edk2: fix up UEFI firmware build for QEMU and add secure boot flag

2025-08-21 06:21:08 +02:00 · 2014-11-05 13:59:21 -08:00 · 2014-11-05 13:59:21 -08:00 · 2bd4c6a7be
commit 2bd4c6a7be
parent 73a1e46a97
5 changed files with 70 additions and 19 deletions
--- a/sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2-ovmf/Manifest
+++ b/sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2-ovmf/Manifest
@ -1 +1,2 @@
-DIST edk2-15046.tar.xz 21148204 SHA256 3764f113b04d9d3af9a1152a81866c802885329e6f8bc41dda32b70900fa26f9 SHA512 7073d0f3809dc0f39e7283ffa53201b4d2e30e912f1e50f2e17083181e4867d15535beac192f65575deef0649257378b2ec507772891aec11f9fc99bba4c4c80 WHIRLPOOL 91b78c5c3c805fb207cdc6cfeb52fe5478c0fa914101ef27b5272dc2e6f0b431ff08a1d354e5dd7fba75bfdd2e52a4d05ce014d66b9606f878eee21d65a5407b
+DIST edk2-16301.tar.xz 16921196 SHA256 79aa32fafc28a700b571186942fd9008ff0ecdc8fa533a75748f761c53e106c8 SHA512 4ceb9bae39a6db836277fb26de5f84bc22af6afd1f1dfb488650ad437ca34d4d80afe579e462b3edb7db70b38bd0a0b4b871e62bded8fb69e39ecab4cf54b123 WHIRLPOOL 5d72efba117a89c343c3d3abe3f378a048b478a4c67a925524d09e62d1de13adfa5a03cfb5a0a2f6e5b73f9380e0fdda1c485c206aa6b20059d9d7f65c7e313c
+DIST openssl-0.9.8zb.tar.gz 3727934 SHA256 950e2298237de1697168debd42860bf41ead618e0c03dc9a3a56e23258e435be SHA512 b563a7d9c7ae602aefb3ba8e5cd54d0460c805b7a4ef0b1b369907d6447f5b1977ebb1e261d37254a487d74d56f40bf825e2a279c6ae56ffcc9b7fd785dc7dbd WHIRLPOOL 60aeeb8171222d358c26361494c2d06f3cc6d66a385f3fcd58005e1220c3819add0e952cd4add16457191d8317b11efcdb7f6ae4696880d21a77c95df2c56a6a
--- a/sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2-ovmf/edk2-ovmf-15309.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2-ovmf/edk2-ovmf-15309.ebuild
@ -1 +0,0 @@
-edk2-ovmf-99999.ebuild
--- a/sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2-ovmf/edk2-ovmf-16301.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2-ovmf/edk2-ovmf-16301.ebuild
--- a/sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2-ovmf/edk2-ovmf-99999.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2-ovmf/edk2-ovmf-99999.ebuild
@ -4,14 +4,14 @@

 EAPI=5

-inherit multiprocessing toolchain-funcs
+inherit eutils multiprocessing toolchain-funcs

 DESCRIPTION="EDK II Open Source UEFI Firmware"
 HOMEPAGE="http://tianocore.sourceforge.net"

 LICENSE="BSD-2"
 SLOT="0"
-IUSE="+qemu"
+IUSE="debug +qemu secure-boot"

 if [[ ${PV} == 99999 ]]; then
 	inherit subversion
@ -24,28 +24,37 @@ else
 	KEYWORDS="-* amd64"
 fi

-DEPEND="sys-power/iasl"
+OPENSSL_PV="0.9.8zb"
+OPENSSL_P="openssl-${OPENSSL_PV}"
+SRC_URI+=" mirror://openssl/source/${OPENSSL_P}.tar.gz"
+
+DEPEND=">=dev-lang/nasm-2.0.7
+	sys-power/iasl"
 RDEPEND="qemu? ( app-emulation/qemu )"

-edk_build() {
-	local package="$1"
+src_prepare() {
+	# This build system is impressively complicated, needless to say
+	# it does things that get confused by PIE being enabled by default.
+	# Add -nopie to a few strategic places... :)
+	if gcc-specs-pie; then
+		epatch "${FILESDIR}/edk2-nopie.patch"
+	fi

-	# Use a subshell since edksetup.sh expects to be sourced.
-	( export WORKSPACE="${S}" EDK_TOOLS_PATH="${S}/BaseTools"
-	source edksetup.sh BaseTools || exit $?
-	build -p "${package}" \
-		-a "${TARGET_ARCH}" \
-		-b "${TARGET_NAME}" \
-		-t "${TARGET_TOOLS}" \
-		-n "${BUILD_JOBS}" || exit $?
-	) || die "Building EDK package ${package} failed"
+	if use secure-boot; then
+		local openssllib="${S}/CryptoPkg/Library/OpensslLib"
+		mv "${WORKDIR}/${OPENSSL_P}" "${openssllib}" || die
+		cd "${openssllib}/${OPENSSL_P}"
+		epatch "${openssllib}/EDKII_${OPENSSL_P}.patch"
+		cd "${openssllib}"
+		sh -e ./Install.sh || die
+		cd "${S}"
+	fi
 }

 src_configure() {
 	./edksetup.sh || die

-	BUILD_JOBS=$(makeopts_jobs)
-	TARGET_NAME="RELEASE"
+	TARGET_NAME=$(usex debug DEBUG RELEASE)
 	TARGET_TOOLS="GCC$(gcc-version | tr -d .)"
 	case $ARCH in
 		amd64)	TARGET_ARCH=X64 ;;
@ -57,7 +66,14 @@ src_configure() {
 src_compile() {
 	emake ARCH=${TARGET_ARCH} -C BaseTools -j1

-	edk_build OvmfPkg/OvmfPkgX64.dsc
+	./OvmfPkg/build.sh \
+		-a "${TARGET_ARCH}" \
+		-b "${TARGET_NAME}" \
+		-t "${TARGET_TOOLS}" \
+		-n $(makeopts_jobs) \
+		-D SECURE_BOOT_ENABLE=$(usex secure-boot TRUE FALSE) \
+		-D FD_SIZE_2MB \
+		|| die "OvmfPkg/build.sh failed"
 }

 src_install() {
--- a/sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2-ovmf/files/edk2-nopie.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2-ovmf/files/edk2-nopie.patch
@ -0,0 +1,35 @@
+diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template
+index f88f860..6c67ffd 100644
+--- a/BaseTools/Conf/tools_def.template
+++ b/BaseTools/Conf/tools_def.template
+@@ -3814,7 +3814,7 @@ NOOPT_DDK3790xASL_IPF_DLINK_FLAGS    = /NOLOGO /NODEFAULTLIB /LTCG /DLL /OPT:REF
+ DEBUG_*_*_OBJCOPY_ADDDEBUGFLAG     = --add-gnu-debuglink=$(DEBUG_DIR)/$(MODULE_NAME).debug
+ RELEASE_*_*_OBJCOPY_ADDDEBUGFLAG   =
+ 
+-DEFINE GCC_ALL_CC_FLAGS            = -g -Os -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -c -include AutoGen.h
+DEFINE GCC_ALL_CC_FLAGS            = -g -Os -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -c -include AutoGen.h -nopie
+ DEFINE GCC_IA32_CC_FLAGS           = DEF(GCC_ALL_CC_FLAGS) -m32 -malign-double -freorder-blocks -freorder-blocks-and-partition -O2 -mno-stack-arg-probe
+ DEFINE GCC_X64_CC_FLAGS            = DEF(GCC_ALL_CC_FLAGS) -mno-red-zone -Wno-address -mno-stack-arg-probe
+ DEFINE GCC_IPF_CC_FLAGS            = DEF(GCC_ALL_CC_FLAGS) -minline-int-divide-min-latency
+@@ -3841,7 +3841,7 @@ DEFINE GCC_IPF_RC_FLAGS            = -I binary -O elf64-ia64-little   -B ia64
+ DEFINE GCC_ARM_RC_FLAGS            = -I binary -O elf32-littlearm     -B arm     --rename-section .data=.hii
+ DEFINE GCC_AARCH64_RC_FLAGS        = -I binary -O elf64-littleaarch64 -B aarch64 --rename-section .data=.hii
+ 
+-DEFINE GCC44_ALL_CC_FLAGS            = -g -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -ffunction-sections -fdata-sections -c -include AutoGen.h -DSTRING_ARRAY_NAME=$(BASE_NAME)Strings
+DEFINE GCC44_ALL_CC_FLAGS            = -g -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -ffunction-sections -fdata-sections -c -include AutoGen.h -DSTRING_ARRAY_NAME=$(BASE_NAME)Strings -nopie
+ DEFINE GCC44_IA32_CC_FLAGS           = DEF(GCC44_ALL_CC_FLAGS) -m32 -malign-double -fno-stack-protector -D EFI32
+ DEFINE GCC44_X64_CC_FLAGS            = DEF(GCC44_ALL_CC_FLAGS) -m64 -fno-stack-protector "-DEFIAPI=__attribute__((ms_abi))" -DNO_BUILTIN_VA_FUNCS -mno-red-zone -Wno-address -mcmodel=large
+ DEFINE GCC44_IA32_X64_DLINK_COMMON   = -nostdlib -n -q --gc-sections --script=$(EDK_TOOLS_PATH)/Scripts/gcc4.4-ld-script
+diff --git a/BaseTools/Source/C/Makefiles/header.makefile b/BaseTools/Source/C/Makefiles/header.makefile
+index 6a759d9..ec2fbb0 100644
+--- a/BaseTools/Source/C/Makefiles/header.makefile
+++ b/BaseTools/Source/C/Makefiles/header.makefile
+@@ -51,7 +51,7 @@ CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-de
+ else
+ CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -nostdlib -c -g
+ endif
+-LFLAGS =
+LFLAGS = -nopie
+ 
+ ifeq ($(ARCH), IA32)
+ #