File project.diff of Package qemu
--- qemu.changes.orig
+++ qemu.changes
@@ -1051,6 +1051,12 @@ Wed Jan 12 13:57:31 UTC 2022 - Dario Fag
Revert-qemu-img-Require-F-with-b-backing.patch
-------------------------------------------------------------------
+Wed Jan 5 16:16:27 UTC 2022 - Michal Suchanek <msuchanek@suse.com>
+
+- SLOF: appended signature: Use SLE certificate in addition to project
+ certificate for verification.
+
+-------------------------------------------------------------------
Wed Dec 22 08:51:15 UTC 2021 - Dario Faggioli <dfaggioli@suse.com>
- Fix testsuite failures by not using modules when building tests
@@ -1182,6 +1188,26 @@ Mon Dec 6 14:22:18 UTC 2021 - Guillaume
dropped from Factory - boo#1193424
-------------------------------------------------------------------
+Thu Dec 2 10:19:00 UTC 2021 - Michal Suchanek <msuchanek@suse.com>
+
+- ppc secure boot
+ + 0001-use-PT_LOAD-constant.patch
+ + 0002-calloc.patch
+ + 0003-import-nayna-s-mbedtls.patch
+ + 0004-mbedtls-fixups.patch
+ + 0005-integrate-mbedtls.patch
+ + 0006-appended-signature-infrastructure.patch
+ + 0007-awful-hack-for-building.patch
+ + 0008-Appended-signature-verification.patch
+ + 0009-Update-mbedtls-to-support-multiple-signers.patch
+ + 0010-update-for-new-mbedtls.patch
+ + 0011-verify-ibm-secure-boot-property.patch
+ + 0012-require-signed-binary-if-32bit-and-secureboot.patch
+ + 0001-Create-fake-AIX-style-ibm-secureboot.patch
+ + 0002-Create-fake-ibm-trusted-boot-property.patch
+ + 0003-ppc-make-secure-boot-and-trusted-boot-mode-configura.patch
+
+-------------------------------------------------------------------
Tue Oct 26 20:53:59 UTC 2021 - José Ricardo Ziviani <jose.ziviani@suse.com>
- qemu: virtio-net: heap use-after-free in virtio_net_receive_rcu
--- qemu.spec.orig
+++ qemu.spec
@@ -14,6 +14,7 @@
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
+# needssslcertforbuild
%include %{_sourcedir}/common.inc
@@ -86,6 +87,28 @@ Release: 0
Source: %{srcname}-%{srcver}.tar.xz
Source1: common.inc
Source303: README.PACKAGING
+
+# Secure boot support on powerpc
+Patch00900: 0001-Create-fake-AIX-style-ibm-secureboot.patch
+Patch00901: 0002-Create-fake-ibm-trusted-boot-property.patch
+Patch00902: 0003-ppc-make-secure-boot-and-trusted-boot-mode-configura.patch
+Patch07700: 0001-use-PT_LOAD-constant.patch
+Patch07701: 0002-calloc.patch
+Patch07702: 0003-import-nayna-s-mbedtls.patch
+Patch07703: 0004-mbedtls-fixups.patch
+Patch07704: 0005-integrate-mbedtls.patch
+Patch07705: 0006-appended-signature-infrastructure.patch
+Patch07706: 0007-awful-hack-for-building.patch
+Patch07707: 0008-Appended-signature-verification.patch
+Patch07708: 0009-Update-mbedtls-to-support-multiple-signers.patch
+Patch07709: 0010-update-for-new-mbedtls.patch
+Patch07710: 0011-verify-ibm-secure-boot-property.patch
+Patch07711: 0012-require-signed-binary-if-32bit-and-secureboot.patch
+Patch07712: 0013-appended-signature-Support-two-certificates.patch
+Source999: certificate_SLE.crt
+BuildRequires: openssl
+BuildRequires: vim
+
Source1000: qemu-rpmlintrc
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%if %{build_x86_firmware}
@@ -1401,6 +1424,13 @@ network adapters available with QEMU.
%prep
%autosetup -n %{srcname}-%{srcver} -p1
+pushd roms/SLOF/
+openssl x509 -in %{_sourcedir}/_projectcert.crt -outform DER -out certificate.der
+xxd -i certificate.der lib/libcrypto/certificate.h
+cp %{SOURCE999} .
+xxd -i certificate_SLE.crt >> lib/libcrypto/certificate.h
+popd
+
# for the record, this set of firmware files is installed, but we don't
# build (yet): bamboo.dtb canyonlands.dtb hppa-firmware.img openbios-ppc
# openbios-sparc32 openbios-sparc64 palcode-clipper petalogix-ml605.dtb