From 1c7d6584a7811b7785ae5c1e378f14b5ba0971cf Mon Sep 17 00:00:00 2001 From: takeshi_hoshina Date: Mon, 2 Nov 2020 11:07:33 +0900 Subject: basesystem-jj recipes --- external/poky/meta/recipes-core/ovmf/ovmf_git.bb | 59 +++++++++++------------- 1 file changed, 26 insertions(+), 33 deletions(-) (limited to 'external/poky/meta/recipes-core/ovmf/ovmf_git.bb') diff --git a/external/poky/meta/recipes-core/ovmf/ovmf_git.bb b/external/poky/meta/recipes-core/ovmf/ovmf_git.bb index d2ecb619..9667fa0c 100644 --- a/external/poky/meta/recipes-core/ovmf/ovmf_git.bb +++ b/external/poky/meta/recipes-core/ovmf/ovmf_git.bb @@ -2,9 +2,9 @@ SUMMARY = "OVMF - UEFI firmware for Qemu and KVM" DESCRIPTION = "OVMF is an EDK II based project to enable UEFI support for \ Virtual Machines. OVMF contains sample UEFI firmware for QEMU and KVM" HOMEPAGE = "https://github.com/tianocore/tianocore.github.io/wiki/OVMF" -LICENSE = "BSD" +LICENSE = "BSD-2-Clause" LICENSE_class-target = "${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'BSD & OpenSSL', 'BSD', d)}" -LIC_FILES_CHKSUM = "file://OvmfPkg/License.txt;md5=343dc88e82ff33d042074f62050c3496" +LIC_FILES_CHKSUM = "file://OvmfPkg/License.txt;md5=06357ddc23f46577c2aeaeaf7b776d65" # Enabling Secure Boot adds a dependency on OpenSSL and implies # compiling OVMF twice, so it is disabled by default. Distros @@ -12,30 +12,16 @@ LIC_FILES_CHKSUM = "file://OvmfPkg/License.txt;md5=343dc88e82ff33d042074f62050c3 PACKAGECONFIG ??= "" PACKAGECONFIG[secureboot] = ",,," -SRC_URI = "git://github.com/tianocore/edk2.git;branch=master \ - file://0001-ia32-Dont-use-pie.patch \ - file://0002-ovmf-update-path-to-native-BaseTools.patch \ - file://0003-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch \ - file://0004-ovmf-enable-long-path-file.patch \ - file://VfrCompile-increase-path-length-limit.patch \ - file://no-stack-protector-all-archs.patch \ - file://0001-BaseTools-header.makefile-add-Wno-stringop-truncatio.patch \ - file://0002-BaseTools-header.makefile-add-Wno-restrict.patch \ - file://0003-BaseTools-header.makefile-revert-gcc-8-Wno-xxx-optio.patch \ - file://0004-BaseTools-GenVtf-silence-false-stringop-overflow-war.patch \ +SRC_URI = "gitsm://github.com/tianocore/edk2.git;branch=master;protocol=git \ + file://0001-ovmf-update-path-to-native-BaseTools.patch \ + file://0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch \ + file://0003-ovmf-enable-long-path-file.patch \ + file://0004-ovmf-Update-to-latest.patch \ " -UPSTREAM_VERSION_UNKNOWN = "1" -OPENSSL_RELEASE = "openssl-1.1.0e" - -SRC_URI_append_class-target = " \ - ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'http://www.openssl.org/source/${OPENSSL_RELEASE}.tar.gz;name=openssl;subdir=${S}/CryptoPkg/Library/OpensslLib', '', d)} \ - file://0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch \ -" - -SRCREV="ec4910cd3336565fdb61dafdd9ec4ae7a6160ba3" -SRC_URI[openssl.md5sum] = "51c42d152122e474754aea96f66928c6" -SRC_URI[openssl.sha256sum] = "57be8618979d80c910728cfc99369bf97b2a1abd8f366ab6ebdee8975ad3874c" +PV = "edk2-stable201911" +SRCREV = "bd85bf54c268204c7a698a96f3ccd96cd77952cd" +UPSTREAM_CHECK_GITTAGREGEX = "(?Pedk2-stable.*)" inherit deploy @@ -43,11 +29,7 @@ PARALLEL_MAKE = "" S = "${WORKDIR}/git" -DEPENDS_class-native="util-linux-native iasl-native qemu-native" - -DEPENDS_class-target="ovmf-native" - -DEPENDS_append = " nasm-native" +DEPENDS = "nasm-native acpica-native ovmf-native util-linux-native" EDK_TOOLS_DIR="edk2_basetools" @@ -62,6 +44,8 @@ COMPATIBLE_HOST='(i.86|x86_64).*' OVMF_SECURE_BOOT_EXTRA_FLAGS ??= "" OVMF_SECURE_BOOT_FLAGS = "-DSECURE_BOOT_ENABLE=TRUE ${OVMF_SECURE_BOOT_EXTRA_FLAGS}" +export PYTHON_COMMAND = "${HOSTTOOLS_DIR}/python3" + do_patch[postfuncs] += "fix_basetools_location" fix_basetools_location () { } @@ -192,12 +176,9 @@ do_compile_class-target() { ln ${build_dir}/${OVMF_ARCH}/Shell.efi ${WORKDIR}/ovmf/ if ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'true', 'false', d)}; then - # See CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt and - # https://src.fedoraproject.org/cgit/rpms/edk2.git/tree/ for - # building with Secure Boot enabled. + # Repeat build with the Secure Boot flags. bbnote "Building with Secure Boot." rm -rf ${S}/Build/Ovmf$OVMF_DIR_SUFFIX - ln -sf ${OPENSSL_RELEASE} ${S}/CryptoPkg/Library/OpensslLib/openssl ${S}/OvmfPkg/build.sh $PARALLEL_JOBS -a $OVMF_ARCH -b RELEASE -t ${FIXED_GCCVER} ${OVMF_SECURE_BOOT_FLAGS} ln ${build_dir}/FV/OVMF.fd ${WORKDIR}/ovmf/ovmf.secboot.fd ln ${build_dir}/FV/OVMF_CODE.fd ${WORKDIR}/ovmf/ovmf.secboot.code.fd @@ -232,6 +213,11 @@ FILES_ovmf-shell-efi = " \ efi/ \ " +DEPLOYDEP = "" +DEPLOYDEP_class-target = "qemu-system-native:do_populate_sysroot" +DEPLOYDEP_class-target += " ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'openssl-native:do_populate_sysroot', '', d)}" +do_deploy[depends] += "${DEPLOYDEP}" + do_deploy() { } do_deploy[cleandirs] = "${DEPLOYDIR}" @@ -245,6 +231,13 @@ do_deploy_class-target() { ; do qemu-img convert -f raw -O qcow2 ${WORKDIR}/ovmf/$i.fd ${DEPLOYDIR}/$i.qcow2 done + + if ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'true', 'false', d)}; then + # Create a test Platform Key and first Key Exchange Key to use with EnrollDefaultKeys + openssl req -new -x509 -newkey rsa:2048 -keyout ${DEPLOYDIR}/OvmfPkKek1.key \ + -out ${DEPLOYDIR}/OvmfPkKek1.crt -nodes -days 20 -subj "/CN=OVMFSecBootTest" + openssl x509 -in ${DEPLOYDIR}/OvmfPkKek1.crt -out ${DEPLOYDIR}/OvmfPkKek1.pem -outform PEM + fi } addtask do_deploy after do_compile before do_build -- cgit 1.2.3-korg