summaryrefslogtreecommitdiffstats
path: root/meta/recipes-core
diff options
context:
space:
mode:
authorPatrick Ohly <patrick.ohly@intel.com>2017-06-16 11:53:48 +0200
committerRichard Purdie <richard.purdie@linuxfoundation.org>2017-06-16 10:58:23 +0100
commit9ea5a31776440abd6468f003c5e1905f079446d3 (patch)
tree3b4354ccd738e984014fae01dcb60ac037ecf5c5 /meta/recipes-core
parent31a9e8d114e23208d074d6e319aa95bbf688e513 (diff)
downloadpoky-9ea5a31776440abd6468f003c5e1905f079446d3.tar.gz
ovmf: fix secureboot PACKAGECONFIG + OpenSSL update
The recent ovmf update broke secureboot because upstream changed the way how openssl gets compiled into ovmf. It's now integrated directly into the ovmf build process, without having to patch it first. In addition, more recent OpenSSL releases are supported. 1.1.0e was explicitly mentioned in the ovmf commits and because the current 1.1.0f only has minor build enhancements, 1.1.0e is used here. (From OE-Core rev: 1d9a88f635549e68562de681e297b9270ad02d4e) Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core')
-rw-r--r--meta/recipes-core/ovmf/ovmf_git.bb13
1 files changed, 6 insertions, 7 deletions
diff --git a/meta/recipes-core/ovmf/ovmf_git.bb b/meta/recipes-core/ovmf/ovmf_git.bb
index 5d7216e80e..28f0cde1d9 100644
--- a/meta/recipes-core/ovmf/ovmf_git.bb
+++ b/meta/recipes-core/ovmf/ovmf_git.bb
@@ -18,14 +18,16 @@ SRC_URI = "git://github.com/tianocore/edk2.git;branch=master \
18 file://no-stack-protector-all-archs.patch \ 18 file://no-stack-protector-all-archs.patch \
19 " 19 "
20 20
21OPENSSL_RELEASE = "openssl-1.1.0e"
22
21SRC_URI_append_class-target = " \ 23SRC_URI_append_class-target = " \
22 ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'http://www.openssl.org/source/openssl-1.0.2j.tar.gz;name=openssl;subdir=${S}/CryptoPkg/Library/OpensslLib', '', d)} \ 24 ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'http://www.openssl.org/source/${OPENSSL_RELEASE}.tar.gz;name=openssl;subdir=${S}/CryptoPkg/Library/OpensslLib', '', d)} \
23 file://0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch \ 25 file://0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch \
24" 26"
25 27
26SRCREV="ec4910cd3336565fdb61dafdd9ec4ae7a6160ba3" 28SRCREV="ec4910cd3336565fdb61dafdd9ec4ae7a6160ba3"
27SRC_URI[openssl.md5sum] = "96322138f0b69e61b7212bc53d5e912b" 29SRC_URI[openssl.md5sum] = "51c42d152122e474754aea96f66928c6"
28SRC_URI[openssl.sha256sum] = "e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431" 30SRC_URI[openssl.sha256sum] = "57be8618979d80c910728cfc99369bf97b2a1abd8f366ab6ebdee8975ad3874c"
29 31
30inherit deploy 32inherit deploy
31 33
@@ -187,10 +189,7 @@ do_compile_class-target() {
187 # building with Secure Boot enabled. 189 # building with Secure Boot enabled.
188 bbnote "Building with Secure Boot." 190 bbnote "Building with Secure Boot."
189 rm -rf ${S}/Build/Ovmf$OVMF_DIR_SUFFIX 191 rm -rf ${S}/Build/Ovmf$OVMF_DIR_SUFFIX
190 if ! [ -f ${S}/CryptoPkg/Library/OpensslLib/openssl-*/edk2-patch-applied ]; then 192 ln -sf ${OPENSSL_RELEASE} ${S}/CryptoPkg/Library/OpensslLib/openssl
191 ( cd ${S}/CryptoPkg/Library/OpensslLib/openssl-* && patch -p1 <$(echo ../EDKII_openssl-*.patch) && touch edk2-patch-applied )
192 fi
193 ( cd ${S}/CryptoPkg/Library/OpensslLib/ && ./Install.sh )
194 ${S}/OvmfPkg/build.sh $PARALLEL_JOBS -a $OVMF_ARCH -b RELEASE -t ${FIXED_GCCVER} ${OVMF_SECURE_BOOT_FLAGS} 193 ${S}/OvmfPkg/build.sh $PARALLEL_JOBS -a $OVMF_ARCH -b RELEASE -t ${FIXED_GCCVER} ${OVMF_SECURE_BOOT_FLAGS}
195 ln ${build_dir}/FV/OVMF.fd ${WORKDIR}/ovmf/ovmf.secboot.fd 194 ln ${build_dir}/FV/OVMF.fd ${WORKDIR}/ovmf/ovmf.secboot.fd
196 ln ${build_dir}/FV/OVMF_CODE.fd ${WORKDIR}/ovmf/ovmf.secboot.code.fd 195 ln ${build_dir}/FV/OVMF_CODE.fd ${WORKDIR}/ovmf/ovmf.secboot.code.fd