Brad Bishop | d7bf8c1 | 2018-02-25 22:55:05 -0500 | [diff] [blame] | 1 | SUMMARY = "OVMF - UEFI firmware for Qemu and KVM" |
| 2 | DESCRIPTION = "OVMF is an EDK II based project to enable UEFI support for \ |
| 3 | Virtual Machines. OVMF contains sample UEFI firmware for QEMU and KVM" |
| 4 | HOMEPAGE = "https://github.com/tianocore/tianocore.github.io/wiki/OVMF" |
Brad Bishop | f3f93bb | 2019-10-16 14:33:32 -0400 | [diff] [blame] | 5 | LICENSE = "BSD-2-Clause" |
Brad Bishop | 6e60e8b | 2018-02-01 10:27:11 -0500 | [diff] [blame] | 6 | LICENSE_class-target = "${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'BSD & OpenSSL', 'BSD', d)}" |
Brad Bishop | 08902b0 | 2019-08-20 09:16:51 -0400 | [diff] [blame] | 7 | LIC_FILES_CHKSUM = "file://OvmfPkg/License.txt;md5=06357ddc23f46577c2aeaeaf7b776d65" |
Brad Bishop | 6e60e8b | 2018-02-01 10:27:11 -0500 | [diff] [blame] | 8 | |
| 9 | # Enabling Secure Boot adds a dependency on OpenSSL and implies |
| 10 | # compiling OVMF twice, so it is disabled by default. Distros |
| 11 | # may change that default. |
| 12 | PACKAGECONFIG ??= "" |
| 13 | PACKAGECONFIG[secureboot] = ",,," |
| 14 | |
Andrew Geissler | c182c62 | 2020-05-15 14:13:32 -0500 | [diff] [blame] | 15 | SRC_URI = "gitsm://github.com/tianocore/edk2.git;branch=master;protocol=https \ |
Andrew Geissler | 82c905d | 2020-04-13 13:39:40 -0500 | [diff] [blame] | 16 | file://0001-ovmf-update-path-to-native-BaseTools.patch \ |
| 17 | file://0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch \ |
| 18 | file://0003-ovmf-enable-long-path-file.patch \ |
Andrew Geissler | c182c62 | 2020-05-15 14:13:32 -0500 | [diff] [blame] | 19 | file://0001-ovmf-Update-to-latest.patch \ |
Brad Bishop | 6e60e8b | 2018-02-01 10:27:11 -0500 | [diff] [blame] | 20 | " |
Brad Bishop | d7bf8c1 | 2018-02-25 22:55:05 -0500 | [diff] [blame] | 21 | |
Andrew Geissler | 5a43b43 | 2020-06-13 10:46:56 -0500 | [diff] [blame] | 22 | PV = "edk2-stable202005" |
| 23 | SRCREV = "ca407c7246bf405da6d9b1b9d93e5e7f17b4b1f9" |
Brad Bishop | 08902b0 | 2019-08-20 09:16:51 -0400 | [diff] [blame] | 24 | UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>edk2-stable.*)" |
Brad Bishop | 6e60e8b | 2018-02-01 10:27:11 -0500 | [diff] [blame] | 25 | |
| 26 | inherit deploy |
| 27 | |
Brad Bishop | d5ae7d9 | 2018-06-14 09:52:03 -0700 | [diff] [blame] | 28 | PARALLEL_MAKE = "" |
Brad Bishop | 6e60e8b | 2018-02-01 10:27:11 -0500 | [diff] [blame] | 29 | |
| 30 | S = "${WORKDIR}/git" |
| 31 | |
Brad Bishop | 1d80a2e | 2019-11-15 16:35:03 -0500 | [diff] [blame] | 32 | DEPENDS = "nasm-native acpica-native ovmf-native util-linux-native" |
Brad Bishop | 6e60e8b | 2018-02-01 10:27:11 -0500 | [diff] [blame] | 33 | |
| 34 | EDK_TOOLS_DIR="edk2_basetools" |
| 35 | |
| 36 | # OVMF has trouble building with the default optimization of -O2. |
| 37 | BUILD_OPTIMIZATION="-pipe" |
| 38 | |
| 39 | # OVMF supports IA only, although it could conceivably support ARM someday. |
Andrew Geissler | 475cb72 | 2020-07-10 16:00:51 -0500 | [diff] [blame] | 40 | COMPATIBLE_HOST_class-target='(i.86|x86_64).*' |
Brad Bishop | 6e60e8b | 2018-02-01 10:27:11 -0500 | [diff] [blame] | 41 | |
| 42 | # Additional build flags for OVMF with Secure Boot. |
| 43 | # Fedora also uses "-D SMM_REQUIRE -D EXCLUDE_SHELL_FROM_FD". |
| 44 | OVMF_SECURE_BOOT_EXTRA_FLAGS ??= "" |
| 45 | OVMF_SECURE_BOOT_FLAGS = "-DSECURE_BOOT_ENABLE=TRUE ${OVMF_SECURE_BOOT_EXTRA_FLAGS}" |
| 46 | |
Brad Bishop | 08902b0 | 2019-08-20 09:16:51 -0400 | [diff] [blame] | 47 | export PYTHON_COMMAND = "${HOSTTOOLS_DIR}/python3" |
| 48 | |
Brad Bishop | 6e60e8b | 2018-02-01 10:27:11 -0500 | [diff] [blame] | 49 | do_patch[postfuncs] += "fix_basetools_location" |
| 50 | fix_basetools_location () { |
| 51 | } |
| 52 | fix_basetools_location_class-target() { |
| 53 | # Replaces the fake path inserted by 0002-ovmf-update-path-to-native-BaseTools.patch. |
| 54 | # Necessary for finding the actual BaseTools from ovmf-native. |
| 55 | sed -i -e 's#BBAKE_EDK_TOOLS_PATH#${STAGING_BINDIR_NATIVE}/${EDK_TOOLS_DIR}#' ${S}/OvmfPkg/build.sh |
| 56 | } |
| 57 | |
| 58 | do_patch[postfuncs] += "fix_iasl" |
| 59 | fix_iasl() { |
| 60 | } |
| 61 | fix_iasl_class-native() { |
| 62 | # iasl is not installed under /usr/bin when building with OE. |
| 63 | sed -i -e 's#/usr/bin/iasl#${STAGING_BINDIR_NATIVE}/iasl#' ${S}/BaseTools/Conf/tools_def.template |
| 64 | } |
| 65 | |
| 66 | # Inject CC and friends into the build. LINKER already is in GNUmakefile. |
| 67 | # Must be idempotent and thus remove old assignments that were inserted |
| 68 | # earlier. |
| 69 | do_patch[postfuncs] += "fix_toolchain" |
| 70 | fix_toolchain() { |
| 71 | sed -i \ |
| 72 | -e '/^\(CC\|CXX\|AS\|AR\|LD\|LINKER\) =/d' \ |
| 73 | -e '/^APPLICATION/a CC = ${CC}\nCXX = ${CXX}\nAS = ${AS}\nAR = ${AR}\nLD = ${LD}\nLINKER = $(CC)' \ |
| 74 | ${S}/BaseTools/Source/C/Makefiles/app.makefile |
| 75 | sed -i \ |
| 76 | -e '/^\(CC\|CXX\|AS\|AR\|LD\)/d' \ |
| 77 | -e '/^VFR_CPPFLAGS/a CC = ${CC}\nCXX = ${CXX}\nAS = ${AS}\nAR = ${AR}\nLD = ${LD}' \ |
| 78 | ${S}/BaseTools/Source/C/VfrCompile/GNUmakefile |
| 79 | } |
| 80 | fix_toolchain_append_class-native() { |
| 81 | # This tools_def.template is going to be used by the target ovmf and |
| 82 | # defines which compilers to use. For the GCC toolchain definitions, |
| 83 | # that will be ${HOST_PREFIX}gcc. However, "make" doesn't need that |
| 84 | # prefix. |
| 85 | # |
| 86 | # Injecting ENV(HOST_PREFIX) matches exporting that value as env |
| 87 | # variable in do_compile_class-target. |
| 88 | sed -i \ |
| 89 | -e 's#\(ENV\|DEF\)(GCC.*_PREFIX)#ENV(HOST_PREFIX)#' \ |
| 90 | -e 's#ENV(HOST_PREFIX)make#make#' \ |
| 91 | ${S}/BaseTools/Conf/tools_def.template |
| 92 | sed -i \ |
| 93 | -e '/^\(LFLAGS\|CFLAGS\) +=/d' \ |
| 94 | -e '/^LINKER/a LFLAGS += ${BUILD_LDFLAGS}\nCFLAGS += ${BUILD_CFLAGS}' \ |
| 95 | ${S}/BaseTools/Source/C/Makefiles/app.makefile \ |
| 96 | ${S}/BaseTools/Source/C/VfrCompile/GNUmakefile |
| 97 | # Linking with gold fails: |
| 98 | # internal error in do_layout, at ../../gold/object.cc:1821 |
| 99 | # make: *** [.../OUTPUT/Facs.acpi] Error 1 |
| 100 | # We intentionally hard-code the use of ld.bfd regardless of DISTRO_FEATURES |
| 101 | # to make ovmf-native reusable across distros. |
| 102 | sed -i \ |
| 103 | -e 's#^\(DEFINE GCC.*DLINK.*FLAGS *=\)#\1 -fuse-ld=bfd#' \ |
| 104 | ${S}/BaseTools/Conf/tools_def.template |
| 105 | } |
| 106 | |
| 107 | GCC_VER="$(${CC} -v 2>&1 | tail -n1 | awk '{print $3}')" |
| 108 | |
| 109 | fixup_target_tools() { |
| 110 | case ${1} in |
| 111 | 4.4.*) |
| 112 | FIXED_GCCVER=GCC44 |
| 113 | ;; |
| 114 | 4.5.*) |
| 115 | FIXED_GCCVER=GCC45 |
| 116 | ;; |
| 117 | 4.6.*) |
| 118 | FIXED_GCCVER=GCC46 |
| 119 | ;; |
| 120 | 4.7.*) |
| 121 | FIXED_GCCVER=GCC47 |
| 122 | ;; |
| 123 | 4.8.*) |
| 124 | FIXED_GCCVER=GCC48 |
| 125 | ;; |
| 126 | 4.9.*) |
| 127 | FIXED_GCCVER=GCC49 |
| 128 | ;; |
| 129 | *) |
| 130 | FIXED_GCCVER=GCC5 |
| 131 | ;; |
| 132 | esac |
| 133 | echo ${FIXED_GCCVER} |
| 134 | } |
| 135 | |
| 136 | do_compile_class-native() { |
| 137 | oe_runmake -C ${S}/BaseTools |
| 138 | } |
| 139 | |
| 140 | do_compile_class-target() { |
| 141 | export LFLAGS="${LDFLAGS}" |
Brad Bishop | 316dfdd | 2018-06-25 12:45:53 -0400 | [diff] [blame] | 142 | PARALLEL_JOBS="${@oe.utils.parallel_make_argument(d, '-n %d')}" |
Brad Bishop | 6e60e8b | 2018-02-01 10:27:11 -0500 | [diff] [blame] | 143 | OVMF_ARCH="X64" |
| 144 | if [ "${TARGET_ARCH}" != "x86_64" ] ; then |
| 145 | OVMF_ARCH="IA32" |
| 146 | fi |
| 147 | |
| 148 | # The build for the target uses BaseTools/Conf/tools_def.template |
| 149 | # from ovmf-native to find the compiler, which depends on |
| 150 | # exporting HOST_PREFIX. |
| 151 | export HOST_PREFIX="${HOST_PREFIX}" |
| 152 | |
| 153 | # BaseTools/Conf gets copied to Conf, but only if that does not |
| 154 | # exist yet. To ensure that an updated template gets used during |
| 155 | # incremental builds, we need to remove the copy before we start. |
| 156 | rm -f `ls ${S}/Conf/*.txt | grep -v ReadMe.txt` |
| 157 | |
| 158 | # ${WORKDIR}/ovmf is a well-known location where do_install and |
| 159 | # do_deploy will be able to find the files. |
| 160 | rm -rf ${WORKDIR}/ovmf |
| 161 | mkdir ${WORKDIR}/ovmf |
| 162 | OVMF_DIR_SUFFIX="X64" |
| 163 | if [ "${TARGET_ARCH}" != "x86_64" ] ; then |
| 164 | OVMF_DIR_SUFFIX="Ia32" # Note the different capitalization |
| 165 | fi |
| 166 | FIXED_GCCVER=$(fixup_target_tools ${GCC_VER}) |
| 167 | bbnote FIXED_GCCVER is ${FIXED_GCCVER} |
| 168 | build_dir="${S}/Build/Ovmf$OVMF_DIR_SUFFIX/RELEASE_${FIXED_GCCVER}" |
| 169 | |
| 170 | bbnote "Building without Secure Boot." |
| 171 | rm -rf ${S}/Build/Ovmf$OVMF_DIR_SUFFIX |
| 172 | ${S}/OvmfPkg/build.sh $PARALLEL_JOBS -a $OVMF_ARCH -b RELEASE -t ${FIXED_GCCVER} |
| 173 | ln ${build_dir}/FV/OVMF.fd ${WORKDIR}/ovmf/ovmf.fd |
| 174 | ln ${build_dir}/FV/OVMF_CODE.fd ${WORKDIR}/ovmf/ovmf.code.fd |
| 175 | ln ${build_dir}/FV/OVMF_VARS.fd ${WORKDIR}/ovmf/ovmf.vars.fd |
| 176 | ln ${build_dir}/${OVMF_ARCH}/Shell.efi ${WORKDIR}/ovmf/ |
| 177 | |
| 178 | if ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'true', 'false', d)}; then |
Brad Bishop | 08902b0 | 2019-08-20 09:16:51 -0400 | [diff] [blame] | 179 | # Repeat build with the Secure Boot flags. |
Brad Bishop | 6e60e8b | 2018-02-01 10:27:11 -0500 | [diff] [blame] | 180 | bbnote "Building with Secure Boot." |
| 181 | rm -rf ${S}/Build/Ovmf$OVMF_DIR_SUFFIX |
Brad Bishop | 6e60e8b | 2018-02-01 10:27:11 -0500 | [diff] [blame] | 182 | ${S}/OvmfPkg/build.sh $PARALLEL_JOBS -a $OVMF_ARCH -b RELEASE -t ${FIXED_GCCVER} ${OVMF_SECURE_BOOT_FLAGS} |
| 183 | ln ${build_dir}/FV/OVMF.fd ${WORKDIR}/ovmf/ovmf.secboot.fd |
| 184 | ln ${build_dir}/FV/OVMF_CODE.fd ${WORKDIR}/ovmf/ovmf.secboot.code.fd |
| 185 | ln ${build_dir}/${OVMF_ARCH}/EnrollDefaultKeys.efi ${WORKDIR}/ovmf/ |
| 186 | fi |
| 187 | } |
| 188 | |
| 189 | do_install_class-native() { |
| 190 | install -d ${D}/${bindir}/edk2_basetools |
| 191 | cp -r ${S}/BaseTools ${D}/${bindir}/${EDK_TOOLS_DIR} |
| 192 | } |
| 193 | |
| 194 | do_install_class-target() { |
| 195 | # Content for UEFI shell iso. We install the EFI shell as |
| 196 | # bootx64/ia32.efi because then it can be started even when the |
| 197 | # firmware itself does not contain it. |
| 198 | install -d ${D}/efi/boot |
| 199 | install ${WORKDIR}/ovmf/Shell.efi ${D}/efi/boot/boot${@ "ia32" if "${TARGET_ARCH}" != "x86_64" else "x64"}.efi |
| 200 | if ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'true', 'false', d)}; then |
| 201 | install ${WORKDIR}/ovmf/EnrollDefaultKeys.efi ${D} |
| 202 | fi |
| 203 | } |
| 204 | |
| 205 | # This always gets packaged because ovmf-shell-image depends on it. |
| 206 | # This allows testing that recipe in all configurations because it |
| 207 | # can always be part of a world build. |
| 208 | # |
| 209 | # However, EnrollDefaultKeys.efi is only included when Secure Boot is enabled. |
| 210 | PACKAGES =+ "ovmf-shell-efi" |
| 211 | FILES_ovmf-shell-efi = " \ |
| 212 | EnrollDefaultKeys.efi \ |
| 213 | efi/ \ |
| 214 | " |
| 215 | |
Brad Bishop | 1932369 | 2019-04-05 15:28:33 -0400 | [diff] [blame] | 216 | DEPLOYDEP = "" |
| 217 | DEPLOYDEP_class-target = "qemu-system-native:do_populate_sysroot" |
Brad Bishop | 08902b0 | 2019-08-20 09:16:51 -0400 | [diff] [blame] | 218 | DEPLOYDEP_class-target += " ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'openssl-native:do_populate_sysroot', '', d)}" |
Brad Bishop | 1932369 | 2019-04-05 15:28:33 -0400 | [diff] [blame] | 219 | do_deploy[depends] += "${DEPLOYDEP}" |
| 220 | |
Brad Bishop | 6e60e8b | 2018-02-01 10:27:11 -0500 | [diff] [blame] | 221 | do_deploy() { |
| 222 | } |
Brad Bishop | 6e60e8b | 2018-02-01 10:27:11 -0500 | [diff] [blame] | 223 | do_deploy_class-target() { |
| 224 | # For use with "runqemu ovmf". |
| 225 | for i in \ |
| 226 | ovmf \ |
| 227 | ovmf.code \ |
| 228 | ovmf.vars \ |
| 229 | ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'ovmf.secboot ovmf.secboot.code', '', d)} \ |
| 230 | ; do |
| 231 | qemu-img convert -f raw -O qcow2 ${WORKDIR}/ovmf/$i.fd ${DEPLOYDIR}/$i.qcow2 |
| 232 | done |
Brad Bishop | 08902b0 | 2019-08-20 09:16:51 -0400 | [diff] [blame] | 233 | |
| 234 | if ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'true', 'false', d)}; then |
| 235 | # Create a test Platform Key and first Key Exchange Key to use with EnrollDefaultKeys |
| 236 | openssl req -new -x509 -newkey rsa:2048 -keyout ${DEPLOYDIR}/OvmfPkKek1.key \ |
| 237 | -out ${DEPLOYDIR}/OvmfPkKek1.crt -nodes -days 20 -subj "/CN=OVMFSecBootTest" |
| 238 | openssl x509 -in ${DEPLOYDIR}/OvmfPkKek1.crt -out ${DEPLOYDIR}/OvmfPkKek1.pem -outform PEM |
| 239 | fi |
Brad Bishop | 6e60e8b | 2018-02-01 10:27:11 -0500 | [diff] [blame] | 240 | } |
| 241 | addtask do_deploy after do_compile before do_build |
| 242 | |
| 243 | BBCLASSEXTEND = "native" |
Brad Bishop | d7bf8c1 | 2018-02-25 22:55:05 -0500 | [diff] [blame] | 244 | TOOLCHAIN = "gcc" |