Hi, Fixes [YOCTO #13438]
I have implemented this patchset to bump the OVMF recipe to the latest stable release of OVMF: edk2-stable201905. I continued Ross Burton's initial work to update the recipe [1]. The majority of the patches we were carrying with the recipe have been taken upstream in EDK2 and I have removed them. Plus, EDK2 now adds openssl as a git submodule and not a patching script. Thus, I removed support for this script and switched to the gitsm bitbake fetcher. Also, now the EnrollDefaultKeys EFI application requires a separate Platform Key and first Key Exchange Key certificate instead of an hard-coded certificate embedded in the application. The hypervisor shall pass this certificated to EnrollDefaultKeys via the Type 11 SMBus table. I have updated the ovmf recipe to create the needed certificate and also updated runqemu to provide such certificate when using an OVMF binary with support for Secure Boot. Lastly, I defined the recipe's PV and took Ross' change to use python3 from HOSTTOOLS. Thanks and BR, Ricardo [1]. http://git.yoctoproject.org/cgit.cgi/poky-contrib/commit/?h=ross/nopy2&id=f95649176b7916116251a092a82618dd08ff1961 Ricardo Neri (5): ovmf: Update to version edk2-stable201905 ovmf: Set PV ovmf: use HOSTTOOLS' python3 ovmf: Generate test Platform key and first Key Exchange Key runqemu: Add support to handle EnrollDefaultKeys PK/KEK1 certificate ....makefile-add-Wno-stringop-truncatio.patch | 71 -- .../ovmf/ovmf/0001-ia32-Dont-use-pie.patch | 46 - ...ols-header.makefile-add-Wno-restrict.patch | 102 -- ....makefile-revert-gcc-8-Wno-xxx-optio.patch | 53 - ...ile-adjust-to-build-in-under-bitbake.patch | 33 +- ...-silence-false-stringop-overflow-war.patch | 66 - ...faultKeys-application-for-enrolling-.patch | 1124 ----------------- .../ovmf/no-stack-protector-all-archs.patch | 26 +- meta/recipes-core/ovmf/ovmf_git.bb | 40 +- scripts/runqemu | 32 + 10 files changed, 90 insertions(+), 1503 deletions(-) delete mode 100644 meta/recipes-core/ovmf/ovmf/0001-BaseTools-header.makefile-add-Wno-stringop-truncatio.patch delete mode 100644 meta/recipes-core/ovmf/ovmf/0001-ia32-Dont-use-pie.patch delete mode 100644 meta/recipes-core/ovmf/ovmf/0002-BaseTools-header.makefile-add-Wno-restrict.patch delete mode 100644 meta/recipes-core/ovmf/ovmf/0003-BaseTools-header.makefile-revert-gcc-8-Wno-xxx-optio.patch delete mode 100644 meta/recipes-core/ovmf/ovmf/0004-BaseTools-GenVtf-silence-false-stringop-overflow-war.patch delete mode 100644 meta/recipes-core/ovmf/ovmf/0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch -- 2.20.1 -- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
