commit: 261679779725bee6e18de4b66f0674796a2d1278 Author: James Le Cuirot <chewi <AT> gentoo <DOT> org> AuthorDate: Wed Sep 25 13:50:28 2024 +0000 Commit: James Le Cuirot <chewi <AT> gentoo <DOT> org> CommitDate: Thu Oct 10 16:29:35 2024 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=26167977
sys-firmware/edk2: Bump to 202408, Python 3.13, many other improvements The ebuild has been largely rewritten. It now: * Respects CC, CXX, and flags when building the base tools. * Doesn't use gcc/cc when building the firmware, enabling cross. * Prepares the ground for supporting platforms other than OVMF for x64. * Installs OVMF_VARS.secboot.fd prepared with virt-fw-vars. * Includes the latest UEFI DBX update in OVMF_VARS.secboot.fd. * Adds 4MB variants of the .fd images (in QCOW2 format). * Fixes network support broken by a recent bump. * Drops EnrollDefaultKeys.efi and UefiShell.img The enrollment tool hasn't actually worked for a while and is no longer needed now that we provide OVMF_VARS.secboot.fd. UefiShell.img is therefore of little use, and other distros now provide UefiShell.iso instead anyway. We can do the same if there is sufficient interest. This moves us closer to Fedora, but they ship far more variants. They have a large Python wrapper around upstream's build system, which is unusual in itself. Building all these would make the ebuild much more complex, take a long time, and use up more disk space. Perhaps USE flags could help here, but I'm not sure what all these variants are for. I also decided to install to paths based on upstream's names, e.g. edk2/ArmVirtQemu-AARCH64 as opposed to Fedora's edk2/aarch64 because mixing QEMU with Xen and others would be confusing when there are many similarly named files, even within a single architecture. Closes: https://bugs.gentoo.org/891191 Closes: https://bugs.gentoo.org/921819 Closes: https://bugs.gentoo.org/929838 Signed-off-by: James Le Cuirot <chewi <AT> gentoo.org> sys-firmware/edk2/Manifest | 4 + sys-firmware/edk2/edk2-202408.ebuild | 255 +++++++++++++++++++++ .../30-edk2-ovmf-4m-qcow2-x64-sb-enrolled.json | 36 +++ .../31-edk2-ovmf-2m-raw-x64-sb-enrolled.json | 36 +++ .../descriptors/40-edk2-ovmf-4m-qcow2-x64-sb.json | 35 +++ .../descriptors/41-edk2-ovmf-2m-raw-x64-sb.json | 35 +++ .../50-edk2-ovmf-4m-qcow2-x64-nosb.json | 36 +++ .../descriptors/51-edk2-ovmf-2m-raw-x64-nosb.json | 36 +++ 8 files changed, 473 insertions(+) diff --git a/sys-firmware/edk2/Manifest b/sys-firmware/edk2/Manifest index 8bf04542d27b..387cceab5930 100644 --- a/sys-firmware/edk2/Manifest +++ b/sys-firmware/edk2/Manifest @@ -1,9 +1,13 @@ DIST brotli-f4153a09f87cbb9c826d8fc12c74642bb2d879ea.tar.gz 512229 BLAKE2B cd86cc2cc7eefad24f87cda8006409bf764922b5f23ccfb951e7a41214b12004ce532b11f94f5fb858b3bf71f9abf8ef17ba219fa96bd5be23b51873afad0fd5 SHA512 7f48e794e738b31c2005e7cef6d8c0cc0d543f1cd8c137ae8ba14602cac2873de6299a3f32ad52be869f513e7548341353ed049609daef1063975694d9a9b80b +DIST edk2-202408.tar.gz 17548980 BLAKE2B 12723a593d2767577f74cfa69f4a02ec784347994af6eb77aea7eb9e9e9f7fedb6b47698af2f07ef98848bbb4bf16248179cf117cf9abdf17be73157a0a03fc2 SHA512 d679d905f8b0ddbf60b1c9a0282e403bf51d0fbe55d85a8ea3e4af1778874e947d224e3671f9e82cddd5cd906c1472ff3973498d969414bdd67d0b49f5b8a251 DIST edk2-ovmf-202202-qemu-firmware.tar.xz 664 BLAKE2B 1aa4e25804ce0f3c967c80999315de24eaef6682e42dddd81c274ce4603ec3d15186de752de49e2527c6bd5517080c002a357ed6bc389b5afd6f7a4d93edeb44 SHA512 f9a29212274a99796784673d873e0eee7d3e2a5cf9e63192453841ee3a4ef4b813c7b2357fc7000f39c71ed6c66636daab772abb51d3972a2a56ade8a4c68faf DIST edk2-ovmf-202202.tar.gz 14208170 BLAKE2B d8411e6808b335ccd551349a10c983b9448a357e73273fa6c30a07785e27feffed0224950ee98b668712c33f6739a9b006e5043b7dfd014f48dba9fd449b3354 SHA512 200690a4867331de06e0478869b85577bc510213ebe679f2103160efb84d94c82ac8481ef1f15c3e42c1e9f22b7c5ef0d6c8f2c655bce7702ce843551cf9bb83 DIST edk2-ovmf-202405.tar.gz 17091190 BLAKE2B ee2f4c8674ecd7a17e4ee1b067cf1caffb46c3345f39ab15b715964b8e114d01538ae4d4152ab6a3eeebdae602128604d57c02fc0da83f46c291559fe39f49d2 SHA512 3bad4c8417b0c9b68fc6b6b85a4b15c5be8daf672177ce66d7b224b1da7a90f643021adbdd6bc96f95417fc8654c4c6b191cd39f6c1be955946360bfa8e2cb5f DIST libspdm-370b5944c046bab043dd8b133727b2135af7747a.tar.gz 1962880 BLAKE2B 89606315fadcf00b2909f264a6edcb2b900dfe248357ea45c37c5a9c947a4d684866627d85132cc51d44d90853d63814eaf9d2b4acdd1a9621b1d6600ca4a0a4 SHA512 07b2b376a84e86647d7a831ee6686d1cf647033ac339afb7c4ea7846cf4e9f7f529a2866bc68ea172d44f1f1efadc8bf1646c3d7fe7e6b6175286ef9c743b206 +DIST libspdm-50924a4c8145fc721e17208f55814d2b38766fe6.tar.gz 1967479 BLAKE2B fe15ac34fa65a86b13ed3a44959d860dc1bf39fd9a4bd2dcde2d2ec6ad9490f5d7d53320c481f9cf931a636527719c29eb315d178f2bd48cb905216849b633b4 SHA512 f11e748e40b66c37365175ff0ef9c0a695db2e7da50da2cf8a33267064b53e5938cfb1363d27e5ce0a174b2059533352bb8a44c48003db900c6b844167473198 DIST mbedtls-370b5944c046bab043dd8b133727b2135af7747a.tar.gz 4587796 BLAKE2B c28df5c52ac3ed5ef6a2b9eba29f3894d3f5f11083869e8b137cd66d4f72b2a0971c91636ce4626869bd06eeb5e661d90160021f92564b9449fb13001b8e379f SHA512 a421c03c740867210f9e30457bc951928cafec3622e1e304f8c18ce5c5e27c5c8e6c7715180ecb74c6a997e4b91ee160e52b357e1bb65ff76ce8414a87ec4889 +DIST mbedtls-8c89224991adff88d53cd380f42a2baa36f91454.tar.gz 4587796 BLAKE2B c28df5c52ac3ed5ef6a2b9eba29f3894d3f5f11083869e8b137cd66d4f72b2a0971c91636ce4626869bd06eeb5e661d90160021f92564b9449fb13001b8e379f SHA512 a421c03c740867210f9e30457bc951928cafec3622e1e304f8c18ce5c5e27c5c8e6c7715180ecb74c6a997e4b91ee160e52b357e1bb65ff76ce8414a87ec4889 DIST mipi-sys-t-370b5944c046bab043dd8b133727b2135af7747a.tar.gz 378522 BLAKE2B d3f1033e78ad814ebb991e66d8c1437aa3583e91481af9785b97b6021c7c45fb9dcb8d2d58d0a0fe84fbd9f108d24a27234df298eb8a2ba2340e5c9c85c89c40 SHA512 de6888577ceab7ab6915d792f3c48248cfa53357ccd310fc7f7eae4d25a932de8c7c23e5b898c9ebf61cf86cb538277273f2eb131a628b3bf0d46c9a3b9b6686 DIST openssl-d82e959e621a3d597f1e0d50ff8c2d8b96915fd7.tar.gz 10034310 BLAKE2B 6996979dc12a523d565830e7b0943feb682a376f71ddb6f20cb8b9976bb7f12e39f088abaa45d514933ef79c0e4a2933dc6f1af4774fedaa16e74c0081c358e7 SHA512 a89bc652dc4318c5e8a9c594a43d890ca05dfc1acd6b15e2a8ab8b5628b5f33994143ff8024230e07b9e67556b28ea3a5e36763aa72dec20b52022ca8c6f2a7e DIST openssl-de90e54bbe82e5be4fb9608b6f5c308bb837d355.tar.gz 15337569 BLAKE2B bb0b2f4ee7838178e8e23317b6c63048611d805e20c81d6c875d9b515e6dbcf981cda38f031965c9ec45bcab3ac4725cfa793718b0212e92bf53b4c7fc3f4e32 SHA512 4bba15075dacc8c1772a95759cfe8620ff3a9d535e5d3d29bb15e4790cc543555ab45f0b239195361e534eca26249ae1b491b63cbf6b7ecda6f0840c7f6253ac +DIST x64_DBXUpdate_05092023.bin 21170 BLAKE2B 9b74945ef441e65c50116122bc24578c22c8f5f7af94e46322a96bd15035b79c0af4c1fd5366017b347b9aaf3f5791b9d6ea84ef141500700ccf69f708f91389 SHA512 71fb6e8cd6918126b3acd78b95651913336df372e13fdfdfdd20d5d23f0e509050c6c88c8a2c43f8ac44f987df86bd45174bb3065d5a7a8c7e3b8772fd06d624 diff --git a/sys-firmware/edk2/edk2-202408.ebuild b/sys-firmware/edk2/edk2-202408.ebuild new file mode 100644 index 000000000000..383d695f5ac4 --- /dev/null +++ b/sys-firmware/edk2/edk2-202408.ebuild @@ -0,0 +1,255 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_REQ_USE="sqlite" +PYTHON_COMPAT=( python3_{12..13} ) + +inherit edo prefix python-any-r1 readme.gentoo-r1 secureboot toolchain-funcs + +DESCRIPTION="TianoCore EDK II UEFI firmware for virtual machines" +HOMEPAGE="https://github.com/tianocore/edk2"; + +DBXDATE="05092023" # MMDDYYYY +BUNDLED_BROTLI_SUBMODULE_SHA="f4153a09f87cbb9c826d8fc12c74642bb2d879ea" +BUNDLED_LIBSPDM_SUBMODULE_SHA="50924a4c8145fc721e17208f55814d2b38766fe6" +BUNDLED_MBEDTLS_SUBMODULE_SHA="8c89224991adff88d53cd380f42a2baa36f91454" +BUNDLED_MIPI_SYS_T_SUBMODULE_SHA="370b5944c046bab043dd8b133727b2135af7747a" +BUNDLED_OPENSSL_SUBMODULE_SHA="de90e54bbe82e5be4fb9608b6f5c308bb837d355" + +SRC_URI=" + https://github.com/tianocore/${PN}/archive/${PN}-stable${PV}.tar.gz + -> ${P}.tar.gz + https://github.com/google/brotli/archive/${BUNDLED_BROTLI_SUBMODULE_SHA}.tar.gz + -> brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}.tar.gz + https://github.com/DMTF/libspdm/archive/${BUNDLED_LIBSPDM_SUBMODULE_SHA}.tar.gz + -> libspdm-${BUNDLED_LIBSPDM_SUBMODULE_SHA}.tar.gz + https://github.com/Mbed-TLS/mbedtls/archive/${BUNDLED_MBEDTLS_SUBMODULE_SHA}.tar.gz + -> mbedtls-${BUNDLED_MBEDTLS_SUBMODULE_SHA}.tar.gz + https://github.com/MIPI-Alliance/public-mipi-sys-t/archive/${BUNDLED_MIPI_SYS_T_SUBMODULE_SHA}.tar.gz + -> mipi-sys-t-${BUNDLED_MIPI_SYS_T_SUBMODULE_SHA}.tar.gz + https://github.com/openssl/openssl/archive/${BUNDLED_OPENSSL_SUBMODULE_SHA}.tar.gz + -> openssl-${BUNDLED_OPENSSL_SUBMODULE_SHA}.tar.gz + + amd64? ( + https://uefi.org/sites/default/files/resources/x64_DBXUpdate_${DBXDATE}.bin + https://uefi.org/sites/default/files/resources/x64_DBXUpdate.bin -> x64_DBXUpdate_${DBXDATE}.bin + ) +" + +S="${WORKDIR}/${PN}-${PN}-stable${PV}" +LICENSE="BSD-2 MIT" +SLOT="0" +KEYWORDS="-* ~amd64" + +BDEPEND=" + ${PYTHON_DEPS} + app-emulation/qemu + app-emulation/virt-firmware + >=sys-power/iasl-20160729 + amd64? ( >=dev-lang/nasm-2.0.7 ) +" + +RDEPEND=" + !sys-firmware/edk2-ovmf-bin +" + +PATCHES=( + "${FILESDIR}/${PN}-202408-werror.patch" + "${FILESDIR}/${PN}-202408-binutils-2.41-textrels.patch" +) + +DISABLE_AUTOFORMATTING="true" +DIR="/usr/share/${PN}" + +pkg_setup() { + python-any-r1_pkg_setup + secureboot_pkg_setup + + local QEMU_ARCH ARCH_DIRS UNIT0 UNIT1 FMT + + case "${ARCH}" in + amd64) + TARGET_ARCH="X64" + QEMU_ARCH="x86_64" + ARCH_DIRS="${DIR}/OvmfX64" + UNIT0="OVMF_CODE.fd" + UNIT1="OVMF_VARS.fd" + FMT="raw" + ;; + esac + + DOC_CONTENTS="This package includes the TianoCore EDK II UEFI firmware for ${QEMU_ARCH} +virtual machines. The firmware is located under ${ARCH_DIRS}. + +In order to use the firmware, you can run QEMU like so: + + $ qemu-system-${QEMU_ARCH} \\ + -drive file=${EPREFIX}${ARCH_DIRS%% *}/${UNIT0},if=pflash,format=${FMT},unit=0,readonly=on \\ + -drive file=/path/to/the/copy/of/${UNIT1},if=pflash,format=${FMT},unit=1 \\ + ..." + + case "${ARCH}" in + amd64) DOC_CONTENTS+=" + +The firmware does not support CSM due to the lack of a free +implementation. If you need a firmware with CSM support, you have to +download one for yourself. Firmware blobs are commonly labelled: + + OVMF_CODE-with-csm.fd + OVMF_VARS-with-csm.fd" + ;; + esac +} + +link_mod() { + rmdir "$2" && ln -sfT "$1" "$2" || die "linking ${2##*/} failed" +} + +src_prepare() { + # Bundled submodules + link_mod "${WORKDIR}/brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}" \ + BaseTools/Source/C/BrotliCompress/brotli + link_mod "${WORKDIR}/brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}" \ + MdeModulePkg/Library/BrotliCustomDecompressLib/brotli + link_mod "${WORKDIR}/libspdm-${BUNDLED_LIBSPDM_SUBMODULE_SHA}" \ + SecurityPkg/DeviceSecurity/SpdmLib/libspdm + link_mod "${WORKDIR}/mbedtls-${BUNDLED_MBEDTLS_SUBMODULE_SHA}" \ + CryptoPkg/Library/MbedTlsLib/mbedtls + link_mod "${WORKDIR}/public-mipi-sys-t-${BUNDLED_MIPI_SYS_T_SUBMODULE_SHA}" \ + MdePkg/Library/MipiSysTLib/mipisyst + link_mod "${WORKDIR}/openssl-${BUNDLED_OPENSSL_SUBMODULE_SHA}" \ + CryptoPkg/Library/OpensslLib/openssl + + default + + # Fix descriptor paths for prefix. + hprefixify "${FILESDIR}"/descriptors/*.json +} + +mybuild() { + edo build \ + -t "${TOOLCHAIN}" \ + -b "${BUILD_TARGET}" \ + -D NETWORK_HTTP_BOOT_ENABLE \ + -D NETWORK_IP6_ENABLE \ + -D NETWORK_TLS_ENABLE \ + -D TPM1_ENABLE \ + -D TPM2_ENABLE \ + -D TPM2_CONFIG_ENABLE \ + "${BUILD_ARGS[@]}" \ + "${@}" +} + +# Add the MS and Red Hat Secure Boot certificates and update the revocation list +# for the given architecture in the given raw variables image. +mk_fw_vars() { + edo virt-fw-vars \ + --set-dbx "${DISTDIR}/$1_DBXUpdate_${DBXDATE}.bin" \ + --secure-boot --enroll-redhat --inplace "$2" +} + +# Convert the given images from raw to QCOW2 and resize them to the amount given +# as the first argument. Specify 0 to not resize. +raw_to_qcow2() { + local SIZE=$1 RAW + shift + + for RAW in "${@}"; do + edo qemu-img convert -f raw -O qcow2 -o cluster_size=4096 -S 4096 "${RAW}" "${RAW%.fd}.qcow2" + [[ ${SIZE} != 0 ]] && edo qemu-img resize -f qcow2 "${RAW%.fd}.qcow2" "${SIZE}" + rm "${RAW}" || die + done +} + +src_compile() { + TOOLCHAIN="GCC5" + BUILD_TARGET="RELEASE" + BUILD_DIR="${BUILD_TARGET}_${TOOLCHAIN}" + BUILD_ARGS=() + + tc-export_build_env + emake -C BaseTools \ + CC="$(tc-getBUILD_CC)" \ + CXX="$(tc-getBUILD_CXX)" \ + EXTRA_OPTFLAGS="${BUILD_CFLAGS}" \ + EXTRA_LDFLAGS="${BUILD_LDFLAGS}" + + export \ + "${TOOLCHAIN}_${TARGET_ARCH}_PREFIX=${CHOST}-" \ + "${TOOLCHAIN}_BIN=${CHOST}-" + + . ./edksetup.sh + + # DO NOT enable the shell with Secure Boot as it can be used as a bypass! + + case "${ARCH}" in + amd64) + local SIZE + for SIZE in _2M _4M; do + mybuild -a X64 -p OvmfPkg/OvmfPkgX64.dsc \ + -D FD_SIZE${SIZE}B \ + -D BUILD_SHELL=FALSE \ + -D SECURE_BOOT_ENABLE \ + -D SMM_REQUIRE + + mv -T Build/OvmfX64 Build/OvmfX64${SIZE}.secboot || die + + mybuild -a X64 -p OvmfPkg/OvmfPkgX64.dsc \ + -D FD_SIZE${SIZE}B + + mv -T Build/OvmfX64 Build/OvmfX64${SIZE} || die + + mk_fw_vars x64 Build/OvmfX64${SIZE}.secboot/"${BUILD_DIR}"/FV/OVMF_VARS.fd + done + + # Fedora only converts newer images to QCOW2. 2MB images are raw. + raw_to_qcow2 0 Build/OvmfX64_4M*/"${BUILD_DIR}"/FV/OVMF_{CODE,VARS}.fd + ;; + esac +} + +src_install() { + local SIZE TYPE FMT + + case "${ARCH}" in + amd64) + insinto ${DIR}/OvmfX64 + doins Build/OvmfX64_2M/"${BUILD_DIR}"/X64/Shell.efi + + for SIZE in _2M _4M; do + for TYPE in "" .secboot; do + [[ ${SIZE} = _4M ]] && FMT=qcow2 || FMT=fd + newins Build/OvmfX64${SIZE}${TYPE}/"${BUILD_DIR}"/FV/OVMF_CODE.${FMT} OVMF_CODE${SIZE#_2M}${TYPE}.${FMT} + newins Build/OvmfX64${SIZE}${TYPE}/"${BUILD_DIR}"/FV/OVMF_VARS.${FMT} OVMF_VARS${SIZE#_2M}${TYPE}.${FMT} + done + done + + # Compatibility with older package versions. + dosym ${PN}/OvmfX64 /usr/share/edk2-ovmf + ;; + esac + + insinto /usr/share/qemu/firmware + doins "${FILESDIR}"/descriptors/*"${TARGET_ARCH,,}"*.json + + secureboot_auto_sign --in-place + readme.gentoo_create_doc +} + +pkg_preinst() { + local OLD=${EROOT}/usr/share/edk2-ovmf NEW=${EROOT}/${DIR}/OvmfX64 + if [[ -d ${OLD} && ! -L ${OLD} ]]; then + { + rm -vf "${OLD}"/{OVMF_{CODE,CODE.secboot,VARS}.fd,EnrollDefaultKeys.efi,Shell.efi,UefiShell.img} && + mkdir -p "${NEW}" && + find "${OLD}" -mindepth 1 -maxdepth 1 -execdir mv --update=none-fail -vt "${NEW}"/ {} + && + rmdir "${OLD}" + } || die "unable to replace old directory with compatibility symlink" + fi +} + +pkg_postinst() { + readme.gentoo_print_elog +} diff --git a/sys-firmware/edk2/files/descriptors/30-edk2-ovmf-4m-qcow2-x64-sb-enrolled.json b/sys-firmware/edk2/files/descriptors/30-edk2-ovmf-4m-qcow2-x64-sb-enrolled.json new file mode 100644 index 000000000000..b11c77b5680d --- /dev/null +++ b/sys-firmware/edk2/files/descriptors/30-edk2-ovmf-4m-qcow2-x64-sb-enrolled.json @@ -0,0 +1,36 @@ +{ + "description": "OVMF with SB+SMM, SB enabled, MS certs enrolled", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + "mode" : "split", + "executable": { + "filename": "/usr/share/edk2/OvmfX64/OVMF_CODE_4M.secboot.qcow2", + "format": "qcow2" + }, + "nvram-template": { + "filename": "/usr/share/edk2/OvmfX64/OVMF_VARS_4M.secboot.qcow2", + "format": "qcow2" + } + }, + "targets": [ + { + "architecture": "x86_64", + "machines": [ + "pc-q35-*" + ] + } + ], + "features": [ + "acpi-s3", + "enrolled-keys", + "requires-smm", + "secure-boot", + "verbose-dynamic" + ], + "tags": [ + + ] +} diff --git a/sys-firmware/edk2/files/descriptors/31-edk2-ovmf-2m-raw-x64-sb-enrolled.json b/sys-firmware/edk2/files/descriptors/31-edk2-ovmf-2m-raw-x64-sb-enrolled.json new file mode 100644 index 000000000000..ffa28c209905 --- /dev/null +++ b/sys-firmware/edk2/files/descriptors/31-edk2-ovmf-2m-raw-x64-sb-enrolled.json @@ -0,0 +1,36 @@ +{ + "description": "OVMF for x86_64, with SB+SMM, SB enabled, MS certs enrolled", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + "mode" : "split", + "executable": { + "filename": "/usr/share/edk2/OvmfX64/OVMF_CODE.secboot.fd", + "format": "raw" + }, + "nvram-template": { + "filename": "/usr/share/edk2/OvmfX64/OVMF_VARS.secboot.fd", + "format": "raw" + } + }, + "targets": [ + { + "architecture": "x86_64", + "machines": [ + "pc-q35-*" + ] + } + ], + "features": [ + "acpi-s3", + "enrolled-keys", + "requires-smm", + "secure-boot", + "verbose-dynamic" + ], + "tags": [ + + ] +} diff --git a/sys-firmware/edk2/files/descriptors/40-edk2-ovmf-4m-qcow2-x64-sb.json b/sys-firmware/edk2/files/descriptors/40-edk2-ovmf-4m-qcow2-x64-sb.json new file mode 100644 index 000000000000..52daef98cf66 --- /dev/null +++ b/sys-firmware/edk2/files/descriptors/40-edk2-ovmf-4m-qcow2-x64-sb.json @@ -0,0 +1,35 @@ +{ + "description": "OVMF for x86_64, with SB+SMM, empty varstore", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + "mode" : "split", + "executable": { + "filename": "/usr/share/edk2/OvmfX64/OVMF_CODE_4M.secboot.qcow2", + "format": "qcow2" + }, + "nvram-template": { + "filename": "/usr/share/edk2/OvmfX64/OVMF_VARS_4M.qcow2", + "format": "qcow2" + } + }, + "targets": [ + { + "architecture": "x86_64", + "machines": [ + "pc-q35-*" + ] + } + ], + "features": [ + "acpi-s3", + "requires-smm", + "secure-boot", + "verbose-dynamic" + ], + "tags": [ + + ] +} diff --git a/sys-firmware/edk2/files/descriptors/41-edk2-ovmf-2m-raw-x64-sb.json b/sys-firmware/edk2/files/descriptors/41-edk2-ovmf-2m-raw-x64-sb.json new file mode 100644 index 000000000000..358f05927653 --- /dev/null +++ b/sys-firmware/edk2/files/descriptors/41-edk2-ovmf-2m-raw-x64-sb.json @@ -0,0 +1,35 @@ +{ + "description": "OVMF for x86_64, with SB+SMM, empty varstore", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + "mode" : "split", + "executable": { + "filename": "/usr/share/edk2/OvmfX64/OVMF_CODE.secboot.fd", + "format": "raw" + }, + "nvram-template": { + "filename": "/usr/share/edk2/OvmfX64/OVMF_VARS.fd", + "format": "raw" + } + }, + "targets": [ + { + "architecture": "x86_64", + "machines": [ + "pc-q35-*" + ] + } + ], + "features": [ + "acpi-s3", + "requires-smm", + "secure-boot", + "verbose-dynamic" + ], + "tags": [ + + ] +} diff --git a/sys-firmware/edk2/files/descriptors/50-edk2-ovmf-4m-qcow2-x64-nosb.json b/sys-firmware/edk2/files/descriptors/50-edk2-ovmf-4m-qcow2-x64-nosb.json new file mode 100644 index 000000000000..efd4ddbfb632 --- /dev/null +++ b/sys-firmware/edk2/files/descriptors/50-edk2-ovmf-4m-qcow2-x64-nosb.json @@ -0,0 +1,36 @@ +{ + "description": "OVMF for x86_64, without SB+SMM, empty varstore", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + "mode" : "split", + "executable": { + "filename": "/usr/share/edk2/OvmfX64/OVMF_CODE_4M.qcow2", + "format": "qcow2" + }, + "nvram-template": { + "filename": "/usr/share/edk2/OvmfX64/OVMF_VARS_4M.qcow2", + "format": "qcow2" + } + }, + "targets": [ + { + "architecture": "x86_64", + "machines": [ + "pc-i440fx-*", + "pc-q35-*" + ] + } + ], + "features": [ + "acpi-s3", + "amd-sev", + "amd-sev-es", + "verbose-dynamic" + ], + "tags": [ + + ] +} diff --git a/sys-firmware/edk2/files/descriptors/51-edk2-ovmf-2m-raw-x64-nosb.json b/sys-firmware/edk2/files/descriptors/51-edk2-ovmf-2m-raw-x64-nosb.json new file mode 100644 index 000000000000..309ba626b940 --- /dev/null +++ b/sys-firmware/edk2/files/descriptors/51-edk2-ovmf-2m-raw-x64-nosb.json @@ -0,0 +1,36 @@ +{ + "description": "OVMF for x86_64, without SB+SMM, empty varstore", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + "mode" : "split", + "executable": { + "filename": "/usr/share/edk2/OvmfX64/OVMF_CODE.fd", + "format": "raw" + }, + "nvram-template": { + "filename": "/usr/share/edk2/OvmfX64/OVMF_VARS.fd", + "format": "raw" + } + }, + "targets": [ + { + "architecture": "x86_64", + "machines": [ + "pc-i440fx-*", + "pc-q35-*" + ] + } + ], + "features": [ + "acpi-s3", + "amd-sev", + "amd-sev-es", + "verbose-dynamic" + ], + "tags": [ + + ] +}
