Skip to content

Commit 8db5a70

Browse files
universal-itengineeruniversal-itengineer
committed
fix(core): fix build uefi and ovmf
Signed-off-by: Nikita Korolev <[email protected]>
1 parent ede1b6e commit 8db5a70

File tree

4 files changed

+104
-29
lines changed

4 files changed

+104
-29
lines changed

cv/version_map.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
11
firmware:
22
qemu: 9.2.0
33
libvirt: 10.9.0
4-
edk2: stable202411
4+
edk2: stable202502

images/edk2/build.sh

Lines changed: 64 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,13 @@ EOF
2828
exit 0
2929
}
3030

31+
echo_dbg() {
32+
local str=$1
33+
echo ""
34+
echo "===$str==="
35+
echo ""
36+
}
37+
3138
parse_args() {
3239
while [[ $# -gt 0 ]]; do
3340
case "$1" in
@@ -81,22 +88,12 @@ fi
8188
EDK2_DIR="/${gitRepoName}-${edk2Branch}"
8289
FIRMWARE="/FIRMWARE"
8390

84-
mv -f Logo.bmp $EDK2_DIR/MdeModulePkg/Logo/
91+
mv -f /Logo.bmp $EDK2_DIR/MdeModulePkg/Logo/
8592
echo "=== cd $EDK2_DIR ==="
8693
cd $EDK2_DIR
8794

88-
echo "= pwd ="
89-
pwd
90-
9195
mkdir -p ${FIRMWARE}
9296

93-
echo_dbg() {
94-
local str=$1
95-
echo ""
96-
echo "===$str==="
97-
echo ""
98-
}
99-
10097
# compiler
10198
CC_FLAGS="-t GCC5"
10299
CC_FLAGS="${CC_FLAGS} -b RELEASE"
@@ -109,7 +106,6 @@ CC_FLAGS="${CC_FLAGS} -D TPM1_ENABLE=FALSE"
109106
CC_FLAGS="${CC_FLAGS} -D CAVIUM_ERRATUM_27456=TRUE"
110107

111108
# ovmf features
112-
OVMF_2M_FLAGS="${CC_FLAGS} -D FD_SIZE_2MB=TRUE -D NETWORK_TLS_ENABLE=FALSE -D NETWORK_ISCSI_ENABLE=FALSE"
113109
OVMF_4M_FLAGS="${CC_FLAGS} -D FD_SIZE_4MB=TRUE -D NETWORK_TLS_ENABLE=TRUE -D NETWORK_ISCSI_ENABLE=TRUE"
114110

115111
# secure boot features
@@ -118,9 +114,14 @@ OVMF_SB_FLAGS="${OVMF_SB_FLAGS} -D SMM_REQUIRE=TRUE"
118114
OVMF_SB_FLAGS="${OVMF_SB_FLAGS} -D EXCLUDE_SHELL_FROM_FD=TRUE -D BUILD_SHELL=FALSE"
119115

120116
# unset MAKEFLAGS
121-
echo "run source edksetup.sh"
122-
source ./edksetup.sh BaseTools
123-
source ./edksetup.sh
117+
echo "run . edksetup.sh"
118+
. ./edksetup.sh
119+
120+
if ! command -v build 2>&1 >/dev/null
121+
then
122+
echo "build could not be found"
123+
exit 1
124+
fi
124125

125126
build_iso() {
126127
dir="$1"
@@ -156,31 +157,57 @@ build_iso() {
156157
-o "$ISO_IMAGE" "$UEFI_SHELL_IMAGE"
157158
}
158159

160+
prep() {
161+
build -a X64 -p MdeModulePkg/MdeModulePkg.dsc -t GCC5 -b RELEASE
162+
}
163+
159164
# Build with SB and SMM; exclude UEFI shell.
160165
build_ovmf() {
161166
echo_dbg "build ${OVMF_4M_FLAGS} -a X64 -p OvmfPkg/OvmfPkgX64.dsc"
162-
build ${OVMF_4M_FLAGS} -a X64 -p OvmfPkg/OvmfPkgX64.dsc
167+
build ${OVMF_4M_FLAGS} \
168+
-a X64 -p OvmfPkg/OvmfPkgX64.dsc \
169+
-DCC_MEASUREMENT_ENABLE=TRUE \
170+
--pcd PcdFirmwareVendor=L"DVP distribution of EDK II\\0" \
171+
--pcd PcdFirmwareVersionString=L"2025.02-1\\0" \
172+
--pcd PcdFirmwareReleaseDateString=L"03/02/2025\\0"
173+
163174
cp -p Build/OvmfX64/*/FV/OVMF_CODE.fd $FIRMWARE/OVMF_CODE.fd
164175
cp -p Build/OvmfX64/*/FV/OVMF_VARS.fd $FIRMWARE/OVMF_VARS.fd
165176
}
166177

167178
# Build with SB and SMM with secure boot; exclude UEFI shell.
168179
build_ovmf_secboot() {
169180
echo_dbg "build ${OVMF_4M_FLAGS} ${OVMF_SB_FLAGS} -a X64 -p OvmfPkg/OvmfPkgX64.dsc"
170-
build ${OVMF_4M_FLAGS} ${OVMF_SB_FLAGS} -a X64 -p OvmfPkg/OvmfPkgX64.dsc
171-
cp -p Build/OvmfX64/*/FV/OVMF_CODE.fd $FIRMWARE/OVMF_CODE.secboot.fd
181+
build ${OVMF_4M_FLAGS} ${OVMF_SB_FLAGS} \
182+
-a X64 -p OvmfPkg/OvmfPkgX64.dsc \
183+
--pcd PcdFirmwareVendor=L"DVP distribution of EDK II\\0" \
184+
--pcd PcdFirmwareVersionString=L"2025.02-1\\0" \
185+
--pcd PcdFirmwareReleaseDateString=L"03/02/2025\\0"
186+
187+
cp -p Build/OvmfX64/*/FV/OVMF_CODE.fd $FIRMWARE/OVMF_CODE.secboot.fd
188+
cp -p Build/OvmfX64/*/FV/OVMF_VARS.fd $FIRMWARE/OVMF_VARS.secboot.fd
189+
cp -p Build/OvmfX64/*/X64/EnrollDefaultKeys.efi $FIRMWARE/
190+
cp -p Build/OvmfX64/*/X64/Shell.efi $FIRMWARE/
172191
}
173192

174193
# Build AmdSev and IntelTdx variants
175194
build_ovmf_amdsev() {
176195
touch OvmfPkg/AmdSev/Grub/grub.efi
177196

178-
echo_dbg "build ${OVMF_4M_FLAGS} -a X64 -p OvmfPkg/AmdSev/AmdSevX64.dsc"
179-
build ${OVMF_4M_FLAGS} -a X64 -p OvmfPkg/AmdSev/AmdSevX64.dsc
197+
198+
build ${OVMF_4M_FLAGS} -a X64 -p OvmfPkg/AmdSev/AmdSevX64.dsc \
199+
--pcd PcdFirmwareVendor=L"DVP distribution of EDK II\\0" \
200+
--pcd PcdFirmwareVersionString=L"2025.02-1\\0" \
201+
--pcd PcdFirmwareReleaseDateString=L"03/02/2025\\0"
202+
180203
cp -p Build/AmdSev/*/FV/OVMF.fd $FIRMWARE/OVMF.amdsev.fd
204+
}
181205

182-
echo_dbg "build ${OVMF_4M_FLAGS} -a X64 -p OvmfPkg/IntelTdx/IntelTdxX64.dsc"
183-
build ${OVMF_4M_FLAGS} -a X64 -p OvmfPkg/IntelTdx/IntelTdxX64.dsc
206+
build_ovmf_inteltdx() {
207+
build ${OVMF_4M_FLAGS} -a X64 -p OvmfPkg/IntelTdx/IntelTdxX64.dsc \
208+
--pcd PcdFirmwareVendor=L"DVP distribution of EDK II\\0" \
209+
--pcd PcdFirmwareVersionString=L"2025.02-1\\0" \
210+
--pcd PcdFirmwareReleaseDateString=L"03/02/2025\\0"
184211
cp -p Build/IntelTdx/*/FV/OVMF.fd $FIRMWARE/OVMF.inteltdx.fd
185212
}
186213

@@ -199,23 +226,34 @@ enroll() {
199226
virt-fw-vars --input $FIRMWARE/OVMF_VARS.fd \
200227
--output $FIRMWARE/OVMF_VARS.secboot.fd \
201228
--set-dbx $FIRMWARE/DBXUpdate-20230509.x64.bin \
202-
--secure-boot
229+
--secure-boot --enroll-generate dvp.deckhouse.io
203230

204231
virt-fw-vars --input $FIRMWARE/OVMF.inteltdx.fd \
205232
--output $FIRMWARE/OVMF.inteltdx.secboot.fd \
206233
--set-dbx $FIRMWARE/DBXUpdate-20230509.x64.bin \
207-
--secure-boot
234+
--secure-boot --enroll-generate dvp.deckhouse.io
208235
}
209236

210237
no_enroll() {
211238
cp -p $FIRMWARE/OVMF_VARS.fd $FIRMWARE/OVMF_VARS.secboot.fd
212239
cp -p $FIRMWARE/OVMF.inteltdx.fd $FIRMWARE/OVMF.inteltdx.secboot.fd
213240
}
214241

242+
243+
echo_dbg "prep"
244+
prep 2>&1 > /dev/null
245+
246+
echo_dbg "build_ovmf"
215247
build_ovmf 2>&1 > /dev/null
248+
249+
echo_dbg "build_ovmf_secboot"
216250
build_ovmf_secboot 2>&1 > /dev/null
251+
252+
echo "build_ovmf_amdsev"
217253
build_ovmf_amdsev 2>&1 > /dev/null
218-
build_shell 2>&1 > /dev/null
254+
255+
echo "build_ovmf_inteltdx"
256+
build_ovmf_inteltdx 2>&1 > /dev/null
219257

220258
build_iso $FIRMWARE
221-
no_enroll
259+
# enroll

images/edk2/json/30-edk2-ovmf-x64-sb-enrolled.json

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"description": "OVMF with SB+SMM, SB enabled, MS certs enrolled",
3+
"interface-types": [
4+
"uefi"
5+
],
6+
"mapping": {
7+
"device": "flash",
8+
"mode": "split",
9+
"executable": {
10+
"filename": "/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd",
11+
"format": "raw"
12+
},
13+
"nvram-template": {
14+
"filename": "/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd",
15+
"format": "raw"
16+
}
17+
},
18+
"targets": [
19+
{
20+
"architecture": "x86_64",
21+
"machines": [
22+
"pc-q35-*"
23+
]
24+
}
25+
],
26+
"features": [
27+
"acpi-s3",
28+
"enrolled-keys",
29+
"requires-smm",
30+
"secure-boot",
31+
"verbose-dynamic"
32+
],
33+
"tags": [
34+
35+
]
36+
}

images/edk2/werf.inc.yaml

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -68,15 +68,16 @@ shell:
6868
cd {{ $gitRepoName }}-{{ $version }}
6969
git submodule update --init --recursive
7070
71+
setup:
72+
- |
7173
# Set env edk
74+
cd {{ $gitRepoName }}-{{ $version }}
7275
export EDK_TOOLS_PATH=$(pwd)/BaseTools
7376
export PACKAGES_PATH=$(pwd)/BaseTools:/edk2-platforms
7477
7578
echo "Building BaseTools..."
7679
ln /usr/bin/python3 /usr/bin/python
7780
make -C BaseTools -j$(nproc) 2>&1 > /dev/null
7881
79-
setup:
80-
- |
8182
/build.sh --repo-name {{ $gitRepoName }} --branch {{ $version }}
8283

0 commit comments

Comments
 (0)