ovmf: make output binaries reproducible

OVMF is mostly reproducible, but the final .efi binaries have a 'NM10' segment in that references the original input file, and this input file has the build path in. This can be solved by passing --zero to GenFw so that this segment is zero'd out in release builds. [ YOCTO #14264 ] (From OE-Core rev: 8b4e5a3b8c3eabfbb94ab577529240b2e270efa7) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Ross Burton <ross@burtonini.com> 2021-03-16 19:38:02 +0000
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2021-03-20 18:54:55 +0000
commit: 56c043a58d4e7c07f6cc0e47968069c368bc5664 (patch)
tree: 01d91f978d6ec02389d2a816dc67f9af03d720bd /meta/recipes-core
parent: 8693591a3575a9af2682c8ca6a7269d2e3f1a19f (diff)
download: poky-56c043a58d4e7c07f6cc0e47968069c368bc5664.tar.gz
2 files changed, 85 insertions, 0 deletions
diff --git a/meta/recipes-core/ovmf/ovmf/zero.patch b/meta/recipes-core/ovmf/ovmf/zero.patch
new file mode 100644
index 0000000000..af7a9d31f6
--- /dev/null
+++ b/meta/recipes-core/ovmf/ovmf/zero.patch
@@ -0,0 +1,84 @@
+Pass --zero to GenFw in release builds so that the sections that link back to
+the intermediate binaries (containing build paths) are removed.
+Upstream-Status: Pending (discussion at https://bugzilla.tianocore.org/show_bug.cgi?id=3256)
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+From 6303b065802c9427c718fda129360189b79316e7 Mon Sep 17 00:00:00 2001
+From: Ross Burton <ross.burton@arm.com>
+Date: Tue, 16 Mar 2021 16:49:49 +0000
+Subject: [PATCH] Strip build paths
+---
+ OvmfPkg/AmdSev/AmdSevX64.dsc | 1 +
+ OvmfPkg/Bhyve/BhyveX64.dsc   | 1 +
+ OvmfPkg/OvmfPkgIa32.dsc      | 2 ++
+ OvmfPkg/OvmfPkgIa32X64.dsc   | 1 +
+ OvmfPkg/OvmfPkgX64.dsc       | 1 +
+ OvmfPkg/OvmfXen.dsc          | 1 +
+ 6 files changed, 7 insertions(+)
+diff --git a/OvmfPkg/Bhyve/BhyveX64.dsc b/OvmfPkg/Bhyve/BhyveX64.dsc
+index 4a1cdf5aca..132f55cf69 100644
+--- a/OvmfPkg/Bhyve/BhyveX64.dsc
+++ b/OvmfPkg/Bhyve/BhyveX64.dsc
+@@ -76,6 +76,7 @@
+   GCC:*_*_X64_GENFW_FLAGS   = --keepexceptiontable
+   INTEL:*_*_X64_GENFW_FLAGS = --keepexceptiontable
+ !endif
+  RELEASE_*_*_GENFW_FLAGS = --zero
+ 
+   #
+   # Disable deprecated APIs.
+diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
+index 1eaf3e99c6..ce20f09df8 100644
+--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
+@@ -90,6 +90,8 @@
+ 
+ !include NetworkPkg/NetworkBuildOptions.dsc.inc
+ 
+  RELEASE_*_*_GENFW_FLAGS = --zero
+
+ [BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER]
+   GCC:*_*_*_DLINK_FLAGS = -z common-page-size=0x1000
+   XCODE:*_*_*_DLINK_FLAGS = -seg1addr 0x1000 -segalign 0x1000
+diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
+index 4a5a430147..97cc438250 100644
+--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
+@@ -84,6 +84,7 @@
+   GCC:*_*_X64_GENFW_FLAGS   = --keepexceptiontable
+   INTEL:*_*_X64_GENFW_FLAGS = --keepexceptiontable
+ !endif
+  RELEASE_*_*_GENFW_FLAGS = --zero
+ 
+   #
+   # Disable deprecated APIs.
+diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
+index d4d601b444..f544fb04bf 100644
+--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
+@@ -84,6 +84,7 @@
+   GCC:*_*_X64_GENFW_FLAGS   = --keepexceptiontable
+   INTEL:*_*_X64_GENFW_FLAGS = --keepexceptiontable
+ !endif
+  RELEASE_*_*_GENFW_FLAGS = --zero
+ 
+   #
+   # Disable deprecated APIs.
+diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc
+index 507029404f..fcaa35acf1 100644
+--- a/OvmfPkg/OvmfXen.dsc
+++ b/OvmfPkg/OvmfXen.dsc
+@@ -74,6 +74,7 @@
+   GCC:*_*_X64_GENFW_FLAGS   = --keepexceptiontable
+   INTEL:*_*_X64_GENFW_FLAGS = --keepexceptiontable
+ !endif
+  RELEASE_*_*_GENFW_FLAGS = --zero
+ 
+   #
+   # Disable deprecated APIs.
+-- 
+2.25.1
diff --git a/meta/recipes-core/ovmf/ovmf_git.bb b/meta/recipes-core/ovmf/ovmf_git.bb
index 95ebbcc683..896b3b6320 100644
--- a/meta/recipes-core/ovmf/ovmf_git.bb
+++ b/meta/recipes-core/ovmf/ovmf_git.bb
@@ -16,6 +16,7 @@ SRC_URI = "gitsm://github.com/tianocore/edk2.git;branch=master;protocol=https \
           file://0001-ovmf-update-path-to-native-BaseTools.patch \
           file://0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch \
           file://0004-ovmf-Update-to-latest.patch \
+           file://zero.patch \
           "
 PV = "edk2-stable202102"
author	Ross Burton <ross@burtonini.com>	2021-03-16 19:38:02 +0000
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2021-03-20 18:54:55 +0000
commit	56c043a58d4e7c07f6cc0e47968069c368bc5664 (patch)
tree	01d91f978d6ec02389d2a816dc67f9af03d720bd /meta/recipes-core
parent	8693591a3575a9af2682c8ca6a7269d2e3f1a19f (diff)
download	poky-56c043a58d4e7c07f6cc0e47968069c368bc5664.tar.gz

diff --git a/meta/recipes-core/ovmf/ovmf/zero.patch b/meta/recipes-core/ovmf/ovmf/zero.patch new file mode 100644 index 0000000000..af7a9d31f6 --- /dev/null +++ b/meta/recipes-core/ovmf/ovmf/zero.patch
@@ -0,0 +1,84 @@
		1	Pass --zero to GenFw in release builds so that the sections that link back to
		2	the intermediate binaries (containing build paths) are removed.
		3
		4	Upstream-Status: Pending (discussion at https://bugzilla.tianocore.org/show_bug.cgi?id=3256)
		5	Signed-off-by: Ross Burton <ross.burton@arm.com>
		6
		7	From 6303b065802c9427c718fda129360189b79316e7 Mon Sep 17 00:00:00 2001
		8	From: Ross Burton <ross.burton@arm.com>
		9	Date: Tue, 16 Mar 2021 16:49:49 +0000
		10	Subject: [PATCH] Strip build paths
		11
		12	---
		13	OvmfPkg/AmdSev/AmdSevX64.dsc \| 1 +
		14	OvmfPkg/Bhyve/BhyveX64.dsc \| 1 +
		15	OvmfPkg/OvmfPkgIa32.dsc \| 2 ++
		16	OvmfPkg/OvmfPkgIa32X64.dsc \| 1 +
		17	OvmfPkg/OvmfPkgX64.dsc \| 1 +
		18	OvmfPkg/OvmfXen.dsc \| 1 +
		19	6 files changed, 7 insertions(+)
		20
		21	diff --git a/OvmfPkg/Bhyve/BhyveX64.dsc b/OvmfPkg/Bhyve/BhyveX64.dsc
		22	index 4a1cdf5aca..132f55cf69 100644
		23	--- a/OvmfPkg/Bhyve/BhyveX64.dsc
		24	+++ b/OvmfPkg/Bhyve/BhyveX64.dsc
		25	@@ -76,6 +76,7 @@
		26	GCC:__X64_GENFW_FLAGS = --keepexceptiontable
		27	INTEL:__X64_GENFW_FLAGS = --keepexceptiontable
		28	!endif
		29	+ RELEASE___GENFW_FLAGS = --zero
		30
		31	#
		32	# Disable deprecated APIs.
		33	diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
		34	index 1eaf3e99c6..ce20f09df8 100644
		35	--- a/OvmfPkg/OvmfPkgIa32.dsc
		36	+++ b/OvmfPkg/OvmfPkgIa32.dsc
		37	@@ -90,6 +90,8 @@
		38
		39	!include NetworkPkg/NetworkBuildOptions.dsc.inc
		40
		41	+ RELEASE___GENFW_FLAGS = --zero
		42	+
		43	[BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER]
		44	GCC:__*_DLINK_FLAGS = -z common-page-size=0x1000
		45	XCODE:__*_DLINK_FLAGS = -seg1addr 0x1000 -segalign 0x1000
		46	diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
		47	index 4a5a430147..97cc438250 100644
		48	--- a/OvmfPkg/OvmfPkgIa32X64.dsc
		49	+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
		50	@@ -84,6 +84,7 @@
		51	GCC:__X64_GENFW_FLAGS = --keepexceptiontable
		52	INTEL:__X64_GENFW_FLAGS = --keepexceptiontable
		53	!endif
		54	+ RELEASE___GENFW_FLAGS = --zero
		55
		56	#
		57	# Disable deprecated APIs.
		58	diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
		59	index d4d601b444..f544fb04bf 100644
		60	--- a/OvmfPkg/OvmfPkgX64.dsc
		61	+++ b/OvmfPkg/OvmfPkgX64.dsc
		62	@@ -84,6 +84,7 @@
		63	GCC:__X64_GENFW_FLAGS = --keepexceptiontable
		64	INTEL:__X64_GENFW_FLAGS = --keepexceptiontable
		65	!endif
		66	+ RELEASE___GENFW_FLAGS = --zero
		67
		68	#
		69	# Disable deprecated APIs.
		70	diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc
		71	index 507029404f..fcaa35acf1 100644
		72	--- a/OvmfPkg/OvmfXen.dsc
		73	+++ b/OvmfPkg/OvmfXen.dsc
		74	@@ -74,6 +74,7 @@
		75	GCC:__X64_GENFW_FLAGS = --keepexceptiontable
		76	INTEL:__X64_GENFW_FLAGS = --keepexceptiontable
		77	!endif
		78	+ RELEASE___GENFW_FLAGS = --zero
		79
		80	#
		81	# Disable deprecated APIs.
		82	--
		83	2.25.1
		84


diff --git a/meta/recipes-core/ovmf/ovmf_git.bb b/meta/recipes-core/ovmf/ovmf_git.bb index 95ebbcc683..896b3b6320 100644 --- a/meta/recipes-core/ovmf/ovmf_git.bb +++ b/meta/recipes-core/ovmf/ovmf_git.bb
@@ -16,6 +16,7 @@ SRC_URI = "gitsm://github.com/tianocore/edk2.git;branch=master;protocol=https \
16	file://0001-ovmf-update-path-to-native-BaseTools.patch \	16	file://0001-ovmf-update-path-to-native-BaseTools.patch \
17	file://0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch \	17	file://0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch \
18	file://0004-ovmf-Update-to-latest.patch \	18	file://0004-ovmf-Update-to-latest.patch \
		19	file://zero.patch \
19	"	20	"
20		21
21	PV = "edk2-stable202102"	22	PV = "edk2-stable202102"