| 1 |
|
# Copyright 1999-2024 Gentoo Authors
|
|
1 |
# Copyright 1999-2025 Gentoo Authors
|
| 2 |
2 |
# Distributed under the terms of the GNU General Public License v2
|
| 3 |
3 |
|
| 4 |
4 |
EAPI=8
|
| 5 |
5 |
|
| 6 |
6 |
PYTHON_REQ_USE="sqlite"
|
| 7 |
|
PYTHON_COMPAT=( python3_{10..11} )
|
|
7 |
PYTHON_COMPAT=( python3_{12..13} )
|
| 8 |
8 |
|
| 9 |
|
inherit python-any-r1 readme.gentoo-r1 secureboot
|
|
9 |
inherit edo prefix python-any-r1 readme.gentoo-r1 secureboot toolchain-funcs
|
| 10 |
10 |
|
| 11 |
|
DESCRIPTION="UEFI firmware for 64-bit x86 virtual machines"
|
|
11 |
DESCRIPTION="TianoCore EDK II UEFI firmware for virtual machines"
|
| 12 |
12 |
HOMEPAGE="https://github.com/tianocore/edk2"
|
| 13 |
13 |
|
| 14 |
|
BUNDLED_OPENSSL_SUBMODULE_SHA="d82e959e621a3d597f1e0d50ff8c2d8b96915fd7"
|
|
14 |
DBXDATE="05092023" # MMDDYYYY
|
| 15 |
15 |
BUNDLED_BROTLI_SUBMODULE_SHA="f4153a09f87cbb9c826d8fc12c74642bb2d879ea"
|
|
16 |
BUNDLED_LIBFDT_SUBMODULE_SHA="cfff805481bdea27f900c32698171286542b8d3c"
|
|
17 |
BUNDLED_LIBSPDM_SUBMODULE_SHA="50924a4c8145fc721e17208f55814d2b38766fe6"
|
|
18 |
BUNDLED_MBEDTLS_SUBMODULE_SHA="8c89224991adff88d53cd380f42a2baa36f91454"
|
|
19 |
BUNDLED_MIPI_SYS_T_SUBMODULE_SHA="370b5944c046bab043dd8b133727b2135af7747a"
|
|
20 |
BUNDLED_OPENSSL_SUBMODULE_SHA="de90e54bbe82e5be4fb9608b6f5c308bb837d355"
|
|
21 |
|
|
22 |
SRC_URI="
|
|
23 |
https://github.com/tianocore/${PN}/archive/${PN}-stable${PV}.tar.gz
|
|
24 |
-> ${P}.tar.gz
|
|
25 |
https://github.com/google/brotli/archive/${BUNDLED_BROTLI_SUBMODULE_SHA}.tar.gz
|
|
26 |
-> brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}.tar.gz
|
|
27 |
https://github.com/DMTF/libspdm/archive/${BUNDLED_LIBSPDM_SUBMODULE_SHA}.tar.gz
|
|
28 |
-> libspdm-${BUNDLED_LIBSPDM_SUBMODULE_SHA}.tar.gz
|
|
29 |
https://github.com/Mbed-TLS/mbedtls/archive/${BUNDLED_MBEDTLS_SUBMODULE_SHA}.tar.gz
|
|
30 |
-> mbedtls-${BUNDLED_MBEDTLS_SUBMODULE_SHA}.tar.gz
|
|
31 |
https://github.com/MIPI-Alliance/public-mipi-sys-t/archive/${BUNDLED_MIPI_SYS_T_SUBMODULE_SHA}.tar.gz
|
|
32 |
-> mipi-sys-t-${BUNDLED_MIPI_SYS_T_SUBMODULE_SHA}.tar.gz
|
|
33 |
https://github.com/openssl/openssl/archive/${BUNDLED_OPENSSL_SUBMODULE_SHA}.tar.gz
|
|
34 |
-> openssl-${BUNDLED_OPENSSL_SUBMODULE_SHA}.tar.gz
|
|
35 |
|
|
36 |
amd64? (
|
|
37 |
https://uefi.org/sites/default/files/resources/x64_DBXUpdate_${DBXDATE}.bin
|
|
38 |
https://uefi.org/sites/default/files/resources/x64_DBXUpdate.bin -> x64_DBXUpdate_${DBXDATE}.bin
|
|
39 |
)
|
|
40 |
|
|
41 |
arm64? (
|
|
42 |
https://uefi.org/sites/default/files/resources/arm64_DBXUpdate_${DBXDATE}.bin
|
|
43 |
https://uefi.org/sites/default/files/resources/arm64_DBXUpdate.bin -> arm64_DBXUpdate_${DBXDATE}.bin
|
|
44 |
https://github.com/devicetree-org/pylibfdt/archive/${BUNDLED_LIBFDT_SUBMODULE_SHA}.tar.gz
|
|
45 |
-> pylibfdt-${BUNDLED_LIBFDT_SUBMODULE_SHA}.tar.gz
|
|
46 |
)
|
|
47 |
"
|
| 16 |
48 |
|
| 17 |
|
# TODO: talk with tamiko about unbundling (mva)
|
| 18 |
|
|
| 19 |
|
# TODO: the binary 202105 package currently lacks the preseeded
|
| 20 |
|
# OVMF_VARS.secboot.fd file (that we typically get from fedora)
|
| 21 |
|
|
| 22 |
|
SRC_URI="https://github.com/tianocore/edk2/archive/edk2-stable${PV}.tar.gz -> edk2-ovmf-${PV}.tar.gz
|
| 23 |
|
https://github.com/openssl/openssl/archive/${BUNDLED_OPENSSL_SUBMODULE_SHA}.tar.gz -> openssl-${BUNDLED_OPENSSL_SUBMODULE_SHA}.tar.gz
|
| 24 |
|
https://github.com/google/brotli/archive/${BUNDLED_BROTLI_SUBMODULE_SHA}.tar.gz -> brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}.tar.gz
|
| 25 |
|
https://dev.gentoo.org/~ajak/distfiles/edk2-ovmf-${PV}-qemu-firmware.tar.xz"
|
| 26 |
|
|
|
49 |
S="${WORKDIR}/${PN}-${PN}-stable${PV}"
|
| 27 |
50 |
LICENSE="BSD-2-with-patent MIT"
|
| 28 |
51 |
SLOT="0"
|
| 29 |
|
KEYWORDS="-* amd64"
|
|
52 |
KEYWORDS="-* amd64 arm64"
|
| 30 |
53 |
|
| 31 |
|
BDEPEND="app-emulation/qemu
|
| 32 |
|
>=dev-lang/nasm-2.0.7
|
| 33 |
|
sys-apps/which
|
|
54 |
BDEPEND="
|
|
55 |
${PYTHON_DEPS}
|
|
56 |
app-emulation/qemu
|
|
57 |
app-emulation/virt-firmware
|
| 34 |
58 |
>=sys-power/iasl-20160729
|
| 35 |
|
${PYTHON_DEPS}"
|
| 36 |
|
RDEPEND="!sys-firmware/edk2-bin"
|
|
59 |
amd64? ( >=dev-lang/nasm-2.0.7 )
|
|
60 |
"
|
|
61 |
|
|
62 |
RDEPEND="
|
|
63 |
!sys-firmware/edk2-bin
|
|
64 |
"
|
| 37 |
65 |
|
| 38 |
66 |
PATCHES=(
|
| 39 |
|
"${FILESDIR}/${PN}-202105-werror.patch"
|
| 40 |
|
"${FILESDIR}/${PN}-202202-lld-textrels.patch"
|
| 41 |
|
"${FILESDIR}/${PN}-202202-binutils-2.41-textrels.patch"
|
|
67 |
"${FILESDIR}/${PN}-202408-werror.patch"
|
|
68 |
"${FILESDIR}/${PN}-202408-binutils-2.41-textrels.patch"
|
| 42 |
69 |
)
|
| 43 |
70 |
|
| 44 |
|
S="${WORKDIR}/edk2-edk2-stable${PV}"
|
|
71 |
DISABLE_AUTOFORMATTING="true"
|
|
72 |
DIR="/usr/share/${PN}"
|
| 45 |
73 |
|
| 46 |
|
DISABLE_AUTOFORMATTING=true
|
| 47 |
|
DOC_CONTENTS="This package contains the tianocore edk2 UEFI firmware for 64-bit x86
|
| 48 |
|
virtual machines. The firmware is located under
|
| 49 |
|
/usr/share/edk2-ovmf/OVMF_CODE.fd
|
| 50 |
|
/usr/share/edk2-ovmf/OVMF_VARS.fd
|
| 51 |
|
/usr/share/edk2-ovmf/OVMF_CODE.secboot.fd
|
| 52 |
|
|
| 53 |
|
To use Secure Boot, you need to either populate the necessary EFI
|
| 54 |
|
variables by booting:
|
| 55 |
|
/usr/share/edk2-ovmf/UefiShell.img
|
| 56 |
|
or creating OVMF_VARS.secboot.fd by hand:
|
| 57 |
|
https://github.com/rhuefi/qemu-ovmf-secureboot
|
| 58 |
|
|
| 59 |
|
The firmware does not support csm (due to no free csm implementation
|
| 60 |
|
available). If you need a firmware with csm support you have to download
|
| 61 |
|
one for yourself. Firmware blobs are commonly labeled
|
| 62 |
|
OVMF{,_CODE,_VARS}-with-csm.fd
|
|
74 |
pkg_setup() {
|
|
75 |
python-any-r1_pkg_setup
|
|
76 |
secureboot_pkg_setup
|
| 63 |
77 |
|
| 64 |
|
In order to use the firmware you can run qemu the following way
|
|
78 |
local QEMU_ARCH ARCH_DIRS UNIT0 UNIT1 FMT
|
| 65 |
79 |
|
| 66 |
|
$ qemu-system-x86_64 \
|
| 67 |
|
-drive file=/usr/share/edk2-ovmf/OVMF.fd,if=pflash,format=raw,unit=0,readonly=on \
|
|
80 |
case "${ARCH}" in
|
|
81 |
amd64)
|
|
82 |
TARGET_ARCH="X64"
|
|
83 |
QEMU_ARCH="x86_64"
|
|
84 |
ARCH_DIRS="${DIR}/OvmfX64"
|
|
85 |
UNIT0="OVMF_CODE.fd"
|
|
86 |
UNIT1="OVMF_VARS.fd"
|
|
87 |
FMT="raw"
|
|
88 |
;;
|
|
89 |
arm64)
|
|
90 |
TARGET_ARCH="AARCH64"
|
|
91 |
QEMU_ARCH="aarch64"
|
|
92 |
ARCH_DIRS="${DIR}/ArmVirtQemu-AARCH64"
|
|
93 |
UNIT0="QEMU_EFI.qcow2"
|
|
94 |
UNIT1="QEMU_VARS.qcow2"
|
|
95 |
FMT="qcow2"
|
|
96 |
;;
|
|
97 |
esac
|
|
98 |
|
|
99 |
DOC_CONTENTS="This package includes the TianoCore EDK II UEFI firmware for ${QEMU_ARCH}
|
|
100 |
virtual machines. The firmware is located under ${ARCH_DIRS}.
|
|
101 |
|
|
102 |
In order to use the firmware, you can run QEMU like so:
|
|
103 |
|
|
104 |
$ qemu-system-${QEMU_ARCH} \\
|
|
105 |
-drive file=${EPREFIX}${ARCH_DIRS%% *}/${UNIT0},if=pflash,format=${FMT},unit=0,readonly=on \\
|
|
106 |
-drive file=/path/to/the/copy/of/${UNIT1},if=pflash,format=${FMT},unit=1 \\
|
| 68 |
107 |
..."
|
| 69 |
108 |
|
| 70 |
|
pkg_setup() {
|
| 71 |
|
python-any-r1_pkg_setup
|
| 72 |
|
secureboot_pkg_setup
|
|
109 |
case "${ARCH}" in
|
|
110 |
amd64) DOC_CONTENTS+="
|
|
111 |
|
|
112 |
The firmware does not support CSM due to the lack of a free
|
|
113 |
implementation. If you need a firmware with CSM support, you have to
|
|
114 |
download one for yourself. Firmware blobs are commonly labelled:
|
|
115 |
|
|
116 |
OVMF_CODE-with-csm.fd
|
|
117 |
OVMF_VARS-with-csm.fd"
|
|
118 |
;;
|
|
119 |
arm64) DOC_CONTENTS+="
|
|
120 |
|
|
121 |
WARNING! QEMU_EFI.secboot_INSECURE.qcow2 does have Secure Boot
|
|
122 |
enabled, but it must not be used in production. The lack of an SMM
|
|
123 |
implementation for arm64 in this firmware means that the EFI
|
|
124 |
variable store is unprotected, making the firmware unsafe."
|
|
125 |
;;
|
|
126 |
esac
|
|
127 |
}
|
|
128 |
|
|
129 |
link_mod() {
|
|
130 |
rmdir "$2" && ln -sfT "$1" "$2" || die "linking ${2##*/} failed"
|
| 73 |
131 |
}
|
| 74 |
132 |
|
| 75 |
133 |
src_prepare() {
|
| 76 |
134 |
# Bundled submodules
|
| 77 |
|
cp -rl "${WORKDIR}/openssl-${BUNDLED_OPENSSL_SUBMODULE_SHA}"/* "CryptoPkg/Library/OpensslLib/openssl/"
|
| 78 |
|
cp -rl "${WORKDIR}/brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}"/* "BaseTools/Source/C/BrotliCompress/brotli/"
|
| 79 |
|
cp -rl "${WORKDIR}/brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}"/* "MdeModulePkg/Library/BrotliCustomDecompressLib/brotli/"
|
| 80 |
|
|
| 81 |
|
sed -i -r \
|
| 82 |
|
-e "/function SetupPython3/,/\}/{s,\\\$\(whereis python3\),${EPYTHON},g}" \
|
| 83 |
|
"${S}"/edksetup.sh || die "Fixing for correct Python3 support failed"
|
|
135 |
link_mod "${WORKDIR}/brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}" \
|
|
136 |
BaseTools/Source/C/BrotliCompress/brotli
|
|
137 |
link_mod "${WORKDIR}/brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}" \
|
|
138 |
MdeModulePkg/Library/BrotliCustomDecompressLib/brotli
|
|
139 |
link_mod "${WORKDIR}/libspdm-${BUNDLED_LIBSPDM_SUBMODULE_SHA}" \
|
|
140 |
SecurityPkg/DeviceSecurity/SpdmLib/libspdm
|
|
141 |
link_mod "${WORKDIR}/mbedtls-${BUNDLED_MBEDTLS_SUBMODULE_SHA}" \
|
|
142 |
CryptoPkg/Library/MbedTlsLib/mbedtls
|
|
143 |
link_mod "${WORKDIR}/public-mipi-sys-t-${BUNDLED_MIPI_SYS_T_SUBMODULE_SHA}" \
|
|
144 |
MdePkg/Library/MipiSysTLib/mipisyst
|
|
145 |
link_mod "${WORKDIR}/openssl-${BUNDLED_OPENSSL_SUBMODULE_SHA}" \
|
|
146 |
CryptoPkg/Library/OpensslLib/openssl
|
|
147 |
|
|
148 |
use arm64 &&
|
|
149 |
link_mod "${WORKDIR}/pylibfdt-${BUNDLED_LIBFDT_SUBMODULE_SHA}" \
|
|
150 |
MdePkg/Library/BaseFdtLib/libfdt
|
| 84 |
151 |
|
| 85 |
152 |
default
|
| 86 |
|
}
|
| 87 |
153 |
|
| 88 |
|
src_compile() {
|
| 89 |
|
TARGET_ARCH=X64
|
| 90 |
|
TARGET_NAME=RELEASE
|
| 91 |
|
TARGET_TOOLS=GCC49
|
|
154 |
# Fix descriptor paths for prefix.
|
|
155 |
hprefixify "${FILESDIR}"/descriptors/*.json
|
|
156 |
}
|
| 92 |
157 |
|
| 93 |
|
BUILD_FLAGS="-D TLS_ENABLE \
|
| 94 |
|
-D HTTP_BOOT_ENABLE \
|
|
158 |
mybuild() {
|
|
159 |
edo build \
|
|
160 |
-t "${TOOLCHAIN}" \
|
|
161 |
-b "${BUILD_TARGET}" \
|
|
162 |
-D NETWORK_HTTP_BOOT_ENABLE \
|
| 95 |
163 |
-D NETWORK_IP6_ENABLE \
|
| 96 |
|
-D TPM_ENABLE \
|
| 97 |
|
-D TPM2_ENABLE -D TPM2_CONFIG_ENABLE \
|
| 98 |
|
-D FD_SIZE_2MB"
|
| 99 |
|
|
| 100 |
|
SECUREBOOT_BUILD_FLAGS="${BUILD_FLAGS} \
|
| 101 |
|
-D SECURE_BOOT_ENABLE \
|
| 102 |
|
-D SMM_REQUIRE \
|
| 103 |
|
-D EXCLUDE_SHELL_FROM_FD"
|
| 104 |
|
|
| 105 |
|
export LDFLAGS="-z notext"
|
| 106 |
|
export EXTRA_LDFLAGS="-z notext"
|
| 107 |
|
export DLINK_FLAGS="-z notext"
|
| 108 |
|
|
| 109 |
|
emake ARCH=${TARGET_ARCH} -C BaseTools
|
| 110 |
|
|
| 111 |
|
. ./edksetup.sh
|
| 112 |
|
|
| 113 |
|
# Build all EFI firmware blobs:
|
| 114 |
|
|
| 115 |
|
mkdir -p ovmf
|
|
164 |
-D NETWORK_TLS_ENABLE \
|
|
165 |
-D TPM1_ENABLE \
|
|
166 |
-D TPM2_ENABLE \
|
|
167 |
-D TPM2_CONFIG_ENABLE \
|
|
168 |
"${BUILD_ARGS[@]}" \
|
|
169 |
"${@}"
|
|
170 |
}
|
| 116 |
171 |
|
| 117 |
|
./OvmfPkg/build.sh \
|
| 118 |
|
-a "${TARGET_ARCH}" -b "${TARGET_NAME}" -t "${TARGET_TOOLS}" \
|
| 119 |
|
${BUILD_FLAGS} || die "OvmfPkg/build.sh failed"
|
|
172 |
# Add the MS and Red Hat Secure Boot certificates and update the revocation list
|
|
173 |
# for the given architecture in the given raw variables image.
|
|
174 |
mk_fw_vars() {
|
|
175 |
edo virt-fw-vars \
|
|
176 |
--set-dbx "${DISTDIR}/$1_DBXUpdate_${DBXDATE}.bin" \
|
|
177 |
--secure-boot --enroll-redhat --inplace "$2"
|
|
178 |
}
|
| 120 |
179 |
|
| 121 |
|
cp Build/OvmfX64/*/FV/OVMF_*.fd ovmf/
|
| 122 |
|
rm -rf Build/OvmfX64
|
|
180 |
# Convert the given images from raw to QCOW2 and resize them to the amount given
|
|
181 |
# as the first argument. Specify 0 to not resize.
|
|
182 |
raw_to_qcow2() {
|
|
183 |
local SIZE=$1 RAW
|
|
184 |
shift
|
|
185 |
|
|
186 |
for RAW in "${@}"; do
|
|
187 |
edo qemu-img convert -f raw -O qcow2 -o cluster_size=4096 -S 4096 "${RAW}" "${RAW%.fd}.qcow2"
|
|
188 |
[[ ${SIZE} != 0 ]] && edo qemu-img resize -f qcow2 "${RAW%.fd}.qcow2" "${SIZE}"
|
|
189 |
rm "${RAW}" || die
|
|
190 |
done
|
|
191 |
}
|
| 123 |
192 |
|
| 124 |
|
./OvmfPkg/build.sh \
|
| 125 |
|
-a "${TARGET_ARCH}" -b "${TARGET_NAME}" -t "${TARGET_TOOLS}" \
|
| 126 |
|
${SECUREBOOT_BUILD_FLAGS} || die "OvmfPkg/build.sh failed"
|
|
193 |
src_compile() {
|
|
194 |
TOOLCHAIN="GCC5"
|
|
195 |
BUILD_TARGET="RELEASE"
|
|
196 |
BUILD_DIR="${BUILD_TARGET}_${TOOLCHAIN}"
|
|
197 |
BUILD_ARGS=()
|
|
198 |
|
|
199 |
tc-export_build_env
|
|
200 |
emake -C BaseTools \
|
|
201 |
CC="$(tc-getBUILD_CC)" \
|
|
202 |
CXX="$(tc-getBUILD_CXX)" \
|
|
203 |
EXTRA_OPTFLAGS="${BUILD_CFLAGS}" \
|
|
204 |
EXTRA_LDFLAGS="${BUILD_LDFLAGS}"
|
|
205 |
|
|
206 |
export \
|
|
207 |
"${TOOLCHAIN}_${TARGET_ARCH}_PREFIX=${CHOST}-" \
|
|
208 |
"${TOOLCHAIN}_BIN=${CHOST}-"
|
| 127 |
209 |
|
| 128 |
|
cp Build/OvmfX64/*/FV/OVMF_CODE.fd ovmf/OVMF_CODE.secboot.fd || die "cp failed"
|
| 129 |
|
cp Build/OvmfX64/*/X64/Shell.efi ovmf/ || die "cp failed"
|
| 130 |
|
cp Build/OvmfX64/*/X64/EnrollDefaultKeys.efi ovmf || die "cp failed"
|
|
210 |
. ./edksetup.sh
|
| 131 |
211 |
|
| 132 |
|
# Build a convenience UefiShell.img:
|
|
212 |
# DO NOT enable the shell with Secure Boot as it can be used as a bypass!
|
| 133 |
213 |
|
| 134 |
|
mkdir -p iso_image/efi/boot || die "mkdir failed"
|
| 135 |
|
cp ovmf/Shell.efi iso_image/efi/boot/bootx64.efi || die "cp failed"
|
| 136 |
|
cp ovmf/EnrollDefaultKeys.efi iso_image || die "cp failed"
|
| 137 |
|
qemu-img convert --image-opts \
|
| 138 |
|
driver=vvfat,floppy=on,fat-type=12,label=UEFI_SHELL,dir=iso_image \
|
| 139 |
|
ovmf/UefiShell.img || die "qemu-img failed"
|
|
214 |
case "${ARCH}" in
|
|
215 |
amd64)
|
|
216 |
local SIZE
|
|
217 |
for SIZE in _2M _4M; do
|
|
218 |
mybuild -a X64 -p OvmfPkg/OvmfPkgX64.dsc \
|
|
219 |
-D FD_SIZE${SIZE}B \
|
|
220 |
-D BUILD_SHELL=FALSE \
|
|
221 |
-D SECURE_BOOT_ENABLE \
|
|
222 |
-D SMM_REQUIRE
|
|
223 |
|
|
224 |
mv -T Build/OvmfX64 Build/OvmfX64${SIZE}.secboot || die
|
|
225 |
|
|
226 |
mybuild -a X64 -p OvmfPkg/OvmfPkgX64.dsc \
|
|
227 |
-D FD_SIZE${SIZE}B
|
|
228 |
|
|
229 |
mv -T Build/OvmfX64 Build/OvmfX64${SIZE} || die
|
|
230 |
|
|
231 |
mk_fw_vars x64 Build/OvmfX64${SIZE}.secboot/"${BUILD_DIR}"/FV/OVMF_VARS.fd
|
|
232 |
done
|
|
233 |
|
|
234 |
# Fedora only converts newer images to QCOW2. 2MB images are raw.
|
|
235 |
raw_to_qcow2 0 Build/OvmfX64_4M*/"${BUILD_DIR}"/FV/OVMF_{CODE,VARS}.fd
|
|
236 |
;;
|
|
237 |
arm64)
|
|
238 |
BUILD_ARGS+=(
|
|
239 |
# grub.efi uses EfiLoaderData for code
|
|
240 |
--pcd PcdDxeNxMemoryProtectionPolicy=0xC000000000007FD1
|
|
241 |
# shim.efi has broken MemAttr code
|
|
242 |
--pcd PcdUninstallMemAttrProtocol=TRUE
|
|
243 |
)
|
|
244 |
|
|
245 |
mybuild -a AARCH64 -p ArmVirtPkg/ArmVirtQemu.dsc \
|
|
246 |
-D BUILD_SHELL=FALSE \
|
|
247 |
-D SECURE_BOOT_ENABLE
|
|
248 |
|
|
249 |
mv -T Build/ArmVirtQemu-AARCH64 Build/ArmVirtQemu-AARCH64.secboot_INSECURE || die
|
|
250 |
|
|
251 |
mybuild -a AARCH64 -p ArmVirtPkg/ArmVirtQemu.dsc
|
|
252 |
|
|
253 |
mk_fw_vars arm64 Build/ArmVirtQemu-AARCH64.secboot_INSECURE/"${BUILD_DIR}"/FV/QEMU_VARS.fd
|
|
254 |
raw_to_qcow2 64m Build/ArmVirtQemu-AARCH64*/"${BUILD_DIR}"/FV/QEMU_{EFI,VARS}.fd
|
|
255 |
;;
|
|
256 |
esac
|
| 140 |
257 |
}
|
| 141 |
258 |
|
| 142 |
259 |
src_install() {
|
| 143 |
|
insinto /usr/share/edk2-ovmf
|
| 144 |
|
doins ovmf/*
|
|
260 |
local SIZE TYPE FMT
|
|
261 |
|
|
262 |
case "${ARCH}" in
|
|
263 |
amd64)
|
|
264 |
insinto ${DIR}/OvmfX64
|
|
265 |
doins Build/OvmfX64_2M/"${BUILD_DIR}"/X64/Shell.efi
|
|
266 |
|
|
267 |
for SIZE in _2M _4M; do
|
|
268 |
for TYPE in "" .secboot; do
|
|
269 |
[[ ${SIZE} = _4M ]] && FMT=qcow2 || FMT=fd
|
|
270 |
newins Build/OvmfX64${SIZE}${TYPE}/"${BUILD_DIR}"/FV/OVMF_CODE.${FMT} OVMF_CODE${SIZE#_2M}${TYPE}.${FMT}
|
|
271 |
newins Build/OvmfX64${SIZE}${TYPE}/"${BUILD_DIR}"/FV/OVMF_VARS.${FMT} OVMF_VARS${SIZE#_2M}${TYPE}.${FMT}
|
|
272 |
done
|
|
273 |
done
|
|
274 |
|
|
275 |
# Compatibility with older package versions.
|
|
276 |
dosym ${PN}/OvmfX64 /usr/share/edk2-ovmf
|
|
277 |
;;
|
|
278 |
arm64)
|
|
279 |
insinto ${DIR}/ArmVirtQemu-AARCH64
|
|
280 |
|
|
281 |
for TYPE in "" .secboot_INSECURE; do
|
|
282 |
newins Build/ArmVirtQemu-AARCH64${TYPE}/"${BUILD_DIR}"/FV/QEMU_EFI.qcow2 QEMU_EFI${TYPE}.qcow2
|
|
283 |
newins Build/ArmVirtQemu-AARCH64${TYPE}/"${BUILD_DIR}"/FV/QEMU_VARS.qcow2 QEMU_VARS${TYPE}.qcow2
|
|
284 |
done
|
|
285 |
;;
|
|
286 |
esac
|
| 145 |
287 |
|
| 146 |
288 |
insinto /usr/share/qemu/firmware
|
| 147 |
|
doins qemu/*
|
| 148 |
|
rm "${ED}"/usr/share/qemu/firmware/40-edk2-ovmf-x64-sb-enrolled.json || die "rm failed"
|
|
289 |
doins "${FILESDIR}"/descriptors/*"${TARGET_ARCH,,}"*.json
|
| 149 |
290 |
|
| 150 |
291 |
secureboot_auto_sign --in-place
|
| 151 |
|
|
| 152 |
292 |
readme.gentoo_create_doc
|
| 153 |
293 |
}
|
| 154 |
294 |
|
|
295 |
pkg_preinst() {
|
|
296 |
local OLD=${EROOT}/usr/share/edk2-ovmf NEW=${EROOT}/${DIR}/OvmfX64
|
|
297 |
if [[ -d ${OLD} && ! -L ${OLD} ]]; then
|
|
298 |
{
|
|
299 |
rm -vf "${OLD}"/{OVMF_{CODE,CODE.secboot,VARS}.fd,EnrollDefaultKeys.efi,Shell.efi,UefiShell.img} &&
|
|
300 |
mkdir -p "${NEW}" &&
|
|
301 |
find "${OLD}" -mindepth 1 -maxdepth 1 -execdir mv --update=none-fail -vt "${NEW}"/ {} + &&
|
|
302 |
rmdir "${OLD}"
|
|
303 |
} || die "unable to replace old directory with compatibility symlink"
|
|
304 |
fi
|
|
305 |
}
|
|
306 |
|
| 155 |
307 |
pkg_postinst() {
|
| 156 |
308 |
readme.gentoo_print_elog
|
| 157 |
309 |
}
|
