From 06b5426d41f7300687fc4e248a96956ea1e3466f Mon Sep 17 00:00:00 2001
From: James Le Cuirot <jlecuirot@microsoft.com>
Date: Wed, 2 Oct 2024 11:40:17 +0100
Subject: [PATCH] sys-firmware/edk2-aarch64: Drop in favour of edk2-bin

edk2-bin now supports multiple platforms, including QEMU on arm64, so we
no longer need to use Fedora's build. Note that the Secure Boot
implementation is currently insecure as it lacks SMM, which is needed to
protect the EFI variable store.

Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
---
 build_library/vm_image_util.sh                | 17 +++++++++-----
 .../profiles/coreos/base/make.defaults        |  3 +--
 .../sys-firmware/edk2-aarch64/Manifest        |  1 -
 .../edk2-aarch64/edk2-aarch64-20220221.ebuild | 23 -------------------
 4 files changed, 12 insertions(+), 32 deletions(-)
 delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2-aarch64/Manifest
 delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2-aarch64/edk2-aarch64-20220221.ebuild

diff --git a/build_library/vm_image_util.sh b/build_library/vm_image_util.sh
index 5290e7390e..6cf937036b 100644
--- a/build_library/vm_image_util.sh
+++ b/build_library/vm_image_util.sh
@@ -828,11 +828,8 @@ _write_qemu_uefi_conf() {
             cp "/usr/share/edk2/OvmfX64/OVMF_VARS_4M.qcow2" "$(_dst_dir)/${flash_rw}"
             ;;
         arm64-usr)
-            # Get edk2 files into local build workspace.
-            info "Updating edk2 in /build/${BOARD}"
-            emerge-${BOARD} --nodeps --select --verbose --update --getbinpkg --newuse sys-firmware/edk2-aarch64
-            cp "${BOARD_ROOT}/usr/share/edk2/aarch64/QEMU_EFI-silent-pflash.qcow2" "$(_dst_dir)/${flash_ro}"
-            cp "${BOARD_ROOT}/usr/share/edk2/aarch64/vars-template-pflash.qcow2" "$(_dst_dir)/${flash_rw}"
+            cp "/usr/share/edk2/ArmVirtQemu-AARCH64/QEMU_EFI.qcow2" "$(_dst_dir)/${flash_ro}"
+            cp "/usr/share/edk2/ArmVirtQemu-AARCH64/QEMU_VARS.qcow2" "$(_dst_dir)/${flash_rw}"
             ;;
     esac
 
@@ -861,7 +858,15 @@ _write_qemu_uefi_secure_conf() {
     local owner="00000000-0000-0000-0000-000000000000"
 
     _write_qemu_uefi_conf
-    cp "/usr/share/edk2/OvmfX64/OVMF_CODE_4M.secboot.qcow2" "$(_dst_dir)/${flash_ro}"
+
+    case $BOARD in
+        amd64-usr)
+            cp "/usr/share/edk2/OvmfX64/OVMF_CODE_4M.secboot.qcow2" "$(_dst_dir)/${flash_ro}"
+            ;;
+        arm64-usr)
+            cp "/usr/share/edk2/ArmVirtQemu-AARCH64/QEMU_EFI.secboot_INSECURE.qcow2" "$(_dst_dir)/${flash_ro}"
+            ;;
+    esac
 
     virt-fw-vars \
         --inplace "$(_dst_dir)/${flash_rw}" \
diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/make.defaults b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/make.defaults
index 8cbfe510c7..d339b275f8 100644
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/make.defaults
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/make.defaults
@@ -56,10 +56,9 @@ USE="${USE} bindist"
 # no-source-code - license for sys-kernel/coreos-firmware
 # linux-fw-redistributable - license for sys-kernel/coreos-firmware
 # freedist - license for sys-kernel/coreos-kernel
-# BSD-2-Clause-Patent - license for sys-firmware/edk2-aarch64
 # intel-ucode - license for sys-firmware/intel-microcode
 ACCEPT_LICENSE="${ACCEPT_LICENSE} no-source-code
-    linux-fw-redistributable freedist BSD-2-Clause-Patent intel-ucode"
+    linux-fw-redistributable freedist intel-ucode"
 
 # Favor our own mirrors over Gentoo's
 GENTOO_MIRRORS="
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2-aarch64/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2-aarch64/Manifest
deleted file mode 100644
index 22b3138c39..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2-aarch64/Manifest
+++ /dev/null
@@ -1 +0,0 @@
-DIST edk2-aarch64-20230524-3.fc38.noarch.rpm 7363923 BLAKE2B 75ff00ea1e988148fbc9a56b8ee3eb44bdec5ceb51b554c3d298191feeb2c876f43740aa3608d3e4b4cc3223aa6bfd8a275f8c6f4c92595af07498b5d6ee68af SHA512 bfe814e0b2230104887a2638f6871fda54cde65937c93226c56cac1a4e1a915b474d690e2862f71ecfc584c3c74d5a091482e038cfc83de9091e5dc49916119b
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2-aarch64/edk2-aarch64-20220221.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2-aarch64/edk2-aarch64-20220221.ebuild
deleted file mode 100644
index d1fead7ff0..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2-aarch64/edk2-aarch64-20220221.ebuild
+++ /dev/null
@@ -1,23 +0,0 @@
-# Copyright (c) 2024 The Flatcar Maintainers.
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit rpm
-
-DESCRIPTION="Fedora's build of edk2 ARM64 EFI firmware"
-HOMEPAGE="https://packages.fedoraproject.org/pkgs/edk2/edk2-aarch64/"
-SRC_URI="https://kojipkgs.fedoraproject.org//packages/edk2/20230524/3.fc38/noarch/edk2-aarch64-20230524-3.fc38.noarch.rpm"
-
-LICENSE="BSD-2-Clause-Patent openssl"
-SLOT="0"
-KEYWORDS="amd64 arm64"
-
-S="${WORKDIR}"
-
-src_install() {
-	# Avoid collision with qemu installed config file
-	mv usr/share/qemu/firmware/{60,61}-edk2-aarch64.json
-	insinto /
-	doins -r *
-}