mirror of
https://github.com/flatcar/scripts.git
synced 2025-09-29 09:31:06 +02:00
Merge pull request #2434 from flatcar/chewi/new-firmware
Switch from raw to QCOW2 and 2MB to 4MB firmware, adjust firmware variables creation
This commit is contained in:
James Le Cuirot
GitHub
commit
00968ba291
4
.github/workflows/ci.yaml
vendored
4
.github/workflows/ci.yaml
vendored
@ -278,7 +278,7 @@ jobs:
|
||||
scripts/artifacts/images/flatcar_production_image*.txt
|
||||
scripts/artifacts/images/flatcar_production_image*.json
|
||||
scripts/artifacts/images/flatcar_production_image_pcr_policy.zip
|
||||
scripts/artifacts/images/flatcar_production_*_efi_*.fd
|
||||
scripts/artifacts/images/flatcar_production_*_efi_*.qcow2
|
||||
scripts/artifacts/images/flatcar_production_qemu.sh
|
||||
|
||||
- name: Upload developer container
|
||||
@ -317,7 +317,7 @@ jobs:
|
||||
path: |
|
||||
scripts/artifacts/images/*.img
|
||||
scripts/artifacts/images/*.bin
|
||||
scripts/artifacts/images/flatcar_production_*_efi_*.fd
|
||||
scripts/artifacts/images/flatcar_production_*_efi_*.qcow2
|
||||
scripts/artifacts/images/*.txt
|
||||
scripts/artifacts/images/flatcar-*.raw
|
||||
scripts/artifacts/images/flatcar_production_*.sh
|
||||
|
||||
6
.github/workflows/run-kola-tests.yaml
vendored
6
.github/workflows/run-kola-tests.yaml
vendored
@ -162,7 +162,7 @@ jobs:
|
||||
# Extract the generic image we'll use for qemu tests.
|
||||
# Note that the qemu[_uefi] tests use the generic image instead of the
|
||||
# qemu vendor VM image ("Astronaut: [...] Always have been.").
|
||||
mv flatcar_production_image.bin flatcar_production_qemu_uefi_efi_code.fd flatcar_production_qemu_uefi_efi_vars.fd scripts/
|
||||
mv flatcar_production_image.bin flatcar_production_qemu_uefi_efi_code.qcow2 flatcar_production_qemu_uefi_efi_vars.qcow2 scripts/
|
||||
|
||||
mv flatcar_test_update.gz scripts/
|
||||
|
||||
@ -197,8 +197,8 @@ jobs:
|
||||
cat > sdk_container/.env <<EOF
|
||||
# export the QEMU_IMAGE_NAME to avoid to download it.
|
||||
export QEMU_IMAGE_NAME="/work/flatcar_production_image.bin"
|
||||
export QEMU_UEFI_FIRMWARE="/work/flatcar_production_qemu_uefi_efi_code.fd"
|
||||
export QEMU_UEFI_OVMF_VARS="/work/flatcar_production_qemu_uefi_efi_vars.fd"
|
||||
export QEMU_UEFI_FIRMWARE="/work/flatcar_production_qemu_uefi_efi_code.qcow2"
|
||||
export QEMU_UEFI_OVMF_VARS="/work/flatcar_production_qemu_uefi_efi_vars.qcow2"
|
||||
export QEMU_UPDATE_PAYLOAD="/work/flatcar_test_update.gz"
|
||||
export QEMU_DEVCONTAINER_URL="http://${TESTS_WEBSERVER_IP}:${TESTS_WEBSERVER_PORT}"
|
||||
export QEMU_DEVCONTAINER_BINHOST_URL="http://${TESTS_WEBSERVER_IP}:${TESTS_WEBSERVER_PORT}"
|
||||
|
||||
@ -274,8 +274,8 @@ fi
|
||||
|
||||
if [ -n "${VM_PFLASH_RO}" ] && [ -n "${VM_PFLASH_RW}" ]; then
|
||||
set -- \
|
||||
-drive if=pflash,unit=0,file="${SCRIPT_DIR}/${VM_PFLASH_RO}",format=raw,readonly=on \
|
||||
-drive if=pflash,unit=1,file="${SCRIPT_DIR}/${VM_PFLASH_RW}",format=raw "$@"
|
||||
-drive if=pflash,unit=0,file="${SCRIPT_DIR}/${VM_PFLASH_RO}",format=qcow2,readonly=on \
|
||||
-drive if=pflash,unit=1,file="${SCRIPT_DIR}/${VM_PFLASH_RW}",format=qcow2 "$@"
|
||||
fi
|
||||
|
||||
if [ -n "${IGNITION_CONFIG_FILE}" ]; then
|
||||
|
||||
@ -825,25 +825,20 @@ _write_qemu_conf() {
|
||||
}
|
||||
|
||||
_write_qemu_uefi_conf() {
|
||||
local flash_ro="$(_dst_name "_efi_code.fd")"
|
||||
local flash_rw="$(_dst_name "_efi_vars.fd")"
|
||||
local flash_ro="$(_dst_name "_efi_code.qcow2")"
|
||||
local flash_rw="$(_dst_name "_efi_vars.qcow2")"
|
||||
local script="$(_dst_dir)/$(_dst_name ".sh")"
|
||||
|
||||
_write_qemu_conf
|
||||
|
||||
case $BOARD in
|
||||
amd64-usr)
|
||||
cp "/usr/share/edk2-ovmf/OVMF_CODE.fd" "$(_dst_dir)/${flash_ro}"
|
||||
cp "/usr/share/edk2-ovmf/OVMF_VARS.fd" "$(_dst_dir)/${flash_rw}"
|
||||
cp "/usr/share/edk2/OvmfX64/OVMF_CODE_4M.qcow2" "$(_dst_dir)/${flash_ro}"
|
||||
cp "/usr/share/edk2/OvmfX64/OVMF_VARS_4M.qcow2" "$(_dst_dir)/${flash_rw}"
|
||||
;;
|
||||
arm64-usr)
|
||||
# Get edk2 files into local build workspace.
|
||||
info "Updating edk2 in /build/${BOARD}"
|
||||
emerge-${BOARD} --nodeps --select --verbose --update --getbinpkg --newuse sys-firmware/edk2-aarch64
|
||||
cp "${BOARD_ROOT}/usr/share/AAVMF/AAVMF_CODE.fd" "$(_dst_dir)/${flash_ro}"
|
||||
cp "${BOARD_ROOT}/usr/share/AAVMF/AAVMF_VARS.fd" "$(_dst_dir)/${flash_rw}"
|
||||
truncate -s 64M "$(_dst_dir)/${flash_ro}"
|
||||
truncate -s 64M "$(_dst_dir)/${flash_rw}"
|
||||
cp "/usr/share/edk2/ArmVirtQemu-AARCH64/QEMU_EFI.qcow2" "$(_dst_dir)/${flash_ro}"
|
||||
cp "/usr/share/edk2/ArmVirtQemu-AARCH64/QEMU_VARS.qcow2" "$(_dst_dir)/${flash_rw}"
|
||||
;;
|
||||
esac
|
||||
|
||||
@ -866,20 +861,32 @@ _write_qemu_uefi_conf() {
|
||||
}
|
||||
|
||||
_write_qemu_uefi_secure_conf() {
|
||||
local flash_rw="$(_dst_name "_efi_vars.fd")"
|
||||
local flash_ro="$(_dst_name "_efi_code.fd")"
|
||||
local flash_rw="$(_dst_name "_efi_vars.qcow2")"
|
||||
local flash_ro="$(_dst_name "_efi_code.qcow2")"
|
||||
local script="$(_dst_dir)/$(_dst_name ".sh")"
|
||||
local owner="00000000-0000-0000-0000-000000000000"
|
||||
local flash_in
|
||||
|
||||
_write_qemu_uefi_conf
|
||||
cp "/usr/share/edk2-ovmf/OVMF_CODE.secboot.fd" "$(_dst_dir)/${flash_ro}"
|
||||
|
||||
case $BOARD in
|
||||
amd64-usr)
|
||||
cp "/usr/share/edk2/OvmfX64/OVMF_CODE_4M.secboot.qcow2" "$(_dst_dir)/${flash_ro}"
|
||||
flash_in="/usr/share/edk2/OvmfX64/OVMF_VARS_4M.secboot.qcow2"
|
||||
;;
|
||||
arm64-usr)
|
||||
# This firmware is not considered secure due to the lack of an SMM
|
||||
# implementation, which is needed to protect the variable store, but
|
||||
# it's only supposed to be used for testing anyway.
|
||||
cp "/usr/share/edk2/ArmVirtQemu-AARCH64/QEMU_EFI.secboot_INSECURE.qcow2" "$(_dst_dir)/${flash_ro}"
|
||||
flash_in="/usr/share/edk2/ArmVirtQemu-AARCH64/QEMU_VARS.secboot_INSECURE.qcow2"
|
||||
;;
|
||||
esac
|
||||
|
||||
virt-fw-vars \
|
||||
--inplace "$(_dst_dir)/${flash_rw}" \
|
||||
--set-pk "${owner}" /usr/share/sb_keys/PK.crt \
|
||||
--add-kek "${owner}" /usr/share/sb_keys/KEK.crt \
|
||||
--add-db "${owner}" /usr/share/sb_keys/DB.crt \
|
||||
--secure-boot --no-microsoft
|
||||
--input "${flash_in}" \
|
||||
--output "$(_dst_dir)/${flash_rw}" \
|
||||
--add-db "${owner}" /usr/share/sb_keys/DB.crt
|
||||
|
||||
sed -e "s%^SECURE_BOOT=.*%SECURE_BOOT=1%" -i "${script}"
|
||||
}
|
||||
|
||||
2
changelog/changes/2024-11-08-uefi-firmware.md
Normal file
2
changelog/changes/2024-11-08-uefi-firmware.md
Normal file
@ -0,0 +1,2 @@
|
||||
- The UEFI firmware has changed from raw (.fd) format to QCOW2 format. In addition, the amd64 firmware variables are now held in a 4MB image rather than a 2MB image. Note that this firmware is only intended for testing with QEMU. Do not use it in production. ([scripts#2434](https://github.com/flatcar/scripts/pull/2434))
|
||||
- The arm64 UEFI firmware now supports Secure Boot. Be aware that this is not considered secure due to the lack of an SMM implementation, which is needed to protect the variable store. As above, this firmware should not be used in production anyway. ([scripts#2434](https://github.com/flatcar/scripts/pull/2434))
|
||||
@ -65,10 +65,10 @@ QEMU_FIRMWARE="/usr/share/qemu/bios-256k.bin"
|
||||
|
||||
# UEFI firmware filename on build cache.
|
||||
# Published by vms.sh as part of the qemu vendor build.
|
||||
QEMU_UEFI_FIRMWARE="${QEMU_UEFI_FIRMWARE:-flatcar_production_qemu_uefi_efi_code.fd}"
|
||||
QEMU_UEFI_SECURE_FIRMWARE="${QEMU_UEFI_SECURE_FIRMWARE:-flatcar_production_qemu_uefi_secure_efi_code.fd}"
|
||||
QEMU_UEFI_OVMF_VARS="${QEMU_UEFI_OVMF_VARS:-flatcar_production_qemu_uefi_efi_vars.fd}"
|
||||
QEMU_UEFI_SECURE_OVMF_VARS="${QEMU_UEFI_SECURE_OVMF_VARS:-flatcar_production_qemu_uefi_secure_efi_vars.fd}"
|
||||
QEMU_UEFI_FIRMWARE="${QEMU_UEFI_FIRMWARE:-flatcar_production_qemu_uefi_efi_code.qcow2}"
|
||||
QEMU_UEFI_SECURE_FIRMWARE="${QEMU_UEFI_SECURE_FIRMWARE:-flatcar_production_qemu_uefi_secure_efi_code.qcow2}"
|
||||
QEMU_UEFI_OVMF_VARS="${QEMU_UEFI_OVMF_VARS:-flatcar_production_qemu_uefi_efi_vars.qcow2}"
|
||||
QEMU_UEFI_SECURE_OVMF_VARS="${QEMU_UEFI_SECURE_OVMF_VARS:-flatcar_production_qemu_uefi_secure_efi_vars.qcow2}"
|
||||
|
||||
# Update payload for the qemu_update.sh test.
|
||||
# The default path set below is relative to TEST_WORK_DIR
|
||||
|
||||
@ -71,12 +71,19 @@ fi
|
||||
bios="${QEMU_FIRMWARE}"
|
||||
if [ "${CIA_ARCH}" = "arm64" ]; then
|
||||
bios="${QEMU_UEFI_FIRMWARE}"
|
||||
ovmf_vars="${QEMU_UEFI_OVMF_VARS}"
|
||||
if [ -f "${bios}" ] ; then
|
||||
echo "++++ qemu_update.sh: Using existing ./${bios} ++++"
|
||||
else
|
||||
echo "++++ qemu_update.sh: downloading ${bios} for ${CIA_VERNUM} (${CIA_ARCH}) ++++"
|
||||
copy_from_buildcache "images/${CIA_ARCH}/${CIA_VERNUM}/${bios}" .
|
||||
fi
|
||||
if [ -f "${ovmf_vars}" ] ; then
|
||||
echo "++++ ${CIA_TESTSCRIPT}: Using existing ${ovmf_vars} ++++"
|
||||
else
|
||||
echo "++++ ${CIA_TESTSCRIPT}: downloading ${ovmf_vars} for ${CIA_VERNUM} (${CIA_ARCH}) ++++"
|
||||
copy_from_buildcache "images/${CIA_ARCH}/${CIA_VERNUM}/${ovmf_vars}" .
|
||||
fi
|
||||
fi
|
||||
|
||||
query_kola_tests() {
|
||||
@ -118,6 +125,7 @@ run_kola_tests() {
|
||||
--qemu-image="${image}" \
|
||||
--tapfile="${instance_tapfile}" \
|
||||
--update-payload="${QEMU_UPDATE_PAYLOAD}" \
|
||||
"${ovmf_vars:+--qemu-ovmf-vars=${ovmf_vars}}" \
|
||||
${QEMU_KOLA_SKIP_MANGLE:+--qemu-skip-mangle} \
|
||||
"${tests[@]}"
|
||||
}
|
||||
|
||||
@ -7,7 +7,7 @@ if [ "${PLATFORM}" = qemu ]; then
|
||||
BIOS="bios-256k.bin"
|
||||
elif [ "${PLATFORM}" = qemu_uefi ]; then
|
||||
TIMEOUT="14h"
|
||||
BIOS="/mnt/host/source/tmp/flatcar_production_qemu_uefi_efi_code.fd"
|
||||
BIOS="/mnt/host/source/tmp/flatcar_production_qemu_uefi_efi_code.qcow2"
|
||||
else
|
||||
echo "Unknown platform: \"${PLATFORM}\""
|
||||
fi
|
||||
|
||||
@ -52,8 +52,8 @@ function set_vars() {
|
||||
# The local directory ("pwd") will be mounted to /work/ in the container.
|
||||
cat > sdk_container/.env <<EOF
|
||||
export QEMU_IMAGE_NAME=/work/__build__/images/images/${arch@Q}-usr/latest/flatcar_production_image.bin
|
||||
export QEMU_UEFI_FIRMWARE=/work/__build__/images/images/${arch@Q}-usr/latest/flatcar_production_qemu_uefi_efi_code.fd
|
||||
export QEMU_UEFI_OVMF_VARS=/work/__build__/images/images/${arch@Q}-usr/latest/flatcar_production_qemu_uefi_efi_vars.fd
|
||||
export QEMU_UEFI_FIRMWARE=/work/__build__/images/images/${arch@Q}-usr/latest/flatcar_production_qemu_uefi_efi_code.qcow2
|
||||
export QEMU_UEFI_OVMF_VARS=/work/__build__/images/images/${arch@Q}-usr/latest/flatcar_production_qemu_uefi_efi_vars.qcow2
|
||||
export QEMU_UPDATE_PAYLOAD=/work/__build__/images/images/${arch@Q}-usr/latest/flatcar_test_update.gz
|
||||
export PARALLEL_TESTS=${parallel@Q}
|
||||
EOF
|
||||
|
||||
@ -1,7 +1,5 @@
|
||||
## Keys & Certificates
|
||||
|
||||
- PK (Platform Key): The Platform Key is the key to the platform.
|
||||
- KEK (Key Exchange Key): The Key Exchange Key is used to update the signature database.
|
||||
- DB (Signature Database): The signature database is used to validate signed EFI binaries.
|
||||
- Shim Certificates: Our set of certificates
|
||||
|
||||
|
||||
@ -16,10 +16,6 @@ S="${WORKDIR}"
|
||||
|
||||
src_install() {
|
||||
insinto /usr/share/sb_keys
|
||||
newins "${FILESDIR}/PK.key" PK.key
|
||||
newins "${FILESDIR}/PK.crt" PK.crt
|
||||
newins "${FILESDIR}/KEK.key" KEK.key
|
||||
newins "${FILESDIR}/KEK.crt" KEK.crt
|
||||
newins "${FILESDIR}/DB.key" DB.key
|
||||
newins "${FILESDIR}/DB.crt" DB.crt
|
||||
|
||||
@ -1,19 +0,0 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDBzCCAe+gAwIBAgIJAN/ga2oSNhyiMA0GCSqGSIb3DQEBCwUAMBoxGDAWBgNV
|
||||
BAMMD0NvcmVPUyB0ZXN0IEtFSzAeFw0xNTA0MTMxODMzMzRaFw0xNTA1MTMxODMz
|
||||
MzRaMBoxGDAWBgNVBAMMD0NvcmVPUyB0ZXN0IEtFSzCCASIwDQYJKoZIhvcNAQEB
|
||||
BQADggEPADCCAQoCggEBAL/DE8ss0bgdKgLmyQ6CQsAUpeWwLlxMNca+LROR5+UH
|
||||
VAa/Xph30xdfmpydWxUO0Ga1ZnyTfZp+UfOWya9kYkzzmmuKAzC0HLzolSWxQ3sL
|
||||
EDsXEbpfl7KsjDvPuXdVoJukdN8EppqP6DLGjHbY5lk5AfXj7xCP3wHlLzMsPoxu
|
||||
hkfDfZSB0qJ5r+L6egz50Vufvxn1oiolMWh7zorkQaM5i4cP6BEQtan7WNhKDJAZ
|
||||
3fbApmcJyOP7TvWLHcAyuI2FM13J89bc7vrclb2PrtAoijNyDnNImLb187/gC8Ab
|
||||
kHVFIm8KyZ8ZByNoU5hy4bA1U/EEZ+slyIqqKcnWbukCAwEAAaNQME4wHQYDVR0O
|
||||
BBYEFC1uWlFmCG6L18813V9Xy12dQ/MJMB8GA1UdIwQYMBaAFC1uWlFmCG6L1881
|
||||
3V9Xy12dQ/MJMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAEOKN7AS
|
||||
2szIJ4ejcxRJhih5rBFwVkim80rwBX8Ga3sStAAKEpdZC7fjrxXm8UWYbEa8Qisz
|
||||
+O74T7QqXaCRoxh3ij4fgg4clULOfjGGWWEghl4rtpUIsarCk3HWtEzqLWbAQOA0
|
||||
co3B08KbwYhOYfx1MkRE1K6kFKojJ1tod/w9jxY1/w/qmJKFP/vM6//H9dhVPr14
|
||||
4ySqz/NYhb0FZRVGJkeLbXWy4sLZy2Of+ojCRjjAgmY9RAT6ZxovgyXqVBDWfboX
|
||||
4Yp9bAboktfNtX6+9wMIW5bTuZ5yZjK+I+MnHSqbRVh/6T/kh5j5+jdPXnKgZGXy
|
||||
PWAnhbRJTjUAVTY=
|
||||
-----END CERTIFICATE-----
|
||||
@ -1,28 +0,0 @@
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC/wxPLLNG4HSoC
|
||||
5skOgkLAFKXlsC5cTDXGvi0TkeflB1QGv16Yd9MXX5qcnVsVDtBmtWZ8k32aflHz
|
||||
lsmvZGJM85prigMwtBy86JUlsUN7CxA7FxG6X5eyrIw7z7l3VaCbpHTfBKaaj+gy
|
||||
xox22OZZOQH14+8Qj98B5S8zLD6MboZHw32UgdKiea/i+noM+dFbn78Z9aIqJTFo
|
||||
e86K5EGjOYuHD+gRELWp+1jYSgyQGd32wKZnCcjj+071ix3AMriNhTNdyfPW3O76
|
||||
3JW9j67QKIozcg5zSJi29fO/4AvAG5B1RSJvCsmfGQcjaFOYcuGwNVPxBGfrJciK
|
||||
qinJ1m7pAgMBAAECggEAL5jxMc4nJAcBJYU5RIOqo9i8MN3hNAGqm3Ea6S+fGqcO
|
||||
ATrA9SFQ4Q1W6Cbas8hgjA3cqXFGjPFr0AWOfB1zlNwmaSjxj8Y1F+K3Gor8T+84
|
||||
ESKxwMv3cF8J09LEm01Ctz9DzxNtcxHjNa84sEs4Kc9PoEP6U+cSGHtVkuMZh2t9
|
||||
hNad8DfdM2oZi5IPcVcBXr/+QmyjereKlTij5BPSdeKw2JKprv0NWgzuZkDlhtAF
|
||||
aSNLkODk3NT9+zMSqvuSkNkWuvcl8kFG32strHzsEKneugEbLQPLwEA2hRz6gDo2
|
||||
alPUo9shg4o54r47pascVJjbiFPevIvF0GTgmv/VAQKBgQDodWPClJZiyifJ6M65
|
||||
V4p+N4evhr6xBTxYMTfXoXIT6IwqyiDyhDnjUApM9wwr9YTxixJukAdcdDnWOMJb
|
||||
qR2JquGXeChPAArH69FzsuybVXURpBiIOBBNFmWf/T97Aw55l6OXxzA/aAuQMFyF
|
||||
H8zEQddC57yEMIpToTuNkNq8CQKBgQDTLpvNtsqKBxIpnybv2gRo2MDgJtk+PGu/
|
||||
UN3f1GDP1C9nhEVWb1n4v7n9bhYs5zra3vYkgvr317QVAbKF+PUmIPLmid5gN8J5
|
||||
46+qdVvK88UPJye2cuIrHO/XScWiC95SzQo6KfVNqawLJhioZ3OlK69pOcLoXWsO
|
||||
/nJC5i6T4QKBgQCM6hx/Z/OCD2nvS+GFGTwrJx5pmRUf2jyqeauQW53704yko8M1
|
||||
QFKXKX4VCe2m+D6O7e9OdqD/urUU13N6fRoayivW1lAZE711U860hFJKF5PQDdmR
|
||||
Oesnz9vrEGna+A9eRj41U9o7labs0WREjvJiRkdnl3L/7yzrZWHkf1sZgQKBgQDJ
|
||||
X49oKR6XYci68a0yV8WOqOm6lLDhPMJNy3HXBvBOHXoajrGDi2jS3xgehoQUy2V+
|
||||
4c763/8qqIBq65RtVgmGEzMsDFmFjIYgrrGKrKAcNjk5is++lWv/SneV5h3TuNeG
|
||||
Q0i2T94+8UVB2FD4/LT00mRQxaiK5NG6mX0hN9dAYQKBgEC8GarO5+lPEXNhkqcM
|
||||
rWBtZTszTP9WGs0nB6+ZGZ+23uMwNA/6YZvyvAssfJ9yr4pyI/r2WH0rHa9146s0
|
||||
rJx+Xs/TSbGRYDq7BcwjN3DuSvoCg/0arVeoptrmoDIrFOzhlgQWdrIOMqVKTNKi
|
||||
s/B7OsUuIhJ7HAJSatt2uzam
|
||||
-----END PRIVATE KEY-----
|
||||
@ -1,19 +0,0 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDBTCCAe2gAwIBAgIJAPrtEex/4ln3MA0GCSqGSIb3DQEBCwUAMBkxFzAVBgNV
|
||||
BAMMDkNvcmVPUyB0ZXN0IFBLMB4XDTE1MDQxMzE4MzMyMloXDTE1MDUxMzE4MzMy
|
||||
MlowGTEXMBUGA1UEAwwOQ29yZU9TIHRlc3QgUEswggEiMA0GCSqGSIb3DQEBAQUA
|
||||
A4IBDwAwggEKAoIBAQCrAWnfZoNaw4FVFbdkQo+aBTjMnaEs643EdqoXRn8ohmJu
|
||||
gCnNNy4mcwsxrx7ksSyfU3ZeVeFXFcydAt53F0hFLsWEi/Riw59AImOuyOXxcrK5
|
||||
CAzaOqWIs0RvDqvEJjm7JSuOVndeTVFp7d/2up0zJoXltMaZLs3748AyI29aL2jr
|
||||
PEW8+FZRqp/z9/EWpifcPZXFzqc7QYTwamfznwqUIFXMLqW5bREroFpZ9MMTmc86
|
||||
WMQYUySPdCxvQKKgvGyf0qYWVw2mPp6jZZF84dELn1FvNJ4AMIa/d2TGSkNOpPkn
|
||||
0VTWtmJTZoY2n/0/KHFQPT1Ot7M9/s6pRd8IIfDzAgMBAAGjUDBOMB0GA1UdDgQW
|
||||
BBRHBFY7ba7b2aOujtUZB1dHVQUqFDAfBgNVHSMEGDAWgBRHBFY7ba7b2aOujtUZ
|
||||
B1dHVQUqFDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCT3Xs/My5E
|
||||
ST//7SrupTakH+QRd7/qIFj2/coXuWE0Qp9cWiWIy9GDyd0oyQsKQklVbuLArju4
|
||||
N8oekgtJnNoYbJnLs0JPfAIC5Np3wYTNCyjVi8kSyKSWdXM2vKkycG023sFiFdSk
|
||||
0pgmwCO1E8fGxe9YDjCdtRTp8+j6m5GrRkl3YYfqYtUFfXy+BhcKs1H6AlfaKAZH
|
||||
m1fYDGmGGuOTij/5yEyY38NJybjL8Aak89nwuVrHm76whldsA3LfPYenjLk5qTd8
|
||||
yEYgvoajAZDIXkT05F9E9SdSaob2ZK1nDp98kG+rnv7dN/xQVfaKywuM3cdy5TKk
|
||||
VqV0ENF7w+O5
|
||||
-----END CERTIFICATE-----
|
||||
@ -1,28 +0,0 @@
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCrAWnfZoNaw4FV
|
||||
FbdkQo+aBTjMnaEs643EdqoXRn8ohmJugCnNNy4mcwsxrx7ksSyfU3ZeVeFXFcyd
|
||||
At53F0hFLsWEi/Riw59AImOuyOXxcrK5CAzaOqWIs0RvDqvEJjm7JSuOVndeTVFp
|
||||
7d/2up0zJoXltMaZLs3748AyI29aL2jrPEW8+FZRqp/z9/EWpifcPZXFzqc7QYTw
|
||||
amfznwqUIFXMLqW5bREroFpZ9MMTmc86WMQYUySPdCxvQKKgvGyf0qYWVw2mPp6j
|
||||
ZZF84dELn1FvNJ4AMIa/d2TGSkNOpPkn0VTWtmJTZoY2n/0/KHFQPT1Ot7M9/s6p
|
||||
Rd8IIfDzAgMBAAECggEAZI/0Ptf+LwYBrJOUwXUTFbQ0br/T5KKxP/O4mu9uH9rH
|
||||
T8w2yOPGU/4beyBMvpgicZ+XYGqIlbnQFhV11frvGSAkL4pOMTZxFDok/MhP0Olu
|
||||
iLlfNYZ/iiBCAj1SbYs9L/zv3Eik8ePuGKk2p9WeVFI3M5pXoAWSRKruf42vEg0Q
|
||||
mAvjpabEFi41RavmO6EuDt5m6VOO3wgGXBZw/+skTtCtlhABK08aggV4a1jrrAJX
|
||||
FVH8+XmYG7xknxMLxQYSuG1H0n86iext1+jtL74qd51PeaVzfXfE00xjnM08naV+
|
||||
XivpwhxsSo0aSMsuOipvMefvQDDwbYVN1RVlEIDuoQKBgQDhRy7j2Dz1zN+C0Bg3
|
||||
X2xInQGHq3MineGa/DCzN17rGT0jYB/9FMZTSfk60RNzFacHgLhfSxk0sPfBdi+J
|
||||
WGWjm48nVz/vsx6V8DNOYiHoi2DxdpHoohUzdxKccySnv1vMDcVRQg3gb47UNp0p
|
||||
FRqi/g47Ts+JSLS29X6vqB/iBwKBgQDCU31L4ipLXOWbiJDQVGq5A0N0zAo2j+Jx
|
||||
Kr3G+R72XRHTBLCvverayCwrI+fvUyvAeUs/trswQ/PmXdkmg40EEJDCJ87ktfEW
|
||||
MfgRJhloPJkyTf+JKaLlUQwgV7YVtV932EWC8V9Rdcf8rNZ9gt9TiiwGOTCrNDH4
|
||||
tL1d1T9OtQKBgAXgw5pyU/Td6Z8SKu+W785dOmL92D04/V/74JFsim978xpvMaZ6
|
||||
2knmDji4p9dC417Qvv7NiNTVIUHNAaSFx/Ei5/NQ1Xw9ojirUctjyBq3OEpUm64E
|
||||
PKVhH/0xC+3MkmqamWFrZc1LW+CxpBwkTtOd6WUmw0eDvCNh+HJA4sQVAoGBAKFN
|
||||
rDPRCEqGUhFIyuwjJnNswhGxTMj9pnlJgT4ojAr0NldzDTbT7p6sif1FUMDXyPl7
|
||||
tXqts7PctBgEzrupduRo28BOSu6OGBDUaZXSikR8CK45EGRKq2yuWeJ+7CYY56YT
|
||||
X5/Ru81idx7GWUTV3Yr6ppCD6GI0cUaAwK+i02oBAoGAcCho+7uZ0+I2BkR9Fxz/
|
||||
gdHgL3Cw5o3x7i1erXXCoxN9YLHwidOtj9w+8IS9dSY9ii08w8LE4BXpgoFe+TGU
|
||||
yXgEnl8qOUAcXKMu4jRj4LqNaJWXnAZ7J+1WJZ4h7ygGEJh0aYByiUdL5aShs/YJ
|
||||
CevUdCQxnWbrAySfMEMIXg0=
|
||||
-----END PRIVATE KEY-----
|
||||
@ -76,7 +76,6 @@ RDEPEND="${RDEPEND}
|
||||
amd64? (
|
||||
app-emulation/xenserver-pv-version
|
||||
app-emulation/xenstore
|
||||
sys-boot/mokutil
|
||||
)"
|
||||
|
||||
# sys-devel/gettext: it embeds 'envsubst' binary which is useful for simple file templating.
|
||||
@ -185,6 +184,7 @@ RDEPEND="${RDEPEND}
|
||||
sys-block/open-iscsi
|
||||
sys-block/parted
|
||||
sys-boot/efibootmgr
|
||||
sys-boot/mokutil
|
||||
sys-cluster/ipvsadm
|
||||
sys-devel/gettext
|
||||
sys-fs/btrfs-progs
|
||||
|
||||
@ -56,10 +56,9 @@ USE="${USE} bindist"
|
||||
# no-source-code - license for sys-kernel/coreos-firmware
|
||||
# linux-fw-redistributable - license for sys-kernel/coreos-firmware
|
||||
# freedist - license for sys-kernel/coreos-kernel
|
||||
# BSD-2-Clause-Patent - license for sys-firmware/edk2-aarch64
|
||||
# intel-ucode - license for sys-firmware/intel-microcode
|
||||
ACCEPT_LICENSE="${ACCEPT_LICENSE} no-source-code
|
||||
linux-fw-redistributable freedist BSD-2-Clause-Patent intel-ucode"
|
||||
linux-fw-redistributable freedist intel-ucode"
|
||||
|
||||
# Favor our own mirrors over Gentoo's
|
||||
GENTOO_MIRRORS="
|
||||
|
||||
@ -107,7 +107,7 @@
|
||||
=sys-apps/zram-generator-1.1.2 ~arm64
|
||||
|
||||
# Upgrade to latest version for secureboot
|
||||
=sys-boot/mokutil-0.6.0 ~amd64
|
||||
=sys-boot/mokutil-0.6.0 ~amd64 ~arm64
|
||||
|
||||
# Enable ipvsadm for arm64.
|
||||
=sys-cluster/ipvsadm-1.31-r1 ~arm64
|
||||
|
||||
@ -1 +0,0 @@
|
||||
DIST edk2-aarch64-20230524-3.fc38.noarch.rpm 7363923 BLAKE2B 75ff00ea1e988148fbc9a56b8ee3eb44bdec5ceb51b554c3d298191feeb2c876f43740aa3608d3e4b4cc3223aa6bfd8a275f8c6f4c92595af07498b5d6ee68af SHA512 bfe814e0b2230104887a2638f6871fda54cde65937c93226c56cac1a4e1a915b474d690e2862f71ecfc584c3c74d5a091482e038cfc83de9091e5dc49916119b
|
||||
@ -1,23 +0,0 @@
|
||||
# Copyright (c) 2024 The Flatcar Maintainers.
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
|
||||
EAPI=8
|
||||
|
||||
inherit rpm
|
||||
|
||||
DESCRIPTION="Fedora's build of edk2 ARM64 EFI firmware"
|
||||
HOMEPAGE="https://packages.fedoraproject.org/pkgs/edk2/edk2-aarch64/"
|
||||
SRC_URI="https://kojipkgs.fedoraproject.org//packages/edk2/20230524/3.fc38/noarch/edk2-aarch64-20230524-3.fc38.noarch.rpm"
|
||||
|
||||
LICENSE="BSD-2-Clause-Patent openssl"
|
||||
SLOT="0"
|
||||
KEYWORDS="amd64 arm64"
|
||||
|
||||
S="${WORKDIR}"
|
||||
|
||||
src_install() {
|
||||
# Avoid collision with qemu installed config file
|
||||
mv usr/share/qemu/firmware/{60,61}-edk2-aarch64.json
|
||||
insinto /
|
||||
doins -r *
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user