From 2bd4c6a7be98037139ea6104f502c61a5d8ba0ed Mon Sep 17 00:00:00 2001 From: Michael Marineau Date: Wed, 5 Nov 2014 13:59:21 -0800 Subject: [PATCH] edk2: fix up UEFI firmware build for QEMU and add secure boot flag --- .../sys-firmware/edk2-ovmf/Manifest | 3 +- .../edk2-ovmf/edk2-ovmf-15309.ebuild | 1 - ...mf-15046.ebuild => edk2-ovmf-16301.ebuild} | 0 .../edk2-ovmf/edk2-ovmf-99999.ebuild | 50 ++++++++++++------- .../edk2-ovmf/files/edk2-nopie.patch | 35 +++++++++++++ 5 files changed, 70 insertions(+), 19 deletions(-) delete mode 120000 sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2-ovmf/edk2-ovmf-15309.ebuild rename sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2-ovmf/{edk2-ovmf-15046.ebuild => edk2-ovmf-16301.ebuild} (100%) create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2-ovmf/files/edk2-nopie.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2-ovmf/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2-ovmf/Manifest index d12875dae0..0778fc55d0 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2-ovmf/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2-ovmf/Manifest @@ -1 +1,2 @@ -DIST edk2-15046.tar.xz 21148204 SHA256 3764f113b04d9d3af9a1152a81866c802885329e6f8bc41dda32b70900fa26f9 SHA512 7073d0f3809dc0f39e7283ffa53201b4d2e30e912f1e50f2e17083181e4867d15535beac192f65575deef0649257378b2ec507772891aec11f9fc99bba4c4c80 WHIRLPOOL 91b78c5c3c805fb207cdc6cfeb52fe5478c0fa914101ef27b5272dc2e6f0b431ff08a1d354e5dd7fba75bfdd2e52a4d05ce014d66b9606f878eee21d65a5407b +DIST edk2-16301.tar.xz 16921196 SHA256 79aa32fafc28a700b571186942fd9008ff0ecdc8fa533a75748f761c53e106c8 SHA512 4ceb9bae39a6db836277fb26de5f84bc22af6afd1f1dfb488650ad437ca34d4d80afe579e462b3edb7db70b38bd0a0b4b871e62bded8fb69e39ecab4cf54b123 WHIRLPOOL 5d72efba117a89c343c3d3abe3f378a048b478a4c67a925524d09e62d1de13adfa5a03cfb5a0a2f6e5b73f9380e0fdda1c485c206aa6b20059d9d7f65c7e313c +DIST openssl-0.9.8zb.tar.gz 3727934 SHA256 950e2298237de1697168debd42860bf41ead618e0c03dc9a3a56e23258e435be SHA512 b563a7d9c7ae602aefb3ba8e5cd54d0460c805b7a4ef0b1b369907d6447f5b1977ebb1e261d37254a487d74d56f40bf825e2a279c6ae56ffcc9b7fd785dc7dbd WHIRLPOOL 60aeeb8171222d358c26361494c2d06f3cc6d66a385f3fcd58005e1220c3819add0e952cd4add16457191d8317b11efcdb7f6ae4696880d21a77c95df2c56a6a diff --git a/sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2-ovmf/edk2-ovmf-15309.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2-ovmf/edk2-ovmf-15309.ebuild deleted file mode 120000 index 4e3f249350..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2-ovmf/edk2-ovmf-15309.ebuild +++ /dev/null @@ -1 +0,0 @@ -edk2-ovmf-99999.ebuild \ No newline at end of file diff --git a/sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2-ovmf/edk2-ovmf-15046.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2-ovmf/edk2-ovmf-16301.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2-ovmf/edk2-ovmf-15046.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2-ovmf/edk2-ovmf-16301.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2-ovmf/edk2-ovmf-99999.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2-ovmf/edk2-ovmf-99999.ebuild index 4421479f9b..6ffd48eaa1 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2-ovmf/edk2-ovmf-99999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2-ovmf/edk2-ovmf-99999.ebuild @@ -4,14 +4,14 @@ EAPI=5 -inherit multiprocessing toolchain-funcs +inherit eutils multiprocessing toolchain-funcs DESCRIPTION="EDK II Open Source UEFI Firmware" HOMEPAGE="http://tianocore.sourceforge.net" LICENSE="BSD-2" SLOT="0" -IUSE="+qemu" +IUSE="debug +qemu secure-boot" if [[ ${PV} == 99999 ]]; then inherit subversion @@ -24,28 +24,37 @@ else KEYWORDS="-* amd64" fi -DEPEND="sys-power/iasl" +OPENSSL_PV="0.9.8zb" +OPENSSL_P="openssl-${OPENSSL_PV}" +SRC_URI+=" mirror://openssl/source/${OPENSSL_P}.tar.gz" + +DEPEND=">=dev-lang/nasm-2.0.7 + sys-power/iasl" RDEPEND="qemu? ( app-emulation/qemu )" -edk_build() { - local package="$1" +src_prepare() { + # This build system is impressively complicated, needless to say + # it does things that get confused by PIE being enabled by default. + # Add -nopie to a few strategic places... :) + if gcc-specs-pie; then + epatch "${FILESDIR}/edk2-nopie.patch" + fi - # Use a subshell since edksetup.sh expects to be sourced. - ( export WORKSPACE="${S}" EDK_TOOLS_PATH="${S}/BaseTools" - source edksetup.sh BaseTools || exit $? - build -p "${package}" \ - -a "${TARGET_ARCH}" \ - -b "${TARGET_NAME}" \ - -t "${TARGET_TOOLS}" \ - -n "${BUILD_JOBS}" || exit $? - ) || die "Building EDK package ${package} failed" + if use secure-boot; then + local openssllib="${S}/CryptoPkg/Library/OpensslLib" + mv "${WORKDIR}/${OPENSSL_P}" "${openssllib}" || die + cd "${openssllib}/${OPENSSL_P}" + epatch "${openssllib}/EDKII_${OPENSSL_P}.patch" + cd "${openssllib}" + sh -e ./Install.sh || die + cd "${S}" + fi } src_configure() { ./edksetup.sh || die - BUILD_JOBS=$(makeopts_jobs) - TARGET_NAME="RELEASE" + TARGET_NAME=$(usex debug DEBUG RELEASE) TARGET_TOOLS="GCC$(gcc-version | tr -d .)" case $ARCH in amd64) TARGET_ARCH=X64 ;; @@ -57,7 +66,14 @@ src_configure() { src_compile() { emake ARCH=${TARGET_ARCH} -C BaseTools -j1 - edk_build OvmfPkg/OvmfPkgX64.dsc + ./OvmfPkg/build.sh \ + -a "${TARGET_ARCH}" \ + -b "${TARGET_NAME}" \ + -t "${TARGET_TOOLS}" \ + -n $(makeopts_jobs) \ + -D SECURE_BOOT_ENABLE=$(usex secure-boot TRUE FALSE) \ + -D FD_SIZE_2MB \ + || die "OvmfPkg/build.sh failed" } src_install() { diff --git a/sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2-ovmf/files/edk2-nopie.patch b/sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2-ovmf/files/edk2-nopie.patch new file mode 100644 index 0000000000..106af5c0a7 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2-ovmf/files/edk2-nopie.patch @@ -0,0 +1,35 @@ +diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template +index f88f860..6c67ffd 100644 +--- a/BaseTools/Conf/tools_def.template ++++ b/BaseTools/Conf/tools_def.template +@@ -3814,7 +3814,7 @@ NOOPT_DDK3790xASL_IPF_DLINK_FLAGS = /NOLOGO /NODEFAULTLIB /LTCG /DLL /OPT:REF + DEBUG_*_*_OBJCOPY_ADDDEBUGFLAG = --add-gnu-debuglink=$(DEBUG_DIR)/$(MODULE_NAME).debug + RELEASE_*_*_OBJCOPY_ADDDEBUGFLAG = + +-DEFINE GCC_ALL_CC_FLAGS = -g -Os -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -c -include AutoGen.h ++DEFINE GCC_ALL_CC_FLAGS = -g -Os -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -c -include AutoGen.h -nopie + DEFINE GCC_IA32_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -m32 -malign-double -freorder-blocks -freorder-blocks-and-partition -O2 -mno-stack-arg-probe + DEFINE GCC_X64_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mno-red-zone -Wno-address -mno-stack-arg-probe + DEFINE GCC_IPF_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -minline-int-divide-min-latency +@@ -3841,7 +3841,7 @@ DEFINE GCC_IPF_RC_FLAGS = -I binary -O elf64-ia64-little -B ia64 + DEFINE GCC_ARM_RC_FLAGS = -I binary -O elf32-littlearm -B arm --rename-section .data=.hii + DEFINE GCC_AARCH64_RC_FLAGS = -I binary -O elf64-littleaarch64 -B aarch64 --rename-section .data=.hii + +-DEFINE GCC44_ALL_CC_FLAGS = -g -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -ffunction-sections -fdata-sections -c -include AutoGen.h -DSTRING_ARRAY_NAME=$(BASE_NAME)Strings ++DEFINE GCC44_ALL_CC_FLAGS = -g -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -ffunction-sections -fdata-sections -c -include AutoGen.h -DSTRING_ARRAY_NAME=$(BASE_NAME)Strings -nopie + DEFINE GCC44_IA32_CC_FLAGS = DEF(GCC44_ALL_CC_FLAGS) -m32 -malign-double -fno-stack-protector -D EFI32 + DEFINE GCC44_X64_CC_FLAGS = DEF(GCC44_ALL_CC_FLAGS) -m64 -fno-stack-protector "-DEFIAPI=__attribute__((ms_abi))" -DNO_BUILTIN_VA_FUNCS -mno-red-zone -Wno-address -mcmodel=large + DEFINE GCC44_IA32_X64_DLINK_COMMON = -nostdlib -n -q --gc-sections --script=$(EDK_TOOLS_PATH)/Scripts/gcc4.4-ld-script +diff --git a/BaseTools/Source/C/Makefiles/header.makefile b/BaseTools/Source/C/Makefiles/header.makefile +index 6a759d9..ec2fbb0 100644 +--- a/BaseTools/Source/C/Makefiles/header.makefile ++++ b/BaseTools/Source/C/Makefiles/header.makefile +@@ -51,7 +51,7 @@ CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-de + else + CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -nostdlib -c -g + endif +-LFLAGS = ++LFLAGS = -nopie + + ifeq ($(ARCH), IA32) + #