Skip to content

Instantly share code, notes, and snippets.

@Trumeet

Trumeet/50-edk2-ovmf-csm-i386-secure.json

Created August 25, 2021 02:02
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save Trumeet/0f80542986ae282fe1305c2e6f61c30c to your computer and use it in GitHub Desktop.
Save Trumeet/0f80542986ae282fe1305c2e6f61c30c to your computer and use it in GitHub Desktop.
Download ZIP
edk2-ovmf-csm
Raw
50-edk2-ovmf-csm-i386-secure.json
{
"description": "UEFI firmware for i386, with Secure Boot and SMM",
"interface-types": [
"uefi"
],
"mapping": {
"device": "flash",
"executable": {
"filename": "/usr/share/edk2-ovmf-csm/ia32/OVMF_CODE.secboot.fd",
"format": "raw"
},
"nvram-template": {
"filename": "/usr/share/edk2-ovmf-csm/ia32/OVMF_VARS.fd",
"format": "raw"
}
},
"targets": [
{
"architecture": "i386",
"machines": [
"pc-q35-*"
]
}
],
"features": [
"acpi-s3",
"requires-smm",
"secure-boot",
"verbose-dynamic"
],
"tags": [
]
}
Raw
50-edk2-ovmf-csm-x86_64-secure.json
{
"description": "UEFI firmware for x86_64, with Secure Boot and SMM",
"interface-types": [
"uefi"
],
"mapping": {
"device": "flash",
"executable": {
"filename": "/usr/share/edk2-ovmf-csm/x64/OVMF_CODE.secboot.fd",
"format": "raw"
},
"nvram-template": {
"filename": "/usr/share/edk2-ovmf-csm/x64/OVMF_VARS.fd",
"format": "raw"
}
},
"targets": [
{
"architecture": "x86_64",
"machines": [
"pc-q35-*"
]
}
],
"features": [
"acpi-s3",
"amd-sev",
"requires-smm",
"secure-boot",
"verbose-dynamic"
],
"tags": [
]
}
Raw
60-edk2-ovmf-csm-i386.json
{
"description": "UEFI firmware for x86_64, with Secure Boot and SMM",
"interface-types": [
"uefi"
],
"mapping": {
"device": "flash",
"executable": {
"filename": "/usr/share/edk2-ovmf-csm/x64/OVMF_CODE.secboot.fd",
"format": "raw"
},
"nvram-template": {
"filename": "/usr/share/edk2-ovmf-csm/x64/OVMF_VARS.fd",
"format": "raw"
}
},
"targets": [
{
"architecture": "x86_64",
"machines": [
"pc-q35-*"
]
}
],
"features": [
"acpi-s3",
"amd-sev",
"requires-smm",
"secure-boot",
"verbose-dynamic"
],
"tags": [
]
}
Raw
60-edk2-ovmf-csm-x86_64.json
{
"description": "UEFI firmware for x86_64",
"interface-types": [
"uefi"
],
"mapping": {
"device": "flash",
"executable": {
"filename": "/usr/share/edk2-ovmf-csm/x64/OVMF_CODE.fd",
"format": "raw"
},
"nvram-template": {
"filename": "/usr/share/edk2-ovmf-csm/x64/OVMF_VARS.fd",
"format": "raw"
}
},
"targets": [
{
"architecture": "x86_64",
"machines": [
"pc-i440fx-*",
"pc-q35-*"
]
}
],
"features": [
"acpi-s3",
"amd-sev",
"verbose-dynamic"
],
"tags": [
]
}
Raw
edk2-202102-brotli-1.0.9.patch
diff -ruN a/BaseTools/Source/C/BrotliCompress/GNUmakefile b/BaseTools/Source/C/BrotliCompress/GNUmakefile
--- a/BaseTools/Source/C/BrotliCompress/GNUmakefile 2021-03-02 06:11:55.000000000 +0100
+++ b/BaseTools/Source/C/BrotliCompress/GNUmakefile 2021-03-11 20:20:04.856571461 +0100
@@ -10,7 +10,10 @@
OBJECTS = \
BrotliCompress.o \
+ brotli/c/common/constants.o \
+ brotli/c/common/context.o \
brotli/c/common/dictionary.o \
+ brotli/c/common/platform.o \
brotli/c/common/transform.o \
brotli/c/dec/bit_reader.o \
brotli/c/dec/decode.o \
@@ -22,12 +25,14 @@
brotli/c/enc/block_splitter.o \
brotli/c/enc/brotli_bit_stream.o \
brotli/c/enc/cluster.o \
+ brotli/c/enc/command.o \
brotli/c/enc/compress_fragment.o \
brotli/c/enc/compress_fragment_two_pass.o \
brotli/c/enc/dictionary_hash.o \
brotli/c/enc/encode.o \
brotli/c/enc/encoder_dict.o \
brotli/c/enc/entropy_encode.o \
+ brotli/c/enc/fast_log.o \
brotli/c/enc/histogram.o \
brotli/c/enc/literal_cost.o \
brotli/c/enc/memory.o \
Raw
edk2-ovmf-csm.install
post_install() {
# note for users of ovmf
if [ "$(vercmp "$1" '202002-9')" -le 0 ]; then
echo -e "The firmware location has changed to /usr/share/edk2-ovmf/. Symlinks are provided for backwards compatibility.\nNOTE: To update the paths run 'virsh edit' on virtual machines that use OVMF."
fi
}
Raw
PKGBUILD
# Maintainer: David Runge <dvzrv@archlinux.org>
_brotli_ver=1.0.9
_openssl_ver=1.1.1k
pkgdesc="Firmware for Virtual Machines (x86_64, i686) with CSM support"
provides=('ovmf')
conflicts=('ovmf' 'edk2-ovmf')
replaces=('ovmf')
license+=('MIT')
pkgname=edk2-ovmf-csm
install="${pkgname}.install"
pkgbase=edk2
pkgver=202105
pkgrel=1
pkgdesc="Modern, feature-rich firmware development environment for the UEFI specifications"
arch=('any')
url="https://github.com/tianocore/edk2"
license=('BSD')
makedepends=('aarch64-linux-gnu-gcc' 'acpica' 'git' 'iasl' 'util-linux-libs' 'nasm' 'python')
options=(!makeflags)
source=("$pkgbase-$pkgver.tar.gz::https://github.com/tianocore/${pkgbase}/archive/${pkgbase}-stable${pkgver}.tar.gz"
"https://www.openssl.org/source/openssl-${_openssl_ver}.tar.gz"{,.asc}
"brotli-${_brotli_ver}.tar.gz::https://github.com/google/brotli/archive/v${_brotli_ver}.tar.gz"
"${pkgbase}-202102-brotli-1.0.9.patch"
"50-edk2-ovmf-csm-i386-secure.json"
"50-edk2-ovmf-csm-x86_64-secure.json"
"60-edk2-ovmf-csm-i386.json"
"60-edk2-ovmf-csm-x86_64.json"
"seabios::git+https://git.seabios.org/seabios.git"
"seabios_config")
sha512sums=('c263345cbb243c63985f974a61f37c577a139d6a7099d2b8c9e1a553e5ebf16de12fb711b72624081c6bf637f8084bbf71731ab99e5747d81da460388ac25791'
'73cd042d4056585e5a9dd7ab68e7c7310a3a4c783eafa07ab0b560e7462b924e4376436a6d38a155c687f6942a881cfc0c1b9394afcde1d8c46bf396e7d51121'
'SKIP'
'b8e2df955e8796ac1f022eb4ebad29532cb7e3aa6a4b6aee91dbd2c7d637eee84d9a144d3e878895bb5e62800875c2c01c8f737a1261020c54feacf9f676b5f5'
'fe0fd592d4b436a35a49a74ad5dd989311b297b9abacb13ed8d4da0986169c91ffbc34cef0f2d52bf40c833d252f6e65311ab0e4e4ca6798390febfb9a787a4a'
'f8246b0a3195b8f9142a91492299b1b38101ca3168a93e197dac5a8f5843e0d366fa36cbcdc41c22f4cf07e745437cbd82e3c31f4ac816915e2a4e787cd5ac32'
'1e1e0c1bf1016ff7009d25dccf13350df61f329622a0d887f230e6e3aec31956d31cf956026d857e42e74a820cc43ed610e90865cc51d50253db1ac4f46dbf30'
'dfbce347dd12647eedd3541a95197590090be147ef01acd20f281a952d708ce5f7f4b4718ace82534d34d3998eaa7d4becce8569f2603f14cf124dd51ca852db'
'33fbab51b7ca349fc6fbdd6bef76c17b8c3f15d8bdaec3b6788db7672b465c75647993565e7aad0db033aca6a024f1f2377c195ce377a7dce2485347898f7533'
'SKIP'
'9714dd532a5ff4daca691a9cb4ec0cfe90948ae36ac0227998de0734835a707f7e40cb064f7fb5256afc98ff06e6d9b287fc2b760f82b17e5f3828f916bf676f')
b2sums=('3ec01d467562380ca2fd3bd807d2f6c55e4637c1afd71533f8f5b22cc634dc4c8cb63dab921677f8b315d17b3c9d0b6b00a0e2f3f8da61107033e9e81bf5a64d'
'e9bd90f17bc819c4960d07bbee04346e8a7adb87a764a09d033ef76f1d638c67b180c4f2beb84ec25fbff54ccc9c14c13b9b16a27cac231a5dd22b02635d5cec'
'SKIP'
'8b9939d5224396ef33b43e019250ba4bc8949903583615e8dc02c85340fc0a1e2d1632161e00b0ee7355d77f05529ac772f482e05d2089afd71a0bf71e803904'
'eb549f711aa31b0a46f3e9b74076e52e0e1734045c227f410016c6de46a3b7b2959287d49b5ef853236c57fa3b3143b1da31fd9ef6fd592ba22ba9af15941a76'
'dcea93c17804c42a2038ee9401de4ff4029521d65bcac313a5e241eff28fa6cc7b7c2d6ac12f314cadae67917ebe87b10465ea60c3525c194a4f3bc9bd726f2a'
'daa33e391010ca0594b2a634027e8d730d5d69743c5f51bc94b26670548466dfc4423c65d3d1ce1cb86e909205c3d867658cd6bf00f1e556acf41b71996ef590'
'19da35840614dba852bee0fa06bf448602fa72c0390bd9f81381016ad65b914f1790fe00ea568b4a06c8340fb7faa30740ede9df3b4faade405536b35d3d472b'
'58c3da3b489f2b1391911417dacc362e23c9928d871878381152ad9d6e861934cf8309e93e29c4374d33aabb0d1b08fe9d6f31f0167d374cc612d3d76d5c8044'
'SKIP'
'9c9670726f837bba5f48e59eb7d8d82634649c2d599da15ec6f0751c33546aebbcd133aada9e99037f551a0ca7f85429d3a09c3a68626c284e2a77e4775d5aff')
validpgpkeys=('8657ABB260F056B1E5190839D9C4D26D0E604491') # Matt Caswell <matt@openssl.org>
_arch_list=('IA32' 'X64')
_build_type='RELEASE'
_build_plugin='GCC5'
prepare() {
mv -v "$pkgbase-$pkgbase-stable$pkgver" "$pkgbase-$pkgver"
cd "$pkgbase-$pkgver"
# patch to be able to use brotli 1.0.9
patch -Np1 -i "../${pkgbase}-202102-brotli-1.0.9.patch"
# NOTE: patching brotli itself is not necessary (extra/brotli cherry-picks a patch for the pkgconfig integration)
# symlinking openssl into place
rm -rfv CryptoPkg/Library/OpensslLib/openssl
ln -sfv "${srcdir}/openssl-$_openssl_ver" CryptoPkg/Library/OpensslLib/openssl
# symlinking brotli into place
rm -rfv BaseTools/Source/C/BrotliCompress/brotli MdeModulePkg/Library/BrotliCustomDecompressLib/brotli
ln -sfv "${srcdir}/brotli-${_brotli_ver}" BaseTools/Source/C/BrotliCompress/brotli
ln -sfv "${srcdir}/brotli-${_brotli_ver}" MdeModulePkg/Library/BrotliCustomDecompressLib/brotli
# -Werror, not even once
sed -e 's/ -Werror//g' \
-i BaseTools/Conf/*.template BaseTools/Source/C/Makefiles/*.makefile
}
build() {
echo "Building SeaBios"
cd $srcdir/seabios
cp ../seabios_config ./.config
make
cp out/Csm16.bin ../edk2-$pkgver/OvmfPkg/Csm/Csm16
pwd
cd "../$pkgbase-$pkgver"
export GCC5_IA32_PREFIX="x86_64-linux-gnu-"
export GCC5_X64_PREFIX="x86_64-linux-gnu-"
local _arch
echo "Building base tools"
make -C BaseTools
. edksetup.sh
for _arch in ${_arch_list[@]}; do
if [[ "${_arch}" == 'IA32' ]]; then
echo "Building ovmf (${_arch}) with secure boot"
OvmfPkg/build.sh -p OvmfPkg/OvmfPkgIa32.dsc \
-a "${_arch}" \
-b "${_build_type}" \
-n "$(nproc)" \
-t "${_build_plugin}" \
-D LOAD_X64_ON_IA32_ENABLE \
-D NETWORK_IP6_ENABLE \
-D TPM_ENABLE \
-D HTTP_BOOT_ENABLE \
-D TLS_ENABLE \
-D FD_SIZE_2MB \
-D SECURE_BOOT_ENABLE \
-D SMM_REQUIRE \
-D EXCLUDE_SHELL_FROM_FD \
-D CSM_ENABLE
mv -v Build/Ovmf{Ia32,IA32-secure}
echo "Building ovmf (${_arch}) without secure boot"
OvmfPkg/build.sh -p OvmfPkg/OvmfPkgIa32.dsc \
-a "${_arch}" \
-b "${_build_type}" \
-n "$(nproc)" \
-t "${_build_plugin}" \
-D LOAD_X64_ON_IA32_ENABLE \
-D NETWORK_IP6_ENABLE \
-D TPM_ENABLE \
-D HTTP_BOOT_ENABLE \
-D TLS_ENABLE \
-D FD_SIZE_2MB \
-D CSM_ENABLE
mv -v Build/Ovmf{Ia32,IA32}
fi
if [[ "${_arch}" == 'X64' ]]; then
echo "Building ovmf (${_arch}) with secure boot"
OvmfPkg/build.sh -p "OvmfPkg/OvmfPkg${_arch}.dsc" \
-a "${_arch}" \
-b "${_build_type}" \
-n "$(nproc)" \
-t "${_build_plugin}" \
-D NETWORK_IP6_ENABLE \
-D TPM_ENABLE \
-D FD_SIZE_2MB \
-D TLS_ENABLE \
-D HTTP_BOOT_ENABLE \
-D SECURE_BOOT_ENABLE \
-D SMM_REQUIRE \
-D EXCLUDE_SHELL_FROM_FD \
-D CSM_ENABLE
mv -v Build/OvmfX64{,-secure}
echo "Building ovmf (${_arch}) without secure boot"
OvmfPkg/build.sh -p "OvmfPkg/OvmfPkg${_arch}.dsc" \
-a "${_arch}" \
-b "${_build_type}" \
-n "$(nproc)" \
-t "${_build_plugin}" \
-D NETWORK_IP6_ENABLE \
-D TPM_ENABLE \
-D FD_SIZE_2MB \
-D TLS_ENABLE \
-D HTTP_BOOT_ENABLE \
-D CSM_ENABLE
fi
done
}
package() {
cd "$pkgbase-$pkgver"
local _arch
# installing the various firmwares
for _arch in ${_arch_list[@]}; do
# installing OVMF.fd for xen: https://bugs.archlinux.org/task/58635
install -vDm 644 "Build/Ovmf${_arch}/${_build_type}_${_build_plugin}/FV/OVMF.fd" \
-t "${pkgdir}/usr/share/${pkgname}/${_arch,,}"
install -vDm 644 "Build/Ovmf${_arch}/${_build_type}_${_build_plugin}/FV/OVMF_CODE.fd" \
-t "${pkgdir}/usr/share/${pkgname}/${_arch,,}"
install -vDm 644 "Build/Ovmf${_arch}/${_build_type}_${_build_plugin}/FV/OVMF_VARS.fd" \
-t "${pkgdir}/usr/share/${pkgname}/${_arch,,}"
install -vDm 644 "Build/Ovmf${_arch}-secure/${_build_type}_${_build_plugin}/FV/OVMF_CODE.fd" \
"${pkgdir}/usr/share/${pkgname}/${_arch,,}/OVMF_CODE.secboot.fd"
done
# installing qemu descriptors in accordance with qemu:
# https://git.qemu.org/?p=qemu.git;a=tree;f=pc-bios/descriptors
# https://bugs.archlinux.org/task/64206
install -vDm 644 ../*"${pkgname}"*.json -t "${pkgdir}/usr/share/qemu/firmware"
# adding symlink for previous ovmf location
# https://bugs.archlinux.org/task/66528
ln -svf "/usr/share/${pkgname}" "${pkgdir}/usr/share/ovmf"
# adding a symlink for applications with questionable heuristics (such as lxd)
ln -svf "/usr/share/${pkgname}" "${pkgdir}/usr/share/OVMF"
# licenses
install -vDm 644 License.txt -t "${pkgdir}/usr/share/licenses/${pkgname}"
install -vDm 644 OvmfPkg/License.txt \
"${pkgdir}/usr/share/licenses/${pkgname}/OvmfPkg.License.txt"
# docs
install -vDm 644 {OvmfPkg/README,ReadMe.rst,Maintainers.txt} \
-t "${pkgdir}/usr/share/doc/${pkgname}"
}
Raw
seabios_config
#
# Automatically generated file; DO NOT EDIT.
# SeaBIOS Configuration
#
#
# General Features
#
# CONFIG_COREBOOT is not set
# CONFIG_QEMU is not set
CONFIG_CSM=y
CONFIG_QEMU_HARDWARE=y
CONFIG_THREADS=y
CONFIG_RELOCATE_INIT=y
CONFIG_BOOTMENU=y
CONFIG_BOOTSPLASH=y
CONFIG_BOOTORDER=y
CONFIG_HOST_BIOS_GEOMETRY=y
CONFIG_ENTRY_EXTRASTACK=y
CONFIG_MALLOC_UPPERMEMORY=y
CONFIG_ROM_SIZE=0
#
# Hardware support
#
CONFIG_ATA=y
# CONFIG_ATA_DMA is not set
# CONFIG_ATA_PIO32 is not set
CONFIG_AHCI=y
CONFIG_SDCARD=y
CONFIG_VIRTIO_BLK=y
CONFIG_VIRTIO_SCSI=y
CONFIG_PVSCSI=y
CONFIG_ESP_SCSI=y
CONFIG_LSI_SCSI=y
CONFIG_MEGASAS=y
CONFIG_MPT_SCSI=y
CONFIG_FLOPPY=y
CONFIG_FLASH_FLOPPY=y
CONFIG_NVME=y
CONFIG_PS2PORT=y
CONFIG_USB=y
CONFIG_USB_UHCI=y
CONFIG_USB_OHCI=y
CONFIG_USB_EHCI=y
CONFIG_USB_XHCI=y
CONFIG_USB_MSC=y
CONFIG_USB_UAS=y
CONFIG_USB_HUB=y
CONFIG_USB_KEYBOARD=y
CONFIG_USB_MOUSE=y
CONFIG_SERIAL=y
CONFIG_SERCON=y
CONFIG_LPT=y
CONFIG_RTC_TIMER=y
CONFIG_HARDWARE_IRQ=y
CONFIG_PMTIMER=y
CONFIG_TSC_TIMER=y
#
# BIOS interfaces
#
CONFIG_DRIVES=y
CONFIG_CDROM_BOOT=y
CONFIG_CDROM_EMU=y
CONFIG_PCIBIOS=y
CONFIG_APMBIOS=y
CONFIG_PNPBIOS=y
CONFIG_OPTIONROMS=y
CONFIG_PMM=y
CONFIG_BOOT=y
CONFIG_KEYBOARD=y
CONFIG_KBD_CALL_INT15_4F=y
CONFIG_MOUSE=y
CONFIG_S3_RESUME=y
CONFIG_VGAHOOKS=y
# CONFIG_DISABLE_A20 is not set
CONFIG_TCGBIOS=y
#
# VGA ROM
#
CONFIG_NO_VGABIOS=y
# CONFIG_VGA_GEODEGX2 is not set
# CONFIG_VGA_GEODELX is not set
# CONFIG_BUILD_VGABIOS is not set
CONFIG_VGA_EXTRA_STACK_SIZE=512
#
# Debugging
#
CONFIG_DEBUG_LEVEL=1
# CONFIG_DEBUG_SERIAL is not set
# CONFIG_DEBUG_SERIAL_MMIO is not set
CONFIG_DEBUG_IO=y
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment