Hello community, here is the log from the commit of package ovmf for openSUSE:Factory checked in at 2019-05-08 15:15:09 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ovmf (Old) and /work/SRC/openSUSE:Factory/.ovmf.new.5148 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ovmf" Wed May 8 15:15:09 2019 rev:34 rq:701162 version:2019+git1552059899.89910a39dcfd Changes: -------- --- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes 2019-03-22 14:53:23.546095871 +0100 +++ /work/SRC/openSUSE:Factory/.ovmf.new.5148/ovmf.changes 2019-05-08 15:15:13.016821620 +0200 @@ -1,0 +2,5 @@ +Mon May 6 09:46:22 UTC 2019 - Guillaume GARDET <[email protected]> + +- Build SecureBoot firmwares for aarch64 + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ovmf.spec ++++++ --- /var/tmp/diff_new_pack.bwt65u/_old 2019-05-08 15:15:14.444824800 +0200 +++ /var/tmp/diff_new_pack.bwt65u/_new 2019-05-08 15:15:14.448824809 +0200 @@ -17,6 +17,8 @@ # needssslcertforbuild +%define secureboot_archs x86_64 aarch64 + %undefine _build_create_debug %global openssl_version 1.1.0j @@ -59,7 +61,7 @@ %ifnarch %arm BuildRequires: nasm %endif -%ifarch x86_64 +%ifarch %{secureboot_archs} BuildRequires: openssl BuildRequires: unzip %if 0%{?suse_version} @@ -160,6 +162,8 @@ %ifarch x86_64 %patch1 -p1 +%endif +%ifarch %{secureboot_archs} %patch2 -p1 %endif %patch3 -p1 @@ -297,6 +301,60 @@ done } +# Build with keys done later (shared between archs) + +%else +%ifarch aarch64 + +# Build the UEFI image without keys +build $BUILD_OPTIONS + +cp Build/ArmVirtQemu-AARCH64/DEBUG_GCC*/FV/QEMU_EFI.fd qemu-uefi-aarch64.bin +dd of="aavmf-aarch64-code.bin" if="/dev/zero" bs=1M count=64 +dd of="aavmf-aarch64-code.bin" if="qemu-uefi-aarch64.bin" conv=notrunc +dd of="aavmf-aarch64-vars.bin" if="/dev/zero" bs=1M count=64 + +build_with_keys() +{ + suffix_base="$1" + xxd -i Default_PK > SecurityPkg/Library/AuthVariableLib/Default_PK.h + xxd -i Default_KEK > SecurityPkg/Library/AuthVariableLib/Default_KEK.h + xxd -i Default_DB > SecurityPkg/Library/AuthVariableLib/Default_DB.h + xxd -i Default_DB_EX > SecurityPkg/Library/AuthVariableLib/Default_DB_EX.h + xxd -i Default_DBX > SecurityPkg/Library/AuthVariableLib/Default_DBX.h + cat Default_Owner > SecurityPkg/Library/AuthVariableLib/Default_Owner.h + + for suffix in $suffix_base; do + build $BUILD_OPTIONS + cp Build/ArmVirtQemu-AARCH64/DEBUG_*/FV/QEMU_EFI.fd qemu-uefi-aarch64-$suffix.bin + dd of="aavmf-aarch64-$suffix-code.bin" if="/dev/zero" bs=1M count=64 + dd of="aavmf-aarch64-$suffix-code.bin" if="qemu-uefi-aarch64-$suffix.bin" conv=notrunc + dd of="aavmf-aarch64-$suffix-vars.bin" if="/dev/zero" bs=1M count=64 + + done +} + +# Build with keys done later (shared between archs) + +%else +%ifarch %arm + +# Build the UEFI image +build $BUILD_OPTIONS + +cp Build/ArmVirtQemu-ARM/DEBUG_GCC*/FV/QEMU_EFI.fd qemu-uefi-aarch32.bin +dd of="aavmf-aarch32-code.bin" if="/dev/zero" bs=1M count=64 +dd of="aavmf-aarch32-code.bin" if="qemu-uefi-aarch32.bin" conv=notrunc +dd of="aavmf-aarch32-vars.bin" if="/dev/zero" bs=1M count=64 +%endif #arm +%endif #aarch64 +%endif #x86_64 +%endif #ix86 + +# Builds with keys is shared between archs +%ifarch %{secureboot_archs} +# Each arch must define its own build_with_keys() function + # OVMF with SUSE keys openssl x509 -in %{SOURCE3} -outform DER > Default_PK openssl x509 -in %{SOURCE3} -outform DER > Default_KEK @@ -343,31 +401,7 @@ build_with_keys devel fi fi - -%else -%ifarch aarch64 - -# Build the UEFI image -build $BUILD_OPTIONS - -cp Build/ArmVirtQemu-AARCH64/DEBUG_GCC*/FV/QEMU_EFI.fd qemu-uefi-aarch64.bin -dd of="aavmf-aarch64-code.bin" if="/dev/zero" bs=1M count=64 -dd of="aavmf-aarch64-code.bin" if="qemu-uefi-aarch64.bin" conv=notrunc -dd of="aavmf-aarch64-vars.bin" if="/dev/zero" bs=1M count=64 -%else -%ifarch %arm - -# Build the UEFI image -build $BUILD_OPTIONS - -cp Build/ArmVirtQemu-ARM/DEBUG_GCC*/FV/QEMU_EFI.fd qemu-uefi-aarch32.bin -dd of="aavmf-aarch32-code.bin" if="/dev/zero" bs=1M count=64 -dd of="aavmf-aarch32-code.bin" if="qemu-uefi-aarch32.bin" conv=notrunc -dd of="aavmf-aarch32-vars.bin" if="/dev/zero" bs=1M count=64 -%endif #arm -%endif #aarch64 -%endif #x86_64 -%endif #ix86 +%endif %install rm -rf %{buildroot} @@ -401,9 +435,11 @@ %fdupes -s %{buildroot}/usr/src/debug/ovmf-x86_64 %else %ifarch aarch64 -install -m 0644 -D qemu-uefi-aarch64.bin %{buildroot}/%{_datadir}/qemu/qemu-uefi-aarch64.bin -install -m 0644 -D aavmf-aarch64-code.bin %{buildroot}/%{_datadir}/qemu/aavmf-aarch64-code.bin -install -m 0644 -D aavmf-aarch64-vars.bin %{buildroot}/%{_datadir}/qemu/aavmf-aarch64-vars.bin +install -d %{buildroot}/%{_datadir}/qemu/ +install -m 0644 -D qemu-uefi-aarch64*.bin %{buildroot}/%{_datadir}/qemu/ +install -m 0644 -D aavmf-aarch64-*code.bin %{buildroot}/%{_datadir}/qemu/ +install -m 0644 -D aavmf-aarch64-*vars.bin %{buildroot}/%{_datadir}/qemu/ +%fdupes %{buildroot}/%{_datadir}/qemu/ %else %ifarch %arm install -m 0644 -D qemu-uefi-aarch32.bin %{buildroot}/%{_datadir}/qemu/qemu-uefi-aarch32.bin @@ -452,9 +488,9 @@ %defattr(-,root,root) %doc License.txt %dir %{_datadir}/qemu/ -%{_datadir}/qemu/qemu-uefi-aarch64.bin -%{_datadir}/qemu/aavmf-aarch64-code.bin -%{_datadir}/qemu/aavmf-aarch64-vars.bin +%{_datadir}/qemu/qemu-uefi-aarch64*.bin +%{_datadir}/qemu/aavmf-aarch64-*code.bin +%{_datadir}/qemu/aavmf-aarch64-*vars.bin %endif %ifarch %arm
