SLFO-pool/ovmf
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sync from SUSE:SLFO:Main ovmf revision a1d993827a05d44c5b6bd1086943dbba

Browse Source
This commit is contained in:
Adrian Schröter 2024-08-28 11:03:46 +02:00
parent e3fd4e1de9
commit fd120cb2a3
21 changed files with 1546 additions and 539 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
descriptors.tar.xz (Stored with Git LFS)
View File

Binary file not shown.

10
descriptors.tar.xz.README Normal file
View File

@ -0,0 +1,10 @@
descriptors for libvirt
======================
All descriptors be maintained in SUSE repo on github:
https://github.com/SUSE/ovmf-descriptors
All elements of descriptor in .json have defined here:
https://gitlab.com/qemu/qemu/-/blob/master/docs/interop/firmware.json

BIN
edk2-edk2-stable202305.tar.gz (Stored with Git LFS)
View File

Binary file not shown.

BIN
edk2-edk2-stable202402.tar.gz (Stored with Git LFS) Normal file
View File

Binary file not shown.

113
gen-key-enrollment-iso.sh
View File

@ -1,113 +0,0 @@
#!/bin/bash -e
# The script to generate the key enrollment iso file
# based on build_iso() in https://git.kraxel.org/cgit/jenkins/edk2/tree/edk2.git.spec
# Example: $0 X64 Shell.efi EnrollDefaultKeys.efi default key.iso
usage()
{
PROG_NAME=$1
echo "Usage: $PROG_NAME <Arch> <Shell> <Enroller> <Type> <ISO NAME>"
echo "ex: $PROG_NAME X64 Shell.efi EnrollDefaultKeys.efi default key.iso"
}
ARCH=$(echo $1 | tr '[:lower:'] '[:upper:]')
UEFI_SHELL_BINARY="$2"
ENROLLER_BINARY="$3"
TYPE="$4"
ISO_NAME="$5"
# Check the arguments
if [ x$ARCH != xX64 ] && [ x$ARCH != xAARCH64 ]; then
echo "Supported architecture: X64, AARCH64"
usage $0
exit 1
fi
if [ x$UEFI_SHELL_BINARY == x ] || [ ! -e "$UEFI_SHELL_BINARY" ]; then
echo "Please specify the UEFI shell binary"
usage $0
exit 1
fi
if [ x$ENROLLER_BINARY == x ] || [ ! -e "$ENROLLER_BINARY" ]; then
echo "Please specify the enroller binary"
usage $0
exit 1
fi
if [ x$TYPE == x ]; then
echo "Please specify the type of image: default or no-default"
usage $0
exit 1
fi
if [ x$ISO_NAME == x ]; then
echo "Please specify the name of output iso"
usage $0
exit 1
fi
ISO_PATH=$(realpath $ISO_NAME)
TMP_DIR=$(mktemp -d)
cp $UEFI_SHELL_BINARY $TMP_DIR/Shell.efi
cp $ENROLLER_BINARY $TMP_DIR/EnrollDefaultKeys.efi
UEFI_BOOT_EFI=$(
if [ $ARCH == "X64" ]; then
echo bootx64.efi
elif [ $ARCH == "AARCH64" ]; then
echo bootaa64.efi
else
exit 1
fi
)
UEFI_SHELL_SIZE=$(stat --format=%s -- "$UEFI_SHELL_BINARY")
ENROLLER_SIZE=$(stat --format=%s -- "$ENROLLER_BINARY")
START_SCRIPT=$TMP_DIR/"startup.nsh"
# Enter the first ESP
echo "fs0:" > $START_SCRIPT
# Enroll the keys
if [ $TYPE == "default" ]; then
echo "EnrollDefaultKeys.efi" >> $START_SCRIPT
else
echo "EnrollDefaultKeys.efi --no-default" >> $START_SCRIPT
fi
# Reset BootOrder
echo "setvar BootOrder -guid 8be4df61-93ca-11d2-aa0d-00e098032b8c -bs -rt -nv =" >> $START_SCRIPT
# Shutdown the system
echo "reset -s" >> $START_SCRIPT
UEFI_SHELL_IMAGE=uefi_shell_${ARCH}_${TYPE}.img
# Add 1MB then 10% for metadata
UEFI_SHELL_IMAGE_KB=$((
(UEFI_SHELL_SIZE + ENROLLER_SIZE +
1 * 1024 * 1024) * 11 / 10 / 1024
))
pushd $TMP_DIR
# Create non-partitioned FAT image
rm -f -- "$UEFI_SHELL_IMAGE"
/usr/sbin/mkdosfs -C "$UEFI_SHELL_IMAGE" -n UEFI_SHELL -- "$UEFI_SHELL_IMAGE_KB"
export MTOOLS_SKIP_CHECK=1
mmd -i "$UEFI_SHELL_IMAGE" ::efi
mmd -i "$UEFI_SHELL_IMAGE" ::efi/boot
mcopy -i "$UEFI_SHELL_IMAGE" Shell.efi ::efi/boot/$UEFI_BOOT_EFI
mcopy -i "$UEFI_SHELL_IMAGE" "$START_SCRIPT" ::efi/boot/startup.nsh
mcopy -i "$UEFI_SHELL_IMAGE" EnrollDefaultKeys.efi ::EnrollDefaultKeys.efi
mdir -i "$UEFI_SHELL_IMAGE" -/ ::
# build ISO with FAT image file as El Torito EFI boot image
mkisofs -input-charset ASCII -J -rational-rock \
-eltorito-platform efi -eltorito-boot "$UEFI_SHELL_IMAGE" \
-no-emul-boot -o "$ISO_PATH" -- "$UEFI_SHELL_IMAGE"
popd
#rm -rf $TMP_DIR

BIN
mbedtls-3.3.0.tar.gz (Stored with Git LFS) Normal file
View File

Binary file not shown.

27
openSUSE-UEFI-SIGN-Certificate-2048.crt
View File

@ -1,27 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIEjTCCA3WgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgTEgMB4GA1UEAwwXb3Bl
blNVU0UgU2VjdXJlIEJvb3QgQ0ExCzAJBgNVBAYTAkRFMRIwEAYDVQQHDAlOdXJl
bWJlcmcxGTAXBgNVBAoMEG9wZW5TVVNFIFByb2plY3QxITAfBgkqhkiG9w0BCQEW
EmJ1aWxkQG9wZW5zdXNlLm9yZzAeFw0xMzA4MjYxNjE4MzdaFw0yMzA3MDUxNjE4
MzdaMIGGMSUwIwYDVQQDDBxvcGVuU1VTRSBTZWN1cmUgQm9vdCBTaWdua2V5MQsw
CQYDVQQGEwJERTESMBAGA1UEBwwJTnVyZW1iZXJnMRkwFwYDVQQKDBBvcGVuU1VT
RSBQcm9qZWN0MSEwHwYJKoZIhvcNAQkBFhJidWlsZEBvcGVuc3VzZS5vcmcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLNeCcz9j3S+vjlCzyEXczhpwo
HRneRWkhXqCUSgu1QS5nAWuRdjqFZipji4cr6JSKEm4lE7AHPygrdiU+KbJVQuc7
RCQdt5kyy0TStIjLqU+nswa+XKruKwQJquxYY1rIYsfZaEP7vQ6S/0zsAkS8lcmf
0b4h+PSybVoK1U2YZczBjO/f8p/aRQV2+RrAi9UcBfLAuEqwEt9DytULGEazA77N
p9cBgPHFyu7ZOh9KM31QAavXOkhuYllzYh447zIx7lgYfVkFivt91A1enUeb2K+2
EZ885xOE5ADsCpeJIpDzFObfwXUHrSQ42OCP9rnA20XjboFcHinQeK5sp0sfAgMB
AAGjggEHMIIBAzAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQDMvqcvw2IvyGSSw3o
KgmlTV3vyDCBrgYDVR0jBIGmMIGjgBRoQmAN4ixMR36VviPf6pUT5ZcXYqGBh6SB
hDCBgTEgMB4GA1UEAwwXb3BlblNVU0UgU2VjdXJlIEJvb3QgQ0ExCzAJBgNVBAYT
AkRFMRIwEAYDVQQHDAlOdXJlbWJlcmcxGTAXBgNVBAoMEG9wZW5TVVNFIFByb2pl
Y3QxITAfBgkqhkiG9w0BCQEWEmJ1aWxkQG9wZW5zdXNlLm9yZ4IBATAOBgNVHQ8B
Af8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwMwDQYJKoZIhvcNAQELBQADggEB
AI3sxNvPFB/+Cjj9GVCvNbaOGFV+5X6Dd7ZMJat0xI93GS+FvUOO1i53iCpnfSld
gE+2chifX2W3u6RyiJTTfwke4EVU4GWjFy78WwwszCih0byVa/YSQguvPuMjvQY6
mw+exom0ri68328yWb1oCDaPOhI9Fr51hj50yUWWBbmpu2YPi5blN6CBE+9B2cbp
HVDPxoUWjYJ9leK951nfSu0E1+cLNYDpZ39h4dBHNvU1a3AueVKIXyEYaiwy0VDS
8CQJluUCE4eLlt/cbJqMs0/iY7nRnbVOOyZUYTYxq7ACvDrMyStkfdR4KLDzvLWo
8Gu+1aY2qw6wZ+TKiiRRYjQ=
-----END CERTIFICATE-----

BIN
openssl-1.1.1t.tar.gz (Stored with Git LFS)
View File

Binary file not shown.

16
openssl-1.1.1t.tar.gz.asc
View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEeVOsH7w9yLOykjk+1enkP3357owFAmPiVA4ACgkQ1enkP335
7owO9Q/+I6mvbNQeSgpOaOu//sVRGVkOD9pfZJsxZJtQuiYPQtXLlwkZyoh3Ft8b
Gty7sC6zXwWA2sbo4LGeum3jnjb7nb/x3+5O8KARPLFRpy2/4okL3uZnAw8Pr5ps
8VjCEIm9l9UmuWNZPWRQZPtup6Uz5u97/kVLQE17qFQW1bwiUixR+Yc+ICyW/hUQ
F13tbV2GVkoVdJKwD9UpwAs6ft0+faXtkEASNyLykcrTbGbBPVVpieXiH/Vuv6BX
1Ax/oBR5Xem9bGSZkCa5KZMDOqR08GUEA1zqa9Hh8VN4hH11w0cjyKPK9U6dQmAH
P6clMEtbNMYPr3pHO4Ufgwf0OzdnLfxIf8qCiqQcNLmBnCG0NHM0/8zJmiGg1O6r
Fy0P9/nSQ5CIT3t27Xcn8RciwTR7YClEyBtNGS1JdDzGJmomTqmxBns/QyZyKtlG
V+7IsNfUBVdCF4AUP7BRC+SkHf/2/fDyCPETg27AQz/iOUC9KU0DgKLQtmnnRKk0
Uz49l/WSVJARzPS5y55o8NUEv/QhnSct2eGjYeO3RiikuHDVQoH9R663G6E1koMq
fahxEs0FX39hALOt/CVisZ/H8trIy3r3Buc7EmqLHj/Q40I5IJA9ZCzi1e8UviQV
pQpkVru5VJVwNsm8KB/aBOm6J00mi2kbXMPrW1zwfmJAwt+iSJ4=
=nNu+
-----END PGP SIGNATURE-----

BIN
openssl-3.0.9.tar.gz (Stored with Git LFS) Normal file
View File

Binary file not shown.

16
openssl-3.0.9.tar.gz.asc Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEE3HAyZir4heL0fyQ/UnRmohynnm0FAmR17NgACgkQUnRmohyn
nm2DuQ/+PxsaZnPjeBsFYNu8soZzJptfzHsM/9pqsdb3JY0IJhvFx4Y+GkoYZ/5/
+Q+tkomRl6pBkqUrMfJbcEbP8dIjQuOGzFxpfnzzVgS0JOZUlYamTyNGTbNIY5uw
ZjCFNOAD9fMl7WrZRps39Ksf1C4cmiyoujK0sa7hTXmz4pG/xDZew1JelYJ48vXb
KK7jUqh2KVnByY/gwdxiEge8GV0xZgV/MykJVPUy1AFH0YGVx+/dFwY/qIo5kSVJ
kCrSNYD19pWi9xVNVnrGY2rtPnjd0+8r+ZGMfXRJtmA6/rqfJA0YgsUBbb6WunFM
LdDiAykAWcsoY/fUdsYXXi1lotRm8PHpoXTF3HcbSadlQo3aAJyrv4SCWh0pJNQs
5R4Buy9oOK4M+nsw7Syn16JSkm/Go0lgYxNYwIY6qJaPPXCRX6B+Ra8hZ7ZHFOGt
Q+4eg0HExtUOiX1rF0a1oUyLR54xQQS0GgsdWaQn8WyWndETf0zX/+gGOgk5eqKT
xduOrHHsGDHxzgwL+kKN56/1nyysZ4Dz0exDugLdj6FPm/CRz1oGZ9lLLr2Wum8K
D6NWA5EoE+NfN9esPBZWyHsGzqSLrUT1Z79/IzS3FX3OctQwmWS10vGtH+XKVVjp
0x6drrPInjBOuX5d271rvB9k6sW9VE7gRkuVeBL8oX8pARDK8yo=
=rUmE
-----END PGP SIGNATURE-----

201
openssl.keyring
View File

@ -1,94 +1,113 @@
-----BEGIN PGP PUBLIC KEY BLOCK----- -----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: 7953 AC1F BC3D C8B3 B292 393E D5E9 E43F 7DF9 EE8C
Comment: Richard Levitte <levitte@lp.se>
Comment: Richard Levitte <levitte@openssl.org>
Comment: Richard Levitte <richard@levitte.org>
xsFNBFQwazYBEAC01v949yFYzwbn0UkEkM3MHTrDqWbp+erhXqdVD5ymG/pXvmqx mQINBGDxTCUBEACi0J1AgwXxjrAV/Gam5o4aZSVcPFBcO0bfWML5mT8ZUc3xO1cr
5KlxL1TZMuWEFuaq9EVkW8Wm5glk4D14IalIVKARAMDwqgNrPnw0GCAmNIf+Omvl 55DscbkXb27OK/FSdrq1YP7+pCtSZOstNPY/7k4VzNS1o8VoMzJZ3LAiXI5WB/LH
G7gdsSR93eALJp1vvKZpeEVZj0M0gQ1i4QIIR8PMqs+2jaYyed4HhRYzUbGKZMnr F8XSyzGuFEco/VT1hjTvb8EW2KlcBCR6Y22z5Wm1rVLqu7Q8b/ff1+M/kaWM6BFi
94Onby8FIAYq0B79VqBv5NfMc2KEKrLXwuDSjtZd2TGB7qeLF7sCczyFoi5XTj+B UKqfBZdqJuDDNFRGqFr0JjCol0D1v1vollm612OARKpzuUSOERdc11utidkGihag
iVfdxCzoYEa1Rjp5hGllVj85w2DdfKED/BW7VCel4H+WTZGqTFQ1e3kPo1KdqlwD pJDyP5a+qHZ4GNzZkZ+BBduuZDMUdEKgK28Pi0P0Nm17XRzX1Of1uXojMvroov7K
F+Ci2JFU6myPy0LpHrNhn6FsdQGOuRKgYPycol7VzJHKtcGNMDkUFGV2DsgljQuW /Bkbpv+uvZoiSEAeD+G/+Tyk9VLhmyji9P+0lwYyHb3ACgS3wElz7CZwFgB3kjJv
Sj5TNNX5umFCIIN94eLvHtV9bXP98yKB/5pr2JhagL6kdU7OE0c/mugA05gGQTUJ MX93OlCAMruFht/+6hQu0zx1KPxx+55j/w7oSVzH8ZmYND5kM4zlGVnJxJk6aBu8
DeLNsRq54YC+CLyM9dxMvH7yB43yMfUvgKcSRt0sHUo8g5aOYdFq0SXQUr8+t/iH laOARZw7EENz3c+hdgo+C+kXostNsbiuQTQnlFFaIM7Uy029wWnlCKSEmyElW9ZB
3t5/JxhqBik8FBiu0aISsTDUbvbxQQQe/LhfR+FWDZRFwHOL0VELapfw1whitGG+ HnPhcihi8WbfoRdTcdfMraxCEIU1G/oVxYKfzV2koZTSkwPpqJYckyjHs7Zez5A3
y+F9fQIJfa5yzEiC9AWYZjHRaFB7q6LAvF0V8vP+pkT157fTK63W53mt1+VPMt2L zVlAXPFEVLECEr02ESpWxFabk8itAz0oMZSn5tb3lBHs1XFqDvJaqME1unasjj06
732i+/Cqy/6HzwOdnNnNyfEdvm2Jojs8KXN20vChnfUGifvTjxuiFib9sQARAQAB YUuDgKHxCWZLxo/cfJRrVxlRcsDgZ3s4PjxKkAmzUXt5yb7K3EVWDQri0wARAQAB
zR9SaWNoYXJkIExldml0dGUgPGxldml0dGVAbHAuc2U+wsGPBBMBAgAiBQJUMGwd tBtUb23DocWhIE1yw6F6IDx0bUB0OG0uaW5mbz6JAlQEEwEIAD4WIQSiH6t0sAiK
AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAhCRDV6eQ/ffnujBYhBHlTrB+8 o2EVJYa47xprqdotXAUCYPFMkQIbAwUJEswDAAULCQgHAgYVCgkICwIEFgIDAQIe
PcizspI5PtXp5D99+e6Mq7QP/iNhBEDJYRTrYc6JAmRIg6YyiKjeOx8kXtVCe9+q AQIXgAAKCRC47xprqdotXEGoD/9CyRFM8tzcdQsQBeQewKGTGdJvPx9saDLO6EVy
CzC+Y9ehyZB5Dyl0Ybej9jNJdEDJzDHKzVwU4NrfefcTWqUOQDNbpClGtXcQHlUt U9lEy8vLKMHnmAk+9myVBf0UHxCjVZblvXEL6U/eCINW8TBu9ZH56AMkPQgvfZkE
hjREPWpyAEH1OhD5NDTSMI5YYKZDEfiN6oEpWlc7WK0mXZuY5mHOo0B3yNDfV845 KrpBoP2yfkA9/2rfChec7jkFUwArWKAB8hyLPiABXdm3vRZMhiBAsFTv9rdrr89W
+7CGPK9zuE56/f9SLmCaFsCkNMGbvV4ybLRoBfZdnC5NPOKyJXQ0TG0CbxGMgIN5 nAvcd9OXPxrEM7mNkkCDUlRkfRwdxSezStmJ/18bM5lrlR4Dj9MYUOieYICsu/nh
cOrBphU+ZrPYY+p4jEoD5rvFugQl4+oRsvxygpJV5t8pe1ihNMhmzu3CpRtMjmRA 1u9C+QDOGruo/xku7B87qVSnKM4My28/RtSeGjTBNw3QPEmumArINNUDNZbe3e+I
dzK+27Z8p7m8BORuoC+NbXVpcmjIueXDkYdxP+09qUyw8xE398tAuEXpbCVoQ68b m23l6tyP7nmtLbo0wPcRB9q4K1GlmecqzSgLsdf8YCOZKax9DLaA2fWVJCyp22Uj
6NDCBpowgvUu34zxDn0wKdt2YGHB6z7Kl7b8RycWG3Y8u/Hs+l6QehEmiy6UKXl7 kCmHkVgeXmByndWVdfYyJO4LGJhM7BfmWGa/yIRKRKZGlJavRY+UAkfqkXCbzhFD
zW3PIi3192WzElUi7TtG/btqC6YPs0U3SQMkNWzwkjbKM9bC4gPFMK05a8QENc66 IMyRTU3zqJfJcXrVDslvB1mMbBGIR7gmL2HSToNvN5E2xiEamHbSOv0ze0Vw5A1M
M+USWjNg0TiAkGP9PDlpYyhtjicCTgL51lDm8LBXr9cbzvXav7Jc6NVh7Zby89r1 8S71i+jLUSenGTgjLdu52+K7SGLtyhG/kA5NpvMyCLBOYZ+4HPgbIwKLlcm5SRJ6
DsPFzfDkccOX6nSnqYMISmvRUGrGfgrkeeM0MNu93aPTrs+0fxq+HJIZEhX/YCyQ z4sKLSZmU7HLMp69jXfGQqjYbJoUEHsCsLOeVMGiOVZqoZWQWcMHy9VvOA0FVx41
N4jqM+hQGh9bOwM7BacaP9F9vnq2hDK2WIXlWChX9Q70xArViJqzI8/76Ph1inPb xrpdDLft9ad+cM/oaiYXEWhqYRnBM5eIH0B3HOk/kmLZ6crNE+X5xG1qhoZgAurM
jbJczSVSaWNoYXJkIExldml0dGUgPGxldml0dGVAb3BlbnNzbC5vcmc+wsGPBBMB MriPFbQfVG9tw6HFoSBNcsOheiA8dG9tYXNAYXJsZXRvLmN6PokCVAQTAQgAPhYh
AgAiBQJUMGwKAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAhCRDV6eQ/ffnu BKIfq3SwCIqjYRUlhrjvGmup2i1cBQJg8UxqAhsDBQkSzAMABQsJCAcCBhUKCQgL
jBYhBHlTrB+8PcizspI5PtXp5D99+e6M1bAP/0byoJMiMsswapbBypQCT/vQmaoX AgQWAgMBAh4BAheAAAoJELjvGmup2i1cessP/jG7dFv/YEIn7p47wA+q+43Korjk
jZzNcU4qAKlB5EMlHkxl1T8ytEXxmNMd/e0ltV9HALeBqX1eYHS7oTG3rMXKuYVY 8LLpdb+YhVEpXgLK3yUNOcghs+e+UxSlS4jDV9ThpKgBEgTCn6V8vEWe5djvLVcO
TO19eM2wLiCW664EUtOsB9zAnpp6X+8UWMoNEpWlEHgkdlADQ0xIrrH3pt29SAbd UNG/wx33ksZKDOrZt2qGzz9VBd2ur100HjA3ibGClMjchMQCctlAHBCI/jV7g9Sv
x0QsvwkWPawEoKMoUiGPnVY4hAt7Xx9gDmWEa2T6tExd9soBBTIuIpTH3MbAEHsv FIHr/qECDnr50lh4kNeBZH/6gYEnB1Uqkc+7y/0gopk3kEcxO00qKj9d8QPatsoW
nBbdyarNltGF/pXYGMmGaYmU0WujqKzqpBpy3zwd0Rx1Kms5e0ZcypVzqx3Xgcue FOBW6OT0ldX5m19EL+x4Ku2/ayBwmobsQyj3cDV8cJN9QxJxB1AqLAKXK3XpEQ8Q
W8fbMPTZbG+Z922GUFDJ139WjAA2FsMJ9ES7XIIoJh/4nfBwk+PXcj29TieDnl2r UERor6Z2gQu9bCRoQCl3Xu+lfqh2gmfoXoWiZFinoBzEETtILEUdNa2MsJheNuVy
d4x7Yxnqp4Vzau+IARz9Vr1OIFVlQbaSdXfmDFi/fvVf9CJZnWwcSwkqp4pk50Zy Tf+W/vrfyAKVl7DgPk+n360frxmR8n7pkSpDq12s9J4eimX7aUlbhDX2XiMo/kGS
nEA+8TzEQj08jdj0+yrJNvbRxqbIafzSmoU77bANs4gc0WOdTTpvv4honUQROARp 2oo2ulB083oJq09UieI2acwRIn6fFAOXx4Cr9IRAnKtvGxT3XzkDJ8WkC/+QE7wW
G/JT47hE7ATVGNdF7bmWNEyEYFtZMdGP0xD+K0xEgsir65aruVixVrNKxOX9wqx6 kjtD994kD2Jf1GCqFIWPx+J88VXp5UbobOENYBGWvc5Pki541aFKkXe5mvK9n2Fm
JGzHTSTgtAVYAvMIsWJTLuCXZbMRmmmmubfyVaMAisz5UIYD+TCPncuJ1dMUW9WI T3fOeBnyhT27J79UYSkOg9Zk0o7lcLKvgX3TqOwRrwMOGqyBIrHkLprIbeX5KOBI
uLNFGLTRGHri01EWe2epaHZWA0WB0cQZaeGpc7C986WskDi9SA9ZzCIGW4oQIBQX yvtovyTuq3piF6OcfOYuZJOcV4LnnW6Ok9sgia1WgqNyJ+FSdSl6tLabzcM6sZ1I
lRJjjYxIBCnjxtUWzSVSaWNoYXJkIExldml0dGUgPHJpY2hhcmRAbGV2aXR0ZS5v 8tmXB4BcoHFB9N0AtCFUb23DocWhIE1yw6F6IDx0b21hc0BvcGVuc3NsLm9yZz6J
cmc+wsGSBBMBAgAlAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAUCVDBtJgIZ AlQEEwEIAD4WIQSiH6t0sAiKo2EVJYa47xprqdotXAUCYPFMJQIbAwUJEswDAAUL
AQAhCRDV6eQ/ffnujBYhBHlTrB+8PcizspI5PtXp5D99+e6MmN0P/AmpB8DasBnj CQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRC47xprqdotXJUfD/9qFJURXryr8/Uh
h9fAlBM8kEZ23MHVdEguPWX8KBML4L6eVlWRn7hdfpvOS90Ll5LTdtWPAQs8lDYh KJIAYQawc3rgSCeMaSi60fgPhteBf9VPA5w84OKLtnZFcPcpvGpaHuRxj+mchOSo
4V86hIYgLK9tisZyby+5NT4dEl6CXgHbRjdDbp0xKfGc5F9jWzPZpG8ZdDz6Zbvd 2HkYz7eseTsWbfguDiBNf1sA0IW6/WfIjqfGliw/ikLn/mA8GgLzgPPEiEbZH+gZ
ooy/4ThXNS16HcsJRckan6oFjCNAWSNpXDYcLtA7+9ncimrC/C+kGYlyPWJGYZu1 +J1ttxv15E8dWVSYILJcn7VLX8EgYc93uaiPbcc6wG3qBz5UD7FW6pg6AjEhz6j4
C3I+oL3+qWwiqAG9hp/zedsIsNP7o24wb0SgD0dTzphmOAPwTRfGS2DHhpbAH9P6 yQBq/dAUUL9nfrrx8p6548aslAR5A7e1kWPSMkrXD6ECdlJ8LReaPjiWrvLCtf1M
MZPiFBRGsARRRFfTRGkzI9W1M4bv9l/L8s6STpjD8+40f+aUE8cyUcNj1ycyRGFA cmAQJkXX9PLHtPtkXzfT97GdcEWtPF3qpu9k8gK3QC/dPoACIsDUU1+muaqlRB3A
nwf5MeO3MqzvjocoUyoZNc4t7/6rh6sceFjgMt/DFFZbi3kvz9cJBcaN6TWWktd4 ozLVFbSJ2kA0BqnHvhB+7cIB/ZkAasiI1jJ9XPwJJnzZGlRFGJnUg6MRX//FIvly
+1WmLxwcF0n3xaB04KCvXTaBZ5f/Hz5D4O8HyYsS6GlW6yIUiuAOvav8WizaTMbY Vi+hFt1DQ2tWMo6peu1sNDDONYKL7/NhFedJhIRoYUiQtcEuWqtTjOUn7ErkaC2y
k81XfXBuBKv7Vxk0fRYf9+HJ7fyWyIlIN9FqrSiiopA3JR+8gP8ueFcycmLnl2D9 q8hzWgYCe2afy1sUvyDtUjuldVTNzV1ic4MPC+QZ5ZEw2uHfP2oELlK2zUlLZIpt
fyZn/sv+UCLrMR6fyD/5EtzgzW0AJ8BDJw5n7ctmZ6UhuasDZZMPC2uB9LVhpQ8W Bwvgzqw5qcxj0nBHoaDTRyJXrXDWf/DsyS6Df1t8Uidoc6W3zNEhKbabvTb4gtWj
3mDDxJoaYe5bE2p0ca+mwEHZQpbpjmtT/2x5rGFZYxBUOhuGn/94zEYSqLLDirlF hh/QezJNtyRSg4SZ2Zx+ExgAngFdhKUk01XytLcEqYHjOjO6ZHpP0/+E7T8yZ7sI
IEUgucXLOLQHyEl+kEkCLEmSbn71WsM8wsGPBBMBAgAiBQJUMGs2AhsDBgsJCAcD w5AnBC/mkTbqp5Nsbk/spoN0Wl7PZbkCDQRg8UyoARAApiWRrHjdEu9Fp2yd7K93
AgYVCAIJCgsEFgIDAQIeAQIXgAAhCRDV6eQ/ffnujBYhBHlTrB+8PcizspI5PtXp VpttsAWGeZo6adA7kKrdB+DFwyQdQQIGF1MoxzKb3rcO2sxoU/SnY/TpxdVbSO27
5D99+e6MbdMP/1yj/fl/t8sl6ZH8v26uBBLSUeZPJYef9TCoe6akV//x4JLujB8y 1MLUcqoEc5F+uxuXsp4Tx5s6iXY9xTwQeBi8pAUQSLlWc/yoakF4sahG+5+0NUDp
dGGW8bToC680zpuYlNn+avMwmjyocPwe7Cqgev6AyO+CjspoodM9Xai0y10CAHCl djCEevRw2nHVbMbyzACgB0VRErhpY6gOBK7LkHwXAEXh1pN836P1s3DLLInjoM50
vGAW8mX7c79jtLcMB/Z/0+5u4ErkzfwyURRpB5deLcQ4LhyRVZbLQ72fdCrmPYzO IGQJLJ38/dBeWf9lqJrDif3lZ9Br7h2xHVhaj+08iWKFXb+MDkW6lXOuT+A8pzHK
e6Rhmfr9nWKL/oHDTLDUtRjAXdurI8YQKK9nCtbsM2uytvYkzpD2wx0B16rB7N04 bz1TVhopid9NOcw8ws00Vnq9R0/dhk+FT81XJC6GmoBi2GjjKpLNMzfBE6IkJjhn
QLJBNDyOUJwnm4K+Xt9LLs8NUJ8JXCdwXKXGrFFbt2b3vmy0y4/NR5AUoS444ao5 gMY9Wz5sSfXhyd0x7ZGdS3w9SiIXXoxw35woC1/Ue6QVasm/ldCNSNH63y8G5b7w
1mybA19WkCcCj5mSKmfZ9Dfbv6K3JCJx4ra5uJT2HP2M3NugtumQ1KPBUlNApVC6 NA84/fhVa9/Tug8zyzRj9p5Ge7b1yMbtVy9Ret8e1xB3yOJH8rjwmd13ocNBrFYh
u+Vn7SMqFW/KFRCxOjXDWWU+F4prqzOVc5SYqIUOk7XVxgj1FBryw5Wel5iq1Bn8 D4b1+P0DScr4TburR3S4gwzawB2juIToELQGseR8nQg8k6Fk5vZ8MaYslMU2za7H
La1Fv3Hs/+pUKHRYYIC48kRET7h6oCmBiNn+XmU0A2qZnIyblmVpmfYftj3UWUC0 a379C8+A9h0C2mobqtw7Gq8NzDH2H4Bgpy0Ce8ByWnRHEIrZcK4vZDTzBfW+lYJB
S86qf/dRi8unTXYl8qEQyOSPz8g6t2RDgEsJOzKhiO+j+wcBYVOgrSgsawC8yxjA HFlNc0mheV2ih6vjmz940cakzLvGF65UA69tsS8Q/3sWH2QLFTywdcEUZNgZRWnc
zfVwkprUJognVBJFCv4sKMb9wg99iEacI6O401w3FQy5FyokjmxXzrhn0UPj3t35 nAaLOI/nw1ydegw8F+s1ALEAEQEAAYkEcgQYAQgAJhYhBKIfq3SwCIqjYRUlhrjv
wd81WZ5HWaBSLnBo8HklfDyaybPlXODldSI7OGOch/0/CZEQzQwzsmnazsFNBFQw Gmup2i1cBQJg8UyoAhsCBQkLRzUAAkAJELjvGmup2i1cwXQgBBkBCAAdFiEE3HAy
azYBEADPNcBdaXTUwkG81K9NRKsKGVZ1coVRxkOx2+VD2THTY45sBx9MGmQsmSpj Zir4heL0fyQ/UnRmohynnm0FAmDxTKgACgkQUnRmohynnm3v+Q/+NpYQuO+0a57+
U45kx/wO5KiTVj+bM+scSzwNgERqLiyf/2hgOIDYaoyKSfAfIVCmm5pSa2Ad01RV otwvuN3xoMsOmiingnd6u5fefi8qCjHgYJxnZQhihk4MOyiY46CxJImFKI6M13H5
9qT3i0eSSpa1Kpx8eAHKcVsDsWb2ZCd8/MI9778cCjrCbPI4o9zEVK+fjtmYKtdk SlsuaGMbl17f5V8dE7rUDD9D9tD4+hVe504UsAdqaKHFhE8xyWJ24it9LmIXY358
HsEoMSVU6Jy86E908OLaJbOeo1a7bSKs4tU8zGWAX+ddY5Cb+w3cHQb4QheDWZHM cQ7gm/EzA/wCKEez1Z/IUlx6hrG6BnAuE6FYhLTQt5WcCGbA17I72M1H50rX8fa0
el8ZcEgTah7huS6lUA4seQnTKXHmkIZ+uNtB3gFMKso/6GoOGZnUTk8dPY3POLY1 8qOg4rzyNEOesz1auI3pt1VOy/VJo7V+oO2yz4NNGBqjCN1mMOmBl1vBldZz4oZJ
nbMQ/dEvMQpFxLCOBNQP0lhO4DGP0KuwLXzq2XAxrylX5tY0bNmZKLTjhi4CbKAt vqoCFgx4Bj4h8LHilyg2OWZV4Xh7fUGH2/RIdfAYhCTz495N1sdDHew9Qc3PP0vV
c/+iwMUkQQXJRw7Vlp9Fp9ogOvzx/YlMaZQZZixg5uN2b4UD5cWliHn4Aq7DkTzQ yzwoCJY2moCiZ16K0o215rgYAJcY2KCCithjw+ktHZ/E108cmJJE0ZXG9sFVdF6A
Je31m7sezA3cLnFR86ol2X77y79n0GRjGsMa+b+e9NRWNKs28JiCPF3ya31Kk+3+ HEEofaYRgXEvwFOwEBnytAq2l1ePmlTe6eu5/hSMYlan93YpsF2tol+jw7F+aspg
sjauCZQW3KYx31Il5bO3ulLHOtxhSkCUHx5sJ81NJIhZFr+7yAel/ECCiT9KbVbh K2JPWqB4FsupxnvvAvzGBrTTGfCL4z7K8/6QmYrJBByx0W/lkFsebEfOz0SY/Rvs
ddJBHsd7GNkwzb1QivcqnYiBW9QzXkQ+xAKHfS7YM5ooYcg6G7jw89/W0xznnGiz aGQ3LEmQkbn+Cz2c2PwmIuYJisunHNC1rH6lF1a19D2lpe82Eh3TsXEsgjty2+sh
5JTjMkj1s9cppQ8tdqiV4Uemvx/96Nr5F7n++UJZ7Oval9/zswARAQABwsF2BBgB uHsKCX/snSa+zySqMbsE6o/8AquuT7tkdHO1rYfr3ffvIeX8HVj6NKm1eyk6uyCE
AgAJBQJUMGs2AhsMACEJENXp5D99+e6MFiEEeVOsH7w9yLOykjk+1enkP3357ozr cb08jqBWOG8tzpNt6PIviyrQRrK+ncSLjw/9GT4LhZKnfLM5pVAFV0jVqf29lVhk
2A//YzMQJ6Mo+/SU328dOeoseI/sFypuK882pPhXfJqX8l8H1zyHbKWy5lLLiv1M RHDeiNmdprqpvW35cAS7LH2wv2xGj4+wGaJmksruiJj2KtNAWa+7Uvd4xvntrL3F
oNOC/8pWbpv2QlWyN3PKrB6srClnpPyiHIO37/lQBcpjvAfy9HWpl21FDxn9Ruxn 9kG5qC04iTx9nng4qliZAI1wGxT/fAKS165L5sdTXRvcywokshxtsPgCXcH/J2v/
a/IMYwq60EjE5h8NynNn57vydF3qTcTqkhtHW61L3vbBAcz9VMSay9QVm1f6qzM5 JC6BGn44o8qo/CLGIaTBk6V8NfY4YqNFyMaMRAQSQ9Pk0KXQxswdxASaYzTTb93g
WbbLxp1sfNjQWKSo381kjs1Vj7yCTBrJul3qSeX0CsRB7WF5VYMalpNTHPRIqCWp muoO7XrIu7ae1lppeL3HB5hQ0/zF1cVzCrLXffsEZNVW/1/9VamicTOWP8dV/ylN
zTMcO3E5SSGIJy+AqwAZZvFiylGrSsux6TnVEVJ07s0nn1yj3q7Ii7av+waGmTf7 86d7NvfJk8L7O+YIsEKYhKEDfCXIZrF7Ynu9SCWiR8LAqxZpBx2/6lommQJ7RlKr
9B0AyZv0IZ4j4NUWFNnGhsG1bEumFLkQl7Id/M61k0yKOusHdzDcZbCzecyww1w3 HBkWUGyC8WHYr/sxORy0uxSevGFcfK2sFMnpLJhC6C830O05B6SFTWTrD9c/NC2S
WD+j4wvGkfBy4mQRqLiyjutsN/dpxRRkULATME+TH9J5eNq0A5sRRaayEiA1TDcA DDWQCr1Tud3GZ634BowTlQRgJpGJc2s4wOMaARnhVtr/GZQhfCzOhcaHAVMBX0FE
WfF0PtA4smNy1GyIarobC+xn8AENi4eeYZBbfDfh8oRhEsICQ6rs098wiYz8jtZ/ ce+LktihEnzEJJgc/bzTH+t3fIW8bS4c65YlwCzMCJ1oYyALlD1BlZ6whFSVUZro
pOruzbiD7ZKDy+vjKtYqgjGnioHQalJCZrKTUnREpH102pg1Cw6v2OcjiXsqU5L7 uYVu8diJ4Alf9+hcYOU/Gnbyi3bFbRGhBVz8lB3TcEeP02+gSSFD7iDi2Wt3hkmY
Yrhv1jQIluII051VIJ/QBWe5uT7YiJOsMLMQGWvkObPXEYLld2UF6hK6MH4epkwV YaT7k3YGM2ksXdQ25SGM1aW4drxaqAj5sZ48OXTMNT9ira3TL/o/Xp6GRhVE8iOl
/w1uNqnlvIeEFgHTKmSHvfwlAF64lUiDCUdWExXybKkE2NY= JKbGoqC+wchHmOK5Ag0EYPFMJQEQAN/J6BypHYuzqwVDH8hrCQJ0s9I1fFdiu60u
=1H60 aeLTQPeB2JVwV4t9WZsM6mVMEUZJGIobk2Y5FFzLsHtbPlSs7MXtLhlLa05iiMXq
oZsS7EYI+GDNO6OP1j8h9On2Ik5EnK/0dWGQglSY/ryw+5ShdAjHSd4hCRvBxfX7
FJGNrvIkIp8AxlTvNBQyuR4rluOnfS1LXFDlaTWxRAZBJdB/GyAbCqKmkfbkXZbM
ZFA93E2skrLJ66CPgaK83r+DUi6+EyvOKTkZw0OU6S0k7xT4Z1f0AbS/ON5G8wjL
vxKu+Tmd2LHLMUTMiSQ7/K0iw4+pms1+MOBWFDX8aS/poRe0NS779RIk+Hy4OG7+
i9Rpf4wU+Z2QHbUYrun6h7+RySv+E27QWCgNuAdm2F8cIsxQ3B0mAapqf2ECIkNb
PftDlv/iDqzAxAobNJzlsKQrcRmEPIOqNxi3TP+H85ekwHTdwwdPb5u8pgehpDum
ciyHfYZ7A3eNl6RubQMIWQgQzxUbreUJkKjHwLoqkTHDafJeKI7+2nII4r3peQfE
N0jZ5HSXHTHu4520FUBHNutvuHqCy0nQrhvoXEfD4woYk27OOwSKHu1ZdEFa6iJH
eAW0f6pSOMkEMDRtFWv0/hVpNDbhA+jAswzD4+XYDk+xZdDONua9inO930MGI2Bs
LQ1kotFTABEBAAGJAjwEGAEIACYWIQSiH6t0sAiKo2EVJYa47xprqdotXAUCYPFM
JQIbDAUJEswDAAAKCRC47xprqdotXBU2D/4vF/5FrkPz78jSl7YN77gc/sTpBGMh
QxhZxKpf+8xE/oig9/F90BMKaFAflChiEMPc+Dj0VrCGwP2xMTVO4J7lw7bTr3RB
uETuVq8S3XgtmTlXwoRQL91XtoGjAjhfgpXbi/DEyZ6+34QwMYr474rsKiMsBcMS
nWTDuqRqkFYAaF4LRbD6RkWck+C7k4ps/KIflEKiSEuvpjk1TpibwoSt+zIeZI6u
sSLWbGcADqnXHe0GClUqcMYbIgLzVyXQQzUvfrwAzi8XvfW+8QhP+B5oZT6y8YBD
NHQDcITC4OYaVHYnZWS+tPtPQZK4duAlZRd/lBxKPbNWee5ufPh5ALFAINpBWP0C
nHKVj/P3fBcCrz2ZYaH5iQmqhSbJ3lyFKJoQQgrcnWbnOWI91DdhmvE2GIyn1JJE
FT2YQqRH52dDX5gOl5OcwT7PxV1jc03bhZsOCylBoq1Yd9iD3U0bgiqI71dGZrXZ
qaQzuigCRxlv8nF97SUGLDCuvqC5ejmecQBYmLCrgIiRcI+FXSVnZhUYkeBbg9sX
Cla8mCgxF1RhH2S9z9blrLEf2r+l/8P0+IWmmaTvCbZ7kIrUsbGv7FNCubVA3UXc
zPrDR7hQC/xNAX1RXMGNmPru9wVtgnn72UneoD/dLYY65U/ZFLNeQAnq9c3VJKQ2
TIdjvGbJ/k4qxw==
=Ctij
-----END PGP PUBLIC KEY BLOCK----- -----END PGP PUBLIC KEY BLOCK-----

22
openssl.keyring.README
View File

@ -61,3 +61,25 @@ gpg: aka "Richard Levitte <levitte@openssl.org>" [unknown]
Please maintain the openssl.keyring file in ovmf package with new openssl Please maintain the openssl.keyring file in ovmf package with new openssl
tarball and signature. tarball and signature.
Take the key of signature from gpg server
-----------------------------------------
Sometimes that the gpg key will be removed or changed from otc.html on
www.openssl.org, you can NOT find the key for tarball verification.
Another way for getting the gpg key is from key server.
e.g.
gpg --keyserver 'keys.openpgp.org' --recv-keys 'DC7032662AF885E2F47F243F527466A21CA79E6D'
The above command will download the key from gpg key server to your local
machine. Then you can use it to verify openssl source code tarball:
gpg --verify openssl-1.1.1u.tar.gz.asc openssl-1.1.1u.tar.gz
If you confirmed that the key can be used to verify tarball. Then you can
export it to openssl.keyring file for uploading to OBS/IBS:
gpg2 -a --export DC7032662AF885E2F47F243F527466A21CA79E6D > openssl.keyring

36
ovmf-EmbeddedPkg-Library-Support-SOURCE_DATE_EPOCH-in-Vir.patch Normal file
View File

@ -0,0 +1,36 @@
From 441bc6b75c8edcfa825b324e05f7cd838feac2bb Mon Sep 17 00:00:00 2001
From: "Lee, Chun-Yi" <jlee@suse.com>
Date: Thu, 11 Apr 2024 19:36:30 +0800
Subject: [PATCH] EmbeddedPkg/Library: Support SOURCE_DATE_EPOCH in
VirtualRealTimeClockLib for reproducible
RISC-V ovmf used VirtualRealTimeClockLib but the default epoch is a
compilation time. It causes that the RISC-V ovmf binary image is NOT
reproducible.
This patch added the support of SOURCE_DATE_EPOCH by printenv command.
If SOURCE_DATE_EPOCH be found then we use it as BUILD_EPOCH. Otherwise
we run date command for setting BUILD_EPOCH.
For distributions want a reproducible RISC-V ovmf image, they should
export SOURCE_DATE_EPOCH environment variable before building ovmf.
References: https://reproducible-builds.org/docs/source-date-epoch/
Signed-off-by: Lee, Chun-Yi <jlee@suse.com>
---
.../Library/VirtualRealTimeClockLib/VirtualRealTimeClockLib.inf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/EmbeddedPkg/Library/VirtualRealTimeClockLib/VirtualRealTimeClockLib.inf b/EmbeddedPkg/Library/VirtualRealTimeClockLib/VirtualRealTimeClockLib.inf
index 5d0f867eb6..0bd6bcee75 100644
--- a/EmbeddedPkg/Library/VirtualRealTimeClockLib/VirtualRealTimeClockLib.inf
+++ b/EmbeddedPkg/Library/VirtualRealTimeClockLib/VirtualRealTimeClockLib.inf
@@ -34,4 +34,4 @@
# Current usage of this library expects GCC in a UNIX-like shell environment with the date command
[BuildOptions]
- GCC:*_*_*_CC_FLAGS = -DBUILD_EPOCH=`date +%s`
+ GCC:*_*_*_CC_FLAGS = -DBUILD_EPOCH=`printenv SOURCE_DATE_EPOCH || date +%s`
--
2.44.0

48
ovmf-OvmfPkg-SmbiosPlatformDxe-tweak-fallback-release-dat.patch Normal file
View File

@ -0,0 +1,48 @@
From 9aa057b298345f868dc0ca55e76128037c54e3aa Mon Sep 17 00:00:00 2001
From: "Lee, Chun-Yi" <jlee@suse.com>
Date: Sun, 4 Feb 2024 17:32:13 +0800
Subject: [PATCH] OvmfPkg/SmbiosPlatformDxe: tweak fallback release date again
In case PcdFirmwareReleaseDateString is not set use a valid date
as fallback. But the default valid date can _NOT_ pass the Microsoft
SVVP test "Check SMBIOS Table Specific Requirements". The test emitted
the error message:
BIOS Release Date string is unexpected length: 8. This string must be in
MM/DD/YYYY format. No other format is allowed and no additional information
may be included. See field description in the SMBIOS specification.
Base on SMBIOS spec v3.7.0:
08h 2.0+ BIOS Release Date BYTE STRING
String number of the BIOS release date. The date
string, if supplied, is in either mm/dd/yy or
mm/dd/yyyy format. If the year portion of the string
is two digits, the year is assumed to be 19yy.
NOTE: The mm/dd/yyyy format is required for SMBIOS
version 2.3 and later.
So, let's tweek the fallback release date again.
Fixes: a0f9628705e3 ("OvmfPkg/SmbiosPlatformDxe: tweak fallback release date") [edk2-stable202305~327]
Signed-off-by: "Lee, Chun-Yi" <jlee@suse.com>
---
OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.c b/OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.c
index 0ca3776..e929da6 100644
--- a/OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.c
+++ b/OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.c
@@ -160,7 +160,7 @@ InstallAllStructures (
DateStr = (CHAR16 *)FixedPcdGetPtr (PcdFirmwareReleaseDateString);
DateLen = StrLen (DateStr);
if (DateLen < 3) {
- DateStr = L"2/2/2022";
+ DateStr = L"02/02/2022";
DateLen = StrLen (DateStr);
}
--
2.35.3

51
ovmf-Revert-OvmfPkg-PlatformPei-Update-ReserveEmuVariable.patch
View File

@ -1,51 +0,0 @@
From 251820bfcd28abecf8a67ee94d82c8ab47547b0b Mon Sep 17 00:00:00 2001
From: Joey Lee <jlee@suse.com>
Date: Mon, 20 Mar 2023 13:14:57 +0100
Subject: [PATCH] Revert "OvmfPkg/PlatformPei: Update
ReserveEmuVariableNvStore"
This reverts commit 58eb8517ad7b56574f8f04b770a59a9cbed796c4.
(bsc#1209266)
Signed-off-by: Joey Lee <jlee@suse.com>
---
OvmfPkg/PlatformPei/Platform.c | 25 ++++++++++++++++++-------
1 file changed, 18 insertions(+), 7 deletions(-)
Index: edk2-edk2-stable202305/OvmfPkg/PlatformPei/Platform.c
===================================================================
--- edk2-edk2-stable202305.orig/OvmfPkg/PlatformPei/Platform.c
+++ edk2-edk2-stable202305/OvmfPkg/PlatformPei/Platform.c
@@ -219,14 +219,24 @@ ReserveEmuVariableNvStore (
EFI_PHYSICAL_ADDRESS VariableStore;
RETURN_STATUS PcdStatus;
- VariableStore = (EFI_PHYSICAL_ADDRESS)(UINTN)PlatformReserveEmuVariableNvStore ();
- PcdStatus = PcdSet64S (PcdEmuVariableNvStoreReserved, VariableStore);
-
- if (FeaturePcdGet (PcdSecureBootSupported)) {
- // restore emulated VarStore from pristine ROM copy
- PlatformInitEmuVariableNvStore ((VOID *)(UINTN)VariableStore);
- }
-
+ //
+ // Allocate storage for NV variables early on so it will be
+ // at a consistent address. Since VM memory is preserved
+ // across reboots, this allows the NV variable storage to survive
+ // a VM reboot.
+ //
+ VariableStore =
+ (EFI_PHYSICAL_ADDRESS)(UINTN)
+ AllocateRuntimePages (
+ EFI_SIZE_TO_PAGES (2 * PcdGet32 (PcdFlashNvStorageFtwSpareSize))
+ );
+ DEBUG ((
+ DEBUG_INFO,
+ "Reserved variable store memory: 0x%lX; size: %dkb\n",
+ VariableStore,
+ (2 * PcdGet32 (PcdFlashNvStorageFtwSpareSize)) / 1024
+ ));
+ PcdStatus = PcdSet64S (PcdEmuVariableNvStoreReserved, VariableStore);
ASSERT_RETURN_ERROR (PcdStatus);
}

90
ovmf-build-funcs.sh
View File

@ -1,90 +0,0 @@
#!/bin/bash
# Generate PK/KEK OEM strings
pkkek_oemstr()
{
local CERT_FILE=$1
sed \
-e 's/^-----BEGIN CERTIFICATE-----$/4e32566d-8e9e-4f52-81d3-5bb9715f9727:/' \
-e '/^-----END CERTIFICATE-----$/d' \
$CERT_FILE \
| tr -d '\n'
}
# Build the varstore template
build_template()
{
local ARCH=$(echo $1 | tr '[:lower:'] '[:upper:]')
local PREFIX="$2"
local KEY="$3"
local PKKEK_FILE="$4"
local ISO_FILE="$5"
local TYPE="$6"
# QEMU parameters
# pflash parameters
local PFLASH=""
if [ $TYPE == "separate" ]; then
local FW_CODE_ORIG="${PREFIX}-code.bin"
local FW_VARS_ORIG="${PREFIX}-vars.bin"
local FW_CODE="${PREFIX}-${KEY}-code.bin"
local FW_VARS="${PREFIX}-${KEY}-vars.bin"
local PFLASH_CODE="-drive if=pflash,format=raw,unit=0,readonly=on,file=$FW_CODE"
local PFLASH_VARS="-drive if=pflash,format=raw,unit=1,file=$FW_VARS"
ln -s "$FW_CODE_ORIG" "$FW_CODE"
cp "$FW_VARS_ORIG" "$FW_VARS"
PFLASH="$PFLASH_CODE $PFLASH_VARS"
elif [ $TYPE == "unified" ]; then
local UNIFIED_FW_ORIG="${PREFIX}.bin"
local UNIFIED_FW="${PREFIX}-${KEY}.bin"
cp "$UNIFIED_FW_ORIG" "$UNIFIED_FW"
PFLASH="-drive if=pflash,format=raw,unit=0,file=$UNIFIED_FW"
fi
# smbios parameters for PK and KEK
local SMBIOS="-smbios type=11,value=$(pkkek_oemstr $PKKEK_FILE)"
# memory: 256MB
local MEMORY="-m 256"
# kvm
local FW_CFG="-fw_cfg name=opt/org.tianocore/X-Cpuhp-Bugcheck-Override,string=yes"
# redirect display to stdio and disable network
local MISC="-display none -no-user-config -nodefaults -smp 1"
MISC="$MISC -serial stdio"
# set cdrom device
local CDROM="-device virtio-scsi-pci,id=scsi0"
CDROM="$CDROM -device scsi-cd,drive=cd0,bus=scsi0.0,bootindex=0"
CDROM="$CDROM -drive media=cdrom,if=none,id=cd0,format=raw,readonly=on"
CDROM="$CDROM,file=${ISO_FILE}"
if [ $ARCH == "X64" ]; then
# qemu command
local QEMU="qemu-system-x86_64"
# machine parameters
local MACHINE="-machine q35"
if [[ "$PREFIX" == *"-smm" ]]; then
MACHINE="$MACHINE,smm=on,accel=tcg"
MACHINE="$MACHINE -global driver=cfi.pflash01,property=secure,value=on"
MACHINE="$MACHINE -global ICH9-LPC.disable_s3=1"
fi
MACHINE="$MACHINE -chardev pty,id=charserial1"
MACHINE="$MACHINE -device isa-serial,chardev=charserial1,id=serial1"
elif [ $ARCH == "AARCH64" ]; then
# qemu command
local QEMU="qemu-system-aarch64"
# machine parameters
local MACHINE="-cpu cortex-a57 -machine virt"
fi
# Launch the VM
$QEMU $MACHINE $MEMORY $FW_CFG $PFLASH $SMBIOS $CDROM $MISC
}

12
ovmf-riscv64-missing-memcpy.patch
View File

@ -1,12 +0,0 @@
--- edk2-edk2-stable202302.orig/CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+++ edk2-edk2-stable202302/CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
@@ -43,6 +43,9 @@
[Sources.X64]
CopyMem.c
+[Sources.RISCV64]
+ CopyMem.c
+
[Packages]
MdePkg/MdePkg.dec

33
ovmf-set-fixed-enroll-time.patch
View File

@ -1,33 +0,0 @@
From c0cec3409f3abda1e2359a79ccac575b4ea1838b Mon Sep 17 00:00:00 2001
From: Gary Lin <glin@suse.com>
Date: Tue, 21 May 2019 16:56:06 +0800
Subject: [PATCH 1/1] OvmfPkg/EnrollDefaultKeys: Set the fixed time
For the reproducible build, we need to set the fixed time when setting
the authenticate variables.
Signed-off-by: Gary Lin <glin@suse.com>
---
OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c | 10 ++++++++++
1 file changed, 10 insertions(+)
Index: edk2-edk2-stable202202/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c
===================================================================
--- edk2-edk2-stable202202.orig/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c
+++ edk2-edk2-stable202202/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c
@@ -324,6 +324,15 @@ EnrollListOfCerts (
goto FreeData;
}
+ // Set the fixed time for the reproducible build
+ // 2019-5-20 00:00:00
+ SingleHeader->TimeStamp.Year = 2019;
+ SingleHeader->TimeStamp.Month = 5;
+ SingleHeader->TimeStamp.Day = 20;
+ SingleHeader->TimeStamp.Hour = 0;
+ SingleHeader->TimeStamp.Minute = 0;
+ SingleHeader->TimeStamp.Second = 0;
+
SingleHeader->TimeStamp.Pad1 = 0;
SingleHeader->TimeStamp.Nanosecond = 0;
SingleHeader->TimeStamp.TimeZone = 0;

1226
ovmf.changes
View File

File diff suppressed because it is too large Load Diff

165
ovmf.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package ovmf # spec file for package ovmf
# #
# Copyright (c) 2023 SUSE LLC # Copyright (c) 2024 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -18,7 +18,7 @@
%undefine _build_create_debug %undefine _build_create_debug
%global openssl_version 1.1.1t %global openssl_version 3.0.9
%global softfloat_version b64af41c3276f %global softfloat_version b64af41c3276f
%if 0%{?suse_version} < 1599 %if 0%{?suse_version} < 1599
%bcond_with build_riscv64 %bcond_with build_riscv64
@ -27,21 +27,21 @@
%endif %endif
Name: ovmf Name: ovmf
Version: 202305 Version: 202402
Release: 0 Release: 0
Summary: Open Virtual Machine Firmware Summary: Open Virtual Machine Firmware
License: BSD-2-Clause-Patent License: BSD-2-Clause-Patent
Group: System/Emulators/PC Group: System/Emulators/PC
URL: https://github.com/tianocore/edk2 URL: https://github.com/tianocore/edk2
Source0: edk2-edk2-stable%{version}.tar.gz Source0: edk2-edk2-stable%{version}.tar.gz
Source1: https://www.openssl.org/source/old/1.1.1/openssl-%{openssl_version}.tar.gz Source1: https://www.openssl.org/source/old/3.0/openssl-%{openssl_version}.tar.gz
Source111: https://www.openssl.org/source/old/1.1.1/openssl-%{openssl_version}.tar.gz.asc Source111: https://www.openssl.org/source/old/3.0/openssl-%{openssl_version}.tar.gz.asc
Source112: openssl.keyring Source112: openssl.keyring
Source113: openssl.keyring.README Source113: openssl.keyring.README
Source114: descriptors.tar.xz.README
Source2: README Source2: README
Source3: SLES-UEFI-CA-Certificate-2048.crt Source3: SLES-UEFI-CA-Certificate-2048.crt
Source4: openSUSE-UEFI-CA-Certificate-2048.crt Source4: openSUSE-UEFI-CA-Certificate-2048.crt
Source5: openSUSE-UEFI-SIGN-Certificate-2048.crt
# berkeley-softfloat-3: https://github.com/ucb-bar/berkeley-softfloat-3 # berkeley-softfloat-3: https://github.com/ucb-bar/berkeley-softfloat-3
Source6: berkeley-softfloat-3-%{softfloat_version}.tar.xz Source6: berkeley-softfloat-3-%{softfloat_version}.tar.xz
Source7: descriptors.tar.xz Source7: descriptors.tar.xz
@ -49,14 +49,13 @@ Source7: descriptors.tar.xz
Source8: oniguruma-v6.9.4_mark1-src.tar.xz Source8: oniguruma-v6.9.4_mark1-src.tar.xz
# public-mipi-sys-t: https://github.com/MIPI-Alliance/public-mipi-sys-t # public-mipi-sys-t: https://github.com/MIPI-Alliance/public-mipi-sys-t
Source9: public-mipi-sys-t-1.1-edk2.tar.gz Source9: public-mipi-sys-t-1.1-edk2.tar.gz
# mbedtls: https://github.com/Mbed-TLS/mbedtls
Source10: mbedtls-3.3.0.tar.gz
Source100: %{name}-rpmlintrc Source100: %{name}-rpmlintrc
Source101: gdb_uefi.py.in Source101: gdb_uefi.py.in
Source102: gen-key-enrollment-iso.sh
Source103: ovmf-build-funcs.sh
Patch1: %{name}-gdb-symbols.patch Patch1: %{name}-gdb-symbols.patch
Patch2: %{name}-pie.patch Patch2: %{name}-pie.patch
Patch3: %{name}-disable-ia32-firmware-piepic.patch Patch3: %{name}-disable-ia32-firmware-piepic.patch
Patch4: %{name}-set-fixed-enroll-time.patch
Patch5: %{name}-disable-brotli.patch Patch5: %{name}-disable-brotli.patch
Patch6: %{name}-ignore-spurious-GCC-12-warning.patch Patch6: %{name}-ignore-spurious-GCC-12-warning.patch
# Bug 1205978 - Got Page-Fault exception when VM is booting with edk2-stable202211 ovmf # Bug 1205978 - Got Page-Fault exception when VM is booting with edk2-stable202211 ovmf
@ -65,9 +64,10 @@ Patch7: %{name}-Revert-OvmfPkg-PlatformInitLib-dynamic-mmio-window-s.pat
Patch8: %{name}-Revert-ArmVirtPkg-make-EFI_LOADER_DATA-non-executabl.patch Patch8: %{name}-Revert-ArmVirtPkg-make-EFI_LOADER_DATA-non-executabl.patch
# Bug 1205613 - L3: win 2k22 UEFI xen VMs cannot boot in xen after upgrade # Bug 1205613 - L3: win 2k22 UEFI xen VMs cannot boot in xen after upgrade
Patch9: %{name}-Revert-OvmfPkg-OvmfXen-Set-PcdFSBClock.patch Patch9: %{name}-Revert-OvmfPkg-OvmfXen-Set-PcdFSBClock.patch
# Bug 1209266 - OVMF firmware hangs when booting SEV or SEV-ES guest # Bug 1219024 - SVVP test Check SMBIOS Table Specific Requirements fails
Patch10: %{name}-Revert-OvmfPkg-PlatformPei-Update-ReserveEmuVariable.patch Patch11: %{name}-OvmfPkg-SmbiosPlatformDxe-tweak-fallback-release-dat.patch
Patch11: ovmf-riscv64-missing-memcpy.patch # Bug 1217704 - ovmf: reproducible builds problem in ovmf-riscv64-code.bin
Patch12: %{name}-EmbeddedPkg-Library-Support-SOURCE_DATE_EPOCH-in-Vir.patch
BuildRequires: bc BuildRequires: bc
BuildRequires: cross-arm-binutils BuildRequires: cross-arm-binutils
BuildRequires: cross-arm-gcc%{gcc_version} BuildRequires: cross-arm-gcc%{gcc_version}
@ -82,10 +82,8 @@ BuildRequires: mtools
BuildRequires: nasm BuildRequires: nasm
BuildRequires: openssl BuildRequires: openssl
BuildRequires: python3 BuildRequires: python3
BuildRequires: qemu-arm >= 3.0.0
BuildRequires: qemu-ipxe
BuildRequires: qemu-x86 >= 3.0.0
BuildRequires: unzip BuildRequires: unzip
BuildRequires: virt-firmware
%ifnarch aarch64 %ifnarch aarch64
BuildRequires: cross-aarch64-binutils BuildRequires: cross-aarch64-binutils
BuildRequires: cross-aarch64-gcc%{gcc_version} BuildRequires: cross-aarch64-gcc%{gcc_version}
@ -101,7 +99,7 @@ BuildRequires: cross-riscv64-gcc%{gcc_version}
%endif %endif
%endif %endif
# Only build on the architectures with # Only build on the architectures with
# 1. cross-compilers, 2. iasl, 3. qemu-arm and qemu-x86 # 1. cross-compilers, 2. iasl
ExclusiveArch: x86_64 aarch64 riscv64 ExclusiveArch: x86_64 aarch64 riscv64
%description %description
@ -194,17 +192,7 @@ virt board.
PKG_TO_REMOVE="EmulatorPkg" PKG_TO_REMOVE="EmulatorPkg"
rm -rf $PKG_TO_REMOVE rm -rf $PKG_TO_REMOVE
%patch1 -p1 %autopatch -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
# add openssl # add openssl
pushd CryptoPkg/Library/OpensslLib/openssl pushd CryptoPkg/Library/OpensslLib/openssl
@ -229,7 +217,10 @@ pushd MdePkg/Library/MipiSysTLib/mipisyst
tar -xf %{SOURCE9} --strip 1 tar -xf %{SOURCE9} --strip 1
popd popd
chmod +x %{SOURCE102} # add mbedtls
pushd CryptoPkg/Library/MbedTlsLib/mbedtls
tar -xf %{SOURCE10} --strip 1
popd
%build %build
@ -239,7 +230,6 @@ export PYTHON_COMMAND=python3
# For some reason ARM still uses TPM2_CONFIG_ENABLE # For some reason ARM still uses TPM2_CONFIG_ENABLE
OVMF_FLAGS=" \ OVMF_FLAGS=" \
-D SECURE_BOOT_ENABLE \
-D TPM2_ENABLE \ -D TPM2_ENABLE \
-D TPM2_CONFIG_ENABLE \ -D TPM2_CONFIG_ENABLE \
-D NETWORK_IP6_ENABLE \ -D NETWORK_IP6_ENABLE \
@ -258,16 +248,23 @@ FLAVORS_X86=("ovmf-ia32")
BUILD_OPTIONS_X86=" \ BUILD_OPTIONS_X86=" \
$OVMF_FLAGS \ $OVMF_FLAGS \
-D FD_SIZE_2MB \ -D FD_SIZE_2MB \
-D SECURE_BOOT_ENABLE \
-D BUILD_SHELL=FALSE \
-a IA32 \ -a IA32 \
-p OvmfPkg/OvmfPkgIa32.dsc \ -p OvmfPkg/OvmfPkgIa32.dsc \
-b DEBUG \ -b DEBUG \
-t $TOOL_CHAIN \ -t $TOOL_CHAIN \
" "
# Flavors for x86_64: 2MB, 4MB, and 4MB+SMM # Flavors for x86_64: 2MB, 4MB, 4MB+SMM and AMD SEV
FLAVORS_X64=("ovmf-x86_64" "ovmf-x86_64-4m" "ovmf-x86_64-smm") FLAVORS_X64=("ovmf-x86_64" "ovmf-x86_64-4m" "ovmf-x86_64-smm" "ovmf-x86_64-sev")
# Flavors will NOT enroll default kek/db keys
FLAVORS_X64_SKIP_SB_KEY=("ovmf-x86_64-sev")
# Flavors only support unified image (no separate *-code/-vars files)
FLAVORS_X64_UNIFIED_ONLY=("ovmf-x86_64-sev")
BUILD_OPTIONS_X64=" \ BUILD_OPTIONS_X64=" \
$OVMF_FLAGS \ $OVMF_FLAGS \
-D BUILD_SHELL=FALSE \
-a X64 \ -a X64 \
-b DEBUG \ -b DEBUG \
-t $TOOL_CHAIN \ -t $TOOL_CHAIN \
@ -277,6 +274,7 @@ BUILD_OPTIONS_X64=" \
FLAVORS_AA64=("aavmf-aarch64") FLAVORS_AA64=("aavmf-aarch64")
BUILD_OPTIONS_AA64=" \ BUILD_OPTIONS_AA64=" \
$OVMF_FLAGS \ $OVMF_FLAGS \
-D SECURE_BOOT_ENABLE \
-D NETWORK_TLS_ENABLE \ -D NETWORK_TLS_ENABLE \
-a AARCH64 \ -a AARCH64 \
-p ArmVirtPkg/ArmVirtQemu.dsc \ -p ArmVirtPkg/ArmVirtQemu.dsc \
@ -297,6 +295,7 @@ BUILD_OPTIONS_AA32=" \
FLAVORS_RV64=("riscv") FLAVORS_RV64=("riscv")
BUILD_OPTIONS_RV64=" \ BUILD_OPTIONS_RV64=" \
$OVMF_FLAGS \ $OVMF_FLAGS \
-D SECURE_BOOT_ENABLE \
-a RISCV64 \ -a RISCV64 \
-p OvmfPkg/RiscVVirt/RiscVVirtQemu.dsc \ -p OvmfPkg/RiscVVirt/RiscVVirtQemu.dsc \
-b DEBUG \ -b DEBUG \
@ -316,7 +315,6 @@ BUILD_OPTIONS_RV64=" \
%endif %endif
# Import the build functions # Import the build functions
source %{SOURCE103}
source ./edksetup.sh source ./edksetup.sh
### Build x86 UEFI Images ### ### Build x86 UEFI Images ###
@ -359,15 +357,17 @@ collect_x86_64_debug_files()
declare -A EXTRA_FLAGS_X64 declare -A EXTRA_FLAGS_X64
EXTRA_FLAGS_X64=( EXTRA_FLAGS_X64=(
[ovmf-x86_64]="-p OvmfPkg/OvmfPkgX64.dsc -D FD_SIZE_2MB -D BUILD_SHELL=FALSE" [ovmf-x86_64]="-p OvmfPkg/OvmfPkgX64.dsc -D FD_SIZE_2MB -D SECURE_BOOT_ENABLE"
[ovmf-x86_64-4m]="-p OvmfPkg/OvmfPkgX64.dsc -D FD_SIZE_4MB -D NETWORK_TLS_ENABLE" [ovmf-x86_64-4m]="-p OvmfPkg/OvmfPkgX64.dsc -D FD_SIZE_4MB -D NETWORK_TLS_ENABLE -D SECURE_BOOT_ENABLE"
[ovmf-x86_64-smm]="-a IA32 -p OvmfPkg/OvmfPkgIa32X64.dsc -D FD_SIZE_4MB -D NETWORK_TLS_ENABLE -D SMM_REQUIRE -D BUILD_SHELL=FALSE" [ovmf-x86_64-smm]="-a IA32 -p OvmfPkg/OvmfPkgIa32X64.dsc -D FD_SIZE_4MB -D NETWORK_TLS_ENABLE -D SMM_REQUIRE -D SECURE_BOOT_ENABLE"
[ovmf-x86_64-sev]="-p OvmfPkg/OvmfPkgX64.dsc -D FD_SIZE_4MB -D NETWORK_TLS_ENABLE"
) )
declare -A OUTDIR_X64 declare -A OUTDIR_X64
OUTDIR_X64=( OUTDIR_X64=(
[ovmf-x86_64]="OvmfX64" [ovmf-x86_64]="OvmfX64"
[ovmf-x86_64-4m]="OvmfX64" [ovmf-x86_64-4m]="OvmfX64"
[ovmf-x86_64-smm]="Ovmf3264" [ovmf-x86_64-smm]="Ovmf3264"
[ovmf-x86_64-sev]="OvmfX64"
) )
%ifnarch x86_64 %ifnarch x86_64
@ -385,10 +385,11 @@ for flavor in ${FLAVORS_X64[@]}; do
%endif %endif
done done
# Copy Shell.efi and EnrollDefaultKeys.efi # remove -code/-vars files for unfied only flavors
mkdir X64 for flavor in ${FLAVORS_X64_UNIFIED_ONLY[@]}; do
cp Build/OvmfX64/DEBUG_*/X64/Shell.efi X64 rm $flavor-code.bin
cp Build/OvmfX64/DEBUG_*/X64/EnrollDefaultKeys.efi X64 rm $flavor-vars.bin
done
%ifarch x86_64 %ifarch x86_64
# Collect the source # Collect the source
@ -427,14 +428,10 @@ export ${TOOL_CHAIN}_AARCH64_PREFIX="aarch64-suse-linux-"
build $BUILD_OPTIONS_AA64 build $BUILD_OPTIONS_AA64
cp Build/ArmVirtQemu-AARCH64/DEBUG_GCC*/FV/QEMU_EFI.fd qemu-uefi-aarch64.bin cp Build/ArmVirtQemu-AARCH64/DEBUG_GCC*/FV/QEMU_EFI.fd qemu-uefi-aarch64.bin
dd of="aavmf-aarch64-code.bin" if="/dev/zero" bs=1M count=64 cp Build/ArmVirtQemu-AARCH64/DEBUG_GCC*/FV/QEMU_EFI.fd aavmf-aarch64-code.bin
dd of="aavmf-aarch64-code.bin" if="qemu-uefi-aarch64.bin" conv=notrunc truncate -s 64M aavmf-aarch64-code.bin
dd of="aavmf-aarch64-vars.bin" if="/dev/zero" bs=1M count=64 cp Build/ArmVirtQemu-AARCH64/DEBUG_GCC*/FV/QEMU_VARS.fd aavmf-aarch64-vars.bin
truncate -s 64M aavmf-aarch64-vars.bin
# Copy Shell.efi and EnrollDefaultKeys.efi
mkdir AARCH64
cp Build/ArmVirtQemu-AARCH64/DEBUG_*/AARCH64/Shell.efi AARCH64
cp Build/ArmVirtQemu-AARCH64/DEBUG_*/AARCH64/EnrollDefaultKeys.efi AARCH64
# Remove the temporary build files to reduce the disk usage (bsc#1178244) # Remove the temporary build files to reduce the disk usage (bsc#1178244)
rm -rf Build/ArmVirtQemu-AARCH64/ rm -rf Build/ArmVirtQemu-AARCH64/
@ -450,9 +447,10 @@ export ${TOOL_CHAIN}_ARM_PREFIX="arm-suse-linux-gnueabi-"
build $BUILD_OPTIONS_AA32 build $BUILD_OPTIONS_AA32
cp Build/ArmVirtQemu-ARM/DEBUG_GCC*/FV/QEMU_EFI.fd qemu-uefi-aarch32.bin cp Build/ArmVirtQemu-ARM/DEBUG_GCC*/FV/QEMU_EFI.fd qemu-uefi-aarch32.bin
dd of="aavmf-aarch32-code.bin" if="/dev/zero" bs=1M count=64 cp Build/ArmVirtQemu-ARM/DEBUG_GCC*/FV/QEMU_EFI.fd aavmf-aarch32-code.bin
dd of="aavmf-aarch32-code.bin" if="qemu-uefi-aarch32.bin" conv=notrunc truncate -s 64M aavmf-aarch32-code.bin
dd of="aavmf-aarch32-vars.bin" if="/dev/zero" bs=1M count=64 cp Build/ArmVirtQemu-ARM/DEBUG_GCC*/FV/QEMU_VARS.fd aavmf-aarch32-vars.bin
truncate -s 64M aavmf-aarch32-vars.bin
# Remove the temporary build files to reduce the disk usage (bsc#1178244) # Remove the temporary build files to reduce the disk usage (bsc#1178244)
rm -rf Build/ArmVirtQemu-ARM/ rm -rf Build/ArmVirtQemu-ARM/
@ -466,10 +464,10 @@ export ${TOOL_CHAIN}_RISCV64_PREFIX="riscv64-suse-linux-"
# Build the UEFI image without keys # Build the UEFI image without keys
build $BUILD_OPTIONS_RV64 build $BUILD_OPTIONS_RV64
cp Build/RiscVVirtQemu/DEBUG_GCC*/FV/RISCV_VIRT.fd qemu-uefi-riscv64.bin cp Build/RiscVVirtQemu/DEBUG_GCC*/FV/RISCV_VIRT_CODE.fd ovmf-riscv64-code.bin
dd of="ovmf-riscv64-code.bin" if="/dev/zero" bs=1M count=32 truncate -s 32M ovmf-riscv64-code.bin
dd of="ovmf-riscv64-code.bin" if="qemu-uefi-riscv64.bin" conv=notrunc cp Build/RiscVVirtQemu/DEBUG_GCC*/FV/RISCV_VIRT_VARS.fd ovmf-riscv64-vars.bin
dd of="ovmf-riscv64-vars.bin" if="/dev/zero" bs=1M count=32 truncate -s 32M ovmf-riscv64-vars.bin
# Remove the temporary build files to reduce the disk usage (bsc#1178244) # Remove the temporary build files to reduce the disk usage (bsc#1178244)
rm -rf Build/RiscVVirtQemu/ rm -rf Build/RiscVVirtQemu/
@ -503,27 +501,13 @@ generate_sb_var_templates()
{ {
local ARCH=$1 local ARCH=$1
# Assign the key iso file
local MS_ISO_FILE=ms-keys-${ARCH}.iso
local NOMS_ISO_FILE=no-ms-keys-${ARCH}.iso
declare -A KEY_ISO_FILES
KEY_ISO_FILES=(
[ms]=$MS_ISO_FILE
[suse]=$NOMS_ISO_FILE
[opensuse]=$NOMS_ISO_FILE
[devel]=$NOMS_ISO_FILE
)
# Create the iso images
local GEN_ISO=%{SOURCE102}
local SHELL=${ARCH}/Shell.efi
local ENROLLER=${ARCH}/EnrollDefaultKeys.efi
$GEN_ISO $ARCH $SHELL $ENROLLER default $MS_ISO_FILE
$GEN_ISO $ARCH $SHELL $ENROLLER no-default $NOMS_ISO_FILE
# We only build the variable templates for X64 and AARCH64 # We only build the variable templates for X64 and AARCH64
if [ "$ARCH" == "X64" ]; then if [ "$ARCH" == "X64" ]; then
FLAVORS=${FLAVORS_X64[@]} FLAVORS=${FLAVORS_X64[@]}
# some flavors should NOT enroll default keys
for skip in ${FLAVORS_X64_SKIP_SB_KEY[@]}; do
FLAVORS=("${FLAVORS[@]/$skip}")
done
elif [ "$ARCH" == "AARCH64" ]; then elif [ "$ARCH" == "AARCH64" ]; then
FLAVORS=${FLAVORS_AA64[@]} FLAVORS=${FLAVORS_AA64[@]}
fi fi
@ -531,9 +515,15 @@ generate_sb_var_templates()
# Generate the varstore templates # Generate the varstore templates
for flavor in ${FLAVORS[@]}; do for flavor in ${FLAVORS[@]}; do
for key in ${KEY_SOURCES[@]}; do for key in ${KEY_SOURCES[@]}; do
build_template "$ARCH" "$flavor" "$key" \ ln "${flavor}-code.bin" "${flavor}-${key}-code.bin"
"${PKKEK[$key]}" "${KEY_ISO_FILES[$key]}" \
"separate" if [ "$key" == "ms" ]; then
virt-fw-vars --secure-boot --enroll-cert "${PKKEK[$key]}" -i "${flavor}-vars.bin" -o "${flavor}-${key}-vars.bin"
else
# GUID of EnrollDefaultKeys.efi, already used by virt-fw-vars for PK and KEK
virt-fw-vars --secure-boot --enroll-cert "${PKKEK[$key]}" -i "${flavor}-vars.bin" -o "${flavor}-${key}-vars.bin" \
--no-microsoft --microsoft-kek none --add-db a0baa8a3-041d-48a8-bc87-c36d121b5e3d "${PKKEK[$key]}"
fi
done done
done done
@ -542,9 +532,7 @@ generate_sb_var_templates()
# backward compatibility. (bsc#1159793) # backward compatibility. (bsc#1159793)
for flavor in ${FLAVORS[@]}; do for flavor in ${FLAVORS[@]}; do
for key in ${KEY_SOURCES[@]}; do for key in ${KEY_SOURCES[@]}; do
build_template "$ARCH" "$flavor" "$key" \ cat "${flavor}-${key}-vars.bin" "${flavor}-code.bin" > "${flavor}-${key}.bin"
"${PKKEK[$key]}" "${KEY_ISO_FILES[$key]}" \
"unified"
done done
done done
fi fi
@ -581,6 +569,7 @@ install -m 0644 -D qemu-uefi-*.bin -t %{buildroot}/%{_datadir}/qemu/
install -m 0644 -D aavmf-*.bin -t %{buildroot}/%{_datadir}/qemu/ install -m 0644 -D aavmf-*.bin -t %{buildroot}/%{_datadir}/qemu/
install -m 0644 -D descriptors/*.json \ install -m 0644 -D descriptors/*.json \
-t %{buildroot}/%{_datadir}/qemu/firmware -t %{buildroot}/%{_datadir}/qemu/firmware
%fdupes %{buildroot}/%{_datadir}/qemu/ %fdupes %{buildroot}/%{_datadir}/qemu/
%ifarch x86_64 %ifarch x86_64
@ -595,31 +584,12 @@ mv source/ovmf-x86_64* %{buildroot}%{_prefix}/src/debug
%fdupes -s %{buildroot}%{_prefix}/src/debug/ovmf-x86_64 %fdupes -s %{buildroot}%{_prefix}/src/debug/ovmf-x86_64
%endif %endif
# Install Secure Boot key enroller
mkdir -p %{buildroot}/%{_datadir}/ovmf/
install -m 0755 %{SOURCE102} %{buildroot}/%{_datadir}/ovmf/
%ifarch x86_64
install -m 0644 X64/*.efi %{buildroot}/%{_datadir}/ovmf/
%endif
%ifarch aarch64
install -m 0644 AARCH64/*.efi %{buildroot}/%{_datadir}/ovmf/
%endif
%ifarch riscv64
# Nothing there yet
#install -m 0644 RISCV64/*.efi %{buildroot}/%{_datadir}/ovmf/
%endif
%if %{without build_riscv64} %if %{without build_riscv64}
rm %{buildroot}%{_datadir}/qemu/firmware/*-riscv64*.json rm %{buildroot}%{_datadir}/qemu/firmware/*-riscv64*.json
%endif %endif
%files %files
%doc README %doc README
%dir %{_datadir}/ovmf/
%ifnarch riscv64
%{_datadir}/ovmf/*.efi
%endif
%{_datadir}/ovmf/*.sh
%files tools %files tools
%doc BaseTools/UserManuals/EfiRom_Utility_Man_Page.rtf %doc BaseTools/UserManuals/EfiRom_Utility_Man_Page.rtf
@ -670,7 +640,6 @@ rm %{buildroot}%{_datadir}/qemu/firmware/*-riscv64*.json
%files -n qemu-uefi-riscv64 %files -n qemu-uefi-riscv64
%license License.txt %license License.txt
%dir %{_datadir}/qemu/ %dir %{_datadir}/qemu/
%{_datadir}/qemu/qemu-uefi-riscv64.bin
%{_datadir}/qemu/ovmf-riscv64-code.bin %{_datadir}/qemu/ovmf-riscv64-code.bin
%{_datadir}/qemu/ovmf-riscv64-vars.bin %{_datadir}/qemu/ovmf-riscv64-vars.bin
%dir %{_datadir}/qemu/firmware %dir %{_datadir}/qemu/firmware