1SUMMARY = "OVMF - UEFI firmware for Qemu and KVM" 2DESCRIPTION = "OVMF is an EDK II based project to enable UEFI support for \ 3Virtual Machines. OVMF contains sample UEFI firmware for QEMU and KVM" 4HOMEPAGE = "https://github.com/tianocore/tianocore.github.io/wiki/OVMF" 5LICENSE = "BSD-2-Clause-Patent" 6LICENSE:class-target = "${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'BSD-2-Clause-Patent & OpenSSL', 'BSD-2-Clause-Patent', d)}" 7LIC_FILES_CHKSUM = "file://OvmfPkg/License.txt;md5=06357ddc23f46577c2aeaeaf7b776d65" 8 9# Enabling Secure Boot adds a dependency on OpenSSL and implies 10# compiling OVMF twice, so it is disabled by default. Distros 11# may change that default. 12PACKAGECONFIG ??= "" 13PACKAGECONFIG += "${@bb.utils.contains('MACHINE_FEATURES', 'tpm', 'tpm', '', d)}" 14PACKAGECONFIG += "${@bb.utils.contains('MACHINE_FEATURES', 'tpm2', 'tpm', '', d)}" 15PACKAGECONFIG[secureboot] = ",,," 16PACKAGECONFIG[tpm] = "-D TPM_ENABLE=TRUE,-D TPM_ENABLE=FALSE,," 17 18SRC_URI = "gitsm://github.com/tianocore/edk2.git;branch=master;protocol=https \ 19 file://0001-ovmf-update-path-to-native-BaseTools.patch \ 20 file://0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch \ 21 file://0003-ovmf-Update-to-latest.patch \ 22 file://0005-debug-prefix-map.patch \ 23 file://0006-reproducible.patch \ 24 " 25 26PV = "edk2-stable202202" 27SRCREV = "b24306f15daa2ff8510b06702114724b33895d3c" 28UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>edk2-stable.*)" 29 30inherit deploy 31 32PARALLEL_MAKE = "" 33 34S = "${WORKDIR}/git" 35 36DEPENDS = "nasm-native acpica-native ovmf-native util-linux-native" 37 38EDK_TOOLS_DIR="edk2_basetools" 39 40# OVMF has trouble building with the default optimization of -O2. 41BUILD_OPTIMIZATION="-pipe" 42 43# OVMF supports IA only, although it could conceivably support ARM someday. 44COMPATIBLE_HOST:class-target='(i.86|x86_64).*' 45 46# Additional build flags for OVMF with Secure Boot. 47# Fedora also uses "-D SMM_REQUIRE -D EXCLUDE_SHELL_FROM_FD". 48OVMF_SECURE_BOOT_EXTRA_FLAGS ??= "" 49OVMF_SECURE_BOOT_FLAGS = "-DSECURE_BOOT_ENABLE=TRUE ${OVMF_SECURE_BOOT_EXTRA_FLAGS}" 50 51export PYTHON_COMMAND = "${HOSTTOOLS_DIR}/python3" 52 53do_patch[postfuncs] += "fix_basetools_location" 54fix_basetools_location () { 55} 56fix_basetools_location:class-target() { 57 # Replaces the fake path inserted by 0002-ovmf-update-path-to-native-BaseTools.patch. 58 # Necessary for finding the actual BaseTools from ovmf-native. 59 sed -i -e 's#BBAKE_EDK_TOOLS_PATH#${STAGING_BINDIR_NATIVE}/${EDK_TOOLS_DIR}#' ${S}/OvmfPkg/build.sh 60} 61 62do_patch[postfuncs] += "fix_iasl" 63fix_iasl() { 64} 65fix_iasl:class-native() { 66 # iasl is not installed under /usr/bin when building with OE. 67 sed -i -e 's#/usr/bin/iasl#${STAGING_BINDIR_NATIVE}/iasl#' ${S}/BaseTools/Conf/tools_def.template 68} 69 70# Inject CC and friends into the build. LINKER already is in GNUmakefile. 71# Must be idempotent and thus remove old assignments that were inserted 72# earlier. 73do_patch[postfuncs] += "fix_toolchain" 74fix_toolchain() { 75 sed -i \ 76 -e '/^\(CC\|CXX\|AS\|AR\|LD\|LINKER\) =/d' \ 77 -e '/^APPLICATION/a CC = ${CC}\nCXX = ${CXX}\nAS = ${AS}\nAR = ${AR}\nLD = ${LD}\nLINKER = $(CC)' \ 78 ${S}/BaseTools/Source/C/Makefiles/app.makefile 79 sed -i \ 80 -e '/^\(CC\|CXX\|AS\|AR\|LD\)/d' \ 81 -e '/^VFR_CPPFLAGS/a CC = ${CC}\nCXX = ${CXX}\nAS = ${AS}\nAR = ${AR}\nLD = ${LD}' \ 82 ${S}/BaseTools/Source/C/VfrCompile/GNUmakefile 83} 84fix_toolchain:append:class-native() { 85 # This tools_def.template is going to be used by the target ovmf and 86 # defines which compilers to use. For the GCC toolchain definitions, 87 # that will be ${HOST_PREFIX}gcc. However, "make" doesn't need that 88 # prefix. 89 # 90 # Injecting ENV(HOST_PREFIX) matches exporting that value as env 91 # variable in do_compile:class-target. 92 sed -i \ 93 -e 's#\(ENV\|DEF\)(GCC.*_PREFIX)#ENV(HOST_PREFIX)#' \ 94 -e 's#ENV(HOST_PREFIX)make#make#' \ 95 ${S}/BaseTools/Conf/tools_def.template 96 sed -i \ 97 -e '/^\(LFLAGS\|CFLAGS\) +=/d' \ 98 -e '/^LINKER/a LFLAGS += ${BUILD_LDFLAGS}\nCFLAGS += ${BUILD_CFLAGS}' \ 99 ${S}/BaseTools/Source/C/Makefiles/app.makefile \ 100 ${S}/BaseTools/Source/C/VfrCompile/GNUmakefile 101 # Linking with gold fails: 102 # internal error in do_layout, at ../../gold/object.cc:1821 103 # make: *** [.../OUTPUT/Facs.acpi] Error 1 104 # We intentionally hard-code the use of ld.bfd regardless of DISTRO_FEATURES 105 # to make ovmf-native reusable across distros. 106 sed -i \ 107 -e 's#^\(DEFINE GCC.*DLINK.*FLAGS *=\)#\1 -fuse-ld=bfd#' \ 108 -e 's#-flto#-fno-lto#g' \ 109 -e 's#-DUSING_LTO##g' \ 110 ${S}/BaseTools/Conf/tools_def.template 111} 112 113# We disable lto above since the results are not reproducible and make it hard to compare 114# binary build aretfacts to debug reproducibility problems. 115# Surprisingly, if you disable lto, you see compiler warnings which are fatal. We therefore 116# have to hack warnings overrides into GCC_PREFIX_MAP to allow it to build. 117 118# We want to pass ${DEBUG_PREFIX_MAP} to gcc commands and also pass in 119# --debug-prefix-map to nasm (we carry a patch to nasm for this). The 120# tools definitions are built by ovmf-native so we need to pass this in 121# at target build time when we know the right values. 122export NASM_PREFIX_MAP = "--debug-prefix-map=${WORKDIR}=/usr/src/debug/ovmf/${EXTENDPE}${PV}-${PR}" 123export GCC_PREFIX_MAP = "${DEBUG_PREFIX_MAP} -Wno-stringop-overflow -Wno-maybe-uninitialized" 124 125GCC_VER="$(${CC} -v 2>&1 | tail -n1 | awk '{print $3}')" 126 127fixup_target_tools() { 128 case ${1} in 129 4.4.*) 130 FIXED_GCCVER=GCC44 131 ;; 132 4.5.*) 133 FIXED_GCCVER=GCC45 134 ;; 135 4.6.*) 136 FIXED_GCCVER=GCC46 137 ;; 138 4.7.*) 139 FIXED_GCCVER=GCC47 140 ;; 141 4.8.*) 142 FIXED_GCCVER=GCC48 143 ;; 144 4.9.*) 145 FIXED_GCCVER=GCC49 146 ;; 147 *) 148 FIXED_GCCVER=GCC5 149 ;; 150 esac 151 echo ${FIXED_GCCVER} 152} 153 154do_compile:class-native() { 155 oe_runmake -C ${S}/BaseTools 156} 157 158do_compile:class-target() { 159 export LFLAGS="${LDFLAGS}" 160 PARALLEL_JOBS="${@oe.utils.parallel_make_argument(d, '-n %d')}" 161 OVMF_ARCH="X64" 162 if [ "${TARGET_ARCH}" != "x86_64" ] ; then 163 OVMF_ARCH="IA32" 164 fi 165 166 # The build for the target uses BaseTools/Conf/tools_def.template 167 # from ovmf-native to find the compiler, which depends on 168 # exporting HOST_PREFIX. 169 export HOST_PREFIX="${HOST_PREFIX}" 170 171 # BaseTools/Conf gets copied to Conf, but only if that does not 172 # exist yet. To ensure that an updated template gets used during 173 # incremental builds, we need to remove the copy before we start. 174 rm -f `ls ${S}/Conf/*.txt | grep -v ReadMe.txt` 175 176 # ${WORKDIR}/ovmf is a well-known location where do_install and 177 # do_deploy will be able to find the files. 178 rm -rf ${WORKDIR}/ovmf 179 mkdir ${WORKDIR}/ovmf 180 OVMF_DIR_SUFFIX="X64" 181 if [ "${TARGET_ARCH}" != "x86_64" ] ; then 182 OVMF_DIR_SUFFIX="Ia32" # Note the different capitalization 183 fi 184 FIXED_GCCVER=$(fixup_target_tools ${GCC_VER}) 185 bbnote FIXED_GCCVER is ${FIXED_GCCVER} 186 build_dir="${S}/Build/Ovmf$OVMF_DIR_SUFFIX/RELEASE_${FIXED_GCCVER}" 187 188 bbnote "Building without Secure Boot." 189 rm -rf ${S}/Build/Ovmf$OVMF_DIR_SUFFIX 190 ${S}/OvmfPkg/build.sh $PARALLEL_JOBS -a $OVMF_ARCH -b RELEASE -t ${FIXED_GCCVER} ${PACKAGECONFIG_CONFARGS} 191 ln ${build_dir}/FV/OVMF.fd ${WORKDIR}/ovmf/ovmf.fd 192 ln ${build_dir}/FV/OVMF_CODE.fd ${WORKDIR}/ovmf/ovmf.code.fd 193 ln ${build_dir}/FV/OVMF_VARS.fd ${WORKDIR}/ovmf/ovmf.vars.fd 194 ln ${build_dir}/${OVMF_ARCH}/Shell.efi ${WORKDIR}/ovmf/ 195 196 if ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'true', 'false', d)}; then 197 # Repeat build with the Secure Boot flags. 198 bbnote "Building with Secure Boot." 199 rm -rf ${S}/Build/Ovmf$OVMF_DIR_SUFFIX 200 ${S}/OvmfPkg/build.sh $PARALLEL_JOBS -a $OVMF_ARCH -b RELEASE -t ${FIXED_GCCVER} ${PACKAGECONFIG_CONFARGS} ${OVMF_SECURE_BOOT_FLAGS} 201 ln ${build_dir}/FV/OVMF.fd ${WORKDIR}/ovmf/ovmf.secboot.fd 202 ln ${build_dir}/FV/OVMF_CODE.fd ${WORKDIR}/ovmf/ovmf.secboot.code.fd 203 ln ${build_dir}/${OVMF_ARCH}/EnrollDefaultKeys.efi ${WORKDIR}/ovmf/ 204 fi 205} 206 207do_install:class-native() { 208 install -d ${D}/${bindir}/edk2_basetools 209 cp -r ${S}/BaseTools ${D}/${bindir}/${EDK_TOOLS_DIR} 210} 211 212do_install:class-target() { 213 # Content for UEFI shell iso. We install the EFI shell as 214 # bootx64/ia32.efi because then it can be started even when the 215 # firmware itself does not contain it. 216 install -d ${D}/efi/boot 217 install ${WORKDIR}/ovmf/Shell.efi ${D}/efi/boot/boot${@ "ia32" if "${TARGET_ARCH}" != "x86_64" else "x64"}.efi 218 if ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'true', 'false', d)}; then 219 install ${WORKDIR}/ovmf/EnrollDefaultKeys.efi ${D} 220 fi 221} 222 223# This always gets packaged because ovmf-shell-image depends on it. 224# This allows testing that recipe in all configurations because it 225# can always be part of a world build. 226# 227# However, EnrollDefaultKeys.efi is only included when Secure Boot is enabled. 228PACKAGES =+ "ovmf-shell-efi" 229FILES:ovmf-shell-efi = " \ 230 EnrollDefaultKeys.efi \ 231 efi/ \ 232" 233 234DEPLOYDEP = "" 235DEPLOYDEP:class-target = "qemu-system-native:do_populate_sysroot" 236DEPLOYDEP:class-target += " ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'openssl-native:do_populate_sysroot', '', d)}" 237do_deploy[depends] += "${DEPLOYDEP}" 238 239do_deploy() { 240} 241do_deploy:class-target() { 242 # For use with "runqemu ovmf". 243 for i in \ 244 ovmf \ 245 ovmf.code \ 246 ovmf.vars \ 247 ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'ovmf.secboot ovmf.secboot.code', '', d)} \ 248 ; do 249 qemu-img convert -f raw -O qcow2 ${WORKDIR}/ovmf/$i.fd ${DEPLOYDIR}/$i.qcow2 250 done 251 252 if ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'true', 'false', d)}; then 253 # Create a test Platform Key and first Key Exchange Key to use with EnrollDefaultKeys 254 openssl req -new -x509 -newkey rsa:2048 -keyout ${DEPLOYDIR}/OvmfPkKek1.key \ 255 -out ${DEPLOYDIR}/OvmfPkKek1.crt -nodes -days 20 -subj "/CN=OVMFSecBootTest" 256 openssl x509 -in ${DEPLOYDIR}/OvmfPkKek1.crt -out ${DEPLOYDIR}/OvmfPkKek1.pem -outform PEM 257 fi 258} 259addtask do_deploy after do_compile before do_build 260 261BBCLASSEXTEND = "native" 262TOOLCHAIN = "gcc" 263