summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--meta/recipes-core/ovmf/ovmf_git.bb36
1 files changed, 36 insertions, 0 deletions
diff --git a/meta/recipes-core/ovmf/ovmf_git.bb b/meta/recipes-core/ovmf/ovmf_git.bb
index 998902579f..bdec6aa851 100644
--- a/meta/recipes-core/ovmf/ovmf_git.bb
+++ b/meta/recipes-core/ovmf/ovmf_git.bb
@@ -1,8 +1,15 @@
1DESCRIPTION = "OVMF - UEFI firmware for Qemu and KVM" 1DESCRIPTION = "OVMF - UEFI firmware for Qemu and KVM"
2HOMEPAGE = "http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=OVMF" 2HOMEPAGE = "http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=OVMF"
3LICENSE = "BSD" 3LICENSE = "BSD"
4LICENSE_class-target = "${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'BSD & OpenSSL', 'BSD', d)}"
4LIC_FILES_CHKSUM = "file://OvmfPkg/License.txt;md5=343dc88e82ff33d042074f62050c3496" 5LIC_FILES_CHKSUM = "file://OvmfPkg/License.txt;md5=343dc88e82ff33d042074f62050c3496"
5 6
7# Enabling Secure Boot adds a dependency on OpenSSL and implies
8# compiling OVMF twice, so it is disabled by default. Distros
9# may change that default.
10PACKAGECONFIG ??= ""
11PACKAGECONFIG[secureboot] = ",,,"
12
6SRC_URI = "git://github.com/tianocore/edk2.git;branch=master \ 13SRC_URI = "git://github.com/tianocore/edk2.git;branch=master \
7 file://0001-BaseTools-Force-tools-variables-to-host-toolchain.patch \ 14 file://0001-BaseTools-Force-tools-variables-to-host-toolchain.patch \
8 file://0001-OvmfPkg-Enable-BGRT-in-OVMF.patch \ 15 file://0001-OvmfPkg-Enable-BGRT-in-OVMF.patch \
@@ -10,7 +17,13 @@ SRC_URI = "git://github.com/tianocore/edk2.git;branch=master \
10 file://0003-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch \ 17 file://0003-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch \
11 " 18 "
12 19
20SRC_URI_append_class-target = " \
21 ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'http://www.openssl.org/source/openssl-1.0.2j.tar.gz;name=openssl;subdir=${S}/CryptoPkg/Library/OpensslLib', '', d)} \
22"
23
13SRCREV="4575a602ca6072ee9d04150b38bfb143cbff8588" 24SRCREV="4575a602ca6072ee9d04150b38bfb143cbff8588"
25SRC_URI[openssl.md5sum] = "96322138f0b69e61b7212bc53d5e912b"
26SRC_URI[openssl.sha256sum] = "e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431"
14 27
15inherit deploy 28inherit deploy
16 29
@@ -32,6 +45,11 @@ BUILD_OPTIMIZATION="-pipe"
32# OVMF supports IA only, although it could conceivably support ARM someday. 45# OVMF supports IA only, although it could conceivably support ARM someday.
33COMPATIBLE_HOST='(i.86|x86_64).*' 46COMPATIBLE_HOST='(i.86|x86_64).*'
34 47
48# Additional build flags for OVMF with Secure Boot.
49# Fedora also uses "-D SMM_REQUIRE -D EXCLUDE_SHELL_FROM_FD".
50OVMF_SECURE_BOOT_EXTRA_FLAGS ??= ""
51OVMF_SECURE_BOOT_FLAGS = "-DSECURE_BOOT_ENABLE=TRUE ${OVMF_SECURE_BOOT_EXTRA_FLAGS}"
52
35do_patch_append_class-native() { 53do_patch_append_class-native() {
36 bb.build.exec_func('do_fix_iasl', d) 54 bb.build.exec_func('do_fix_iasl', d)
37 bb.build.exec_func('do_fix_toolchain', d) 55 bb.build.exec_func('do_fix_toolchain', d)
@@ -112,10 +130,27 @@ do_compile_class-target() {
112 bbnote FIXED_GCCVER is ${FIXED_GCCVER} 130 bbnote FIXED_GCCVER is ${FIXED_GCCVER}
113 build_dir="${S}/Build/Ovmf$OVMF_DIR_SUFFIX/RELEASE_${FIXED_GCCVER}" 131 build_dir="${S}/Build/Ovmf$OVMF_DIR_SUFFIX/RELEASE_${FIXED_GCCVER}"
114 132
133 bbnote "Building without Secure Boot."
134 rm -rf ${S}/Build/Ovmf$OVMF_DIR_SUFFIX
115 ${S}/OvmfPkg/build.sh $PARALLEL_JOBS -a $OVMF_ARCH -b RELEASE -t ${FIXED_GCCVER} 135 ${S}/OvmfPkg/build.sh $PARALLEL_JOBS -a $OVMF_ARCH -b RELEASE -t ${FIXED_GCCVER}
116 ln ${build_dir}/FV/OVMF.fd ${WORKDIR}/ovmf/ovmf.fd 136 ln ${build_dir}/FV/OVMF.fd ${WORKDIR}/ovmf/ovmf.fd
117 ln ${build_dir}/FV/OVMF_CODE.fd ${WORKDIR}/ovmf/ovmf.code.fd 137 ln ${build_dir}/FV/OVMF_CODE.fd ${WORKDIR}/ovmf/ovmf.code.fd
118 ln ${build_dir}/FV/OVMF_VARS.fd ${WORKDIR}/ovmf/ovmf.vars.fd 138 ln ${build_dir}/FV/OVMF_VARS.fd ${WORKDIR}/ovmf/ovmf.vars.fd
139
140 if ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'true', 'false', d)}; then
141 # See CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt and
142 # https://src.fedoraproject.org/cgit/rpms/edk2.git/tree/ for
143 # building with Secure Boot enabled.
144 bbnote "Building with Secure Boot."
145 rm -rf ${S}/Build/Ovmf$OVMF_DIR_SUFFIX
146 if ! [ -f ${S}/CryptoPkg/Library/OpensslLib/openssl-*/edk2-patch-applied ]; then
147 ( cd ${S}/CryptoPkg/Library/OpensslLib/openssl-* && patch -p1 <$(echo ../EDKII_openssl-*.patch) && touch edk2-patch-applied )
148 fi
149 ( cd ${S}/CryptoPkg/Library/OpensslLib/ && ./Install.sh )
150 ${S}/OvmfPkg/build.sh $PARALLEL_JOBS -a $OVMF_ARCH -b RELEASE -t ${FIXED_GCCVER} ${OVMF_SECURE_BOOT_FLAGS}
151 ln ${build_dir}/FV/OVMF.fd ${WORKDIR}/ovmf/ovmf.secboot.fd
152 ln ${build_dir}/FV/OVMF_CODE.fd ${WORKDIR}/ovmf/ovmf.secboot.code.fd
153 fi
119} 154}
120 155
121do_install_class-native() { 156do_install_class-native() {
@@ -135,6 +170,7 @@ do_deploy_class-target() {
135 ovmf \ 170 ovmf \
136 ovmf.code \ 171 ovmf.code \
137 ovmf.vars \ 172 ovmf.vars \
173 ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'ovmf.secboot ovmf.secboot.code', '', d)} \
138 ; do 174 ; do
139 qemu-img convert -f raw -O qcow2 ${WORKDIR}/ovmf/$i.fd ${DEPLOYDIR}/$i.qcow2 175 qemu-img convert -f raw -O qcow2 ${WORKDIR}/ovmf/$i.fd ${DEPLOYDIR}/$i.qcow2
140 done 176 done