ def set_field (self, value, field_name, data):
|
||||
+ gdb.execute ("set *(%s *) 0x%x = 0x%x" % \
|
||||
+ (str (value[field_name].type), \
|
||||
+ long (value[field_name].address), \
|
||||
+ data))
|
||||
+
|
||||
+ #
|
||||
+ # Returns data backing a gdb.Value as an array.
|
||||
+ # Same comment as above regarding newer Py bindings...
|
||||
+ #
|
||||
+
|
||||
+ def value_data (self, value, bytes=0):
|
||||
+ value_address = gdb.Value (value.address)
|
||||
+ array_t = self.ptype ('UINT8')
|
||||
+ value_array = value_address.cast (array_t)
|
||||
+ if bytes == 0:
|
||||
+ bytes = value.type.sizeof
|
||||
+ data = array.array ('B')
|
||||
+ for i in range (0, bytes):
|
||||
+ data.append (value_array[i])
|
||||
+ return data
|
||||
+
|
||||
+ #
|
||||
+ # Locates the EFI_SYSTEM_TABLE as per UEFI spec 17.4.
|
||||
+ # Returns base address or -1.
|
||||
+ #
|
||||
+
|
||||
+ def search_est (self):
|
||||
+ address = 0
|
||||
+ estp_t = self.ptype ('EFI_SYSTEM_TABLE_POINTER')
|
||||
+ while True:
|
||||
+ estp = gdb.Value(address).cast(estp_t)
|
||||
+ if estp['Signature'] == self.EST_SIGNATURE:
|
||||
+ oldcrc = long (estp['Crc32'])
|
||||
+ self.set_field (estp, 'Crc32', 0)
|
||||
+ newcrc = self.crc32 (self.value_data (estp.dereference (), 0))
|
||||
+ self.set_field (estp, 'Crc32', long (oldcrc))
|
||||
+ if newcrc == oldcrc:
|
||||
+ return estp['EfiSystemTableBase']
|
||||
+
|
||||
+ address = address + 4*1024*1024
|
||||
+ if long (address) == 0:
|
||||
+ return gdb.Value(self.EINVAL)
|
||||
+
|
||||
+ #
|
||||
+ # Searches for a vendor-specific configuration table (in EST),
|
||||
+ # given a vendor-specific table GUID. GUID is a list like -
|
||||
+ # [32-bit, 16-bit, 16-bit, [8 bytes]]
|
||||
+ #
|
||||
+
|
||||
+ def search_config (self, cfg_table, count, guid):
|
||||
+ index = 0
|
||||
+ while index != count:
|
||||
+ cfg_entry = cfg_table[index]['VendorGuid']
|
||||
+ if cfg_entry['Data1'] == guid[0] and \
|
||||
+ cfg_entry['Data2'] == guid[1] and \
|
||||
+ cfg_entry['Data3'] == guid[2] and \
|
||||
+ self.value_data (cfg_entry['Data4']).tolist () == guid[3]:
|
||||
+ return cfg_table[index]['VendorTable']
|
||||
+ index = index + 1
|
||||
+ return gdb.Value(self.EINVAL)
|
||||
+
|
||||
+ #
|
||||
+ # Returns a UTF16 string corresponding to a (CHAR16 *) value in EFI.
|
||||
+ #
|
||||
+
|
||||
+ def parse_utf16 (self, value):
|
||||
+ index = 0
|
||||
+ data = array.array ('H')
|
||||
+ while value[index] != 0:
|
||||
+ data.append (value[index])
|
||||
+ index = index + 1
|
||||
+ return data.tostring ().decode ('utf-16')
|
||||
+
|
||||
+ #
|
||||
+ # Returns offset of a field within structure. Useful
|
||||
+ # for getting container of a structure.
|
||||
+ #
|
||||
+
|
||||
+ def offsetof (self, typename, field):
|
||||
+ t = gdb.Value (0).cast (self.ptype (typename))
|
||||
+ return long (t[field].address)
|
||||
+
|
||||
+ #
|
||||
+ # Returns sizeof of a type.
|
||||
+ #
|
||||
+
|
||||
+ def sizeof (self, typename):
|
||||
+ return self.type (typename).sizeof
|
||||
+
|
||||
+ #
|
||||
+ # Returns the EFI_IMAGE_NT_HEADERS32 pointer, given
|
||||
+ # an ImageBase address as a gdb.Value.
|
||||
+ #
|
||||
+
|
||||
+ def pe_headers (self, imagebase):
|
||||
+ dosh_t = self.ptype ('EFI_IMAGE_DOS_HEADER')
|
||||
+ head_t = self.ptype ('EFI_IMAGE_OPTIONAL_HEADER_UNION')
|
||||
+ dosh = imagebase.cast(dosh_t)
|
||||
+ h_addr = imagebase
|
||||
+ if dosh['e_magic'] == self.DOS_MAGIC:
|
||||
+ h_addr = h_addr + dosh['e_lfanew']
|
||||
+ return gdb.Value(h_addr).cast (head_t)
|
||||
+
|
||||
+ #
|
||||
+ # Returns True if pe_headers refer to a PE32+ image.
|
||||
+ #
|
||||
+
|
||||
+ def pe_is_64 (self, pe_headers):
|
||||
+ if pe_headers['Pe32']['OptionalHeader']['Magic'] == self.PE32PLUS_MAGIC:
|
||||
+ return True
|
||||
+ return False
|
||||
+
|
||||
+ #
|
||||
+ # Returns the PE (not so) optional header.
|
||||
+ #
|
||||
+
|
||||
+ def pe_optional (self, pe):
|
||||
+ if self.pe_is_64 (pe):
|
||||
+ return pe['Pe32Plus']['OptionalHeader']
|
||||
+ else:
|
||||
+ return pe['Pe32']['OptionalHeader']
|
||||
+
|
||||
+ #
|
||||
+ # Returns the symbol file name for a PE image.
|
||||
+ #
|
||||
+
|
||||
+ def pe_parse_debug (self, pe):
|
||||
+ opt = self.pe_optional (pe)
|
||||
+ debug_dir_entry = opt['DataDirectory'][6]
|
||||
+ dep = debug_dir_entry['VirtualAddress'] + opt['ImageBase']
|
||||
+ dep = dep.cast (self.ptype ('EFI_IMAGE_DEBUG_DIRECTORY_ENTRY'))
|
||||
+ cvp = dep.dereference ()['RVA'] + opt['ImageBase']
|
||||
+ cvv = cvp.cast(self.ptype ('UINT32')).dereference ()
|
||||
+ if cvv == self.CV_NB10:
|
||||
+ return cvp + self.sizeof('EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY')
|
||||
+ elif cvv == self.CV_RSDS:
|
||||
+ return cvp + self.sizeof('EFI_IMAGE_DEBUG_CODEVIEW_RSDS_ENTRY')
|
||||
+ elif cvv == self.CV_MTOC:
|
||||
+ return cvp + self.sizeof('EFI_IMAGE_DEBUG_CODEVIEW_MTOC_ENTRY')
|
||||
+ return gdb.Value(self.EINVAL)
|
||||
+
|
||||
+ #
|
||||
+ # Parses an EFI_LOADED_IMAGE_PROTOCOL, figuring out the symbol file name.
|
||||
+ # This file name is then appended to list of loaded symbols.
|
||||
+ #
|
||||
+ # TBD: Support TE images.
|
||||
+ #
|
||||
+
|
||||
+ def parse_image (self, image, syms):
|
||||
+ base = image['ImageBase']
|
||||
+ pe = self.pe_headers (base)
|
||||
+ opt = self.pe_optional (pe)
|
||||
+ sym_name = self.pe_parse_debug (pe)
|
||||
+
|
||||
+ # For ELF and Mach-O-derived images...
|
||||
+ if self.offset_by_headers:
|
||||
+ base = base + opt['SizeOfHeaders']
|
||||
+ if sym_name != self.EINVAL:
|
||||
+ sym_name = sym_name.cast (self.ptype('CHAR8')).string ()
|
||||
+ sym_name = re.sub(r"\.dll$", ".debug", sym_name)
|
||||
+ syms.append ("add-symbol-file %s 0x%x" % \
|
||||
+ (sym_name,
|
||||
+ long (base)))
|
||||
+
|
||||
+ #
|
||||
+ # Parses table EFI_DEBUG_IMAGE_INFO structures, builds
|
||||
+ # a list of add-symbol-file commands, and reloads debugger
|
||||
+ # symbols.
|
||||
+ #
|
||||
+
|
||||
+ def parse_edii (self, edii, count):
|
||||
+ index = 0
|
||||
+ syms = []
|
||||
+ while index != count:
|
||||
+ entry = edii[index]
|
||||
+ if entry['ImageInfoType'].dereference () == 1:
|
||||
+ entry = entry['NormalImage']
|
||||
+ self.parse_image(entry['LoadedImageProtocolInstance'], syms)
|
||||
+ else:
|
||||
+ print "Skipping unknown EFI_DEBUG_IMAGE_INFO (Type 0x%x)" % \
|
||||
+ entry['ImageInfoType'].dereference ()
|
||||
+ index = index + 1
|
||||
+ gdb.execute ("symbol-file")
|
||||
+ print "Loading new symbols..."
|
||||
+ for sym in syms:
|
||||
+ print sym
|
||||
+ gdb.execute (sym)
|
||||
+
|
||||
+ #
|
||||
+ # Parses EFI_DEBUG_IMAGE_INFO_TABLE_HEADER, in order to load
|
||||
+ # image symbols.
|
||||
+ #
|
||||
+
|
||||
+ def parse_dh (self, dh):
|
||||
+ dh_t = self.ptype ('EFI_DEBUG_IMAGE_INFO_TABLE_HEADER')
|
||||
+ dh = dh.cast (dh_t)
|
||||
+ print "DebugImageInfoTable @ 0x%x, 0x%x entries" \
|
||||
+ % (long (dh['EfiDebugImageInfoTable']), dh['TableSize'])
|
||||
+ if dh['UpdateStatus'] & self.DEBUG_IS_UPDATING:
|
||||
+ print "EfiDebugImageInfoTable update in progress, retry later"
|
||||
+ return
|
||||
+ self.parse_edii (dh['EfiDebugImageInfoTable'], dh['TableSize'])
|
||||
+
|
||||
+ #
|
||||
+ # Parses EFI_SYSTEM_TABLE, in order to load image symbols.
|
||||
+ #
|
||||
+
|
||||
+ def parse_est (self, est):
|
||||
+ est_t = self.ptype ('EFI_SYSTEM_TABLE')
|
||||
+ est = est.cast (est_t)
|
||||
+ print "Connected to %s (Rev. 0x%x)" % \
|
||||
+ (self.parse_utf16 (est['FirmwareVendor']), \
|
||||
+ long (est['FirmwareRevision']))
|
||||
+ print "ConfigurationTable @ 0x%x, 0x%x entries" \
|
||||
+ % (long (est['ConfigurationTable']), est['NumberOfTableEntries'])
|
||||
+
|
||||
+ dh = self.search_config(est['ConfigurationTable'],
|
||||
+ est['NumberOfTableEntries'],
|
||||
+ self.DEBUG_GUID)
|
||||
+ if dh == self.EINVAL:
|
||||
+ print "No EFI_DEBUG_IMAGE_INFO_TABLE_HEADER"
|
||||
+ return
|
||||
+ self.parse_dh (dh)
|
||||
+
|
||||
+ #
|
||||
+ # Usage information.
|
||||
+ #
|
||||
+
|
||||
+ def usage (self):
|
||||
+ print "Usage: reload-uefi [-o] /path/to/GdbSyms.dll"
|
||||
+
|
||||
+ #
|
||||
+ # Handler for reload-uefi.
|
||||
+ #
|
||||
+
|
||||
+ def invoke (self, arg, from_tty):
|
||||
+ args = arg.split(' ')
|
||||
+ try:
|
||||
+ opts, args = getopt.getopt(args, "o", ["offset-by-headers"])
|
||||
+ except getopt.GetoptError, err:
|
||||
+ self.usage ()
|
||||
+ return
|
||||
+ for opt, arg in opts:
|
||||
+ if opt == "-o":
|
||||
+ self.offset_by_headers = True
|
||||
+
|
||||
+ if len(args) < 1:
|
||||
+ self.usage ()
|
||||
+ return
|
||||
+
|
||||
+ gdb.execute ("symbol-file")
|
||||
+ gdb.execute ("symbol-file %s" % args[0])
|
||||
+ est = self.search_est ()
|
||||
+ if est == self.EINVAL:
|
||||
+ print "No EFI_SYSTEM_TABLE..."
|
||||
+ return
|
||||
+
|
||||
+ print "EFI_SYSTEM_TABLE @ 0x%x" % est
|
||||
+ self.parse_est (est)
|
||||
+
|
||||
+ReloadUefi ()
|
||||
+
|
||||
+
|
||||
Index: edk2-edk2-stable202302/OvmfPkg/OvmfPkgX64.dsc
|
||||
===================================================================
|
||||
--- edk2-edk2-stable202302.orig/OvmfPkg/OvmfPkgX64.dsc
|
||||
+++ edk2-edk2-stable202302/OvmfPkg/OvmfPkgX64.dsc
|
||||
@@ -1123,3 +1123,5 @@
|
||||
# TPM support
|
||||
#
|
||||
!include OvmfPkg/Include/Dsc/OvmfTpmComponentsDxe.dsc.inc
|
||||
+
|
||||
+ DebugPkg/GdbSyms/GdbSyms.inf
|
60
ovmf-ignore-spurious-GCC-12-warning.patch
Normal file
60
ovmf-ignore-spurious-GCC-12-warning.patch
Normal file
@ -0,0 +1,60 @@
|
||||
diff --git a/BaseTools/Source/C/DevicePath/DevicePathUtilities.c b/BaseTools/Source/C/DevicePath/DevicePathUtilities.c
|
||||
index 2ffefa8..c9fb432 100644
|
||||
--- a/BaseTools/Source/C/DevicePath/DevicePathUtilities.c
|
||||
+++ b/BaseTools/Source/C/DevicePath/DevicePathUtilities.c
|
||||
@@ -16,6 +16,10 @@
|
||||
#include "UefiDevicePathLib.h"
|
||||
#include <Protocol/DevicePathUtilities.h>
|
||||
|
||||
+#if __GNUC__ >= 12
|
||||
+# pragma GCC diagnostic ignored "-Wstringop-overflow"
|
||||
+#endif
|
||||
+
|
||||
//
|
||||
// Template for an end-of-device path node.
|
||||
//
|
||||
diff --git a/BaseTools/Source/C/GenFfs/GenFfs.c b/BaseTools/Source/C/GenFfs/GenFfs.c
|
||||
index 949025c..be55a52 100644
|
||||
--- a/BaseTools/Source/C/GenFfs/GenFfs.c
|
||||
+++ b/BaseTools/Source/C/GenFfs/GenFfs.c
|
||||
@@ -36,6 +36,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
#define UTILITY_MAJOR_VERSION 0
|
||||
#define UTILITY_MINOR_VERSION 1
|
||||
|
||||
+#if __GNUC__ >= 12
|
||||
+# pragma GCC diagnostic ignored "-Wuse-after-free"
|
||||
+#endif
|
||||
+
|
||||
STATIC CHAR8 *mFfsFileType[] = {
|
||||
NULL, // 0x00
|
||||
"EFI_FV_FILETYPE_RAW", // 0x01
|
||||
diff --git a/BaseTools/Source/C/GenSec/GenSec.c b/BaseTools/Source/C/GenSec/GenSec.c
|
||||
index d54a4f9..fb40ad3 100644
|
||||
--- a/BaseTools/Source/C/GenSec/GenSec.c
|
||||
+++ b/BaseTools/Source/C/GenSec/GenSec.c
|
||||
@@ -37,6 +37,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
#define UTILITY_MAJOR_VERSION 0
|
||||
#define UTILITY_MINOR_VERSION 1
|
||||
|
||||
+#if __GNUC__ >= 12
|
||||
+# pragma GCC diagnostic ignored "-Wuse-after-free"
|
||||
+#endif
|
||||
+
|
||||
STATIC CHAR8 *mSectionTypeName[] = {
|
||||
NULL, // 0x00 - reserved
|
||||
"EFI_SECTION_COMPRESSION", // 0x01
|
||||
diff --git a/BaseTools/Source/C/LzmaCompress/Sdk/C/LzmaEnc.c b/BaseTools/Source/C/LzmaCompress/Sdk/C/LzmaEnc.c
|
||||
index 4e9b499..ab9b7cc 100644
|
||||
--- a/BaseTools/Source/C/LzmaCompress/Sdk/C/LzmaEnc.c
|
||||
+++ b/BaseTools/Source/C/LzmaCompress/Sdk/C/LzmaEnc.c
|
||||
@@ -40,6 +40,10 @@ static unsigned g_STAT_OFFSET = 0;
|
||||
|
||||
#define REP_LEN_COUNT 64
|
||||
|
||||
+#if __GNUC__ >= 12
|
||||
+# pragma GCC diagnostic ignored "-Wdangling-pointer"
|
||||
+#endif
|
||||
+
|
||||
void LzmaEncProps_Init(CLzmaEncProps *p)
|
||||
{
|
||||
p->level = 5;
|
13
ovmf-pie.patch
Normal file
13
ovmf-pie.patch
Normal file
@ -0,0 +1,13 @@
|
||||
Index: edk2-edk2-stable202305/BaseTools/Source/C/Makefiles/header.makefile
|
||||
===================================================================
|
||||
--- edk2-edk2-stable202305.orig/BaseTools/Source/C/Makefiles/header.makefile
|
||||
+++ edk2-edk2-stable202305/BaseTools/Source/C/Makefiles/header.makefile
|
||||
@@ -101,7 +101,7 @@ else
|
||||
CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -fwrapv \
|
||||
-fno-delete-null-pointer-checks -Wall -Werror \
|
||||
-Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict \
|
||||
--Wno-unused-result -nostdlib -g
|
||||
+-Wno-unused-result -nostdlib -g -fPIE
|
||||
endif
|
||||
endif
|
||||
ifneq ($(CLANG),)
|
12
ovmf-riscv64-missing-memcpy.patch
Normal file
12
ovmf-riscv64-missing-memcpy.patch
Normal file
@ -0,0 +1,12 @@
|
||||
--- edk2-edk2-stable202302.orig/CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
|
||||
+++ edk2-edk2-stable202302/CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
|
||||
@@ -43,6 +43,9 @@
|
||||
[Sources.X64]
|
||||
CopyMem.c
|
||||
|
||||
+[Sources.RISCV64]
|
||||
+ CopyMem.c
|
||||
+
|
||||
[Packages]
|
||||
MdePkg/MdePkg.dec
|
||||
|
6
ovmf-rpmlintrc
Normal file
6
ovmf-rpmlintrc
Normal file
@ -0,0 +1,6 @@
|
||||
addFilter("unstripped-binary-or-object /usr/lib/debug/*")
|
||||
addFilter("statically-linked-binary /usr/lib/debug/*")
|
||||
addFilter("executable-stack /usr/lib/debug/*")
|
||||
addFilter("position-independent-executable-suggested /usr/lib/debug/*")
|
||||
addFilter("arch-independent-package-contains-binary-or-object /usr/share/qemu/ovmf-x86_64-xen-4m.bin")
|
||||
addFilter("arch-independent-package-contains-binary-or-object /usr/share/qemu/ovmf-x86_64-xen.bin")
|
33
ovmf-set-fixed-enroll-time.patch
Normal file
33
ovmf-set-fixed-enroll-time.patch
Normal file
@ -0,0 +1,33 @@
|
||||
From c0cec3409f3abda1e2359a79ccac575b4ea1838b Mon Sep 17 00:00:00 2001
|
||||
From: Gary Lin <glin@suse.com>
|
||||
Date: Tue, 21 May 2019 16:56:06 +0800
|
||||
Subject: [PATCH 1/1] OvmfPkg/EnrollDefaultKeys: Set the fixed time
|
||||
|
||||
For the reproducible build, we need to set the fixed time when setting
|
||||
the authenticate variables.
|
||||
|
||||
Signed-off-by: Gary Lin <glin@suse.com>
|
||||
---
|
||||
OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c | 10 ++++++++++
|
||||
1 file changed, 10 insertions(+)
|
||||
|
||||
Index: edk2-edk2-stable202202/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c
|
||||
===================================================================
|
||||
--- edk2-edk2-stable202202.orig/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c
|
||||
+++ edk2-edk2-stable202202/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c
|
||||
@@ -324,6 +324,15 @@ EnrollListOfCerts (
|
||||
goto FreeData;
|
||||
}
|
||||
|
||||
+ // Set the fixed time for the reproducible build
|
||||
+ // 2019-5-20 00:00:00
|
||||
+ SingleHeader->TimeStamp.Year = 2019;
|
||||
+ SingleHeader->TimeStamp.Month = 5;
|
||||
+ SingleHeader->TimeStamp.Day = 20;
|
||||
+ SingleHeader->TimeStamp.Hour = 0;
|
||||
+ SingleHeader->TimeStamp.Minute = 0;
|
||||
+ SingleHeader->TimeStamp.Second = 0;
|
||||
+
|
||||
SingleHeader->TimeStamp.Pad1 = 0;
|
||||
SingleHeader->TimeStamp.Nanosecond = 0;
|
||||
SingleHeader->TimeStamp.TimeZone = 0;
|
8359
ovmf.changes
Normal file
8359
ovmf.changes
Normal file
File diff suppressed because it is too large
Load Diff
680
ovmf.spec
Normal file
680
ovmf.spec
Normal file
@ -0,0 +1,680 @@
|
||||
#
|
||||
# spec file for package ovmf
|
||||
#
|
||||
# Copyright (c) 2023 SUSE LLC
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
# upon. The license for this file, and modifications and additions to the
|
||||
# file, is the same license as for the pristine package itself (unless the
|
||||
# license for the pristine package is not an Open Source License, in which
|
||||
# case the license is the MIT License). An "Open Source License" is a
|
||||
# license that conforms to the Open Source Definition (Version 1.9)
|
||||
# published by the Open Source Initiative.
|
||||
|
||||
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||
#
|
||||
# needssslcertforbuild
|
||||
|
||||
|
||||
%undefine _build_create_debug
|
||||
%global openssl_version 1.1.1t
|
||||
%global softfloat_version b64af41c3276f
|
||||
%if 0%{?suse_version} < 1599
|
||||
%bcond_with build_riscv64
|
||||
%else
|
||||
%bcond_without build_riscv64
|
||||
%endif
|
||||
|
||||
Name: ovmf
|
||||
Version: 202305
|
||||
Release: 0
|
||||
Summary: Open Virtual Machine Firmware
|
||||
License: BSD-2-Clause-Patent
|
||||
Group: System/Emulators/PC
|
||||
URL: https://github.com/tianocore/edk2
|
||||
Source0: edk2-edk2-stable%{version}.tar.gz
|
||||
Source1: https://www.openssl.org/source/old/1.1.1/openssl-%{openssl_version}.tar.gz
|
||||
Source111: https://www.openssl.org/source/old/1.1.1/openssl-%{openssl_version}.tar.gz.asc
|
||||
Source112: openssl.keyring
|
||||
Source113: openssl.keyring.README
|
||||
Source2: README
|
||||
Source3: SLES-UEFI-CA-Certificate-2048.crt
|
||||
Source4: openSUSE-UEFI-CA-Certificate-2048.crt
|
||||
Source5: openSUSE-UEFI-SIGN-Certificate-2048.crt
|
||||
# berkeley-softfloat-3: https://github.com/ucb-bar/berkeley-softfloat-3
|
||||
Source6: berkeley-softfloat-3-%{softfloat_version}.tar.xz
|
||||
Source7: descriptors.tar.xz
|
||||
# oniguruma: https://github.com/kkos/oniguruma, "src" directory only
|
||||
Source8: oniguruma-v6.9.4_mark1-src.tar.xz
|
||||
# public-mipi-sys-t: https://github.com/MIPI-Alliance/public-mipi-sys-t
|
||||
Source9: public-mipi-sys-t-1.1-edk2.tar.gz
|
||||
Source100: %{name}-rpmlintrc
|
||||
Source101: gdb_uefi.py.in
|
||||
Source102: gen-key-enrollment-iso.sh
|
||||
Source103: ovmf-build-funcs.sh
|
||||
Patch1: %{name}-gdb-symbols.patch
|
||||
Patch2: %{name}-pie.patch
|
||||
Patch3: %{name}-disable-ia32-firmware-piepic.patch
|
||||
Patch4: %{name}-set-fixed-enroll-time.patch
|
||||
Patch5: %{name}-disable-brotli.patch
|
||||
Patch6: %{name}-ignore-spurious-GCC-12-warning.patch
|
||||
# Bug 1205978 - Got Page-Fault exception when VM is booting with edk2-stable202211 ovmf
|
||||
Patch7: %{name}-Revert-OvmfPkg-PlatformInitLib-dynamic-mmio-window-s.patch
|
||||
# Bug 1207095 - ASSERT [ArmCpuDxe] /home/abuild/rpmbuild/BUILD/edk2-edk2-stable202211/ArmPkg/Library/DefaultExceptionHandlerLib/AArch64/DefaultExceptionHandler.c(333): ((BOOLEAN)(0==1))
|
||||
Patch8: %{name}-Revert-ArmVirtPkg-make-EFI_LOADER_DATA-non-executabl.patch
|
||||
# Bug 1205613 - L3: win 2k22 UEFI xen VMs cannot boot in xen after upgrade
|
||||
Patch9: %{name}-Revert-OvmfPkg-OvmfXen-Set-PcdFSBClock.patch
|
||||
# Bug 1209266 - OVMF firmware hangs when booting SEV or SEV-ES guest
|
||||
Patch10: %{name}-Revert-OvmfPkg-PlatformPei-Update-ReserveEmuVariable.patch
|
||||
Patch11: ovmf-riscv64-missing-memcpy.patch
|
||||
BuildRequires: bc
|
||||
BuildRequires: cross-arm-binutils
|
||||
BuildRequires: cross-arm-gcc%{gcc_version}
|
||||
BuildRequires: dosfstools
|
||||
BuildRequires: fdupes
|
||||
BuildRequires: gcc
|
||||
BuildRequires: gcc-c++
|
||||
BuildRequires: iasl
|
||||
BuildRequires: libuuid-devel
|
||||
BuildRequires: mkisofs
|
||||
BuildRequires: mtools
|
||||
BuildRequires: nasm
|
||||
BuildRequires: openssl
|
||||
BuildRequires: python3
|
||||
BuildRequires: qemu-arm >= 3.0.0
|
||||
BuildRequires: qemu-ipxe
|
||||
BuildRequires: qemu-x86 >= 3.0.0
|
||||
BuildRequires: unzip
|
||||
%ifnarch aarch64
|
||||
BuildRequires: cross-aarch64-binutils
|
||||
BuildRequires: cross-aarch64-gcc%{gcc_version}
|
||||
%endif
|
||||
%ifnarch x86_64
|
||||
BuildRequires: cross-x86_64-binutils
|
||||
BuildRequires: cross-x86_64-gcc%{gcc_version}
|
||||
%endif
|
||||
%ifnarch riscv64
|
||||
%if %{with build_riscv64}
|
||||
BuildRequires: cross-riscv64-binutils
|
||||
BuildRequires: cross-riscv64-gcc%{gcc_version}
|
||||
%endif
|
||||
%endif
|
||||
# Only build on the architectures with
|
||||
# 1. cross-compilers, 2. iasl, 3. qemu-arm and qemu-x86
|
||||
ExclusiveArch: x86_64 aarch64 riscv64
|
||||
|
||||
%description
|
||||
The Open Virtual Machine Firmware (OVMF) project aims to support
|
||||
firmware for Virtual Machines using the edk2 code base.
|
||||
|
||||
%package tools
|
||||
Summary: The BaseTools from edk2
|
||||
Group: System/Emulators/PC
|
||||
|
||||
%description tools
|
||||
The Open Virtual Machine Firmware (OVMF) project aims to support
|
||||
firmware for Virtual Machines using the edk2 code base.
|
||||
|
||||
This package contains the tools from edk2.
|
||||
|
||||
%package -n qemu-ovmf-ia32
|
||||
Summary: Open Virtual Machine Firmware - QEMU rom images (IA32)
|
||||
Group: System/Emulators/PC
|
||||
Requires: qemu
|
||||
BuildArch: noarch
|
||||
|
||||
%description -n qemu-ovmf-ia32
|
||||
The Open Virtual Machine Firmware (OVMF) project aims to support
|
||||
firmware for Virtual Machines using the edk2 code base.
|
||||
|
||||
This package contains UEFI rom images for exercising UEFI secure
|
||||
boot in a qemu environment (IA32)
|
||||
|
||||
%package -n qemu-ovmf-x86_64
|
||||
Summary: Open Virtual Machine Firmware - QEMU rom images (x86_64)
|
||||
Group: System/Emulators/PC
|
||||
Requires: qemu
|
||||
BuildArch: noarch
|
||||
|
||||
%description -n qemu-ovmf-x86_64
|
||||
The Open Virtual Machine Firmware (OVMF) project aims to support
|
||||
firmware for Virtual Machines using the edk2 code base.
|
||||
|
||||
This package contains UEFI rom images for exercising UEFI secure
|
||||
boot in a qemu environment (x86_64)
|
||||
|
||||
%ifarch x86_64
|
||||
%package -n qemu-ovmf-x86_64-debug
|
||||
Summary: Open Virtual Machine Firmware - debug symbols (x86_64)
|
||||
Group: Development/Sources
|
||||
Requires: qemu
|
||||
|
||||
%description -n qemu-ovmf-x86_64-debug
|
||||
The Open Virtual Machine Firmware (OVMF) project aims to support
|
||||
firmware for Virtual Machines using the edk2 code base.
|
||||
|
||||
This package contains the debug symbols for UEFI rom images (x86_64)
|
||||
%endif
|
||||
|
||||
%package -n qemu-uefi-aarch64
|
||||
Summary: UEFI QEMU rom image (AArch64)
|
||||
Group: System/Emulators/PC
|
||||
BuildArch: noarch
|
||||
|
||||
%description -n qemu-uefi-aarch64
|
||||
This package contains the UEFI rom image (AArch64) for QEMU cortex-a57
|
||||
virt board.
|
||||
|
||||
%package -n qemu-uefi-aarch32
|
||||
Summary: UEFI QEMU rom image (AArch32)
|
||||
Group: System/Emulators/PC
|
||||
BuildArch: noarch
|
||||
|
||||
%description -n qemu-uefi-aarch32
|
||||
This package contains the UEFI rom image (AArch32) for QEMU cortex-a15
|
||||
virt board.
|
||||
|
||||
%if %{with build_riscv64}
|
||||
%package -n qemu-uefi-riscv64
|
||||
Summary: UEFI QEMU rom image (RISC-V 64)
|
||||
Group: System/Emulators/PC
|
||||
BuildArch: noarch
|
||||
|
||||
%description -n qemu-uefi-riscv64
|
||||
This package contains the UEFI rom image (RISC-V 64) for QEMU
|
||||
virt board.
|
||||
%endif
|
||||
|
||||
%prep
|
||||
%setup -q -n edk2-edk2-stable%{version}
|
||||
|
||||
# bsc#973038 Remove the packages we don't need to avoid any potential
|
||||
# license issue.
|
||||
PKG_TO_REMOVE="EmulatorPkg"
|
||||
rm -rf $PKG_TO_REMOVE
|
||||
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
%patch5 -p1
|
||||
%patch6 -p1
|
||||
%patch7 -p1
|
||||
%patch8 -p1
|
||||
%patch9 -p1
|
||||
%patch10 -p1
|
||||
%patch11 -p1
|
||||
|
||||
# add openssl
|
||||
pushd CryptoPkg/Library/OpensslLib/openssl
|
||||
tar -xf %{SOURCE1} --strip 1
|
||||
popd
|
||||
|
||||
# add berkeley-softfloat-3
|
||||
pushd ArmPkg/Library/ArmSoftFloatLib/berkeley-softfloat-3
|
||||
tar -xf %{SOURCE6} --strip 1
|
||||
popd
|
||||
|
||||
# prepare the firmware descriptors for qemu
|
||||
tar -xf %{SOURCE7}
|
||||
|
||||
# add oniguruma
|
||||
pushd MdeModulePkg/Universal/RegularExpressionDxe/oniguruma
|
||||
tar -xf %{SOURCE8} --strip 1
|
||||
popd
|
||||
|
||||
# add public-mipi-sys-t
|
||||
pushd MdePkg/Library/MipiSysTLib/mipisyst
|
||||
tar -xf %{SOURCE9} --strip 1
|
||||
popd
|
||||
|
||||
chmod +x %{SOURCE102}
|
||||
|
||||
%build
|
||||
|
||||
# Enable python3 build
|
||||
export PYTHON3_ENABLE=TRUE
|
||||
export PYTHON_COMMAND=python3
|
||||
|
||||
# For some reason ARM still uses TPM2_CONFIG_ENABLE
|
||||
OVMF_FLAGS=" \
|
||||
-D SECURE_BOOT_ENABLE \
|
||||
-D TPM2_ENABLE \
|
||||
-D TPM2_CONFIG_ENABLE \
|
||||
-D NETWORK_IP6_ENABLE \
|
||||
-D NETWORK_HTTP_BOOT_ENABLE \
|
||||
"
|
||||
|
||||
%if 0%{?suse_version} > 1320
|
||||
TOOL_CHAIN=GCC5
|
||||
%else
|
||||
echo `gcc -dumpversion`
|
||||
TOOL_CHAIN=GCC$(gcc -dumpversion|sed 's/\([0-9]\)\.\([0-9]\).*/\1\2/')
|
||||
%endif
|
||||
|
||||
# Flavors for x86
|
||||
FLAVORS_X86=("ovmf-ia32")
|
||||
BUILD_OPTIONS_X86=" \
|
||||
$OVMF_FLAGS \
|
||||
-D FD_SIZE_2MB \
|
||||
-a IA32 \
|
||||
-p OvmfPkg/OvmfPkgIa32.dsc \
|
||||
-b DEBUG \
|
||||
-t $TOOL_CHAIN \
|
||||
"
|
||||
|
||||
# Flavors for x86_64: 2MB, 4MB, and 4MB+SMM
|
||||
FLAVORS_X64=("ovmf-x86_64" "ovmf-x86_64-4m" "ovmf-x86_64-smm")
|
||||
BUILD_OPTIONS_X64=" \
|
||||
$OVMF_FLAGS \
|
||||
-a X64 \
|
||||
-b DEBUG \
|
||||
-t $TOOL_CHAIN \
|
||||
"
|
||||
|
||||
# Flavors for aarch64
|
||||
FLAVORS_AA64=("aavmf-aarch64")
|
||||
BUILD_OPTIONS_AA64=" \
|
||||
$OVMF_FLAGS \
|
||||
-D NETWORK_TLS_ENABLE \
|
||||
-a AARCH64 \
|
||||
-p ArmVirtPkg/ArmVirtQemu.dsc \
|
||||
-b DEBUG \
|
||||
-t $TOOL_CHAIN \
|
||||
"
|
||||
|
||||
# Flavors for arm
|
||||
FLAVORS_AA32=("aavmf-aarch32")
|
||||
BUILD_OPTIONS_AA32=" \
|
||||
-a ARM \
|
||||
-p ArmVirtPkg/ArmVirtQemu.dsc \
|
||||
-b DEBUG \
|
||||
-t $TOOL_CHAIN \
|
||||
"
|
||||
%if %{with build_riscv64}
|
||||
# Flavors for riscv
|
||||
FLAVORS_RV64=("riscv")
|
||||
BUILD_OPTIONS_RV64=" \
|
||||
$OVMF_FLAGS \
|
||||
-a RISCV64 \
|
||||
-p OvmfPkg/RiscVVirt/RiscVVirtQemu.dsc \
|
||||
-b DEBUG \
|
||||
-t $TOOL_CHAIN \
|
||||
"
|
||||
%endif
|
||||
|
||||
# Build BaseTools
|
||||
%ifarch x86_64
|
||||
make -C BaseTools
|
||||
%endif
|
||||
%ifarch aarch64
|
||||
ARCH=AARCH64 make -C BaseTools
|
||||
%endif
|
||||
%ifarch riscv64
|
||||
ARCH=RISCV64 make -C BaseTools
|
||||
%endif
|
||||
|
||||
# Import the build functions
|
||||
source %{SOURCE103}
|
||||
source ./edksetup.sh
|
||||
|
||||
### Build x86 UEFI Images ###
|
||||
%ifnarch %{ix86} x86_64
|
||||
# Assign the cross-compiler prefix
|
||||
export ${TOOL_CHAIN}_BIN="x86_64-suse-linux-"
|
||||
%endif
|
||||
build $BUILD_OPTIONS_X86
|
||||
|
||||
cp Build/OvmfIa32/DEBUG_*/FV/OVMF.fd ovmf-ia32.bin
|
||||
cp Build/OvmfIa32/DEBUG_*/FV/OVMF_CODE.fd ovmf-ia32-code.bin
|
||||
cp Build/OvmfIa32/DEBUG_*/FV/OVMF_VARS.fd ovmf-ia32-vars.bin
|
||||
|
||||
# Remove the temporary build files to reduce the disk usage (bsc#1178244)
|
||||
rm -rf Build/OvmfIa32/
|
||||
|
||||
### Build x86_64 UEFI Images ###
|
||||
%ifarch x86_64
|
||||
collect_x86_64_debug_files()
|
||||
{
|
||||
local target="$1"
|
||||
local out_dir="debug/$target"
|
||||
local abs_path="`pwd`/$out_dir/"
|
||||
local source_path="`pwd`"
|
||||
local gdb_src_path="%{_prefix}/src/debug/ovmf-x86_64"
|
||||
|
||||
# copy the debug symbols
|
||||
mkdir -p $out_dir
|
||||
pushd Build/OvmfX64/DEBUG_GCC*/X64/
|
||||
find . -mindepth 2 -type f -name "*.debug" -print0 | sort -z | xargs -i -0 cp --parents -a {} $abs_path
|
||||
cp --parents -a DebugPkg/GdbSyms/GdbSyms/DEBUG/GdbSyms.dll $abs_path
|
||||
build_path=`pwd`
|
||||
popd
|
||||
|
||||
# Change the path in the python gdb script
|
||||
sed "s:__BUILD_PATH__:$build_path:;s:__SOURCE_PATH__:$source_path:;s:__GDB_SRC_PATH__:$gdb_src_path:;s/__FLAVOR__/$target/" \
|
||||
%{SOURCE101} > gdb_uefi-$target.py
|
||||
}
|
||||
%endif
|
||||
|
||||
declare -A EXTRA_FLAGS_X64
|
||||
EXTRA_FLAGS_X64=(
|
||||
[ovmf-x86_64]="-p OvmfPkg/OvmfPkgX64.dsc -D FD_SIZE_2MB -D BUILD_SHELL=FALSE"
|
||||
[ovmf-x86_64-4m]="-p OvmfPkg/OvmfPkgX64.dsc -D FD_SIZE_4MB -D NETWORK_TLS_ENABLE"
|
||||
[ovmf-x86_64-smm]="-a IA32 -p OvmfPkg/OvmfPkgIa32X64.dsc -D FD_SIZE_4MB -D NETWORK_TLS_ENABLE -D SMM_REQUIRE -D BUILD_SHELL=FALSE"
|
||||
)
|
||||
declare -A OUTDIR_X64
|
||||
OUTDIR_X64=(
|
||||
[ovmf-x86_64]="OvmfX64"
|
||||
[ovmf-x86_64-4m]="OvmfX64"
|
||||
[ovmf-x86_64-smm]="Ovmf3264"
|
||||
)
|
||||
|
||||
%ifnarch x86_64
|
||||
# Assign the cross-compiler prefix
|
||||
export ${TOOL_CHAIN}_BIN="x86_64-suse-linux-"
|
||||
%endif
|
||||
for flavor in ${FLAVORS_X64[@]}; do
|
||||
build $BUILD_OPTIONS_X64 ${EXTRA_FLAGS_X64[$flavor]}
|
||||
cp Build/${OUTDIR_X64[$flavor]}/DEBUG_*/FV/OVMF.fd $flavor.bin
|
||||
cp Build/${OUTDIR_X64[$flavor]}/DEBUG_*/FV/OVMF_CODE.fd $flavor-code.bin
|
||||
cp Build/${OUTDIR_X64[$flavor]}/DEBUG_*/FV/OVMF_VARS.fd $flavor-vars.bin
|
||||
|
||||
%ifarch x86_64
|
||||
collect_x86_64_debug_files $flavor
|
||||
%endif
|
||||
done
|
||||
|
||||
# Copy Shell.efi and EnrollDefaultKeys.efi
|
||||
mkdir X64
|
||||
cp Build/OvmfX64/DEBUG_*/X64/Shell.efi X64
|
||||
cp Build/OvmfX64/DEBUG_*/X64/EnrollDefaultKeys.efi X64
|
||||
|
||||
%ifarch x86_64
|
||||
# Collect the source
|
||||
mkdir -p source/ovmf-x86_64
|
||||
# TODO get the source list from debug files
|
||||
src_list=`find Build/OvmfX64/DEBUG_GCC*/X64/ -mindepth 1 -maxdepth 1 -type d -print0 | sort -z | xargs -0 -i basename {}`
|
||||
find $src_list \( -name "*.c" -o -name "*.h" \) -type f -print0 | sort -z | xargs -0 -i cp --parents -a {} source/ovmf-x86_64
|
||||
find source/ovmf-x86_64 -name *.c -type f -exec chmod 0644 {} \;
|
||||
%endif
|
||||
|
||||
# The extra Xen flavor for x86_64
|
||||
BUILD_OPTION_X64_XEN=" \
|
||||
-p OvmfPkg/OvmfXen.dsc \
|
||||
-a X64 \
|
||||
-b DEBUG \
|
||||
-t $TOOL_CHAIN \
|
||||
"
|
||||
# Build the 2MB Xen flavor
|
||||
build $BUILD_OPTION_X64_XEN -D FD_SIZE_2MB
|
||||
cp Build/OvmfXen/DEBUG_*/FV/OVMF.fd ovmf-x86_64-xen.bin
|
||||
# Build the 4MB Xen flavor
|
||||
build $BUILD_OPTION_X64_XEN -D FD_SIZE_4MB
|
||||
cp Build/OvmfXen/DEBUG_*/FV/OVMF.fd ovmf-x86_64-xen-4m.bin
|
||||
|
||||
# Remove the temporary build files to reduce the disk usage (bsc#1178244)
|
||||
rm -rf Build/OvmfX64/ Build/Ovmf3264/ Build/OvmfXen/
|
||||
|
||||
# Build with keys done later (shared between archs)
|
||||
|
||||
### Build AARCH64 UEFI Images ###
|
||||
%ifnarch aarch64
|
||||
# Assign the cross-compiler prefix
|
||||
export ${TOOL_CHAIN}_AARCH64_PREFIX="aarch64-suse-linux-"
|
||||
%endif
|
||||
# Build the UEFI image without keys
|
||||
build $BUILD_OPTIONS_AA64
|
||||
|
||||
cp Build/ArmVirtQemu-AARCH64/DEBUG_GCC*/FV/QEMU_EFI.fd qemu-uefi-aarch64.bin
|
||||
dd of="aavmf-aarch64-code.bin" if="/dev/zero" bs=1M count=64
|
||||
dd of="aavmf-aarch64-code.bin" if="qemu-uefi-aarch64.bin" conv=notrunc
|
||||
dd of="aavmf-aarch64-vars.bin" if="/dev/zero" bs=1M count=64
|
||||
|
||||
# Copy Shell.efi and EnrollDefaultKeys.efi
|
||||
mkdir AARCH64
|
||||
cp Build/ArmVirtQemu-AARCH64/DEBUG_*/AARCH64/Shell.efi AARCH64
|
||||
cp Build/ArmVirtQemu-AARCH64/DEBUG_*/AARCH64/EnrollDefaultKeys.efi AARCH64
|
||||
|
||||
# Remove the temporary build files to reduce the disk usage (bsc#1178244)
|
||||
rm -rf Build/ArmVirtQemu-AARCH64/
|
||||
|
||||
# Build with keys done later (shared between archs)
|
||||
|
||||
### Build AARCH32 UEFI Images ###
|
||||
%ifnarch armv7hl
|
||||
# Assign the cross-compiler prefix
|
||||
export ${TOOL_CHAIN}_ARM_PREFIX="arm-suse-linux-gnueabi-"
|
||||
%endif
|
||||
# Build the UEFI image
|
||||
build $BUILD_OPTIONS_AA32
|
||||
|
||||
cp Build/ArmVirtQemu-ARM/DEBUG_GCC*/FV/QEMU_EFI.fd qemu-uefi-aarch32.bin
|
||||
dd of="aavmf-aarch32-code.bin" if="/dev/zero" bs=1M count=64
|
||||
dd of="aavmf-aarch32-code.bin" if="qemu-uefi-aarch32.bin" conv=notrunc
|
||||
dd of="aavmf-aarch32-vars.bin" if="/dev/zero" bs=1M count=64
|
||||
|
||||
# Remove the temporary build files to reduce the disk usage (bsc#1178244)
|
||||
rm -rf Build/ArmVirtQemu-ARM/
|
||||
|
||||
### Build RISCV64 UEFI Images ###
|
||||
%if %{with build_riscv64}
|
||||
%ifnarch riscv64
|
||||
# Assign the cross-compiler prefix
|
||||
export ${TOOL_CHAIN}_RISCV64_PREFIX="riscv64-suse-linux-"
|
||||
%endif
|
||||
# Build the UEFI image without keys
|
||||
build $BUILD_OPTIONS_RV64
|
||||
|
||||
cp Build/RiscVVirtQemu/DEBUG_GCC*/FV/RISCV_VIRT.fd qemu-uefi-riscv64.bin
|
||||
dd of="ovmf-riscv64-code.bin" if="/dev/zero" bs=1M count=32
|
||||
dd of="ovmf-riscv64-code.bin" if="qemu-uefi-riscv64.bin" conv=notrunc
|
||||
dd of="ovmf-riscv64-vars.bin" if="/dev/zero" bs=1M count=32
|
||||
|
||||
# Remove the temporary build files to reduce the disk usage (bsc#1178244)
|
||||
rm -rf Build/RiscVVirtQemu/
|
||||
|
||||
%endif
|
||||
|
||||
### Build the variable store templates ###
|
||||
|
||||
# Default key sources: ms suse opensuse
|
||||
KEY_SOURCES=(ms suse opensuse)
|
||||
# Add 'devel' if necessary
|
||||
if [ -e %{_sourcedir}/_projectcert.crt ]; then
|
||||
prjissuer=$(openssl x509 -in %{_sourcedir}/_projectcert.crt -noout -issuer_hash)
|
||||
opensusesubject=$(openssl x509 -in %{SOURCE4} -noout -subject_hash)
|
||||
slessubject=$(openssl x509 -in %{SOURCE3} -noout -subject_hash)
|
||||
if [ "$prjissuer" != "$opensusesubject" -a "$prjissuer" != "$slessubject" ]; then
|
||||
KEY_SOURCES+=(devel)
|
||||
fi
|
||||
fi
|
||||
|
||||
# Assign the default PK/KEK
|
||||
declare -A PKKEK
|
||||
PKKEK=(
|
||||
[ms]=%{SOURCE3}
|
||||
[suse]=%{SOURCE3}
|
||||
[opensuse]=%{SOURCE4}
|
||||
[devel]=%{_sourcedir}/_projectcert.crt
|
||||
)
|
||||
|
||||
generate_sb_var_templates()
|
||||
{
|
||||
local ARCH=$1
|
||||
|
||||
# Assign the key iso file
|
||||
local MS_ISO_FILE=ms-keys-${ARCH}.iso
|
||||
local NOMS_ISO_FILE=no-ms-keys-${ARCH}.iso
|
||||
declare -A KEY_ISO_FILES
|
||||
KEY_ISO_FILES=(
|
||||
[ms]=$MS_ISO_FILE
|
||||
[suse]=$NOMS_ISO_FILE
|
||||
[opensuse]=$NOMS_ISO_FILE
|
||||
[devel]=$NOMS_ISO_FILE
|
||||
)
|
||||
|
||||
# Create the iso images
|
||||
local GEN_ISO=%{SOURCE102}
|
||||
local SHELL=${ARCH}/Shell.efi
|
||||
local ENROLLER=${ARCH}/EnrollDefaultKeys.efi
|
||||
$GEN_ISO $ARCH $SHELL $ENROLLER default $MS_ISO_FILE
|
||||
$GEN_ISO $ARCH $SHELL $ENROLLER no-default $NOMS_ISO_FILE
|
||||
|
||||
# We only build the variable templates for X64 and AARCH64
|
||||
if [ "$ARCH" == "X64" ]; then
|
||||
FLAVORS=${FLAVORS_X64[@]}
|
||||
elif [ "$ARCH" == "AARCH64" ]; then
|
||||
FLAVORS=${FLAVORS_AA64[@]}
|
||||
fi
|
||||
|
||||
# Generate the varstore templates
|
||||
for flavor in ${FLAVORS[@]}; do
|
||||
for key in ${KEY_SOURCES[@]}; do
|
||||
build_template "$ARCH" "$flavor" "$key" \
|
||||
"${PKKEK[$key]}" "${KEY_ISO_FILES[$key]}" \
|
||||
"separate"
|
||||
done
|
||||
done
|
||||
|
||||
if [ "$ARCH" == "X64" ]; then
|
||||
# Generate the unified firmware with preloaded keys for
|
||||
# backward compatibility. (bsc#1159793)
|
||||
for flavor in ${FLAVORS[@]}; do
|
||||
for key in ${KEY_SOURCES[@]}; do
|
||||
build_template "$ARCH" "$flavor" "$key" \
|
||||
"${PKKEK[$key]}" "${KEY_ISO_FILES[$key]}" \
|
||||
"unified"
|
||||
done
|
||||
done
|
||||
fi
|
||||
}
|
||||
|
||||
# Generate the variable stores with default Secure Boot keys
|
||||
generate_sb_var_templates X64
|
||||
generate_sb_var_templates AARCH64
|
||||
|
||||
# Rename the x86_64 4MB firmware
|
||||
# We use ovmf-x86_64-$key-4m instead of ovmf-x86_64-4m-$key in the
|
||||
# version < stable201905. Rename the 4MB firmware files for backward
|
||||
# compatibility.
|
||||
for key in ${KEY_SOURCES[@]}; do
|
||||
rename "4m-$key" "$key-4m" *"4m-$key"*.bin
|
||||
done
|
||||
|
||||
%install
|
||||
cp %{SOURCE2} README
|
||||
|
||||
sed -i s/'\r'// License.txt
|
||||
|
||||
# Install BaseTools
|
||||
install -d %{buildroot}/%{_bindir}
|
||||
install -m 0755 --strip BaseTools/Source/C/bin/EfiRom %{buildroot}/%{_bindir}
|
||||
|
||||
# Replace @DATADIR@ in the firmware descriptors
|
||||
sed -i "s:@DATADIR@:%{_datadir}/qemu:" descriptors/*.json
|
||||
|
||||
tr -d '\r' < OvmfPkg/License.txt > License-ovmf.txt
|
||||
|
||||
install -m 0644 -D ovmf-*.bin -t %{buildroot}/%{_datadir}/qemu/
|
||||
install -m 0644 -D qemu-uefi-*.bin -t %{buildroot}/%{_datadir}/qemu/
|
||||
install -m 0644 -D aavmf-*.bin -t %{buildroot}/%{_datadir}/qemu/
|
||||
install -m 0644 -D descriptors/*.json \
|
||||
-t %{buildroot}/%{_datadir}/qemu/firmware
|
||||
%fdupes %{buildroot}/%{_datadir}/qemu/
|
||||
|
||||
%ifarch x86_64
|
||||
# Install debug symbols, gdb-uefi.py
|
||||
install -d %{buildroot}/%{_datadir}/ovmf-x86_64/
|
||||
install -m 0644 gdb_uefi-*.py %{buildroot}/%{_datadir}/ovmf-x86_64/
|
||||
mkdir -p %{buildroot}%{_prefix}/lib/debug
|
||||
mv debug/ovmf-x86_64* %{buildroot}%{_prefix}/lib/debug
|
||||
%fdupes %{buildroot}%{_prefix}/lib/debug/ovmf-x86_64*
|
||||
mkdir -p %{buildroot}%{_prefix}/src/debug
|
||||
mv source/ovmf-x86_64* %{buildroot}%{_prefix}/src/debug
|
||||
%fdupes -s %{buildroot}%{_prefix}/src/debug/ovmf-x86_64
|
||||
%endif
|
||||
|
||||
# Install Secure Boot key enroller
|
||||
mkdir -p %{buildroot}/%{_datadir}/ovmf/
|
||||
install -m 0755 %{SOURCE102} %{buildroot}/%{_datadir}/ovmf/
|
||||
%ifarch x86_64
|
||||
install -m 0644 X64/*.efi %{buildroot}/%{_datadir}/ovmf/
|
||||
%endif
|
||||
%ifarch aarch64
|
||||
install -m 0644 AARCH64/*.efi %{buildroot}/%{_datadir}/ovmf/
|
||||
%endif
|
||||
%ifarch riscv64
|
||||
# Nothing there yet
|
||||
#install -m 0644 RISCV64/*.efi %{buildroot}/%{_datadir}/ovmf/
|
||||
%endif
|
||||
|
||||
%if %{without build_riscv64}
|
||||
rm %{buildroot}%{_datadir}/qemu/firmware/*-riscv64*.json
|
||||
%endif
|
||||
|
||||
%files
|
||||
%doc README
|
||||
%dir %{_datadir}/ovmf/
|
||||
%ifnarch riscv64
|
||||
%{_datadir}/ovmf/*.efi
|
||||
%endif
|
||||
%{_datadir}/ovmf/*.sh
|
||||
|
||||
%files tools
|
||||
%doc BaseTools/UserManuals/EfiRom_Utility_Man_Page.rtf
|
||||
%{_bindir}/EfiRom
|
||||
|
||||
%files -n qemu-ovmf-ia32
|
||||
%license License.txt License-ovmf.txt
|
||||
%dir %{_datadir}/qemu/
|
||||
%{_datadir}/qemu/ovmf-ia32*.bin
|
||||
%dir %{_datadir}/qemu/firmware
|
||||
%{_datadir}/qemu/firmware/*-ia32*.json
|
||||
|
||||
%files -n qemu-ovmf-x86_64
|
||||
%license License.txt License-ovmf.txt
|
||||
%dir %{_datadir}/qemu/
|
||||
%{_datadir}/qemu/ovmf-x86_64*.bin
|
||||
%dir %{_datadir}/qemu/firmware
|
||||
%{_datadir}/qemu/firmware/*-x86_64*.json
|
||||
|
||||
%ifarch x86_64
|
||||
%files -n qemu-ovmf-x86_64-debug
|
||||
%{_datadir}/ovmf-x86_64/
|
||||
%dir %{_prefix}/lib/debug/
|
||||
%{_prefix}/lib/debug/ovmf-x86_64*
|
||||
%dir %{_prefix}/src/debug/
|
||||
%{_prefix}/src/debug/ovmf-x86_64*
|
||||
%endif
|
||||
|
||||
%files -n qemu-uefi-aarch64
|
||||
%license License.txt
|
||||
%dir %{_datadir}/qemu/
|
||||
%{_datadir}/qemu/qemu-uefi-aarch64*.bin
|
||||
%{_datadir}/qemu/aavmf-aarch64-*code.bin
|
||||
%{_datadir}/qemu/aavmf-aarch64-*vars.bin
|
||||
%dir %{_datadir}/qemu/firmware
|
||||
%{_datadir}/qemu/firmware/*-aarch64*.json
|
||||
|
||||
%files -n qemu-uefi-aarch32
|
||||
%license License.txt
|
||||
%dir %{_datadir}/qemu/
|
||||
%{_datadir}/qemu/qemu-uefi-aarch32.bin
|
||||
%{_datadir}/qemu/aavmf-aarch32-code.bin
|
||||
%{_datadir}/qemu/aavmf-aarch32-vars.bin
|
||||
%dir %{_datadir}/qemu/firmware
|
||||
%{_datadir}/qemu/firmware/*-aarch32*.json
|
||||
|
||||
%if %{with build_riscv64}
|
||||
%files -n qemu-uefi-riscv64
|
||||
%license License.txt
|
||||
%dir %{_datadir}/qemu/
|
||||
%{_datadir}/qemu/qemu-uefi-riscv64.bin
|
||||
%{_datadir}/qemu/ovmf-riscv64-code.bin
|
||||
%{_datadir}/qemu/ovmf-riscv64-vars.bin
|
||||
%dir %{_datadir}/qemu/firmware
|
||||
%{_datadir}/qemu/firmware/*-riscv64*.json
|
||||
%endif
|
||||
|
||||
%changelog
|
BIN
public-mipi-sys-t-1.1-edk2.tar.gz
(Stored with Git LFS)
Normal file
BIN
public-mipi-sys-t-1.1-edk2.tar.gz
(Stored with Git LFS)
Normal file
Binary file not shown.
Loading…
Reference in New Issue
Block a user