From 61af1efe96cf1037982d2fc90af0749b5ec5a0c6 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Fri, 11 Oct 2024 04:04:15 +0100 Subject: gentoo auto-resync : 11:10:2024 - 04:04:14 --- sys-firmware/Manifest.gz | Bin 4397 -> 4392 bytes sys-firmware/edk2-bin/Manifest | 6 + sys-firmware/edk2-bin/edk2-bin-202202.ebuild | 71 +++++ sys-firmware/edk2-bin/edk2-bin-202408.ebuild | 69 +++++ sys-firmware/edk2-bin/metadata.xml | 11 + sys-firmware/edk2-ovmf-bin/Manifest | 3 - .../edk2-ovmf-bin/edk2-ovmf-bin-202202.ebuild | 71 ----- sys-firmware/edk2-ovmf-bin/metadata.xml | 11 - sys-firmware/edk2-ovmf/Manifest | 21 -- sys-firmware/edk2-ovmf/edk2-ovmf-202105-r2.ebuild | 180 ------------ sys-firmware/edk2-ovmf/edk2-ovmf-202202.ebuild | 161 ----------- sys-firmware/edk2-ovmf/edk2-ovmf-202405.ebuild | 161 ----------- .../edk2-ovmf/files/edk2-ovmf-202105-werror.patch | 38 --- .../edk2-ovmf-202202-binutils-2.41-textrels.patch | 21 -- .../files/edk2-ovmf-202202-lld-textrels.patch | 43 --- sys-firmware/edk2-ovmf/metadata.xml | 15 - sys-firmware/edk2/Manifest | 33 +++ sys-firmware/edk2/edk2-202202.ebuild | 157 +++++++++++ sys-firmware/edk2/edk2-202405.ebuild | 162 +++++++++++ sys-firmware/edk2/edk2-202408.ebuild | 309 +++++++++++++++++++++ .../30-edk2-aarch64-qcow2-sb-enrolled.json | 33 +++ .../30-edk2-ovmf-4m-qcow2-x64-sb-enrolled.json | 36 +++ .../31-edk2-ovmf-2m-raw-x64-sb-enrolled.json | 36 +++ .../descriptors/40-edk2-aarch64-qcow2-sb.json | 32 +++ .../descriptors/40-edk2-ovmf-4m-qcow2-x64-sb.json | 35 +++ .../descriptors/41-edk2-ovmf-2m-raw-x64-sb.json | 35 +++ .../descriptors/50-edk2-aarch64-qcow2-nosb.json | 32 +++ .../50-edk2-ovmf-4m-qcow2-x64-nosb.json | 36 +++ .../descriptors/51-edk2-ovmf-2m-raw-x64-nosb.json | 36 +++ sys-firmware/edk2/files/edk2-202105-werror.patch | 38 +++ .../files/edk2-202202-binutils-2.41-textrels.patch | 21 ++ .../edk2/files/edk2-202202-lld-textrels.patch | 43 +++ .../files/edk2-202408-binutils-2.41-textrels.patch | 13 + sys-firmware/edk2/files/edk2-202408-werror.patch | 56 ++++ sys-firmware/edk2/metadata.xml | 12 + 35 files changed, 1312 insertions(+), 725 deletions(-) create mode 100644 sys-firmware/edk2-bin/Manifest create mode 100644 sys-firmware/edk2-bin/edk2-bin-202202.ebuild create mode 100644 sys-firmware/edk2-bin/edk2-bin-202408.ebuild create mode 100644 sys-firmware/edk2-bin/metadata.xml delete mode 100644 sys-firmware/edk2-ovmf-bin/Manifest delete mode 100644 sys-firmware/edk2-ovmf-bin/edk2-ovmf-bin-202202.ebuild delete mode 100644 sys-firmware/edk2-ovmf-bin/metadata.xml delete mode 100644 sys-firmware/edk2-ovmf/Manifest delete mode 100644 sys-firmware/edk2-ovmf/edk2-ovmf-202105-r2.ebuild delete mode 100644 sys-firmware/edk2-ovmf/edk2-ovmf-202202.ebuild delete mode 100644 sys-firmware/edk2-ovmf/edk2-ovmf-202405.ebuild delete mode 100644 sys-firmware/edk2-ovmf/files/edk2-ovmf-202105-werror.patch delete mode 100644 sys-firmware/edk2-ovmf/files/edk2-ovmf-202202-binutils-2.41-textrels.patch delete mode 100644 sys-firmware/edk2-ovmf/files/edk2-ovmf-202202-lld-textrels.patch delete mode 100644 sys-firmware/edk2-ovmf/metadata.xml create mode 100644 sys-firmware/edk2/Manifest create mode 100644 sys-firmware/edk2/edk2-202202.ebuild create mode 100644 sys-firmware/edk2/edk2-202405.ebuild create mode 100644 sys-firmware/edk2/edk2-202408.ebuild create mode 100644 sys-firmware/edk2/files/descriptors/30-edk2-aarch64-qcow2-sb-enrolled.json create mode 100644 sys-firmware/edk2/files/descriptors/30-edk2-ovmf-4m-qcow2-x64-sb-enrolled.json create mode 100644 sys-firmware/edk2/files/descriptors/31-edk2-ovmf-2m-raw-x64-sb-enrolled.json create mode 100644 sys-firmware/edk2/files/descriptors/40-edk2-aarch64-qcow2-sb.json create mode 100644 sys-firmware/edk2/files/descriptors/40-edk2-ovmf-4m-qcow2-x64-sb.json create mode 100644 sys-firmware/edk2/files/descriptors/41-edk2-ovmf-2m-raw-x64-sb.json create mode 100644 sys-firmware/edk2/files/descriptors/50-edk2-aarch64-qcow2-nosb.json create mode 100644 sys-firmware/edk2/files/descriptors/50-edk2-ovmf-4m-qcow2-x64-nosb.json create mode 100644 sys-firmware/edk2/files/descriptors/51-edk2-ovmf-2m-raw-x64-nosb.json create mode 100644 sys-firmware/edk2/files/edk2-202105-werror.patch create mode 100644 sys-firmware/edk2/files/edk2-202202-binutils-2.41-textrels.patch create mode 100644 sys-firmware/edk2/files/edk2-202202-lld-textrels.patch create mode 100644 sys-firmware/edk2/files/edk2-202408-binutils-2.41-textrels.patch create mode 100644 sys-firmware/edk2/files/edk2-202408-werror.patch create mode 100644 sys-firmware/edk2/metadata.xml (limited to 'sys-firmware') diff --git a/sys-firmware/Manifest.gz b/sys-firmware/Manifest.gz index f8aa4dd3176a..f6455afdec10 100644 Binary files a/sys-firmware/Manifest.gz and b/sys-firmware/Manifest.gz differ diff --git a/sys-firmware/edk2-bin/Manifest b/sys-firmware/edk2-bin/Manifest new file mode 100644 index 000000000000..75cc08df22ce --- /dev/null +++ b/sys-firmware/edk2-bin/Manifest @@ -0,0 +1,6 @@ +DIST edk2-202408-1-amd64.xpak 6406269 BLAKE2B 4989c77321b01165253a8a3bf9955f5b75598cc49371ed74b342786b8158c232f088f1f8a34b8afae0e72f8aabe6cb2a437f5d1f495d3e09d939ef5b4ddfecc6 SHA512 9ead4ac94c634b740ea2a19dcad968e31bc90662b8caf6a9bb96f7517358af23bc1bc996317ca4e7bf2a7b685b2c80fae4757eb1d10fd8d3550388580a0b6ff2 +DIST edk2-202408-1-arm64.xpak 2710314 BLAKE2B e21ee00e178c59cd89cc297f22a044459446f394000e6e959a2cea59c120e9778682ba3e040b02e155d05d5196aebe45c8fc50ae6923a51fd2be2308132b23f9 SHA512 9f2c99755e3ca482ef240f58711d571a57c2e29fc29b696d0345a1c02d185b325f840cd747d139724bde7dfeaced99fd6eecc5e95ec3b45a6651c797d7989576 +DIST edk2-ovmf-202202-1.xpak 2672386 BLAKE2B 75c15d4379610ab2af85b78166e350d52f4f1bc1fff5b2eb693ad0d7b1f6648e65d8ae3e2c5467f93f1557ad3b4fa664ab2d76ff10794667de22c2ea8cca6b2d SHA512 06783b89c96bada0fd025ff39eaee501a027abcb03c0bdcf3ff497d52be22927ab03013d90f145ee94a8662cfffe4f8c154dcd06db1bb1acef8a85ae43de14a3 +EBUILD edk2-bin-202202.ebuild 2166 BLAKE2B f20fc57618542d7a95fb40cba6de904cec6841b68606ce170a8bf360cfea45f7201e83d4b21559f4379302397fd14cc8fa90b30f8977967eb2b67b26d0ebd9ee SHA512 2173dfe2d3948786e85fa4ee3ea49be64a29f21e188b71d2e10ace8626bb5d3cf12534184c548104ab1e68f875c4933279209a04ca3f734af2bc801321789ea8 +EBUILD edk2-bin-202408.ebuild 1823 BLAKE2B 034e616d71eeae08382396affb28892d6e846d8dc3064c83170f1ff918133d766cfa509b83dea1e09fc4dc014db2b4a66c2dd8ceb997f6e6767c13dd657e2ba7 SHA512 1bf93ba16681a0b303c63d0ce1db29b6073c80d985718b629426c58542bbae39c18d06b7c6ee6bdf39345df94b78ad4ff62f3fd124f7fb6ae95932d940847a80 +MISC metadata.xml 355 BLAKE2B e88a696d5268856289ed36d6ac864d8b13e2460dc76b7593934a114fd8ca913d92eda660ba116f9d8b3f75e3ab4a8790a421def1a3fb62a3cbf9448f7328ef8d SHA512 c93298fe9106bab617a35dfca405d5307b8588becd7d0b487a0acce60fd3e2f6fd006b38c227378baa6ee751f75c531bce41be92d27642edb41e6c33473810e2 diff --git a/sys-firmware/edk2-bin/edk2-bin-202202.ebuild b/sys-firmware/edk2-bin/edk2-bin-202202.ebuild new file mode 100644 index 000000000000..75ae882382d6 --- /dev/null +++ b/sys-firmware/edk2-bin/edk2-bin-202202.ebuild @@ -0,0 +1,71 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit readme.gentoo-r1 secureboot + +BINPKG="edk2-ovmf-${PV}-1" + +DESCRIPTION="UEFI firmware for 64-bit x86 virtual machines" +HOMEPAGE="https://github.com/tianocore/edk2" +SRC_URI="https://dev.gentoo.org/~ajak/distfiles/${BINPKG}.xpak" +S="${WORKDIR}" + +# TODO: the binary 202105 package currently lacks the preseeded +# OVMF_VARS.secboot.fd file (that we typically get from fedora) + +LICENSE="BSD-2 MIT" +SLOT="0" +KEYWORDS="amd64 arm64 ~loong ~ppc ppc64 ~riscv x86" + +RDEPEND="!sys-firmware/edk2" + +DISABLE_AUTOFORMATTING=true +DOC_CONTENTS="This package contains the tianocore edk2 UEFI firmware for 64-bit x86 +virtual machines. The firmware is located under + /usr/share/edk2-ovmf/OVMF_CODE.fd + /usr/share/edk2-ovmf/OVMF_VARS.fd + /usr/share/edk2-ovmf/OVMF_CODE.secboot.fd + +If USE=binary is enabled, we also install an OVMF variables file (coming from +fedora) that contains secureboot default keys + + /usr/share/edk2-ovmf/OVMF_VARS.secboot.fd + +If you have compiled this package by hand, you need to either populate all +necessary EFI variables by hand by booting + /usr/share/edk2-ovmf/UefiShell.(iso|img) +or creating OVMF_VARS.secboot.fd by hand: + https://github.com/puiterwijk/qemu-ovmf-secureboot + +The firmware does not support csm (due to no free csm implementation +available). If you need a firmware with csm support you have to download +one for yourself. Firmware blobs are commonly labeled + OVMF{,_CODE,_VARS}-with-csm.fd + +In order to use the firmware you can run qemu the following way + + $ qemu-system-x86_64 \\ + -drive file=/usr/share/edk2-ovmf/OVMF.fd,if=pflash,format=raw,unit=0,readonly=on \\ + ..." + +src_unpack() { + tar -xf - < <(xz -c -d --single-stream "${DISTDIR}/${BINPKG}.xpak") || die "unpacking binpkg failed" +} + +src_install() { + mv "usr/share/doc/edk2-ovmf-${PV}" "usr/share/doc/${PF}" || die + + # Don't want to try to install the readme from the source package + rm "usr/share/doc/${PF}/README.gentoo.bz2" + mv usr "${ED}" || die + + secureboot_auto_sign --in-place + + readme.gentoo_create_doc +} + +pkg_postinst() { + readme.gentoo_print_elog +} diff --git a/sys-firmware/edk2-bin/edk2-bin-202408.ebuild b/sys-firmware/edk2-bin/edk2-bin-202408.ebuild new file mode 100644 index 000000000000..75bd9bda8186 --- /dev/null +++ b/sys-firmware/edk2-bin/edk2-bin-202408.ebuild @@ -0,0 +1,69 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit readme.gentoo-r1 secureboot + +BINPKG="${P/-bin/}-1" +ARCHES="amd64 arm64" + +DESCRIPTION="TianoCore EDK II UEFI firmware for virtual machines" +HOMEPAGE="https://github.com/tianocore/edk2" +SRC_URI=$(printf "https://dev.gentoo.org/~chewi/distfiles/${BINPKG}-%s.xpak\n" ${ARCHES}) +S="${WORKDIR}" +LICENSE="BSD-2 MIT" +SLOT="0" +KEYWORDS="~amd64 ~arm64 ~loong ~ppc ~ppc64 ~riscv ~x86" + +RDEPEND="!sys-firmware/edk2" + +DOC_CONTENTS="This package includes the TianoCore EDK II UEFI firmware for virtual \ +machines of these architectures: ${ARCHES}. See each architecture's README for \ +usage details." + +src_unpack() { + local a + for a in ${ARCHES}; do + mkdir "${a}" || die + tar -C "${a}" -xf - < <(xz -c -d --single-stream "${DISTDIR}/${BINPKG}-${a}.xpak") || + die "unpacking ${a} binpkg failed" + done +} + +src_prepare() { + bunzip2 */usr/share/doc/*/README.gentoo.bz2 || die + default +} + +src_install() { + insinto /usr/share + doins -r */usr/share/{edk2,qemu}/ + + # Compatibility with older package versions. + dosym edk2/OvmfX64 /usr/share/edk2-ovmf + + secureboot_auto_sign --in-place + readme.gentoo_create_doc + + local a + for a in ${ARCHES}; do + newdoc "${a}"/usr/share/doc/*/README.gentoo README-"${a}".gentoo + done +} + +pkg_preinst() { + local OLD=${EROOT}/usr/share/edk2-ovmf NEW=${EROOT}/usr/share/edk2/OvmfX64 + if [[ -d ${OLD} && ! -L ${OLD} ]]; then + { + rm -vf "${OLD}"/{OVMF_{CODE,CODE.secboot,VARS}.fd,EnrollDefaultKeys.efi,Shell.efi,UefiShell.img} && + mkdir -p "${NEW}" && + find "${OLD}" -mindepth 1 -maxdepth 1 -execdir mv --update=none-fail -vt "${NEW}"/ {} + && + rmdir "${OLD}" + } || die "unable to replace old directory with compatibility symlink" + fi +} + +pkg_postinst() { + readme.gentoo_print_elog +} diff --git a/sys-firmware/edk2-bin/metadata.xml b/sys-firmware/edk2-bin/metadata.xml new file mode 100644 index 000000000000..674a9e5d13d6 --- /dev/null +++ b/sys-firmware/edk2-bin/metadata.xml @@ -0,0 +1,11 @@ + + + + + virtualization@gentoo.org + Gentoo Virtualization Project + + + cpe:/a:tianocore:edk2 + + diff --git a/sys-firmware/edk2-ovmf-bin/Manifest b/sys-firmware/edk2-ovmf-bin/Manifest deleted file mode 100644 index 1569675a5f87..000000000000 --- a/sys-firmware/edk2-ovmf-bin/Manifest +++ /dev/null @@ -1,3 +0,0 @@ -DIST edk2-ovmf-202202-1.xpak 2672386 BLAKE2B 75c15d4379610ab2af85b78166e350d52f4f1bc1fff5b2eb693ad0d7b1f6648e65d8ae3e2c5467f93f1557ad3b4fa664ab2d76ff10794667de22c2ea8cca6b2d SHA512 06783b89c96bada0fd025ff39eaee501a027abcb03c0bdcf3ff497d52be22927ab03013d90f145ee94a8662cfffe4f8c154dcd06db1bb1acef8a85ae43de14a3 -EBUILD edk2-ovmf-bin-202202.ebuild 2159 BLAKE2B 8e9ae47e5df851967653a737858bc03c1ac4d9b7e35038dcfd8f5dd5b49f5ad733f2f6f9428bfaaa55ede7b5275c06f667d3761c04c3dbdcbc11852ddc97493b SHA512 f0f9d7d276dbfe0edd1ac3bb76e4e917e455a31d0bdcfc6d24ac7c4ff3835db340223ac1f7d8b5c44e8edfd8bb3c953ab8a01dbca6405d7f8f537ede258f1e0f -MISC metadata.xml 355 BLAKE2B e88a696d5268856289ed36d6ac864d8b13e2460dc76b7593934a114fd8ca913d92eda660ba116f9d8b3f75e3ab4a8790a421def1a3fb62a3cbf9448f7328ef8d SHA512 c93298fe9106bab617a35dfca405d5307b8588becd7d0b487a0acce60fd3e2f6fd006b38c227378baa6ee751f75c531bce41be92d27642edb41e6c33473810e2 diff --git a/sys-firmware/edk2-ovmf-bin/edk2-ovmf-bin-202202.ebuild b/sys-firmware/edk2-ovmf-bin/edk2-ovmf-bin-202202.ebuild deleted file mode 100644 index 2a1a7048cbce..000000000000 --- a/sys-firmware/edk2-ovmf-bin/edk2-ovmf-bin-202202.ebuild +++ /dev/null @@ -1,71 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -inherit readme.gentoo-r1 secureboot - -BINPKG="${P/-bin/}-1" - -DESCRIPTION="UEFI firmware for 64-bit x86 virtual machines" -HOMEPAGE="https://github.com/tianocore/edk2" -SRC_URI="https://dev.gentoo.org/~ajak/distfiles/${BINPKG}.xpak" -S="${WORKDIR}" - -# TODO: the binary 202105 package currently lacks the preseeded -# OVMF_VARS.secboot.fd file (that we typically get from fedora) - -LICENSE="BSD-2 MIT" -SLOT="0" -KEYWORDS="amd64 arm64 ~loong ~ppc ppc64 ~riscv x86" - -RDEPEND="!sys-firmware/edk2-ovmf" - -DISABLE_AUTOFORMATTING=true -DOC_CONTENTS="This package contains the tianocore edk2 UEFI firmware for 64-bit x86 -virtual machines. The firmware is located under - /usr/share/edk2-ovmf/OVMF_CODE.fd - /usr/share/edk2-ovmf/OVMF_VARS.fd - /usr/share/edk2-ovmf/OVMF_CODE.secboot.fd - -If USE=binary is enabled, we also install an OVMF variables file (coming from -fedora) that contains secureboot default keys - - /usr/share/edk2-ovmf/OVMF_VARS.secboot.fd - -If you have compiled this package by hand, you need to either populate all -necessary EFI variables by hand by booting - /usr/share/edk2-ovmf/UefiShell.(iso|img) -or creating OVMF_VARS.secboot.fd by hand: - https://github.com/puiterwijk/qemu-ovmf-secureboot - -The firmware does not support csm (due to no free csm implementation -available). If you need a firmware with csm support you have to download -one for yourself. Firmware blobs are commonly labeled - OVMF{,_CODE,_VARS}-with-csm.fd - -In order to use the firmware you can run qemu the following way - - $ qemu-system-x86_64 \ - -drive file=/usr/share/edk2-ovmf/OVMF.fd,if=pflash,format=raw,unit=0,readonly=on \ - ..." - -src_unpack() { - tar -xf - < <(xz -c -d --single-stream "${DISTDIR}/${BINPKG}.xpak") || die "unpacking binpkg failed" -} - -src_install() { - mv "usr/share/doc/${P/-bin/}" "usr/share/doc/${PF}" || die - - # Don't want to try to install the readme from the source package - rm "usr/share/doc/${PF}/README.gentoo.bz2" - mv usr "${ED}" || die - - secureboot_auto_sign --in-place - - readme.gentoo_create_doc -} - -pkg_postinst() { - readme.gentoo_print_elog -} diff --git a/sys-firmware/edk2-ovmf-bin/metadata.xml b/sys-firmware/edk2-ovmf-bin/metadata.xml deleted file mode 100644 index 674a9e5d13d6..000000000000 --- a/sys-firmware/edk2-ovmf-bin/metadata.xml +++ /dev/null @@ -1,11 +0,0 @@ - - - - - virtualization@gentoo.org - Gentoo Virtualization Project - - - cpe:/a:tianocore:edk2 - - diff --git a/sys-firmware/edk2-ovmf/Manifest b/sys-firmware/edk2-ovmf/Manifest deleted file mode 100644 index b24ae755f6f4..000000000000 --- a/sys-firmware/edk2-ovmf/Manifest +++ /dev/null @@ -1,21 +0,0 @@ -AUX edk2-ovmf-202105-werror.patch 2355 BLAKE2B 6ce16c0181da1922130209141cde93d1d0407c62f31927270dfe684ebe58cdda94269566231f5b5d0dbb8c1fbde55bd62be881925547d0b1d38b90563e3f480c SHA512 bca368756bab75345e4010b3c0eaa0d3e6a34e172aa662e09a4c89f90d4b4bc6a20a28b7bce5b0fdd678f7f9113193d09a89e49b5d1d6b8a362c445b4098189f -AUX edk2-ovmf-202202-binutils-2.41-textrels.patch 2600 BLAKE2B e3ddfcf36190762cf2589faa777f19f04bc7d3363a226885fa96a17cfbd29f9dd6d6b6501f85080c789b09c34a9174154e2b9dca7f1d1cd274841cf20e8835d2 SHA512 17c01bfc9eb2d2f356e16c08ef5c3def635fd502a9e50692bd5aa3e3a11f999997d0783c8a3b828ede96b34a1e23d4a6d9398607f4a9d0ddc597de3fa2e9a8cf -AUX edk2-ovmf-202202-lld-textrels.patch 2555 BLAKE2B 63b31c92b2fdd043a9569538f448f9b1d5c6d5ec00e981344b07c41fa370acfd69863939475e9d3565c5a52429af61268e72f9531734f8faad87cd6fca9d84cd SHA512 2cbdc3c40267f82ac6a958b6569c5056e8700466732155aaebc041e176c228cf6036632d04225fa86e1de953cb4717a2b6d5e76efda15aa26a50a5ddb8233e05 -DIST brotli-666c3280cc11dc433c303d79a83d4ffbdd12cc8d.tar.gz 23855739 BLAKE2B 7406ec5b29ac66afbcd7c1376bb3208f298d19b6592b2869c52173aa64947d58bd443f9a61c67deaf046be910a0e31c0b843e5508e97e0e1f5e7bce100d86904 SHA512 df8e90562c4fd7f0e787949df6bc4f5a165b39bd333f442d27874fe65640fbba268f9350d7113e6761a5acceb66d78e75f1a296e5a89b94574edf28109cdc812 -DIST brotli-f4153a09f87cbb9c826d8fc12c74642bb2d879ea.tar.gz 512229 BLAKE2B cd86cc2cc7eefad24f87cda8006409bf764922b5f23ccfb951e7a41214b12004ce532b11f94f5fb858b3bf71f9abf8ef17ba219fa96bd5be23b51873afad0fd5 SHA512 7f48e794e738b31c2005e7cef6d8c0cc0d543f1cd8c137ae8ba14602cac2873de6299a3f32ad52be869f513e7548341353ed049609daef1063975694d9a9b80b -DIST edk2-ovmf-202105-qemu-firmware.tar.xz 672 BLAKE2B e87845a84c83f65db836fd054c81a4f3062d5e0fcc51aa0ecf9c2d23c8741f218d38ef737d140f5935ce8d9c34508e5f3b9f54bf9c547a391fa63cdc2ecf1233 SHA512 6100502f26db26e407dacce57c96b1abfd372bcb31767a068332afa09ac435a092fd2a73db27670d27c6e927c26e88315346bbac70578571108434b9683bd00c -DIST edk2-ovmf-202105-r1-bin.tar.xz 2633188 BLAKE2B 93b4bd1c75da69406b5d27ac32d8b7c63dc8248bcd5d54832e520a4b009be4b7f215eb7d489ecb7cb16d31e02452dfa06b8fa709f37c44e59b4ff70a550076c7 SHA512 356c2110abce43da9c0654324e222cbbab7085e3aa23d1ba4c98011e4d4992a37d61fa45394305b748d119dba12f65d7c7d630b9f8038065ba4672d758c702be -DIST edk2-ovmf-202105.tar.gz 13702868 BLAKE2B 3ec01d467562380ca2fd3bd807d2f6c55e4637c1afd71533f8f5b22cc634dc4c8cb63dab921677f8b315d17b3c9d0b6b00a0e2f3f8da61107033e9e81bf5a64d SHA512 c263345cbb243c63985f974a61f37c577a139d6a7099d2b8c9e1a553e5ebf16de12fb711b72624081c6bf637f8084bbf71731ab99e5747d81da460388ac25791 -DIST edk2-ovmf-202202-qemu-firmware.tar.xz 664 BLAKE2B 1aa4e25804ce0f3c967c80999315de24eaef6682e42dddd81c274ce4603ec3d15186de752de49e2527c6bd5517080c002a357ed6bc389b5afd6f7a4d93edeb44 SHA512 f9a29212274a99796784673d873e0eee7d3e2a5cf9e63192453841ee3a4ef4b813c7b2357fc7000f39c71ed6c66636daab772abb51d3972a2a56ade8a4c68faf -DIST edk2-ovmf-202202.tar.gz 14208170 BLAKE2B d8411e6808b335ccd551349a10c983b9448a357e73273fa6c30a07785e27feffed0224950ee98b668712c33f6739a9b006e5043b7dfd014f48dba9fd449b3354 SHA512 200690a4867331de06e0478869b85577bc510213ebe679f2103160efb84d94c82ac8481ef1f15c3e42c1e9f22b7c5ef0d6c8f2c655bce7702ce843551cf9bb83 -DIST edk2-ovmf-202405.tar.gz 17091190 BLAKE2B ee2f4c8674ecd7a17e4ee1b067cf1caffb46c3345f39ab15b715964b8e114d01538ae4d4152ab6a3eeebdae602128604d57c02fc0da83f46c291559fe39f49d2 SHA512 3bad4c8417b0c9b68fc6b6b85a4b15c5be8daf672177ce66d7b224b1da7a90f643021adbdd6bc96f95417fc8654c4c6b191cd39f6c1be955946360bfa8e2cb5f -DIST libspdm-370b5944c046bab043dd8b133727b2135af7747a.tar.gz 1962880 BLAKE2B 89606315fadcf00b2909f264a6edcb2b900dfe248357ea45c37c5a9c947a4d684866627d85132cc51d44d90853d63814eaf9d2b4acdd1a9621b1d6600ca4a0a4 SHA512 07b2b376a84e86647d7a831ee6686d1cf647033ac339afb7c4ea7846cf4e9f7f529a2866bc68ea172d44f1f1efadc8bf1646c3d7fe7e6b6175286ef9c743b206 -DIST mbedtls-370b5944c046bab043dd8b133727b2135af7747a.tar.gz 4587796 BLAKE2B c28df5c52ac3ed5ef6a2b9eba29f3894d3f5f11083869e8b137cd66d4f72b2a0971c91636ce4626869bd06eeb5e661d90160021f92564b9449fb13001b8e379f SHA512 a421c03c740867210f9e30457bc951928cafec3622e1e304f8c18ce5c5e27c5c8e6c7715180ecb74c6a997e4b91ee160e52b357e1bb65ff76ce8414a87ec4889 -DIST mipi-sys-t-370b5944c046bab043dd8b133727b2135af7747a.tar.gz 378522 BLAKE2B d3f1033e78ad814ebb991e66d8c1437aa3583e91481af9785b97b6021c7c45fb9dcb8d2d58d0a0fe84fbd9f108d24a27234df298eb8a2ba2340e5c9c85c89c40 SHA512 de6888577ceab7ab6915d792f3c48248cfa53357ccd310fc7f7eae4d25a932de8c7c23e5b898c9ebf61cf86cb538277273f2eb131a628b3bf0d46c9a3b9b6686 -DIST openssl-d82e959e621a3d597f1e0d50ff8c2d8b96915fd7.tar.gz 10034310 BLAKE2B 6996979dc12a523d565830e7b0943feb682a376f71ddb6f20cb8b9976bb7f12e39f088abaa45d514933ef79c0e4a2933dc6f1af4774fedaa16e74c0081c358e7 SHA512 a89bc652dc4318c5e8a9c594a43d890ca05dfc1acd6b15e2a8ab8b5628b5f33994143ff8024230e07b9e67556b28ea3a5e36763aa72dec20b52022ca8c6f2a7e -DIST openssl-de90e54bbe82e5be4fb9608b6f5c308bb837d355.tar.gz 15337569 BLAKE2B bb0b2f4ee7838178e8e23317b6c63048611d805e20c81d6c875d9b515e6dbcf981cda38f031965c9ec45bcab3ac4725cfa793718b0212e92bf53b4c7fc3f4e32 SHA512 4bba15075dacc8c1772a95759cfe8620ff3a9d535e5d3d29bb15e4790cc543555ab45f0b239195361e534eca26249ae1b491b63cbf6b7ecda6f0840c7f6253ac -DIST openssl-e2e09d9fba1187f8d6aafaa34d4172f56f1ffb72.tar.gz 9981169 BLAKE2B 33aac7364cdd45fec5654ab6caef84e1a829464380419c8a6bb311055c5a01c0aaff6e046a7c541a87e908fa9d26bae652f5be901461d03df36f2522f9c34b0c SHA512 db2087c04f0b428b3f4e1c8b3ac53cce69e0fd331ed2b86ba00facafd1685864d73f71c13eee48f4fe0af2bddad848f84a2b8ed2a17fabdf7fa2ed7d9eb39371 -EBUILD edk2-ovmf-202105-r2.ebuild 5146 BLAKE2B 0b95c308f5eb022c48bb1f3fdeaae7ba6db80f4aa789078a0ea8c819c04635ed3b64e4f8c421daf768c89987cee2c3792d87097669d610a62dd80a377f585bbc SHA512 0ab8889e97dea11eb74140421e819911579e32d3b6c632c8b6ad66b2e79ecf0eba7a92c40480f66a815ee9c4ff6806b17f345f8c8ed7c33bc13b2c2038dc2bd9 -EBUILD edk2-ovmf-202202.ebuild 4967 BLAKE2B 9fdf9c6b4ef25088ff83ea47e0cf6adcf18045cc60edbfbd4a64082c0df0c0c739c3d8c25564f97c29bf7ecaaf89d0cfb593e1a9e9363c84dde1a001403f7088 SHA512 a8e13032b229f7a528f5a75267600cada5aeccca7479cc31168e699458b55ccbc54286051ce7c45d71979f828c760e2629129dbfaa8f972954fde7168fa88022 -EBUILD edk2-ovmf-202405.ebuild 5711 BLAKE2B ccfe098446b4005b41b3f46f807ce42915fa7e6e8589a523007f1dfebc5fe6aba71f90612aaf2822b96d0a0097455d934b6e6b819d9cca8351cd092b2165868f SHA512 322de8cc1f77ad1826aee73c555a033c50efb2684041f858506fa2670854cf547a620f6ef2187f9e178ea961daf779cba80ba7221da633cb9c1ec332637c7ffb -MISC metadata.xml 465 BLAKE2B b01ef675398176557e2f4099083231b60ad8c26ab84fbcfc24e0ef44963670aeda6aa625910964c56822299bb0e0e966f6a1e3768df2ddd2dec82c6c0b92a68a SHA512 f78ae0b027aaac140a23b85d0b219342b5ccc3692f337065f9f282622ec98289c270105af45eeb1d8fd4a707cee59e1d52ef13e947c297e52f2f8a1896276ef1 diff --git a/sys-firmware/edk2-ovmf/edk2-ovmf-202105-r2.ebuild b/sys-firmware/edk2-ovmf/edk2-ovmf-202105-r2.ebuild deleted file mode 100644 index 77b264824aeb..000000000000 --- a/sys-firmware/edk2-ovmf/edk2-ovmf-202105-r2.ebuild +++ /dev/null @@ -1,180 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -PYTHON_REQ_USE="sqlite" -PYTHON_COMPAT=( python3_{10..11} ) - -inherit python-any-r1 readme.gentoo-r1 secureboot - -DESCRIPTION="UEFI firmware for 64-bit x86 virtual machines" -HOMEPAGE="https://github.com/tianocore/edk2" - -BUNDLED_OPENSSL_SUBMODULE_SHA="e2e09d9fba1187f8d6aafaa34d4172f56f1ffb72" -BUNDLED_BROTLI_SUBMODULE_SHA="666c3280cc11dc433c303d79a83d4ffbdd12cc8d" - -# TODO: talk with tamiko about unbundling (mva) - -# TODO: the binary 202105 package currently lacks the preseeded -# OVMF_VARS.secboot.fd file (that we typically get from fedora) - -SRC_URI=" - !binary? ( - https://github.com/tianocore/edk2/archive/edk2-stable${PV}.tar.gz -> ${P}.tar.gz - https://github.com/openssl/openssl/archive/${BUNDLED_OPENSSL_SUBMODULE_SHA}.tar.gz -> openssl-${BUNDLED_OPENSSL_SUBMODULE_SHA}.tar.gz - https://github.com/google/brotli/archive/${BUNDLED_BROTLI_SUBMODULE_SHA}.tar.gz -> brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}.tar.gz - ) - binary? ( https://dev.gentoo.org/~tamiko/distfiles/${P}-r1-bin.tar.xz ) - https://dev.gentoo.org/~tamiko/distfiles/${P}-qemu-firmware.tar.xz -" - -LICENSE="BSD-2 MIT" -SLOT="0" -KEYWORDS="amd64 arm64 ~loong ~ppc ppc64 ~riscv x86" - -IUSE="+binary" -REQUIRED_USE+=" - !amd64? ( binary ) -" - -NON_BINARY_DEPEND=" - app-emulation/qemu - >=dev-lang/nasm-2.0.7 - >=sys-power/iasl-20160729 - ${PYTHON_DEPS} -" - -DEPEND+=" - !binary? ( - amd64? ( - ${NON_BINARY_DEPEND} - ) - )" -RDEPEND="" - -PATCHES=( - "${FILESDIR}/${PN}-202105-werror.patch" -) - -S="${WORKDIR}/edk2-edk2-stable${PV}" - -DISABLE_AUTOFORMATTING=true -DOC_CONTENTS="This package contains the tianocore edk2 UEFI firmware for 64-bit x86 -virtual machines. The firmware is located under - /usr/share/edk2-ovmf/OVMF_CODE.fd - /usr/share/edk2-ovmf/OVMF_VARS.fd - /usr/share/edk2-ovmf/OVMF_CODE.secboot.fd - -If USE=binary is enabled, we also install an OVMF variables file (coming from -fedora) that contains secureboot default keys - - /usr/share/edk2-ovmf/OVMF_VARS.secboot.fd - -If you have compiled this package by hand, you need to either populate all -necessary EFI variables by hand by booting - /usr/share/edk2-ovmf/UefiShell.(iso|img) -or creating OVMF_VARS.secboot.fd by hand: - https://github.com/puiterwijk/qemu-ovmf-secureboot - -The firmware does not support csm (due to no free csm implementation -available). If you need a firmware with csm support you have to download -one for yourself. Firmware blobs are commonly labeled - OVMF{,_CODE,_VARS}-with-csm.fd - -In order to use the firmware you can run qemu the following way - - $ qemu-system-x86_64 \ - -drive file=/usr/share/edk2-ovmf/OVMF.fd,if=pflash,format=raw,unit=0,readonly=on \ - ..." - -pkg_setup() { - [[ ${PV} != "999999" ]] && use binary || python-any-r1_pkg_setup - secureboot_pkg_setup -} - -src_prepare() { - if use binary; then - eapply_user - else - # Bundled submodules - cp -rl "${WORKDIR}/openssl-${BUNDLED_OPENSSL_SUBMODULE_SHA}"/* "CryptoPkg/Library/OpensslLib/openssl/" - cp -rl "${WORKDIR}/brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}"/* "BaseTools/Source/C/BrotliCompress/brotli/" - cp -rl "${WORKDIR}/brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}"/* "MdeModulePkg/Library/BrotliCustomDecompressLib/brotli/" - - sed -i -r \ - -e "/function SetupPython3/,/\}/{s,\\\$\(whereis python3\),${EPYTHON},g}" \ - "${S}"/edksetup.sh || die "Fixing for correct Python3 support failed" - - default - fi -} - -src_compile() { - TARGET_ARCH=X64 - TARGET_NAME=RELEASE - TARGET_TOOLS=GCC49 - - BUILD_FLAGS="-D TLS_ENABLE \ - -D HTTP_BOOT_ENABLE \ - -D NETWORK_IP6_ENABLE \ - -D TPM_ENABLE \ - -D TPM2_ENABLE -D TPM2_CONFIG_ENABLE \ - -D FD_SIZE_2MB" - - SECUREBOOT_BUILD_FLAGS="${BUILD_FLAGS} \ - -D SECURE_BOOT_ENABLE \ - -D SMM_REQUIRE \ - -D EXCLUDE_SHELL_FROM_FD" - - [[ ${PV} != "999999" ]] && use binary && return - - emake ARCH=${TARGET_ARCH} -C BaseTools - - . ./edksetup.sh - - # Build all EFI firmware blobs: - - mkdir -p ovmf - - ./OvmfPkg/build.sh \ - -a "${TARGET_ARCH}" -b "${TARGET_NAME}" -t "${TARGET_TOOLS}" \ - ${BUILD_FLAGS} || die "OvmfPkg/build.sh failed" - - cp Build/OvmfX64/*/FV/OVMF_*.fd ovmf/ - rm -rf Build/OvmfX64 - - ./OvmfPkg/build.sh \ - -a "${TARGET_ARCH}" -b "${TARGET_NAME}" -t "${TARGET_TOOLS}" \ - ${SECUREBOOT_BUILD_FLAGS} || die "OvmfPkg/build.sh failed" - - cp Build/OvmfX64/*/FV/OVMF_CODE.fd ovmf/OVMF_CODE.secboot.fd || die "cp failed" - cp Build/OvmfX64/*/X64/Shell.efi ovmf/ || die "cp failed" - cp Build/OvmfX64/*/X64/EnrollDefaultKeys.efi ovmf || die "cp failed" - - # Build a convenience UefiShell.img: - - mkdir -p iso_image/efi/boot || die "mkdir failed" - cp ovmf/Shell.efi iso_image/efi/boot/bootx64.efi || die "cp failed" - cp ovmf/EnrollDefaultKeys.efi iso_image || die "cp failed" - qemu-img convert --image-opts \ - driver=vvfat,floppy=on,fat-type=12,label=UEFI_SHELL,dir=iso_image \ - ovmf/UefiShell.img || die "qemu-img failed" -} - -src_install() { - insinto /usr/share/${PN} - doins ovmf/* - - insinto /usr/share/qemu/firmware - doins qemu/* - rm "${ED}"/usr/share/qemu/firmware/40-edk2-ovmf-x64-sb-enrolled.json || die "rm failed" - - secureboot_auto_sign --in-place - - readme.gentoo_create_doc -} - -pkg_postinst() { - readme.gentoo_print_elog -} diff --git a/sys-firmware/edk2-ovmf/edk2-ovmf-202202.ebuild b/sys-firmware/edk2-ovmf/edk2-ovmf-202202.ebuild deleted file mode 100644 index 43332ccb0057..000000000000 --- a/sys-firmware/edk2-ovmf/edk2-ovmf-202202.ebuild +++ /dev/null @@ -1,161 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -PYTHON_REQ_USE="sqlite" -PYTHON_COMPAT=( python3_{10..11} ) - -inherit python-any-r1 readme.gentoo-r1 secureboot - -DESCRIPTION="UEFI firmware for 64-bit x86 virtual machines" -HOMEPAGE="https://github.com/tianocore/edk2" - -BUNDLED_OPENSSL_SUBMODULE_SHA="d82e959e621a3d597f1e0d50ff8c2d8b96915fd7" -BUNDLED_BROTLI_SUBMODULE_SHA="f4153a09f87cbb9c826d8fc12c74642bb2d879ea" - -# TODO: talk with tamiko about unbundling (mva) - -# TODO: the binary 202105 package currently lacks the preseeded -# OVMF_VARS.secboot.fd file (that we typically get from fedora) - -SRC_URI="https://github.com/tianocore/edk2/archive/edk2-stable${PV}.tar.gz -> ${P}.tar.gz - https://github.com/openssl/openssl/archive/${BUNDLED_OPENSSL_SUBMODULE_SHA}.tar.gz -> openssl-${BUNDLED_OPENSSL_SUBMODULE_SHA}.tar.gz - https://github.com/google/brotli/archive/${BUNDLED_BROTLI_SUBMODULE_SHA}.tar.gz -> brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}.tar.gz - https://dev.gentoo.org/~ajak/distfiles/${P}-qemu-firmware.tar.xz" - -LICENSE="BSD-2 MIT" -SLOT="0" -KEYWORDS="-* amd64" - -BDEPEND="app-emulation/qemu - >=dev-lang/nasm-2.0.7 - >=sys-power/iasl-20160729 - ${PYTHON_DEPS}" -RDEPEND="!sys-firmware/edk2-ovmf-bin" - -PATCHES=( - "${FILESDIR}/${PN}-202105-werror.patch" - "${FILESDIR}/${PN}-202202-lld-textrels.patch" - "${FILESDIR}/${PN}-202202-binutils-2.41-textrels.patch" -) - -S="${WORKDIR}/edk2-edk2-stable${PV}" - -DISABLE_AUTOFORMATTING=true -DOC_CONTENTS="This package contains the tianocore edk2 UEFI firmware for 64-bit x86 -virtual machines. The firmware is located under - /usr/share/edk2-ovmf/OVMF_CODE.fd - /usr/share/edk2-ovmf/OVMF_VARS.fd - /usr/share/edk2-ovmf/OVMF_CODE.secboot.fd - -If USE=binary is enabled, we also install an OVMF variables file (coming from -fedora) that contains secureboot default keys - - /usr/share/edk2-ovmf/OVMF_VARS.secboot.fd - -If you have compiled this package by hand, you need to either populate all -necessary EFI variables by hand by booting - /usr/share/edk2-ovmf/UefiShell.(iso|img) -or creating OVMF_VARS.secboot.fd by hand: - https://github.com/puiterwijk/qemu-ovmf-secureboot - -The firmware does not support csm (due to no free csm implementation -available). If you need a firmware with csm support you have to download -one for yourself. Firmware blobs are commonly labeled - OVMF{,_CODE,_VARS}-with-csm.fd - -In order to use the firmware you can run qemu the following way - - $ qemu-system-x86_64 \ - -drive file=/usr/share/edk2-ovmf/OVMF.fd,if=pflash,format=raw,unit=0,readonly=on \ - ..." - -pkg_setup() { - python-any-r1_pkg_setup - secureboot_pkg_setup -} - -src_prepare() { - # Bundled submodules - cp -rl "${WORKDIR}/openssl-${BUNDLED_OPENSSL_SUBMODULE_SHA}"/* "CryptoPkg/Library/OpensslLib/openssl/" - cp -rl "${WORKDIR}/brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}"/* "BaseTools/Source/C/BrotliCompress/brotli/" - cp -rl "${WORKDIR}/brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}"/* "MdeModulePkg/Library/BrotliCustomDecompressLib/brotli/" - - sed -i -r \ - -e "/function SetupPython3/,/\}/{s,\\\$\(whereis python3\),${EPYTHON},g}" \ - "${S}"/edksetup.sh || die "Fixing for correct Python3 support failed" - - default -} - -src_compile() { - TARGET_ARCH=X64 - TARGET_NAME=RELEASE - TARGET_TOOLS=GCC49 - - BUILD_FLAGS="-D TLS_ENABLE \ - -D HTTP_BOOT_ENABLE \ - -D NETWORK_IP6_ENABLE \ - -D TPM_ENABLE \ - -D TPM2_ENABLE -D TPM2_CONFIG_ENABLE \ - -D FD_SIZE_2MB" - - SECUREBOOT_BUILD_FLAGS="${BUILD_FLAGS} \ - -D SECURE_BOOT_ENABLE \ - -D SMM_REQUIRE \ - -D EXCLUDE_SHELL_FROM_FD" - - export LDFLAGS="-z notext" - export EXTRA_LDFLAGS="-z notext" - export DLINK_FLAGS="-z notext" - - emake ARCH=${TARGET_ARCH} -C BaseTools - - . ./edksetup.sh - - # Build all EFI firmware blobs: - - mkdir -p ovmf - - ./OvmfPkg/build.sh \ - -a "${TARGET_ARCH}" -b "${TARGET_NAME}" -t "${TARGET_TOOLS}" \ - ${BUILD_FLAGS} || die "OvmfPkg/build.sh failed" - - cp Build/OvmfX64/*/FV/OVMF_*.fd ovmf/ - rm -rf Build/OvmfX64 - - ./OvmfPkg/build.sh \ - -a "${TARGET_ARCH}" -b "${TARGET_NAME}" -t "${TARGET_TOOLS}" \ - ${SECUREBOOT_BUILD_FLAGS} || die "OvmfPkg/build.sh failed" - - cp Build/OvmfX64/*/FV/OVMF_CODE.fd ovmf/OVMF_CODE.secboot.fd || die "cp failed" - cp Build/OvmfX64/*/X64/Shell.efi ovmf/ || die "cp failed" - cp Build/OvmfX64/*/X64/EnrollDefaultKeys.efi ovmf || die "cp failed" - - # Build a convenience UefiShell.img: - - mkdir -p iso_image/efi/boot || die "mkdir failed" - cp ovmf/Shell.efi iso_image/efi/boot/bootx64.efi || die "cp failed" - cp ovmf/EnrollDefaultKeys.efi iso_image || die "cp failed" - qemu-img convert --image-opts \ - driver=vvfat,floppy=on,fat-type=12,label=UEFI_SHELL,dir=iso_image \ - ovmf/UefiShell.img || die "qemu-img failed" -} - -src_install() { - insinto /usr/share/${PN} - doins ovmf/* - - insinto /usr/share/qemu/firmware - doins qemu/* - rm "${ED}"/usr/share/qemu/firmware/40-edk2-ovmf-x64-sb-enrolled.json || die "rm failed" - - secureboot_auto_sign --in-place - - readme.gentoo_create_doc -} - -pkg_postinst() { - readme.gentoo_print_elog -} diff --git a/sys-firmware/edk2-ovmf/edk2-ovmf-202405.ebuild b/sys-firmware/edk2-ovmf/edk2-ovmf-202405.ebuild deleted file mode 100644 index 252893dab349..000000000000 --- a/sys-firmware/edk2-ovmf/edk2-ovmf-202405.ebuild +++ /dev/null @@ -1,161 +0,0 @@ -# Copyright 1999-2024 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -PYTHON_REQ_USE="sqlite" -PYTHON_COMPAT=( python3_12 ) - -inherit python-any-r1 readme.gentoo-r1 secureboot - -DESCRIPTION="UEFI firmware for 64-bit x86 virtual machines" -HOMEPAGE="https://github.com/tianocore/edk2" - -BUNDLED_OPENSSL_SUBMODULE_SHA="de90e54bbe82e5be4fb9608b6f5c308bb837d355" -BUNDLED_BROTLI_SUBMODULE_SHA="f4153a09f87cbb9c826d8fc12c74642bb2d879ea" -BUNDLED_MIPI_SYS_T_SUBMODULE_SHA="370b5944c046bab043dd8b133727b2135af7747a" -BUNDLED_MBEDTLS_SUBMODULE_SHA="8c89224991adff88d53cd380f42a2baa36f91454" -BUNDLED_LIBSPDM_SUBMODULE_SHA="828ef62524bcaeca4e90d0c021221e714872e2b5" - -SRC_URI="https://github.com/tianocore/edk2/archive/edk2-stable${PV}.tar.gz -> ${P}.tar.gz - https://github.com/openssl/openssl/archive/${BUNDLED_OPENSSL_SUBMODULE_SHA}.tar.gz -> openssl-${BUNDLED_OPENSSL_SUBMODULE_SHA}.tar.gz - https://github.com/google/brotli/archive/${BUNDLED_BROTLI_SUBMODULE_SHA}.tar.gz -> brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}.tar.gz - https://github.com/MIPI-Alliance/public-mipi-sys-t/archive/${BUNDLED_MIPI_SYS_T_SUBMODULE_SHA}.tar.gz -> mipi-sys-t-${BUNDLED_MIPI_SYS_T_SUBMODULE_SHA}.tar.gz - https://github.com/Mbed-TLS/mbedtls/archive/${BUNDLED_MBEDTLS_SUBMODULE_SHA}.tar.gz -> mbedtls-${BUNDLED_MIPI_SYS_T_SUBMODULE_SHA}.tar.gz - https://github.com/DMTF/libspdm/archive/${BUNDLED_LIBSPDM_SUBMODULE_SHA}.tar.gz -> libspdm-${BUNDLED_MIPI_SYS_T_SUBMODULE_SHA}.tar.gz - https://dev.gentoo.org/~ajak/distfiles/${PN}-202202-qemu-firmware.tar.xz" - -S="${WORKDIR}/edk2-edk2-stable${PV}" - -LICENSE="BSD-2 MIT" -SLOT="0" -KEYWORDS="-* ~amd64" - -BDEPEND="app-emulation/qemu - >=dev-lang/nasm-2.0.7 - >=sys-power/iasl-20160729 - ${PYTHON_DEPS}" -RDEPEND="!sys-firmware/edk2-ovmf-bin" - -DISABLE_AUTOFORMATTING=true -DOC_CONTENTS="This package contains the tianocore edk2 UEFI firmware for 64-bit x86 -virtual machines. The firmware is located under - /usr/share/edk2-ovmf/OVMF_CODE.fd - /usr/share/edk2-ovmf/OVMF_VARS.fd - /usr/share/edk2-ovmf/OVMF_CODE.secboot.fd - -If USE=binary is enabled, we also install an OVMF variables file (coming from -fedora) that contains secureboot default keys - - /usr/share/edk2-ovmf/OVMF_VARS.secboot.fd - -If you have compiled this package by hand, you need to either populate all -necessary EFI variables by hand by booting - /usr/share/edk2-ovmf/UefiShell.(iso|img) -or creating OVMF_VARS.secboot.fd by hand: - https://github.com/puiterwijk/qemu-ovmf-secureboot - -The firmware does not support csm (due to no free csm implementation -available). If you need a firmware with csm support you have to download -one for yourself. Firmware blobs are commonly labeled - OVMF{,_CODE,_VARS}-with-csm.fd - -In order to use the firmware you can run qemu the following way - - $ qemu-system-x86_64 \ - -drive file=/usr/share/edk2-ovmf/OVMF.fd,if=pflash,format=raw,unit=0,readonly=on \ - ..." - -pkg_setup() { - python-any-r1_pkg_setup - secureboot_pkg_setup -} - -src_prepare() { - # Bundled submodules - cp -rl "${WORKDIR}/openssl-${BUNDLED_OPENSSL_SUBMODULE_SHA}"/* "CryptoPkg/Library/OpensslLib/openssl/" \ - || die "copying openssl failed" - cp -rl "${WORKDIR}/brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}"/* "BaseTools/Source/C/BrotliCompress/brotli/" \ - || die "copying brotli failed" - cp -rl "${WORKDIR}/brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}"/* \ - "MdeModulePkg/Library/BrotliCustomDecompressLib/brotli/" || die "copying brotli failed" - cp -rl "${WORKDIR}/public-mipi-sys-t-${BUNDLED_MIPI_SYS_T_SUBMODULE_SHA}"/* "MdePkg/Library/MipiSysTLib/mipisyst/" \ - || die "copying mipi-sys-t failed" - cp -rl "${WORKDIR}/mbedtls-${BUNDLED_MBEDTLS_SUBMODULE_SHA}"/* "CryptoPkg/Library/MbedTlsLib/mbedtls/" \ - || die "copying mbedtls failed" - cp -rl "${WORKDIR}/libspdm-${BUNDLED_LIBSPDM_SUBMODULE_SHA}"/* "SecurityPkg/DeviceSecurity/SpdmLib/libspdm" \ - || die "copying libspdm failed" - - default -} - -src_compile() { - TARGET_ARCH=X64 - TARGET_NAME=RELEASE - TARGET_TOOLS=GCC5 - - BUILD_FLAGS="-D TLS_ENABLE \ - -D HTTP_BOOT_ENABLE \ - -D NETWORK_IP6_ENABLE \ - -D TPM_ENABLE \ - -D TPM2_ENABLE -D TPM2_CONFIG_ENABLE \ - -D FD_SIZE_2MB" - - SECUREBOOT_BUILD_FLAGS="${BUILD_FLAGS} \ - -D SECURE_BOOT_ENABLE \ - -D SMM_REQUIRE \ - -D EXCLUDE_SHELL_FROM_FD" - - export LDFLAGS="-z notext" - export EXTRA_LDFLAGS="-z notext" - export DLINK_FLAGS="-z notext" - - emake ARCH=${TARGET_ARCH} -C BaseTools - - . ./edksetup.sh - - # Build all EFI firmware blobs: - - mkdir -p ovmf || die - - ./OvmfPkg/build.sh \ - -a "${TARGET_ARCH}" -b "${TARGET_NAME}" -t "${TARGET_TOOLS}" \ - ${BUILD_FLAGS} || die "OvmfPkg/build.sh failed" - - cp Build/OvmfX64/*/FV/OVMF_*.fd ovmf/ - rm -r Build/OvmfX64 || die - - ./OvmfPkg/build.sh \ - -a "${TARGET_ARCH}" -b "${TARGET_NAME}" -t "${TARGET_TOOLS}" \ - ${SECUREBOOT_BUILD_FLAGS} || die "OvmfPkg/build.sh failed" - - cp Build/OvmfX64/*/FV/OVMF_CODE.fd ovmf/OVMF_CODE.secboot.fd || die "cp failed" - cp Build/OvmfX64/*/X64/Shell.efi ovmf/ || die "cp failed" - cp Build/OvmfX64/*/X64/EnrollDefaultKeys.efi ovmf || die "cp failed" - - # Build a convenience UefiShell.img: - - mkdir -p iso_image/efi/boot || die "mkdir failed" - cp ovmf/Shell.efi iso_image/efi/boot/bootx64.efi || die "cp failed" - cp ovmf/EnrollDefaultKeys.efi iso_image || die "cp failed" - qemu-img convert --image-opts \ - driver=vvfat,floppy=on,fat-type=12,label=UEFI_SHELL,dir=iso_image \ - ovmf/UefiShell.img || die "qemu-img failed" -} - -src_install() { - insinto /usr/share/${PN} - doins ovmf/* - - insinto /usr/share/qemu/firmware - doins "${S}"/../edk2-edk2-stable202202/qemu/* - rm "${ED}"/usr/share/qemu/firmware/40-edk2-ovmf-x64-sb-enrolled.json || die "rm failed" - - secureboot_auto_sign --in-place - - readme.gentoo_create_doc -} - -pkg_postinst() { - readme.gentoo_print_elog -} diff --git a/sys-firmware/edk2-ovmf/files/edk2-ovmf-202105-werror.patch b/sys-firmware/edk2-ovmf/files/edk2-ovmf-202105-werror.patch deleted file mode 100644 index db71faed7728..000000000000 --- a/sys-firmware/edk2-ovmf/files/edk2-ovmf-202105-werror.patch +++ /dev/null @@ -1,38 +0,0 @@ -diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template -index 498696e..8a360f4 100755 ---- a/BaseTools/Conf/tools_def.template -+++ b/BaseTools/Conf/tools_def.template -@@ -1863,7 +1863,7 @@ NOOPT_*_*_OBJCOPY_ADDDEBUGFLAG = --add-gnu-debuglink=$(DEBUG_DIR)/$(MODULE_N - *_*_*_DTCPP_PATH = DEF(DTCPP_BIN) - *_*_*_DTC_PATH = DEF(DTC_BIN) - --DEFINE GCC_ALL_CC_FLAGS = -g -Os -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -include AutoGen.h -fno-common -+DEFINE GCC_ALL_CC_FLAGS = -g -Os -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Wno-array-bounds -include AutoGen.h -fno-common - DEFINE GCC_IA32_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -m32 -malign-double -freorder-blocks -freorder-blocks-and-partition -O2 -mno-stack-arg-probe - DEFINE GCC_X64_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mno-red-zone -Wno-address -mno-stack-arg-probe - DEFINE GCC_ARM_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mlittle-endian -mabi=aapcs -fno-short-enums -funsigned-char -ffunction-sections -fdata-sections -fomit-frame-pointer -Wno-address -mthumb -mfloat-abi=soft -fno-pic -fno-pie -diff --git a/BaseTools/Source/C/Makefiles/header.makefile b/BaseTools/Source/C/Makefiles/header.makefile -index 0df728f..49f9706 100644 ---- a/BaseTools/Source/C/Makefiles/header.makefile -+++ b/BaseTools/Source/C/Makefiles/header.makefile -@@ -82,17 +82,17 @@ BUILD_OPTFLAGS = -O2 $(EXTRA_OPTFLAGS) - - ifeq ($(DARWIN),Darwin) - # assume clang or clang compatible flags on OS X --BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror \ -+BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -Wall \ - -Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -g - else - ifeq ($(CXX), llvm) - BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -fwrapv \ ---fno-delete-null-pointer-checks -Wall -Werror \ -+-fno-delete-null-pointer-checks -Wall \ - -Wno-deprecated-declarations -Wno-self-assign \ - -Wno-unused-result -nostdlib -g - else - BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -fwrapv \ ---fno-delete-null-pointer-checks -Wall -Werror \ -+-fno-delete-null-pointer-checks -Wall \ - -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict \ - -Wno-unused-result -nostdlib -g - endif diff --git a/sys-firmware/edk2-ovmf/files/edk2-ovmf-202202-binutils-2.41-textrels.patch b/sys-firmware/edk2-ovmf/files/edk2-ovmf-202202-binutils-2.41-textrels.patch deleted file mode 100644 index 22d33c9097aa..000000000000 --- a/sys-firmware/edk2-ovmf/files/edk2-ovmf-202202-binutils-2.41-textrels.patch +++ /dev/null @@ -1,21 +0,0 @@ -https://bugs.gentoo.org/913110 ---- a/BaseTools/Conf/tools_def.template -+++ b/BaseTools/Conf/tools_def.template -@@ -1906,7 +1906,7 @@ DEFINE GCC48_IA32_X64_DLINK_COMMON = -nostdlib -Wl,-n,-q,--gc-sections -z comm - DEFINE GCC48_IA32_CC_FLAGS = DEF(GCC48_ALL_CC_FLAGS) -m32 -march=i586 -malign-double -fno-stack-protector -D EFI32 -fno-asynchronous-unwind-tables -Wno-address - DEFINE GCC48_X64_CC_FLAGS = DEF(GCC48_ALL_CC_FLAGS) -m64 -fno-stack-protector "-DEFIAPI=__attribute__((ms_abi))" -maccumulate-outgoing-args -mno-red-zone -Wno-address -mcmodel=small -fpie -fno-asynchronous-unwind-tables -Wno-address - DEFINE GCC48_IA32_X64_ASLDLINK_FLAGS = DEF(GCC48_IA32_X64_DLINK_COMMON) -Wl,--entry,ReferenceAcpiTable -u ReferenceAcpiTable --DEFINE GCC48_IA32_X64_DLINK_FLAGS = DEF(GCC48_IA32_X64_DLINK_COMMON) -Wl,--entry,$(IMAGE_ENTRY_POINT) -u $(IMAGE_ENTRY_POINT) -Wl,-Map,$(DEST_DIR_DEBUG)/$(BASE_NAME).map,--whole-archive -+DEFINE GCC48_IA32_X64_DLINK_FLAGS = DEF(GCC48_IA32_X64_DLINK_COMMON) -Wl,--entry,$(IMAGE_ENTRY_POINT) -u $(IMAGE_ENTRY_POINT) -Wl,-Map,$(DEST_DIR_DEBUG)/$(BASE_NAME).map,--whole-archive -Wl,-z,notext - DEFINE GCC48_IA32_DLINK2_FLAGS = -Wl,--defsym=PECOFF_HEADER_SIZE=0x220 DEF(GCC_DLINK2_FLAGS_COMMON) - DEFINE GCC48_X64_DLINK_FLAGS = DEF(GCC48_IA32_X64_DLINK_FLAGS) -Wl,-melf_x86_64,--oformat=elf64-x86-64,-pie - DEFINE GCC48_X64_DLINK2_FLAGS = -Wl,--defsym=PECOFF_HEADER_SIZE=0x228 DEF(GCC_DLINK2_FLAGS_COMMON) -@@ -1929,7 +1929,7 @@ DEFINE GCC49_IA32_CC_FLAGS = DEF(GCC48_IA32_CC_FLAGS) -fno-pic -fno-pi - DEFINE GCC49_X64_CC_FLAGS = DEF(GCC48_X64_CC_FLAGS) - DEFINE GCC49_IA32_X64_DLINK_COMMON = -nostdlib -Wl,-n,-q,--gc-sections -z common-page-size=0x40 - DEFINE GCC49_IA32_X64_ASLDLINK_FLAGS = DEF(GCC49_IA32_X64_DLINK_COMMON) -Wl,--defsym=PECOFF_HEADER_SIZE=0 DEF(GCC_DLINK2_FLAGS_COMMON) -Wl,--entry,ReferenceAcpiTable -u ReferenceAcpiTable --DEFINE GCC49_IA32_X64_DLINK_FLAGS = DEF(GCC49_IA32_X64_DLINK_COMMON) -Wl,--entry,$(IMAGE_ENTRY_POINT) -u $(IMAGE_ENTRY_POINT) -Wl,-Map,$(DEST_DIR_DEBUG)/$(BASE_NAME).map,--whole-archive -+DEFINE GCC49_IA32_X64_DLINK_FLAGS = DEF(GCC49_IA32_X64_DLINK_COMMON) -Wl,--entry,$(IMAGE_ENTRY_POINT) -u $(IMAGE_ENTRY_POINT) -Wl,-Map,$(DEST_DIR_DEBUG)/$(BASE_NAME).map,--whole-archive -Wl,-z,notext - DEFINE GCC49_IA32_DLINK2_FLAGS = DEF(GCC48_IA32_DLINK2_FLAGS) - DEFINE GCC49_X64_DLINK_FLAGS = DEF(GCC49_IA32_X64_DLINK_FLAGS) -Wl,-melf_x86_64,--oformat=elf64-x86-64,-pie - DEFINE GCC49_X64_DLINK2_FLAGS = DEF(GCC48_X64_DLINK2_FLAGS) diff --git a/sys-firmware/edk2-ovmf/files/edk2-ovmf-202202-lld-textrels.patch b/sys-firmware/edk2-ovmf/files/edk2-ovmf-202202-lld-textrels.patch deleted file mode 100644 index eb8b6296fcff..000000000000 --- a/sys-firmware/edk2-ovmf/files/edk2-ovmf-202202-lld-textrels.patch +++ /dev/null @@ -1,43 +0,0 @@ -https://bugs.gentoo.org/913110 -https://github.com/tianocore/edk2/commit/a257988f590ba90dd8394dd6bc7014ae9d814a08 - -From a257988f590ba90dd8394dd6bc7014ae9d814a08 Mon Sep 17 00:00:00 2001 -From: Ard Biesheuvel -Date: Mon, 3 Apr 2023 22:29:15 +0800 -Subject: [PATCH] BaseTools/tools_def CLANGDWARF: Permit text relocations - -We rely on PIE executables to get the codegen that is suitable for -PE/COFF conversion where the resulting executables can be loaded -anywhere in the address space. - -However, ELF linkers may default to disallowing text relocations in PIE -executables, as this would require text segments to be updated at -runtime, which is bad for security and increases the copy-on-write -footprint of ELF executables and shared libraries. - -However, none of those concerns apply to PE/COFF executables in the -context of EFI, which are copied into memory rather than mmap()'ed, and -fixed up by the loader before launch. - -So pass -z notext to the LLD linker to permit runtime relocations in -read-only sections. - -Signed-off-by: Ard Biesheuvel -Reviewed-by: Rebecca Cran ---- - BaseTools/Conf/tools_def.template | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template -index 39c49b8001f4..9a5c11f6a385 100755 ---- a/BaseTools/Conf/tools_def.template -+++ b/BaseTools/Conf/tools_def.template -@@ -2870,7 +2870,7 @@ DEFINE CLANGDWARF_X64_PREFIX = ENV(CLANG_BIN) - DEFINE CLANGDWARF_IA32_X64_DLINK_COMMON = -nostdlib -Wl,-q,--gc-sections -z max-page-size=0x40 - DEFINE CLANGDWARF_DLINK2_FLAGS_COMMON = -Wl,--script=$(EDK_TOOLS_PATH)/Scripts/ClangBase.lds - DEFINE CLANGDWARF_IA32_X64_ASLDLINK_FLAGS = DEF(CLANGDWARF_IA32_X64_DLINK_COMMON) -Wl,--defsym=PECOFF_HEADER_SIZE=0 DEF(CLANGDWARF_DLINK2_FLAGS_COMMON) -Wl,--entry,ReferenceAcpiTable -u ReferenceAcpiTable --DEFINE CLANGDWARF_IA32_X64_DLINK_FLAGS = DEF(CLANGDWARF_IA32_X64_DLINK_COMMON) -Wl,--entry,$(IMAGE_ENTRY_POINT) -u $(IMAGE_ENTRY_POINT) -Wl,-Map,$(DEST_DIR_DEBUG)/$(BASE_NAME).map,--whole-archive -+DEFINE CLANGDWARF_IA32_X64_DLINK_FLAGS = DEF(CLANGDWARF_IA32_X64_DLINK_COMMON) -Wl,--entry,$(IMAGE_ENTRY_POINT) -u $(IMAGE_ENTRY_POINT) -Wl,-Map,$(DEST_DIR_DEBUG)/$(BASE_NAME).map,--whole-archive -Wl,-z,notext - DEFINE CLANGDWARF_IA32_DLINK2_FLAGS = -Wl,--defsym=PECOFF_HEADER_SIZE=0x220 DEF(CLANGDWARF_DLINK2_FLAGS_COMMON) - DEFINE CLANGDWARF_X64_DLINK2_FLAGS = -Wl,--defsym=PECOFF_HEADER_SIZE=0x228 DEF(CLANGDWARF_DLINK2_FLAGS_COMMON) - diff --git a/sys-firmware/edk2-ovmf/metadata.xml b/sys-firmware/edk2-ovmf/metadata.xml deleted file mode 100644 index e592a464117a..000000000000 --- a/sys-firmware/edk2-ovmf/metadata.xml +++ /dev/null @@ -1,15 +0,0 @@ - - - - - virtualization@gentoo.org - Gentoo Virtualization Project - - - Use pre-built binaries - - - tianocore/edk2 - cpe:/a:tianocore:edk2 - - diff --git a/sys-firmware/edk2/Manifest b/sys-firmware/edk2/Manifest new file mode 100644 index 000000000000..4406d2da315e --- /dev/null +++ b/sys-firmware/edk2/Manifest @@ -0,0 +1,33 @@ +AUX descriptors/30-edk2-aarch64-qcow2-sb-enrolled.json 785 BLAKE2B 4755cb98f8259145307f46cefc3069a342668dd5778d7d0c5e28e9f87174110fe64887189c7412224cb0f903402df4a67d0aca8e1d0b1a244c842605b2a4f2aa SHA512 032c45ea38866e9b82879ec8c5422acf9519130ddd84695a86af6db9ac426ef2f5d7952b96d704f54c667a222300228f9bb3401aac38aa17cbd2f4d6126e2ab3 +AUX descriptors/30-edk2-ovmf-4m-qcow2-x64-sb-enrolled.json 799 BLAKE2B cf3ac348544197efcb07f3bae0da1876507fcd16f6c11174743dc08a8839e5e80741f46340832ffb9973950a94b72ad05c38908e877d38636153a8a60f16ea20 SHA512 ee3bac69e7badc6282de87f7cafb8df9cb020deb044e260d36751ebef875a8efc9872c8aeaefe65fa4d155470bb411c1dad0b311e661f68ca8846bb1e0c67fcb +AUX descriptors/31-edk2-ovmf-2m-raw-x64-sb-enrolled.json 795 BLAKE2B 69e436512b7f27e56f041b2a91b8c49aa36c5fa60b3f13c436a1b2e42c329762f7ccefa5889d55ae4958ddb71b963fe677362966469c3fb5eefad86741a83171 SHA512 90c76f8ba67f77cbd40d6c1d549a94e7224e08bbc5a06ad5f5032d62a93c07a369e12adce33e76a79c55c12193cac3e06ab8cbf87f5f6681b37d4c66ff95c18e +AUX descriptors/40-edk2-aarch64-qcow2-sb.json 728 BLAKE2B be4c06aa2ad5be54bd0cf340f6f63f959a366268e05996787aa56af594c87ad2f1808ab450ed6016f496f6a87351cdcb4fb6117c6588ae739f75f8b62916da8e SHA512 d98edf3301f66d49588309cde806e6f25446a053c69d794f0c564c8002a9e216d310cbc128d84e46def6094cb2141ca6b0fe82ecaaa8ce7813a40d3c278145b5 +AUX descriptors/40-edk2-ovmf-4m-qcow2-x64-sb.json 763 BLAKE2B 21fdf8998e9d7da60039e6c525051d3eb28f6b6f9791bd0489b6aae49a3bf178a54509bd25cab4c22bc96a058768f88260e9df4061f9f92ac29ac34608f6b08f SHA512 5276eabee164f64e6ad0b873fc3cd420da2c8a684018e546b988b863eb4c0385781cd9c2071f8e75248ff7f78a212948449a069de67d48405cffd9b6df442d1a +AUX descriptors/41-edk2-ovmf-2m-raw-x64-sb.json 747 BLAKE2B 7872e2d81d8e6584bc73e8c53316df2a70e9e083f0d56a557d3eda6faad0aa76478be768df760d1eb898f41f8091b4f2c1a98164a25f5d09f2b9f3cac739a655 SHA512 0cf7f2124781d3874e2f94039cf06661c94b2a5d7000a0b2785f67dbd56677541cf425c5321f1e3630fe5ad6868682e4254038d126cf30e85411b84921224962 +AUX descriptors/50-edk2-aarch64-qcow2-nosb.json 682 BLAKE2B 9cd6742f66ee7dd7f13d910adb59ce746ffe35d0324a757f9eeb94d86c2d6ee62b59ef5df3a007561c51e6c2309a917ec579539dd2d89fb8add606973e4146e5 SHA512 c95ce6e5e4f086a649f92baa928409cb023489c0df74c5a7fedb7e6f6e832b3cb321c8245f4a0885d7f1deba0c46ebde202326ed465fd10dc6d2041a4943b827 +AUX descriptors/50-edk2-ovmf-4m-qcow2-x64-nosb.json 783 BLAKE2B ac38aa9b1f7c0d039ebb28dcaaec737db95f7a1de147c6617c1544a30a6d2b3772af9c0e14a6d967bc77c5923ee337c910a2a3cf81b4ca6f1b45d34ad022faef SHA512 371514d13eee58acab6330aaa213558849b7437c34b2fc21d4d7b1fb4e9b7c650f9b99ec2f416be19c4875358c58b5097c2681dc18416b019454c5d0520e48bc +AUX descriptors/51-edk2-ovmf-2m-raw-x64-nosb.json 767 BLAKE2B b2604ec54c60f05ccc33cd9a10956f394d4da428abba2fb39209d38d8efc06840c6dc57922e28143e61bc01298f9281362d5cba342cfe49dfb4993f012dd554b SHA512 df4e03dc266c3e1806b495b4f7d0e4718c4881fc7a3c6edd83aaab66fbd329b5dfa52c8dc3698064a23369ec39864b7f50878b38ae5de8a8bf02447144638d10 +AUX edk2-202105-werror.patch 2355 BLAKE2B 6ce16c0181da1922130209141cde93d1d0407c62f31927270dfe684ebe58cdda94269566231f5b5d0dbb8c1fbde55bd62be881925547d0b1d38b90563e3f480c SHA512 bca368756bab75345e4010b3c0eaa0d3e6a34e172aa662e09a4c89f90d4b4bc6a20a28b7bce5b0fdd678f7f9113193d09a89e49b5d1d6b8a362c445b4098189f +AUX edk2-202202-binutils-2.41-textrels.patch 2600 BLAKE2B e3ddfcf36190762cf2589faa777f19f04bc7d3363a226885fa96a17cfbd29f9dd6d6b6501f85080c789b09c34a9174154e2b9dca7f1d1cd274841cf20e8835d2 SHA512 17c01bfc9eb2d2f356e16c08ef5c3def635fd502a9e50692bd5aa3e3a11f999997d0783c8a3b828ede96b34a1e23d4a6d9398607f4a9d0ddc597de3fa2e9a8cf +AUX edk2-202202-lld-textrels.patch 2555 BLAKE2B 63b31c92b2fdd043a9569538f448f9b1d5c6d5ec00e981344b07c41fa370acfd69863939475e9d3565c5a52429af61268e72f9531734f8faad87cd6fca9d84cd SHA512 2cbdc3c40267f82ac6a958b6569c5056e8700466732155aaebc041e176c228cf6036632d04225fa86e1de953cb4717a2b6d5e76efda15aa26a50a5ddb8233e05 +AUX edk2-202408-binutils-2.41-textrels.patch 1308 BLAKE2B eefd07cd2c118a09accd10e27704ff21ed590e44c190431b5e06600149dbaa062db84ef923c6a0a460ac3dc6610c1ea918307510f0e9d7637a23aeaf78dc2d85 SHA512 bbc19b6403e1814440ff8b3a8b326a001997a791ee85d0b70270b72af8ced3cd63b9e2347f95d491dd53975cb149b1ce4d8bde5d4e5b5b0b9fe6ba545e9de100 +AUX edk2-202408-werror.patch 4581 BLAKE2B f0c0ad36fa85edf968f79e759a7c619c47ecd1b341b573d9389997b5229b0349ab7f0efe27118bf8f6d5eb70c89ed068245f7ad1dc7902ab3438a233cc6fb13d SHA512 1109cd1e40dae4310c2132a03a24ab1a371950de154799a5d9d8a0c4b364e578520cbdfb1ec272fad26fd4eddd1fbdd809e917bf25d39df60cb2e29c02edccaf +DIST arm64_DBXUpdate_05092023.bin 4610 BLAKE2B 4c6628e5c297a26ca5a1235e377a794fdc18f8201dc7bcb134eb5dd164cc16497ff8d7e598509a61dadf3aa6e8525c9c9e4ca597af62a1c93f97945594517303 SHA512 5a2816e3ff73fef1d258c1418a09b264291408493147399da6b71b6a20bd6b347c00153e22589b2635172cdc57de404ff423be41a6c382a9b25ee9a76922f397 +DIST brotli-f4153a09f87cbb9c826d8fc12c74642bb2d879ea.tar.gz 512229 BLAKE2B cd86cc2cc7eefad24f87cda8006409bf764922b5f23ccfb951e7a41214b12004ce532b11f94f5fb858b3bf71f9abf8ef17ba219fa96bd5be23b51873afad0fd5 SHA512 7f48e794e738b31c2005e7cef6d8c0cc0d543f1cd8c137ae8ba14602cac2873de6299a3f32ad52be869f513e7548341353ed049609daef1063975694d9a9b80b +DIST edk2-202408.tar.gz 17548980 BLAKE2B 12723a593d2767577f74cfa69f4a02ec784347994af6eb77aea7eb9e9e9f7fedb6b47698af2f07ef98848bbb4bf16248179cf117cf9abdf17be73157a0a03fc2 SHA512 d679d905f8b0ddbf60b1c9a0282e403bf51d0fbe55d85a8ea3e4af1778874e947d224e3671f9e82cddd5cd906c1472ff3973498d969414bdd67d0b49f5b8a251 +DIST edk2-ovmf-202202-qemu-firmware.tar.xz 664 BLAKE2B 1aa4e25804ce0f3c967c80999315de24eaef6682e42dddd81c274ce4603ec3d15186de752de49e2527c6bd5517080c002a357ed6bc389b5afd6f7a4d93edeb44 SHA512 f9a29212274a99796784673d873e0eee7d3e2a5cf9e63192453841ee3a4ef4b813c7b2357fc7000f39c71ed6c66636daab772abb51d3972a2a56ade8a4c68faf +DIST edk2-ovmf-202202.tar.gz 14208170 BLAKE2B d8411e6808b335ccd551349a10c983b9448a357e73273fa6c30a07785e27feffed0224950ee98b668712c33f6739a9b006e5043b7dfd014f48dba9fd449b3354 SHA512 200690a4867331de06e0478869b85577bc510213ebe679f2103160efb84d94c82ac8481ef1f15c3e42c1e9f22b7c5ef0d6c8f2c655bce7702ce843551cf9bb83 +DIST edk2-ovmf-202405.tar.gz 17091190 BLAKE2B ee2f4c8674ecd7a17e4ee1b067cf1caffb46c3345f39ab15b715964b8e114d01538ae4d4152ab6a3eeebdae602128604d57c02fc0da83f46c291559fe39f49d2 SHA512 3bad4c8417b0c9b68fc6b6b85a4b15c5be8daf672177ce66d7b224b1da7a90f643021adbdd6bc96f95417fc8654c4c6b191cd39f6c1be955946360bfa8e2cb5f +DIST libspdm-370b5944c046bab043dd8b133727b2135af7747a.tar.gz 1962880 BLAKE2B 89606315fadcf00b2909f264a6edcb2b900dfe248357ea45c37c5a9c947a4d684866627d85132cc51d44d90853d63814eaf9d2b4acdd1a9621b1d6600ca4a0a4 SHA512 07b2b376a84e86647d7a831ee6686d1cf647033ac339afb7c4ea7846cf4e9f7f529a2866bc68ea172d44f1f1efadc8bf1646c3d7fe7e6b6175286ef9c743b206 +DIST libspdm-50924a4c8145fc721e17208f55814d2b38766fe6.tar.gz 1967479 BLAKE2B fe15ac34fa65a86b13ed3a44959d860dc1bf39fd9a4bd2dcde2d2ec6ad9490f5d7d53320c481f9cf931a636527719c29eb315d178f2bd48cb905216849b633b4 SHA512 f11e748e40b66c37365175ff0ef9c0a695db2e7da50da2cf8a33267064b53e5938cfb1363d27e5ce0a174b2059533352bb8a44c48003db900c6b844167473198 +DIST mbedtls-370b5944c046bab043dd8b133727b2135af7747a.tar.gz 4587796 BLAKE2B c28df5c52ac3ed5ef6a2b9eba29f3894d3f5f11083869e8b137cd66d4f72b2a0971c91636ce4626869bd06eeb5e661d90160021f92564b9449fb13001b8e379f SHA512 a421c03c740867210f9e30457bc951928cafec3622e1e304f8c18ce5c5e27c5c8e6c7715180ecb74c6a997e4b91ee160e52b357e1bb65ff76ce8414a87ec4889 +DIST mbedtls-8c89224991adff88d53cd380f42a2baa36f91454.tar.gz 4587796 BLAKE2B c28df5c52ac3ed5ef6a2b9eba29f3894d3f5f11083869e8b137cd66d4f72b2a0971c91636ce4626869bd06eeb5e661d90160021f92564b9449fb13001b8e379f SHA512 a421c03c740867210f9e30457bc951928cafec3622e1e304f8c18ce5c5e27c5c8e6c7715180ecb74c6a997e4b91ee160e52b357e1bb65ff76ce8414a87ec4889 +DIST mipi-sys-t-370b5944c046bab043dd8b133727b2135af7747a.tar.gz 378522 BLAKE2B d3f1033e78ad814ebb991e66d8c1437aa3583e91481af9785b97b6021c7c45fb9dcb8d2d58d0a0fe84fbd9f108d24a27234df298eb8a2ba2340e5c9c85c89c40 SHA512 de6888577ceab7ab6915d792f3c48248cfa53357ccd310fc7f7eae4d25a932de8c7c23e5b898c9ebf61cf86cb538277273f2eb131a628b3bf0d46c9a3b9b6686 +DIST openssl-d82e959e621a3d597f1e0d50ff8c2d8b96915fd7.tar.gz 10034310 BLAKE2B 6996979dc12a523d565830e7b0943feb682a376f71ddb6f20cb8b9976bb7f12e39f088abaa45d514933ef79c0e4a2933dc6f1af4774fedaa16e74c0081c358e7 SHA512 a89bc652dc4318c5e8a9c594a43d890ca05dfc1acd6b15e2a8ab8b5628b5f33994143ff8024230e07b9e67556b28ea3a5e36763aa72dec20b52022ca8c6f2a7e +DIST openssl-de90e54bbe82e5be4fb9608b6f5c308bb837d355.tar.gz 15337569 BLAKE2B bb0b2f4ee7838178e8e23317b6c63048611d805e20c81d6c875d9b515e6dbcf981cda38f031965c9ec45bcab3ac4725cfa793718b0212e92bf53b4c7fc3f4e32 SHA512 4bba15075dacc8c1772a95759cfe8620ff3a9d535e5d3d29bb15e4790cc543555ab45f0b239195361e534eca26249ae1b491b63cbf6b7ecda6f0840c7f6253ac +DIST pylibfdt-cfff805481bdea27f900c32698171286542b8d3c.tar.gz 49659 BLAKE2B 05e954fc2d72618b3f56c08bdfcd64479259902ee2613d034b66ebe50e33b02b243bed1191d8dcdcea9fcb2553f84a737ae12514d30c48e776efc858a4879894 SHA512 c2f4cbda24bc4a2140135de2db19fd7ad0b6eff2a748862b4166bf0e65f3e324e2855ea4331dafa2c82f44b4d01309c8ac50159cbcc076a968a1169c8709a523 +DIST x64_DBXUpdate_05092023.bin 21170 BLAKE2B 9b74945ef441e65c50116122bc24578c22c8f5f7af94e46322a96bd15035b79c0af4c1fd5366017b347b9aaf3f5791b9d6ea84ef141500700ccf69f708f91389 SHA512 71fb6e8cd6918126b3acd78b95651913336df372e13fdfdfdd20d5d23f0e509050c6c88c8a2c43f8ac44f987df86bd45174bb3065d5a7a8c7e3b8772fd06d624 +EBUILD edk2-202202.ebuild 4795 BLAKE2B 5d11f5d6372536904f81e425e156cd2b3c3f079b177cab26320bbee6a5951457feda66d0292bd9bbe4a55be7ff11483424e084f31389fd6ce0f9b409fe2477e2 SHA512 e35eb3bedbfcab220f93d3ecce9197ee56f31e71a75442c83189d1c2a47b88171b83bbcb2624b83b04e409498d596ccae3f1371a80e4d38c73c282e62b0ed52a +EBUILD edk2-202405.ebuild 5643 BLAKE2B 671abaa441d53f492894d637458b368e73c71507cd59b32cf0bb86269961b62fefd42bc192a5f77e842f203439e178b3b543eb201af6a5424699aecd12b13e84 SHA512 11e0e51862f2c3ebc709b4be496c0226a7cec8aeded59d57aa104bd983ab0716e784cedbd52b64d6b2a9ba16e8c34ef5b580a44b6d2ea87b11d9dbf918cd7149 +EBUILD edk2-202408.ebuild 9262 BLAKE2B c8f2694660c475c5614b1b4cba7d8e27ec1ba404f1d1e074ed17e8ffa27383d387bfaeda9d6f79bdca279e3f37a292130fc905991247c1630baf04eb2e949664 SHA512 58b441de8ea309e04ba7a7def3b8fcb6f674559a63bd82ac4c6dda062d574cf3f4200986151225adf8550e13750cca7f37be542307b4d367f088e2bc5b349d1c +MISC metadata.xml 401 BLAKE2B c64a51cd2895610b485f6a9922d27f8894cc20ddace93df39719a39160dda48af9202f52b624465785ac64c751bec6b1612ebad19395aaa31d2c112e3c5f6115 SHA512 a07b485f9c92dc368d2fd62783c323ec03620cebce5146762d12df66eccf515b1f0f6a3d266642135668e3109e0d4b3c888629e8e487d5dbf5fb60ddeab28599 diff --git a/sys-firmware/edk2/edk2-202202.ebuild b/sys-firmware/edk2/edk2-202202.ebuild new file mode 100644 index 000000000000..f6c7251611e8 --- /dev/null +++ b/sys-firmware/edk2/edk2-202202.ebuild @@ -0,0 +1,157 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_REQ_USE="sqlite" +PYTHON_COMPAT=( python3_{10..11} ) + +inherit python-any-r1 readme.gentoo-r1 secureboot + +DESCRIPTION="UEFI firmware for 64-bit x86 virtual machines" +HOMEPAGE="https://github.com/tianocore/edk2" + +BUNDLED_OPENSSL_SUBMODULE_SHA="d82e959e621a3d597f1e0d50ff8c2d8b96915fd7" +BUNDLED_BROTLI_SUBMODULE_SHA="f4153a09f87cbb9c826d8fc12c74642bb2d879ea" + +# TODO: talk with tamiko about unbundling (mva) + +# TODO: the binary 202105 package currently lacks the preseeded +# OVMF_VARS.secboot.fd file (that we typically get from fedora) + +SRC_URI="https://github.com/tianocore/edk2/archive/edk2-stable${PV}.tar.gz -> edk2-ovmf-${PV}.tar.gz + https://github.com/openssl/openssl/archive/${BUNDLED_OPENSSL_SUBMODULE_SHA}.tar.gz -> openssl-${BUNDLED_OPENSSL_SUBMODULE_SHA}.tar.gz + https://github.com/google/brotli/archive/${BUNDLED_BROTLI_SUBMODULE_SHA}.tar.gz -> brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}.tar.gz + https://dev.gentoo.org/~ajak/distfiles/edk2-ovmf-${PV}-qemu-firmware.tar.xz" + +LICENSE="BSD-2 MIT" +SLOT="0" +KEYWORDS="-* amd64" + +BDEPEND="app-emulation/qemu + >=dev-lang/nasm-2.0.7 + sys-apps/which + >=sys-power/iasl-20160729 + ${PYTHON_DEPS}" +RDEPEND="!sys-firmware/edk2-bin" + +PATCHES=( + "${FILESDIR}/${PN}-202105-werror.patch" + "${FILESDIR}/${PN}-202202-lld-textrels.patch" + "${FILESDIR}/${PN}-202202-binutils-2.41-textrels.patch" +) + +S="${WORKDIR}/edk2-edk2-stable${PV}" + +DISABLE_AUTOFORMATTING=true +DOC_CONTENTS="This package contains the tianocore edk2 UEFI firmware for 64-bit x86 +virtual machines. The firmware is located under + /usr/share/edk2-ovmf/OVMF_CODE.fd + /usr/share/edk2-ovmf/OVMF_VARS.fd + /usr/share/edk2-ovmf/OVMF_CODE.secboot.fd + +To use Secure Boot, you need to either populate the necessary EFI +variables by booting: + /usr/share/edk2-ovmf/UefiShell.img +or creating OVMF_VARS.secboot.fd by hand: + https://github.com/rhuefi/qemu-ovmf-secureboot + +The firmware does not support csm (due to no free csm implementation +available). If you need a firmware with csm support you have to download +one for yourself. Firmware blobs are commonly labeled + OVMF{,_CODE,_VARS}-with-csm.fd + +In order to use the firmware you can run qemu the following way + + $ qemu-system-x86_64 \ + -drive file=/usr/share/edk2-ovmf/OVMF.fd,if=pflash,format=raw,unit=0,readonly=on \ + ..." + +pkg_setup() { + python-any-r1_pkg_setup + secureboot_pkg_setup +} + +src_prepare() { + # Bundled submodules + cp -rl "${WORKDIR}/openssl-${BUNDLED_OPENSSL_SUBMODULE_SHA}"/* "CryptoPkg/Library/OpensslLib/openssl/" + cp -rl "${WORKDIR}/brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}"/* "BaseTools/Source/C/BrotliCompress/brotli/" + cp -rl "${WORKDIR}/brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}"/* "MdeModulePkg/Library/BrotliCustomDecompressLib/brotli/" + + sed -i -r \ + -e "/function SetupPython3/,/\}/{s,\\\$\(whereis python3\),${EPYTHON},g}" \ + "${S}"/edksetup.sh || die "Fixing for correct Python3 support failed" + + default +} + +src_compile() { + TARGET_ARCH=X64 + TARGET_NAME=RELEASE + TARGET_TOOLS=GCC49 + + BUILD_FLAGS="-D TLS_ENABLE \ + -D HTTP_BOOT_ENABLE \ + -D NETWORK_IP6_ENABLE \ + -D TPM_ENABLE \ + -D TPM2_ENABLE -D TPM2_CONFIG_ENABLE \ + -D FD_SIZE_2MB" + + SECUREBOOT_BUILD_FLAGS="${BUILD_FLAGS} \ + -D SECURE_BOOT_ENABLE \ + -D SMM_REQUIRE \ + -D EXCLUDE_SHELL_FROM_FD" + + export LDFLAGS="-z notext" + export EXTRA_LDFLAGS="-z notext" + export DLINK_FLAGS="-z notext" + + emake ARCH=${TARGET_ARCH} -C BaseTools + + . ./edksetup.sh + + # Build all EFI firmware blobs: + + mkdir -p ovmf + + ./OvmfPkg/build.sh \ + -a "${TARGET_ARCH}" -b "${TARGET_NAME}" -t "${TARGET_TOOLS}" \ + ${BUILD_FLAGS} || die "OvmfPkg/build.sh failed" + + cp Build/OvmfX64/*/FV/OVMF_*.fd ovmf/ + rm -rf Build/OvmfX64 + + ./OvmfPkg/build.sh \ + -a "${TARGET_ARCH}" -b "${TARGET_NAME}" -t "${TARGET_TOOLS}" \ + ${SECUREBOOT_BUILD_FLAGS} || die "OvmfPkg/build.sh failed" + + cp Build/OvmfX64/*/FV/OVMF_CODE.fd ovmf/OVMF_CODE.secboot.fd || die "cp failed" + cp Build/OvmfX64/*/X64/Shell.efi ovmf/ || die "cp failed" + cp Build/OvmfX64/*/X64/EnrollDefaultKeys.efi ovmf || die "cp failed" + + # Build a convenience UefiShell.img: + + mkdir -p iso_image/efi/boot || die "mkdir failed" + cp ovmf/Shell.efi iso_image/efi/boot/bootx64.efi || die "cp failed" + cp ovmf/EnrollDefaultKeys.efi iso_image || die "cp failed" + qemu-img convert --image-opts \ + driver=vvfat,floppy=on,fat-type=12,label=UEFI_SHELL,dir=iso_image \ + ovmf/UefiShell.img || die "qemu-img failed" +} + +src_install() { + insinto /usr/share/edk2-ovmf + doins ovmf/* + + insinto /usr/share/qemu/firmware + doins qemu/* + rm "${ED}"/usr/share/qemu/firmware/40-edk2-ovmf-x64-sb-enrolled.json || die "rm failed" + + secureboot_auto_sign --in-place + + readme.gentoo_create_doc +} + +pkg_postinst() { + readme.gentoo_print_elog +} diff --git a/sys-firmware/edk2/edk2-202405.ebuild b/sys-firmware/edk2/edk2-202405.ebuild new file mode 100644 index 000000000000..d7056b51f5f7 --- /dev/null +++ b/sys-firmware/edk2/edk2-202405.ebuild @@ -0,0 +1,162 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_REQ_USE="sqlite" +PYTHON_COMPAT=( python3_12 ) + +inherit python-any-r1 readme.gentoo-r1 secureboot + +DESCRIPTION="UEFI firmware for 64-bit x86 virtual machines" +HOMEPAGE="https://github.com/tianocore/edk2" + +BUNDLED_OPENSSL_SUBMODULE_SHA="de90e54bbe82e5be4fb9608b6f5c308bb837d355" +BUNDLED_BROTLI_SUBMODULE_SHA="f4153a09f87cbb9c826d8fc12c74642bb2d879ea" +BUNDLED_MIPI_SYS_T_SUBMODULE_SHA="370b5944c046bab043dd8b133727b2135af7747a" +BUNDLED_MBEDTLS_SUBMODULE_SHA="8c89224991adff88d53cd380f42a2baa36f91454" +BUNDLED_LIBSPDM_SUBMODULE_SHA="828ef62524bcaeca4e90d0c021221e714872e2b5" + +SRC_URI="https://github.com/tianocore/edk2/archive/edk2-stable${PV}.tar.gz -> edk2-ovmf-${PV}.tar.gz + https://github.com/openssl/openssl/archive/${BUNDLED_OPENSSL_SUBMODULE_SHA}.tar.gz -> openssl-${BUNDLED_OPENSSL_SUBMODULE_SHA}.tar.gz + https://github.com/google/brotli/archive/${BUNDLED_BROTLI_SUBMODULE_SHA}.tar.gz -> brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}.tar.gz + https://github.com/MIPI-Alliance/public-mipi-sys-t/archive/${BUNDLED_MIPI_SYS_T_SUBMODULE_SHA}.tar.gz -> mipi-sys-t-${BUNDLED_MIPI_SYS_T_SUBMODULE_SHA}.tar.gz + https://github.com/Mbed-TLS/mbedtls/archive/${BUNDLED_MBEDTLS_SUBMODULE_SHA}.tar.gz -> mbedtls-${BUNDLED_MIPI_SYS_T_SUBMODULE_SHA}.tar.gz + https://github.com/DMTF/libspdm/archive/${BUNDLED_LIBSPDM_SUBMODULE_SHA}.tar.gz -> libspdm-${BUNDLED_MIPI_SYS_T_SUBMODULE_SHA}.tar.gz + https://dev.gentoo.org/~ajak/distfiles/edk2-ovmf-202202-qemu-firmware.tar.xz" + +S="${WORKDIR}/edk2-edk2-stable${PV}" + +LICENSE="BSD-2 MIT" +SLOT="0" +KEYWORDS="-* ~amd64" + +BDEPEND="app-emulation/qemu + >=dev-lang/nasm-2.0.7 + sys-apps/which + >=sys-power/iasl-20160729 + ${PYTHON_DEPS}" +RDEPEND="!sys-firmware/edk2-bin" + +PATCHES=( + "${FILESDIR}/${PN}-202408-werror.patch" + "${FILESDIR}/${PN}-202408-binutils-2.41-textrels.patch" +) + +DISABLE_AUTOFORMATTING=true +DOC_CONTENTS="This package contains the tianocore edk2 UEFI firmware for 64-bit x86 +virtual machines. The firmware is located under + /usr/share/edk2-ovmf/OVMF_CODE.fd + /usr/share/edk2-ovmf/OVMF_VARS.fd + /usr/share/edk2-ovmf/OVMF_CODE.secboot.fd + +To use Secure Boot, you need to either populate the necessary EFI +variables by booting: + /usr/share/edk2-ovmf/UefiShell.img +or creating OVMF_VARS.secboot.fd by hand: + https://github.com/rhuefi/qemu-ovmf-secureboot + +The firmware does not support csm (due to no free csm implementation +available). If you need a firmware with csm support you have to download +one for yourself. Firmware blobs are commonly labeled + OVMF{,_CODE,_VARS}-with-csm.fd + +In order to use the firmware you can run qemu the following way + + $ qemu-system-x86_64 \ + -drive file=/usr/share/edk2-ovmf/OVMF.fd,if=pflash,format=raw,unit=0,readonly=on \ + ..." + +pkg_setup() { + python-any-r1_pkg_setup + secureboot_pkg_setup +} + +src_prepare() { + # Bundled submodules + cp -rl "${WORKDIR}/openssl-${BUNDLED_OPENSSL_SUBMODULE_SHA}"/* "CryptoPkg/Library/OpensslLib/openssl/" \ + || die "copying openssl failed" + cp -rl "${WORKDIR}/brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}"/* "BaseTools/Source/C/BrotliCompress/brotli/" \ + || die "copying brotli failed" + cp -rl "${WORKDIR}/brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}"/* \ + "MdeModulePkg/Library/BrotliCustomDecompressLib/brotli/" || die "copying brotli failed" + cp -rl "${WORKDIR}/public-mipi-sys-t-${BUNDLED_MIPI_SYS_T_SUBMODULE_SHA}"/* "MdePkg/Library/MipiSysTLib/mipisyst/" \ + || die "copying mipi-sys-t failed" + cp -rl "${WORKDIR}/mbedtls-${BUNDLED_MBEDTLS_SUBMODULE_SHA}"/* "CryptoPkg/Library/MbedTlsLib/mbedtls/" \ + || die "copying mbedtls failed" + cp -rl "${WORKDIR}/libspdm-${BUNDLED_LIBSPDM_SUBMODULE_SHA}"/* "SecurityPkg/DeviceSecurity/SpdmLib/libspdm" \ + || die "copying libspdm failed" + + default +} + +src_compile() { + TARGET_ARCH=X64 + TARGET_NAME=RELEASE + TARGET_TOOLS=GCC5 + + BUILD_FLAGS="-D TLS_ENABLE \ + -D HTTP_BOOT_ENABLE \ + -D NETWORK_IP6_ENABLE \ + -D TPM_ENABLE \ + -D TPM2_ENABLE -D TPM2_CONFIG_ENABLE \ + -D FD_SIZE_2MB" + + SECUREBOOT_BUILD_FLAGS="${BUILD_FLAGS} \ + -D SECURE_BOOT_ENABLE \ + -D SMM_REQUIRE \ + -D EXCLUDE_SHELL_FROM_FD" + + export LDFLAGS="-z notext" + export EXTRA_LDFLAGS="-z notext" + export DLINK_FLAGS="-z notext" + + emake ARCH=${TARGET_ARCH} -C BaseTools + + . ./edksetup.sh + + # Build all EFI firmware blobs: + + mkdir -p ovmf || die + + ./OvmfPkg/build.sh \ + -a "${TARGET_ARCH}" -b "${TARGET_NAME}" -t "${TARGET_TOOLS}" \ + ${BUILD_FLAGS} || die "OvmfPkg/build.sh failed" + + cp Build/OvmfX64/*/FV/OVMF_*.fd ovmf/ + rm -r Build/OvmfX64 || die + + ./OvmfPkg/build.sh \ + -a "${TARGET_ARCH}" -b "${TARGET_NAME}" -t "${TARGET_TOOLS}" \ + ${SECUREBOOT_BUILD_FLAGS} || die "OvmfPkg/build.sh failed" + + cp Build/OvmfX64/*/FV/OVMF_CODE.fd ovmf/OVMF_CODE.secboot.fd || die "cp failed" + cp Build/OvmfX64/*/X64/Shell.efi ovmf/ || die "cp failed" + cp Build/OvmfX64/*/X64/EnrollDefaultKeys.efi ovmf || die "cp failed" + + # Build a convenience UefiShell.img: + + mkdir -p iso_image/efi/boot || die "mkdir failed" + cp ovmf/Shell.efi iso_image/efi/boot/bootx64.efi || die "cp failed" + cp ovmf/EnrollDefaultKeys.efi iso_image || die "cp failed" + qemu-img convert --image-opts \ + driver=vvfat,floppy=on,fat-type=12,label=UEFI_SHELL,dir=iso_image \ + ovmf/UefiShell.img || die "qemu-img failed" +} + +src_install() { + insinto /usr/share/edk2-ovmf + doins ovmf/* + + insinto /usr/share/qemu/firmware + doins "${S}"/../edk2-edk2-stable202202/qemu/* + rm "${ED}"/usr/share/qemu/firmware/40-edk2-ovmf-x64-sb-enrolled.json || die "rm failed" + + secureboot_auto_sign --in-place + + readme.gentoo_create_doc +} + +pkg_postinst() { + readme.gentoo_print_elog +} diff --git a/sys-firmware/edk2/edk2-202408.ebuild b/sys-firmware/edk2/edk2-202408.ebuild new file mode 100644 index 000000000000..1dbbdba77d98 --- /dev/null +++ b/sys-firmware/edk2/edk2-202408.ebuild @@ -0,0 +1,309 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_REQ_USE="sqlite" +PYTHON_COMPAT=( python3_{12..13} ) + +inherit edo prefix python-any-r1 readme.gentoo-r1 secureboot toolchain-funcs + +DESCRIPTION="TianoCore EDK II UEFI firmware for virtual machines" +HOMEPAGE="https://github.com/tianocore/edk2" + +DBXDATE="05092023" # MMDDYYYY +BUNDLED_BROTLI_SUBMODULE_SHA="f4153a09f87cbb9c826d8fc12c74642bb2d879ea" +BUNDLED_LIBFDT_SUBMODULE_SHA="cfff805481bdea27f900c32698171286542b8d3c" +BUNDLED_LIBSPDM_SUBMODULE_SHA="50924a4c8145fc721e17208f55814d2b38766fe6" +BUNDLED_MBEDTLS_SUBMODULE_SHA="8c89224991adff88d53cd380f42a2baa36f91454" +BUNDLED_MIPI_SYS_T_SUBMODULE_SHA="370b5944c046bab043dd8b133727b2135af7747a" +BUNDLED_OPENSSL_SUBMODULE_SHA="de90e54bbe82e5be4fb9608b6f5c308bb837d355" + +SRC_URI=" + https://github.com/tianocore/${PN}/archive/${PN}-stable${PV}.tar.gz + -> ${P}.tar.gz + https://github.com/google/brotli/archive/${BUNDLED_BROTLI_SUBMODULE_SHA}.tar.gz + -> brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}.tar.gz + https://github.com/DMTF/libspdm/archive/${BUNDLED_LIBSPDM_SUBMODULE_SHA}.tar.gz + -> libspdm-${BUNDLED_LIBSPDM_SUBMODULE_SHA}.tar.gz + https://github.com/Mbed-TLS/mbedtls/archive/${BUNDLED_MBEDTLS_SUBMODULE_SHA}.tar.gz + -> mbedtls-${BUNDLED_MBEDTLS_SUBMODULE_SHA}.tar.gz + https://github.com/MIPI-Alliance/public-mipi-sys-t/archive/${BUNDLED_MIPI_SYS_T_SUBMODULE_SHA}.tar.gz + -> mipi-sys-t-${BUNDLED_MIPI_SYS_T_SUBMODULE_SHA}.tar.gz + https://github.com/openssl/openssl/archive/${BUNDLED_OPENSSL_SUBMODULE_SHA}.tar.gz + -> openssl-${BUNDLED_OPENSSL_SUBMODULE_SHA}.tar.gz + + amd64? ( + https://uefi.org/sites/default/files/resources/x64_DBXUpdate_${DBXDATE}.bin + https://uefi.org/sites/default/files/resources/x64_DBXUpdate.bin -> x64_DBXUpdate_${DBXDATE}.bin + ) + + arm64? ( + https://uefi.org/sites/default/files/resources/arm64_DBXUpdate_${DBXDATE}.bin + https://uefi.org/sites/default/files/resources/arm64_DBXUpdate.bin -> arm64_DBXUpdate_${DBXDATE}.bin + https://github.com/devicetree-org/pylibfdt/archive/${BUNDLED_LIBFDT_SUBMODULE_SHA}.tar.gz + -> pylibfdt-${BUNDLED_LIBFDT_SUBMODULE_SHA}.tar.gz + ) +" + +S="${WORKDIR}/${PN}-${PN}-stable${PV}" +LICENSE="BSD-2 MIT" +SLOT="0" +KEYWORDS="-* ~amd64 ~arm64" + +BDEPEND=" + ${PYTHON_DEPS} + app-emulation/qemu + app-emulation/virt-firmware + >=sys-power/iasl-20160729 + amd64? ( >=dev-lang/nasm-2.0.7 ) +" + +RDEPEND=" + !sys-firmware/edk2-bin +" + +PATCHES=( + "${FILESDIR}/${PN}-202408-werror.patch" + "${FILESDIR}/${PN}-202408-binutils-2.41-textrels.patch" +) + +DISABLE_AUTOFORMATTING="true" +DIR="/usr/share/${PN}" + +pkg_setup() { + python-any-r1_pkg_setup + secureboot_pkg_setup + + local QEMU_ARCH ARCH_DIRS UNIT0 UNIT1 FMT + + case "${ARCH}" in + amd64) + TARGET_ARCH="X64" + QEMU_ARCH="x86_64" + ARCH_DIRS="${DIR}/OvmfX64" + UNIT0="OVMF_CODE.fd" + UNIT1="OVMF_VARS.fd" + FMT="raw" + ;; + arm64) + TARGET_ARCH="AARCH64" + QEMU_ARCH="aarch64" + ARCH_DIRS="${DIR}/ArmVirtQemu-AARCH64" + UNIT0="QEMU_EFI.qcow2" + UNIT1="QEMU_VARS.qcow2" + FMT="qcow2" + ;; + esac + + DOC_CONTENTS="This package includes the TianoCore EDK II UEFI firmware for ${QEMU_ARCH} +virtual machines. The firmware is located under ${ARCH_DIRS}. + +In order to use the firmware, you can run QEMU like so: + + $ qemu-system-${QEMU_ARCH} \\ + -drive file=${EPREFIX}${ARCH_DIRS%% *}/${UNIT0},if=pflash,format=${FMT},unit=0,readonly=on \\ + -drive file=/path/to/the/copy/of/${UNIT1},if=pflash,format=${FMT},unit=1 \\ + ..." + + case "${ARCH}" in + amd64) DOC_CONTENTS+=" + +The firmware does not support CSM due to the lack of a free +implementation. If you need a firmware with CSM support, you have to +download one for yourself. Firmware blobs are commonly labelled: + + OVMF_CODE-with-csm.fd + OVMF_VARS-with-csm.fd" + ;; + arm64) DOC_CONTENTS+=" + +WARNING! QEMU_EFI.secboot_INSECURE.qcow2 does have Secure Boot +enabled, but it must not be used in production. The lack of an SMM +implementation for arm64 in this firmware means that the EFI +variable store is unprotected, making the firmware unsafe." + ;; + esac +} + +link_mod() { + rmdir "$2" && ln -sfT "$1" "$2" || die "linking ${2##*/} failed" +} + +src_prepare() { + # Bundled submodules + link_mod "${WORKDIR}/brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}" \ + BaseTools/Source/C/BrotliCompress/brotli + link_mod "${WORKDIR}/brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}" \ + MdeModulePkg/Library/BrotliCustomDecompressLib/brotli + link_mod "${WORKDIR}/libspdm-${BUNDLED_LIBSPDM_SUBMODULE_SHA}" \ + SecurityPkg/DeviceSecurity/SpdmLib/libspdm + link_mod "${WORKDIR}/mbedtls-${BUNDLED_MBEDTLS_SUBMODULE_SHA}" \ + CryptoPkg/Library/MbedTlsLib/mbedtls + link_mod "${WORKDIR}/public-mipi-sys-t-${BUNDLED_MIPI_SYS_T_SUBMODULE_SHA}" \ + MdePkg/Library/MipiSysTLib/mipisyst + link_mod "${WORKDIR}/openssl-${BUNDLED_OPENSSL_SUBMODULE_SHA}" \ + CryptoPkg/Library/OpensslLib/openssl + + use arm64 && + link_mod "${WORKDIR}/pylibfdt-${BUNDLED_LIBFDT_SUBMODULE_SHA}" \ + MdePkg/Library/BaseFdtLib/libfdt + + default + + # Fix descriptor paths for prefix. + hprefixify "${FILESDIR}"/descriptors/*.json +} + +mybuild() { + edo build \ + -t "${TOOLCHAIN}" \ + -b "${BUILD_TARGET}" \ + -D NETWORK_HTTP_BOOT_ENABLE \ + -D NETWORK_IP6_ENABLE \ + -D NETWORK_TLS_ENABLE \ + -D TPM1_ENABLE \ + -D TPM2_ENABLE \ + -D TPM2_CONFIG_ENABLE \ + "${BUILD_ARGS[@]}" \ + "${@}" +} + +# Add the MS and Red Hat Secure Boot certificates and update the revocation list +# for the given architecture in the given raw variables image. +mk_fw_vars() { + edo virt-fw-vars \ + --set-dbx "${DISTDIR}/$1_DBXUpdate_${DBXDATE}.bin" \ + --secure-boot --enroll-redhat --inplace "$2" +} + +# Convert the given images from raw to QCOW2 and resize them to the amount given +# as the first argument. Specify 0 to not resize. +raw_to_qcow2() { + local SIZE=$1 RAW + shift + + for RAW in "${@}"; do + edo qemu-img convert -f raw -O qcow2 -o cluster_size=4096 -S 4096 "${RAW}" "${RAW%.fd}.qcow2" + [[ ${SIZE} != 0 ]] && edo qemu-img resize -f qcow2 "${RAW%.fd}.qcow2" "${SIZE}" + rm "${RAW}" || die + done +} + +src_compile() { + TOOLCHAIN="GCC5" + BUILD_TARGET="RELEASE" + BUILD_DIR="${BUILD_TARGET}_${TOOLCHAIN}" + BUILD_ARGS=() + + tc-export_build_env + emake -C BaseTools \ + CC="$(tc-getBUILD_CC)" \ + CXX="$(tc-getBUILD_CXX)" \ + EXTRA_OPTFLAGS="${BUILD_CFLAGS}" \ + EXTRA_LDFLAGS="${BUILD_LDFLAGS}" + + export \ + "${TOOLCHAIN}_${TARGET_ARCH}_PREFIX=${CHOST}-" \ + "${TOOLCHAIN}_BIN=${CHOST}-" + + . ./edksetup.sh + + # DO NOT enable the shell with Secure Boot as it can be used as a bypass! + + case "${ARCH}" in + amd64) + local SIZE + for SIZE in _2M _4M; do + mybuild -a X64 -p OvmfPkg/OvmfPkgX64.dsc \ + -D FD_SIZE${SIZE}B \ + -D BUILD_SHELL=FALSE \ + -D SECURE_BOOT_ENABLE \ + -D SMM_REQUIRE + + mv -T Build/OvmfX64 Build/OvmfX64${SIZE}.secboot || die + + mybuild -a X64 -p OvmfPkg/OvmfPkgX64.dsc \ + -D FD_SIZE${SIZE}B + + mv -T Build/OvmfX64 Build/OvmfX64${SIZE} || die + + mk_fw_vars x64 Build/OvmfX64${SIZE}.secboot/"${BUILD_DIR}"/FV/OVMF_VARS.fd + done + + # Fedora only converts newer images to QCOW2. 2MB images are raw. + raw_to_qcow2 0 Build/OvmfX64_4M*/"${BUILD_DIR}"/FV/OVMF_{CODE,VARS}.fd + ;; + arm64) + BUILD_ARGS+=( + # grub.efi uses EfiLoaderData for code + --pcd PcdDxeNxMemoryProtectionPolicy=0xC000000000007FD1 + # shim.efi has broken MemAttr code + --pcd PcdUninstallMemAttrProtocol=TRUE + ) + + mybuild -a AARCH64 -p ArmVirtPkg/ArmVirtQemu.dsc \ + -D BUILD_SHELL=FALSE \ + -D SECURE_BOOT_ENABLE + + mv -T Build/ArmVirtQemu-AARCH64 Build/ArmVirtQemu-AARCH64.secboot_INSECURE || die + + mybuild -a AARCH64 -p ArmVirtPkg/ArmVirtQemu.dsc + + mk_fw_vars arm64 Build/ArmVirtQemu-AARCH64.secboot_INSECURE/"${BUILD_DIR}"/FV/QEMU_VARS.fd + raw_to_qcow2 64m Build/ArmVirtQemu-AARCH64*/"${BUILD_DIR}"/FV/QEMU_{EFI,VARS}.fd + ;; + esac +} + +src_install() { + local SIZE TYPE FMT + + case "${ARCH}" in + amd64) + insinto ${DIR}/OvmfX64 + doins Build/OvmfX64_2M/"${BUILD_DIR}"/X64/Shell.efi + + for SIZE in _2M _4M; do + for TYPE in "" .secboot; do + [[ ${SIZE} = _4M ]] && FMT=qcow2 || FMT=fd + newins Build/OvmfX64${SIZE}${TYPE}/"${BUILD_DIR}"/FV/OVMF_CODE.${FMT} OVMF_CODE${SIZE#_2M}${TYPE}.${FMT} + newins Build/OvmfX64${SIZE}${TYPE}/"${BUILD_DIR}"/FV/OVMF_VARS.${FMT} OVMF_VARS${SIZE#_2M}${TYPE}.${FMT} + done + done + + # Compatibility with older package versions. + dosym ${PN}/OvmfX64 /usr/share/edk2-ovmf + ;; + arm64) + insinto ${DIR}/ArmVirtQemu-AARCH64 + + for TYPE in "" .secboot_INSECURE; do + newins Build/ArmVirtQemu-AARCH64${TYPE}/"${BUILD_DIR}"/FV/QEMU_EFI.qcow2 QEMU_EFI${TYPE}.qcow2 + newins Build/ArmVirtQemu-AARCH64${TYPE}/"${BUILD_DIR}"/FV/QEMU_VARS.qcow2 QEMU_VARS${TYPE}.qcow2 + done + ;; + esac + + insinto /usr/share/qemu/firmware + doins "${FILESDIR}"/descriptors/*"${TARGET_ARCH,,}"*.json + + secureboot_auto_sign --in-place + readme.gentoo_create_doc +} + +pkg_preinst() { + local OLD=${EROOT}/usr/share/edk2-ovmf NEW=${EROOT}/${DIR}/OvmfX64 + if [[ -d ${OLD} && ! -L ${OLD} ]]; then + { + rm -vf "${OLD}"/{OVMF_{CODE,CODE.secboot,VARS}.fd,EnrollDefaultKeys.efi,Shell.efi,UefiShell.img} && + mkdir -p "${NEW}" && + find "${OLD}" -mindepth 1 -maxdepth 1 -execdir mv --update=none-fail -vt "${NEW}"/ {} + && + rmdir "${OLD}" + } || die "unable to replace old directory with compatibility symlink" + fi +} + +pkg_postinst() { + readme.gentoo_print_elog +} diff --git a/sys-firmware/edk2/files/descriptors/30-edk2-aarch64-qcow2-sb-enrolled.json b/sys-firmware/edk2/files/descriptors/30-edk2-aarch64-qcow2-sb-enrolled.json new file mode 100644 index 000000000000..47c3c9f03935 --- /dev/null +++ b/sys-firmware/edk2/files/descriptors/30-edk2-aarch64-qcow2-sb-enrolled.json @@ -0,0 +1,33 @@ +{ + "description": "UEFI for arm64 VMs, with *INSECURE* SB, SB enabled, MS certs enrolled", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + "mode" : "split", + "executable": { + "filename": "/usr/share/edk2/ArmVirtQemu-AARCH64/QEMU_EFI.secboot_INSECURE.qcow2", + "format": "qcow2" + }, + "nvram-template": { + "filename": "/usr/share/edk2/ArmVirtQemu-AARCH64/QEMU_VARS.secboot_INSECURE.qcow2", + "format": "qcow2" + } + }, + "targets": [ + { + "architecture": "aarch64", + "machines": [ + "virt-*" + ] + } + ], + "features": [ + "enrolled-keys", + "secure-boot" + ], + "tags": [ + + ] +} diff --git a/sys-firmware/edk2/files/descriptors/30-edk2-ovmf-4m-qcow2-x64-sb-enrolled.json b/sys-firmware/edk2/files/descriptors/30-edk2-ovmf-4m-qcow2-x64-sb-enrolled.json new file mode 100644 index 000000000000..b11c77b5680d --- /dev/null +++ b/sys-firmware/edk2/files/descriptors/30-edk2-ovmf-4m-qcow2-x64-sb-enrolled.json @@ -0,0 +1,36 @@ +{ + "description": "OVMF with SB+SMM, SB enabled, MS certs enrolled", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + "mode" : "split", + "executable": { + "filename": "/usr/share/edk2/OvmfX64/OVMF_CODE_4M.secboot.qcow2", + "format": "qcow2" + }, + "nvram-template": { + "filename": "/usr/share/edk2/OvmfX64/OVMF_VARS_4M.secboot.qcow2", + "format": "qcow2" + } + }, + "targets": [ + { + "architecture": "x86_64", + "machines": [ + "pc-q35-*" + ] + } + ], + "features": [ + "acpi-s3", + "enrolled-keys", + "requires-smm", + "secure-boot", + "verbose-dynamic" + ], + "tags": [ + + ] +} diff --git a/sys-firmware/edk2/files/descriptors/31-edk2-ovmf-2m-raw-x64-sb-enrolled.json b/sys-firmware/edk2/files/descriptors/31-edk2-ovmf-2m-raw-x64-sb-enrolled.json new file mode 100644 index 000000000000..ffa28c209905 --- /dev/null +++ b/sys-firmware/edk2/files/descriptors/31-edk2-ovmf-2m-raw-x64-sb-enrolled.json @@ -0,0 +1,36 @@ +{ + "description": "OVMF for x86_64, with SB+SMM, SB enabled, MS certs enrolled", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + "mode" : "split", + "executable": { + "filename": "/usr/share/edk2/OvmfX64/OVMF_CODE.secboot.fd", + "format": "raw" + }, + "nvram-template": { + "filename": "/usr/share/edk2/OvmfX64/OVMF_VARS.secboot.fd", + "format": "raw" + } + }, + "targets": [ + { + "architecture": "x86_64", + "machines": [ + "pc-q35-*" + ] + } + ], + "features": [ + "acpi-s3", + "enrolled-keys", + "requires-smm", + "secure-boot", + "verbose-dynamic" + ], + "tags": [ + + ] +} diff --git a/sys-firmware/edk2/files/descriptors/40-edk2-aarch64-qcow2-sb.json b/sys-firmware/edk2/files/descriptors/40-edk2-aarch64-qcow2-sb.json new file mode 100644 index 000000000000..92ac2aea9014 --- /dev/null +++ b/sys-firmware/edk2/files/descriptors/40-edk2-aarch64-qcow2-sb.json @@ -0,0 +1,32 @@ +{ + "description": "UEFI for arm64 VMs, with *INSECURE* SB, empty varstore", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + "mode" : "split", + "executable": { + "filename": "/usr/share/edk2/ArmVirtQemu-AARCH64/QEMU_EFI.secboot_INSECURE.qcow2", + "format": "qcow2" + }, + "nvram-template": { + "filename": "/usr/share/edk2/ArmVirtQemu-AARCH64/QEMU_VARS.qcow2", + "format": "qcow2" + } + }, + "targets": [ + { + "architecture": "aarch64", + "machines": [ + "virt-*" + ] + } + ], + "features": [ + "secure-boot" + ], + "tags": [ + + ] +} diff --git a/sys-firmware/edk2/files/descriptors/40-edk2-ovmf-4m-qcow2-x64-sb.json b/sys-firmware/edk2/files/descriptors/40-edk2-ovmf-4m-qcow2-x64-sb.json new file mode 100644 index 000000000000..52daef98cf66 --- /dev/null +++ b/sys-firmware/edk2/files/descriptors/40-edk2-ovmf-4m-qcow2-x64-sb.json @@ -0,0 +1,35 @@ +{ + "description": "OVMF for x86_64, with SB+SMM, empty varstore", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + "mode" : "split", + "executable": { + "filename": "/usr/share/edk2/OvmfX64/OVMF_CODE_4M.secboot.qcow2", + "format": "qcow2" + }, + "nvram-template": { + "filename": "/usr/share/edk2/OvmfX64/OVMF_VARS_4M.qcow2", + "format": "qcow2" + } + }, + "targets": [ + { + "architecture": "x86_64", + "machines": [ + "pc-q35-*" + ] + } + ], + "features": [ + "acpi-s3", + "requires-smm", + "secure-boot", + "verbose-dynamic" + ], + "tags": [ + + ] +} diff --git a/sys-firmware/edk2/files/descriptors/41-edk2-ovmf-2m-raw-x64-sb.json b/sys-firmware/edk2/files/descriptors/41-edk2-ovmf-2m-raw-x64-sb.json new file mode 100644 index 000000000000..358f05927653 --- /dev/null +++ b/sys-firmware/edk2/files/descriptors/41-edk2-ovmf-2m-raw-x64-sb.json @@ -0,0 +1,35 @@ +{ + "description": "OVMF for x86_64, with SB+SMM, empty varstore", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + "mode" : "split", + "executable": { + "filename": "/usr/share/edk2/OvmfX64/OVMF_CODE.secboot.fd", + "format": "raw" + }, + "nvram-template": { + "filename": "/usr/share/edk2/OvmfX64/OVMF_VARS.fd", + "format": "raw" + } + }, + "targets": [ + { + "architecture": "x86_64", + "machines": [ + "pc-q35-*" + ] + } + ], + "features": [ + "acpi-s3", + "requires-smm", + "secure-boot", + "verbose-dynamic" + ], + "tags": [ + + ] +} diff --git a/sys-firmware/edk2/files/descriptors/50-edk2-aarch64-qcow2-nosb.json b/sys-firmware/edk2/files/descriptors/50-edk2-aarch64-qcow2-nosb.json new file mode 100644 index 000000000000..7a6db3ce9db2 --- /dev/null +++ b/sys-firmware/edk2/files/descriptors/50-edk2-aarch64-qcow2-nosb.json @@ -0,0 +1,32 @@ +{ + "description": "UEFI for arm64 VMs, without SB, empty varstore", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + "mode" : "split", + "executable": { + "filename": "/usr/share/edk2/ArmVirtQemu-AARCH64/QEMU_EFI.qcow2", + "format": "qcow2" + }, + "nvram-template": { + "filename": "/usr/share/edk2/ArmVirtQemu-AARCH64/QEMU_VARS.qcow2", + "format": "qcow2" + } + }, + "targets": [ + { + "architecture": "aarch64", + "machines": [ + "virt-*" + ] + } + ], + "features": [ + + ], + "tags": [ + + ] +} diff --git a/sys-firmware/edk2/files/descriptors/50-edk2-ovmf-4m-qcow2-x64-nosb.json b/sys-firmware/edk2/files/descriptors/50-edk2-ovmf-4m-qcow2-x64-nosb.json new file mode 100644 index 000000000000..efd4ddbfb632 --- /dev/null +++ b/sys-firmware/edk2/files/descriptors/50-edk2-ovmf-4m-qcow2-x64-nosb.json @@ -0,0 +1,36 @@ +{ + "description": "OVMF for x86_64, without SB+SMM, empty varstore", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + "mode" : "split", + "executable": { + "filename": "/usr/share/edk2/OvmfX64/OVMF_CODE_4M.qcow2", + "format": "qcow2" + }, + "nvram-template": { + "filename": "/usr/share/edk2/OvmfX64/OVMF_VARS_4M.qcow2", + "format": "qcow2" + } + }, + "targets": [ + { + "architecture": "x86_64", + "machines": [ + "pc-i440fx-*", + "pc-q35-*" + ] + } + ], + "features": [ + "acpi-s3", + "amd-sev", + "amd-sev-es", + "verbose-dynamic" + ], + "tags": [ + + ] +} diff --git a/sys-firmware/edk2/files/descriptors/51-edk2-ovmf-2m-raw-x64-nosb.json b/sys-firmware/edk2/files/descriptors/51-edk2-ovmf-2m-raw-x64-nosb.json new file mode 100644 index 000000000000..309ba626b940 --- /dev/null +++ b/sys-firmware/edk2/files/descriptors/51-edk2-ovmf-2m-raw-x64-nosb.json @@ -0,0 +1,36 @@ +{ + "description": "OVMF for x86_64, without SB+SMM, empty varstore", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + "mode" : "split", + "executable": { + "filename": "/usr/share/edk2/OvmfX64/OVMF_CODE.fd", + "format": "raw" + }, + "nvram-template": { + "filename": "/usr/share/edk2/OvmfX64/OVMF_VARS.fd", + "format": "raw" + } + }, + "targets": [ + { + "architecture": "x86_64", + "machines": [ + "pc-i440fx-*", + "pc-q35-*" + ] + } + ], + "features": [ + "acpi-s3", + "amd-sev", + "amd-sev-es", + "verbose-dynamic" + ], + "tags": [ + + ] +} diff --git a/sys-firmware/edk2/files/edk2-202105-werror.patch b/sys-firmware/edk2/files/edk2-202105-werror.patch new file mode 100644 index 000000000000..db71faed7728 --- /dev/null +++ b/sys-firmware/edk2/files/edk2-202105-werror.patch @@ -0,0 +1,38 @@ +diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template +index 498696e..8a360f4 100755 +--- a/BaseTools/Conf/tools_def.template ++++ b/BaseTools/Conf/tools_def.template +@@ -1863,7 +1863,7 @@ NOOPT_*_*_OBJCOPY_ADDDEBUGFLAG = --add-gnu-debuglink=$(DEBUG_DIR)/$(MODULE_N + *_*_*_DTCPP_PATH = DEF(DTCPP_BIN) + *_*_*_DTC_PATH = DEF(DTC_BIN) + +-DEFINE GCC_ALL_CC_FLAGS = -g -Os -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -include AutoGen.h -fno-common ++DEFINE GCC_ALL_CC_FLAGS = -g -Os -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Wno-array-bounds -include AutoGen.h -fno-common + DEFINE GCC_IA32_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -m32 -malign-double -freorder-blocks -freorder-blocks-and-partition -O2 -mno-stack-arg-probe + DEFINE GCC_X64_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mno-red-zone -Wno-address -mno-stack-arg-probe + DEFINE GCC_ARM_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mlittle-endian -mabi=aapcs -fno-short-enums -funsigned-char -ffunction-sections -fdata-sections -fomit-frame-pointer -Wno-address -mthumb -mfloat-abi=soft -fno-pic -fno-pie +diff --git a/BaseTools/Source/C/Makefiles/header.makefile b/BaseTools/Source/C/Makefiles/header.makefile +index 0df728f..49f9706 100644 +--- a/BaseTools/Source/C/Makefiles/header.makefile ++++ b/BaseTools/Source/C/Makefiles/header.makefile +@@ -82,17 +82,17 @@ BUILD_OPTFLAGS = -O2 $(EXTRA_OPTFLAGS) + + ifeq ($(DARWIN),Darwin) + # assume clang or clang compatible flags on OS X +-BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror \ ++BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -Wall \ + -Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -g + else + ifeq ($(CXX), llvm) + BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -fwrapv \ +--fno-delete-null-pointer-checks -Wall -Werror \ ++-fno-delete-null-pointer-checks -Wall \ + -Wno-deprecated-declarations -Wno-self-assign \ + -Wno-unused-result -nostdlib -g + else + BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -fwrapv \ +--fno-delete-null-pointer-checks -Wall -Werror \ ++-fno-delete-null-pointer-checks -Wall \ + -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict \ + -Wno-unused-result -nostdlib -g + endif diff --git a/sys-firmware/edk2/files/edk2-202202-binutils-2.41-textrels.patch b/sys-firmware/edk2/files/edk2-202202-binutils-2.41-textrels.patch new file mode 100644 index 000000000000..22d33c9097aa --- /dev/null +++ b/sys-firmware/edk2/files/edk2-202202-binutils-2.41-textrels.patch @@ -0,0 +1,21 @@ +https://bugs.gentoo.org/913110 +--- a/BaseTools/Conf/tools_def.template ++++ b/BaseTools/Conf/tools_def.template +@@ -1906,7 +1906,7 @@ DEFINE GCC48_IA32_X64_DLINK_COMMON = -nostdlib -Wl,-n,-q,--gc-sections -z comm + DEFINE GCC48_IA32_CC_FLAGS = DEF(GCC48_ALL_CC_FLAGS) -m32 -march=i586 -malign-double -fno-stack-protector -D EFI32 -fno-asynchronous-unwind-tables -Wno-address + DEFINE GCC48_X64_CC_FLAGS = DEF(GCC48_ALL_CC_FLAGS) -m64 -fno-stack-protector "-DEFIAPI=__attribute__((ms_abi))" -maccumulate-outgoing-args -mno-red-zone -Wno-address -mcmodel=small -fpie -fno-asynchronous-unwind-tables -Wno-address + DEFINE GCC48_IA32_X64_ASLDLINK_FLAGS = DEF(GCC48_IA32_X64_DLINK_COMMON) -Wl,--entry,ReferenceAcpiTable -u ReferenceAcpiTable +-DEFINE GCC48_IA32_X64_DLINK_FLAGS = DEF(GCC48_IA32_X64_DLINK_COMMON) -Wl,--entry,$(IMAGE_ENTRY_POINT) -u $(IMAGE_ENTRY_POINT) -Wl,-Map,$(DEST_DIR_DEBUG)/$(BASE_NAME).map,--whole-archive ++DEFINE GCC48_IA32_X64_DLINK_FLAGS = DEF(GCC48_IA32_X64_DLINK_COMMON) -Wl,--entry,$(IMAGE_ENTRY_POINT) -u $(IMAGE_ENTRY_POINT) -Wl,-Map,$(DEST_DIR_DEBUG)/$(BASE_NAME).map,--whole-archive -Wl,-z,notext + DEFINE GCC48_IA32_DLINK2_FLAGS = -Wl,--defsym=PECOFF_HEADER_SIZE=0x220 DEF(GCC_DLINK2_FLAGS_COMMON) + DEFINE GCC48_X64_DLINK_FLAGS = DEF(GCC48_IA32_X64_DLINK_FLAGS) -Wl,-melf_x86_64,--oformat=elf64-x86-64,-pie + DEFINE GCC48_X64_DLINK2_FLAGS = -Wl,--defsym=PECOFF_HEADER_SIZE=0x228 DEF(GCC_DLINK2_FLAGS_COMMON) +@@ -1929,7 +1929,7 @@ DEFINE GCC49_IA32_CC_FLAGS = DEF(GCC48_IA32_CC_FLAGS) -fno-pic -fno-pi + DEFINE GCC49_X64_CC_FLAGS = DEF(GCC48_X64_CC_FLAGS) + DEFINE GCC49_IA32_X64_DLINK_COMMON = -nostdlib -Wl,-n,-q,--gc-sections -z common-page-size=0x40 + DEFINE GCC49_IA32_X64_ASLDLINK_FLAGS = DEF(GCC49_IA32_X64_DLINK_COMMON) -Wl,--defsym=PECOFF_HEADER_SIZE=0 DEF(GCC_DLINK2_FLAGS_COMMON) -Wl,--entry,ReferenceAcpiTable -u ReferenceAcpiTable +-DEFINE GCC49_IA32_X64_DLINK_FLAGS = DEF(GCC49_IA32_X64_DLINK_COMMON) -Wl,--entry,$(IMAGE_ENTRY_POINT) -u $(IMAGE_ENTRY_POINT) -Wl,-Map,$(DEST_DIR_DEBUG)/$(BASE_NAME).map,--whole-archive ++DEFINE GCC49_IA32_X64_DLINK_FLAGS = DEF(GCC49_IA32_X64_DLINK_COMMON) -Wl,--entry,$(IMAGE_ENTRY_POINT) -u $(IMAGE_ENTRY_POINT) -Wl,-Map,$(DEST_DIR_DEBUG)/$(BASE_NAME).map,--whole-archive -Wl,-z,notext + DEFINE GCC49_IA32_DLINK2_FLAGS = DEF(GCC48_IA32_DLINK2_FLAGS) + DEFINE GCC49_X64_DLINK_FLAGS = DEF(GCC49_IA32_X64_DLINK_FLAGS) -Wl,-melf_x86_64,--oformat=elf64-x86-64,-pie + DEFINE GCC49_X64_DLINK2_FLAGS = DEF(GCC48_X64_DLINK2_FLAGS) diff --git a/sys-firmware/edk2/files/edk2-202202-lld-textrels.patch b/sys-firmware/edk2/files/edk2-202202-lld-textrels.patch new file mode 100644 index 000000000000..eb8b6296fcff --- /dev/null +++ b/sys-firmware/edk2/files/edk2-202202-lld-textrels.patch @@ -0,0 +1,43 @@ +https://bugs.gentoo.org/913110 +https://github.com/tianocore/edk2/commit/a257988f590ba90dd8394dd6bc7014ae9d814a08 + +From a257988f590ba90dd8394dd6bc7014ae9d814a08 Mon Sep 17 00:00:00 2001 +From: Ard Biesheuvel +Date: Mon, 3 Apr 2023 22:29:15 +0800 +Subject: [PATCH] BaseTools/tools_def CLANGDWARF: Permit text relocations + +We rely on PIE executables to get the codegen that is suitable for +PE/COFF conversion where the resulting executables can be loaded +anywhere in the address space. + +However, ELF linkers may default to disallowing text relocations in PIE +executables, as this would require text segments to be updated at +runtime, which is bad for security and increases the copy-on-write +footprint of ELF executables and shared libraries. + +However, none of those concerns apply to PE/COFF executables in the +context of EFI, which are copied into memory rather than mmap()'ed, and +fixed up by the loader before launch. + +So pass -z notext to the LLD linker to permit runtime relocations in +read-only sections. + +Signed-off-by: Ard Biesheuvel +Reviewed-by: Rebecca Cran +--- + BaseTools/Conf/tools_def.template | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template +index 39c49b8001f4..9a5c11f6a385 100755 +--- a/BaseTools/Conf/tools_def.template ++++ b/BaseTools/Conf/tools_def.template +@@ -2870,7 +2870,7 @@ DEFINE CLANGDWARF_X64_PREFIX = ENV(CLANG_BIN) + DEFINE CLANGDWARF_IA32_X64_DLINK_COMMON = -nostdlib -Wl,-q,--gc-sections -z max-page-size=0x40 + DEFINE CLANGDWARF_DLINK2_FLAGS_COMMON = -Wl,--script=$(EDK_TOOLS_PATH)/Scripts/ClangBase.lds + DEFINE CLANGDWARF_IA32_X64_ASLDLINK_FLAGS = DEF(CLANGDWARF_IA32_X64_DLINK_COMMON) -Wl,--defsym=PECOFF_HEADER_SIZE=0 DEF(CLANGDWARF_DLINK2_FLAGS_COMMON) -Wl,--entry,ReferenceAcpiTable -u ReferenceAcpiTable +-DEFINE CLANGDWARF_IA32_X64_DLINK_FLAGS = DEF(CLANGDWARF_IA32_X64_DLINK_COMMON) -Wl,--entry,$(IMAGE_ENTRY_POINT) -u $(IMAGE_ENTRY_POINT) -Wl,-Map,$(DEST_DIR_DEBUG)/$(BASE_NAME).map,--whole-archive ++DEFINE CLANGDWARF_IA32_X64_DLINK_FLAGS = DEF(CLANGDWARF_IA32_X64_DLINK_COMMON) -Wl,--entry,$(IMAGE_ENTRY_POINT) -u $(IMAGE_ENTRY_POINT) -Wl,-Map,$(DEST_DIR_DEBUG)/$(BASE_NAME).map,--whole-archive -Wl,-z,notext + DEFINE CLANGDWARF_IA32_DLINK2_FLAGS = -Wl,--defsym=PECOFF_HEADER_SIZE=0x220 DEF(CLANGDWARF_DLINK2_FLAGS_COMMON) + DEFINE CLANGDWARF_X64_DLINK2_FLAGS = -Wl,--defsym=PECOFF_HEADER_SIZE=0x228 DEF(CLANGDWARF_DLINK2_FLAGS_COMMON) + diff --git a/sys-firmware/edk2/files/edk2-202408-binutils-2.41-textrels.patch b/sys-firmware/edk2/files/edk2-202408-binutils-2.41-textrels.patch new file mode 100644 index 000000000000..de404159e99c --- /dev/null +++ b/sys-firmware/edk2/files/edk2-202408-binutils-2.41-textrels.patch @@ -0,0 +1,13 @@ +diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template +index 76aaae7261..f05b32a4e1 100755 +--- a/BaseTools/Conf/tools_def.template ++++ b/BaseTools/Conf/tools_def.template +@@ -961,7 +961,7 @@ DEFINE GCC49_IA32_CC_FLAGS = DEF(GCC48_IA32_CC_FLAGS) -fno-pic -fno-pi + DEFINE GCC49_X64_CC_FLAGS = DEF(GCC48_X64_CC_FLAGS) + DEFINE GCC49_IA32_X64_DLINK_COMMON = -nostdlib -Wl,-n,-q,--gc-sections -z common-page-size=0x40 + DEFINE GCC49_IA32_X64_ASLDLINK_FLAGS = DEF(GCC49_IA32_X64_DLINK_COMMON) -Wl,--defsym=PECOFF_HEADER_SIZE=0 DEF(GCC_DLINK2_FLAGS_COMMON) -Wl,--entry,ReferenceAcpiTable -u ReferenceAcpiTable +-DEFINE GCC49_IA32_X64_DLINK_FLAGS = DEF(GCC49_IA32_X64_DLINK_COMMON) -Wl,--entry,$(IMAGE_ENTRY_POINT) -u $(IMAGE_ENTRY_POINT) -Wl,-Map,$(DEST_DIR_DEBUG)/$(BASE_NAME).map,--whole-archive ++DEFINE GCC49_IA32_X64_DLINK_FLAGS = DEF(GCC49_IA32_X64_DLINK_COMMON) -Wl,--entry,$(IMAGE_ENTRY_POINT) -u $(IMAGE_ENTRY_POINT) -Wl,-Map,$(DEST_DIR_DEBUG)/$(BASE_NAME).map,--whole-archive -Wl,-z,notext + DEFINE GCC49_IA32_DLINK2_FLAGS = DEF(GCC48_IA32_DLINK2_FLAGS) + DEFINE GCC49_X64_DLINK_FLAGS = DEF(GCC49_IA32_X64_DLINK_FLAGS) -Wl,-melf_x86_64,--oformat=elf64-x86-64,-pie + DEFINE GCC49_X64_DLINK2_FLAGS = DEF(GCC48_X64_DLINK2_FLAGS) diff --git a/sys-firmware/edk2/files/edk2-202408-werror.patch b/sys-firmware/edk2/files/edk2-202408-werror.patch new file mode 100644 index 000000000000..ad7e13cfdd40 --- /dev/null +++ b/sys-firmware/edk2/files/edk2-202408-werror.patch @@ -0,0 +1,56 @@ +diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template +index 76aaae7261..e457949952 100755 +--- a/BaseTools/Conf/tools_def.template ++++ b/BaseTools/Conf/tools_def.template +@@ -894,7 +894,7 @@ NOOPT_*_*_OBJCOPY_ADDDEBUGFLAG = --add-gnu-debuglink="$(DEBUG_DIR)/$(MODULE_ + *_*_*_DTCPP_PATH = DEF(DTCPP_BIN) + *_*_*_DTC_PATH = DEF(DTC_BIN) + +-DEFINE GCC_ALL_CC_FLAGS = -g -Os -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -include AutoGen.h -fno-common ++DEFINE GCC_ALL_CC_FLAGS = -g -Os -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Wno-array-bounds -include AutoGen.h -fno-common + DEFINE GCC_ARM_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mlittle-endian -mabi=aapcs -fno-short-enums -funsigned-char -ffunction-sections -fdata-sections -fomit-frame-pointer -Wno-address -mthumb -fno-pic -fno-pie + DEFINE GCC_LOONGARCH64_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mabi=lp64d -fno-asynchronous-unwind-tables -Wno-address -fno-short-enums -fsigned-char -ffunction-sections -fdata-sections + DEFINE GCC_ARM_CC_XIPFLAGS = -mno-unaligned-access +@@ -1003,7 +1003,7 @@ DEFINE GCC5_ARM_ASLDLINK_FLAGS = DEF(GCC49_ARM_ASLDLINK_FLAGS) + DEFINE GCC5_AARCH64_ASLDLINK_FLAGS = DEF(GCC49_AARCH64_ASLDLINK_FLAGS) + DEFINE GCC5_ASLCC_FLAGS = DEF(GCC49_ASLCC_FLAGS) -fno-lto + +-DEFINE GCC5_RISCV_ALL_CC_FLAGS = -g -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -ffunction-sections -fdata-sections -include AutoGen.h -fno-common -DSTRING_ARRAY_NAME=$(BASE_NAME)Strings -msmall-data-limit=0 ++DEFINE GCC5_RISCV_ALL_CC_FLAGS = -g -fshort-wchar -fno-strict-aliasing -Wall -Wno-array-bounds -ffunction-sections -fdata-sections -include AutoGen.h -fno-common -DSTRING_ARRAY_NAME=$(BASE_NAME)Strings -msmall-data-limit=0 + DEFINE GCC5_RISCV_ALL_DLINK_COMMON = -nostdlib -Wl,-n,-q,--gc-sections -z common-page-size=0x40 + DEFINE GCC5_RISCV_ALL_DLINK_FLAGS = DEF(GCC5_RISCV_ALL_DLINK_COMMON) -Wl,--entry,$(IMAGE_ENTRY_POINT) -u $(IMAGE_ENTRY_POINT) -Wl,-Map,$(DEST_DIR_DEBUG)/$(BASE_NAME).map + DEFINE GCC5_RISCV_ALL_DLINK2_FLAGS = -Wl,--defsym=PECOFF_HEADER_SIZE=0x220,--script=$(EDK_TOOLS_PATH)/Scripts/GccBase.lds +@@ -1019,7 +1019,7 @@ DEFINE GCC5_RISCV64_DLINK_FLAGS = DEF(GCC5_RISCV_ALL_DLINK_FLAGS) -Wl + DEFINE GCC5_RISCV64_DLINK2_FLAGS = DEF(GCC5_RISCV_ALL_DLINK2_FLAGS) + DEFINE GCC5_RISCV64_ASM_FLAGS = DEF(GCC5_RISCV_ALL_ASM_FLAGS) -march=DEF(GCC5_RISCV64_ARCH) -mcmodel=medany -mabi=lp64 + +-DEFINE GCC5_LOONGARCH64_CC_FLAGS = DEF(GCC_LOONGARCH64_CC_FLAGS) -march=loongarch64 -mno-memcpy -Werror -Wno-maybe-uninitialized -Wno-stringop-overflow -Wno-pointer-to-int-cast -no-pie -fno-stack-protector -mno-explicit-relocs ++DEFINE GCC5_LOONGARCH64_CC_FLAGS = DEF(GCC_LOONGARCH64_CC_FLAGS) -march=loongarch64 -mno-memcpy -Wno-maybe-uninitialized -Wno-stringop-overflow -Wno-pointer-to-int-cast -no-pie -fno-stack-protector -mno-explicit-relocs + DEFINE GCC5_LOONGARCH64_DLINK_FLAGS = DEF(GCC_LOONGARCH64_DLINK_FLAGS) + DEFINE GCC5_LOONGARCH64_DLINK2_FLAGS = DEF(GCC_DLINK2_FLAGS_COMMON) -Wl,--defsym=PECOFF_HEADER_SIZE=0x228 + DEFINE GCC5_LOONGARCH64_ASLDLINK_FLAGS = DEF(GCC_LOONGARCH64_ASLDLINK_FLAGS) DEF(GCC5_LOONGARCH64_DLINK2_FLAGS) +diff --git a/BaseTools/Source/C/Makefiles/header.makefile b/BaseTools/Source/C/Makefiles/header.makefile +index d369908a09..1bf4caaa53 100644 +--- a/BaseTools/Source/C/Makefiles/header.makefile ++++ b/BaseTools/Source/C/Makefiles/header.makefile +@@ -92,17 +92,17 @@ BUILD_OPTFLAGS = -O2 $(EXTRA_OPTFLAGS) + + ifeq ($(DARWIN),Darwin) + # assume clang or clang compatible flags on OS X +-CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror \ ++CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -Wall \ + -Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -g + else + ifneq ($(CLANG),) + CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -fwrapv \ +--fno-delete-null-pointer-checks -Wall -Werror \ ++-fno-delete-null-pointer-checks -Wall \ + -Wno-deprecated-declarations -Wno-self-assign \ + -Wno-unused-result -nostdlib -g + else + CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -fwrapv \ +--fno-delete-null-pointer-checks -Wall -Werror \ ++-fno-delete-null-pointer-checks -Wall \ + -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict \ + -Wno-unused-result -nostdlib -g + endif diff --git a/sys-firmware/edk2/metadata.xml b/sys-firmware/edk2/metadata.xml new file mode 100644 index 000000000000..25727c4c2437 --- /dev/null +++ b/sys-firmware/edk2/metadata.xml @@ -0,0 +1,12 @@ + + + + + virtualization@gentoo.org + Gentoo Virtualization Project + + + tianocore/edk2 + cpe:/a:tianocore:edk2 + + -- cgit v1.2.3