ovmf: fix secureboot PACKAGECONFIG + OpenSSL update

The recent ovmf update broke secureboot because upstream changed the way how openssl gets compiled into ovmf. It's now integrated directly into the ovmf build process, without having to patch it first. In addition, more recent OpenSSL releases are supported. 1.1.0e was explicitly mentioned in the ovmf commits and because the current 1.1.0f only has minor build enhancements, 1.1.0e is used here. (From OE-Core rev: 1d9a88f635549e68562de681e297b9270ad02d4e) Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Patrick Ohly <patrick.ohly@intel.com> 2017-06-16 11:53:48 +0200
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2017-06-16 10:58:23 +0100
commit: 9ea5a31776440abd6468f003c5e1905f079446d3 (patch)
tree: 3b4354ccd738e984014fae01dcb60ac037ecf5c5 /meta/recipes-core
parent: 31a9e8d114e23208d074d6e319aa95bbf688e513 (diff)
download: poky-9ea5a31776440abd6468f003c5e1905f079446d3.tar.gz
1 files changed, 6 insertions, 7 deletions
diff --git a/meta/recipes-core/ovmf/ovmf_git.bb b/meta/recipes-core/ovmf/ovmf_git.bb
index 5d7216e80e..28f0cde1d9 100644
--- a/meta/recipes-core/ovmf/ovmf_git.bb
+++ b/meta/recipes-core/ovmf/ovmf_git.bb
@@ -18,14 +18,16 @@ SRC_URI = "git://github.com/tianocore/edk2.git;branch=master \
        file://no-stack-protector-all-archs.patch \
        "
+OPENSSL_RELEASE = "openssl-1.1.0e"
 SRC_URI_append_class-target = " \
-        ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'http://www.openssl.org/source/openssl-1.0.2j.tar.gz;name=openssl;subdir=${S}/CryptoPkg/Library/OpensslLib', '', d)} \
+        ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'http://www.openssl.org/source/${OPENSSL_RELEASE}.tar.gz;name=openssl;subdir=${S}/CryptoPkg/Library/OpensslLib', '', d)} \
        file://0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch \
 "
 SRCREV="ec4910cd3336565fdb61dafdd9ec4ae7a6160ba3"
-SRC_URI[openssl.md5sum] = "96322138f0b69e61b7212bc53d5e912b"
+SRC_URI[openssl.md5sum] = "51c42d152122e474754aea96f66928c6"
-SRC_URI[openssl.sha256sum] = "e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431"
+SRC_URI[openssl.sha256sum] = "57be8618979d80c910728cfc99369bf97b2a1abd8f366ab6ebdee8975ad3874c"
 inherit deploy
@@ -187,10 +189,7 @@ do_compile_class-target() {
        # building with Secure Boot enabled.
        bbnote "Building with Secure Boot."
        rm -rf ${S}/Build/Ovmf$OVMF_DIR_SUFFIX
-        if ! [ -f ${S}/CryptoPkg/Library/OpensslLib/openssl-*/edk2-patch-applied ]; then
+        ln -sf ${OPENSSL_RELEASE} ${S}/CryptoPkg/Library/OpensslLib/openssl
-            ( cd ${S}/CryptoPkg/Library/OpensslLib/openssl-* && patch -p1 <$(echo ../EDKII_openssl-*.patch) && touch edk2-patch-applied )
-        fi
-        ( cd ${S}/CryptoPkg/Library/OpensslLib/ && ./Install.sh )
        ${S}/OvmfPkg/build.sh $PARALLEL_JOBS -a $OVMF_ARCH -b RELEASE -t ${FIXED_GCCVER} ${OVMF_SECURE_BOOT_FLAGS}
        ln ${build_dir}/FV/OVMF.fd ${WORKDIR}/ovmf/ovmf.secboot.fd
        ln ${build_dir}/FV/OVMF_CODE.fd ${WORKDIR}/ovmf/ovmf.secboot.code.fd
author	Patrick Ohly <patrick.ohly@intel.com>	2017-06-16 11:53:48 +0200
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2017-06-16 10:58:23 +0100
commit	9ea5a31776440abd6468f003c5e1905f079446d3 (patch)
tree	3b4354ccd738e984014fae01dcb60ac037ecf5c5 /meta/recipes-core
parent	31a9e8d114e23208d074d6e319aa95bbf688e513 (diff)
download	poky-9ea5a31776440abd6468f003c5e1905f079446d3.tar.gz