Sync from SUSE:SLFO:Main ovmf revision 3ab028ed4c13f59ac8d37812d342bd6c

This commit is contained in:
Adrian Schröter 2024-05-03 17:37:42 +02:00
commit e3fd4e1de9
33 changed files with 11017 additions and 0 deletions

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

185
README Normal file
View File

@ -0,0 +1,185 @@
Running the OVMF image in qemu
==============================
The easiest way to run the OVMF image is to specify a pflash device for the
firmware file. Here is the example to use OVMF in the flash mode:
$ cp /usr/share/qemu/ovmf-x86_64.bin .
$ qemu-system-x86_64 -pflash ovmf-x86_64.bin
Please make sure the file is writable before using the flash mode, or all
your changes won't be saved.
Starting from r15670, two extra firmware files are provided for the flash mode:
ovmf-*-code.bin and ovmf-*-vars.bin, and all non-volatile variables will be
stored in ovmf-*-vars.bin. Example:
$ cp /usr/share/qemu/ovmf-x86_64-vars.bin .
$ qemu-system-x86_64 \
-drive if=pflash,format=raw,unit=0,readonly,file=/usr/share/qemu/ovmf-x86_64-code.bin \
-drive if=pflash,format=raw,unit=1,file=ovmf-x86_64-vars.bin
It would be easier to manage the NV variables with the separated vars firmware.
NOTE: Running OVMF with '-bios' is deprecated and should not be used anymore.
Variable Stores with preloaded keys
-----------------------------------
Besides the generic OVMF images, there are images preloaded with different
vendor keys.
ovmf-x86_64-smm-ms-vars.bin
- PK: SUSE Linux Enterprise Secure Boot CA
- KEK: Microsoft Corporation KEK CA 2011, SUSE Linux Enterprise Secure Boot CA
- db: Microsoft Corporation UEFI CA 2011, Microsoft Windows Production PCA 2011
ovmf-x86_64-smm-opensuse-vars.bin
- PK: openSUSE Secure Boot CA
- KEK: openSUSE Secure Boot CA
- db: openSUSE Secure Boot CA
ovmf-x86_64-smm-suse-vars.bin
- PK: SUSE Linux Enterprise Secure Boot CA
- KEK: SUSE Linux Enterprise Secure Boot CA
- db: SUSE Linux Enterprise Secure Boot CA
Note that the preloaded key images are all 64 bit because openSUSE/SLE and
Windows only support Secure Boot in 64 bit mode.
Those variable stores are created with EnrollDefaultKeys.efi which enrolls
the Microsoft keys into KEK and db. It also reads the key from SMBIOS Type 11
and enrolls the key into PK and KEK. If the "--no-default" switch is provided,
the program will ignore the Microsoft keys and enroll the key from SMBIOS into
db instead.
x86_64 4MB images
-----------------
The OVMF upstream decides to switch the default flash size to 4MB since
the edk2 commit 1c47fcd465a496. It's mainly for Windows HCK which requests
a larger variable store. To maintain the backward compatibility, the 4MB
images are built separately. Only those images with 4m, e.g. ovmf-x86_64-4m.bin,
are the 4MB images. Otherwise, it's built with FD_SIZE_2MB, i.e. a 2MB image.
x86_64 SMM Support
------------------
The image files with "-smm", e.g. ovmf-x86_64-smm.bin, are the images
with SMM support. SMM provides better (virtual) hardware separation between
the guest OS and the firmware to prevent the runtime guest OS from tampering
with the variable store and S3 areas, so it's recommended to enable SMM along
with Secure Boot. Here are the requirements to use the SMM images:
* SMM support requires QEMU 2.5.
* The minimum required QEMU machine type is "pc-q35-2.5".
* SMM with KVM requires Linux 4.4 (host).
Here are the qemu commands to start a VM with SMM support:
$ cp /usr/share/qemu/ovmf-x86_64-smm-vars.bin .
$ qemu-system-x86_64 \
-machine q35,smm=on,accel=(tcg|kvm) \
-global driver=cfi.pflash01,property=secure,value=on \
-drive if=pflash,format=raw,unit=0,readonly,file=/usr/share/qemu/ovmf-x86_64-smm-code.bin \
-drive if=pflash,format=raw,unit=1,file=ovmf-x86_64-smm-vars.bin \
-global ICH9-LPC.disable_s3=1 \
...
NOTE: The pflash variable store is required to use OVMF with SMM.
Creating Platform and Key Exchange keys
=======================================
A note about terminology. In UEFI terms, "key" means certificate (not the
openssl key). UEFI keys are required to be based on RSA 2048 bit keys.
The Platform key and Key Exchange Keys should be the equivalent of CA root
certificates (i.e. a self signed certificate). Note that in current tianocore
OVMF, the input certificates, if taken from external media, *must* be in a
file with a .cer extension and in DER format.
The platform key is the key which controls updates to the Key Exchange Key
database. The Key Exchange Key controls updates to the signature databases.
Note that if the Key Exchange Key is an X509 key, any key which has the KEK as
its root signature can also be used to validate an efi binary without need for
any entries in the signatures database.
Create Platform Key (PK)
------------------------
openssl req -new -x509 -newkey rsa:2048 -keyout PK.key -out PK.crt -days <length>
Note that the Key is PK.crt (PK.key is the private key you use to sign other
certificates)
Now convert to DER format
openssl x509 -in PK.crt -out PK.cer -outform DER
The file PK.cer can be placed on a USB key for enrolling as the platform key.
Create Key Exchange Key (KEK)
-----------------------------
This is done exactly as the Platform key above, except call the file KEK.cer
instead.
Note, for expermentation purposes, there's no reason the KEK and the PK can't
be the same certificate.
Creating derived keys from the KEK
----------------------------------
This process can be used to create subordinate keys which can be used to sign
efi binaries (since their roots can be traced back to the KEK).
openssl req -new -newkey rsa:2048 -keyout new.key -out new.csr -days <length>
Now sign the certificate request with the KEK:
openssl x509 -req -in new.csr -CA KEK.crt -CAkey KEK.key -set_serial 1 -out new.crt
Note that since the new key doesn't have to be enrolled in the platform
because its root of trust can be traced back to the KEK, there's no need to
create a DER form of the key (the sbsign utilites used to sign efi binaries
take the key.crt file which is in PEM form).
Running the UEFI ARM image in qemu
==================================
There are two flavors of the UEFI ARM images: AArch32 and AArch64.
For the AArch64 image, use the following command:
qemu-system-aarch64 -m 1024 -M virt -cpu cortex-a57 -bios /usr/share/qemu/qemu-uefi-aarch64.bin -serial stdio
For AArch32:
qemu-system-arm -m 1024 -M virt -cpu cortex-a15 -bios /usr/share/qemu/qemu-uefi-aarch32.bin -serial stdio
Source Level Debugging
======================
It's possible to debug OVMF with gdb connecting to qemu with the following
steps:
(1) install the debug package: qemu-ovmf-x86_64-debug
(2) Start the virtual machine with '-s' or "-gdb tcp::1234"
(3) Start gdb in another terminal and issue the following commands:
(gdb) set architecture i386:x86-64:intel
(gdb) target remote localhost:1234
(gdb) source /usr/share/ovmf-x86_64/gdb_uefi-ovmf-x86_64-<flavor>.py
(gdb) reload-uefi -o /usr/lib/debug/ovmf-x86_64/DebugPkg/GdbSyms/GdbSyms/DEBUG/GdbSyms.dll
(4) Happy debugging
Reference: https://www.mail-archive.com/edk2-devel@lists.sourceforge.net/msg07075.html
Note: It's also possible to debug OVMF with Xen, but the way to set up the port
is differnt. Instead of adding the port number to qemu, you need gdbsx.
Before starting gdb, execute this command:
# gdbsx -a <domainid> 64 1234
Then gdbsx will listen to port 1234 for the specific domainU. The rest is
the same as qemu.

View File

@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIBATANBgkqhkiG9w0BAQsFADCBpjEtMCsGA1UEAwwkU1VT
RSBMaW51eCBFbnRlcnByaXNlIFNlY3VyZSBCb290IENBMQswCQYDVQQGEwJERTES
MBAGA1UEBwwJTnVyZW1iZXJnMSEwHwYDVQQKDBhTVVNFIExpbnV4IFByb2R1Y3Rz
IEdtYkgxEzARBgNVBAsMCkJ1aWxkIFRlYW0xHDAaBgkqhkiG9w0BCQEWDWJ1aWxk
QHN1c2UuZGUwHhcNMTMwNDE4MTQzMzQxWhcNMzUwMzE0MTQzMzQxWjCBpjEtMCsG
A1UEAwwkU1VTRSBMaW51eCBFbnRlcnByaXNlIFNlY3VyZSBCb290IENBMQswCQYD
VQQGEwJERTESMBAGA1UEBwwJTnVyZW1iZXJnMSEwHwYDVQQKDBhTVVNFIExpbnV4
IFByb2R1Y3RzIEdtYkgxEzARBgNVBAsMCkJ1aWxkIFRlYW0xHDAaBgkqhkiG9w0B
CQEWDWJ1aWxkQHN1c2UuZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDN/avXKoT4gcM2NVA1LMfsBPH01sxgS8gTs3SbvfbEP2M+ZlHyfj9ufHZ7cZ1p
ISoVm6ql5VbIeZgSNc17Y4y4Nynud1C8t2SP/iZK5YMYHGxdtIfv1zPE+Bo/KZqE
WgHg2YFtMXdiKfXBZRTfSh37t0pGO/OQi6K4JioKw55UtQNggePZWDXtsAviT2vv
abqLR9+kxdrQ0iWqhWM+LwXbTGkCpg41s8KucLD/JYAxxw05dKPApFDNnz+Ft2L7
e5JtyB4S0u4PlvQBMNHt4hDs0rK4oeHFLbOxHvjF+nloneWhkg9eT0VCfpAYVYz+
whMxuCHerDCdmeFrRGEMQz11AgMBAAGjggEaMIIBFjAPBgNVHRMBAf8EBTADAQH/
MB0GA1UdDgQWBBTsqw1CxFbPdwQ2uXOZOGKWXocmLzCB0wYDVR0jBIHLMIHIgBTs
qw1CxFbPdwQ2uXOZOGKWXocmL6GBrKSBqTCBpjEtMCsGA1UEAwwkU1VTRSBMaW51
eCBFbnRlcnByaXNlIFNlY3VyZSBCb290IENBMQswCQYDVQQGEwJERTESMBAGA1UE
BwwJTnVyZW1iZXJnMSEwHwYDVQQKDBhTVVNFIExpbnV4IFByb2R1Y3RzIEdtYkgx
EzARBgNVBAsMCkJ1aWxkIFRlYW0xHDAaBgkqhkiG9w0BCQEWDWJ1aWxkQHN1c2Uu
ZGWCAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IBAQASviyFhVqU
Wc1JUQgXwdljJynTnp0/FQOZJBSe7XdBGPmy91+3ITqrXgyqo/218KISiQl53Qlw
pq+cIiGRAia1D7p7wbg7wsg+Trt0zZFXes30wfYq5pjfWadEBAgNCffkBz10TSjL
jQrVwW5N+yUJMoq+r843TzV56Huy6LBOVhI5yTz7X7i2rSJYfyQWM8oeHLj8Yl5M
rOB9gyTumxB4mOLmSqwKzJiUB0ppGPohdLUSSEKDdo6KSH/GjR7M7uBicwnzwJD3
SVfT9nx9HKF2nXZlHvs5ViQQru3qP1tc6i0eXEnPTYW2+zkZcN0e5iHyozEZHsO0
rvc1p6G0YWtO
-----END CERTIFICATE-----

7
_constraints Normal file
View File

@ -0,0 +1,7 @@
<constraints>
<hardware>
<disk>
<size unit="G">6</size>
</disk>
</hardware>
</constraints>

14
_service Normal file
View File

@ -0,0 +1,14 @@
<services>
<service name="tar_scm" mode="disabled">
<param name="filename">ovmf</param>
<param name="versionformat">2017+git%at.%h</param>
<param name="revision">UDK2017</param>
<param name="url">https://github.com/tianocore/edk2.git</param>
<param name="scm">git</param>
</service>
<service name="recompress" mode="disabled">
<param name="compression">xz</param>
<param name="file">*.tar</param>
</service>
<service name="set_version" mode="disabled"/>
</services>

BIN
berkeley-softfloat-3-b64af41c3276f.tar.xz (Stored with Git LFS) Normal file

Binary file not shown.

BIN
descriptors.tar.xz (Stored with Git LFS) Normal file

Binary file not shown.

BIN
edk2-edk2-stable202305.tar.gz (Stored with Git LFS) Normal file

Binary file not shown.

365
gdb_uefi.py.in Normal file
View File

@ -0,0 +1,365 @@
"""
Allows loading TianoCore symbols into a GDB session attached to EFI
Firmware.
This is how it works: build GdbSyms - it's a dummy binary that
contains the relevant symbols needed to find and load image symbols.
$ gdb
(gdb) taget remote ....
(gdb) source Scripts/gdb_uefi.py
(gdb) reload-uefi -o /path/to/GdbSyms.dll
The -o option should be used if you've debugging EFI, where the PE
images were converted from MACH-O or ELF binaries.
"""
import array
import getopt
import binascii
import re
__license__ = "BSD"
__version = "1.0.0"
__maintainer__ = "Andrei Warkentin"
__email__ = "andrey.warkentin@gmail.com"
__status__ = "Works"
# FOR RPM PACKAGE replace the strings in the spec file
build_path="__BUILD_PATH__"
source_path="__SOURCE_PATH__"
gdb_src_path="__GDB_SRC_PATH__"
flavor="__FLAVOR__"
class ReloadUefi (gdb.Command):
"""Reload UEFI symbols"""
#
# Various constants.
#
EINVAL = 0xffffffff
CV_NB10 = 0x3031424E
CV_RSDS = 0x53445352
CV_MTOC = 0x434F544D
DOS_MAGIC = 0x5A4D
PE32PLUS_MAGIC = 0x20b
EST_SIGNATURE = 0x5453595320494249
DEBUG_GUID = [0x49152E77, 0x1ADA, 0x4764,
[0xB7,0xA2,0x7A,0xFE,
0xFE,0xD9,0x5E, 0x8B]]
DEBUG_IS_UPDATING = 0x1
#
# If the images were built as ELF/MACH-O and then converted to PE,
# then the base address needs to be offset by PE headers.
#
offset_by_headers = False
def __init__ (self):
super (ReloadUefi, self).__init__ ("reload-uefi", gdb.COMMAND_OBSCURE)
#
# Returns gdb.Type for a type.
#
def type (self, typename):
return gdb.lookup_type (typename)
#
# Returns gdb.Type for a pointer to a type.
#
def ptype (self, typename):
return gdb.lookup_type (typename).pointer ()
#
# Computes CRC32 on an array of data.
#
def crc32 (self, data):
return binascii.crc32 (data) & 0xFFFFFFFF
#
# Sets a field in a struct to a value, i.e.
# value->field_name = data.
#
# Newer Py bindings to Gdb provide access to the inferior
# memory, but not all, so have to do it this awkward way.
#
def set_field (self, value, field_name, data):
gdb.execute ("set *(%s *) 0x%x = 0x%x" % \
(str (value[field_name].type), \
int (value[field_name].address), \
data))
#
# Returns data backing a gdb.Value as an array.
# Same comment as above regarding newer Py bindings...
#
def value_data (self, value, bytes=0):
value_address = gdb.Value (value.address)
array_t = self.ptype ('UINT8')
value_array = value_address.cast (array_t)
if bytes == 0:
bytes = value.type.sizeof
data = array.array ('B')
for i in range (0, bytes):
data.append (value_array[i])
return data
#
# Locates the EFI_SYSTEM_TABLE as per UEFI spec 17.4.
# Returns base address or -1.
#
def search_est (self):
address = 0
estp_t = self.ptype ('EFI_SYSTEM_TABLE_POINTER')
while True:
estp = gdb.Value(address).cast(estp_t)
if estp['Signature'] == self.EST_SIGNATURE:
oldcrc = int (estp['Crc32'])
self.set_field (estp, 'Crc32', 0)
newcrc = self.crc32 (self.value_data (estp.dereference (), 0))
self.set_field (estp, 'Crc32', int (oldcrc))
if newcrc == oldcrc:
return estp['EfiSystemTableBase']
address = address + 4*1024*1024
if int (address) == 0:
return gdb.Value(self.EINVAL)
#
# Searches for a vendor-specific configuration table (in EST),
# given a vendor-specific table GUID. GUID is a list like -
# [32-bit, 16-bit, 16-bit, [8 bytes]]
#
def search_config (self, cfg_table, count, guid):
index = 0
while index != count:
cfg_entry = cfg_table[index]['VendorGuid']
if cfg_entry['Data1'] == guid[0] and \
cfg_entry['Data2'] == guid[1] and \
cfg_entry['Data3'] == guid[2] and \
self.value_data (cfg_entry['Data4']).tolist () == guid[3]:
return cfg_table[index]['VendorTable']
index = index + 1
return gdb.Value(self.EINVAL)
#
# Returns a UTF16 string corresponding to a (CHAR16 *) value in EFI.
#
def parse_utf16 (self, value):
index = 0
data = array.array ('H')
while value[index] != 0:
data.append (value[index])
index = index + 1
return data.tostring ().decode ('utf-16')
#
# Returns offset of a field within structure. Useful
# for getting container of a structure.
#
def offsetof (self, typename, field):
t = gdb.Value (0).cast (self.ptype (typename))
return int (t[field].address)
#
# Returns sizeof of a type.
#
def sizeof (self, typename):
return self.type (typename).sizeof
#
# Returns the EFI_IMAGE_NT_HEADERS32 pointer, given
# an ImageBase address as a gdb.Value.
#
def pe_headers (self, imagebase):
dosh_t = self.ptype ('EFI_IMAGE_DOS_HEADER')
head_t = self.ptype ('EFI_IMAGE_OPTIONAL_HEADER_UNION')
dosh = imagebase.cast(dosh_t)
h_addr = imagebase
if dosh['e_magic'] == self.DOS_MAGIC:
h_addr = h_addr + dosh['e_lfanew']
return gdb.Value(h_addr).cast (head_t)
#
# Returns True if pe_headers refer to a PE32+ image.
#
def pe_is_64 (self, pe_headers):
if pe_headers['Pe32']['OptionalHeader']['Magic'] == self.PE32PLUS_MAGIC:
return True
return False
#
# Returns the PE (not so) optional header.
#
def pe_optional (self, pe):
if self.pe_is_64 (pe):
return pe['Pe32Plus']['OptionalHeader']
else:
return pe['Pe32']['OptionalHeader']
#
# Returns the symbol file name for a PE image.
#
def pe_parse_debug (self, pe):
opt = self.pe_optional (pe)
debug_dir_entry = opt['DataDirectory'][6]
dep = debug_dir_entry['VirtualAddress'] + opt['ImageBase']
dep = dep.cast (self.ptype ('EFI_IMAGE_DEBUG_DIRECTORY_ENTRY'))
cvp = dep.dereference ()['RVA'] + opt['ImageBase']
cvv = cvp.cast(self.ptype ('UINT32')).dereference ()
if cvv == self.CV_NB10:
return cvp + self.sizeof('EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY')
elif cvv == self.CV_RSDS:
return cvp + self.sizeof('EFI_IMAGE_DEBUG_CODEVIEW_RSDS_ENTRY')
elif cvv == self.CV_MTOC:
return cvp + self.sizeof('EFI_IMAGE_DEBUG_CODEVIEW_MTOC_ENTRY')
return gdb.Value(self.EINVAL)
#
# Parses an EFI_LOADED_IMAGE_PROTOCOL, figuring out the symbol file name.
# This file name is then appended to list of loaded symbols.
#
# TBD: Support TE images.
#
def parse_image (self, image, syms):
base = image['ImageBase']
pe = self.pe_headers (base)
opt = self.pe_optional (pe)
sym_name = self.pe_parse_debug (pe)
# For ELF and Mach-O-derived images...
if self.offset_by_headers:
base = base + opt['SizeOfHeaders']
if sym_name != self.EINVAL:
sym_name = sym_name.cast (self.ptype('CHAR8')).string ()
# Ignore the driver from qemu
if re.search (r"\.efidrv$", sym_name):
return
# FOR RPM PACKAGE substitute the build path
sym_name = re.sub(r"^"+re.escape(build_path), "/usr/lib/debug/"+flavor, sym_name)
sym_name = re.sub(r"\.dll$", ".debug", sym_name)
syms.append ("add-symbol-file %s 0x%x" % \
(sym_name,
int (base)))
#
# Parses table EFI_DEBUG_IMAGE_INFO structures, builds
# a list of add-symbol-file commands, and reloads debugger
# symbols.
#
def parse_edii (self, edii, count):
index = 0
syms = []
while index != count:
entry = edii[index]
if entry['ImageInfoType'].dereference () == 1:
entry = entry['NormalImage']
self.parse_image(entry['LoadedImageProtocolInstance'], syms)
else:
print ('Skipping unknown EFI_DEBUG_IMAGE_INFO (Type 0x%x)' % \
entry['ImageInfoType'].dereference ())
index = index + 1
gdb.execute ("symbol-file")
print ('Loading new symbols...')
for sym in syms:
print (sym)
gdb.execute (sym)
#
# Parses EFI_DEBUG_IMAGE_INFO_TABLE_HEADER, in order to load
# image symbols.
#
def parse_dh (self, dh):
dh_t = self.ptype ('EFI_DEBUG_IMAGE_INFO_TABLE_HEADER')
dh = dh.cast (dh_t)
print ('DebugImageInfoTable @ 0x%x, 0x%x entries' \
% (int (dh['EfiDebugImageInfoTable']), dh['TableSize']))
if dh['UpdateStatus'] & self.DEBUG_IS_UPDATING:
print ('EfiDebugImageInfoTable update in progress, retry later')
return
self.parse_edii (dh['EfiDebugImageInfoTable'], dh['TableSize'])
#
# Parses EFI_SYSTEM_TABLE, in order to load image symbols.
#
def parse_est (self, est):
est_t = self.ptype ('EFI_SYSTEM_TABLE')
est = est.cast (est_t)
print ('Connected to %s (Rev. 0x%x)' % \
(self.parse_utf16 (est['FirmwareVendor']), \
int (est['FirmwareRevision'])))
print ('ConfigurationTable @ 0x%x, 0x%x entries' \
% (int (est['ConfigurationTable']), est['NumberOfTableEntries']))
dh = self.search_config(est['ConfigurationTable'],
est['NumberOfTableEntries'],
self.DEBUG_GUID)
if dh == self.EINVAL:
print ('No EFI_DEBUG_IMAGE_INFO_TABLE_HEADER')
return
self.parse_dh (dh)
#
# Usage information.
#
def usage (self):
print ('Usage: reload-uefi [-o] /path/to/GdbSyms.dll')
#
# Handler for reload-uefi.
#
def invoke (self, arg, from_tty):
args = arg.split(' ')
try:
opts, args = getopt.getopt(args, "o", ["offset-by-headers"])
except (getopt.GetoptError, err):
self.usage ()
return
for opt, arg in opts:
if opt == "-o":
self.offset_by_headers = True
if len(args) < 1:
self.usage ()
return
# FOR RPM PACKAGE substitute the path of the source code
gdb.execute ("set substitute-path "+source_path+" "+gdb_src_path)
gdb.execute ("symbol-file")
gdb.execute ("symbol-file %s" % args[0])
est = self.search_est ()
if est == self.EINVAL:
print ('No EFI_SYSTEM_TABLE...')
return
print ('EFI_SYSTEM_TABLE @ 0x%x' % est)
self.parse_est (est)
ReloadUefi ()

113
gen-key-enrollment-iso.sh Normal file
View File

@ -0,0 +1,113 @@
#!/bin/bash -e
# The script to generate the key enrollment iso file
# based on build_iso() in https://git.kraxel.org/cgit/jenkins/edk2/tree/edk2.git.spec
# Example: $0 X64 Shell.efi EnrollDefaultKeys.efi default key.iso
usage()
{
PROG_NAME=$1
echo "Usage: $PROG_NAME <Arch> <Shell> <Enroller> <Type> <ISO NAME>"
echo "ex: $PROG_NAME X64 Shell.efi EnrollDefaultKeys.efi default key.iso"
}
ARCH=$(echo $1 | tr '[:lower:'] '[:upper:]')
UEFI_SHELL_BINARY="$2"
ENROLLER_BINARY="$3"
TYPE="$4"
ISO_NAME="$5"
# Check the arguments
if [ x$ARCH != xX64 ] && [ x$ARCH != xAARCH64 ]; then
echo "Supported architecture: X64, AARCH64"
usage $0
exit 1
fi
if [ x$UEFI_SHELL_BINARY == x ] || [ ! -e "$UEFI_SHELL_BINARY" ]; then
echo "Please specify the UEFI shell binary"
usage $0
exit 1
fi
if [ x$ENROLLER_BINARY == x ] || [ ! -e "$ENROLLER_BINARY" ]; then
echo "Please specify the enroller binary"
usage $0
exit 1
fi
if [ x$TYPE == x ]; then
echo "Please specify the type of image: default or no-default"
usage $0
exit 1
fi
if [ x$ISO_NAME == x ]; then
echo "Please specify the name of output iso"
usage $0
exit 1
fi
ISO_PATH=$(realpath $ISO_NAME)
TMP_DIR=$(mktemp -d)
cp $UEFI_SHELL_BINARY $TMP_DIR/Shell.efi
cp $ENROLLER_BINARY $TMP_DIR/EnrollDefaultKeys.efi
UEFI_BOOT_EFI=$(
if [ $ARCH == "X64" ]; then
echo bootx64.efi
elif [ $ARCH == "AARCH64" ]; then
echo bootaa64.efi
else
exit 1
fi
)
UEFI_SHELL_SIZE=$(stat --format=%s -- "$UEFI_SHELL_BINARY")
ENROLLER_SIZE=$(stat --format=%s -- "$ENROLLER_BINARY")
START_SCRIPT=$TMP_DIR/"startup.nsh"
# Enter the first ESP
echo "fs0:" > $START_SCRIPT
# Enroll the keys
if [ $TYPE == "default" ]; then
echo "EnrollDefaultKeys.efi" >> $START_SCRIPT
else
echo "EnrollDefaultKeys.efi --no-default" >> $START_SCRIPT
fi
# Reset BootOrder
echo "setvar BootOrder -guid 8be4df61-93ca-11d2-aa0d-00e098032b8c -bs -rt -nv =" >> $START_SCRIPT
# Shutdown the system
echo "reset -s" >> $START_SCRIPT
UEFI_SHELL_IMAGE=uefi_shell_${ARCH}_${TYPE}.img
# Add 1MB then 10% for metadata
UEFI_SHELL_IMAGE_KB=$((
(UEFI_SHELL_SIZE + ENROLLER_SIZE +
1 * 1024 * 1024) * 11 / 10 / 1024
))
pushd $TMP_DIR
# Create non-partitioned FAT image
rm -f -- "$UEFI_SHELL_IMAGE"
/usr/sbin/mkdosfs -C "$UEFI_SHELL_IMAGE" -n UEFI_SHELL -- "$UEFI_SHELL_IMAGE_KB"
export MTOOLS_SKIP_CHECK=1
mmd -i "$UEFI_SHELL_IMAGE" ::efi
mmd -i "$UEFI_SHELL_IMAGE" ::efi/boot
mcopy -i "$UEFI_SHELL_IMAGE" Shell.efi ::efi/boot/$UEFI_BOOT_EFI
mcopy -i "$UEFI_SHELL_IMAGE" "$START_SCRIPT" ::efi/boot/startup.nsh
mcopy -i "$UEFI_SHELL_IMAGE" EnrollDefaultKeys.efi ::EnrollDefaultKeys.efi
mdir -i "$UEFI_SHELL_IMAGE" -/ ::
# build ISO with FAT image file as El Torito EFI boot image
mkisofs -input-charset ASCII -J -rational-rock \
-eltorito-platform efi -eltorito-boot "$UEFI_SHELL_IMAGE" \
-no-emul-boot -o "$ISO_PATH" -- "$UEFI_SHELL_IMAGE"
popd
#rm -rf $TMP_DIR

BIN
oniguruma-v6.9.4_mark1-src.tar.xz (Stored with Git LFS) Normal file

Binary file not shown.

View File

@ -0,0 +1,26 @@
-----BEGIN CERTIFICATE-----
MIIEdDCCA1ygAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgTEgMB4GA1UEAwwXb3Bl
blNVU0UgU2VjdXJlIEJvb3QgQ0ExCzAJBgNVBAYTAkRFMRIwEAYDVQQHDAlOdXJl
bWJlcmcxGTAXBgNVBAoMEG9wZW5TVVNFIFByb2plY3QxITAfBgkqhkiG9w0BCQEW
EmJ1aWxkQG9wZW5zdXNlLm9yZzAeFw0xMzA4MjYxNjEyMDdaFw0zNTA3MjIxNjEy
MDdaMIGBMSAwHgYDVQQDDBdvcGVuU1VTRSBTZWN1cmUgQm9vdCBDQTELMAkGA1UE
BhMCREUxEjAQBgNVBAcMCU51cmVtYmVyZzEZMBcGA1UECgwQb3BlblNVU0UgUHJv
amVjdDEhMB8GCSqGSIb3DQEJARYSYnVpbGRAb3BlbnN1c2Uub3JnMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3t9hknqk/oPRfTtoDrGn8E6Sk/xHPnAt
Tojcmp76M7Sm2w4jwQ2owdVlBIQE/zpIGE85MuTKTvkEnp8PzSBdYaunANil/yt/
vuhHwy9bAsi73o4a6UbThu//iJmQ6xCJuIs/PqgHxlV6btNf/IM8PRbtJsUTc5Kx
cB4ilcgAbCV2RvGi2dCwmGgPpy2xDWeJypRK6hLFkVV2f2x6LvkYiZ/49CRD1TVq
ywAOLu1L4l0J2BuXcJmeWm+mgaidqVh2fWlxgtO6OpZDm/DaFcZO6cgVuenLx+Rx
zuoQG2vEKnABqVK0F94AUs995P0PTQMYspAo1G/Erla8NmBJRotrCwIDAQABo4H0
MIHxMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFGhCYA3iLExHfpW+I9/qlRPl
lxdiMIGuBgNVHSMEgaYwgaOAFGhCYA3iLExHfpW+I9/qlRPllxdioYGHpIGEMIGB
MSAwHgYDVQQDDBdvcGVuU1VTRSBTZWN1cmUgQm9vdCBDQTELMAkGA1UEBhMCREUx
EjAQBgNVBAcMCU51cmVtYmVyZzEZMBcGA1UECgwQb3BlblNVU0UgUHJvamVjdDEh
MB8GCSqGSIb3DQEJARYSYnVpbGRAb3BlbnN1c2Uub3JnggEBMA4GA1UdDwEB/wQE
AwIBhjANBgkqhkiG9w0BAQsFAAOCAQEAiqOJwo7Z+YIL8zPO6RkXF6NlgM0zrgZR
Vim2OId79J38KI6q4FMSDjpgxwbYOmF2O3cI9JSkjHxHOpnYhJsXzCBiLuJ25MY2
DSbpLlM1Cvs6NZNFw5OCwQvzCOlXH1k3qdBsafto6n87r9P3WSeO1MeWc/QMCvc+
5K9sjMd6bwl59EEf428R+z5ssaB75JK3yvky9d7DsHN947OCXc3sYdz+DD7Gteds
LV2Sc//tqmqpm2aeXjptcLAxwM7fLyEQaAyH83egMzEKDxX27jKIxZpTcc0NGqEo
idC/9lasSzs2BisBxevl3HKDPZSsKIMT+8FdJ5wT9jJf9h9Ktz5Tig==
-----END CERTIFICATE-----

View File

@ -0,0 +1,27 @@
-----BEGIN CERTIFICATE-----
MIIEjTCCA3WgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgTEgMB4GA1UEAwwXb3Bl
blNVU0UgU2VjdXJlIEJvb3QgQ0ExCzAJBgNVBAYTAkRFMRIwEAYDVQQHDAlOdXJl
bWJlcmcxGTAXBgNVBAoMEG9wZW5TVVNFIFByb2plY3QxITAfBgkqhkiG9w0BCQEW
EmJ1aWxkQG9wZW5zdXNlLm9yZzAeFw0xMzA4MjYxNjE4MzdaFw0yMzA3MDUxNjE4
MzdaMIGGMSUwIwYDVQQDDBxvcGVuU1VTRSBTZWN1cmUgQm9vdCBTaWdua2V5MQsw
CQYDVQQGEwJERTESMBAGA1UEBwwJTnVyZW1iZXJnMRkwFwYDVQQKDBBvcGVuU1VT
RSBQcm9qZWN0MSEwHwYJKoZIhvcNAQkBFhJidWlsZEBvcGVuc3VzZS5vcmcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLNeCcz9j3S+vjlCzyEXczhpwo
HRneRWkhXqCUSgu1QS5nAWuRdjqFZipji4cr6JSKEm4lE7AHPygrdiU+KbJVQuc7
RCQdt5kyy0TStIjLqU+nswa+XKruKwQJquxYY1rIYsfZaEP7vQ6S/0zsAkS8lcmf
0b4h+PSybVoK1U2YZczBjO/f8p/aRQV2+RrAi9UcBfLAuEqwEt9DytULGEazA77N
p9cBgPHFyu7ZOh9KM31QAavXOkhuYllzYh447zIx7lgYfVkFivt91A1enUeb2K+2
EZ885xOE5ADsCpeJIpDzFObfwXUHrSQ42OCP9rnA20XjboFcHinQeK5sp0sfAgMB
AAGjggEHMIIBAzAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQDMvqcvw2IvyGSSw3o
KgmlTV3vyDCBrgYDVR0jBIGmMIGjgBRoQmAN4ixMR36VviPf6pUT5ZcXYqGBh6SB
hDCBgTEgMB4GA1UEAwwXb3BlblNVU0UgU2VjdXJlIEJvb3QgQ0ExCzAJBgNVBAYT
AkRFMRIwEAYDVQQHDAlOdXJlbWJlcmcxGTAXBgNVBAoMEG9wZW5TVVNFIFByb2pl
Y3QxITAfBgkqhkiG9w0BCQEWEmJ1aWxkQG9wZW5zdXNlLm9yZ4IBATAOBgNVHQ8B
Af8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwMwDQYJKoZIhvcNAQELBQADggEB
AI3sxNvPFB/+Cjj9GVCvNbaOGFV+5X6Dd7ZMJat0xI93GS+FvUOO1i53iCpnfSld
gE+2chifX2W3u6RyiJTTfwke4EVU4GWjFy78WwwszCih0byVa/YSQguvPuMjvQY6
mw+exom0ri68328yWb1oCDaPOhI9Fr51hj50yUWWBbmpu2YPi5blN6CBE+9B2cbp
HVDPxoUWjYJ9leK951nfSu0E1+cLNYDpZ39h4dBHNvU1a3AueVKIXyEYaiwy0VDS
8CQJluUCE4eLlt/cbJqMs0/iY7nRnbVOOyZUYTYxq7ACvDrMyStkfdR4KLDzvLWo
8Gu+1aY2qw6wZ+TKiiRRYjQ=
-----END CERTIFICATE-----

BIN
openssl-1.1.1t.tar.gz (Stored with Git LFS) Normal file

Binary file not shown.

16
openssl-1.1.1t.tar.gz.asc Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEeVOsH7w9yLOykjk+1enkP3357owFAmPiVA4ACgkQ1enkP335
7owO9Q/+I6mvbNQeSgpOaOu//sVRGVkOD9pfZJsxZJtQuiYPQtXLlwkZyoh3Ft8b
Gty7sC6zXwWA2sbo4LGeum3jnjb7nb/x3+5O8KARPLFRpy2/4okL3uZnAw8Pr5ps
8VjCEIm9l9UmuWNZPWRQZPtup6Uz5u97/kVLQE17qFQW1bwiUixR+Yc+ICyW/hUQ
F13tbV2GVkoVdJKwD9UpwAs6ft0+faXtkEASNyLykcrTbGbBPVVpieXiH/Vuv6BX
1Ax/oBR5Xem9bGSZkCa5KZMDOqR08GUEA1zqa9Hh8VN4hH11w0cjyKPK9U6dQmAH
P6clMEtbNMYPr3pHO4Ufgwf0OzdnLfxIf8qCiqQcNLmBnCG0NHM0/8zJmiGg1O6r
Fy0P9/nSQ5CIT3t27Xcn8RciwTR7YClEyBtNGS1JdDzGJmomTqmxBns/QyZyKtlG
V+7IsNfUBVdCF4AUP7BRC+SkHf/2/fDyCPETg27AQz/iOUC9KU0DgKLQtmnnRKk0
Uz49l/WSVJARzPS5y55o8NUEv/QhnSct2eGjYeO3RiikuHDVQoH9R663G6E1koMq
fahxEs0FX39hALOt/CVisZ/H8trIy3r3Buc7EmqLHj/Q40I5IJA9ZCzi1e8UviQV
pQpkVru5VJVwNsm8KB/aBOm6J00mi2kbXMPrW1zwfmJAwt+iSJ4=
=nNu+
-----END PGP SIGNATURE-----

94
openssl.keyring Normal file
View File

@ -0,0 +1,94 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: 7953 AC1F BC3D C8B3 B292 393E D5E9 E43F 7DF9 EE8C
Comment: Richard Levitte <levitte@lp.se>
Comment: Richard Levitte <levitte@openssl.org>
Comment: Richard Levitte <richard@levitte.org>
xsFNBFQwazYBEAC01v949yFYzwbn0UkEkM3MHTrDqWbp+erhXqdVD5ymG/pXvmqx
5KlxL1TZMuWEFuaq9EVkW8Wm5glk4D14IalIVKARAMDwqgNrPnw0GCAmNIf+Omvl
G7gdsSR93eALJp1vvKZpeEVZj0M0gQ1i4QIIR8PMqs+2jaYyed4HhRYzUbGKZMnr
94Onby8FIAYq0B79VqBv5NfMc2KEKrLXwuDSjtZd2TGB7qeLF7sCczyFoi5XTj+B
iVfdxCzoYEa1Rjp5hGllVj85w2DdfKED/BW7VCel4H+WTZGqTFQ1e3kPo1KdqlwD
F+Ci2JFU6myPy0LpHrNhn6FsdQGOuRKgYPycol7VzJHKtcGNMDkUFGV2DsgljQuW
Sj5TNNX5umFCIIN94eLvHtV9bXP98yKB/5pr2JhagL6kdU7OE0c/mugA05gGQTUJ
DeLNsRq54YC+CLyM9dxMvH7yB43yMfUvgKcSRt0sHUo8g5aOYdFq0SXQUr8+t/iH
3t5/JxhqBik8FBiu0aISsTDUbvbxQQQe/LhfR+FWDZRFwHOL0VELapfw1whitGG+
y+F9fQIJfa5yzEiC9AWYZjHRaFB7q6LAvF0V8vP+pkT157fTK63W53mt1+VPMt2L
732i+/Cqy/6HzwOdnNnNyfEdvm2Jojs8KXN20vChnfUGifvTjxuiFib9sQARAQAB
zR9SaWNoYXJkIExldml0dGUgPGxldml0dGVAbHAuc2U+wsGPBBMBAgAiBQJUMGwd
AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAhCRDV6eQ/ffnujBYhBHlTrB+8
PcizspI5PtXp5D99+e6Mq7QP/iNhBEDJYRTrYc6JAmRIg6YyiKjeOx8kXtVCe9+q
CzC+Y9ehyZB5Dyl0Ybej9jNJdEDJzDHKzVwU4NrfefcTWqUOQDNbpClGtXcQHlUt
hjREPWpyAEH1OhD5NDTSMI5YYKZDEfiN6oEpWlc7WK0mXZuY5mHOo0B3yNDfV845
+7CGPK9zuE56/f9SLmCaFsCkNMGbvV4ybLRoBfZdnC5NPOKyJXQ0TG0CbxGMgIN5
cOrBphU+ZrPYY+p4jEoD5rvFugQl4+oRsvxygpJV5t8pe1ihNMhmzu3CpRtMjmRA
dzK+27Z8p7m8BORuoC+NbXVpcmjIueXDkYdxP+09qUyw8xE398tAuEXpbCVoQ68b
6NDCBpowgvUu34zxDn0wKdt2YGHB6z7Kl7b8RycWG3Y8u/Hs+l6QehEmiy6UKXl7
zW3PIi3192WzElUi7TtG/btqC6YPs0U3SQMkNWzwkjbKM9bC4gPFMK05a8QENc66
M+USWjNg0TiAkGP9PDlpYyhtjicCTgL51lDm8LBXr9cbzvXav7Jc6NVh7Zby89r1
DsPFzfDkccOX6nSnqYMISmvRUGrGfgrkeeM0MNu93aPTrs+0fxq+HJIZEhX/YCyQ
N4jqM+hQGh9bOwM7BacaP9F9vnq2hDK2WIXlWChX9Q70xArViJqzI8/76Ph1inPb
jbJczSVSaWNoYXJkIExldml0dGUgPGxldml0dGVAb3BlbnNzbC5vcmc+wsGPBBMB
AgAiBQJUMGwKAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAhCRDV6eQ/ffnu
jBYhBHlTrB+8PcizspI5PtXp5D99+e6M1bAP/0byoJMiMsswapbBypQCT/vQmaoX
jZzNcU4qAKlB5EMlHkxl1T8ytEXxmNMd/e0ltV9HALeBqX1eYHS7oTG3rMXKuYVY
TO19eM2wLiCW664EUtOsB9zAnpp6X+8UWMoNEpWlEHgkdlADQ0xIrrH3pt29SAbd
x0QsvwkWPawEoKMoUiGPnVY4hAt7Xx9gDmWEa2T6tExd9soBBTIuIpTH3MbAEHsv
nBbdyarNltGF/pXYGMmGaYmU0WujqKzqpBpy3zwd0Rx1Kms5e0ZcypVzqx3Xgcue
W8fbMPTZbG+Z922GUFDJ139WjAA2FsMJ9ES7XIIoJh/4nfBwk+PXcj29TieDnl2r
d4x7Yxnqp4Vzau+IARz9Vr1OIFVlQbaSdXfmDFi/fvVf9CJZnWwcSwkqp4pk50Zy
nEA+8TzEQj08jdj0+yrJNvbRxqbIafzSmoU77bANs4gc0WOdTTpvv4honUQROARp
G/JT47hE7ATVGNdF7bmWNEyEYFtZMdGP0xD+K0xEgsir65aruVixVrNKxOX9wqx6
JGzHTSTgtAVYAvMIsWJTLuCXZbMRmmmmubfyVaMAisz5UIYD+TCPncuJ1dMUW9WI
uLNFGLTRGHri01EWe2epaHZWA0WB0cQZaeGpc7C986WskDi9SA9ZzCIGW4oQIBQX
lRJjjYxIBCnjxtUWzSVSaWNoYXJkIExldml0dGUgPHJpY2hhcmRAbGV2aXR0ZS5v
cmc+wsGSBBMBAgAlAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAUCVDBtJgIZ
AQAhCRDV6eQ/ffnujBYhBHlTrB+8PcizspI5PtXp5D99+e6MmN0P/AmpB8DasBnj
h9fAlBM8kEZ23MHVdEguPWX8KBML4L6eVlWRn7hdfpvOS90Ll5LTdtWPAQs8lDYh
4V86hIYgLK9tisZyby+5NT4dEl6CXgHbRjdDbp0xKfGc5F9jWzPZpG8ZdDz6Zbvd
ooy/4ThXNS16HcsJRckan6oFjCNAWSNpXDYcLtA7+9ncimrC/C+kGYlyPWJGYZu1
C3I+oL3+qWwiqAG9hp/zedsIsNP7o24wb0SgD0dTzphmOAPwTRfGS2DHhpbAH9P6
MZPiFBRGsARRRFfTRGkzI9W1M4bv9l/L8s6STpjD8+40f+aUE8cyUcNj1ycyRGFA
nwf5MeO3MqzvjocoUyoZNc4t7/6rh6sceFjgMt/DFFZbi3kvz9cJBcaN6TWWktd4
+1WmLxwcF0n3xaB04KCvXTaBZ5f/Hz5D4O8HyYsS6GlW6yIUiuAOvav8WizaTMbY
k81XfXBuBKv7Vxk0fRYf9+HJ7fyWyIlIN9FqrSiiopA3JR+8gP8ueFcycmLnl2D9
fyZn/sv+UCLrMR6fyD/5EtzgzW0AJ8BDJw5n7ctmZ6UhuasDZZMPC2uB9LVhpQ8W
3mDDxJoaYe5bE2p0ca+mwEHZQpbpjmtT/2x5rGFZYxBUOhuGn/94zEYSqLLDirlF
IEUgucXLOLQHyEl+kEkCLEmSbn71WsM8wsGPBBMBAgAiBQJUMGs2AhsDBgsJCAcD
AgYVCAIJCgsEFgIDAQIeAQIXgAAhCRDV6eQ/ffnujBYhBHlTrB+8PcizspI5PtXp
5D99+e6MbdMP/1yj/fl/t8sl6ZH8v26uBBLSUeZPJYef9TCoe6akV//x4JLujB8y
dGGW8bToC680zpuYlNn+avMwmjyocPwe7Cqgev6AyO+CjspoodM9Xai0y10CAHCl
vGAW8mX7c79jtLcMB/Z/0+5u4ErkzfwyURRpB5deLcQ4LhyRVZbLQ72fdCrmPYzO
e6Rhmfr9nWKL/oHDTLDUtRjAXdurI8YQKK9nCtbsM2uytvYkzpD2wx0B16rB7N04
QLJBNDyOUJwnm4K+Xt9LLs8NUJ8JXCdwXKXGrFFbt2b3vmy0y4/NR5AUoS444ao5
1mybA19WkCcCj5mSKmfZ9Dfbv6K3JCJx4ra5uJT2HP2M3NugtumQ1KPBUlNApVC6
u+Vn7SMqFW/KFRCxOjXDWWU+F4prqzOVc5SYqIUOk7XVxgj1FBryw5Wel5iq1Bn8
La1Fv3Hs/+pUKHRYYIC48kRET7h6oCmBiNn+XmU0A2qZnIyblmVpmfYftj3UWUC0
S86qf/dRi8unTXYl8qEQyOSPz8g6t2RDgEsJOzKhiO+j+wcBYVOgrSgsawC8yxjA
zfVwkprUJognVBJFCv4sKMb9wg99iEacI6O401w3FQy5FyokjmxXzrhn0UPj3t35
wd81WZ5HWaBSLnBo8HklfDyaybPlXODldSI7OGOch/0/CZEQzQwzsmnazsFNBFQw
azYBEADPNcBdaXTUwkG81K9NRKsKGVZ1coVRxkOx2+VD2THTY45sBx9MGmQsmSpj
U45kx/wO5KiTVj+bM+scSzwNgERqLiyf/2hgOIDYaoyKSfAfIVCmm5pSa2Ad01RV
9qT3i0eSSpa1Kpx8eAHKcVsDsWb2ZCd8/MI9778cCjrCbPI4o9zEVK+fjtmYKtdk
HsEoMSVU6Jy86E908OLaJbOeo1a7bSKs4tU8zGWAX+ddY5Cb+w3cHQb4QheDWZHM
el8ZcEgTah7huS6lUA4seQnTKXHmkIZ+uNtB3gFMKso/6GoOGZnUTk8dPY3POLY1
nbMQ/dEvMQpFxLCOBNQP0lhO4DGP0KuwLXzq2XAxrylX5tY0bNmZKLTjhi4CbKAt
c/+iwMUkQQXJRw7Vlp9Fp9ogOvzx/YlMaZQZZixg5uN2b4UD5cWliHn4Aq7DkTzQ
Je31m7sezA3cLnFR86ol2X77y79n0GRjGsMa+b+e9NRWNKs28JiCPF3ya31Kk+3+
sjauCZQW3KYx31Il5bO3ulLHOtxhSkCUHx5sJ81NJIhZFr+7yAel/ECCiT9KbVbh
ddJBHsd7GNkwzb1QivcqnYiBW9QzXkQ+xAKHfS7YM5ooYcg6G7jw89/W0xznnGiz
5JTjMkj1s9cppQ8tdqiV4Uemvx/96Nr5F7n++UJZ7Oval9/zswARAQABwsF2BBgB
AgAJBQJUMGs2AhsMACEJENXp5D99+e6MFiEEeVOsH7w9yLOykjk+1enkP3357ozr
2A//YzMQJ6Mo+/SU328dOeoseI/sFypuK882pPhXfJqX8l8H1zyHbKWy5lLLiv1M
oNOC/8pWbpv2QlWyN3PKrB6srClnpPyiHIO37/lQBcpjvAfy9HWpl21FDxn9Ruxn
a/IMYwq60EjE5h8NynNn57vydF3qTcTqkhtHW61L3vbBAcz9VMSay9QVm1f6qzM5
WbbLxp1sfNjQWKSo381kjs1Vj7yCTBrJul3qSeX0CsRB7WF5VYMalpNTHPRIqCWp
zTMcO3E5SSGIJy+AqwAZZvFiylGrSsux6TnVEVJ07s0nn1yj3q7Ii7av+waGmTf7
9B0AyZv0IZ4j4NUWFNnGhsG1bEumFLkQl7Id/M61k0yKOusHdzDcZbCzecyww1w3
WD+j4wvGkfBy4mQRqLiyjutsN/dpxRRkULATME+TH9J5eNq0A5sRRaayEiA1TDcA
WfF0PtA4smNy1GyIarobC+xn8AENi4eeYZBbfDfh8oRhEsICQ6rs098wiYz8jtZ/
pOruzbiD7ZKDy+vjKtYqgjGnioHQalJCZrKTUnREpH102pg1Cw6v2OcjiXsqU5L7
Yrhv1jQIluII051VIJ/QBWe5uT7YiJOsMLMQGWvkObPXEYLld2UF6hK6MH4epkwV
/w1uNqnlvIeEFgHTKmSHvfwlAF64lUiDCUdWExXybKkE2NY=
=1H60
-----END PGP PUBLIC KEY BLOCK-----

63
openssl.keyring.README Normal file
View File

@ -0,0 +1,63 @@
Upgrade openssl tarball
======================
Sometimes you need also update openssl source code tarball when
upgrading EDK2 source code. Normally you should see similar patch
commit in EDK2 git repo:
commit 4ca4041b0dbb310109d9cb047ed428a0082df395
Author: Sheng Wei <w.sheng@intel.com>
Date: Tue Feb 28 10:43:57 2023 +0800
CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1t
Then you will need to update openssl-%{openssl_version}.tar.gz and
openssl-%{openssl_version}.tar.gz.asc signature. You can find them
from https://www.openssl.org/source/old/1.1.1/
e.g.
https://www.openssl.org/source/old/1.1.1/openssl-1.1.1t.tar.gz
https://www.openssl.org/source/old/1.1.1/openssl-1.1.1t.tar.gz.asc
Update the key of signature for tarball
----------------------------------------
You will use "osc ci" command to commit new openssl tarball to OBS.
But sometimes you will see fail like this:
ovmf> osc ci -m "Upgrade OpenSSL to 1.1.1t"
- package has ovmf-rpmlintrc: (unchanged)
gpg: Signature made Tue 07 Feb 2023 09:37:18 PM CST
gpg: using RSA key 7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C
gpg: Can't check signature: No public key
ERROR: signature ovmf/openssl-1.1.1t.tar.gz.asc does not validate
It means that osc caommand didn't find corresponding key to validate
openssl-%{openssl_version}.tar.gz.asc. It will stop to submit your change
to OBS.
In the above example, it indicates that the signature is using RSA key
7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C. You should go to openssl's
"OpenSSL Technical Committee" page to download the corresponding key
to local. In this case:
https://www.openssl.org/community/otc.html
Richard Levitte (I) 7953 AC1F BC3D C8B3 B292 393E D5E9 E43F 7DF9 EE8C
Then you just use downloaded key to overwrite openssl.keyring file.
e.g.
ovmf> cp 7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C openssl.keyring
Then the osc verification of openssl-%{openssl_version}.tar.gz.asc will pass.
Like this:
ovmf> osc ci -m "Upgrade OpenSSL to 1.1.1t"
(W) Attention, 7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C is not mentioned in spec files as source or patch.
###ASK ovmf/7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C
- package has ovmf-rpmlintrc: (unchanged)
gpg: Signature made Tue 07 Feb 2023 09:37:18 PM CST
gpg: using RSA key 7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C
gpg: Good signature from "Richard Levitte <richard@levitte.org>" [unknown]
gpg: aka "Richard Levitte <levitte@lp.se>" [unknown]
gpg: aka "Richard Levitte <levitte@openssl.org>" [unknown]
Please maintain the openssl.keyring file in ovmf package with new openssl
tarball and signature.

View File

@ -0,0 +1,13 @@
Index: edk2-edk2-stable202305/ArmVirtPkg/ArmVirt.dsc.inc
===================================================================
--- edk2-edk2-stable202305.orig/ArmVirtPkg/ArmVirt.dsc.inc
+++ edk2-edk2-stable202305/ArmVirtPkg/ArmVirt.dsc.inc
@@ -365,7 +365,7 @@
# reserved ones, with the exception of LoaderData regions, of which OS loaders
# (i.e., GRUB) may assume that its contents are executable.
#
- gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xC000000000007FD5
+ gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xC000000000007FD1
gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard|TRUE

View File

@ -0,0 +1,60 @@
From b8324bc3d5d44e5b1644a66f1b6e07b6e4ad9350 Mon Sep 17 00:00:00 2001
From: "Lee, Chun-Yi" <jlee@suse.com>
Date: Wed, 15 Feb 2023 14:39:37 +0800
Subject: [PATCH] Revert "OvmfPkg/OvmfXen: Set PcdFSBClock"
This reverts commit 71cdb91f313380152d7bf38cfeebe76f5b2d39ac.
---
OvmfPkg/OvmfXen.dsc | 4 +++-
OvmfPkg/XenPlatformPei/Xen.c | 4 ----
OvmfPkg/XenPlatformPei/XenPlatformPei.inf | 1 -
3 files changed, 3 insertions(+), 6 deletions(-)
Index: edk2-edk2-stable202302/OvmfPkg/OvmfXen.dsc
===================================================================
--- edk2-edk2-stable202302.orig/OvmfPkg/OvmfXen.dsc
+++ edk2-edk2-stable202302/OvmfPkg/OvmfXen.dsc
@@ -456,6 +456,9 @@
# Point to the MdeModulePkg/Application/UiApp/UiApp.inf
gEfiMdeModulePkgTokenSpaceGuid.PcdBootManagerMenuFile|{ 0x21, 0xaa, 0x2c, 0x46, 0x14, 0x76, 0x03, 0x45, 0x83, 0x6e, 0x8a, 0xb6, 0xf4, 0x66, 0x23, 0x31 }
+ ## Xen vlapic's frequence is 100 MHz
+ gEfiMdePkgTokenSpaceGuid.PcdFSBClock|100000000
+
# We populate DXE IPL tables with 1G pages preferably on Xen
gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable|TRUE
@@ -486,7 +489,6 @@
gUefiOvmfPkgTokenSpaceGuid.PcdPciMmio64Base|0x0
gUefiOvmfPkgTokenSpaceGuid.PcdPciMmio64Size|0x800000000
- gEfiMdePkgTokenSpaceGuid.PcdFSBClock|100000000
gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut|0
# Set video resolution for text setup.
Index: edk2-edk2-stable202302/OvmfPkg/XenPlatformPei/Xen.c
===================================================================
--- edk2-edk2-stable202302.orig/OvmfPkg/XenPlatformPei/Xen.c
+++ edk2-edk2-stable202302/OvmfPkg/XenPlatformPei/Xen.c
@@ -634,9 +634,5 @@ CalibrateLapicTimer (
Freq = DivU64x64Remainder (Dividend, TscTick2 - TscTick, NULL);
DEBUG ((DEBUG_INFO, "APIC Freq % 8lu Hz\n", Freq));
- ASSERT (Freq <= MAX_UINT32);
- Status = PcdSet32S (PcdFSBClock, (UINT32)Freq);
- ASSERT_EFI_ERROR (Status);
-
UnmapXenPage (SharedInfo);
}
Index: edk2-edk2-stable202302/OvmfPkg/XenPlatformPei/XenPlatformPei.inf
===================================================================
--- edk2-edk2-stable202302.orig/OvmfPkg/XenPlatformPei/XenPlatformPei.inf
+++ edk2-edk2-stable202302/OvmfPkg/XenPlatformPei/XenPlatformPei.inf
@@ -86,7 +86,6 @@
gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode
gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable
gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask
- gEfiMdePkgTokenSpaceGuid.PcdFSBClock
gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy
gUefiCpuPkgTokenSpaceGuid.PcdCpuLocalApicBaseAddress

View File

@ -0,0 +1,28 @@
From 5b3a40038886774228826b42c9aa3c9645a799a9 Mon Sep 17 00:00:00 2001
From: "Lee, Chun-Yi" <jlee@suse.com>
Date: Wed, 15 Mar 2023 17:21:25 +0800
Subject: [PATCH 6/6] Revert "OvmfPkg/PlatformInitLib: dynamic mmio window
size"
This reverts commit ecb778d0ac62560aa172786ba19521f27bc3f650.
Joey Lee:
Only revert one line to keep this workaround patch simple. Because
bsc#1205588 is a SUSE specific issue.
---
OvmfPkg/Library/PlatformInitLib/MemDetect.c | 28 ---------------------
1 file changed, 28 deletions(-)
Index: edk2-edk2-stable202305/OvmfPkg/Library/PlatformInitLib/MemDetect.c
===================================================================
--- edk2-edk2-stable202305.orig/OvmfPkg/Library/PlatformInitLib/MemDetect.c
+++ edk2-edk2-stable202305/OvmfPkg/Library/PlatformInitLib/MemDetect.c
@@ -855,7 +855,6 @@ PlatformAddressWidthInitialization (
PlatformAddressWidthFromCpuid (PlatformInfoHob, TRUE);
if (PlatformInfoHob->PhysMemAddressWidth != 0) {
// physical address width is known
- PlatformDynamicMmioWindow (PlatformInfoHob);
return;
}

View File

@ -0,0 +1,51 @@
From 251820bfcd28abecf8a67ee94d82c8ab47547b0b Mon Sep 17 00:00:00 2001
From: Joey Lee <jlee@suse.com>
Date: Mon, 20 Mar 2023 13:14:57 +0100
Subject: [PATCH] Revert "OvmfPkg/PlatformPei: Update
ReserveEmuVariableNvStore"
This reverts commit 58eb8517ad7b56574f8f04b770a59a9cbed796c4.
(bsc#1209266)
Signed-off-by: Joey Lee <jlee@suse.com>
---
OvmfPkg/PlatformPei/Platform.c | 25 ++++++++++++++++++-------
1 file changed, 18 insertions(+), 7 deletions(-)
Index: edk2-edk2-stable202305/OvmfPkg/PlatformPei/Platform.c
===================================================================
--- edk2-edk2-stable202305.orig/OvmfPkg/PlatformPei/Platform.c
+++ edk2-edk2-stable202305/OvmfPkg/PlatformPei/Platform.c
@@ -219,14 +219,24 @@ ReserveEmuVariableNvStore (
EFI_PHYSICAL_ADDRESS VariableStore;
RETURN_STATUS PcdStatus;
- VariableStore = (EFI_PHYSICAL_ADDRESS)(UINTN)PlatformReserveEmuVariableNvStore ();
- PcdStatus = PcdSet64S (PcdEmuVariableNvStoreReserved, VariableStore);
-
- if (FeaturePcdGet (PcdSecureBootSupported)) {
- // restore emulated VarStore from pristine ROM copy
- PlatformInitEmuVariableNvStore ((VOID *)(UINTN)VariableStore);
- }
-
+ //
+ // Allocate storage for NV variables early on so it will be
+ // at a consistent address. Since VM memory is preserved
+ // across reboots, this allows the NV variable storage to survive
+ // a VM reboot.
+ //
+ VariableStore =
+ (EFI_PHYSICAL_ADDRESS)(UINTN)
+ AllocateRuntimePages (
+ EFI_SIZE_TO_PAGES (2 * PcdGet32 (PcdFlashNvStorageFtwSpareSize))
+ );
+ DEBUG ((
+ DEBUG_INFO,
+ "Reserved variable store memory: 0x%lX; size: %dkb\n",
+ VariableStore,
+ (2 * PcdGet32 (PcdFlashNvStorageFtwSpareSize)) / 1024
+ ));
+ PcdStatus = PcdSet64S (PcdEmuVariableNvStoreReserved, VariableStore);
ASSERT_RETURN_ERROR (PcdStatus);
}

90
ovmf-build-funcs.sh Normal file
View File

@ -0,0 +1,90 @@
#!/bin/bash
# Generate PK/KEK OEM strings
pkkek_oemstr()
{
local CERT_FILE=$1
sed \
-e 's/^-----BEGIN CERTIFICATE-----$/4e32566d-8e9e-4f52-81d3-5bb9715f9727:/' \
-e '/^-----END CERTIFICATE-----$/d' \
$CERT_FILE \
| tr -d '\n'
}
# Build the varstore template
build_template()
{
local ARCH=$(echo $1 | tr '[:lower:'] '[:upper:]')
local PREFIX="$2"
local KEY="$3"
local PKKEK_FILE="$4"
local ISO_FILE="$5"
local TYPE="$6"
# QEMU parameters
# pflash parameters
local PFLASH=""
if [ $TYPE == "separate" ]; then
local FW_CODE_ORIG="${PREFIX}-code.bin"
local FW_VARS_ORIG="${PREFIX}-vars.bin"
local FW_CODE="${PREFIX}-${KEY}-code.bin"
local FW_VARS="${PREFIX}-${KEY}-vars.bin"
local PFLASH_CODE="-drive if=pflash,format=raw,unit=0,readonly=on,file=$FW_CODE"
local PFLASH_VARS="-drive if=pflash,format=raw,unit=1,file=$FW_VARS"
ln -s "$FW_CODE_ORIG" "$FW_CODE"
cp "$FW_VARS_ORIG" "$FW_VARS"
PFLASH="$PFLASH_CODE $PFLASH_VARS"
elif [ $TYPE == "unified" ]; then
local UNIFIED_FW_ORIG="${PREFIX}.bin"
local UNIFIED_FW="${PREFIX}-${KEY}.bin"
cp "$UNIFIED_FW_ORIG" "$UNIFIED_FW"
PFLASH="-drive if=pflash,format=raw,unit=0,file=$UNIFIED_FW"
fi
# smbios parameters for PK and KEK
local SMBIOS="-smbios type=11,value=$(pkkek_oemstr $PKKEK_FILE)"
# memory: 256MB
local MEMORY="-m 256"
# kvm
local FW_CFG="-fw_cfg name=opt/org.tianocore/X-Cpuhp-Bugcheck-Override,string=yes"
# redirect display to stdio and disable network
local MISC="-display none -no-user-config -nodefaults -smp 1"
MISC="$MISC -serial stdio"
# set cdrom device
local CDROM="-device virtio-scsi-pci,id=scsi0"
CDROM="$CDROM -device scsi-cd,drive=cd0,bus=scsi0.0,bootindex=0"
CDROM="$CDROM -drive media=cdrom,if=none,id=cd0,format=raw,readonly=on"
CDROM="$CDROM,file=${ISO_FILE}"
if [ $ARCH == "X64" ]; then
# qemu command
local QEMU="qemu-system-x86_64"
# machine parameters
local MACHINE="-machine q35"
if [[ "$PREFIX" == *"-smm" ]]; then
MACHINE="$MACHINE,smm=on,accel=tcg"
MACHINE="$MACHINE -global driver=cfi.pflash01,property=secure,value=on"
MACHINE="$MACHINE -global ICH9-LPC.disable_s3=1"
fi
MACHINE="$MACHINE -chardev pty,id=charserial1"
MACHINE="$MACHINE -device isa-serial,chardev=charserial1,id=serial1"
elif [ $ARCH == "AARCH64" ]; then
# qemu command
local QEMU="qemu-system-aarch64"
# machine parameters
local MACHINE="-cpu cortex-a57 -machine virt"
fi
# Launch the VM
$QEMU $MACHINE $MEMORY $FW_CFG $PFLASH $SMBIOS $CDROM $MISC
}

54
ovmf-disable-brotli.patch Normal file
View File

@ -0,0 +1,54 @@
From 278d7e48deeaf8fcf2ac347a452c4e7ca0389007 Mon Sep 17 00:00:00 2001
From: Gary Lin <glin@suse.com>
Date: Thu, 1 Apr 2021 17:25:59 +0800
Subject: [PATCH 1/1] Disable brotli
The brotli compression/decompression function was never used and it
requires additional source tarball for packaging. Remove brotli from
building for good.
Signed-off-by: Gary Lin <glin@suse.com>
---
BaseTools/Source/C/GNUmakefile | 1 -
MdeModulePkg/MdeModulePkg.dec | 3 ---
MdeModulePkg/MdeModulePkg.dsc | 1 -
3 files changed, 5 deletions(-)
Index: edk2-edk2-stable202305/BaseTools/Source/C/GNUmakefile
===================================================================
--- edk2-edk2-stable202305.orig/BaseTools/Source/C/GNUmakefile
+++ edk2-edk2-stable202305/BaseTools/Source/C/GNUmakefile
@@ -51,7 +51,6 @@ all: makerootdir subdirs
LIBRARIES = Common
VFRAUTOGEN = VfrCompile/VfrLexer.h
APPLICATIONS = \
- BrotliCompress \
VfrCompile \
EfiRom \
GenFfs \
Index: edk2-edk2-stable202305/MdeModulePkg/MdeModulePkg.dec
===================================================================
--- edk2-edk2-stable202305.orig/MdeModulePkg/MdeModulePkg.dec
+++ edk2-edk2-stable202305/MdeModulePkg/MdeModulePkg.dec
@@ -26,9 +26,6 @@
Include
Test/Mock/Include
-[Includes.Common.Private]
- Library/BrotliCustomDecompressLib/brotli/c/include
-
[LibraryClasses]
## @libraryclass Defines a set of methods to reset whole system.
ResetSystemLib|Include/Library/ResetSystemLib.h
Index: edk2-edk2-stable202305/MdeModulePkg/MdeModulePkg.dsc
===================================================================
--- edk2-edk2-stable202305.orig/MdeModulePkg/MdeModulePkg.dsc
+++ edk2-edk2-stable202305/MdeModulePkg/MdeModulePkg.dsc
@@ -453,7 +453,6 @@
MdeModulePkg/Universal/EbcDxe/EbcDebuggerConfig.inf
[Components.IA32, Components.X64, Components.ARM, Components.AARCH64]
- MdeModulePkg/Library/BrotliCustomDecompressLib/BrotliCustomDecompressLib.inf
MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompressLib.inf
MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf
MdeModulePkg/Core/Dxe/DxeMain.inf {

View File

@ -0,0 +1,13 @@
Index: edk2-edk2-stable202302/BaseTools/Conf/tools_def.template
===================================================================
--- edk2-edk2-stable202302.orig/BaseTools/Conf/tools_def.template
+++ edk2-edk2-stable202302/BaseTools/Conf/tools_def.template
@@ -1888,7 +1888,7 @@ DEFINE GCC_DEPS_FLAGS = -MM
DEFINE GCC48_ALL_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -ffunction-sections -fdata-sections -DSTRING_ARRAY_NAME=$(BASE_NAME)Strings
DEFINE GCC48_IA32_X64_DLINK_COMMON = -nostdlib -Wl,-n,-q,--gc-sections -z common-page-size=0x20
-DEFINE GCC48_IA32_CC_FLAGS = DEF(GCC48_ALL_CC_FLAGS) -m32 -march=i586 -malign-double -fno-stack-protector -D EFI32 -fno-asynchronous-unwind-tables -Wno-address -fno-omit-frame-pointer
+DEFINE GCC48_IA32_CC_FLAGS = DEF(GCC48_ALL_CC_FLAGS) -m32 -march=i586 -malign-double -fno-stack-protector -D EFI32 -fno-asynchronous-unwind-tables -Wno-address -fno-omit-frame-pointer -fno-pic -fno-pie
DEFINE GCC48_X64_CC_FLAGS = DEF(GCC48_ALL_CC_FLAGS) -m64 -fno-stack-protector "-DEFIAPI=__attribute__((ms_abi))" -maccumulate-outgoing-args -mno-red-zone -Wno-address -mcmodel=small -fpie -fno-asynchronous-unwind-tables -Wno-address -fno-omit-frame-pointer
DEFINE GCC48_IA32_X64_ASLDLINK_FLAGS = DEF(GCC48_IA32_X64_DLINK_COMMON) -Wl,--entry,ReferenceAcpiTable -u ReferenceAcpiTable
DEFINE GCC48_IA32_X64_DLINK_FLAGS = DEF(GCC48_IA32_X64_DLINK_COMMON) -Wl,--entry,$(IMAGE_ENTRY_POINT) -u $(IMAGE_ENTRY_POINT) -Wl,-Map,$(DEST_DIR_DEBUG)/$(BASE_NAME).map,--whole-archive

565
ovmf-gdb-symbols.patch Normal file
View File

@ -0,0 +1,565 @@
From 263791566fbe25755aebde54c98d5aea061414f3 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Tue, 24 Jun 2014 11:57:32 +0800
Subject: [PATCH 1/3] Add DebugPkg
---
DebugPkg/DebugPkg.dec | 34 ++++
DebugPkg/GdbSyms/GdbSyms.c | 70 +++++++
DebugPkg/GdbSyms/GdbSyms.inf | 57 ++++++
DebugPkg/Scripts/gdb_uefi.py | 348 +++++++++++++++++++++++++++++++++++
4 files changed, 509 insertions(+)
create mode 100644 DebugPkg/DebugPkg.dec
create mode 100644 DebugPkg/GdbSyms/GdbSyms.c
create mode 100644 DebugPkg/GdbSyms/GdbSyms.inf
create mode 100644 DebugPkg/Scripts/gdb_uefi.py
Index: edk2-edk2-stable202302/DebugPkg/DebugPkg.dec
===================================================================
--- /dev/null
+++ edk2-edk2-stable202302/DebugPkg/DebugPkg.dec
@@ -0,0 +1,34 @@
+## @file
+# Debug package - various useful stuff for debugging.
+#
+# Copyright (c) 2006 - 2011, Andrei Warkentin <andreiw@motorola.com>
+#
+# This program and the accompanying materials
+# are licensed and made available under the terms and conditions of the BSD License
+# which accompanies this distribution. The full text of the license may be found at
+# http://opensource.org/licenses/bsd-license.php
+#
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+##
+
+[Defines]
+ DEC_VERSION = 0x00010005
+ PACKAGE_NAME = DebugPkg
+ PACKAGE_GUID = 2d234f34-50e5-4b9d-b8e3-5562334d87e5
+ PACKAGE_VERSION = 0.1
+
+[Includes]
+ Include
+
+[Guids]
+
+[Protocols]
+
+[PcdsFixedAtBuild]
+
+[PcdsDynamic]
+
+[LibraryClasses]
+
Index: edk2-edk2-stable202302/DebugPkg/GdbSyms/GdbSyms.c
===================================================================
--- /dev/null
+++ edk2-edk2-stable202302/DebugPkg/GdbSyms/GdbSyms.c
@@ -0,0 +1,78 @@
+/** @file
+
+ Bare-minimum GDB symbols needed for reloading symbols.
+
+ This is not a "driver" and should not be placed in a FD.
+
+ Copyright (c) 2011, Andrei Warkentin <andreiw@motorola.com>
+
+ This program and the accompanying materials
+ are licensed and made available under the terms and conditions of the BSD License
+ which accompanies this distribution. The full text of the license may be found at
+ http://opensource.org/licenses/bsd-license.php
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "PiDxe.h"
+
+#include <Library/UefiLib.h>
+#include <Library/UefiDriverEntryPoint.h>
+#include <Library/BaseLib.h>
+#include <Library/UefiRuntimeLib.h>
+#include <Library/DebugLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/UefiBootServicesTableLib.h>
+#include <Library/DevicePathLib.h>
+#include <Library/PcdLib.h>
+#include <Guid/DebugImageInfoTable.h>
+
+/**
+ Main entry point.
+
+ @param[in] ImageHandle The firmware allocated handle for the EFI image.
+ @param[in] SystemTable A pointer to the EFI System Table.
+
+ @retval EFI_SUCCESS Successfully initialized.
+
+**/
+EFI_STATUS
+EFIAPI
+Initialize (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+ )
+{
+ EFI_SYSTEM_TABLE_POINTER ESTP;
+ EFI_DEBUG_IMAGE_INFO_TABLE_HEADER EDIITH;
+ EFI_IMAGE_DOS_HEADER EIDH;
+ EFI_IMAGE_OPTIONAL_HEADER_UNION EIOHU;
+ EFI_IMAGE_DEBUG_DIRECTORY_ENTRY EIDDE;
+ EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY EIDCNE;
+ EFI_IMAGE_DEBUG_CODEVIEW_RSDS_ENTRY EIDCRE;
+ EFI_IMAGE_DEBUG_CODEVIEW_MTOC_ENTRY EIDCME;
+ UINTN Dummy =
+ (UINTN) &ESTP |
+ (UINTN) &EDIITH |
+ (UINTN) &EIDH |
+ (UINTN) &EIOHU |
+ (UINTN) &EIDDE |
+ (UINTN) &EIDCNE |
+ (UINTN) &EIDCRE |
+ (UINTN) &EIDCME |
+ 1
+ ;
+ DEBUG ((DEBUG_VERBOSE, "%a: %llx\n", __FUNCTION__, &ESTP));
+ DEBUG ((DEBUG_VERBOSE, "%a: %llx\n", __FUNCTION__, &EDIITH));
+ DEBUG ((DEBUG_VERBOSE, "%a: %llx\n", __FUNCTION__, &EIDH));
+ DEBUG ((DEBUG_VERBOSE, "%a: %llx\n", __FUNCTION__, &EIOHU));
+ DEBUG ((DEBUG_VERBOSE, "%a: %llx\n", __FUNCTION__, &EIDDE));
+ DEBUG ((DEBUG_VERBOSE, "%a: %llx\n", __FUNCTION__, &EIDCNE));
+ DEBUG ((DEBUG_VERBOSE, "%a: %llx\n", __FUNCTION__, &EIDCRE));
+ DEBUG ((DEBUG_VERBOSE, "%a: %llx\n", __FUNCTION__, &EIDCME));
+ return !!Dummy & EFI_SUCCESS;
+}
+
+
Index: edk2-edk2-stable202302/DebugPkg/GdbSyms/GdbSyms.inf
===================================================================
--- /dev/null
+++ edk2-edk2-stable202302/DebugPkg/GdbSyms/GdbSyms.inf
@@ -0,0 +1,57 @@
+## @file
+#
+# Bare-minimum GDB symbols needed for reloading symbols.
+#
+# This is not a "driver" and should not be placed in a FD.
+#
+# Copyright (c) 2011, Andrei Warkentin <andreiw@motorola.com>
+#
+# This program and the accompanying materials
+# are licensed and made available under the terms and conditions of the BSD License
+# which accompanies this distribution. The full text of the license may be found at
+# http://opensource.org/licenses/bsd-license.php
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = GdbSyms
+ FILE_GUID = 22abcb60-fb40-42ac-b01f-3ab1fad9aad8
+ MODULE_TYPE = DXE_DRIVER
+ VERSION_STRING = 1.0
+ ENTRY_POINT = Initialize
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64 IPF EBC ARM
+#
+
+[Sources]
+ GdbSyms.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+
+[LibraryClasses]
+ BaseLib
+ BaseMemoryLib
+ DebugLib
+ DxeServicesTableLib
+ HobLib
+ MemoryAllocationLib
+ PcdLib
+ UefiBootServicesTableLib
+ UefiDriverEntryPoint
+ UefiLib
+
+[Guids]
+
+[Protocols]
+
+[Depex]
+ TRUE
+
Index: edk2-edk2-stable202302/DebugPkg/Scripts/gdb_uefi.py
===================================================================
--- /dev/null
+++ edk2-edk2-stable202302/DebugPkg/Scripts/gdb_uefi.py
@@ -0,0 +1,350 @@
+"""
+Allows loading TianoCore symbols into a GDB session attached to EFI
+Firmware.
+
+This is how it works: build GdbSyms - it's a dummy binary that
+contains the relevant symbols needed to find and load image symbols.
+
+$ gdb
+(gdb) taget remote ....
+(gdb) source Scripts/gdb_uefi.py
+(gdb) reload-uefi -o /path/to/GdbSyms.dll
+
+The -o option should be used if you've debugging EFI, where the PE
+images were converted from MACH-O or ELF binaries.
+
+"""
+
+import array
+import getopt
+import binascii
+import re
+
+__license__ = "BSD"
+__version = "1.0.0"
+__maintainer__ = "Andrei Warkentin"
+__email__ = "andrey.warkentin@gmail.com"
+__status__ = "Works"
+
+class ReloadUefi (gdb.Command):
+ """Reload UEFI symbols"""
+
+ #
+ # Various constants.
+ #
+
+ EINVAL = 0xffffffff
+ CV_NB10 = 0x3031424E
+ CV_RSDS = 0x53445352
+ CV_MTOC = 0x434F544D
+ DOS_MAGIC = 0x5A4D
+ PE32PLUS_MAGIC = 0x20b
+ EST_SIGNATURE = 0x5453595320494249L
+ DEBUG_GUID = [0x49152E77, 0x1ADA, 0x4764,
+ [0xB7,0xA2,0x7A,0xFE,
+ 0xFE,0xD9,0x5E, 0x8B]]
+ DEBUG_IS_UPDATING = 0x1
+
+ #
+ # If the images were built as ELF/MACH-O and then converted to PE,
+ # then the base address needs to be offset by PE headers.
+ #
+
+ offset_by_headers = False
+
+ def __init__ (self):
+ super (ReloadUefi, self).__init__ ("reload-uefi", gdb.COMMAND_OBSCURE)
+
+ #
+ # Returns gdb.Type for a type.
+ #
+
+ def type (self, typename):
+ return gdb.lookup_type (typename)
+
+ #
+ # Returns gdb.Type for a pointer to a type.
+ #
+
+ def ptype (self, typename):
+ return gdb.lookup_type (typename).pointer ()
+
+ #
+ # Computes CRC32 on an array of data.
+ #
+
+ def crc32 (self, data):
+ return binascii.crc32 (data) & 0xFFFFFFFF
+
+ #
+ # Sets a field in a struct to a value, i.e.
+ # value->field_name = data.
+ #
+ # Newer Py bindings to Gdb provide access to the inferior
+ # memory, but not all, so have to do it this awkward way.
+ #
+
+ def set_field (self, value, field_name, data):
+ gdb.execute ("set *(%s *) 0x%x = 0x%x" % \
+ (str (value[field_name].type), \
+ long (value[field_name].address), \
+ data))
+
+ #
+ # Returns data backing a gdb.Value as an array.
+ # Same comment as above regarding newer Py bindings...
+ #
+
+ def value_data (self, value, bytes=0):
+ value_address = gdb.Value (value.address)
+ array_t = self.ptype ('UINT8')
+ value_array = value_address.cast (array_t)
+ if bytes == 0:
+ bytes = value.type.sizeof
+ data = array.array ('B')
+ for i in range (0, bytes):
+ data.append (value_array[i])
+ return data
+
+ #
+ # Locates the EFI_SYSTEM_TABLE as per UEFI spec 17.4.
+ # Returns base address or -1.
+ #
+
+ def search_est (self):
+ address = 0
+ estp_t = self.ptype ('EFI_SYSTEM_TABLE_POINTER')
+ while True:
+ estp = gdb.Value(address).cast(estp_t)
+ if estp['Signature'] == self.EST_SIGNATURE:
+ oldcrc = long (estp['Crc32'])
+ self.set_field (estp, 'Crc32', 0)
+ newcrc = self.crc32 (self.value_data (estp.dereference (), 0))
+ self.set_field (estp, 'Crc32', long (oldcrc))
+ if newcrc == oldcrc:
+ return estp['EfiSystemTableBase']
+
+ address = address + 4*1024*1024
+ if long (address) == 0:
+ return gdb.Value(self.EINVAL)
+
+ #
+ # Searches for a vendor-specific configuration table (in EST),
+ # given a vendor-specific table GUID. GUID is a list like -
+ # [32-bit, 16-bit, 16-bit, [8 bytes]]
+ #
+
+ def search_config (self, cfg_table, count, guid):
+ index = 0
+ while index != count:
+ cfg_entry = cfg_table[index]['VendorGuid']
+ if cfg_entry['Data1'] == guid[0] and \
+ cfg_entry['Data2'] == guid[1] and \
+ cfg_entry['Data3'] == guid[2] and \
+ self.value_data (cfg_entry['Data4']).tolist () == guid[3]:
+ return cfg_table[index]['VendorTable']
+ index = index + 1
+ return gdb.Value(self.EINVAL)
+
+ #
+ # Returns a UTF16 string corresponding to a (CHAR16 *) value in EFI.
+ #
+
+ def parse_utf16 (self, value):
+ index = 0
+ data = array.array ('H')
+ while value[index] != 0:
+ data.append (value[index])
+ index = index + 1
+ return data.tostring ().decode ('utf-16')
+
+ #
+ # Returns offset of a field within structure. Useful
+ # for getting container of a structure.
+ #
+
+ def offsetof (self, typename, field):
+ t = gdb.Value (0).cast (self.ptype (typename))
+ return long (t[field].address)
+
+ #
+ # Returns sizeof of a type.
+ #
+
+ def sizeof (self, typename):
+ return self.type (typename).sizeof
+
+ #
+ # Returns the EFI_IMAGE_NT_HEADERS32 pointer, given
+ # an ImageBase address as a gdb.Value.
+ #
+
+ def pe_headers (self, imagebase):
+ dosh_t = self.ptype ('EFI_IMAGE_DOS_HEADER')
+ head_t = self.ptype ('EFI_IMAGE_OPTIONAL_HEADER_UNION')
+ dosh = imagebase.cast(dosh_t)
+ h_addr = imagebase
+ if dosh['e_magic'] == self.DOS_MAGIC:
+ h_addr = h_addr + dosh['e_lfanew']
+ return gdb.Value(h_addr).cast (head_t)
+
+ #
+ # Returns True if pe_headers refer to a PE32+ image.
+ #
+
+ def pe_is_64 (self, pe_headers):
+ if pe_headers['Pe32']['OptionalHeader']['Magic'] == self.PE32PLUS_MAGIC:
+ return True
+ return False
+
+ #
+ # Returns the PE (not so) optional header.
+ #
+
+ def pe_optional (self, pe):
+ if self.pe_is_64 (pe):
+ return pe['Pe32Plus']['OptionalHeader']
+ else:
+ return pe['Pe32']['OptionalHeader']
+
+ #
+ # Returns the symbol file name for a PE image.
+ #
+
+ def pe_parse_debug (self, pe):
+ opt = self.pe_optional (pe)
+ debug_dir_entry = opt['DataDirectory'][6]
+ dep = debug_dir_entry['VirtualAddress'] + opt['ImageBase']
+ dep = dep.cast (self.ptype ('EFI_IMAGE_DEBUG_DIRECTORY_ENTRY'))
+ cvp = dep.dereference ()['RVA'] + opt['ImageBase']
+ cvv = cvp.cast(self.ptype ('UINT32')).dereference ()
+ if cvv == self.CV_NB10:
+ return cvp + self.sizeof('EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY')
+ elif cvv == self.CV_RSDS:
+ return cvp + self.sizeof('EFI_IMAGE_DEBUG_CODEVIEW_RSDS_ENTRY')
+ elif cvv == self.CV_MTOC:
+ return cvp + self.sizeof('EFI_IMAGE_DEBUG_CODEVIEW_MTOC_ENTRY')
+ return gdb.Value(self.EINVAL)
+
+ #
+ # Parses an EFI_LOADED_IMAGE_PROTOCOL, figuring out the symbol file name.
+ # This file name is then appended to list of loaded symbols.
+ #
+ # TBD: Support TE images.
+ #
+
+ def parse_image (self, image, syms):
+ base = image['ImageBase']
+ pe = self.pe_headers (base)
+ opt = self.pe_optional (pe)
+ sym_name = self.pe_parse_debug (pe)
+
+ # For ELF and Mach-O-derived images...
+ if self.offset_by_headers:
+ base = base + opt['SizeOfHeaders']
+ if sym_name != self.EINVAL:
+ sym_name = sym_name.cast (self.ptype('CHAR8')).string ()
+ sym_name = re.sub(r"\.dll$", ".debug", sym_name)
+ syms.append ("add-symbol-file %s 0x%x" % \
+ (sym_name,
+ long (base)))
+
+ #
+ # Parses table EFI_DEBUG_IMAGE_INFO structures, builds
+ # a list of add-symbol-file commands, and reloads debugger
+ # symbols.
+ #
+
+ def parse_edii (self, edii, count):
+ index = 0
+ syms = []
+ while index != count:
+ entry = edii[index]
+ if entry['ImageInfoType'].dereference () == 1:
+ entry = entry['NormalImage']
+ self.parse_image(entry['LoadedImageProtocolInstance'], syms)
+ else:
+ print "Skipping unknown EFI_DEBUG_IMAGE_INFO (Type 0x%x)" % \
+ entry['ImageInfoType'].dereference ()
+ index = index + 1
+ gdb.execute ("symbol-file")
+ print "Loading new symbols..."
+ for sym in syms:
+ print sym
+ gdb.execute (sym)
+
+ #
+ # Parses EFI_DEBUG_IMAGE_INFO_TABLE_HEADER, in order to load
+ # image symbols.
+ #
+
+ def parse_dh (self, dh):
+ dh_t = self.ptype ('EFI_DEBUG_IMAGE_INFO_TABLE_HEADER')
+ dh = dh.cast (dh_t)
+ print "DebugImageInfoTable @ 0x%x, 0x%x entries" \
+ % (long (dh['EfiDebugImageInfoTable']), dh['TableSize'])
+ if dh['UpdateStatus'] & self.DEBUG_IS_UPDATING:
+ print "EfiDebugImageInfoTable update in progress, retry later"
+ return
+ self.parse_edii (dh['EfiDebugImageInfoTable'], dh['TableSize'])
+
+ #
+ # Parses EFI_SYSTEM_TABLE, in order to load image symbols.
+ #
+
+ def parse_est (self, est):
+ est_t = self.ptype ('EFI_SYSTEM_TABLE')
+ est = est.cast (est_t)
+ print "Connected to %s (Rev. 0x%x)" % \
+ (self.parse_utf16 (est['FirmwareVendor']), \
+ long (est['FirmwareRevision']))
+ print "ConfigurationTable @ 0x%x, 0x%x entries" \
+ % (long (est['ConfigurationTable']), est['NumberOfTableEntries'])
+
+ dh = self.search_config(est['ConfigurationTable'],
+ est['NumberOfTableEntries'],
+ self.DEBUG_GUID)
+ if dh == self.EINVAL:
+ print "No EFI_DEBUG_IMAGE_INFO_TABLE_HEADER"
+ return
+ self.parse_dh (dh)
+
+ #
+ # Usage information.
+ #
+
+ def usage (self):
+ print "Usage: reload-uefi [-o] /path/to/GdbSyms.dll"
+
+ #
+ # Handler for reload-uefi.
+ #
+
+ def invoke (self, arg, from_tty):
+ args = arg.split(' ')
+ try:
+ opts, args = getopt.getopt(args, "o", ["offset-by-headers"])
+ except getopt.GetoptError, err:
+ self.usage ()
+ return
+ for opt, arg in opts:
+ if opt == "-o":
+ self.offset_by_headers = True
+
+ if len(args) < 1:
+ self.usage ()
+ return
+
+ gdb.execute ("symbol-file")
+ gdb.execute ("symbol-file %s" % args[0])
+ est = self.search_est ()
+ if est == self.EINVAL:
+ print "No EFI_SYSTEM_TABLE..."
+ return
+
+ print "EFI_SYSTEM_TABLE @ 0x%x" % est
+ self.parse_est (est)
+
+ReloadUefi ()
+
+
Index: edk2-edk2-stable202302/OvmfPkg/OvmfPkgX64.dsc
===================================================================
--- edk2-edk2-stable202302.orig/OvmfPkg/OvmfPkgX64.dsc
+++ edk2-edk2-stable202302/OvmfPkg/OvmfPkgX64.dsc
@@ -1123,3 +1123,5 @@
# TPM support
#
!include OvmfPkg/Include/Dsc/OvmfTpmComponentsDxe.dsc.inc
+
+ DebugPkg/GdbSyms/GdbSyms.inf

View File

@ -0,0 +1,60 @@
diff --git a/BaseTools/Source/C/DevicePath/DevicePathUtilities.c b/BaseTools/Source/C/DevicePath/DevicePathUtilities.c
index 2ffefa8..c9fb432 100644
--- a/BaseTools/Source/C/DevicePath/DevicePathUtilities.c
+++ b/BaseTools/Source/C/DevicePath/DevicePathUtilities.c
@@ -16,6 +16,10 @@
#include "UefiDevicePathLib.h"
#include <Protocol/DevicePathUtilities.h>
+#if __GNUC__ >= 12
+# pragma GCC diagnostic ignored "-Wstringop-overflow"
+#endif
+
//
// Template for an end-of-device path node.
//
diff --git a/BaseTools/Source/C/GenFfs/GenFfs.c b/BaseTools/Source/C/GenFfs/GenFfs.c
index 949025c..be55a52 100644
--- a/BaseTools/Source/C/GenFfs/GenFfs.c
+++ b/BaseTools/Source/C/GenFfs/GenFfs.c
@@ -36,6 +36,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#define UTILITY_MAJOR_VERSION 0
#define UTILITY_MINOR_VERSION 1
+#if __GNUC__ >= 12
+# pragma GCC diagnostic ignored "-Wuse-after-free"
+#endif
+
STATIC CHAR8 *mFfsFileType[] = {
NULL, // 0x00
"EFI_FV_FILETYPE_RAW", // 0x01
diff --git a/BaseTools/Source/C/GenSec/GenSec.c b/BaseTools/Source/C/GenSec/GenSec.c
index d54a4f9..fb40ad3 100644
--- a/BaseTools/Source/C/GenSec/GenSec.c
+++ b/BaseTools/Source/C/GenSec/GenSec.c
@@ -37,6 +37,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#define UTILITY_MAJOR_VERSION 0
#define UTILITY_MINOR_VERSION 1
+#if __GNUC__ >= 12
+# pragma GCC diagnostic ignored "-Wuse-after-free"
+#endif
+
STATIC CHAR8 *mSectionTypeName[] = {
NULL, // 0x00 - reserved
"EFI_SECTION_COMPRESSION", // 0x01
diff --git a/BaseTools/Source/C/LzmaCompress/Sdk/C/LzmaEnc.c b/BaseTools/Source/C/LzmaCompress/Sdk/C/LzmaEnc.c
index 4e9b499..ab9b7cc 100644
--- a/BaseTools/Source/C/LzmaCompress/Sdk/C/LzmaEnc.c
+++ b/BaseTools/Source/C/LzmaCompress/Sdk/C/LzmaEnc.c
@@ -40,6 +40,10 @@ static unsigned g_STAT_OFFSET = 0;
#define REP_LEN_COUNT 64
+#if __GNUC__ >= 12
+# pragma GCC diagnostic ignored "-Wdangling-pointer"
+#endif
+
void LzmaEncProps_Init(CLzmaEncProps *p)
{
p->level = 5;

13
ovmf-pie.patch Normal file
View File

@ -0,0 +1,13 @@
Index: edk2-edk2-stable202305/BaseTools/Source/C/Makefiles/header.makefile
===================================================================
--- edk2-edk2-stable202305.orig/BaseTools/Source/C/Makefiles/header.makefile
+++ edk2-edk2-stable202305/BaseTools/Source/C/Makefiles/header.makefile
@@ -101,7 +101,7 @@ else
CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -fwrapv \
-fno-delete-null-pointer-checks -Wall -Werror \
-Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict \
--Wno-unused-result -nostdlib -g
+-Wno-unused-result -nostdlib -g -fPIE
endif
endif
ifneq ($(CLANG),)

View File

@ -0,0 +1,12 @@
--- edk2-edk2-stable202302.orig/CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+++ edk2-edk2-stable202302/CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
@@ -43,6 +43,9 @@
[Sources.X64]
CopyMem.c
+[Sources.RISCV64]
+ CopyMem.c
+
[Packages]
MdePkg/MdePkg.dec

6
ovmf-rpmlintrc Normal file
View File

@ -0,0 +1,6 @@
addFilter("unstripped-binary-or-object /usr/lib/debug/*")
addFilter("statically-linked-binary /usr/lib/debug/*")
addFilter("executable-stack /usr/lib/debug/*")
addFilter("position-independent-executable-suggested /usr/lib/debug/*")
addFilter("arch-independent-package-contains-binary-or-object /usr/share/qemu/ovmf-x86_64-xen-4m.bin")
addFilter("arch-independent-package-contains-binary-or-object /usr/share/qemu/ovmf-x86_64-xen.bin")

View File

@ -0,0 +1,33 @@
From c0cec3409f3abda1e2359a79ccac575b4ea1838b Mon Sep 17 00:00:00 2001
From: Gary Lin <glin@suse.com>
Date: Tue, 21 May 2019 16:56:06 +0800
Subject: [PATCH 1/1] OvmfPkg/EnrollDefaultKeys: Set the fixed time
For the reproducible build, we need to set the fixed time when setting
the authenticate variables.
Signed-off-by: Gary Lin <glin@suse.com>
---
OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c | 10 ++++++++++
1 file changed, 10 insertions(+)
Index: edk2-edk2-stable202202/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c
===================================================================
--- edk2-edk2-stable202202.orig/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c
+++ edk2-edk2-stable202202/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c
@@ -324,6 +324,15 @@ EnrollListOfCerts (
goto FreeData;
}
+ // Set the fixed time for the reproducible build
+ // 2019-5-20 00:00:00
+ SingleHeader->TimeStamp.Year = 2019;
+ SingleHeader->TimeStamp.Month = 5;
+ SingleHeader->TimeStamp.Day = 20;
+ SingleHeader->TimeStamp.Hour = 0;
+ SingleHeader->TimeStamp.Minute = 0;
+ SingleHeader->TimeStamp.Second = 0;
+
SingleHeader->TimeStamp.Pad1 = 0;
SingleHeader->TimeStamp.Nanosecond = 0;
SingleHeader->TimeStamp.TimeZone = 0;

8359
ovmf.changes Normal file

File diff suppressed because it is too large Load Diff

680
ovmf.spec Normal file
View File

@ -0,0 +1,680 @@
#
# spec file for package ovmf
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
# needssslcertforbuild
%undefine _build_create_debug
%global openssl_version 1.1.1t
%global softfloat_version b64af41c3276f
%if 0%{?suse_version} < 1599
%bcond_with build_riscv64
%else
%bcond_without build_riscv64
%endif
Name: ovmf
Version: 202305
Release: 0
Summary: Open Virtual Machine Firmware
License: BSD-2-Clause-Patent
Group: System/Emulators/PC
URL: https://github.com/tianocore/edk2
Source0: edk2-edk2-stable%{version}.tar.gz
Source1: https://www.openssl.org/source/old/1.1.1/openssl-%{openssl_version}.tar.gz
Source111: https://www.openssl.org/source/old/1.1.1/openssl-%{openssl_version}.tar.gz.asc
Source112: openssl.keyring
Source113: openssl.keyring.README
Source2: README
Source3: SLES-UEFI-CA-Certificate-2048.crt
Source4: openSUSE-UEFI-CA-Certificate-2048.crt
Source5: openSUSE-UEFI-SIGN-Certificate-2048.crt
# berkeley-softfloat-3: https://github.com/ucb-bar/berkeley-softfloat-3
Source6: berkeley-softfloat-3-%{softfloat_version}.tar.xz
Source7: descriptors.tar.xz
# oniguruma: https://github.com/kkos/oniguruma, "src" directory only
Source8: oniguruma-v6.9.4_mark1-src.tar.xz
# public-mipi-sys-t: https://github.com/MIPI-Alliance/public-mipi-sys-t
Source9: public-mipi-sys-t-1.1-edk2.tar.gz
Source100: %{name}-rpmlintrc
Source101: gdb_uefi.py.in
Source102: gen-key-enrollment-iso.sh
Source103: ovmf-build-funcs.sh
Patch1: %{name}-gdb-symbols.patch
Patch2: %{name}-pie.patch
Patch3: %{name}-disable-ia32-firmware-piepic.patch
Patch4: %{name}-set-fixed-enroll-time.patch
Patch5: %{name}-disable-brotli.patch
Patch6: %{name}-ignore-spurious-GCC-12-warning.patch
# Bug 1205978 - Got Page-Fault exception when VM is booting with edk2-stable202211 ovmf
Patch7: %{name}-Revert-OvmfPkg-PlatformInitLib-dynamic-mmio-window-s.patch
# Bug 1207095 - ASSERT [ArmCpuDxe] /home/abuild/rpmbuild/BUILD/edk2-edk2-stable202211/ArmPkg/Library/DefaultExceptionHandlerLib/AArch64/DefaultExceptionHandler.c(333): ((BOOLEAN)(0==1))
Patch8: %{name}-Revert-ArmVirtPkg-make-EFI_LOADER_DATA-non-executabl.patch
# Bug 1205613 - L3: win 2k22 UEFI xen VMs cannot boot in xen after upgrade
Patch9: %{name}-Revert-OvmfPkg-OvmfXen-Set-PcdFSBClock.patch
# Bug 1209266 - OVMF firmware hangs when booting SEV or SEV-ES guest
Patch10: %{name}-Revert-OvmfPkg-PlatformPei-Update-ReserveEmuVariable.patch
Patch11: ovmf-riscv64-missing-memcpy.patch
BuildRequires: bc
BuildRequires: cross-arm-binutils
BuildRequires: cross-arm-gcc%{gcc_version}
BuildRequires: dosfstools
BuildRequires: fdupes
BuildRequires: gcc
BuildRequires: gcc-c++
BuildRequires: iasl
BuildRequires: libuuid-devel
BuildRequires: mkisofs
BuildRequires: mtools
BuildRequires: nasm
BuildRequires: openssl
BuildRequires: python3
BuildRequires: qemu-arm >= 3.0.0
BuildRequires: qemu-ipxe
BuildRequires: qemu-x86 >= 3.0.0
BuildRequires: unzip
%ifnarch aarch64
BuildRequires: cross-aarch64-binutils
BuildRequires: cross-aarch64-gcc%{gcc_version}
%endif
%ifnarch x86_64
BuildRequires: cross-x86_64-binutils
BuildRequires: cross-x86_64-gcc%{gcc_version}
%endif
%ifnarch riscv64
%if %{with build_riscv64}
BuildRequires: cross-riscv64-binutils
BuildRequires: cross-riscv64-gcc%{gcc_version}
%endif
%endif
# Only build on the architectures with
# 1. cross-compilers, 2. iasl, 3. qemu-arm and qemu-x86
ExclusiveArch: x86_64 aarch64 riscv64
%description
The Open Virtual Machine Firmware (OVMF) project aims to support
firmware for Virtual Machines using the edk2 code base.
%package tools
Summary: The BaseTools from edk2
Group: System/Emulators/PC
%description tools
The Open Virtual Machine Firmware (OVMF) project aims to support
firmware for Virtual Machines using the edk2 code base.
This package contains the tools from edk2.
%package -n qemu-ovmf-ia32
Summary: Open Virtual Machine Firmware - QEMU rom images (IA32)
Group: System/Emulators/PC
Requires: qemu
BuildArch: noarch
%description -n qemu-ovmf-ia32
The Open Virtual Machine Firmware (OVMF) project aims to support
firmware for Virtual Machines using the edk2 code base.
This package contains UEFI rom images for exercising UEFI secure
boot in a qemu environment (IA32)
%package -n qemu-ovmf-x86_64
Summary: Open Virtual Machine Firmware - QEMU rom images (x86_64)
Group: System/Emulators/PC
Requires: qemu
BuildArch: noarch
%description -n qemu-ovmf-x86_64
The Open Virtual Machine Firmware (OVMF) project aims to support
firmware for Virtual Machines using the edk2 code base.
This package contains UEFI rom images for exercising UEFI secure
boot in a qemu environment (x86_64)
%ifarch x86_64
%package -n qemu-ovmf-x86_64-debug
Summary: Open Virtual Machine Firmware - debug symbols (x86_64)
Group: Development/Sources
Requires: qemu
%description -n qemu-ovmf-x86_64-debug
The Open Virtual Machine Firmware (OVMF) project aims to support
firmware for Virtual Machines using the edk2 code base.
This package contains the debug symbols for UEFI rom images (x86_64)
%endif
%package -n qemu-uefi-aarch64
Summary: UEFI QEMU rom image (AArch64)
Group: System/Emulators/PC
BuildArch: noarch
%description -n qemu-uefi-aarch64
This package contains the UEFI rom image (AArch64) for QEMU cortex-a57
virt board.
%package -n qemu-uefi-aarch32
Summary: UEFI QEMU rom image (AArch32)
Group: System/Emulators/PC
BuildArch: noarch
%description -n qemu-uefi-aarch32
This package contains the UEFI rom image (AArch32) for QEMU cortex-a15
virt board.
%if %{with build_riscv64}
%package -n qemu-uefi-riscv64
Summary: UEFI QEMU rom image (RISC-V 64)
Group: System/Emulators/PC
BuildArch: noarch
%description -n qemu-uefi-riscv64
This package contains the UEFI rom image (RISC-V 64) for QEMU
virt board.
%endif
%prep
%setup -q -n edk2-edk2-stable%{version}
# bsc#973038 Remove the packages we don't need to avoid any potential
# license issue.
PKG_TO_REMOVE="EmulatorPkg"
rm -rf $PKG_TO_REMOVE
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
# add openssl
pushd CryptoPkg/Library/OpensslLib/openssl
tar -xf %{SOURCE1} --strip 1
popd
# add berkeley-softfloat-3
pushd ArmPkg/Library/ArmSoftFloatLib/berkeley-softfloat-3
tar -xf %{SOURCE6} --strip 1
popd
# prepare the firmware descriptors for qemu
tar -xf %{SOURCE7}
# add oniguruma
pushd MdeModulePkg/Universal/RegularExpressionDxe/oniguruma
tar -xf %{SOURCE8} --strip 1
popd
# add public-mipi-sys-t
pushd MdePkg/Library/MipiSysTLib/mipisyst
tar -xf %{SOURCE9} --strip 1
popd
chmod +x %{SOURCE102}
%build
# Enable python3 build
export PYTHON3_ENABLE=TRUE
export PYTHON_COMMAND=python3
# For some reason ARM still uses TPM2_CONFIG_ENABLE
OVMF_FLAGS=" \
-D SECURE_BOOT_ENABLE \
-D TPM2_ENABLE \
-D TPM2_CONFIG_ENABLE \
-D NETWORK_IP6_ENABLE \
-D NETWORK_HTTP_BOOT_ENABLE \
"
%if 0%{?suse_version} > 1320
TOOL_CHAIN=GCC5
%else
echo `gcc -dumpversion`
TOOL_CHAIN=GCC$(gcc -dumpversion|sed 's/\([0-9]\)\.\([0-9]\).*/\1\2/')
%endif
# Flavors for x86
FLAVORS_X86=("ovmf-ia32")
BUILD_OPTIONS_X86=" \
$OVMF_FLAGS \
-D FD_SIZE_2MB \
-a IA32 \
-p OvmfPkg/OvmfPkgIa32.dsc \
-b DEBUG \
-t $TOOL_CHAIN \
"
# Flavors for x86_64: 2MB, 4MB, and 4MB+SMM
FLAVORS_X64=("ovmf-x86_64" "ovmf-x86_64-4m" "ovmf-x86_64-smm")
BUILD_OPTIONS_X64=" \
$OVMF_FLAGS \
-a X64 \
-b DEBUG \
-t $TOOL_CHAIN \
"
# Flavors for aarch64
FLAVORS_AA64=("aavmf-aarch64")
BUILD_OPTIONS_AA64=" \
$OVMF_FLAGS \
-D NETWORK_TLS_ENABLE \
-a AARCH64 \
-p ArmVirtPkg/ArmVirtQemu.dsc \
-b DEBUG \
-t $TOOL_CHAIN \
"
# Flavors for arm
FLAVORS_AA32=("aavmf-aarch32")
BUILD_OPTIONS_AA32=" \
-a ARM \
-p ArmVirtPkg/ArmVirtQemu.dsc \
-b DEBUG \
-t $TOOL_CHAIN \
"
%if %{with build_riscv64}
# Flavors for riscv
FLAVORS_RV64=("riscv")
BUILD_OPTIONS_RV64=" \
$OVMF_FLAGS \
-a RISCV64 \
-p OvmfPkg/RiscVVirt/RiscVVirtQemu.dsc \
-b DEBUG \
-t $TOOL_CHAIN \
"
%endif
# Build BaseTools
%ifarch x86_64
make -C BaseTools
%endif
%ifarch aarch64
ARCH=AARCH64 make -C BaseTools
%endif
%ifarch riscv64
ARCH=RISCV64 make -C BaseTools
%endif
# Import the build functions
source %{SOURCE103}
source ./edksetup.sh
### Build x86 UEFI Images ###
%ifnarch %{ix86} x86_64
# Assign the cross-compiler prefix
export ${TOOL_CHAIN}_BIN="x86_64-suse-linux-"
%endif
build $BUILD_OPTIONS_X86
cp Build/OvmfIa32/DEBUG_*/FV/OVMF.fd ovmf-ia32.bin
cp Build/OvmfIa32/DEBUG_*/FV/OVMF_CODE.fd ovmf-ia32-code.bin
cp Build/OvmfIa32/DEBUG_*/FV/OVMF_VARS.fd ovmf-ia32-vars.bin
# Remove the temporary build files to reduce the disk usage (bsc#1178244)
rm -rf Build/OvmfIa32/
### Build x86_64 UEFI Images ###
%ifarch x86_64
collect_x86_64_debug_files()
{
local target="$1"
local out_dir="debug/$target"
local abs_path="`pwd`/$out_dir/"
local source_path="`pwd`"
local gdb_src_path="%{_prefix}/src/debug/ovmf-x86_64"
# copy the debug symbols
mkdir -p $out_dir
pushd Build/OvmfX64/DEBUG_GCC*/X64/
find . -mindepth 2 -type f -name "*.debug" -print0 | sort -z | xargs -i -0 cp --parents -a {} $abs_path
cp --parents -a DebugPkg/GdbSyms/GdbSyms/DEBUG/GdbSyms.dll $abs_path
build_path=`pwd`
popd
# Change the path in the python gdb script
sed "s:__BUILD_PATH__:$build_path:;s:__SOURCE_PATH__:$source_path:;s:__GDB_SRC_PATH__:$gdb_src_path:;s/__FLAVOR__/$target/" \
%{SOURCE101} > gdb_uefi-$target.py
}
%endif
declare -A EXTRA_FLAGS_X64
EXTRA_FLAGS_X64=(
[ovmf-x86_64]="-p OvmfPkg/OvmfPkgX64.dsc -D FD_SIZE_2MB -D BUILD_SHELL=FALSE"
[ovmf-x86_64-4m]="-p OvmfPkg/OvmfPkgX64.dsc -D FD_SIZE_4MB -D NETWORK_TLS_ENABLE"
[ovmf-x86_64-smm]="-a IA32 -p OvmfPkg/OvmfPkgIa32X64.dsc -D FD_SIZE_4MB -D NETWORK_TLS_ENABLE -D SMM_REQUIRE -D BUILD_SHELL=FALSE"
)
declare -A OUTDIR_X64
OUTDIR_X64=(
[ovmf-x86_64]="OvmfX64"
[ovmf-x86_64-4m]="OvmfX64"
[ovmf-x86_64-smm]="Ovmf3264"
)
%ifnarch x86_64
# Assign the cross-compiler prefix
export ${TOOL_CHAIN}_BIN="x86_64-suse-linux-"
%endif
for flavor in ${FLAVORS_X64[@]}; do
build $BUILD_OPTIONS_X64 ${EXTRA_FLAGS_X64[$flavor]}
cp Build/${OUTDIR_X64[$flavor]}/DEBUG_*/FV/OVMF.fd $flavor.bin
cp Build/${OUTDIR_X64[$flavor]}/DEBUG_*/FV/OVMF_CODE.fd $flavor-code.bin
cp Build/${OUTDIR_X64[$flavor]}/DEBUG_*/FV/OVMF_VARS.fd $flavor-vars.bin
%ifarch x86_64
collect_x86_64_debug_files $flavor
%endif
done
# Copy Shell.efi and EnrollDefaultKeys.efi
mkdir X64
cp Build/OvmfX64/DEBUG_*/X64/Shell.efi X64
cp Build/OvmfX64/DEBUG_*/X64/EnrollDefaultKeys.efi X64
%ifarch x86_64
# Collect the source
mkdir -p source/ovmf-x86_64
# TODO get the source list from debug files
src_list=`find Build/OvmfX64/DEBUG_GCC*/X64/ -mindepth 1 -maxdepth 1 -type d -print0 | sort -z | xargs -0 -i basename {}`
find $src_list \( -name "*.c" -o -name "*.h" \) -type f -print0 | sort -z | xargs -0 -i cp --parents -a {} source/ovmf-x86_64
find source/ovmf-x86_64 -name *.c -type f -exec chmod 0644 {} \;
%endif
# The extra Xen flavor for x86_64
BUILD_OPTION_X64_XEN=" \
-p OvmfPkg/OvmfXen.dsc \
-a X64 \
-b DEBUG \
-t $TOOL_CHAIN \
"
# Build the 2MB Xen flavor
build $BUILD_OPTION_X64_XEN -D FD_SIZE_2MB
cp Build/OvmfXen/DEBUG_*/FV/OVMF.fd ovmf-x86_64-xen.bin
# Build the 4MB Xen flavor
build $BUILD_OPTION_X64_XEN -D FD_SIZE_4MB
cp Build/OvmfXen/DEBUG_*/FV/OVMF.fd ovmf-x86_64-xen-4m.bin
# Remove the temporary build files to reduce the disk usage (bsc#1178244)
rm -rf Build/OvmfX64/ Build/Ovmf3264/ Build/OvmfXen/
# Build with keys done later (shared between archs)
### Build AARCH64 UEFI Images ###
%ifnarch aarch64
# Assign the cross-compiler prefix
export ${TOOL_CHAIN}_AARCH64_PREFIX="aarch64-suse-linux-"
%endif
# Build the UEFI image without keys
build $BUILD_OPTIONS_AA64
cp Build/ArmVirtQemu-AARCH64/DEBUG_GCC*/FV/QEMU_EFI.fd qemu-uefi-aarch64.bin
dd of="aavmf-aarch64-code.bin" if="/dev/zero" bs=1M count=64
dd of="aavmf-aarch64-code.bin" if="qemu-uefi-aarch64.bin" conv=notrunc
dd of="aavmf-aarch64-vars.bin" if="/dev/zero" bs=1M count=64
# Copy Shell.efi and EnrollDefaultKeys.efi
mkdir AARCH64
cp Build/ArmVirtQemu-AARCH64/DEBUG_*/AARCH64/Shell.efi AARCH64
cp Build/ArmVirtQemu-AARCH64/DEBUG_*/AARCH64/EnrollDefaultKeys.efi AARCH64
# Remove the temporary build files to reduce the disk usage (bsc#1178244)
rm -rf Build/ArmVirtQemu-AARCH64/
# Build with keys done later (shared between archs)
### Build AARCH32 UEFI Images ###
%ifnarch armv7hl
# Assign the cross-compiler prefix
export ${TOOL_CHAIN}_ARM_PREFIX="arm-suse-linux-gnueabi-"
%endif
# Build the UEFI image
build $BUILD_OPTIONS_AA32
cp Build/ArmVirtQemu-ARM/DEBUG_GCC*/FV/QEMU_EFI.fd qemu-uefi-aarch32.bin
dd of="aavmf-aarch32-code.bin" if="/dev/zero" bs=1M count=64
dd of="aavmf-aarch32-code.bin" if="qemu-uefi-aarch32.bin" conv=notrunc
dd of="aavmf-aarch32-vars.bin" if="/dev/zero" bs=1M count=64
# Remove the temporary build files to reduce the disk usage (bsc#1178244)
rm -rf Build/ArmVirtQemu-ARM/
### Build RISCV64 UEFI Images ###
%if %{with build_riscv64}
%ifnarch riscv64
# Assign the cross-compiler prefix
export ${TOOL_CHAIN}_RISCV64_PREFIX="riscv64-suse-linux-"
%endif
# Build the UEFI image without keys
build $BUILD_OPTIONS_RV64
cp Build/RiscVVirtQemu/DEBUG_GCC*/FV/RISCV_VIRT.fd qemu-uefi-riscv64.bin
dd of="ovmf-riscv64-code.bin" if="/dev/zero" bs=1M count=32
dd of="ovmf-riscv64-code.bin" if="qemu-uefi-riscv64.bin" conv=notrunc
dd of="ovmf-riscv64-vars.bin" if="/dev/zero" bs=1M count=32
# Remove the temporary build files to reduce the disk usage (bsc#1178244)
rm -rf Build/RiscVVirtQemu/
%endif
### Build the variable store templates ###
# Default key sources: ms suse opensuse
KEY_SOURCES=(ms suse opensuse)
# Add 'devel' if necessary
if [ -e %{_sourcedir}/_projectcert.crt ]; then
prjissuer=$(openssl x509 -in %{_sourcedir}/_projectcert.crt -noout -issuer_hash)
opensusesubject=$(openssl x509 -in %{SOURCE4} -noout -subject_hash)
slessubject=$(openssl x509 -in %{SOURCE3} -noout -subject_hash)
if [ "$prjissuer" != "$opensusesubject" -a "$prjissuer" != "$slessubject" ]; then
KEY_SOURCES+=(devel)
fi
fi
# Assign the default PK/KEK
declare -A PKKEK
PKKEK=(
[ms]=%{SOURCE3}
[suse]=%{SOURCE3}
[opensuse]=%{SOURCE4}
[devel]=%{_sourcedir}/_projectcert.crt
)
generate_sb_var_templates()
{
local ARCH=$1
# Assign the key iso file
local MS_ISO_FILE=ms-keys-${ARCH}.iso
local NOMS_ISO_FILE=no-ms-keys-${ARCH}.iso
declare -A KEY_ISO_FILES
KEY_ISO_FILES=(
[ms]=$MS_ISO_FILE
[suse]=$NOMS_ISO_FILE
[opensuse]=$NOMS_ISO_FILE
[devel]=$NOMS_ISO_FILE
)
# Create the iso images
local GEN_ISO=%{SOURCE102}
local SHELL=${ARCH}/Shell.efi
local ENROLLER=${ARCH}/EnrollDefaultKeys.efi
$GEN_ISO $ARCH $SHELL $ENROLLER default $MS_ISO_FILE
$GEN_ISO $ARCH $SHELL $ENROLLER no-default $NOMS_ISO_FILE
# We only build the variable templates for X64 and AARCH64
if [ "$ARCH" == "X64" ]; then
FLAVORS=${FLAVORS_X64[@]}
elif [ "$ARCH" == "AARCH64" ]; then
FLAVORS=${FLAVORS_AA64[@]}
fi
# Generate the varstore templates
for flavor in ${FLAVORS[@]}; do
for key in ${KEY_SOURCES[@]}; do
build_template "$ARCH" "$flavor" "$key" \
"${PKKEK[$key]}" "${KEY_ISO_FILES[$key]}" \
"separate"
done
done
if [ "$ARCH" == "X64" ]; then
# Generate the unified firmware with preloaded keys for
# backward compatibility. (bsc#1159793)
for flavor in ${FLAVORS[@]}; do
for key in ${KEY_SOURCES[@]}; do
build_template "$ARCH" "$flavor" "$key" \
"${PKKEK[$key]}" "${KEY_ISO_FILES[$key]}" \
"unified"
done
done
fi
}
# Generate the variable stores with default Secure Boot keys
generate_sb_var_templates X64
generate_sb_var_templates AARCH64
# Rename the x86_64 4MB firmware
# We use ovmf-x86_64-$key-4m instead of ovmf-x86_64-4m-$key in the
# version < stable201905. Rename the 4MB firmware files for backward
# compatibility.
for key in ${KEY_SOURCES[@]}; do
rename "4m-$key" "$key-4m" *"4m-$key"*.bin
done
%install
cp %{SOURCE2} README
sed -i s/'\r'// License.txt
# Install BaseTools
install -d %{buildroot}/%{_bindir}
install -m 0755 --strip BaseTools/Source/C/bin/EfiRom %{buildroot}/%{_bindir}
# Replace @DATADIR@ in the firmware descriptors
sed -i "s:@DATADIR@:%{_datadir}/qemu:" descriptors/*.json
tr -d '\r' < OvmfPkg/License.txt > License-ovmf.txt
install -m 0644 -D ovmf-*.bin -t %{buildroot}/%{_datadir}/qemu/
install -m 0644 -D qemu-uefi-*.bin -t %{buildroot}/%{_datadir}/qemu/
install -m 0644 -D aavmf-*.bin -t %{buildroot}/%{_datadir}/qemu/
install -m 0644 -D descriptors/*.json \
-t %{buildroot}/%{_datadir}/qemu/firmware
%fdupes %{buildroot}/%{_datadir}/qemu/
%ifarch x86_64
# Install debug symbols, gdb-uefi.py
install -d %{buildroot}/%{_datadir}/ovmf-x86_64/
install -m 0644 gdb_uefi-*.py %{buildroot}/%{_datadir}/ovmf-x86_64/
mkdir -p %{buildroot}%{_prefix}/lib/debug
mv debug/ovmf-x86_64* %{buildroot}%{_prefix}/lib/debug
%fdupes %{buildroot}%{_prefix}/lib/debug/ovmf-x86_64*
mkdir -p %{buildroot}%{_prefix}/src/debug
mv source/ovmf-x86_64* %{buildroot}%{_prefix}/src/debug
%fdupes -s %{buildroot}%{_prefix}/src/debug/ovmf-x86_64
%endif
# Install Secure Boot key enroller
mkdir -p %{buildroot}/%{_datadir}/ovmf/
install -m 0755 %{SOURCE102} %{buildroot}/%{_datadir}/ovmf/
%ifarch x86_64
install -m 0644 X64/*.efi %{buildroot}/%{_datadir}/ovmf/
%endif
%ifarch aarch64
install -m 0644 AARCH64/*.efi %{buildroot}/%{_datadir}/ovmf/
%endif
%ifarch riscv64
# Nothing there yet
#install -m 0644 RISCV64/*.efi %{buildroot}/%{_datadir}/ovmf/
%endif
%if %{without build_riscv64}
rm %{buildroot}%{_datadir}/qemu/firmware/*-riscv64*.json
%endif
%files
%doc README
%dir %{_datadir}/ovmf/
%ifnarch riscv64
%{_datadir}/ovmf/*.efi
%endif
%{_datadir}/ovmf/*.sh
%files tools
%doc BaseTools/UserManuals/EfiRom_Utility_Man_Page.rtf
%{_bindir}/EfiRom
%files -n qemu-ovmf-ia32
%license License.txt License-ovmf.txt
%dir %{_datadir}/qemu/
%{_datadir}/qemu/ovmf-ia32*.bin
%dir %{_datadir}/qemu/firmware
%{_datadir}/qemu/firmware/*-ia32*.json
%files -n qemu-ovmf-x86_64
%license License.txt License-ovmf.txt
%dir %{_datadir}/qemu/
%{_datadir}/qemu/ovmf-x86_64*.bin
%dir %{_datadir}/qemu/firmware
%{_datadir}/qemu/firmware/*-x86_64*.json
%ifarch x86_64
%files -n qemu-ovmf-x86_64-debug
%{_datadir}/ovmf-x86_64/
%dir %{_prefix}/lib/debug/
%{_prefix}/lib/debug/ovmf-x86_64*
%dir %{_prefix}/src/debug/
%{_prefix}/src/debug/ovmf-x86_64*
%endif
%files -n qemu-uefi-aarch64
%license License.txt
%dir %{_datadir}/qemu/
%{_datadir}/qemu/qemu-uefi-aarch64*.bin
%{_datadir}/qemu/aavmf-aarch64-*code.bin
%{_datadir}/qemu/aavmf-aarch64-*vars.bin
%dir %{_datadir}/qemu/firmware
%{_datadir}/qemu/firmware/*-aarch64*.json
%files -n qemu-uefi-aarch32
%license License.txt
%dir %{_datadir}/qemu/
%{_datadir}/qemu/qemu-uefi-aarch32.bin
%{_datadir}/qemu/aavmf-aarch32-code.bin
%{_datadir}/qemu/aavmf-aarch32-vars.bin
%dir %{_datadir}/qemu/firmware
%{_datadir}/qemu/firmware/*-aarch32*.json
%if %{with build_riscv64}
%files -n qemu-uefi-riscv64
%license License.txt
%dir %{_datadir}/qemu/
%{_datadir}/qemu/qemu-uefi-riscv64.bin
%{_datadir}/qemu/ovmf-riscv64-code.bin
%{_datadir}/qemu/ovmf-riscv64-vars.bin
%dir %{_datadir}/qemu/firmware
%{_datadir}/qemu/firmware/*-riscv64*.json
%endif
%changelog

BIN
public-mipi-sys-t-1.1-edk2.tar.gz (Stored with Git LFS) Normal file

Binary file not shown.