File ovmf.spec of Package ovmf.14106
#
# spec file for package ovmf
#
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
# needssslcertforbuild
%undefine _build_create_debug
%global openssl_version 1.1.0h
Name: ovmf
Url: http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=EDK2
Summary: Open Virtual Machine Firmware
License: BSD-2-Clause
Group: System/Emulators/PC
Version: 2017+git1510945757.b2662641d5
Release: 0
Source0: %{name}-%{version}.tar.xz
Source1: https://www.openssl.org/source/openssl-%{openssl_version}.tar.gz
Source111: https://www.openssl.org/source/openssl-%{openssl_version}.tar.gz.asc
Source112: openssl.keyring
Source2: README
Source3: SLES-UEFI-CA-Certificate-2048.crt
Source5: MicCorKEKCA2011_2011-06-24.crt
Source6: MicCorUEFCA2011_2011-06-27.crt
Source7: openSUSE-UEFI-CA-Certificate-2048.crt
Source8: openSUSE-UEFI-SIGN-Certificate-2048.crt
Source9: openSUSE-UEFI-CA-Certificate-4096.crt
Source10: openSUSE-UEFI-SIGN-Certificate-4096.crt
Source11: http://www.uefi.org/sites/default/files/resources/dbxupdate.zip
Source12: strip_authinfo.pl
Source13: MicWinProPCA2011_2011-10-19.crt
Source14: owner-guid-zero.h
Source100: %{name}-rpmlintrc
Source101: gdb_uefi.py.in
Patch2: %{name}-embed-default-keys.patch
Patch3: %{name}-gdb-symbols.patch
Patch4: %{name}-pie.patch
Patch5: %{name}-disable-ia32-firmware-piepic.patch
Patch6: %{name}-bsc1092943-fix-attributes-table.patch
Patch7: %{name}-bsc1099193-fix-sev-flash-variables.patch
Patch8: %{name}-bsc1115916-fix-timestamp-zeroing.patch
Patch9: %{name}-bsc1115917-bounds-checking-for-ueficompress.patch
Patch10: %{name}-bsc1127820-fix-blockio-buffer-overflow.patch
Patch11: %{name}-bsc1127821-dns-check-packet-size.patch
Patch12: %{name}-bsc1127822-fix-fv-parsing.patch
Patch13: %{name}-bsc1128503-fix-stack-overflow-in-HiiImage-and-HiiDatabase.patch
Patch14: %{name}-bsc1130267-overflow-in-partition-and-udf.patch
Patch15: %{name}-bsc1131361-fix-stack-overflow-xhci.patch
Patch16: %{name}-bsc1163959-PiDxeS3BootScriptLib-fix-numeric-truncation.patch
Patch17: %{name}-bsc1153072-fix-openssllib.patch
Patch18: %{name}-bsc1153072-fix-http-cert-verification.patch
Patch19: %{name}-bsc1163969-fix-DxeImageVerificationHandler.patch
Patch20: %{name}-bsc1163927-fix-ip4dxe-and-arpdxe.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: fdupes
BuildRequires: gcc
BuildRequires: gcc-c++
BuildRequires: iasl
BuildRequires: libuuid-devel
BuildRequires: python
%ifnarch %arm
BuildRequires: nasm
%endif
%ifarch x86_64
BuildRequires: openssl
BuildRequires: unzip
%if 0%{?suse_version}
BuildRequires: vim-base
%else
BuildRequires: vim-common
%endif
%endif
ExclusiveArch: %ix86 x86_64 aarch64 %arm
%description
The Open Virtual Machine Firmware (OVMF) project aims to support
firmware for Virtual Machines using the edk2 code base.
%package tools
Summary: The BaseTools from edk2
Group: System/Emulators/PC
%description tools
The Open Virtual Machine Firmware (OVMF) project aims to support
firmware for Virtual Machines using the edk2 code base.
This package contains the tools from edk2.
%ifarch %ix86
%package -n qemu-ovmf-ia32
Summary: Open Virtual Machine Firmware - QEMU rom images (IA32)
Group: System/Emulators/PC
BuildArch: noarch
Requires: qemu
%description -n qemu-ovmf-ia32
The Open Virtual Machine Firmware (OVMF) project aims to support
firmware for Virtual Machines using the edk2 code base.
This package contains UEFI rom images for exercising UEFI secure
boot in a qemu environment (IA32)
%endif
%ifarch x86_64
%package -n qemu-ovmf-x86_64
Summary: Open Virtual Machine Firmware - QEMU rom images (x86_64)
Group: System/Emulators/PC
BuildArch: noarch
Requires: qemu
%description -n qemu-ovmf-x86_64
The Open Virtual Machine Firmware (OVMF) project aims to support
firmware for Virtual Machines using the edk2 code base.
This package contains UEFI rom images for exercising UEFI secure
boot in a qemu environment (x86_64)
%package -n qemu-ovmf-x86_64-debug
Summary: Open Virtual Machine Firmware - debug symbols (x86_64)
Group: Development/Debug
Requires: qemu
%description -n qemu-ovmf-x86_64-debug
The Open Virtual Machine Firmware (OVMF) project aims to support
firmware for Virtual Machines using the edk2 code base.
This package contains the debug symbols for UEFI rom images (x86_64)
%endif
%ifarch aarch64
%package -n qemu-uefi-aarch64
Summary: UEFI QEMU rom image (AArch64)
Group: System/Emulators/PC
BuildArch: noarch
%description -n qemu-uefi-aarch64
This package contains the UEFI rom image (AArch64) for QEMU cortex-a57
virt board.
%endif
%ifarch %arm
%package -n qemu-uefi-aarch32
Summary: UEFI QEMU rom image (AArch32)
Group: System/Emulators/PC
BuildArch: noarch
%description -n qemu-uefi-aarch32
This package contains the UEFI rom image (AArch32) for QEMU cortex-a15
virt board.
%endif
%prep
%setup -q -n %{name}-%{version}
# bsc#973038 Remove the packages we don't need to avoid any potential
# license issue.
PKG_TO_REMOVE="AppPkg DuetPkg CorebootModulePkg CorebootPayloadPkg \
EmulatorPkg Nt32Pkg Omap35xxPkg QuarkPlatformPkg QuarkSocPkg StdLib \
StdLibPrivateInternalFiles UnixPkg Vlv2DeviceRefCodePkg Vlv2TbltDevicePkg"
rm -rf $PKG_TO_REMOVE
%ifarch x86_64
%patch2 -p1
%endif
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch18 -p1
%patch19 -p1
%patch20 -p1
# add openssl
pushd CryptoPkg/Library/OpensslLib
tar -xf %{SOURCE1}
mv openssl-%{openssl_version} openssl
popd
%build
OVMF_FLAGS="-D SECURE_BOOT_ENABLE -D NETWORK_IP6_ENABLE -D HTTP_BOOT_ENABLE -D TLS_ENABLE"
%if 0%{?suse_version} > 1320
TOOL_CHAIN_TAG=GCC5
%else
echo `gcc -dumpversion`
TOOL_CHAIN_TAG=GCC$(gcc -dumpversion|sed 's/\([0-9]\)\.\([0-9]\).*/\1\2/')
%endif
%ifarch %ix86
OVMF_FLAGS="$OVMF_FLAGS -D FD_SIZE_2MB"
BUILD_OPTIONS="$OVMF_FLAGS -a IA32 -p OvmfPkg/OvmfPkgIa32.dsc -b DEBUG -t $TOOL_CHAIN_TAG"
make -C BaseTools
%else
%ifarch x86_64
BUILD_OPTIONS="$OVMF_FLAGS -a X64 -p OvmfPkg/OvmfPkgX64.dsc -b DEBUG -t $TOOL_CHAIN_TAG"
make -C BaseTools
%else
%ifarch aarch64
BUILD_OPTIONS="$OVMF_FLAGS -a AARCH64 -p ArmVirtPkg/ArmVirtQemu.dsc -b DEBUG -t $TOOL_CHAIN_TAG"
ARCH=AARCH64 make -C BaseTools
%else
%ifarch %arm
BUILD_OPTIONS="-a ARM -p ArmVirtPkg/ArmVirtQemu.dsc -b RELEASE -t $TOOL_CHAIN_TAG"
ARCH=ARM make -C BaseTools
%else
echo "ERROR: unsupported architecture"
false
%endif #arm
%endif #aarch64
%endif #x86_64
%endif #ix86
. ./edksetup.sh
%ifarch %ix86
# Build the UEFI image
build $BUILD_OPTIONS
cp Build/OvmfIa32/DEBUG_*/FV/OVMF.fd ovmf-ia32.bin
cp Build/OvmfIa32/DEBUG_*/FV/OVMF_CODE.fd ovmf-ia32-code.bin
cp Build/OvmfIa32/DEBUG_*/FV/OVMF_VARS.fd ovmf-ia32-vars.bin
%else
%ifarch x86_64
# Build the 2MB UEFI image for the backward compatibility
build $BUILD_OPTIONS -D FD_SIZE_2MB
collect_debug_files()
{
target="$1"
out_dir="debug/$target"
abs_path="`pwd`/$out_dir/"
source_path="`pwd`"
gdb_src_path="/usr/src/debug/ovmf-x86_64"
# copy the debug symbols
mkdir -p $out_dir
pushd Build/OvmfX64/DEBUG_GCC*/X64/
find . -mindepth 2 -type f -name "*.debug" -exec cp --parents -a {} $abs_path \;
cp --parents -a DebugPkg/GdbSyms/GdbSyms/DEBUG/GdbSyms.dll $abs_path
build_path=`pwd`
popd
# Change the path in the python gdb script
sed "s:__BUILD_PATH__:$build_path:;s:__SOURCE_PATH__:$source_path:;s:__GDB_SRC_PATH__:$gdb_src_path:;s/__FLAVOR__/$target/" \
%{SOURCE101} > gdb_uefi-$target.py
}
cp Build/OvmfX64/DEBUG_*/FV/OVMF.fd ovmf-x86_64.bin
cp Build/OvmfX64/DEBUG_*/FV/OVMF_CODE.fd ovmf-x86_64-code.bin
cp Build/OvmfX64/DEBUG_*/FV/OVMF_VARS.fd ovmf-x86_64-vars.bin
# Collect the debug files
collect_debug_files ovmf-x86_64
# Collect the source
mkdir -p source/ovmf-x86_64
# TODO get the source list from debug files
src_list=`find Build/OvmfX64/DEBUG_GCC*/X64/ -mindepth 1 -maxdepth 1 -type d -exec basename {} \;`
find $src_list \( -name "*.c" -o -name "*.h" \) -type f -exec cp --parents -a {} source/ovmf-x86_64 \;
find source/ovmf-x86_64 -name *.c -type f -exec chmod 0644 {} \;
# Build the 4MB UEFI image
build $BUILD_OPTIONS -D FD_SIZE_4MB
cp Build/OvmfX64/DEBUG_*/FV/OVMF.fd ovmf-x86_64-4m.bin
cp Build/OvmfX64/DEBUG_*/FV/OVMF_CODE.fd ovmf-x86_64-4m-code.bin
cp Build/OvmfX64/DEBUG_*/FV/OVMF_VARS.fd ovmf-x86_64-4m-vars.bin
collect_debug_files ovmf-x86_64-4m
build_with_keys()
{
suffix_base="$1"
xxd -i Default_PK > SecurityPkg/Library/AuthVariableLib/Default_PK.h
xxd -i Default_KEK > SecurityPkg/Library/AuthVariableLib/Default_KEK.h
xxd -i Default_DB > SecurityPkg/Library/AuthVariableLib/Default_DB.h
xxd -i Default_DB_EX > SecurityPkg/Library/AuthVariableLib/Default_DB_EX.h
xxd -i Default_DBX > SecurityPkg/Library/AuthVariableLib/Default_DBX.h
cat Default_Owner > SecurityPkg/Library/AuthVariableLib/Default_Owner.h
for suffix in $suffix_base $suffix_base-4m; do
if [ "$suffix" = "$suffix_base-4m" ]; then
build $BUILD_OPTIONS -D FD_SIZE_4MB
else
build $BUILD_OPTIONS -D FD_SIZE_2MB
fi
cp Build/OvmfX64/DEBUG_*/FV/OVMF.fd ovmf-x86_64-$suffix.bin
cp Build/OvmfX64/DEBUG_*/FV/OVMF_CODE.fd ovmf-x86_64-$suffix-code.bin
cp Build/OvmfX64/DEBUG_*/FV/OVMF_VARS.fd ovmf-x86_64-$suffix-vars.bin
collect_debug_files ovmf-x86_64-$suffix
done
}
# OVMF with SUSE keys
openssl x509 -in %{SOURCE3} -outform DER > Default_PK
openssl x509 -in %{SOURCE3} -outform DER > Default_KEK
openssl x509 -in %{SOURCE3} -outform DER > Default_DB
truncate -s 0 Default_DB_EX
truncate -s 0 Default_DBX
cat %{SOURCE14} > Default_Owner
build_with_keys suse
#unpack the UEFI revocation list
unzip %{SOURCE11}
# OVMF with MS keys
cat %{SOURCE5} > Default_PK
cat %{SOURCE5} > Default_KEK
cat %{SOURCE6} > Default_DB
cat %{SOURCE13} > Default_DB_EX
chmod 755 %{SOURCE12}
%{SOURCE12} dbxupdate.bin Default_DBX
echo "EFI_GUID DefaultOwnerGUID = {0x77fa9abd, 0x0359, 0x4d32, {0xbd, 0x60, 0x28, 0xf4, 0xe7, 0x8f, 0x78, 0x4b}};" > \
Default_Owner
build_with_keys ms
# OVMF with openSUSE keys
openssl x509 -in %{SOURCE7} -outform DER > Default_PK
openssl x509 -in %{SOURCE7} -outform DER > Default_KEK
openssl x509 -in %{SOURCE8} -outform DER > Default_DB
truncate -s 0 Default_DB_EX
truncate -s 0 Default_DBX
cat %{SOURCE14} > Default_Owner
build_with_keys opensuse
# OVMF with openSUSE keys (4096 bit CA)
openssl x509 -in %{SOURCE9} -outform DER > Default_PK
openssl x509 -in %{SOURCE9} -outform DER > Default_KEK
openssl x509 -in %{SOURCE10} -outform DER > Default_DB
truncate -s 0 Default_DB_EX
truncate -s 0 Default_DBX
cat %{SOURCE14} > Default_Owner
build_with_keys opensuse-4096
if [ -e %{_sourcedir}/_projectcert.crt ]; then
prjissuer=$(openssl x509 -in %{_sourcedir}/_projectcert.crt -noout -issuer_hash)
opensusesubject=$(openssl x509 -in %{SOURCE7} -noout -subject_hash)
slessubject=$(openssl x509 -in %{SOURCE3} -noout -subject_hash)
if [ "$prjissuer" != "$opensusesubject" -a "$prjissuer" != "$slessubject" ]; then
openssl x509 -in %{_sourcedir}/_projectcert.crt -outform DER > Default_PK
openssl x509 -in %{_sourcedir}/_projectcert.crt -outform DER > Default_KEK
openssl x509 -in %{_sourcedir}/_projectcert.crt -outform DER > Default_DB
truncate -s 0 Default_DB_EX
truncate -s 0 Default_DBX
cat %{SOURCE14} > Default_Owner
build_with_keys devel
fi
fi
%else
%ifarch aarch64
# Build the UEFI image
build $BUILD_OPTIONS
cp Build/ArmVirtQemu-AARCH64/DEBUG_GCC*/FV/QEMU_EFI.fd qemu-uefi-aarch64.bin
dd of="aavmf-aarch64-code.bin" if="/dev/zero" bs=1M count=64
dd of="aavmf-aarch64-code.bin" if="qemu-uefi-aarch64.bin" conv=notrunc
dd of="aavmf-aarch64-vars.bin" if="/dev/zero" bs=1M count=64
%else
%ifarch %arm
# Build the UEFI image
build $BUILD_OPTIONS
cp Build/ArmVirtQemu-ARM/RELEASE_GCC*/FV/QEMU_EFI.fd qemu-uefi-aarch32.bin
%endif #arm
%endif #aarch64
%endif #x86_64
%endif #ix86
%install
rm -rf %{buildroot}
cp %{SOURCE2} README
sed -i s/'\r'// License.txt
# Install BaseTools
install -d %{buildroot}/%{_bindir}
install -m 0755 --strip BaseTools/Source/C/bin/EfiRom %{buildroot}/%{_bindir}
%ifarch %ix86
tr -d '\r' < OvmfPkg/License.txt > License-ovmf.txt
install -m 0644 -D ovmf-ia32.bin %{buildroot}/%{_datadir}/qemu/ovmf-ia32.bin
install -m 0644 -D ovmf-ia32-code.bin %{buildroot}/%{_datadir}/qemu/ovmf-ia32-code.bin
install -m 0644 -D ovmf-ia32-vars.bin %{buildroot}/%{_datadir}/qemu/ovmf-ia32-vars.bin
%else
%ifarch x86_64
tr -d '\r' < OvmfPkg/License.txt > License-ovmf.txt
install -m 0644 -D ovmf-x86_64.bin %{buildroot}/%{_datadir}/qemu/ovmf-x86_64.bin
install -m 0644 ovmf-x86_64-*.bin %{buildroot}/%{_datadir}/qemu/
%fdupes %{buildroot}/%{_datadir}/qemu/
# Install debug symbols, gdb-uefi.py
install -d %{buildroot}/%{_datadir}/ovmf-x86_64/
install -m 0644 gdb_uefi-*.py %{buildroot}/%{_datadir}/ovmf-x86_64/
mkdir -p %{buildroot}/usr/lib/debug
mv debug/ovmf-x86_64* %{buildroot}/usr/lib/debug
%fdupes %{buildroot}/usr/lib/debug/ovmf-x86_64*
mkdir -p %{buildroot}/usr/src/debug
mv source/ovmf-x86_64* %{buildroot}/usr/src/debug
%fdupes -s %{buildroot}/usr/src/debug/ovmf-x86_64
%else
%ifarch aarch64
install -m 0644 -D qemu-uefi-aarch64.bin %{buildroot}/%{_datadir}/qemu/qemu-uefi-aarch64.bin
install -m 0644 -D aavmf-aarch64-code.bin %{buildroot}/%{_datadir}/qemu/aavmf-aarch64-code.bin
install -m 0644 -D aavmf-aarch64-vars.bin %{buildroot}/%{_datadir}/qemu/aavmf-aarch64-vars.bin
%else
%ifarch %arm
install -m 0644 -D qemu-uefi-aarch32.bin %{buildroot}/%{_datadir}/qemu/qemu-uefi-aarch32.bin
%endif #arm
%endif #aarch64
%endif #x86_64
%endif #ix86
%files
%defattr(-,root,root)
%doc README
%files tools
%defattr(-,root,root)
%doc BaseTools/UserManuals/EfiRom_Utility_Man_Page.rtf
%{_bindir}/EfiRom
%ifarch %ix86
%files -n qemu-ovmf-ia32
%defattr(-,root,root)
%doc License.txt License-ovmf.txt
%dir %{_datadir}/qemu/
%{_datadir}/qemu/ovmf-ia32*.bin
%endif
%ifarch x86_64
%files -n qemu-ovmf-x86_64
%defattr(-,root,root)
%doc License.txt License-ovmf.txt
%dir %{_datadir}/qemu/
%{_datadir}/qemu/ovmf-x86_64*.bin
%files -n qemu-ovmf-x86_64-debug
%defattr(-,root,root)
%{_datadir}/ovmf-x86_64/
%dir /usr/lib/debug/
/usr/lib/debug/ovmf-x86_64*
%dir /usr/src/debug/
/usr/src/debug/ovmf-x86_64*
%endif
%ifarch aarch64
%files -n qemu-uefi-aarch64
%defattr(-,root,root)
%doc License.txt
%dir %{_datadir}/qemu/
%{_datadir}/qemu/qemu-uefi-aarch64.bin
%{_datadir}/qemu/aavmf-aarch64-code.bin
%{_datadir}/qemu/aavmf-aarch64-vars.bin
%endif
%ifarch %arm
%files -n qemu-uefi-aarch32
%defattr(-,root,root)
%doc License.txt
%dir %{_datadir}/qemu/
%{_datadir}/qemu/qemu-uefi-aarch32.bin
%endif
%changelog