On 02/23/22 14:34, Philippe Mathieu-Daudé wrote:
> On 23/2/22 12:07, Daniel P. Berrangé wrote:
>> On Tue, Feb 22, 2022 at 06:33:41PM +0100, Philippe Mathieu-Daudé wrote:
>>> +Igor/MST for UEFI tests.
>>>
>>> On 22/2/22 17:38, Daniel P. Berrangé wrote:
>>>> On Tue, Feb 22, 2022 at 04:17:23PM +0000, Alex Bennée wrote:
>>>>>
>>>>> Alex Bennée <alex.ben...@linaro.org> writes:
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> TL;DR:
>>>>>>
>>>>>> - pc-bios/edk2-aarch64-code.fd should be rebuilt without debug
>>>>>
>>>>> Laszlo,
>>>>>
>>>>> Would it be possible to do a less debug enabled version of EDK2 on the
>>>>> next update to pc-bios/edk2-*?
>>>>
>>>> NB, Laszlo is no longer maintaining EDK2 in QEMU, it was handed
>>>> over to Philippe. I'm CC'ing Gerd too since he's a reviewer and
>>>> an EDK2 contributor taking over from Lazslo in EDK2 community
>>>
>>> We need the DEBUG profile to ensure the bios-tables-tests work.
>>
>> Can you elaborate on what bios-tables-tests needs this for, and
>> what coverage we would loose by disabling DEBUG.
>
> Maybe it was only required when the tests were developed...
> I'll defer that question to Igor.
I've briefly rechecked commits 77db55fc8155 ("tests/uefi-test-tools: add
build scripts", 2019-02-21) and 536d2173b2b3 ("roms: build edk2 firmware
binaries and variable store templates", 2019-04-17). I think my only
reason for picking the DEBUG build target was that other build targets
are generally useless for debugging -- they produce no logs (or fewer logs).
>
>> It may well be a better tradeoff to sacrifice part of bios-tables-tests
>> in favour of shipping more broadly usable images without DEBUG.
>
> Why not, if users are aware/happy to use a unsafe image with various
> unfixed CVEs.
>
> Removing the debug profile is as simple as this one-line patch:
>
> -- >8 --
> diff --git a/roms/edk2-build.sh b/roms/edk2-build.sh
> index d5391c7637..ea79dc27a2 100755
> --- a/roms/edk2-build.sh
> +++ b/roms/edk2-build.sh
> @@ -50,6 +50,6 @@ qemu_edk2_set_cross_env "$emulation_target"
> build \
> --cmd-len=65536 \
> -n "$edk2_thread_count" \
> - --buildtarget=DEBUG \
> + --buildtarget=RELEASE \
> --tagname="$edk2_toolchain" \
> "${args[@]}"
> ---
>
The patch would be larger; the DEBUG build target is included in a bunch
of pathnames (see those original two commits).
BTW I still don't understand the problem with the DEBUG firmware builds;
in the test suite, as many debug messages should be printed as possible,
for helping with the analysis of any new issue that pops up. I've
re-read Alex's message that I got first CC'd on, and I can't connect the
dots, sorry.
Thanks
Laszlo
