On 15.12.21 08:16, Yongxin Liu wrote:
Slim Bootloader is an open-source boot firmware running on Intel x86
architecture.
Currently it supports qemu, apl(Apollo Lake), cfl(Coffee Lake),
cml(Comet Lake), tgl(Tiger Lake), and ehl(Elkhart Lake). You can set
"SLIMBOOT_TARGET" in .bb file or .bbappend file to specify or add the
target firmware you want, for example: SLIMBOOT_TARGET = "qemu apl".
The default target is qemu.
Generated firmware and security keys are installed in build directory:
image
`-- usr
`-- libexec
`-- slimboot
|-- Outputs
| |-- qemu
| |-- apl
| `-- cfl
`-- keys
Boot firmware for qemu can be used by command:
"qemu-system-x86_64 -machine q35 -nographic -serial mon:stdio -pflash
SlimBootloader.bin"
Other boot firmware for real hardware cannot be programmed directly to
flash, please refer to https://slimbootloader.github.io/index.html for
more instructions.
Signed-off-by: Yongxin Liu <yongxin....@windriver.com>
---
...d-private-key-check-for-PKCS8-format.patch | 28 ++++++++
.../build-EDK2-BaseTools-with-bitbake.patch | 70 +++++++++++++++++++
...limbootloader-BaseTools-with-bitbake.patch | 42 +++++++++++
meta/recipes-bsp/slimboot/slimboot_git.bb | 57 +++++++++++++++
4 files changed, 197 insertions(+)
create mode 100644
meta/recipes-bsp/slimboot/files/add-private-key-check-for-PKCS8-format.patch
create mode 100644
meta/recipes-bsp/slimboot/files/build-EDK2-BaseTools-with-bitbake.patch
create mode 100644
meta/recipes-bsp/slimboot/files/build-slimbootloader-BaseTools-with-bitbake.patch
create mode 100644 meta/recipes-bsp/slimboot/slimboot_git.bb
diff --git
a/meta/recipes-bsp/slimboot/files/add-private-key-check-for-PKCS8-format.patch
b/meta/recipes-bsp/slimboot/files/add-private-key-check-for-PKCS8-format.patch
new file mode 100644
index 0000000000..a7e9d96dfb
--- /dev/null
+++
b/meta/recipes-bsp/slimboot/files/add-private-key-check-for-PKCS8-format.patch
@@ -0,0 +1,28 @@
+From e31e9b34f5ffccaab3788da781e05a0622cf7d45 Mon Sep 17 00:00:00 2001
+From: Yongxin Liu <yongxin....@windriver.com>
+Date: Tue, 7 Dec 2021 16:18:43 +0000
+Subject: [PATCH] add private key check for PKCS8 format
+
+Upstream-Status: Pending
Pending patches are discouraged, please send them upstream
+
+Signed-off-by: Yongxin Liu <yongxin....@windriver.com>
+---
+ BootloaderCorePkg/Tools/SingleSign.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/BootloaderCorePkg/Tools/SingleSign.py
b/BootloaderCorePkg/Tools/SingleSign.py
+index 2a550bf8..5baacbde 100644
+--- a/BootloaderCorePkg/Tools/SingleSign.py
++++ b/BootloaderCorePkg/Tools/SingleSign.py
+@@ -259,7 +259,7 @@ def single_sign_gen_pub_key (in_key, pub_key_file = None):
+ cmdline = [get_openssl_path(), 'rsa', '-pubout', '-text', '-noout',
'-in', '%s' % in_key]
+ # Check if it is public key or private key
+ text = open(in_key, 'r').read()
+- if '-BEGIN RSA PRIVATE KEY-' in text:
++ if '-BEGIN RSA PRIVATE KEY-' in text or '-BEGIN PRIVATE KEY-' in text:
+ is_prv_key = True
+ elif '-BEGIN PUBLIC KEY-' in text:
+ cmdline.extend (['-pubin'])
+--
+2.33.0
+
diff --git
a/meta/recipes-bsp/slimboot/files/build-EDK2-BaseTools-with-bitbake.patch
b/meta/recipes-bsp/slimboot/files/build-EDK2-BaseTools-with-bitbake.patch
new file mode 100644
index 0000000000..3b9db74491
--- /dev/null
+++ b/meta/recipes-bsp/slimboot/files/build-EDK2-BaseTools-with-bitbake.patch
@@ -0,0 +1,70 @@
+From ce5ed81d9dd9c37e494560edb8f0fbae83713416 Mon Sep 17 00:00:00 2001
+From: Yongxin Liu <yongxin....@windriver.com>
+Date: Wed, 15 Dec 2021 02:19:42 +0000
+Subject: [PATCH] build EDK2/BaseTools with bitbake
+
+EDK2 basetools are needed by QEMU FSP. Due to CRLF line terminators
+in target file, the patch has to be set to binary format.
+
+Upstream-Status: Inappropriate [oe-core specific]
Why is this oe-specific, I'm missing a proper explanation in the commit
message
+
+Signed-off-by: Yongxin Liu <yongxin....@windriver.com>
+---
+ .gitattributes | 1 +
+ .../Tools/PrepareBuildComponentBin.py | 6 ++++++
+ .../build-edk2-BaseTools-with-bitbake.patch | Bin 0 -> 1375 bytes
+ 3 files changed, 7 insertions(+)
+ create mode 100644
Silicon/QemuSocPkg/FspBin/Patches/build-edk2-BaseTools-with-bitbake.patch
+
+diff --git a/.gitattributes b/.gitattributes
+index e372c4d9..d31d5dbb 100644
+--- a/.gitattributes
++++ b/.gitattributes
+@@ -17,3 +17,4 @@
+ # since the files that are being patched have a mixture of line
+ # endings. This means it must be treated as binary.
+ Silicon/QemuSocPkg/FspBin/Patches/0001-Build-QEMU-FSP-2.0-binaries.patch
binary
++Silicon/QemuSocPkg/FspBin/Patches/build-edk2-BaseTools-with-bitbake.patch
binary
+diff --git a/BootloaderCorePkg/Tools/PrepareBuildComponentBin.py
b/BootloaderCorePkg/Tools/PrepareBuildComponentBin.py
+index 50f24736..2cd2f5d5 100644
+--- a/BootloaderCorePkg/Tools/PrepareBuildComponentBin.py
++++ b/BootloaderCorePkg/Tools/PrepareBuildComponentBin.py
+@@ -188,6 +188,12 @@ def BuildFspBins (fsp_dir, sbl_dir, fsp_inf,
silicon_pkg_name, flag):
+ ret = subprocess.call(cmd.split(' '), cwd=fsp_dir)
+ if ret:
+ Fatal ('Failed to apply QEMU FSP patch !')
++
++ cmd = 'git am --keep-cr --whitespace=nowarn
%s/build-edk2-BaseTools-with-bitbake.patch' % patch_dir
++ ret = subprocess.call(cmd.split(' '), cwd=fsp_dir)
++ if ret:
++ Fatal ('Failed to apply QEMU FSP patch for EDK2 BaseTools !')
++
+ print ('Done\n')
+
+ print ('Compiling QEMU FSP source ...')
+diff --git
a/Silicon/QemuSocPkg/FspBin/Patches/build-edk2-BaseTools-with-bitbake.patch
b/Silicon/QemuSocPkg/FspBin/Patches/build-edk2-BaseTools-with-bitbake.patch
+new file mode 100644
+index
0000000000000000000000000000000000000000..3dbdb14bf5332af1c15e4bf146abf67d4db3768a
+GIT binary patch
+literal 1375
+zcmb7EYj4^>5d3};|6!%%1IU~on8bjZD%2zmDk&%sHC0t1n_H7>j4wUgNs#*EyS8~K
+zsFf0A8SUKO+{|dtms+i$9dvEy#1oMd2y{F|+wGoqI_NsViQNfZ&km!mYYVtm2~6=3
+z91m=}S3c0PZHHYFO%J}SWceZ!7|9$ytgFI|Wq$rF6QSi3YIC7hAK4(tuvd^Z!Es@L
+z3nFPb;5fau-6O=X>Bpvd_zM?V4}MJgGym!*gt?3bpm=D(ry#|dQgI5;GP{RRW?}Gv
+zjQRILvcyei6bH)`G6i{xAd^L$3xpsM5X(>pdJRHqIzVZODI?ib$VcSqI@L;LJP9(A
+zY%(^L%LD~iQN+Xb+g)<b*<PqMRk>cE<y+UJG?Fo<);&_*+FWe__yeb47)H6#fuaW%
+zr6JJ-mmH+1GpUlaZZrx&V2oAG8;l7VMZoz|W)N7reBN?w_^x(JO5h9FBJx_D$ZdJ1
+zxe!q|bX?I9;Mn$QyUobLJ5?|;4)0WQeh%C_X?kFkZz_-LsI}4*yMU|lbT;qb_*V@E
+zm{2@52J{TS`lH*y1)NdyY&;&#H$VgUkf7`Smy4V6cy?G?!)kymU#(Vj4PH0zR{w_&
+z6OpHxUQaU`z(9+`zKYc<VACw$q@@tQlUHN>)9r9HnER8-<*5I8S~}Q@uQB6b)hG<^
+zmkaAh@PKrCFYabH{rPw@t7zgN&1kXOzC+J|k6Xm>y17wfMd*(0G&^8ae+0+~e?$Ga
+z?%&<fWXAE+iZZVVM;ooX6R2k^pMOgf7x+jQkG=?kYh21SLk;CZp3uE5z%-8wff%Q_
+z3t>;YP33_0VD~1S?KUzt8k91~(Kfj)110xw0h=M(y4??06NY`aMO1J^3OTTr>AI%P
+F*k8r-nZ5u3
+
+literal 0
+HcmV?d00001
+
+--
+2.33.0
+
diff --git
a/meta/recipes-bsp/slimboot/files/build-slimbootloader-BaseTools-with-bitbake.patch
b/meta/recipes-bsp/slimboot/files/build-slimbootloader-BaseTools-with-bitbake.patch
new file mode 100644
index 0000000000..5a3a249de0
--- /dev/null
+++
b/meta/recipes-bsp/slimboot/files/build-slimbootloader-BaseTools-with-bitbake.patch
@@ -0,0 +1,42 @@
+From 080d952b27cc6450bca340c37c9bc1cc4ec6787c Mon Sep 17 00:00:00 2001
+From: Yongxin Liu <yongxin....@windriver.com>
+Date: Wed, 15 Dec 2021 01:24:11 +0000
+Subject: [PATCH] build slimbootloader/BaseTools with bitbake
+
+Change build flags to use include and library directories
+in recipe-sysroot-native.
+
+Upstream-Status: Inappropriate [oe-core specific]
Same here - I don't see a reason why this can't be proposed to upstream
+
+Signed-off-by: Yongxin Liu <yongxin....@windriver.com>
+---
+ BaseTools/Source/C/Makefiles/header.makefile | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/BaseTools/Source/C/Makefiles/header.makefile
b/BaseTools/Source/C/Makefiles/header.makefile
+index 45c93595..449e5bd1 100755
+--- a/BaseTools/Source/C/Makefiles/header.makefile
++++ b/BaseTools/Source/C/Makefiles/header.makefile
+@@ -75,7 +75,7 @@ $(error Bad HOST_ARCH)
+ endif
+
+ INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT) -I $(MAKEROOT)/Include/Common -I
$(MAKEROOT)/Include/ -I $(MAKEROOT)/Include/IndustryStandard -I
$(MAKEROOT)/Common/ -I .. -I . $(ARCH_INCLUDE)
+-BUILD_CPPFLAGS = $(INCLUDE)
++BUILD_CPPFLAGS += $(INCLUDE)
+
+ # keep EXTRA_OPTFLAGS last
+ BUILD_OPTFLAGS = -O2 $(EXTRA_OPTFLAGS)
+@@ -101,8 +101,8 @@ ifeq ($(CXX), llvm)
+ BUILD_LFLAGS =
+ BUILD_CXXFLAGS = -Wno-deprecated-register -Wno-unused-result
+ else
+-BUILD_LFLAGS =
+-BUILD_CXXFLAGS = -Wno-unused-result
++BUILD_LFLAGS = $(LDFLAGS)
++BUILD_CXXFLAGS += -Wno-unused-result
+ endif
+ ifeq ($(HOST_ARCH), IA32)
+ #
+--
+2.33.0
+
diff --git a/meta/recipes-bsp/slimboot/slimboot_git.bb
b/meta/recipes-bsp/slimboot/slimboot_git.bb
new file mode 100644
index 0000000000..2bfdef6a5f
--- /dev/null
+++ b/meta/recipes-bsp/slimboot/slimboot_git.bb
@@ -0,0 +1,57 @@
+SUMMARY = "Slim Bootloader"
+DESCRIPTION = "Slim Bootloader is an open-source boot firmware, built from the
\
+ground up to be small, secure and optimized running on Intel x86 architecture."
+HOMEPAGE = "https://slimbootloader.github.io/";
+
+LICENSE = "BSD-2-Clause-Patent"
+
+SRC_URI =
"git://github.com/slimbootloader/slimbootloader;protocol=https;branch=master\
before the trailing \ a whitespace seems to be missing
+ file://build-slimbootloader-BaseTools-with-bitbake.patch \
+ file://add-private-key-check-for-PKCS8-format.patch \
+ file://build-EDK2-BaseTools-with-bitbake.patch;apply=0 \
+ "
+SRCREV = "d0fac9b4423431babff4e790293aad430715187c"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=ef7fba7be2819ac13aaf5d0f842ce5d9"
https://github.com/slimbootloader/slimbootloader/tree/master/Licenses
lists a lot more licenses, please also add them here if they are
appropriate - which also may influence the overall LICENSE setting
+PV = "0.0.0+git${SRCPV}"
+
+inherit python3native
+BBCLASSEXTEND = "native"
+DEPENDS = "openssl-native nasm-native acpica-native util-linux-native"
+S = "${WORKDIR}/git"
+
+do_configure[noexec] = "1"
+
+SLIMBOOT_TARGET ?= "qemu"
+SLIMBOOT_KEY_DIR ?= "keys"
+
+do_binary_patch() {
+ cd "${S}"
+ git am ${WORKDIR}/build-EDK2-BaseTools-with-bitbake.patch
+}
+
+addtask do_binary_patch after do_patch before do_compile
+
+do_compile() {
+ ln -sf ${STAGING_BINDIR_NATIVE}/python3-native/python3
${STAGING_BINDIR_NATIVE}/python
+
+ cd ${S}
+ rm -rf ${SLIMBOOT_KEY_DIR}; mkdir -p ${SLIMBOOT_KEY_DIR}
+ export SBL_KEY_DIR=${S}/${SLIMBOOT_KEY_DIR}
+ python BootloaderCorePkg/Tools/GenerateKeys.py -k ${SBL_KEY_DIR}
+
+ export EXTRA_LDFLAGS="-L${STAGING_LIBDIR_NATIVE}"
+
+ for target in ${SLIMBOOT_TARGET}; do
+ python BuildLoader.py build ${target}
+ done
+}
+
+do_install() {
+ for target in ${SLIMBOOT_TARGET}; do
+ install -m 755 -d ${D}${libexecdir}/slimboot/Outputs/${target}
+ install -m 755 ${S}/Outputs/${target}/*
${D}${libexecdir}/slimboot/Outputs/${target}
+ done
+
+ install -m 755 -d ${D}${libexecdir}/slimboot/${SLIMBOOT_KEY_DIR}
+ install -m 755 ${S}/${SLIMBOOT_KEY_DIR}/*
${D}${libexecdir}/slimboot/${SLIMBOOT_KEY_DIR}
755 for keys sounds a bit too permissive for me
+}
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#159714):
https://lists.openembedded.org/g/openembedded-core/message/159714
Mute This Topic: https://lists.openembedded.org/mt/87739826/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
