Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--sys-firmware/edk2/Manifest2
-rw-r--r--sys-firmware/edk2/edk2-202408.ebuild56
-rw-r--r--sys-firmware/edk2/files/descriptors/30-edk2-aarch64-qcow2-sb-enrolled.json33
-rw-r--r--sys-firmware/edk2/files/descriptors/40-edk2-aarch64-qcow2-sb.json32
-rw-r--r--sys-firmware/edk2/files/descriptors/50-edk2-aarch64-qcow2-nosb.json32
5 files changed, 154 insertions, 1 deletions
diff --git a/sys-firmware/edk2/Manifest b/sys-firmware/edk2/Manifest
index 387cceab5930..22459411e25d 100644
--- a/sys-firmware/edk2/Manifest
+++ b/sys-firmware/edk2/Manifest
@@ -1,3 +1,4 @@
+DIST arm64_DBXUpdate_05092023.bin 4610 BLAKE2B 4c6628e5c297a26ca5a1235e377a794fdc18f8201dc7bcb134eb5dd164cc16497ff8d7e598509a61dadf3aa6e8525c9c9e4ca597af62a1c93f97945594517303 SHA512 5a2816e3ff73fef1d258c1418a09b264291408493147399da6b71b6a20bd6b347c00153e22589b2635172cdc57de404ff423be41a6c382a9b25ee9a76922f397
DIST brotli-f4153a09f87cbb9c826d8fc12c74642bb2d879ea.tar.gz 512229 BLAKE2B cd86cc2cc7eefad24f87cda8006409bf764922b5f23ccfb951e7a41214b12004ce532b11f94f5fb858b3bf71f9abf8ef17ba219fa96bd5be23b51873afad0fd5 SHA512 7f48e794e738b31c2005e7cef6d8c0cc0d543f1cd8c137ae8ba14602cac2873de6299a3f32ad52be869f513e7548341353ed049609daef1063975694d9a9b80b
DIST edk2-202408.tar.gz 17548980 BLAKE2B 12723a593d2767577f74cfa69f4a02ec784347994af6eb77aea7eb9e9e9f7fedb6b47698af2f07ef98848bbb4bf16248179cf117cf9abdf17be73157a0a03fc2 SHA512 d679d905f8b0ddbf60b1c9a0282e403bf51d0fbe55d85a8ea3e4af1778874e947d224e3671f9e82cddd5cd906c1472ff3973498d969414bdd67d0b49f5b8a251
DIST edk2-ovmf-202202-qemu-firmware.tar.xz 664 BLAKE2B 1aa4e25804ce0f3c967c80999315de24eaef6682e42dddd81c274ce4603ec3d15186de752de49e2527c6bd5517080c002a357ed6bc389b5afd6f7a4d93edeb44 SHA512 f9a29212274a99796784673d873e0eee7d3e2a5cf9e63192453841ee3a4ef4b813c7b2357fc7000f39c71ed6c66636daab772abb51d3972a2a56ade8a4c68faf
@@ -10,4 +11,5 @@ DIST mbedtls-8c89224991adff88d53cd380f42a2baa36f91454.tar.gz 4587796 BLAKE2B c28
DIST mipi-sys-t-370b5944c046bab043dd8b133727b2135af7747a.tar.gz 378522 BLAKE2B d3f1033e78ad814ebb991e66d8c1437aa3583e91481af9785b97b6021c7c45fb9dcb8d2d58d0a0fe84fbd9f108d24a27234df298eb8a2ba2340e5c9c85c89c40 SHA512 de6888577ceab7ab6915d792f3c48248cfa53357ccd310fc7f7eae4d25a932de8c7c23e5b898c9ebf61cf86cb538277273f2eb131a628b3bf0d46c9a3b9b6686
DIST openssl-d82e959e621a3d597f1e0d50ff8c2d8b96915fd7.tar.gz 10034310 BLAKE2B 6996979dc12a523d565830e7b0943feb682a376f71ddb6f20cb8b9976bb7f12e39f088abaa45d514933ef79c0e4a2933dc6f1af4774fedaa16e74c0081c358e7 SHA512 a89bc652dc4318c5e8a9c594a43d890ca05dfc1acd6b15e2a8ab8b5628b5f33994143ff8024230e07b9e67556b28ea3a5e36763aa72dec20b52022ca8c6f2a7e
DIST openssl-de90e54bbe82e5be4fb9608b6f5c308bb837d355.tar.gz 15337569 BLAKE2B bb0b2f4ee7838178e8e23317b6c63048611d805e20c81d6c875d9b515e6dbcf981cda38f031965c9ec45bcab3ac4725cfa793718b0212e92bf53b4c7fc3f4e32 SHA512 4bba15075dacc8c1772a95759cfe8620ff3a9d535e5d3d29bb15e4790cc543555ab45f0b239195361e534eca26249ae1b491b63cbf6b7ecda6f0840c7f6253ac
+DIST pylibfdt-cfff805481bdea27f900c32698171286542b8d3c.tar.gz 49659 BLAKE2B 05e954fc2d72618b3f56c08bdfcd64479259902ee2613d034b66ebe50e33b02b243bed1191d8dcdcea9fcb2553f84a737ae12514d30c48e776efc858a4879894 SHA512 c2f4cbda24bc4a2140135de2db19fd7ad0b6eff2a748862b4166bf0e65f3e324e2855ea4331dafa2c82f44b4d01309c8ac50159cbcc076a968a1169c8709a523
DIST x64_DBXUpdate_05092023.bin 21170 BLAKE2B 9b74945ef441e65c50116122bc24578c22c8f5f7af94e46322a96bd15035b79c0af4c1fd5366017b347b9aaf3f5791b9d6ea84ef141500700ccf69f708f91389 SHA512 71fb6e8cd6918126b3acd78b95651913336df372e13fdfdfdd20d5d23f0e509050c6c88c8a2c43f8ac44f987df86bd45174bb3065d5a7a8c7e3b8772fd06d624
diff --git a/sys-firmware/edk2/edk2-202408.ebuild b/sys-firmware/edk2/edk2-202408.ebuild
index 383d695f5ac4..c1209c456866 100644
--- a/sys-firmware/edk2/edk2-202408.ebuild
+++ b/sys-firmware/edk2/edk2-202408.ebuild
@@ -13,6 +13,7 @@ HOMEPAGE="https://github.com/tianocore/edk2"
DBXDATE="05092023" # MMDDYYYY
BUNDLED_BROTLI_SUBMODULE_SHA="f4153a09f87cbb9c826d8fc12c74642bb2d879ea"
+BUNDLED_LIBFDT_SUBMODULE_SHA="cfff805481bdea27f900c32698171286542b8d3c"
BUNDLED_LIBSPDM_SUBMODULE_SHA="50924a4c8145fc721e17208f55814d2b38766fe6"
BUNDLED_MBEDTLS_SUBMODULE_SHA="8c89224991adff88d53cd380f42a2baa36f91454"
BUNDLED_MIPI_SYS_T_SUBMODULE_SHA="370b5944c046bab043dd8b133727b2135af7747a"
@@ -36,12 +37,19 @@ SRC_URI="
https://uefi.org/sites/default/files/resources/x64_DBXUpdate_${DBXDATE}.bin
https://uefi.org/sites/default/files/resources/x64_DBXUpdate.bin -> x64_DBXUpdate_${DBXDATE}.bin
)
+
+ arm64? (
+ https://uefi.org/sites/default/files/resources/arm64_DBXUpdate_${DBXDATE}.bin
+ https://uefi.org/sites/default/files/resources/arm64_DBXUpdate.bin -> arm64_DBXUpdate_${DBXDATE}.bin
+ https://github.com/devicetree-org/pylibfdt/archive/${BUNDLED_LIBFDT_SUBMODULE_SHA}.tar.gz
+ -> pylibfdt-${BUNDLED_LIBFDT_SUBMODULE_SHA}.tar.gz
+ )
"
S="${WORKDIR}/${PN}-${PN}-stable${PV}"
LICENSE="BSD-2 MIT"
SLOT="0"
-KEYWORDS="-* ~amd64"
+KEYWORDS="-* ~amd64 ~arm64"
BDEPEND="
${PYTHON_DEPS}
@@ -78,6 +86,14 @@ pkg_setup() {
UNIT1="OVMF_VARS.fd"
FMT="raw"
;;
+ arm64)
+ TARGET_ARCH="AARCH64"
+ QEMU_ARCH="aarch64"
+ ARCH_DIRS="${DIR}/ArmVirtQemu-AARCH64"
+ UNIT0="QEMU_EFI.qcow2"
+ UNIT1="QEMU_VARS.qcow2"
+ FMT="qcow2"
+ ;;
esac
DOC_CONTENTS="This package includes the TianoCore EDK II UEFI firmware for ${QEMU_ARCH}
@@ -100,6 +116,13 @@ download one for yourself. Firmware blobs are commonly labelled:
OVMF_CODE-with-csm.fd
OVMF_VARS-with-csm.fd"
;;
+ arm64) DOC_CONTENTS+="
+
+WARNING! QEMU_EFI.secboot_INSECURE.qcow2 does have Secure Boot
+enabled, but it must not be used in production. The lack of an SMM
+implementation for arm64 in this firmware means that the EFI
+variable store is unprotected, making the firmware unsafe."
+ ;;
esac
}
@@ -122,6 +145,10 @@ src_prepare() {
link_mod "${WORKDIR}/openssl-${BUNDLED_OPENSSL_SUBMODULE_SHA}" \
CryptoPkg/Library/OpensslLib/openssl
+ use arm64 &&
+ link_mod "${WORKDIR}/pylibfdt-${BUNDLED_LIBFDT_SUBMODULE_SHA}" \
+ MdePkg/Library/BaseFdtLib/libfdt
+
default
# Fix descriptor paths for prefix.
@@ -207,6 +234,25 @@ src_compile() {
# Fedora only converts newer images to QCOW2. 2MB images are raw.
raw_to_qcow2 0 Build/OvmfX64_4M*/"${BUILD_DIR}"/FV/OVMF_{CODE,VARS}.fd
;;
+ arm64)
+ BUILD_ARGS+=(
+ # grub.efi uses EfiLoaderData for code
+ --pcd PcdDxeNxMemoryProtectionPolicy=0xC000000000007FD1
+ # shim.efi has broken MemAttr code
+ --pcd PcdUninstallMemAttrProtocol=TRUE
+ )
+
+ mybuild -a AARCH64 -p ArmVirtPkg/ArmVirtQemu.dsc \
+ -D BUILD_SHELL=FALSE \
+ -D SECURE_BOOT_ENABLE
+
+ mv -T Build/ArmVirtQemu-AARCH64 Build/ArmVirtQemu-AARCH64.secboot_INSECURE || die
+
+ mybuild -a AARCH64 -p ArmVirtPkg/ArmVirtQemu.dsc
+
+ mk_fw_vars arm64 Build/ArmVirtQemu-AARCH64.secboot_INSECURE/"${BUILD_DIR}"/FV/QEMU_VARS.fd
+ raw_to_qcow2 64m Build/ArmVirtQemu-AARCH64*/"${BUILD_DIR}"/FV/QEMU_{EFI,VARS}.fd
+ ;;
esac
}
@@ -229,6 +275,14 @@ src_install() {
# Compatibility with older package versions.
dosym ${PN}/OvmfX64 /usr/share/edk2-ovmf
;;
+ arm64)
+ insinto ${DIR}/ArmVirtQemu-AARCH64
+
+ for TYPE in "" .secboot_INSECURE; do
+ newins Build/ArmVirtQemu-AARCH64${TYPE}/"${BUILD_DIR}"/FV/QEMU_EFI.qcow2 QEMU_EFI${TYPE}.qcow2
+ newins Build/ArmVirtQemu-AARCH64${TYPE}/"${BUILD_DIR}"/FV/QEMU_VARS.qcow2 QEMU_VARS${TYPE}.qcow2
+ done
+ ;;
esac
insinto /usr/share/qemu/firmware
diff --git a/sys-firmware/edk2/files/descriptors/30-edk2-aarch64-qcow2-sb-enrolled.json b/sys-firmware/edk2/files/descriptors/30-edk2-aarch64-qcow2-sb-enrolled.json
new file mode 100644
index 000000000000..47c3c9f03935
--- /dev/null
+++ b/sys-firmware/edk2/files/descriptors/30-edk2-aarch64-qcow2-sb-enrolled.json
@@ -0,0 +1,33 @@
+{
+ "description": "UEFI for arm64 VMs, with *INSECURE* SB, SB enabled, MS certs enrolled",
+ "interface-types": [
+ "uefi"
+ ],
+ "mapping": {
+ "device": "flash",
+ "mode" : "split",
+ "executable": {
+ "filename": "/usr/share/edk2/ArmVirtQemu-AARCH64/QEMU_EFI.secboot_INSECURE.qcow2",
+ "format": "qcow2"
+ },
+ "nvram-template": {
+ "filename": "/usr/share/edk2/ArmVirtQemu-AARCH64/QEMU_VARS.secboot_INSECURE.qcow2",
+ "format": "qcow2"
+ }
+ },
+ "targets": [
+ {
+ "architecture": "aarch64",
+ "machines": [
+ "virt-*"
+ ]
+ }
+ ],
+ "features": [
+ "enrolled-keys",
+ "secure-boot"
+ ],
+ "tags": [
+
+ ]
+}
diff --git a/sys-firmware/edk2/files/descriptors/40-edk2-aarch64-qcow2-sb.json b/sys-firmware/edk2/files/descriptors/40-edk2-aarch64-qcow2-sb.json
new file mode 100644
index 000000000000..92ac2aea9014
--- /dev/null
+++ b/sys-firmware/edk2/files/descriptors/40-edk2-aarch64-qcow2-sb.json
@@ -0,0 +1,32 @@
+{
+ "description": "UEFI for arm64 VMs, with *INSECURE* SB, empty varstore",
+ "interface-types": [
+ "uefi"
+ ],
+ "mapping": {
+ "device": "flash",
+ "mode" : "split",
+ "executable": {
+ "filename": "/usr/share/edk2/ArmVirtQemu-AARCH64/QEMU_EFI.secboot_INSECURE.qcow2",
+ "format": "qcow2"
+ },
+ "nvram-template": {
+ "filename": "/usr/share/edk2/ArmVirtQemu-AARCH64/QEMU_VARS.qcow2",
+ "format": "qcow2"
+ }
+ },
+ "targets": [
+ {
+ "architecture": "aarch64",
+ "machines": [
+ "virt-*"
+ ]
+ }
+ ],
+ "features": [
+ "secure-boot"
+ ],
+ "tags": [
+
+ ]
+}
diff --git a/sys-firmware/edk2/files/descriptors/50-edk2-aarch64-qcow2-nosb.json b/sys-firmware/edk2/files/descriptors/50-edk2-aarch64-qcow2-nosb.json
new file mode 100644
index 000000000000..7a6db3ce9db2
--- /dev/null
+++ b/sys-firmware/edk2/files/descriptors/50-edk2-aarch64-qcow2-nosb.json
@@ -0,0 +1,32 @@
+{
+ "description": "UEFI for arm64 VMs, without SB, empty varstore",
+ "interface-types": [
+ "uefi"
+ ],
+ "mapping": {
+ "device": "flash",
+ "mode" : "split",
+ "executable": {
+ "filename": "/usr/share/edk2/ArmVirtQemu-AARCH64/QEMU_EFI.qcow2",
+ "format": "qcow2"
+ },
+ "nvram-template": {
+ "filename": "/usr/share/edk2/ArmVirtQemu-AARCH64/QEMU_VARS.qcow2",
+ "format": "qcow2"
+ }
+ },
+ "targets": [
+ {
+ "architecture": "aarch64",
+ "machines": [
+ "virt-*"
+ ]
+ }
+ ],
+ "features": [
+
+ ],
+ "tags": [
+
+ ]
+}