rpms
/
edk2
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update to edk2 git cb5f4f45ce 

- Remove upstreamed patches
- Update to qemu qemu-ovmf-secureboot-1.1.3
- Enable TPM2 support
- Fix RPM build option passthrough
This commit is contained in:
Cole Robinson 2018-08-31 13:31:19 -04:00
parent 498742e649
commit 05b0353aa1
37 changed files with 8735 additions and 4117 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
0001-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch
View File

@ -1,3 +1,4 @@
From 37942481c89eca732239c23fe606680e6e3faf77 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 27 Jan 2016 03:05:18 +0100
Subject: [PATCH] OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in NvmExpressDxe
@ -7,6 +8,7 @@ level.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
OvmfPkg/OvmfPkgIa32.dsc | 5 ++++-
OvmfPkg/OvmfPkgIa32X64.dsc | 5 ++++-
@ -14,10 +16,10 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
3 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 3f4d42d..048a144 100644
index a28b511d5c..7f725ab198 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -635,7 +635,10 @@
@@ -738,7 +738,10 @@
OvmfPkg/SataControllerDxe/SataControllerDxe.inf
MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
@ -30,10 +32,10 @@ index 3f4d42d..048a144 100644
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 5688475..fac0cf0 100644
index 115d0c01ff..d444a84267 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -644,7 +644,10 @@
@@ -747,7 +747,10 @@
OvmfPkg/SataControllerDxe/SataControllerDxe.inf
MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
@ -46,10 +48,10 @@ index 5688475..fac0cf0 100644
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index dcf64b9..bc62a64 100644
index 362eb789c7..f4e072870c 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -642,7 +642,10 @@
@@ -745,7 +745,10 @@
OvmfPkg/SataControllerDxe/SataControllerDxe.inf
MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf

14
0002-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-the-DXE-.patch
View File

@ -1,3 +1,4 @@
From 5e55066b33d894cb7e9b84179de449e8734cb57d Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 27 Jan 2016 03:05:18 +0100
Subject: [PATCH] OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in the DXE core
@ -8,6 +9,7 @@ not interested in. Suppress said output.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
OvmfPkg/OvmfPkgIa32.dsc | 2 ++
OvmfPkg/OvmfPkgIa32X64.dsc | 2 ++
@ -15,10 +17,10 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
3 files changed, 6 insertions(+)
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 767fd7d..40688dd 100644
index 7f725ab198..83e47281ed 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -562,6 +562,8 @@
@@ -644,6 +644,8 @@
<LibraryClasses>
NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompressLib.inf
DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf
@ -28,10 +30,10 @@ index 767fd7d..40688dd 100644
MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/ReportStatusCodeRouterRuntimeDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 7460d50..3e75388 100644
index d444a84267..a2adacfbd3 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -571,6 +571,8 @@
@@ -653,6 +653,8 @@
<LibraryClasses>
NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompressLib.inf
DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf
@ -41,10 +43,10 @@ index 7460d50..3e75388 100644
MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/ReportStatusCodeRouterRuntimeDxe.inf
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 765506a..e169f13 100644
index f4e072870c..b57e32f432 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -569,6 +569,8 @@
@@ -651,6 +651,8 @@
<LibraryClasses>
NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompressLib.inf
DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf

14
0003-OvmfPkg-enable-DEBUG_VERBOSE.patch
View File

@ -1,3 +1,4 @@
From c667557c191923e981b972b5679fc49cec60d7e5 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Sun, 8 Jul 2012 14:26:07 +0200
Subject: [PATCH] OvmfPkg: enable DEBUG_VERBOSE
@ -5,6 +6,7 @@ Subject: [PATCH] OvmfPkg: enable DEBUG_VERBOSE
Enable verbose debug logs.
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
OvmfPkg/OvmfPkgIa32.dsc | 2 +-
OvmfPkg/OvmfPkgIa32X64.dsc | 2 +-
@ -12,10 +14,10 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index c0440d9..fa9661c 100644
index 83e47281ed..cd0e71869b 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -408,7 +408,7 @@
@@ -486,7 +486,7 @@
# DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may
# // significantly impact boot performance
# DEBUG_ERROR 0x80000000 // Error
@ -25,10 +27,10 @@ index c0440d9..fa9661c 100644
!ifdef $(SOURCE_DEBUG_ENABLE)
gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 6f94bc7..667584a 100644
index a2adacfbd3..7f7a78f60a 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -413,7 +413,7 @@
@@ -491,7 +491,7 @@
# DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may
# // significantly impact boot performance
# DEBUG_ERROR 0x80000000 // Error
@ -38,10 +40,10 @@ index 6f94bc7..667584a 100644
!ifdef $(SOURCE_DEBUG_ENABLE)
gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index a92bf19..5ae8469 100644
index b57e32f432..739807efc4 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -413,7 +413,7 @@
@@ -491,7 +491,7 @@
# DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may
# // significantly impact boot performance
# DEBUG_ERROR 0x80000000 // Error

14
0004-OvmfPkg-increase-max-debug-message-length-to-512.patch
View File

@ -1,14 +1,22 @@
From 6324a2a8ae4fc96c9e13d39483c5ee0cb1fff619 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Thu, 20 Feb 2014 22:54:45 +0100
Subject: [PATCH] OvmfPkg: increase max debug message length to 512
Contributed-under: TianoCore Contribution Agreement 1.0
Upstream prefers short debug messages (sometimes even limited to 80
characters), but any line length under 512 characters is just unsuitable
for effective debugging. (For example, config strings in HII routing,
logged by the platform driver "OvmfPkg/PlatformDxe" on DEBUG_VERBOSE
level, can be several hundred characters long.) 512 is an empirically good
value.
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c
index 44850a9..b6927d0 100644
index 36cde54976..c0c4eaee0f 100644
--- a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c
+++ b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c
@@ -27,7 +27,7 @@
@ -19,4 +27,4 @@ index 44850a9..b6927d0 100644
+#define MAX_DEBUG_MESSAGE_LENGTH 0x200
/**
This constructor function does not have to do anything.
Prints a debug message to the debug output device if the specified error level is enabled.

3123
0005-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch Normal file
View File

File diff suppressed because it is too large Load Diff

64
0006-EXCLUDE_SHELL_FROM_FD.patch
View File

@ -1,64 +0,0 @@
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Thu, 18 Feb 2016 10:52:44 +0100
Subject: [PATCH] EXCLUDE_SHELL_FROM_FD
---
OvmfPkg/OvmfPkgIa32.fdf | 2 ++
OvmfPkg/OvmfPkgIa32X64.fdf | 2 ++
OvmfPkg/OvmfPkgX64.fdf | 2 ++
3 files changed, 6 insertions(+)
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index 2a5b211..ebdab17 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -281,11 +281,13 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
INF FatPkg/EnhancedFatDxe/Fat.inf
+!ifndef $(EXCLUDE_SHELL_FROM_FD)
!ifndef $(USE_OLD_SHELL)
INF ShellPkg/Application/Shell/Shell.inf
!else
INF RuleOverride = BINARY EdkShellBinPkg/FullShell/FullShell.inf
!endif
+!endif
INF MdeModulePkg/Logo/LogoDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index 1c7df21..adf53f3 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -281,11 +281,13 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
INF FatPkg/EnhancedFatDxe/Fat.inf
+!ifndef $(EXCLUDE_SHELL_FROM_FD)
!ifndef $(USE_OLD_SHELL)
INF ShellPkg/Application/Shell/Shell.inf
!else
INF RuleOverride = BINARY USE = X64 EdkShellBinPkg/FullShell/FullShell.inf
!endif
+!endif
INF MdeModulePkg/Logo/LogoDxe.inf
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index 3bb11cb..edf1098 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -281,11 +281,13 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
INF FatPkg/EnhancedFatDxe/Fat.inf
+!ifndef $(EXCLUDE_SHELL_FROM_FD)
!ifndef $(USE_OLD_SHELL)
INF ShellPkg/Application/Shell/Shell.inf
!else
INF RuleOverride = BINARY EdkShellBinPkg/FullShell/FullShell.inf
!endif
+!endif
INF MdeModulePkg/Logo/LogoDxe.inf

30
0005-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch → 0006-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch
View File

@ -1,15 +1,35 @@
From e4021f592da913f7f2b841ce6d4272fb8410ac7f Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Tue, 20 May 2014 23:41:56 +0200
Date: Thu, 12 Jun 2014 00:17:59 +0200
Subject: [PATCH] OvmfPkg: QemuVideoDxe: enable debug messages in VbeShim
Contributed-under: TianoCore Contribution Agreement 1.0
The Int10h VBE Shim is capable of emitting short debug messages when the
win2k8r2 UEFI guest uses (emulates) the Video BIOS. In upstream the quiet
version is preferred; for us debug messages are important as a default.
For this patch, the DEBUG macro is enabled in the assembly file, and then
the header file is regenerated from the assembly, by running
"OvmfPkg/QemuVideoDxe/VbeShim.sh".
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
- no changes
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
- no changes
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit ccda46526bb2e573d9b54f0db75d27e442b4566f)
(cherry picked from commit ed45b26dbeadd63dd8f2edf627290957d8bbb3b2)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
OvmfPkg/QemuVideoDxe/VbeShim.asm | 2 +-
OvmfPkg/QemuVideoDxe/VbeShim.h | 481 +++++++++++++++++++++++++--------------
OvmfPkg/QemuVideoDxe/VbeShim.h | 481 ++++++++++++++++++++-----------
2 files changed, 308 insertions(+), 175 deletions(-)
diff --git a/OvmfPkg/QemuVideoDxe/VbeShim.asm b/OvmfPkg/QemuVideoDxe/VbeShim.asm
index 18fa920..9a185f2 100644
index 18fa9209d4..f87ed5cf30 100644
--- a/OvmfPkg/QemuVideoDxe/VbeShim.asm
+++ b/OvmfPkg/QemuVideoDxe/VbeShim.asm
@@ -18,7 +18,7 @@
@ -22,7 +42,7 @@ index 18fa920..9a185f2 100644
%macro DebugLog 1
%ifdef DEBUG
diff --git a/OvmfPkg/QemuVideoDxe/VbeShim.h b/OvmfPkg/QemuVideoDxe/VbeShim.h
index cc9b6e1..db37f1d 100644
index cc9b6e14cd..325d6478a1 100644
--- a/OvmfPkg/QemuVideoDxe/VbeShim.h
+++ b/OvmfPkg/QemuVideoDxe/VbeShim.h
@@ -517,185 +517,318 @@ STATIC CONST UINT8 mVbeShim[] = {

34
0008-MdeModulePkg-TerminalDxe-add-other-text-resolutions.patch → 0007-MdeModulePkg-TerminalDxe-add-other-text-resolutions.patch
View File

@ -1,3 +1,4 @@
From b6e4c1bf03878da7bd82224d523c44fd1fa96aaa Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Tue, 25 Feb 2014 18:40:35 +0100
Subject: [PATCH] MdeModulePkg: TerminalDxe: add other text resolutions
@ -11,7 +12,7 @@ Two notable output devices are provided by:
(2) MdeModulePkg/Universal/Console/TerminalDxe.
GraphicsConsoleDxe supports four modes at most -- see
InitializeGraphicsConsoleTextMode():
InitializeGraphicsConsoleTextMode() and "mGraphicsConsoleModeData":
(1a) 80x25 (required by the UEFI spec as mode 0),
(1b) 80x50 (not necessarily supported, but if it is, then the UEFI spec
@ -25,13 +26,13 @@ InitializeGraphicsConsoleTextMode():
The automatic "full screen resolution" makes GraphicsConsoleDxe's
character console very flexible. However, TerminalDxe (which runs on
serial ports) only provides the following fixed resolutions -- see
InitializeTerminalConsoleTextMode():
InitializeTerminalConsoleTextMode() and "mTerminalConsoleModeData":
(2a) 80x25 (required by the UEFI spec as mode 0),
(2b) 80x50 (since the character resolution of a serial device cannot be
interrogated easily, this is added unconditionally as mode 1)
(2c) modes 2 and above come from "mTerminalConsoleModeData". This table
currently only contains one mode, 100x31.
interrogated easily, this is added unconditionally as mode 1),
(2c) 100x31 (since the character resolution of a serial device cannot be
interrogated easily, this is added unconditionally as mode 2).
When ConSplitterDxe combines (1) and (2), multiplexing console output to
both video output and serial terminal, the list of commonly supported text
@ -53,14 +54,29 @@ the most frequent (1d) values from the intersection, and eg. the MODE
command in the UEFI shell will offer the "best" (ie. full screen)
resolution too.
Contributed-under: TianoCore Contribution Agreement 1.0
Upstream status: three calendar months (with on-and-off discussion and
patches) have not been enough to find a solution to this problem that
would please all stakeholders.
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
- adapt commit 0bc77c63de03 (code and commit message) to upstream commit
390b95a49c14 ("MdeModulePkg/TerminalDxe: Refine
InitializeTerminalConsoleTextMode", 2017-01-10).
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
- no changes
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit 99dc3720ac86059f60156197328cc433603c536e)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
.../Universal/Console/TerminalDxe/Terminal.c | 41 ++++++++++++++++++++--
.../Universal/Console/TerminalDxe/Terminal.c | 41 +++++++++++++++++--
1 file changed, 38 insertions(+), 3 deletions(-)
diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c b/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c
index 5d55969..13620ac 100644
index 66dd3ad550..78a198379a 100644
--- a/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c
+++ b/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c
@@ -113,9 +113,44 @@ TERMINAL_DEV mTerminalDevTemplate = {
@ -71,7 +87,7 @@ index 5d55969..13620ac 100644
- {80, 50},
- {100, 31},
+ { 80, 25 }, // from graphics resolution 640 x 480
+ { 80, 50 }, // from graphics resolution 640 x 480
+ { 80, 50 }, // from graphics resolution 640 x 960
+ { 100, 25 }, // from graphics resolution 800 x 480
+ { 100, 31 }, // from graphics resolution 800 x 600
+ { 104, 32 }, // from graphics resolution 832 x 624

128
0008-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch Normal file
View File

@ -0,0 +1,128 @@
From f337eb3972afcccabe86fe663202a758337d0ab8 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Tue, 25 Feb 2014 22:40:01 +0100
Subject: [PATCH] MdeModulePkg: TerminalDxe: set xterm resolution on mode
change (RH only)
The
CSI Ps ; Ps ; Ps t
escape sequence serves for window manipulation. We can use the
CSI 8 ; <rows> ; <columns> t
sequence to adapt eg. the xterm window size to the selected console mode.
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
- refresh commit 519b9751573e against various context changes
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
- Refresh downstream-only commit 2909e025db68 against "MdeModulePkg.dec"
context change from upstream commits e043f7895b83 ("MdeModulePkg: Add
PCD PcdPteMemoryEncryptionAddressOrMask", 2017-02-27) and 76081dfcc5b2
("MdeModulePkg: Add PROMPT&HELP string of pcd to UNI file", 2017-03-03).
Reference: <http://rtfm.etla.org/xterm/ctlseq.html>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit 2909e025db6878723b49644a8a0cf160d07e6444)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
MdeModulePkg/MdeModulePkg.dec | 4 +++
.../Console/TerminalDxe/TerminalConOut.c | 30 +++++++++++++++++++
.../Console/TerminalDxe/TerminalDxe.inf | 2 ++
3 files changed, 36 insertions(+)
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index 6a6d9660ed..2dc1cf94e2 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -1936,6 +1936,10 @@
# @Prompt The address mask when memory encryption is enabled.
gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0|UINT64|0x30001047
+ ## Controls whether TerminalDxe outputs an XTerm resize sequence on terminal
+ # mode change.
+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE|BOOLEAN|0x00010080
+
[PcdsPatchableInModule]
## Specify memory size with page number for PEI code when
# Loading Module at Fixed Address feature is enabled.
diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c
index 4d7218e415..295e7641a5 100644
--- a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c
+++ b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c
@@ -13,6 +13,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
+#include <Library/PrintLib.h>
+
#include "Terminal.h"
//
@@ -86,6 +88,16 @@ CHAR16 mSetCursorPositionString[] = { ESC, '[', '0', '0', ';', '0', '0', 'H', 0
CHAR16 mCursorForwardString[] = { ESC, '[', '0', '0', 'C', 0 };
CHAR16 mCursorBackwardString[] = { ESC, '[', '0', '0', 'D', 0 };
+//
+// Note that this is an ASCII format string, taking two INT32 arguments:
+// rows, columns.
+//
+// A %d (INT32) format specification can expand to at most 11 characters.
+//
+CHAR8 mResizeTextAreaFormatString[] = "\x1B[8;%d;%dt";
+#define RESIZE_SEQ_SIZE (sizeof mResizeTextAreaFormatString + 2 * (11 - 2))
+
+
//
// Body of the ConOut functions
//
@@ -508,6 +520,24 @@ TerminalConOutSetMode (
return EFI_DEVICE_ERROR;
}
+ if (PcdGetBool (PcdResizeXterm)) {
+ CHAR16 ResizeSequence[RESIZE_SEQ_SIZE];
+
+ UnicodeSPrintAsciiFormat (
+ ResizeSequence,
+ sizeof ResizeSequence,
+ mResizeTextAreaFormatString,
+ (INT32) TerminalDevice->TerminalConsoleModeData[ModeNumber].Rows,
+ (INT32) TerminalDevice->TerminalConsoleModeData[ModeNumber].Columns
+ );
+ TerminalDevice->OutputEscChar = TRUE;
+ Status = This->OutputString (This, ResizeSequence);
+ TerminalDevice->OutputEscChar = FALSE;
+ if (EFI_ERROR (Status)) {
+ return EFI_DEVICE_ERROR;
+ }
+ }
+
This->Mode->Mode = (INT32) ModeNumber;
Status = This->ClearScreen (This);
diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf
index 0780296798..bd2ba828a6 100644
--- a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf
+++ b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf
@@ -60,6 +60,7 @@
DebugLib
PcdLib
BaseLib
+ PrintLib
[Guids]
## SOMETIMES_PRODUCES ## Variable:L"ConInDev"
@@ -88,6 +89,7 @@
[Pcd]
gEfiMdePkgTokenSpaceGuid.PcdDefaultTerminalType ## SOMETIMES_CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdErrorCodeSetVariable ## CONSUMES
+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm ## CONSUMES
# [Event]
# # Relative timer event set by UnicodeToEfiKey(), used to be one 2 seconds input timeout.

90
0009-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch Normal file
View File

@ -0,0 +1,90 @@
From 30251344cfbd25212394c377b80cd720a3b85d46 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 14 Oct 2015 15:59:06 +0200
Subject: [PATCH] OvmfPkg: take PcdResizeXterm from the QEMU command line (RH
only)
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
- no changes
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
- refresh downstream-only commit 8abc2a6ddad2 against context differences
in the DSC files from upstream commit 5e167d7e784c
("OvmfPkg/PlatformPei: don't allocate reserved mem varstore if
SMM_REQUIRE", 2017-03-12).
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit 6fa0c4d67c0bb8bde2ddd6db41c19eb0c40b2721)
(cherry picked from commit 8abc2a6ddad25af7e88dc0cf57d55dfb75fbf92d)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
OvmfPkg/OvmfPkgIa32.dsc | 1 +
OvmfPkg/OvmfPkgIa32X64.dsc | 1 +
OvmfPkg/OvmfPkgX64.dsc | 1 +
OvmfPkg/PlatformPei/Platform.c | 1 +
OvmfPkg/PlatformPei/PlatformPei.inf | 1 +
5 files changed, 5 insertions(+)
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 0a49336c0d..8dc3ad2be4 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -535,6 +535,7 @@
# ($(SMM_REQUIRE) == FALSE)
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index a3d51ef0f7..d81cd865d5 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -541,6 +541,7 @@
# ($(SMM_REQUIRE) == FALSE)
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index f9b4ab4dfa..85bd8d4bf6 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -540,6 +540,7 @@
# ($(SMM_REQUIRE) == FALSE)
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0
diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c
index 5a78668126..544ac547bf 100644
--- a/OvmfPkg/PlatformPei/Platform.c
+++ b/OvmfPkg/PlatformPei/Platform.c
@@ -670,6 +670,7 @@ InitializePlatform (
PeiFvInitialization ();
MemMapInitialization ();
NoexecDxeInitialization ();
+ UPDATE_BOOLEAN_PCD_FROM_FW_CFG (PcdResizeXterm);
}
AmdSevInitialize ();
diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf
index 9c5ad9961c..31baaa0a22 100644
--- a/OvmfPkg/PlatformPei/PlatformPei.inf
+++ b/OvmfPkg/PlatformPei/PlatformPei.inf
@@ -94,6 +94,7 @@
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved
gEfiMdeModulePkgTokenSpaceGuid.PcdPciDisableBusEnumeration
+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm
gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode
gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable
gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack

515
0009-Tweak-the-tools_def-to-support-cross-compiling.patch
View File

@ -1,515 +0,0 @@
From 63b708ccad8afd0b887258888a53fd4945cff682 Mon Sep 17 00:00:00 2001
Message-Id: <63b708ccad8afd0b887258888a53fd4945cff682.1478467625.git.crobinso@redhat.com>
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Sun, 6 Nov 2016 13:50:31 -0500
Subject: [PATCH] Tweak the tools_def to support cross-compiling.
These files are meant for customization, so this is not upstream.
---
BaseTools/Conf/tools_def.template | 343 ++++++++++++++++++--------------------
1 file changed, 161 insertions(+), 182 deletions(-)
diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template
index 39fda78..97f5557 100755
--- a/BaseTools/Conf/tools_def.template
+++ b/BaseTools/Conf/tools_def.template
@@ -178,27 +178,6 @@ DEFINE CYGWIN_BINIA32 = c:/cygwin/opt/tiano/i386-tiano-pe/i386-tiano-pe
DEFINE CYGWIN_BINX64 = c:/cygwin/opt/tiano/x86_64-pc-mingw64/x86_64-pc-mingw64/bin/
DEFINE CYGWIN_BINIPF = c:/cygwin/opt/tiano/gcc/ipf/bin/ia64-pc-elf-
-DEFINE GCC44_IA32_PREFIX = ENV(GCC44_BIN)
-DEFINE GCC44_X64_PREFIX = ENV(GCC44_BIN)
-
-DEFINE GCC45_IA32_PREFIX = ENV(GCC45_BIN)
-DEFINE GCC45_X64_PREFIX = ENV(GCC45_BIN)
-
-DEFINE GCC46_IA32_PREFIX = ENV(GCC46_BIN)
-DEFINE GCC46_X64_PREFIX = ENV(GCC46_BIN)
-
-DEFINE GCC47_IA32_PREFIX = ENV(GCC47_BIN)
-DEFINE GCC47_X64_PREFIX = ENV(GCC47_BIN)
-
-DEFINE GCC48_IA32_PREFIX = ENV(GCC48_BIN)
-DEFINE GCC48_X64_PREFIX = ENV(GCC48_BIN)
-
-DEFINE GCC49_IA32_PREFIX = ENV(GCC49_BIN)
-DEFINE GCC49_X64_PREFIX = ENV(GCC49_BIN)
-
-DEFINE GCC5_IA32_PREFIX = ENV(GCC5_BIN)
-DEFINE GCC5_X64_PREFIX = ENV(GCC5_BIN)
-
DEFINE UNIX_IASL_BIN = ENV(IASL_PREFIX)iasl
DEFINE WIN_IASL_BIN = ENV(IASL_PREFIX)iasl.exe
DEFINE WIN_ASL_BIN = ENV(IASL_PREFIX)asl.exe
@@ -4590,7 +4569,7 @@ DEFINE GCC5_AARCH64_ASLDLINK_FLAGS = DEF(GCC49_AARCH64_ASLDLINK_FLAGS)
####################################################################################
*_GCC44_*_*_FAMILY = GCC
-*_GCC44_*_MAKE_PATH = DEF(GCC44_IA32_PREFIX)make
+*_GCC44_*_MAKE_PATH = make
*_GCC44_*_*_DLL = ENV(GCC44_DLL)
*_GCC44_*_ASL_PATH = DEF(UNIX_IASL_BIN)
@@ -4605,17 +4584,17 @@ DEFINE GCC5_AARCH64_ASLDLINK_FLAGS = DEF(GCC49_AARCH64_ASLDLINK_FLAGS)
##################
# GCC44 IA32 definitions
##################
-*_GCC44_IA32_OBJCOPY_PATH = DEF(GCC44_IA32_PREFIX)objcopy
-*_GCC44_IA32_CC_PATH = DEF(GCC44_IA32_PREFIX)gcc
-*_GCC44_IA32_SLINK_PATH = DEF(GCC44_IA32_PREFIX)ar
-*_GCC44_IA32_DLINK_PATH = DEF(GCC44_IA32_PREFIX)gcc
-*_GCC44_IA32_ASLDLINK_PATH = DEF(GCC44_IA32_PREFIX)gcc
-*_GCC44_IA32_ASM_PATH = DEF(GCC44_IA32_PREFIX)gcc
-*_GCC44_IA32_PP_PATH = DEF(GCC44_IA32_PREFIX)gcc
-*_GCC44_IA32_VFRPP_PATH = DEF(GCC44_IA32_PREFIX)gcc
-*_GCC44_IA32_ASLCC_PATH = DEF(GCC44_IA32_PREFIX)gcc
-*_GCC44_IA32_ASLPP_PATH = DEF(GCC44_IA32_PREFIX)gcc
-*_GCC44_IA32_RC_PATH = DEF(GCC44_IA32_PREFIX)objcopy
+*_GCC44_IA32_OBJCOPY_PATH = ENV(GCC44_IA32_PREFIX)objcopy
+*_GCC44_IA32_CC_PATH = ENV(GCC44_IA32_PREFIX)gcc
+*_GCC44_IA32_SLINK_PATH = ENV(GCC44_IA32_PREFIX)ar
+*_GCC44_IA32_DLINK_PATH = ENV(GCC44_IA32_PREFIX)gcc
+*_GCC44_IA32_ASLDLINK_PATH = ENV(GCC44_IA32_PREFIX)gcc
+*_GCC44_IA32_ASM_PATH = ENV(GCC44_IA32_PREFIX)gcc
+*_GCC44_IA32_PP_PATH = ENV(GCC44_IA32_PREFIX)gcc
+*_GCC44_IA32_VFRPP_PATH = ENV(GCC44_IA32_PREFIX)gcc
+*_GCC44_IA32_ASLCC_PATH = ENV(GCC44_IA32_PREFIX)gcc
+*_GCC44_IA32_ASLPP_PATH = ENV(GCC44_IA32_PREFIX)gcc
+*_GCC44_IA32_RC_PATH = ENV(GCC44_IA32_PREFIX)objcopy
*_GCC44_IA32_ASLCC_FLAGS = DEF(GCC_ASLCC_FLAGS) -m32
*_GCC44_IA32_ASLDLINK_FLAGS = DEF(GCC44_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386
@@ -4633,17 +4612,17 @@ RELEASE_GCC44_IA32_CC_FLAGS = DEF(GCC44_IA32_CC_FLAGS) -Os
##################
# GCC44 X64 definitions
##################
-*_GCC44_X64_OBJCOPY_PATH = DEF(GCC44_X64_PREFIX)objcopy
-*_GCC44_X64_CC_PATH = DEF(GCC44_X64_PREFIX)gcc
-*_GCC44_X64_SLINK_PATH = DEF(GCC44_X64_PREFIX)ar
-*_GCC44_X64_DLINK_PATH = DEF(GCC44_X64_PREFIX)gcc
-*_GCC44_X64_ASLDLINK_PATH = DEF(GCC44_X64_PREFIX)gcc
-*_GCC44_X64_ASM_PATH = DEF(GCC44_X64_PREFIX)gcc
-*_GCC44_X64_PP_PATH = DEF(GCC44_X64_PREFIX)gcc
-*_GCC44_X64_VFRPP_PATH = DEF(GCC44_X64_PREFIX)gcc
-*_GCC44_X64_ASLCC_PATH = DEF(GCC44_X64_PREFIX)gcc
-*_GCC44_X64_ASLPP_PATH = DEF(GCC44_X64_PREFIX)gcc
-*_GCC44_X64_RC_PATH = DEF(GCC44_X64_PREFIX)objcopy
+*_GCC44_X64_OBJCOPY_PATH = ENV(GCC44_X64_PREFIX)objcopy
+*_GCC44_X64_CC_PATH = ENV(GCC44_X64_PREFIX)gcc
+*_GCC44_X64_SLINK_PATH = ENV(GCC44_X64_PREFIX)ar
+*_GCC44_X64_DLINK_PATH = ENV(GCC44_X64_PREFIX)gcc
+*_GCC44_X64_ASLDLINK_PATH = ENV(GCC44_X64_PREFIX)gcc
+*_GCC44_X64_ASM_PATH = ENV(GCC44_X64_PREFIX)gcc
+*_GCC44_X64_PP_PATH = ENV(GCC44_X64_PREFIX)gcc
+*_GCC44_X64_VFRPP_PATH = ENV(GCC44_X64_PREFIX)gcc
+*_GCC44_X64_ASLCC_PATH = ENV(GCC44_X64_PREFIX)gcc
+*_GCC44_X64_ASLPP_PATH = ENV(GCC44_X64_PREFIX)gcc
+*_GCC44_X64_RC_PATH = ENV(GCC44_X64_PREFIX)objcopy
*_GCC44_X64_ASLCC_FLAGS = DEF(GCC_ASLCC_FLAGS) -m64
*_GCC44_X64_ASLDLINK_FLAGS = DEF(GCC44_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_x86_64
@@ -4666,7 +4645,7 @@ RELEASE_GCC44_X64_CC_FLAGS = DEF(GCC44_X64_CC_FLAGS) -Os
####################################################################################
*_GCC45_*_*_FAMILY = GCC
-*_GCC45_*_MAKE_PATH = DEF(GCC45_IA32_PREFIX)make
+*_GCC45_*_MAKE_PATH = make
*_GCC45_*_*_DLL = ENV(GCC45_DLL)
*_GCC45_*_ASL_PATH = DEF(UNIX_IASL_BIN)
@@ -4681,17 +4660,17 @@ RELEASE_GCC44_X64_CC_FLAGS = DEF(GCC44_X64_CC_FLAGS) -Os
##################
# GCC45 IA32 definitions
##################
-*_GCC45_IA32_OBJCOPY_PATH = DEF(GCC45_IA32_PREFIX)objcopy
-*_GCC45_IA32_CC_PATH = DEF(GCC45_IA32_PREFIX)gcc
-*_GCC45_IA32_SLINK_PATH = DEF(GCC45_IA32_PREFIX)ar
-*_GCC45_IA32_DLINK_PATH = DEF(GCC45_IA32_PREFIX)gcc
-*_GCC45_IA32_ASLDLINK_PATH = DEF(GCC45_IA32_PREFIX)gcc
-*_GCC45_IA32_ASM_PATH = DEF(GCC45_IA32_PREFIX)gcc
-*_GCC45_IA32_PP_PATH = DEF(GCC45_IA32_PREFIX)gcc
-*_GCC45_IA32_VFRPP_PATH = DEF(GCC45_IA32_PREFIX)gcc
-*_GCC45_IA32_ASLCC_PATH = DEF(GCC45_IA32_PREFIX)gcc
-*_GCC45_IA32_ASLPP_PATH = DEF(GCC45_IA32_PREFIX)gcc
-*_GCC45_IA32_RC_PATH = DEF(GCC45_IA32_PREFIX)objcopy
+*_GCC45_IA32_OBJCOPY_PATH = ENV(GCC45_IA32_PREFIX)objcopy
+*_GCC45_IA32_CC_PATH = ENV(GCC45_IA32_PREFIX)gcc
+*_GCC45_IA32_SLINK_PATH = ENV(GCC45_IA32_PREFIX)ar
+*_GCC45_IA32_DLINK_PATH = ENV(GCC45_IA32_PREFIX)gcc
+*_GCC45_IA32_ASLDLINK_PATH = ENV(GCC45_IA32_PREFIX)gcc
+*_GCC45_IA32_ASM_PATH = ENV(GCC45_IA32_PREFIX)gcc
+*_GCC45_IA32_PP_PATH = ENV(GCC45_IA32_PREFIX)gcc
+*_GCC45_IA32_VFRPP_PATH = ENV(GCC45_IA32_PREFIX)gcc
+*_GCC45_IA32_ASLCC_PATH = ENV(GCC45_IA32_PREFIX)gcc
+*_GCC45_IA32_ASLPP_PATH = ENV(GCC45_IA32_PREFIX)gcc
+*_GCC45_IA32_RC_PATH = ENV(GCC45_IA32_PREFIX)objcopy
*_GCC45_IA32_ASLCC_FLAGS = DEF(GCC_ASLCC_FLAGS) -m32
*_GCC45_IA32_ASLDLINK_FLAGS = DEF(GCC45_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386
@@ -4709,17 +4688,17 @@ RELEASE_GCC45_IA32_CC_FLAGS = DEF(GCC45_IA32_CC_FLAGS) -Os
##################
# GCC45 X64 definitions
##################
-*_GCC45_X64_OBJCOPY_PATH = DEF(GCC45_X64_PREFIX)objcopy
-*_GCC45_X64_CC_PATH = DEF(GCC45_X64_PREFIX)gcc
-*_GCC45_X64_SLINK_PATH = DEF(GCC45_X64_PREFIX)ar
-*_GCC45_X64_DLINK_PATH = DEF(GCC45_X64_PREFIX)gcc
-*_GCC45_X64_ASLDLINK_PATH = DEF(GCC45_X64_PREFIX)gcc
-*_GCC45_X64_ASM_PATH = DEF(GCC45_X64_PREFIX)gcc
-*_GCC45_X64_PP_PATH = DEF(GCC45_X64_PREFIX)gcc
-*_GCC45_X64_VFRPP_PATH = DEF(GCC45_X64_PREFIX)gcc
-*_GCC45_X64_ASLCC_PATH = DEF(GCC45_X64_PREFIX)gcc
-*_GCC45_X64_ASLPP_PATH = DEF(GCC45_X64_PREFIX)gcc
-*_GCC45_X64_RC_PATH = DEF(GCC45_X64_PREFIX)objcopy
+*_GCC45_X64_OBJCOPY_PATH = ENV(GCC45_X64_PREFIX)objcopy
+*_GCC45_X64_CC_PATH = ENV(GCC45_X64_PREFIX)gcc
+*_GCC45_X64_SLINK_PATH = ENV(GCC45_X64_PREFIX)ar
+*_GCC45_X64_DLINK_PATH = ENV(GCC45_X64_PREFIX)gcc
+*_GCC45_X64_ASLDLINK_PATH = ENV(GCC45_X64_PREFIX)gcc
+*_GCC45_X64_ASM_PATH = ENV(GCC45_X64_PREFIX)gcc
+*_GCC45_X64_PP_PATH = ENV(GCC45_X64_PREFIX)gcc
+*_GCC45_X64_VFRPP_PATH = ENV(GCC45_X64_PREFIX)gcc
+*_GCC45_X64_ASLCC_PATH = ENV(GCC45_X64_PREFIX)gcc
+*_GCC45_X64_ASLPP_PATH = ENV(GCC45_X64_PREFIX)gcc
+*_GCC45_X64_RC_PATH = ENV(GCC45_X64_PREFIX)objcopy
*_GCC45_X64_ASLCC_FLAGS = DEF(GCC_ASLCC_FLAGS) -m64
*_GCC45_X64_ASLDLINK_FLAGS = DEF(GCC45_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_x86_64
@@ -4742,7 +4721,7 @@ RELEASE_GCC45_X64_CC_FLAGS = DEF(GCC45_X64_CC_FLAGS) -Os
####################################################################################
*_GCC46_*_*_FAMILY = GCC
-*_GCC46_*_MAKE_PATH = DEF(GCC46_IA32_PREFIX)make
+*_GCC46_*_MAKE_PATH = make
*_GCC46_*_*_DLL = ENV(GCC46_DLL)
*_GCC46_*_ASL_PATH = DEF(UNIX_IASL_BIN)
@@ -4757,17 +4736,17 @@ RELEASE_GCC45_X64_CC_FLAGS = DEF(GCC45_X64_CC_FLAGS) -Os
##################
# GCC46 IA32 definitions
##################
-*_GCC46_IA32_OBJCOPY_PATH = DEF(GCC46_IA32_PREFIX)objcopy
-*_GCC46_IA32_CC_PATH = DEF(GCC46_IA32_PREFIX)gcc
-*_GCC46_IA32_SLINK_PATH = DEF(GCC46_IA32_PREFIX)ar
-*_GCC46_IA32_DLINK_PATH = DEF(GCC46_IA32_PREFIX)gcc
-*_GCC46_IA32_ASLDLINK_PATH = DEF(GCC46_IA32_PREFIX)gcc
-*_GCC46_IA32_ASM_PATH = DEF(GCC46_IA32_PREFIX)gcc
-*_GCC46_IA32_PP_PATH = DEF(GCC46_IA32_PREFIX)gcc
-*_GCC46_IA32_VFRPP_PATH = DEF(GCC46_IA32_PREFIX)gcc
-*_GCC46_IA32_ASLCC_PATH = DEF(GCC46_IA32_PREFIX)gcc
-*_GCC46_IA32_ASLPP_PATH = DEF(GCC46_IA32_PREFIX)gcc
-*_GCC46_IA32_RC_PATH = DEF(GCC46_IA32_PREFIX)objcopy
+*_GCC46_IA32_OBJCOPY_PATH = ENV(GCC46_IA32_PREFIX)objcopy
+*_GCC46_IA32_CC_PATH = ENV(GCC46_IA32_PREFIX)gcc
+*_GCC46_IA32_SLINK_PATH = ENV(GCC46_IA32_PREFIX)ar
+*_GCC46_IA32_DLINK_PATH = ENV(GCC46_IA32_PREFIX)gcc
+*_GCC46_IA32_ASLDLINK_PATH = ENV(GCC46_IA32_PREFIX)gcc
+*_GCC46_IA32_ASM_PATH = ENV(GCC46_IA32_PREFIX)gcc
+*_GCC46_IA32_PP_PATH = ENV(GCC46_IA32_PREFIX)gcc
+*_GCC46_IA32_VFRPP_PATH = ENV(GCC46_IA32_PREFIX)gcc
+*_GCC46_IA32_ASLCC_PATH = ENV(GCC46_IA32_PREFIX)gcc
+*_GCC46_IA32_ASLPP_PATH = ENV(GCC46_IA32_PREFIX)gcc
+*_GCC46_IA32_RC_PATH = ENV(GCC46_IA32_PREFIX)objcopy
*_GCC46_IA32_ASLCC_FLAGS = DEF(GCC_ASLCC_FLAGS) -m32
*_GCC46_IA32_ASLDLINK_FLAGS = DEF(GCC46_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386
@@ -4785,17 +4764,17 @@ RELEASE_GCC46_IA32_CC_FLAGS = DEF(GCC46_IA32_CC_FLAGS) -Os -Wno-unused-but
##################
# GCC46 X64 definitions
##################
-*_GCC46_X64_OBJCOPY_PATH = DEF(GCC46_X64_PREFIX)objcopy
-*_GCC46_X64_CC_PATH = DEF(GCC46_X64_PREFIX)gcc
-*_GCC46_X64_SLINK_PATH = DEF(GCC46_X64_PREFIX)ar
-*_GCC46_X64_DLINK_PATH = DEF(GCC46_X64_PREFIX)gcc
-*_GCC46_X64_ASLDLINK_PATH = DEF(GCC46_X64_PREFIX)gcc
-*_GCC46_X64_ASM_PATH = DEF(GCC46_X64_PREFIX)gcc
-*_GCC46_X64_PP_PATH = DEF(GCC46_X64_PREFIX)gcc
-*_GCC46_X64_VFRPP_PATH = DEF(GCC46_X64_PREFIX)gcc
-*_GCC46_X64_ASLCC_PATH = DEF(GCC46_X64_PREFIX)gcc
-*_GCC46_X64_ASLPP_PATH = DEF(GCC46_X64_PREFIX)gcc
-*_GCC46_X64_RC_PATH = DEF(GCC46_X64_PREFIX)objcopy
+*_GCC46_X64_OBJCOPY_PATH = ENV(GCC46_X64_PREFIX)objcopy
+*_GCC46_X64_CC_PATH = ENV(GCC46_X64_PREFIX)gcc
+*_GCC46_X64_SLINK_PATH = ENV(GCC46_X64_PREFIX)ar
+*_GCC46_X64_DLINK_PATH = ENV(GCC46_X64_PREFIX)gcc
+*_GCC46_X64_ASLDLINK_PATH = ENV(GCC46_X64_PREFIX)gcc
+*_GCC46_X64_ASM_PATH = ENV(GCC46_X64_PREFIX)gcc
+*_GCC46_X64_PP_PATH = ENV(GCC46_X64_PREFIX)gcc
+*_GCC46_X64_VFRPP_PATH = ENV(GCC46_X64_PREFIX)gcc
+*_GCC46_X64_ASLCC_PATH = ENV(GCC46_X64_PREFIX)gcc
+*_GCC46_X64_ASLPP_PATH = ENV(GCC46_X64_PREFIX)gcc
+*_GCC46_X64_RC_PATH = ENV(GCC46_X64_PREFIX)objcopy
*_GCC46_X64_ASLCC_FLAGS = DEF(GCC_ASLCC_FLAGS) -m64
*_GCC46_X64_ASLDLINK_FLAGS = DEF(GCC46_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_x86_64
@@ -4851,7 +4830,7 @@ RELEASE_GCC46_ARM_CC_FLAGS = DEF(GCC46_ARM_CC_FLAGS) -Wno-unused-but-set-v
####################################################################################
*_GCC47_*_*_FAMILY = GCC
-*_GCC47_*_MAKE_PATH = DEF(GCC47_IA32_PREFIX)make
+*_GCC47_*_MAKE_PATH = make
*_GCC47_*_*_DLL = ENV(GCC47_DLL)
*_GCC47_*_ASL_PATH = DEF(UNIX_IASL_BIN)
@@ -4866,17 +4845,17 @@ RELEASE_GCC46_ARM_CC_FLAGS = DEF(GCC46_ARM_CC_FLAGS) -Wno-unused-but-set-v
##################
# GCC47 IA32 definitions
##################
-*_GCC47_IA32_OBJCOPY_PATH = DEF(GCC47_IA32_PREFIX)objcopy
-*_GCC47_IA32_CC_PATH = DEF(GCC47_IA32_PREFIX)gcc
-*_GCC47_IA32_SLINK_PATH = DEF(GCC47_IA32_PREFIX)ar
-*_GCC47_IA32_DLINK_PATH = DEF(GCC47_IA32_PREFIX)gcc
-*_GCC47_IA32_ASLDLINK_PATH = DEF(GCC47_IA32_PREFIX)gcc
-*_GCC47_IA32_ASM_PATH = DEF(GCC47_IA32_PREFIX)gcc
-*_GCC47_IA32_PP_PATH = DEF(GCC47_IA32_PREFIX)gcc
-*_GCC47_IA32_VFRPP_PATH = DEF(GCC47_IA32_PREFIX)gcc
-*_GCC47_IA32_ASLCC_PATH = DEF(GCC47_IA32_PREFIX)gcc
-*_GCC47_IA32_ASLPP_PATH = DEF(GCC47_IA32_PREFIX)gcc
-*_GCC47_IA32_RC_PATH = DEF(GCC47_IA32_PREFIX)objcopy
+*_GCC47_IA32_OBJCOPY_PATH = ENV(GCC47_IA32_PREFIX)objcopy
+*_GCC47_IA32_CC_PATH = ENV(GCC47_IA32_PREFIX)gcc
+*_GCC47_IA32_SLINK_PATH = ENV(GCC47_IA32_PREFIX)ar
+*_GCC47_IA32_DLINK_PATH = ENV(GCC47_IA32_PREFIX)gcc
+*_GCC47_IA32_ASLDLINK_PATH = ENV(GCC47_IA32_PREFIX)gcc
+*_GCC47_IA32_ASM_PATH = ENV(GCC47_IA32_PREFIX)gcc
+*_GCC47_IA32_PP_PATH = ENV(GCC47_IA32_PREFIX)gcc
+*_GCC47_IA32_VFRPP_PATH = ENV(GCC47_IA32_PREFIX)gcc
+*_GCC47_IA32_ASLCC_PATH = ENV(GCC47_IA32_PREFIX)gcc
+*_GCC47_IA32_ASLPP_PATH = ENV(GCC47_IA32_PREFIX)gcc
+*_GCC47_IA32_RC_PATH = ENV(GCC47_IA32_PREFIX)objcopy
*_GCC47_IA32_ASLCC_FLAGS = DEF(GCC_ASLCC_FLAGS) -m32
*_GCC47_IA32_ASLDLINK_FLAGS = DEF(GCC47_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386
@@ -4894,17 +4873,17 @@ RELEASE_GCC47_IA32_CC_FLAGS = DEF(GCC47_IA32_CC_FLAGS) -Os -Wno-unused-but
##################
# GCC47 X64 definitions
##################
-*_GCC47_X64_OBJCOPY_PATH = DEF(GCC47_X64_PREFIX)objcopy
-*_GCC47_X64_CC_PATH = DEF(GCC47_X64_PREFIX)gcc
-*_GCC47_X64_SLINK_PATH = DEF(GCC47_X64_PREFIX)ar
-*_GCC47_X64_DLINK_PATH = DEF(GCC47_X64_PREFIX)gcc
-*_GCC47_X64_ASLDLINK_PATH = DEF(GCC47_X64_PREFIX)gcc
-*_GCC47_X64_ASM_PATH = DEF(GCC47_X64_PREFIX)gcc
-*_GCC47_X64_PP_PATH = DEF(GCC47_X64_PREFIX)gcc
-*_GCC47_X64_VFRPP_PATH = DEF(GCC47_X64_PREFIX)gcc
-*_GCC47_X64_ASLCC_PATH = DEF(GCC47_X64_PREFIX)gcc
-*_GCC47_X64_ASLPP_PATH = DEF(GCC47_X64_PREFIX)gcc
-*_GCC47_X64_RC_PATH = DEF(GCC47_X64_PREFIX)objcopy
+*_GCC47_X64_OBJCOPY_PATH = ENV(GCC47_X64_PREFIX)objcopy
+*_GCC47_X64_CC_PATH = ENV(GCC47_X64_PREFIX)gcc
+*_GCC47_X64_SLINK_PATH = ENV(GCC47_X64_PREFIX)ar
+*_GCC47_X64_DLINK_PATH = ENV(GCC47_X64_PREFIX)gcc
+*_GCC47_X64_ASLDLINK_PATH = ENV(GCC47_X64_PREFIX)gcc
+*_GCC47_X64_ASM_PATH = ENV(GCC47_X64_PREFIX)gcc
+*_GCC47_X64_PP_PATH = ENV(GCC47_X64_PREFIX)gcc
+*_GCC47_X64_VFRPP_PATH = ENV(GCC47_X64_PREFIX)gcc
+*_GCC47_X64_ASLCC_PATH = ENV(GCC47_X64_PREFIX)gcc
+*_GCC47_X64_ASLPP_PATH = ENV(GCC47_X64_PREFIX)gcc
+*_GCC47_X64_RC_PATH = ENV(GCC47_X64_PREFIX)objcopy
*_GCC47_X64_ASLCC_FLAGS = DEF(GCC_ASLCC_FLAGS) -m64
*_GCC47_X64_ASLDLINK_FLAGS = DEF(GCC47_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_x86_64
@@ -4988,7 +4967,7 @@ RELEASE_GCC47_AARCH64_CC_FLAGS = DEF(GCC47_AARCH64_CC_FLAGS) -Wno-unused-but-s
####################################################################################
*_GCC48_*_*_FAMILY = GCC
-*_GCC48_*_MAKE_PATH = DEF(GCC48_IA32_PREFIX)make
+*_GCC48_*_MAKE_PATH = make
*_GCC48_*_*_DLL = ENV(GCC48_DLL)
*_GCC48_*_ASL_PATH = DEF(UNIX_IASL_BIN)
@@ -5003,17 +4982,17 @@ RELEASE_GCC47_AARCH64_CC_FLAGS = DEF(GCC47_AARCH64_CC_FLAGS) -Wno-unused-but-s
##################
# GCC48 IA32 definitions
##################
-*_GCC48_IA32_OBJCOPY_PATH = DEF(GCC48_IA32_PREFIX)objcopy
-*_GCC48_IA32_CC_PATH = DEF(GCC48_IA32_PREFIX)gcc
-*_GCC48_IA32_SLINK_PATH = DEF(GCC48_IA32_PREFIX)ar
-*_GCC48_IA32_DLINK_PATH = DEF(GCC48_IA32_PREFIX)gcc
-*_GCC48_IA32_ASLDLINK_PATH = DEF(GCC48_IA32_PREFIX)gcc
-*_GCC48_IA32_ASM_PATH = DEF(GCC48_IA32_PREFIX)gcc
-*_GCC48_IA32_PP_PATH = DEF(GCC48_IA32_PREFIX)gcc
-*_GCC48_IA32_VFRPP_PATH = DEF(GCC48_IA32_PREFIX)gcc
-*_GCC48_IA32_ASLCC_PATH = DEF(GCC48_IA32_PREFIX)gcc
-*_GCC48_IA32_ASLPP_PATH = DEF(GCC48_IA32_PREFIX)gcc
-*_GCC48_IA32_RC_PATH = DEF(GCC48_IA32_PREFIX)objcopy
+*_GCC48_IA32_OBJCOPY_PATH = ENV(GCC48_IA32_PREFIX)objcopy
+*_GCC48_IA32_CC_PATH = ENV(GCC48_IA32_PREFIX)gcc
+*_GCC48_IA32_SLINK_PATH = ENV(GCC48_IA32_PREFIX)ar
+*_GCC48_IA32_DLINK_PATH = ENV(GCC48_IA32_PREFIX)gcc
+*_GCC48_IA32_ASLDLINK_PATH = ENV(GCC48_IA32_PREFIX)gcc
+*_GCC48_IA32_ASM_PATH = ENV(GCC48_IA32_PREFIX)gcc
+*_GCC48_IA32_PP_PATH = ENV(GCC48_IA32_PREFIX)gcc
+*_GCC48_IA32_VFRPP_PATH = ENV(GCC48_IA32_PREFIX)gcc
+*_GCC48_IA32_ASLCC_PATH = ENV(GCC48_IA32_PREFIX)gcc
+*_GCC48_IA32_ASLPP_PATH = ENV(GCC48_IA32_PREFIX)gcc
+*_GCC48_IA32_RC_PATH = ENV(GCC48_IA32_PREFIX)objcopy
*_GCC48_IA32_ASLCC_FLAGS = DEF(GCC_ASLCC_FLAGS) -m32
*_GCC48_IA32_ASLDLINK_FLAGS = DEF(GCC48_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386
@@ -5031,17 +5010,17 @@ RELEASE_GCC48_IA32_CC_FLAGS = DEF(GCC48_IA32_CC_FLAGS) -Os -Wno-unused-but
##################
# GCC48 X64 definitions
##################
-*_GCC48_X64_OBJCOPY_PATH = DEF(GCC48_X64_PREFIX)objcopy
-*_GCC48_X64_CC_PATH = DEF(GCC48_X64_PREFIX)gcc
-*_GCC48_X64_SLINK_PATH = DEF(GCC48_X64_PREFIX)ar
-*_GCC48_X64_DLINK_PATH = DEF(GCC48_X64_PREFIX)gcc
-*_GCC48_X64_ASLDLINK_PATH = DEF(GCC48_X64_PREFIX)gcc
-*_GCC48_X64_ASM_PATH = DEF(GCC48_X64_PREFIX)gcc
-*_GCC48_X64_PP_PATH = DEF(GCC48_X64_PREFIX)gcc
-*_GCC48_X64_VFRPP_PATH = DEF(GCC48_X64_PREFIX)gcc
-*_GCC48_X64_ASLCC_PATH = DEF(GCC48_X64_PREFIX)gcc
-*_GCC48_X64_ASLPP_PATH = DEF(GCC48_X64_PREFIX)gcc
-*_GCC48_X64_RC_PATH = DEF(GCC48_X64_PREFIX)objcopy
+*_GCC48_X64_OBJCOPY_PATH = ENV(GCC48_X64_PREFIX)objcopy
+*_GCC48_X64_CC_PATH = ENV(GCC48_X64_PREFIX)gcc
+*_GCC48_X64_SLINK_PATH = ENV(GCC48_X64_PREFIX)ar
+*_GCC48_X64_DLINK_PATH = ENV(GCC48_X64_PREFIX)gcc
+*_GCC48_X64_ASLDLINK_PATH = ENV(GCC48_X64_PREFIX)gcc
+*_GCC48_X64_ASM_PATH = ENV(GCC48_X64_PREFIX)gcc
+*_GCC48_X64_PP_PATH = ENV(GCC48_X64_PREFIX)gcc
+*_GCC48_X64_VFRPP_PATH = ENV(GCC48_X64_PREFIX)gcc
+*_GCC48_X64_ASLCC_PATH = ENV(GCC48_X64_PREFIX)gcc
+*_GCC48_X64_ASLPP_PATH = ENV(GCC48_X64_PREFIX)gcc
+*_GCC48_X64_RC_PATH = ENV(GCC48_X64_PREFIX)objcopy
*_GCC48_X64_ASLCC_FLAGS = DEF(GCC_ASLCC_FLAGS) -m64
*_GCC48_X64_ASLDLINK_FLAGS = DEF(GCC48_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_x86_64
@@ -5125,7 +5104,7 @@ RELEASE_GCC48_AARCH64_CC_FLAGS = DEF(GCC48_AARCH64_CC_FLAGS) -Wno-unused-but-s
####################################################################################
*_GCC49_*_*_FAMILY = GCC
-*_GCC49_*_MAKE_PATH = DEF(GCC49_IA32_PREFIX)make
+*_GCC49_*_MAKE_PATH = make
*_GCC49_*_*_DLL = ENV(GCC49_DLL)
*_GCC49_*_ASL_PATH = DEF(UNIX_IASL_BIN)
@@ -5140,17 +5119,17 @@ RELEASE_GCC48_AARCH64_CC_FLAGS = DEF(GCC48_AARCH64_CC_FLAGS) -Wno-unused-but-s
##################
# GCC49 IA32 definitions
##################
-*_GCC49_IA32_OBJCOPY_PATH = DEF(GCC49_IA32_PREFIX)objcopy
-*_GCC49_IA32_CC_PATH = DEF(GCC49_IA32_PREFIX)gcc
-*_GCC49_IA32_SLINK_PATH = DEF(GCC49_IA32_PREFIX)ar
-*_GCC49_IA32_DLINK_PATH = DEF(GCC49_IA32_PREFIX)gcc
-*_GCC49_IA32_ASLDLINK_PATH = DEF(GCC49_IA32_PREFIX)gcc
-*_GCC49_IA32_ASM_PATH = DEF(GCC49_IA32_PREFIX)gcc
-*_GCC49_IA32_PP_PATH = DEF(GCC49_IA32_PREFIX)gcc
-*_GCC49_IA32_VFRPP_PATH = DEF(GCC49_IA32_PREFIX)gcc
-*_GCC49_IA32_ASLCC_PATH = DEF(GCC49_IA32_PREFIX)gcc
-*_GCC49_IA32_ASLPP_PATH = DEF(GCC49_IA32_PREFIX)gcc
-*_GCC49_IA32_RC_PATH = DEF(GCC49_IA32_PREFIX)objcopy
+*_GCC49_IA32_OBJCOPY_PATH = ENV(GCC49_IA32_PREFIX)objcopy
+*_GCC49_IA32_CC_PATH = ENV(GCC49_IA32_PREFIX)gcc
+*_GCC49_IA32_SLINK_PATH = ENV(GCC49_IA32_PREFIX)ar
+*_GCC49_IA32_DLINK_PATH = ENV(GCC49_IA32_PREFIX)gcc
+*_GCC49_IA32_ASLDLINK_PATH = ENV(GCC49_IA32_PREFIX)gcc
+*_GCC49_IA32_ASM_PATH = ENV(GCC49_IA32_PREFIX)gcc
+*_GCC49_IA32_PP_PATH = ENV(GCC49_IA32_PREFIX)gcc
+*_GCC49_IA32_VFRPP_PATH = ENV(GCC49_IA32_PREFIX)gcc
+*_GCC49_IA32_ASLCC_PATH = ENV(GCC49_IA32_PREFIX)gcc
+*_GCC49_IA32_ASLPP_PATH = ENV(GCC49_IA32_PREFIX)gcc
+*_GCC49_IA32_RC_PATH = ENV(GCC49_IA32_PREFIX)objcopy
*_GCC49_IA32_ASLCC_FLAGS = DEF(GCC_ASLCC_FLAGS) -m32
*_GCC49_IA32_ASLDLINK_FLAGS = DEF(GCC49_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386
@@ -5168,17 +5147,17 @@ RELEASE_GCC49_IA32_CC_FLAGS = DEF(GCC49_IA32_CC_FLAGS) -Os -Wno-unused-but
##################
# GCC49 X64 definitions
##################
-*_GCC49_X64_OBJCOPY_PATH = DEF(GCC49_X64_PREFIX)objcopy
-*_GCC49_X64_CC_PATH = DEF(GCC49_X64_PREFIX)gcc
-*_GCC49_X64_SLINK_PATH = DEF(GCC49_X64_PREFIX)ar
-*_GCC49_X64_DLINK_PATH = DEF(GCC49_X64_PREFIX)gcc
-*_GCC49_X64_ASLDLINK_PATH = DEF(GCC49_X64_PREFIX)gcc
-*_GCC49_X64_ASM_PATH = DEF(GCC49_X64_PREFIX)gcc
-*_GCC49_X64_PP_PATH = DEF(GCC49_X64_PREFIX)gcc
-*_GCC49_X64_VFRPP_PATH = DEF(GCC49_X64_PREFIX)gcc
-*_GCC49_X64_ASLCC_PATH = DEF(GCC49_X64_PREFIX)gcc
-*_GCC49_X64_ASLPP_PATH = DEF(GCC49_X64_PREFIX)gcc
-*_GCC49_X64_RC_PATH = DEF(GCC49_X64_PREFIX)objcopy
+*_GCC49_X64_OBJCOPY_PATH = ENV(GCC49_X64_PREFIX)objcopy
+*_GCC49_X64_CC_PATH = ENV(GCC49_X64_PREFIX)gcc
+*_GCC49_X64_SLINK_PATH = ENV(GCC49_X64_PREFIX)ar
+*_GCC49_X64_DLINK_PATH = ENV(GCC49_X64_PREFIX)gcc
+*_GCC49_X64_ASLDLINK_PATH = ENV(GCC49_X64_PREFIX)gcc
+*_GCC49_X64_ASM_PATH = ENV(GCC49_X64_PREFIX)gcc
+*_GCC49_X64_PP_PATH = ENV(GCC49_X64_PREFIX)gcc
+*_GCC49_X64_VFRPP_PATH = ENV(GCC49_X64_PREFIX)gcc
+*_GCC49_X64_ASLCC_PATH = ENV(GCC49_X64_PREFIX)gcc
+*_GCC49_X64_ASLPP_PATH = ENV(GCC49_X64_PREFIX)gcc
+*_GCC49_X64_RC_PATH = ENV(GCC49_X64_PREFIX)objcopy
*_GCC49_X64_ASLCC_FLAGS = DEF(GCC_ASLCC_FLAGS) -m64
*_GCC49_X64_ASLDLINK_FLAGS = DEF(GCC49_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_x86_64
@@ -5268,7 +5247,7 @@ RELEASE_GCC49_AARCH64_DLINK_FLAGS = DEF(GCC49_AARCH64_DLINK_FLAGS)
####################################################################################
*_GCC5_*_*_FAMILY = GCC
-*_GCC5_*_MAKE_PATH = DEF(GCC5_IA32_PREFIX)make
+*_GCC5_*_MAKE_PATH = make
*_GCC5_*_*_DLL = ENV(GCC5_DLL)
*_GCC5_*_ASL_PATH = DEF(UNIX_IASL_BIN)
@@ -5283,17 +5262,17 @@ RELEASE_GCC49_AARCH64_DLINK_FLAGS = DEF(GCC49_AARCH64_DLINK_FLAGS)
##################
# GCC5 IA32 definitions
##################
-*_GCC5_IA32_OBJCOPY_PATH = DEF(GCC5_IA32_PREFIX)objcopy
-*_GCC5_IA32_CC_PATH = DEF(GCC5_IA32_PREFIX)gcc
-*_GCC5_IA32_SLINK_PATH = DEF(GCC5_IA32_PREFIX)gcc-ar
-*_GCC5_IA32_DLINK_PATH = DEF(GCC5_IA32_PREFIX)gcc
-*_GCC5_IA32_ASLDLINK_PATH = DEF(GCC5_IA32_PREFIX)gcc
-*_GCC5_IA32_ASM_PATH = DEF(GCC5_IA32_PREFIX)gcc
-*_GCC5_IA32_PP_PATH = DEF(GCC5_IA32_PREFIX)gcc
-*_GCC5_IA32_VFRPP_PATH = DEF(GCC5_IA32_PREFIX)gcc
-*_GCC5_IA32_ASLCC_PATH = DEF(GCC5_IA32_PREFIX)gcc
-*_GCC5_IA32_ASLPP_PATH = DEF(GCC5_IA32_PREFIX)gcc
-*_GCC5_IA32_RC_PATH = DEF(GCC5_IA32_PREFIX)objcopy
+*_GCC5_IA32_OBJCOPY_PATH = ENV(GCC5_IA32_PREFIX)objcopy
+*_GCC5_IA32_CC_PATH = ENV(GCC5_IA32_PREFIX)gcc
+*_GCC5_IA32_SLINK_PATH = ENV(GCC5_IA32_PREFIX)gcc-ar
+*_GCC5_IA32_DLINK_PATH = ENV(GCC5_IA32_PREFIX)gcc
+*_GCC5_IA32_ASLDLINK_PATH = ENV(GCC5_IA32_PREFIX)gcc
+*_GCC5_IA32_ASM_PATH = ENV(GCC5_IA32_PREFIX)gcc
+*_GCC5_IA32_PP_PATH = ENV(GCC5_IA32_PREFIX)gcc
+*_GCC5_IA32_VFRPP_PATH = ENV(GCC5_IA32_PREFIX)gcc
+*_GCC5_IA32_ASLCC_PATH = ENV(GCC5_IA32_PREFIX)gcc
+*_GCC5_IA32_ASLPP_PATH = ENV(GCC5_IA32_PREFIX)gcc
+*_GCC5_IA32_RC_PATH = ENV(GCC5_IA32_PREFIX)objcopy
*_GCC5_IA32_ASLCC_FLAGS = DEF(GCC_ASLCC_FLAGS) -m32 -fno-lto
*_GCC5_IA32_ASLDLINK_FLAGS = DEF(GCC5_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386
@@ -5315,17 +5294,17 @@ RELEASE_GCC5_IA32_DLINK_FLAGS = DEF(GCC5_IA32_X64_DLINK_FLAGS) -flto -Os -Wl,
##################
# GCC5 X64 definitions
##################
-*_GCC5_X64_OBJCOPY_PATH = DEF(GCC5_X64_PREFIX)objcopy
-*_GCC5_X64_CC_PATH = DEF(GCC5_X64_PREFIX)gcc
-*_GCC5_X64_SLINK_PATH = DEF(GCC5_X64_PREFIX)gcc-ar
-*_GCC5_X64_DLINK_PATH = DEF(GCC5_X64_PREFIX)gcc
-*_GCC5_X64_ASLDLINK_PATH = DEF(GCC5_X64_PREFIX)gcc
-*_GCC5_X64_ASM_PATH = DEF(GCC5_X64_PREFIX)gcc
-*_GCC5_X64_PP_PATH = DEF(GCC5_X64_PREFIX)gcc
-*_GCC5_X64_VFRPP_PATH = DEF(GCC5_X64_PREFIX)gcc
-*_GCC5_X64_ASLCC_PATH = DEF(GCC5_X64_PREFIX)gcc
-*_GCC5_X64_ASLPP_PATH = DEF(GCC5_X64_PREFIX)gcc
-*_GCC5_X64_RC_PATH = DEF(GCC5_X64_PREFIX)objcopy
+*_GCC5_X64_OBJCOPY_PATH = ENV(GCC5_X64_PREFIX)objcopy
+*_GCC5_X64_CC_PATH = ENV(GCC5_X64_PREFIX)gcc
+*_GCC5_X64_SLINK_PATH = ENV(GCC5_X64_PREFIX)gcc-ar
+*_GCC5_X64_DLINK_PATH = ENV(GCC5_X64_PREFIX)gcc
+*_GCC5_X64_ASLDLINK_PATH = ENV(GCC5_X64_PREFIX)gcc
+*_GCC5_X64_ASM_PATH = ENV(GCC5_X64_PREFIX)gcc
+*_GCC5_X64_PP_PATH = ENV(GCC5_X64_PREFIX)gcc
+*_GCC5_X64_VFRPP_PATH = ENV(GCC5_X64_PREFIX)gcc
+*_GCC5_X64_ASLCC_PATH = ENV(GCC5_X64_PREFIX)gcc
+*_GCC5_X64_ASLPP_PATH = ENV(GCC5_X64_PREFIX)gcc
+*_GCC5_X64_RC_PATH = ENV(GCC5_X64_PREFIX)objcopy
*_GCC5_X64_ASLCC_FLAGS = DEF(GCC_ASLCC_FLAGS) -m64 -fno-lto
*_GCC5_X64_ASLDLINK_FLAGS = DEF(GCC5_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_x86_64
--
2.9.3

36
0010-ArmVirtPkg-QemuFwCfgLib-allow-UEFI_DRIVER-client-mod.patch Normal file
View File

@ -0,0 +1,36 @@
From 92f37a3d72213d9b76bc47c4f194f2ea989a71a1 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Tue, 12 Apr 2016 20:50:25 +0200
Subject: [PATCH] ArmVirtPkg: QemuFwCfgLib: allow UEFI_DRIVER client modules
(RH only)
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
- no changes
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
- no changes
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit 8e2153358aa2bba2c91faa87a70beadcaae03fd8)
(cherry picked from commit 5af259a93f4bbee5515ae18638068125e170f2cd)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
ArmVirtPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ArmVirtPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf b/ArmVirtPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf
index eff4a21650..adf1ff6c6a 100644
--- a/ArmVirtPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf
+++ b/ArmVirtPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf
@@ -22,7 +22,7 @@
FILE_GUID = B271F41F-B841-48A9-BA8D-545B4BC2E2BF
MODULE_TYPE = BASE
VERSION_STRING = 1.0
- LIBRARY_CLASS = QemuFwCfgLib|DXE_DRIVER
+ LIBRARY_CLASS = QemuFwCfgLib|DXE_DRIVER UEFI_DRIVER
CONSTRUCTOR = QemuFwCfgInitialize

30
0010-VfrCompile-fix-invalid-comparison-between-pointer-an.patch
View File

@ -1,30 +0,0 @@
From 06c3814868bebbe7f2cd9a51c11fbfc407c14349 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Mon, 13 Feb 2017 13:49:14 +0100
Subject: [PATCH] VfrCompile: fix invalid comparison between pointer and
integer
This would be valid C but is not valid C++, so change the comparison
to do what it has always been doing.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp b/BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp
index 3ca57ed..2f97975 100644
--- a/BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp
+++ b/BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp
@@ -3372,7 +3372,7 @@ CVfrStringDB::GetVarStoreNameFormStringId (
UINT8 BlockType;
EFI_HII_STRING_PACKAGE_HDR *PkgHeader;
- if (mStringFileName == '\0' ) {
+ if (mStringFileName == NULL) {
return NULL;
}
--
2.9.3

197
0011-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch Normal file
View File

@ -0,0 +1,197 @@
From 6a27daa40698f06a34c209bd90092011d70f7795 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Sun, 26 Jul 2015 08:02:50 +0000
Subject: [PATCH] ArmVirtPkg: take PcdResizeXterm from the QEMU command line
(RH only)
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
- Adapt commit 6b97969096a3 to the fact that upstream has deprecated such
setter functions for dynamic PCDs that don't return a status code (such
as PcdSetBool()). Employ PcdSetBoolS(), and assert that it succeeds --
there's really no circumstance in this case when it could fail.
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
- Refresh downstream-only commit d4564d39dfdb against context changes in
"ArmVirtPkg/ArmVirtQemu.dsc" from upstream commit 7e5f1b673870
("ArmVirtPkg/PlatformHasAcpiDtDxe: allow guest level ACPI disable
override", 2017-03-29).
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit d4564d39dfdbf74e762af43314005a2c026cb262)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
ArmVirtPkg/ArmVirtQemu.dsc | 7 +-
.../TerminalPcdProducerLib.c | 87 +++++++++++++++++++
.../TerminalPcdProducerLib.inf | 41 +++++++++
3 files changed, 134 insertions(+), 1 deletion(-)
create mode 100644 ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c
create mode 100644 ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index a7a3899560..86d5d5a666 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -206,6 +206,8 @@
gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosDocRev|0x0
gUefiOvmfPkgTokenSpaceGuid.PcdQemuSmbiosValidated|FALSE
+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
+
[PcdsDynamicHii]
gArmVirtTokenSpaceGuid.PcdForceNoAcpi|L"ForceNoAcpi"|gArmVirtVariableGuid|0x0|FALSE|NV,BS
@@ -282,7 +284,10 @@
MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf
MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf
MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf
- MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf
+ MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf {
+ <LibraryClasses>
+ NULL|ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf
+ }
MdeModulePkg/Universal/SerialDxe/SerialDxe.inf
MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
diff --git a/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c b/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c
new file mode 100644
index 0000000000..814ad48199
--- /dev/null
+++ b/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c
@@ -0,0 +1,87 @@
+/** @file
+* Plugin library for setting up dynamic PCDs for TerminalDxe, from fw_cfg
+*
+* Copyright (C) 2015-2016, Red Hat, Inc.
+* Copyright (c) 2014, Linaro Ltd. All rights reserved.<BR>
+*
+* This program and the accompanying materials are licensed and made available
+* under the terms and conditions of the BSD License which accompanies this
+* distribution. The full text of the license may be found at
+* http://opensource.org/licenses/bsd-license.php
+*
+* THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+* WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR
+* IMPLIED.
+*
+**/
+
+#include <Library/DebugLib.h>
+#include <Library/PcdLib.h>
+#include <Library/QemuFwCfgLib.h>
+
+STATIC
+RETURN_STATUS
+GetNamedFwCfgBoolean (
+ IN CONST CHAR8 *FwCfgFileName,
+ OUT BOOLEAN *Setting
+ )
+{
+ RETURN_STATUS Status;
+ FIRMWARE_CONFIG_ITEM FwCfgItem;
+ UINTN FwCfgSize;
+ UINT8 Value[3];
+
+ Status = QemuFwCfgFindFile (FwCfgFileName, &FwCfgItem, &FwCfgSize);
+ if (RETURN_ERROR (Status)) {
+ return Status;
+ }
+ if (FwCfgSize > sizeof Value) {
+ return RETURN_BAD_BUFFER_SIZE;
+ }
+ QemuFwCfgSelectItem (FwCfgItem);
+ QemuFwCfgReadBytes (FwCfgSize, Value);
+
+ if ((FwCfgSize == 1) ||
+ (FwCfgSize == 2 && Value[1] == '\n') ||
+ (FwCfgSize == 3 && Value[1] == '\r' && Value[2] == '\n')) {
+ switch (Value[0]) {
+ case '0':
+ case 'n':
+ case 'N':
+ *Setting = FALSE;
+ return RETURN_SUCCESS;
+
+ case '1':
+ case 'y':
+ case 'Y':
+ *Setting = TRUE;
+ return RETURN_SUCCESS;
+
+ default:
+ break;
+ }
+ }
+ return RETURN_PROTOCOL_ERROR;
+}
+
+#define UPDATE_BOOLEAN_PCD_FROM_FW_CFG(TokenName) \
+ do { \
+ BOOLEAN Setting; \
+ RETURN_STATUS PcdStatus; \
+ \
+ if (!RETURN_ERROR (GetNamedFwCfgBoolean ( \
+ "opt/org.tianocore.edk2.aavmf/" #TokenName, &Setting))) { \
+ PcdStatus = PcdSetBoolS (TokenName, Setting); \
+ ASSERT_RETURN_ERROR (PcdStatus); \
+ } \
+ } while (0)
+
+RETURN_STATUS
+EFIAPI
+TerminalPcdProducerLibConstructor (
+ VOID
+ )
+{
+ UPDATE_BOOLEAN_PCD_FROM_FW_CFG (PcdResizeXterm);
+ return RETURN_SUCCESS;
+}
diff --git a/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf b/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf
new file mode 100644
index 0000000000..fecb37bcdf
--- /dev/null
+++ b/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf
@@ -0,0 +1,41 @@
+## @file
+# Plugin library for setting up dynamic PCDs for TerminalDxe, from fw_cfg
+#
+# Copyright (C) 2015-2016, Red Hat, Inc.
+# Copyright (c) 2014, Linaro Ltd. All rights reserved.<BR>
+#
+# This program and the accompanying materials are licensed and made available
+# under the terms and conditions of the BSD License which accompanies this
+# distribution. The full text of the license may be found at
+# http://opensource.org/licenses/bsd-license.php
+#
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR
+# IMPLIED.
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = TerminalPcdProducerLib
+ FILE_GUID = 4a0c5ed7-8c42-4c01-8f4c-7bf258316a96
+ MODULE_TYPE = BASE
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = TerminalPcdProducerLib|DXE_DRIVER
+ CONSTRUCTOR = TerminalPcdProducerLibConstructor
+
+[Sources]
+ TerminalPcdProducerLib.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ OvmfPkg/OvmfPkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+
+[LibraryClasses]
+ DebugLib
+ PcdLib
+ QemuFwCfgLib
+
+[Pcd]
+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm

113
0012-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch Normal file
View File

@ -0,0 +1,113 @@
From 84570add9731d2099c6e5be43f96aed508fd4c39 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Tue, 4 Nov 2014 23:02:53 +0100
Subject: [PATCH] OvmfPkg: allow exclusion of the shell from the firmware image
When '-D EXCLUDE_SHELL_FROM_FD' is passed to 'build', exclude the shell
binary from the firmware image.
Peter Jones advised us that firmware vendors for physical systems disable
the memory-mapped, firmware image-contained UEFI shell in
SecureBoot-enabled builds. The reason being that the memory-mapped shell
can always load, it may have direct access to various hardware in the
system, and it can run UEFI shell scripts (which cannot be signed at all).
Intended use of the new build option:
- In-tree builds: don't pass '-D EXCLUDE_SHELL_FROM_FD'. The resultant
firmware image will contain a shell binary, independently of SecureBoot
enablement, which is flexible for interactive development. (Ie. no
change for in-tree builds.)
- RPM builds: pass both '-D SECURE_BOOT_ENABLE' and
'-D EXCLUDE_SHELL_FROM_FD'. The resultant RPM will provide:
- OVMF_CODE.fd: SecureBoot-enabled firmware, without builtin UEFI shell,
- OVMF_VARS.fd: variable store template matching OVMF_CODE.fd,
- UefiShell.iso: a bootable ISO image with the shell on it as default
boot loader. The shell binary will load when SecureBoot is turned off,
and won't load when SecureBoot is turned on (because it is not
signed).
UefiShell.iso is the reason we're not excluding the shell from the DSC
files as well, only the FDF files -- when '-D EXCLUDE_SHELL_FROM_FD'
is specified, the shell binary needs to be built the same, only it
will be included in UefiShell.iso.
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
- no changes
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
- no changes
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit 9c391def70366cabae08e6008814299c3372fafd)
(cherry picked from commit d9dd9ee42937b2611fe37183cc9ec7f62d946933)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
OvmfPkg/OvmfPkgIa32.fdf | 2 ++
OvmfPkg/OvmfPkgIa32X64.fdf | 2 ++
OvmfPkg/OvmfPkgX64.fdf | 2 ++
3 files changed, 6 insertions(+)
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index 4177379a23..8c0b6ee1bd 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -288,12 +288,14 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
INF FatPkg/EnhancedFatDxe/Fat.inf
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
+!ifndef $(EXCLUDE_SHELL_FROM_FD)
!ifndef $(USE_OLD_SHELL)
INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
INF ShellPkg/Application/Shell/Shell.inf
!else
INF RuleOverride = BINARY EdkShellBinPkg/FullShell/FullShell.inf
!endif
+!endif
!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(NETWORK_IP6_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE)
INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index 5e57161154..8de20366d2 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -289,12 +289,14 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
INF FatPkg/EnhancedFatDxe/Fat.inf
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
+!ifndef $(EXCLUDE_SHELL_FROM_FD)
!ifndef $(USE_OLD_SHELL)
INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
INF ShellPkg/Application/Shell/Shell.inf
!else
INF RuleOverride = BINARY USE = X64 EdkShellBinPkg/FullShell/FullShell.inf
!endif
+!endif
!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(NETWORK_IP6_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE)
INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index c81b422517..49ef829a3a 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -289,12 +289,14 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
INF FatPkg/EnhancedFatDxe/Fat.inf
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
+!ifndef $(EXCLUDE_SHELL_FROM_FD)
!ifndef $(USE_OLD_SHELL)
INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
INF ShellPkg/Application/Shell/Shell.inf
!else
INF RuleOverride = BINARY EdkShellBinPkg/FullShell/FullShell.inf
!endif
+!endif
!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(NETWORK_IP6_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE)
INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf

493
0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch → 0013-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch
View File

@ -1,12 +1,9 @@
From da502f7cc283055a65ab3caeaa62eb5c6a6fddb5 Mon Sep 17 00:00:00 2001
From 685d43b29b2ac4b19572bda1ebeb989d69d74ebb Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Mon, 6 Jul 2015 20:22:02 +0200
Date: Tue, 4 Nov 2014 23:02:55 +0100
Subject: [PATCH] OvmfPkg: EnrollDefaultKeys: application for enrolling default
keys
(A port of the <https://bugzilla.redhat.com/show_bug.cgi?id=1148296> patch
to Gerd's public RPMs.)
This application is meant to be invoked by the management layer, after
booting the UEFI shell and getting a shell prompt on the serial console.
The app enrolls a number of certificates (see below), and then reports
@ -27,7 +24,33 @@ PK:
- A unique, static, ad-hoc certificate whose private half has been
destroyed (more precisely, never saved) and is therefore unusable for
signing. (The command for creating this certificate is saved in the
source code.)
source code.) Background:
On 09/30/14 20:00, Peter Jones wrote:
> We should generate a special key that's not in our normal signing chains
> for PK and KEK. The reason for this is that [in practice] PK gets
> treated as part of DB (*).
>
> [Shipping a key in our normal signing chains] as PK means you can run
> grub directly, in which case it won't have access to the shim protocol.
> When grub is run without the shim protocol registered, it assumes SB is
> disabled and boots without verifying the kernel. We don't want that to
> be a thing you can do, but allowing that is the inevitable result of
> shipping with any of our normal signing chain in PK or KEK.
>
> (* USRT has actually agreed that since you can escalate to this behavior
> if you have the secret half of a key in KEK or PK anyway, and many
> vendors had already shipped it this way, that it is fine and I think
> even *expected* at this point, even though it wasn't formally in the
> UEFI 2.3.1 Spec that introduced Secure Boot. I'll try and make sure the
> language reflects that in an upcoming spec revision.)
>
> So let me get SRT to issue a special key to use for PK and KEK. We can
> use it just for those operations, and make sure it's protected with the
> same processes and controls as our other signing keys.
Until SRT generates such a key for us, this ad-hoc key should be a good
placeholder.
KEK:
- same ad-hoc certificate as used for the PK,
@ -41,24 +64,150 @@ DB:
- "Microsoft Corporation UEFI CA 2011" -- to load Linux and signed PCI
oproms.
Contributed-under: TianoCore Contribution Agreement 1.0
*UPDATE*
OvmfPkg: EnrollDefaultKeys: pick up official Red Hat PK/KEK (RHEL only)
Replace the placeholder ExampleCert with a certificate generated and
managed by the Red Hat Security Response Team.
> Certificate:
> Data:
> Version: 3 (0x2)
> Serial Number: 18371740789028339953 (0xfef588e8f396c0f1)
> Signature Algorithm: sha256WithRSAEncryption
> Issuer: CN=Red Hat Secure Boot (PK/KEK key 1)/emailAddress=secalert@redhat.com
> Validity
> Not Before: Oct 31 11:15:37 2014 GMT
> Not After : Oct 25 11:15:37 2037 GMT
> Subject: CN=Red Hat Secure Boot (PK/KEK key 1)/emailAddress=secalert@redhat.com
> Subject Public Key Info:
> Public Key Algorithm: rsaEncryption
> Public-Key: (2048 bit)
> Modulus:
> 00:90:1f:84:7b:8d:bc:eb:97:26:82:6d:88:ab:8a:
> c9:8c:68:70:f9:df:4b:07:b2:37:83:0b:02:c8:67:
> 68:30:9e:e3:f0:f0:99:4a:b8:59:57:c6:41:f6:38:
> 8b:fe:66:4c:49:e9:37:37:92:2e:98:01:1e:5b:14:
> 50:e6:a8:8d:25:0d:f5:86:e6:ab:30:cb:40:16:ea:
> 8d:8b:16:86:70:43:37:f2:ce:c0:91:df:71:14:8e:
> 99:0e:89:b6:4c:6d:24:1e:8c:e4:2f:4f:25:d0:ba:
> 06:f8:c6:e8:19:18:76:73:1d:81:6d:a8:d8:05:cf:
> 3a:c8:7b:28:c8:36:a3:16:0d:29:8c:99:9a:68:dc:
> ab:c0:4d:8d:bf:5a:bb:2b:a9:39:4b:04:97:1c:f9:
> 36:bb:c5:3a:86:04:ae:af:d4:82:7b:e0:ab:de:49:
> 05:68:fc:f6:ae:68:1a:6c:90:4d:57:19:3c:64:66:
> 03:f6:c7:52:9b:f7:94:cf:93:6a:a1:68:c9:aa:cf:
> 99:6b:bc:aa:5e:08:e7:39:1c:f7:f8:0f:ba:06:7e:
> f1:cb:e8:76:dd:fe:22:da:ad:3a:5e:5b:34:ea:b3:
> c9:e0:4d:04:29:7e:b8:60:b9:05:ef:b5:d9:17:58:
> 56:16:60:b9:30:32:f0:36:4a:c3:f2:79:8d:12:40:
> 70:f3
> Exponent: 65537 (0x10001)
> X509v3 extensions:
> X509v3 Basic Constraints:
> CA:FALSE
> Netscape Comment:
> OpenSSL Generated Certificate
> X509v3 Subject Key Identifier:
> 3C:E9:60:E3:FF:19:A1:0A:7B:A3:42:F4:8D:42:2E:B4:D5:9C:72:EC
> X509v3 Authority Key Identifier:
> keyid:3C:E9:60:E3:FF:19:A1:0A:7B:A3:42:F4:8D:42:2E:B4:D5:9C:72:EC
>
> Signature Algorithm: sha256WithRSAEncryption
> 5c:4d:92:88:b4:82:5f:1d:ad:8b:11:ec:df:06:a6:7a:a5:2b:
> 9f:37:55:0c:8d:6e:05:00:ad:b7:0c:41:89:69:cf:d6:65:06:
> 9b:51:78:d2:ad:c7:bf:9c:dc:05:73:7f:e7:1e:39:13:b4:ea:
> b6:30:7d:40:75:ab:9c:43:0b:df:b0:c2:1b:bf:30:e0:f4:fe:
> c0:db:62:21:98:f6:c5:af:de:3b:4f:49:0a:e6:1e:f9:86:b0:
> 3f:0d:d6:d4:46:37:db:54:74:5e:ff:11:c2:60:c6:70:58:c5:
> 1c:6f:ec:b2:d8:6e:6f:c3:bc:33:87:38:a4:f3:44:64:9c:34:
> 3b:28:94:26:78:27:9f:16:17:e8:3b:69:0a:25:a9:73:36:7e:
> 9e:37:5c:ec:e8:3f:db:91:f9:12:b3:3d:ce:e7:dd:15:c3:ae:
> 8c:05:20:61:9b:95:de:9b:af:fa:b1:5c:1c:e5:97:e7:c3:34:
> 11:85:f5:8a:27:26:a4:70:36:ec:0c:f6:83:3d:90:f7:36:f3:
> f9:f3:15:d4:90:62:be:53:b4:af:d3:49:af:ef:f4:73:e8:7b:
> 76:e4:44:2a:37:ba:81:a4:99:0c:3a:31:24:71:a0:e4:e4:b7:
> 1a:cb:47:e4:aa:22:cf:ef:75:61:80:e3:43:b7:48:57:73:11:
> 3d:78:9b:69
> -----BEGIN CERTIFICATE-----
> MIIDoDCCAoigAwIBAgIJAP71iOjzlsDxMA0GCSqGSIb3DQEBCwUAMFExKzApBgNV
> BAMTIlJlZCBIYXQgU2VjdXJlIEJvb3QgKFBLL0tFSyBrZXkgMSkxIjAgBgkqhkiG
> 9w0BCQEWE3NlY2FsZXJ0QHJlZGhhdC5jb20wHhcNMTQxMDMxMTExNTM3WhcNMzcx
> MDI1MTExNTM3WjBRMSswKQYDVQQDEyJSZWQgSGF0IFNlY3VyZSBCb290IChQSy9L
> RUsga2V5IDEpMSIwIAYJKoZIhvcNAQkBFhNzZWNhbGVydEByZWRoYXQuY29tMIIB
> IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkB+Ee42865cmgm2Iq4rJjGhw
> +d9LB7I3gwsCyGdoMJ7j8PCZSrhZV8ZB9jiL/mZMSek3N5IumAEeWxRQ5qiNJQ31
> huarMMtAFuqNixaGcEM38s7Akd9xFI6ZDom2TG0kHozkL08l0LoG+MboGRh2cx2B
> bajYBc86yHsoyDajFg0pjJmaaNyrwE2Nv1q7K6k5SwSXHPk2u8U6hgSur9SCe+Cr
> 3kkFaPz2rmgabJBNVxk8ZGYD9sdSm/eUz5NqoWjJqs+Za7yqXgjnORz3+A+6Bn7x
> y+h23f4i2q06Xls06rPJ4E0EKX64YLkF77XZF1hWFmC5MDLwNkrD8nmNEkBw8wID
> AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
> YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUPOlg4/8ZoQp7o0L0jUIutNWccuww
> HwYDVR0jBBgwFoAUPOlg4/8ZoQp7o0L0jUIutNWccuwwDQYJKoZIhvcNAQELBQAD
> ggEBAFxNkoi0gl8drYsR7N8GpnqlK583VQyNbgUArbcMQYlpz9ZlBptReNKtx7+c
> 3AVzf+ceORO06rYwfUB1q5xDC9+wwhu/MOD0/sDbYiGY9sWv3jtPSQrmHvmGsD8N
> 1tRGN9tUdF7/EcJgxnBYxRxv7LLYbm/DvDOHOKTzRGScNDsolCZ4J58WF+g7aQol
> qXM2fp43XOzoP9uR+RKzPc7n3RXDrowFIGGbld6br/qxXBzll+fDNBGF9YonJqRw
> NuwM9oM9kPc28/nzFdSQYr5TtK/TSa/v9HPoe3bkRCo3uoGkmQw6MSRxoOTktxrL
> R+SqIs/vdWGA40O3SFdzET14m2k=
> -----END CERTIFICATE-----
Notes about the 9ece15a -> c9e5618 rebase:
- resolved conflicts in:
OvmfPkg/OvmfPkgIa32.dsc
OvmfPkg/OvmfPkgIa32X64.dsc
OvmfPkg/OvmfPkgX64.dsc
due to OvmfPkg/SecureBootConfigDxe/SecureBootConfigDxe.inf having
disappeared in upstream (commit 57446bb9).
Notes about the c9e5618 -> b9ffeab rebase:
- Guid/VariableFormat.h now lives under MdeModulePkg.
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
- This patch now squashes the following commits:
- 014f459c197b OvmfPkg: EnrollDefaultKeys: application for enrolling
default keys (RH only)
- 18422a18d0e9 OvmfPkg/EnrollDefaultKeys: assign Status before reading
it (RH only)
- ddb90568e874 OvmfPkg/EnrollDefaultKeys: silence VS2015x86 warning (RH
only)
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
- This patch now squashes the following commits:
- c0b2615a9c0b OvmfPkg: EnrollDefaultKeys: application for enrolling
default keys (RH only)
- 22f4d33d0168 OvmfPkg/EnrollDefaultKeys: update SignatureOwner GUID for
Windows HCK (RH)
- ff7f2c1d870d OvmfPkg/EnrollDefaultKeys: expose CertType parameter of
EnrollListOfCerts (RH)
- aee7b5ba60b4 OvmfPkg/EnrollDefaultKeys: blacklist empty file in dbx
for Windows HCK (RH)
- Consequently, OvmfPkg/EnrollDefaultKeys/ is identical to the same
directory at the "RHEL-7.4" tag (49d06d386736).
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit c0b2615a9c0b4a4be1bffe45681a32915449279d)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c | 963 ++++++++++++++++++++++++
OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf | 51 ++
OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c | 1015 +++++++++++++++++
.../EnrollDefaultKeys/EnrollDefaultKeys.inf | 52 +
OvmfPkg/OvmfPkgIa32.dsc | 4 +
OvmfPkg/OvmfPkgIa32X64.dsc | 4 +
OvmfPkg/OvmfPkgX64.dsc | 4 +
5 files changed, 1026 insertions(+)
5 files changed, 1079 insertions(+)
create mode 100644 OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c
create mode 100644 OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf
diff --git a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c
new file mode 100644
index 0000000..447288f
index 0000000000..dd413df12d
--- /dev/null
+++ b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c
@@ -0,0 +1,963 @@
@@ -0,0 +1,1015 @@
+/** @file
+ Enroll default PK, KEK, DB.
+
@ -83,117 +232,85 @@ index 0000000..447288f
+#include <Library/UefiRuntimeServicesTableLib.h> // gRT
+
+//
+// The example self-signed certificate below, which we'll use for both Platform
+// Key, and first Key Exchange Key, has been generated with the following
+// non-interactive openssl command. The passphrase is read from /dev/urandom,
+// and not saved, and the private key is written to /dev/null. In other words,
+// we can't sign anything else against this certificate, which is our purpose.
+// We'll use the certificate below as both Platform Key and as first Key
+// Exchange Key.
+//
+/*
+ openssl req \
+ -passout file:<(head -c 16 /dev/urandom) \
+ -x509 \
+ -newkey rsa:2048 \
+ -keyout /dev/null \
+ -outform DER \
+ -subj $(
+ printf /C=US
+ printf /ST=TestStateOrProvince
+ printf /L=TestLocality
+ printf /O=TestOrganization
+ printf /OU=TestOrganizationalUnit
+ printf /CN=TestCommonName
+ printf /emailAddress=test@example.com
+ ) \
+ 2>/dev/null \
+ | xxd -i
+*/
+STATIC CONST UINT8 ExampleCert[] = {
+ 0x30, 0x82, 0x04, 0x45, 0x30, 0x82, 0x03, 0x2d, 0xa0, 0x03, 0x02, 0x01, 0x02,
+ 0x02, 0x09, 0x00, 0xcf, 0x9f, 0x51, 0xa3, 0x07, 0xdb, 0x54, 0xa1, 0x30, 0x0d,
+// "Red Hat Secure Boot (PK/KEK key 1)/emailAddress=secalert@redhat.com"
+// SHA1: fd:fc:7f:3c:7e:f3:e0:57:76:ad:d7:98:78:21:6c:9b:e0:e1:95:97
+//
+STATIC CONST UINT8 RedHatPkKek1[] = {
+ 0x30, 0x82, 0x03, 0xa0, 0x30, 0x82, 0x02, 0x88, 0xa0, 0x03, 0x02, 0x01, 0x02,
+ 0x02, 0x09, 0x00, 0xfe, 0xf5, 0x88, 0xe8, 0xf3, 0x96, 0xc0, 0xf1, 0x30, 0x0d,
+ 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00,
+ 0x30, 0x81, 0xb8, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
+ 0x02, 0x55, 0x53, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c,
+ 0x13, 0x54, 0x65, 0x73, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x4f, 0x72, 0x50,
+ 0x72, 0x6f, 0x76, 0x69, 0x6e, 0x63, 0x65, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03,
+ 0x55, 0x04, 0x07, 0x0c, 0x0c, 0x54, 0x65, 0x73, 0x74, 0x4c, 0x6f, 0x63, 0x61,
+ 0x6c, 0x69, 0x74, 0x79, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0a,
+ 0x0c, 0x10, 0x54, 0x65, 0x73, 0x74, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a,
+ 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04,
+ 0x0b, 0x0c, 0x16, 0x54, 0x65, 0x73, 0x74, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69,
+ 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x55, 0x6e, 0x69, 0x74, 0x31,
+ 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0e, 0x54, 0x65, 0x73,
+ 0x74, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x31, 0x1f,
+ 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01,
+ 0x16, 0x10, 0x74, 0x65, 0x73, 0x74, 0x40, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c,
+ 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x34, 0x31, 0x30,
+ 0x30, 0x39, 0x31, 0x33, 0x32, 0x38, 0x32, 0x32, 0x5a, 0x17, 0x0d, 0x31, 0x34,
+ 0x31, 0x31, 0x30, 0x38, 0x31, 0x33, 0x32, 0x38, 0x32, 0x32, 0x5a, 0x30, 0x81,
+ 0xb8, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55,
+ 0x53, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x13, 0x54,
+ 0x65, 0x73, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x4f, 0x72, 0x50, 0x72, 0x6f,
+ 0x76, 0x69, 0x6e, 0x63, 0x65, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04,
+ 0x07, 0x0c, 0x0c, 0x54, 0x65, 0x73, 0x74, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69,
+ 0x74, 0x79, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x10,
+ 0x54, 0x65, 0x73, 0x74, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61, 0x74,
+ 0x69, 0x6f, 0x6e, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c,
+ 0x16, 0x54, 0x65, 0x73, 0x74, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61,
+ 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x55, 0x6e, 0x69, 0x74, 0x31, 0x17, 0x30,
+ 0x15, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0e, 0x54, 0x65, 0x73, 0x74, 0x43,
+ 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x31, 0x1f, 0x30, 0x1d,
+ 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10,
+ 0x74, 0x65, 0x73, 0x74, 0x40, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e,
+ 0x30, 0x51, 0x31, 0x2b, 0x30, 0x29, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x22,
+ 0x52, 0x65, 0x64, 0x20, 0x48, 0x61, 0x74, 0x20, 0x53, 0x65, 0x63, 0x75, 0x72,
+ 0x65, 0x20, 0x42, 0x6f, 0x6f, 0x74, 0x20, 0x28, 0x50, 0x4b, 0x2f, 0x4b, 0x45,
+ 0x4b, 0x20, 0x6b, 0x65, 0x79, 0x20, 0x31, 0x29, 0x31, 0x22, 0x30, 0x20, 0x06,
+ 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x13, 0x73,
+ 0x65, 0x63, 0x61, 0x6c, 0x65, 0x72, 0x74, 0x40, 0x72, 0x65, 0x64, 0x68, 0x61,
+ 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x34, 0x31, 0x30,
+ 0x33, 0x31, 0x31, 0x31, 0x31, 0x35, 0x33, 0x37, 0x5a, 0x17, 0x0d, 0x33, 0x37,
+ 0x31, 0x30, 0x32, 0x35, 0x31, 0x31, 0x31, 0x35, 0x33, 0x37, 0x5a, 0x30, 0x51,
+ 0x31, 0x2b, 0x30, 0x29, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x22, 0x52, 0x65,
+ 0x64, 0x20, 0x48, 0x61, 0x74, 0x20, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20,
+ 0x42, 0x6f, 0x6f, 0x74, 0x20, 0x28, 0x50, 0x4b, 0x2f, 0x4b, 0x45, 0x4b, 0x20,
+ 0x6b, 0x65, 0x79, 0x20, 0x31, 0x29, 0x31, 0x22, 0x30, 0x20, 0x06, 0x09, 0x2a,
+ 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x13, 0x73, 0x65, 0x63,
+ 0x61, 0x6c, 0x65, 0x72, 0x74, 0x40, 0x72, 0x65, 0x64, 0x68, 0x61, 0x74, 0x2e,
+ 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
+ 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f,
+ 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xbf, 0xf1, 0xce,
+ 0x17, 0x32, 0xac, 0xc4, 0x4b, 0xb2, 0xed, 0x84, 0x76, 0xe5, 0xd0, 0xf8, 0x21,
+ 0xac, 0x10, 0xf8, 0x18, 0x09, 0x0e, 0x07, 0x13, 0x76, 0x21, 0x5c, 0xc4, 0xcc,
+ 0xd5, 0xe6, 0x25, 0xa7, 0x26, 0x53, 0x79, 0x2f, 0x16, 0x4b, 0x85, 0xbd, 0xae,
+ 0x42, 0x64, 0x58, 0xcb, 0x5e, 0xe8, 0x6e, 0x5a, 0xd0, 0xc4, 0x0f, 0x38, 0x16,
+ 0xbe, 0xd3, 0x22, 0xa7, 0x3c, 0x9b, 0x8b, 0x5e, 0xcb, 0x62, 0x35, 0xc5, 0x9b,
+ 0xe2, 0x8e, 0x4c, 0x65, 0x57, 0x4f, 0xcb, 0x27, 0xad, 0xe7, 0x63, 0xa7, 0x77,
+ 0x2b, 0xd5, 0x02, 0x42, 0x70, 0x46, 0xac, 0xba, 0xb6, 0x60, 0x57, 0xd9, 0xce,
+ 0x31, 0xc5, 0x12, 0x03, 0x4a, 0xf7, 0x2a, 0x2b, 0x40, 0x06, 0xb4, 0xdb, 0x31,
+ 0xb7, 0x83, 0x6c, 0x67, 0x87, 0x98, 0x8b, 0xce, 0x1b, 0x30, 0x7a, 0xfa, 0x35,
+ 0x6c, 0x86, 0x20, 0x74, 0xc5, 0x7d, 0x32, 0x31, 0x18, 0xeb, 0x69, 0xf7, 0x2d,
+ 0x20, 0xc4, 0xf0, 0xd2, 0xfa, 0x67, 0x81, 0xc1, 0xbb, 0x23, 0xbb, 0x75, 0x1a,
+ 0xe4, 0xb4, 0x49, 0x99, 0xdf, 0x12, 0x4c, 0xe3, 0x6d, 0x76, 0x24, 0x85, 0x24,
+ 0xae, 0x5a, 0x9e, 0xbd, 0x54, 0x1c, 0xf9, 0x0e, 0xed, 0x96, 0xb5, 0xd8, 0xa2,
+ 0x0d, 0x2a, 0x38, 0x5d, 0x12, 0x97, 0xb0, 0x4d, 0x75, 0x85, 0x1e, 0x47, 0x6d,
+ 0xe1, 0x25, 0x59, 0xcb, 0xe9, 0x33, 0x86, 0x6a, 0xef, 0x98, 0x24, 0xa0, 0x2b,
+ 0x02, 0x7b, 0xc0, 0x9f, 0x88, 0x03, 0xb0, 0xbe, 0x22, 0x65, 0x83, 0x77, 0xb3,
+ 0x30, 0xba, 0xe0, 0x3b, 0x54, 0x31, 0x3a, 0x45, 0x81, 0x9c, 0x48, 0xaf, 0xc1,
+ 0x11, 0x5b, 0xf2, 0x3a, 0x1e, 0x33, 0x1b, 0x8f, 0x0e, 0x04, 0xa4, 0x16, 0xd4,
+ 0x6b, 0x57, 0xee, 0xe7, 0xba, 0xf5, 0xee, 0xaf, 0xe2, 0x4c, 0x50, 0xf8, 0x68,
+ 0x57, 0x88, 0xfb, 0x7f, 0xa3, 0xcf, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x50,
+ 0x30, 0x4e, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14,
+ 0x1e, 0x44, 0xe5, 0xef, 0xcd, 0x6e, 0x1f, 0xdb, 0xcb, 0x4f, 0x94, 0x8f, 0xe3,
+ 0x3b, 0x1a, 0x8c, 0xe6, 0x95, 0x29, 0x61, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d,
+ 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x1e, 0x44, 0xe5, 0xef, 0xcd, 0x6e,
+ 0x1f, 0xdb, 0xcb, 0x4f, 0x94, 0x8f, 0xe3, 0x3b, 0x1a, 0x8c, 0xe6, 0x95, 0x29,
+ 0x61, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01,
+ 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
+ 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x12, 0x9c, 0x3e, 0x38,
+ 0xfc, 0x26, 0xea, 0x6d, 0xb7, 0x5c, 0x29, 0x3c, 0x76, 0x20, 0x0c, 0xb2, 0xa9,
+ 0x0f, 0xdf, 0xc0, 0x85, 0xfe, 0xeb, 0xec, 0x1d, 0x5d, 0x73, 0x84, 0xac, 0x8a,
+ 0xb4, 0x2a, 0x86, 0x38, 0x30, 0xaf, 0xd2, 0x2d, 0x2a, 0xde, 0x54, 0xc8, 0x5c,
+ 0x29, 0x90, 0x24, 0xf2, 0x39, 0xc1, 0xa5, 0x00, 0xb4, 0xb7, 0xd8, 0xdc, 0x59,
+ 0x64, 0x50, 0x62, 0x5f, 0x54, 0xf1, 0x73, 0x02, 0x4d, 0x43, 0xc5, 0xc3, 0xc4,
+ 0x0e, 0x62, 0x60, 0x8c, 0x53, 0x66, 0x57, 0x77, 0xb5, 0x81, 0xda, 0x1f, 0x81,
+ 0xda, 0xe9, 0xd6, 0x5e, 0x82, 0xce, 0xa7, 0x5c, 0xc0, 0xa6, 0xbe, 0x9c, 0x5c,
+ 0x7b, 0xa5, 0x15, 0xc8, 0xd7, 0x14, 0x53, 0xd3, 0x5c, 0x1c, 0x9f, 0x8a, 0x9f,
+ 0x66, 0x15, 0xd5, 0xd3, 0x2a, 0x27, 0x0c, 0xee, 0x9f, 0x80, 0x39, 0x88, 0x7b,
+ 0x24, 0xde, 0x0c, 0x61, 0xa3, 0x44, 0xd8, 0x8d, 0x2e, 0x79, 0xf8, 0x1e, 0x04,
+ 0x5a, 0xcb, 0xd6, 0x9c, 0xa3, 0x22, 0x8f, 0x09, 0x32, 0x1e, 0xe1, 0x65, 0x8f,
+ 0x10, 0x5f, 0xd8, 0x52, 0x56, 0xd5, 0x77, 0xac, 0x58, 0x46, 0x60, 0xba, 0x2e,
+ 0xe2, 0x3f, 0x58, 0x7d, 0x60, 0xfc, 0x31, 0x4a, 0x3a, 0xaf, 0x61, 0x55, 0x5f,
+ 0xfb, 0x68, 0x14, 0x74, 0xda, 0xdc, 0x42, 0x78, 0xcc, 0xee, 0xff, 0x5c, 0x03,
+ 0x24, 0x26, 0x2c, 0xb8, 0x3a, 0x81, 0xad, 0xdb, 0xe7, 0xed, 0xe1, 0x62, 0x84,
+ 0x07, 0x1a, 0xc8, 0xa4, 0x4e, 0xb0, 0x87, 0xf7, 0x96, 0xd8, 0x33, 0x9b, 0x0d,
+ 0xa7, 0x77, 0xae, 0x5b, 0xaf, 0xad, 0xe6, 0x5a, 0xc9, 0xfa, 0xa4, 0xe4, 0xe5,
+ 0x57, 0xbb, 0x97, 0xdd, 0x92, 0x85, 0xd8, 0x03, 0x45, 0xfe, 0xd8, 0x6b, 0xb1,
+ 0xdb, 0x85, 0x36, 0xb9, 0xd9, 0x28, 0xbf, 0x17, 0xae, 0x11, 0xde, 0x10, 0x19,
+ 0x26, 0x5b, 0xc0, 0x3d, 0xc7
+ 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0x90, 0x1f, 0x84,
+ 0x7b, 0x8d, 0xbc, 0xeb, 0x97, 0x26, 0x82, 0x6d, 0x88, 0xab, 0x8a, 0xc9, 0x8c,
+ 0x68, 0x70, 0xf9, 0xdf, 0x4b, 0x07, 0xb2, 0x37, 0x83, 0x0b, 0x02, 0xc8, 0x67,
+ 0x68, 0x30, 0x9e, 0xe3, 0xf0, 0xf0, 0x99, 0x4a, 0xb8, 0x59, 0x57, 0xc6, 0x41,
+ 0xf6, 0x38, 0x8b, 0xfe, 0x66, 0x4c, 0x49, 0xe9, 0x37, 0x37, 0x92, 0x2e, 0x98,
+ 0x01, 0x1e, 0x5b, 0x14, 0x50, 0xe6, 0xa8, 0x8d, 0x25, 0x0d, 0xf5, 0x86, 0xe6,
+ 0xab, 0x30, 0xcb, 0x40, 0x16, 0xea, 0x8d, 0x8b, 0x16, 0x86, 0x70, 0x43, 0x37,
+ 0xf2, 0xce, 0xc0, 0x91, 0xdf, 0x71, 0x14, 0x8e, 0x99, 0x0e, 0x89, 0xb6, 0x4c,
+ 0x6d, 0x24, 0x1e, 0x8c, 0xe4, 0x2f, 0x4f, 0x25, 0xd0, 0xba, 0x06, 0xf8, 0xc6,
+ 0xe8, 0x19, 0x18, 0x76, 0x73, 0x1d, 0x81, 0x6d, 0xa8, 0xd8, 0x05, 0xcf, 0x3a,
+ 0xc8, 0x7b, 0x28, 0xc8, 0x36, 0xa3, 0x16, 0x0d, 0x29, 0x8c, 0x99, 0x9a, 0x68,
+ 0xdc, 0xab, 0xc0, 0x4d, 0x8d, 0xbf, 0x5a, 0xbb, 0x2b, 0xa9, 0x39, 0x4b, 0x04,
+ 0x97, 0x1c, 0xf9, 0x36, 0xbb, 0xc5, 0x3a, 0x86, 0x04, 0xae, 0xaf, 0xd4, 0x82,
+ 0x7b, 0xe0, 0xab, 0xde, 0x49, 0x05, 0x68, 0xfc, 0xf6, 0xae, 0x68, 0x1a, 0x6c,
+ 0x90, 0x4d, 0x57, 0x19, 0x3c, 0x64, 0x66, 0x03, 0xf6, 0xc7, 0x52, 0x9b, 0xf7,
+ 0x94, 0xcf, 0x93, 0x6a, 0xa1, 0x68, 0xc9, 0xaa, 0xcf, 0x99, 0x6b, 0xbc, 0xaa,
+ 0x5e, 0x08, 0xe7, 0x39, 0x1c, 0xf7, 0xf8, 0x0f, 0xba, 0x06, 0x7e, 0xf1, 0xcb,
+ 0xe8, 0x76, 0xdd, 0xfe, 0x22, 0xda, 0xad, 0x3a, 0x5e, 0x5b, 0x34, 0xea, 0xb3,
+ 0xc9, 0xe0, 0x4d, 0x04, 0x29, 0x7e, 0xb8, 0x60, 0xb9, 0x05, 0xef, 0xb5, 0xd9,
+ 0x17, 0x58, 0x56, 0x16, 0x60, 0xb9, 0x30, 0x32, 0xf0, 0x36, 0x4a, 0xc3, 0xf2,
+ 0x79, 0x8d, 0x12, 0x40, 0x70, 0xf3, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x7b,
+ 0x30, 0x79, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00,
+ 0x30, 0x2c, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x01, 0x0d,
+ 0x04, 0x1f, 0x16, 0x1d, 0x4f, 0x70, 0x65, 0x6e, 0x53, 0x53, 0x4c, 0x20, 0x47,
+ 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x64, 0x20, 0x43, 0x65, 0x72, 0x74,
+ 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d,
+ 0x0e, 0x04, 0x16, 0x04, 0x14, 0x3c, 0xe9, 0x60, 0xe3, 0xff, 0x19, 0xa1, 0x0a,
+ 0x7b, 0xa3, 0x42, 0xf4, 0x8d, 0x42, 0x2e, 0xb4, 0xd5, 0x9c, 0x72, 0xec, 0x30,
+ 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x3c,
+ 0xe9, 0x60, 0xe3, 0xff, 0x19, 0xa1, 0x0a, 0x7b, 0xa3, 0x42, 0xf4, 0x8d, 0x42,
+ 0x2e, 0xb4, 0xd5, 0x9c, 0x72, 0xec, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48,
+ 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00,
+ 0x5c, 0x4d, 0x92, 0x88, 0xb4, 0x82, 0x5f, 0x1d, 0xad, 0x8b, 0x11, 0xec, 0xdf,
+ 0x06, 0xa6, 0x7a, 0xa5, 0x2b, 0x9f, 0x37, 0x55, 0x0c, 0x8d, 0x6e, 0x05, 0x00,
+ 0xad, 0xb7, 0x0c, 0x41, 0x89, 0x69, 0xcf, 0xd6, 0x65, 0x06, 0x9b, 0x51, 0x78,
+ 0xd2, 0xad, 0xc7, 0xbf, 0x9c, 0xdc, 0x05, 0x73, 0x7f, 0xe7, 0x1e, 0x39, 0x13,
+ 0xb4, 0xea, 0xb6, 0x30, 0x7d, 0x40, 0x75, 0xab, 0x9c, 0x43, 0x0b, 0xdf, 0xb0,
+ 0xc2, 0x1b, 0xbf, 0x30, 0xe0, 0xf4, 0xfe, 0xc0, 0xdb, 0x62, 0x21, 0x98, 0xf6,
+ 0xc5, 0xaf, 0xde, 0x3b, 0x4f, 0x49, 0x0a, 0xe6, 0x1e, 0xf9, 0x86, 0xb0, 0x3f,
+ 0x0d, 0xd6, 0xd4, 0x46, 0x37, 0xdb, 0x54, 0x74, 0x5e, 0xff, 0x11, 0xc2, 0x60,
+ 0xc6, 0x70, 0x58, 0xc5, 0x1c, 0x6f, 0xec, 0xb2, 0xd8, 0x6e, 0x6f, 0xc3, 0xbc,
+ 0x33, 0x87, 0x38, 0xa4, 0xf3, 0x44, 0x64, 0x9c, 0x34, 0x3b, 0x28, 0x94, 0x26,
+ 0x78, 0x27, 0x9f, 0x16, 0x17, 0xe8, 0x3b, 0x69, 0x0a, 0x25, 0xa9, 0x73, 0x36,
+ 0x7e, 0x9e, 0x37, 0x5c, 0xec, 0xe8, 0x3f, 0xdb, 0x91, 0xf9, 0x12, 0xb3, 0x3d,
+ 0xce, 0xe7, 0xdd, 0x15, 0xc3, 0xae, 0x8c, 0x05, 0x20, 0x61, 0x9b, 0x95, 0xde,
+ 0x9b, 0xaf, 0xfa, 0xb1, 0x5c, 0x1c, 0xe5, 0x97, 0xe7, 0xc3, 0x34, 0x11, 0x85,
+ 0xf5, 0x8a, 0x27, 0x26, 0xa4, 0x70, 0x36, 0xec, 0x0c, 0xf6, 0x83, 0x3d, 0x90,
+ 0xf7, 0x36, 0xf3, 0xf9, 0xf3, 0x15, 0xd4, 0x90, 0x62, 0xbe, 0x53, 0xb4, 0xaf,
+ 0xd3, 0x49, 0xaf, 0xef, 0xf4, 0x73, 0xe8, 0x7b, 0x76, 0xe4, 0x44, 0x2a, 0x37,
+ 0xba, 0x81, 0xa4, 0x99, 0x0c, 0x3a, 0x31, 0x24, 0x71, 0xa0, 0xe4, 0xe4, 0xb7,
+ 0x1a, 0xcb, 0x47, 0xe4, 0xaa, 0x22, 0xcf, 0xef, 0x75, 0x61, 0x80, 0xe3, 0x43,
+ 0xb7, 0x48, 0x57, 0x73, 0x11, 0x3d, 0x78, 0x9b, 0x69
+};
+
+//
@ -578,6 +695,71 @@ index 0000000..447288f
+};
+
+//
+// The Microsoft.UefiSecureBootLogo.Tests.OutOfBoxConfirmDBXisPresent test case
+// of the Secure Boot Logo Test in the Microsoft Hardware Certification Kit
+// expects that the "dbx" variable exist.
+//
+// The article at <https://technet.microsoft.com/en-us/library/dn747883.aspx>
+// writes (excerpt):
+//
+// Windows 8.1 Secure Boot Key Creation and Management Guidance
+// 1. Secure Boot, Windows 8.1 and Key Management
+// 1.4 Signature Databases (Db and Dbx)
+// 1.4.3 Forbidden Signature Database (dbx)
+//
+// The contents of EFI_IMAGE_SIGNATURE_DATABASE1 dbx must be checked when
+// verifying images before checking db and any matches must prevent the
+// image from executing. The database may contain multiple certificates,
+// keys, and hashes in order to identify forbidden images. The Windows
+// Hardware Certification Requirements state that a dbx must be present, so
+// any dummy value, such as the SHA-256 hash of 0, may be used as a safe
+// placeholder until such time as Microsoft begins delivering dbx updates.
+//
+// The byte array below captures the SHA256 checksum of the empty file,
+// blacklisting it for loading & execution. This qualifies as a dummy, since
+// the empty file is not a valid UEFI binary anyway.
+//
+// Technically speaking, we could also capture an official (although soon to be
+// obsolete) dbx update from <http://www.uefi.org/revocationlistfile>. However,
+// the terms and conditions on distributing that binary aren't exactly light
+// reading, so let's best steer clear of it, and follow the "dummy entry"
+// practice recommended -- in natural English langauge -- in the
+// above-referenced TechNet article.
+//
+STATIC CONST UINT8 mSha256OfDevNull[] = {
+ 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8, 0x99,
+ 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c, 0xa4, 0x95,
+ 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55
+};
+
+//
+// The following test cases of the Secure Boot Logo Test in the Microsoft
+// Hardware Certification Kit:
+//
+// - Microsoft.UefiSecureBootLogo.Tests.OutOfBoxVerifyMicrosoftKEKpresent
+// - Microsoft.UefiSecureBootLogo.Tests.OutOfBoxConfirmMicrosoftSignatureInDB
+//
+// expect the EFI_SIGNATURE_DATA.SignatureOwner GUID to be
+// 77FA9ABD-0359-4D32-BD60-28F4E78F784B, when the
+// EFI_SIGNATURE_DATA.SignatureData field carries any of the following X509
+// certificates:
+//
+// - "Microsoft Corporation KEK CA 2011" (in KEK)
+// - "Microsoft Windows Production PCA 2011" (in db)
+// - "Microsoft Corporation UEFI CA 2011" (in db)
+//
+// This is despite the fact that the UEFI specification requires
+// EFI_SIGNATURE_DATA.SignatureOwner to reflect the agent (i.e., OS,
+// application or driver) that enrolled and therefore owns
+// EFI_SIGNATURE_DATA.SignatureData, and not the organization that issued
+// EFI_SIGNATURE_DATA.SignatureData.
+//
+STATIC CONST EFI_GUID mMicrosoftOwnerGuid = {
+ 0x77fa9abd, 0x0359, 0x4d32,
+ { 0xbd, 0x60, 0x28, 0xf4, 0xe7, 0x8f, 0x78, 0x4b },
+};
+
+//
+// The most important thing about the variable payload is that it is a list of
+// lists, where the element size of any given *inner* list is constant.
+//
@ -669,8 +851,7 @@ index 0000000..447288f
+#pragma pack()
+
+/**
+ Enroll a set of DER-formatted X.509 certificates in a global variable,
+ overwriting it.
+ Enroll a set of certificates in a global variable, overwriting it.
+
+ The variable will be rewritten with NV+BS+RT+AT attributes.
+
@ -679,6 +860,12 @@ index 0000000..447288f
+ @param[in] VendorGuid The namespace (ie. vendor GUID) of the variable to
+ overwrite.
+
+ @param[in] CertType The GUID determining the type of all the
+ certificates in the set that is passed in. For
+ example, gEfiCertX509Guid stands for DER-encoded
+ X.509 certificates, while gEfiCertSha256Guid stands
+ for SHA256 image hashes.
+
+ @param[in] ... A list of
+
+ IN CONST UINT8 *Cert,
@ -688,9 +875,9 @@ index 0000000..447288f
+ triplets. If the first component of a triplet is
+ NULL, then the other two components are not
+ accessed, and processing is terminated. The list of
+ X.509 certificates is enrolled in the variable
+ specified, overwriting it. The OwnerGuid component
+ identifies the agent installing the certificate.
+ certificates is enrolled in the variable specified,
+ overwriting it. The OwnerGuid component identifies
+ the agent installing the certificate.
+
+ @retval EFI_INVALID_PARAMETER The triplet list is empty (ie. the first Cert
+ value is NULL), or one of the CertSize values
@ -709,9 +896,10 @@ index 0000000..447288f
+STATIC
+EFI_STATUS
+EFIAPI
+EnrollListOfX509Certs (
+EnrollListOfCerts (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN EFI_GUID *CertType,
+ ...
+ )
+{
@ -730,7 +918,7 @@ index 0000000..447288f
+ // compute total size first, for UINT32 range check, and allocation
+ //
+ DataSize = sizeof *SingleHeader;
+ VA_START (Marker, VendorGuid);
+ VA_START (Marker, CertType);
+ for (Cert = VA_ARG (Marker, CONST UINT8 *);
+ Cert != NULL;
+ Cert = VA_ARG (Marker, CONST UINT8 *)) {
@ -791,7 +979,7 @@ index 0000000..447288f
+ CopyGuid (&SingleHeader->CertType, &gEfiCertPkcs7Guid);
+ Position += sizeof *SingleHeader;
+
+ VA_START (Marker, VendorGuid);
+ VA_START (Marker, CertType);
+ for (Cert = VA_ARG (Marker, CONST UINT8 *);
+ Cert != NULL;
+ Cert = VA_ARG (Marker, CONST UINT8 *)) {
@ -802,7 +990,7 @@ index 0000000..447288f
+ OwnerGuid = VA_ARG (Marker, CONST EFI_GUID *);
+
+ RepeatingHeader = (REPEATING_HEADER *)Position;
+ CopyGuid (&RepeatingHeader->SignatureType, &gEfiCertX509Guid);
+ CopyGuid (&RepeatingHeader->SignatureType, CertType);
+ RepeatingHeader->SignatureListSize =
+ (UINT32)(sizeof *RepeatingHeader + CertSize);
+ RepeatingHeader->SignatureHeaderSize = 0;
@ -967,30 +1155,43 @@ index 0000000..447288f
+ }
+ }
+
+ Status = EnrollListOfX509Certs (
+ Status = EnrollListOfCerts (
+ EFI_IMAGE_SECURITY_DATABASE,
+ &gEfiImageSecurityDatabaseGuid,
+ MicrosoftPCA, sizeof MicrosoftPCA, &gEfiCallerIdGuid,
+ MicrosoftUefiCA, sizeof MicrosoftUefiCA, &gEfiCallerIdGuid,
+ &gEfiCertX509Guid,
+ MicrosoftPCA, sizeof MicrosoftPCA, &mMicrosoftOwnerGuid,
+ MicrosoftUefiCA, sizeof MicrosoftUefiCA, &mMicrosoftOwnerGuid,
+ NULL);
+ if (EFI_ERROR (Status)) {
+ return 1;
+ }
+
+ Status = EnrollListOfX509Certs (
+ Status = EnrollListOfCerts (
+ EFI_IMAGE_SECURITY_DATABASE1,
+ &gEfiImageSecurityDatabaseGuid,
+ &gEfiCertSha256Guid,
+ mSha256OfDevNull, sizeof mSha256OfDevNull, &gEfiCallerIdGuid,
+ NULL);
+ if (EFI_ERROR (Status)) {
+ return 1;
+ }
+
+ Status = EnrollListOfCerts (
+ EFI_KEY_EXCHANGE_KEY_NAME,
+ &gEfiGlobalVariableGuid,
+ ExampleCert, sizeof ExampleCert, &gEfiCallerIdGuid,
+ MicrosoftKEK, sizeof MicrosoftKEK, &gEfiCallerIdGuid,
+ &gEfiCertX509Guid,
+ RedHatPkKek1, sizeof RedHatPkKek1, &gEfiCallerIdGuid,
+ MicrosoftKEK, sizeof MicrosoftKEK, &mMicrosoftOwnerGuid,
+ NULL);
+ if (EFI_ERROR (Status)) {
+ return 1;
+ }
+
+ Status = EnrollListOfX509Certs (
+ Status = EnrollListOfCerts (
+ EFI_PLATFORM_KEY_NAME,
+ &gEfiGlobalVariableGuid,
+ ExampleCert, sizeof ExampleCert, &gEfiGlobalVariableGuid,
+ &gEfiCertX509Guid,
+ RedHatPkKek1, sizeof RedHatPkKek1, &gEfiGlobalVariableGuid,
+ NULL);
+ if (EFI_ERROR (Status)) {
+ return 1;
@ -1024,10 +1225,10 @@ index 0000000..447288f
+}
diff --git a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf
new file mode 100644
index 0000000..ac919bb
index 0000000000..0ad86a2843
--- /dev/null
+++ b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf
@@ -0,0 +1,51 @@
@@ -0,0 +1,52 @@
+## @file
+# Enroll default PK, KEK, DB.
+#
@ -1066,6 +1267,7 @@ index 0000000..ac919bb
+
+[Guids]
+ gEfiCertPkcs7Guid
+ gEfiCertSha256Guid
+ gEfiCertX509Guid
+ gEfiCustomModeEnableGuid
+ gEfiGlobalVariableGuid
@ -1080,10 +1282,10 @@ index 0000000..ac919bb
+ UefiLib
+ UefiRuntimeServicesTableLib
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 8af3267..6fb5c9c 100644
index 8dc3ad2be4..518f6db2c6 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -749,6 +749,10 @@
@@ -876,6 +876,10 @@
!if $(SECURE_BOOT_ENABLE) == TRUE
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
@ -1095,10 +1297,10 @@ index 8af3267..6fb5c9c 100644
OvmfPkg/PlatformDxe/Platform.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 4bb38d0..e5abaff 100644
index d81cd865d5..ed2f876e7e 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -758,6 +758,10 @@
@@ -885,6 +885,10 @@
!if $(SECURE_BOOT_ENABLE) == TRUE
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
@ -1110,10 +1312,10 @@ index 4bb38d0..e5abaff 100644
OvmfPkg/PlatformDxe/Platform.inf
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index be3aa1f..4c36a7d 100644
index 85bd8d4bf6..a12905f882 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -756,6 +756,10 @@
@@ -883,6 +883,10 @@
!if $(SECURE_BOOT_ENABLE) == TRUE
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
@ -1124,6 +1326,3 @@ index be3aa1f..4c36a7d 100644
!endif
OvmfPkg/PlatformDxe/Platform.inf
--
1.8.3.1

55
0014-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch Normal file
View File

@ -0,0 +1,55 @@
From 6f89eae9f2abe20e35058848e7cc10a69a6b05ec Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 14 Oct 2015 13:49:43 +0200
Subject: [PATCH] ArmPlatformPkg: introduce fixed PCD for early hello message
(RH only)
Drew has proposed that ARM|AARCH64 platform firmware (especially virtual
machine firmware) print a reasonably early, simple hello message to the
serial port, regardless of debug mask settings. This should inform
interactive users, and provide some rough help in localizing boot
problems, even with restrictive debug masks.
If a platform doesn't want this feature, it should stick with the default
empty string.
RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1270279
Downstream only:
<http://thread.gmane.org/gmane.comp.bios.edk2.devel/2996/focus=3433>.
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
- no changes
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
- no changes
Suggested-by: Drew Jones <drjones@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit 7ce97b06421434c82095f01a1753a8c9c546cc30)
(cherry picked from commit 20b1f1cbd0590aa71c6d99d35e23cf08e0707750)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
ArmPlatformPkg/ArmPlatformPkg.dec | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/ArmPlatformPkg/ArmPlatformPkg.dec b/ArmPlatformPkg/ArmPlatformPkg.dec
index 5f67e74154..2956d3e2d8 100644
--- a/ArmPlatformPkg/ArmPlatformPkg.dec
+++ b/ArmPlatformPkg/ArmPlatformPkg.dec
@@ -113,6 +113,13 @@
## If set, this will swap settings for HDLCD RED_SELECT and BLUE_SELECT registers
gArmPlatformTokenSpaceGuid.PcdArmHdLcdSwapBlueRedSelect|FALSE|BOOLEAN|0x00000045
+ #
+ # Early hello message (ASCII string), printed to the serial port.
+ # If set to the empty string, nothing is printed.
+ # Otherwise, a trailing CRLF should be specified explicitly.
+ #
+ gArmPlatformTokenSpaceGuid.PcdEarlyHelloMessage|""|VOID*|0x00000100
+
[PcdsFixedAtBuild.common,PcdsDynamic.common]
## PL031 RealTimeClock
gArmPlatformTokenSpaceGuid.PcdPL031RtcBase|0x0|UINT32|0x00000024

103
0015-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch Normal file
View File

@ -0,0 +1,103 @@
From e6c0f362edd5834b0d891fc44cd6873566bb0df4 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 14 Oct 2015 13:59:20 +0200
Subject: [PATCH] ArmPlatformPkg: PrePeiCore: write early hello message to the
serial port (RH)
The FixedPcdGetSize() macro expands to an integer constant, therefore an
optimizing compiler can eliminate the new code, if the platform DSC
doesn't override the empty string (size=1) default of
PcdEarlyHelloMessage.
RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1270279
Downstream only:
<http://thread.gmane.org/gmane.comp.bios.edk2.devel/2996/focus=3433>.
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
- no changes
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
- no changes
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit b16c4c505ce0e27305235533eac9236aa66f132e)
(cherry picked from commit 742e5bf6d5ce5a1e73879d6e5c0dd00feda7a9ac)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
ArmPlatformPkg/PrePeiCore/MainMPCore.c | 5 +++++
ArmPlatformPkg/PrePeiCore/MainUniCore.c | 5 +++++
ArmPlatformPkg/PrePeiCore/PrePeiCore.h | 1 +
ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf | 2 ++
ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf | 2 ++
5 files changed, 15 insertions(+)
diff --git a/ArmPlatformPkg/PrePeiCore/MainMPCore.c b/ArmPlatformPkg/PrePeiCore/MainMPCore.c
index dc47adbaff..cbd72232c7 100644
--- a/ArmPlatformPkg/PrePeiCore/MainMPCore.c
+++ b/ArmPlatformPkg/PrePeiCore/MainMPCore.c
@@ -117,6 +117,11 @@ PrimaryMain (
UINTN TemporaryRamBase;
UINTN TemporaryRamSize;
+ if (FixedPcdGetSize (PcdEarlyHelloMessage) > 1) {
+ SerialPortWrite (FixedPcdGetPtr (PcdEarlyHelloMessage),
+ FixedPcdGetSize (PcdEarlyHelloMessage) - 1);
+ }
+
CreatePpiList (&PpiListSize, &PpiList);
// Enable the GIC Distributor
diff --git a/ArmPlatformPkg/PrePeiCore/MainUniCore.c b/ArmPlatformPkg/PrePeiCore/MainUniCore.c
index 134a469427..af39fc017c 100644
--- a/ArmPlatformPkg/PrePeiCore/MainUniCore.c
+++ b/ArmPlatformPkg/PrePeiCore/MainUniCore.c
@@ -35,6 +35,11 @@ PrimaryMain (
UINTN TemporaryRamBase;
UINTN TemporaryRamSize;
+ if (FixedPcdGetSize (PcdEarlyHelloMessage) > 1) {
+ SerialPortWrite (FixedPcdGetPtr (PcdEarlyHelloMessage),
+ FixedPcdGetSize (PcdEarlyHelloMessage) - 1);
+ }
+
CreatePpiList (&PpiListSize, &PpiList);
// Adjust the Temporary Ram as the new Ppi List (Common + Platform Ppi Lists) is created at
diff --git a/ArmPlatformPkg/PrePeiCore/PrePeiCore.h b/ArmPlatformPkg/PrePeiCore/PrePeiCore.h
index 160894620c..bf843d7768 100644
--- a/ArmPlatformPkg/PrePeiCore/PrePeiCore.h
+++ b/ArmPlatformPkg/PrePeiCore/PrePeiCore.h
@@ -21,6 +21,7 @@
#include <Library/DebugLib.h>
#include <Library/IoLib.h>
#include <Library/PcdLib.h>
+#include <Library/SerialPortLib.h>
#include <PiPei.h>
#include <Ppi/TemporaryRamSupport.h>
diff --git a/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf b/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf
index e3a31fa7c6..1bc0c45420 100644
--- a/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf
+++ b/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf
@@ -72,6 +72,8 @@
gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize
gArmPlatformTokenSpaceGuid.PcdCPUCoreSecondaryStackSize
+ gArmPlatformTokenSpaceGuid.PcdEarlyHelloMessage
+
gArmTokenSpaceGuid.PcdGicDistributorBase
gArmTokenSpaceGuid.PcdGicInterruptInterfaceBase
gArmTokenSpaceGuid.PcdGicSgiIntId
diff --git a/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf b/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf
index ec83cec2d8..20698fcfac 100644
--- a/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf
+++ b/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf
@@ -71,3 +71,5 @@
gArmPlatformTokenSpaceGuid.PcdCPUCoreSecondaryStackSize
gEfiMdeModulePkgTokenSpaceGuid.PcdInitValueInTempStack
+
+ gArmPlatformTokenSpaceGuid.PcdEarlyHelloMessage

40
0016-ArmVirtPkg-set-early-hello-message-RH-only.patch Normal file
View File

@ -0,0 +1,40 @@
From e777f7d03c8a8d56e08926ecf0b17e1338837093 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 14 Oct 2015 14:07:17 +0200
Subject: [PATCH] ArmVirtPkg: set early hello message (RH only)
Print a friendly banner on QEMU, regardless of debug mask settings.
RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1270279
Downstream only:
<http://thread.gmane.org/gmane.comp.bios.edk2.devel/2996/focus=3433>.
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
- no changes
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
- no changes
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit 5d4a15b9019728b2d96322bc679099da49916925)
(cherry picked from commit 179df76dbb0d199bd905236e98775b4059c6502a)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
ArmVirtPkg/ArmVirtQemu.dsc | 1 +
1 file changed, 1 insertion(+)
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index 86d5d5a666..ffe4ba8092 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -87,6 +87,7 @@
gEfiMdeModulePkgTokenSpaceGuid.PcdConOutUgaSupport|FALSE
[PcdsFixedAtBuild.common]
+ gArmPlatformTokenSpaceGuid.PcdEarlyHelloMessage|"UEFI firmware starting.\r\n"
gArmPlatformTokenSpaceGuid.PcdCoreCount|1
!if $(ARCH) == AARCH64
gArmTokenSpaceGuid.PcdVFPEnabled|1

35
0017-BaseTools-footer.makefile-expand-BUILD_CFLAGS-last-f.patch Normal file
View File

@ -0,0 +1,35 @@
From eebbf279b59afa3787d11734d9707cc7ab24d651 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 25 Jul 2018 22:27:53 +0200
Subject: [PATCH] BaseTools/footer.makefile: expand BUILD_CFLAGS last for C
files too
BUILD_CPPFLAGS should be expanded before BUILD_CFLAGS. (The rule for C++
source files already does this, with BUILD_CPPFLAGS and BUILD_CXXFLAGS.)
This patch doesn't change behavior.
Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1540244
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
(cherry picked from commit 67983484a4430c5f82bb5f1397e010c759136321)
---
BaseTools/Source/C/Makefiles/footer.makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/BaseTools/Source/C/Makefiles/footer.makefile b/BaseTools/Source/C/Makefiles/footer.makefile
index 0926aa9645..5bda9e4e36 100644
--- a/BaseTools/Source/C/Makefiles/footer.makefile
+++ b/BaseTools/Source/C/Makefiles/footer.makefile
@@ -24,7 +24,7 @@ $(LIBRARY): $(OBJECTS)
$(BUILD_AR) crs $@ $^
%.o : %.c
- $(BUILD_CC) -c $(BUILD_CFLAGS) $(BUILD_CPPFLAGS) $< -o $@
+ $(BUILD_CC) -c $(BUILD_CPPFLAGS) $(BUILD_CFLAGS) $< -o $@
%.o : %.cpp
$(BUILD_CXX) -c $(BUILD_CPPFLAGS) $(BUILD_CXXFLAGS) $< -o $@

40
0018-BaseTools-header.makefile-remove-c-from-BUILD_CFLAGS.patch Normal file
View File

@ -0,0 +1,40 @@
From 0af592dfa9a6d1a3379db1331344f411f7774bea Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 25 Jul 2018 22:40:09 +0200
Subject: [PATCH] BaseTools/header.makefile: remove "-c" from BUILD_CFLAGS
Option "-c" is a mode selection flag (choosing between compiling and
linking); it should not be in BUILD_CFLAGS, which applies only to
compiling anyway. The compilation rule for C source files, in
"footer.makefile", already includes "-c" -- currently we have double "-c"
options.
This patch doesn't change behavior.
Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1540244
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
(cherry picked from commit 03252ae287c4a61983b3793ff71baeabe2ff3df7)
---
BaseTools/Source/C/Makefiles/header.makefile | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/BaseTools/Source/C/Makefiles/header.makefile b/BaseTools/Source/C/Makefiles/header.makefile
index db436773cf..08421ba24c 100644
--- a/BaseTools/Source/C/Makefiles/header.makefile
+++ b/BaseTools/Source/C/Makefiles/header.makefile
@@ -71,9 +71,9 @@ INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT) -I $(MAKEROOT)/Include/Common -I $(MAKE
BUILD_CPPFLAGS = $(INCLUDE) -O2
ifeq ($(DARWIN),Darwin)
# assume clang or clang compatible flags on OS X
-BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -c -g
+BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -g
else
-BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict -Wno-unused-result -nostdlib -c -g
+BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict -Wno-unused-result -nostdlib -g
endif
BUILD_LFLAGS =
BUILD_CXXFLAGS = -Wno-unused-result

87
0019-BaseTools-Source-C-split-O2-to-BUILD_OPTFLAGS.patch Normal file
View File

@ -0,0 +1,87 @@
From 67c8bbaf89bbb4015f0b915fed6fb2f35efd282f Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 25 Jul 2018 22:59:57 +0200
Subject: [PATCH] BaseTools/Source/C: split "-O2" to BUILD_OPTFLAGS
The option "-O2" is not a preprocessor flag, but a code generation
(compilation) flag. Move it from BUILD_CPPFLAGS to BUILD_CFLAGS and
BUILD_CXXFLAGS.
Because "VfrCompile/GNUmakefile" uses "-O2" through BUILD_CPPFLAGS, and
because it doesn't use BUILD_CXXFLAGS, we have to introduce BUILD_OPTFLAGS
separately, so that "VfrCompile/GNUmakefile" can continue using just this
flag.
This patch doesn't change behavior.
Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1540244
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
(cherry picked from commit b8a66170264395edeaa61e6d22930a58e576a685)
---
BaseTools/Source/C/Makefiles/header.makefile | 6 +++++-
BaseTools/Source/C/VfrCompile/GNUmakefile | 11 +++++++----
2 files changed, 12 insertions(+), 5 deletions(-)
diff --git a/BaseTools/Source/C/Makefiles/header.makefile b/BaseTools/Source/C/Makefiles/header.makefile
index 08421ba24c..498c6cf48b 100644
--- a/BaseTools/Source/C/Makefiles/header.makefile
+++ b/BaseTools/Source/C/Makefiles/header.makefile
@@ -68,7 +68,8 @@ $(error Bad HOST_ARCH)
endif
INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT) -I $(MAKEROOT)/Include/Common -I $(MAKEROOT)/Include/ -I $(MAKEROOT)/Include/IndustryStandard -I $(MAKEROOT)/Common/ -I .. -I . $(ARCH_INCLUDE)
-BUILD_CPPFLAGS = $(INCLUDE) -O2
+BUILD_CPPFLAGS = $(INCLUDE)
+BUILD_OPTFLAGS = -O2
ifeq ($(DARWIN),Darwin)
# assume clang or clang compatible flags on OS X
BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -g
@@ -91,6 +92,9 @@ ifeq ($(DARWIN),Darwin)
endif
endif
+# keep BUILD_OPTFLAGS last
+BUILD_CFLAGS += $(BUILD_OPTFLAGS)
+BUILD_CXXFLAGS += $(BUILD_OPTFLAGS)
.PHONY: all
.PHONY: install
diff --git a/BaseTools/Source/C/VfrCompile/GNUmakefile b/BaseTools/Source/C/VfrCompile/GNUmakefile
index c4ec61aa6c..bbe562cbc5 100644
--- a/BaseTools/Source/C/VfrCompile/GNUmakefile
+++ b/BaseTools/Source/C/VfrCompile/GNUmakefile
@@ -25,6 +25,9 @@ OBJECTS = AParser.o DLexerBase.o ATokenBuffer.o EfiVfrParser.o VfrLexer.o VfrSyn
VFR_CPPFLAGS = -DPCCTS_USE_NAMESPACE_STD $(BUILD_CPPFLAGS)
+# keep BUILD_OPTFLAGS last
+VFR_CXXFLAGS = $(BUILD_OPTFLAGS)
+
LINKER = $(BUILD_CXX)
EXTRA_CLEAN_OBJECTS = EfiVfrParser.cpp EfiVfrParser.h VfrParser.dlg VfrTokens.h VfrLexer.cpp VfrLexer.h VfrSyntax.cpp tokens.h
@@ -58,16 +61,16 @@ Pccts/dlg/dlg:
BIN_DIR='.' $(MAKE) -C Pccts/dlg
ATokenBuffer.o: Pccts/h/ATokenBuffer.cpp
- $(BUILD_CXX) -c $(VFR_CPPFLAGS) $(INC) $? -o $@
+ $(BUILD_CXX) -c $(VFR_CPPFLAGS) $(INC) $(VFR_CXXFLAGS) $? -o $@
DLexerBase.o: Pccts/h/DLexerBase.cpp
- $(BUILD_CXX) -c $(VFR_CPPFLAGS) $(INC) $? -o $@
+ $(BUILD_CXX) -c $(VFR_CPPFLAGS) $(INC) $(VFR_CXXFLAGS) $? -o $@
AParser.o: Pccts/h/AParser.cpp
- $(BUILD_CXX) -c $(VFR_CPPFLAGS) $(INC) $? -o $@
+ $(BUILD_CXX) -c $(VFR_CPPFLAGS) $(INC) $(VFR_CXXFLAGS) $? -o $@
VfrSyntax.o: VfrSyntax.cpp
- $(BUILD_CXX) -c $(VFR_CPPFLAGS) $(INC) $? -o $@
+ $(BUILD_CXX) -c $(VFR_CPPFLAGS) $(INC) $(VFR_CXXFLAGS) $? -o $@
clean: localClean

37
0020-BaseTools-Source-C-take-EXTRA_OPTFLAGS-from-the-call.patch Normal file
View File

@ -0,0 +1,37 @@
From 26296351f9a6b6dad0604f8ed62ce5de0f41ac2c Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Thu, 26 Jul 2018 00:04:26 +0200
Subject: [PATCH] BaseTools/Source/C: take EXTRA_OPTFLAGS from the caller
Allow the caller of the top-level makefile either to set EXTRA_OPTFLAGS in
the environment or to pass EXTRA_OPTFLAGS as a macro definition on the
command line. EXTRA_OPTFLAGS extends (and potentially overrides) default C
compilation flags set in the makefiles.
Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1540244
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
(cherry picked from commit b0ca5dae78ff71397a8ef568f1914da7668ff5a9)
---
BaseTools/Source/C/Makefiles/header.makefile | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/BaseTools/Source/C/Makefiles/header.makefile b/BaseTools/Source/C/Makefiles/header.makefile
index 498c6cf48b..1b4cad5497 100644
--- a/BaseTools/Source/C/Makefiles/header.makefile
+++ b/BaseTools/Source/C/Makefiles/header.makefile
@@ -69,7 +69,10 @@ endif
INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT) -I $(MAKEROOT)/Include/Common -I $(MAKEROOT)/Include/ -I $(MAKEROOT)/Include/IndustryStandard -I $(MAKEROOT)/Common/ -I .. -I . $(ARCH_INCLUDE)
BUILD_CPPFLAGS = $(INCLUDE)
-BUILD_OPTFLAGS = -O2
+
+# keep EXTRA_OPTFLAGS last
+BUILD_OPTFLAGS = -O2 $(EXTRA_OPTFLAGS)
+
ifeq ($(DARWIN),Darwin)
# assume clang or clang compatible flags on OS X
BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -g

35
0021-BaseTools-Source-C-take-EXTRA_LDFLAGS-from-the-calle.patch Normal file
View File

@ -0,0 +1,35 @@
From c1a087a76d91665433f190d0468be2b33da443cd Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Thu, 26 Jul 2018 01:24:40 +0200
Subject: [PATCH] BaseTools/Source/C: take EXTRA_LDFLAGS from the caller
Allow the caller of the top-level makefile either to set EXTRA_LDFLAGS in
the environment or to pass EXTRA_LDFLAGS as a macro definition on the
command line. EXTRA_LDFLAGS extends (and potentially overrides) default
link-editing flags set in the makefiles.
Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1540244
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
(cherry picked from commit 81502cee20ac4046f08bb4aec754c7091c8808dc)
---
BaseTools/Source/C/Makefiles/header.makefile | 3 +++
1 file changed, 3 insertions(+)
diff --git a/BaseTools/Source/C/Makefiles/header.makefile b/BaseTools/Source/C/Makefiles/header.makefile
index 1b4cad5497..7f283d6464 100644
--- a/BaseTools/Source/C/Makefiles/header.makefile
+++ b/BaseTools/Source/C/Makefiles/header.makefile
@@ -99,6 +99,9 @@ endif
BUILD_CFLAGS += $(BUILD_OPTFLAGS)
BUILD_CXXFLAGS += $(BUILD_OPTFLAGS)
+# keep EXTRA_LDFLAGS last
+BUILD_LFLAGS += $(EXTRA_LDFLAGS)
+
.PHONY: all
.PHONY: install
.PHONY: clean

69
0022-BaseTools-VfrCompile-honor-EXTRA_LDFLAGS.patch Normal file
View File

@ -0,0 +1,69 @@
From d30cba687d657a68bf83b8dd54db63b3e2e6cb54 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Thu, 16 Aug 2018 19:38:02 -0700
Subject: [PATCH] BaseTools/VfrCompile: honor EXTRA_LDFLAGS
In commit 81502cee20ac ("BaseTools/Source/C: take EXTRA_LDFLAGS from the
caller", 2018-08-16), I missed that "VfrCompile/GNUmakefile" does not use
BUILD_LFLAGS in the APPLICATION linking rule, unlike "app.makefile" does.
Instead, "VfrCompile/GNUmakefile" uses the (undefined) LFLAGS macro.
Therefore commit 81502cee20ac did not cover the linking step of
VfrCompile.
Thankfully, the structure of the linking rules is the same, between
"app.makefile" and "VfrCompile/GNUmakefile". Rename the undefined LFLAGS
macro in "VfrCompile/GNUmakefile" to VFR_LFLAGS (for consistency with
VFR_CXXFLAGS), and set it to EXTRA_LDFLAGS.
As a result, we have:
| compilation | linking
-----------+--------------------------------+----------------------
VfrCompile | VFR_CXXFLAGS = | VFR_LFLAGS =
| BUILD_OPTFLAGS = | EXTRA_LDFLAGS
| '-O2' + EXTRA_OPTFLAGS |
-----------+--------------------------------+----------------------
other apps | BUILD_CFLAGS/BUILD_CXXFLAGS = | BUILD_LFLAGS =
| [...] + BUILD_OPTFLAGS = | [...] + EXTRA_LDFLAGS
| [...] + '-O2' + EXTRA_OPTFLAGS |
This table shows
- that the VfrCompile compilation and linking flags are always a subset of
the corresponding flags used by the other apps,
- and that the EXTRA flags are always at the end.
Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1540244
Fixes: 81502cee20ac4046f08bb4aec754c7091c8808dc
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
(cherry picked from commit aa4e0df1f0c7ffdff07d7e382c9da89cbe207cdb)
---
BaseTools/Source/C/VfrCompile/GNUmakefile | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/BaseTools/Source/C/VfrCompile/GNUmakefile b/BaseTools/Source/C/VfrCompile/GNUmakefile
index bbe562cbc5..9273589ff8 100644
--- a/BaseTools/Source/C/VfrCompile/GNUmakefile
+++ b/BaseTools/Source/C/VfrCompile/GNUmakefile
@@ -28,6 +28,9 @@ VFR_CPPFLAGS = -DPCCTS_USE_NAMESPACE_STD $(BUILD_CPPFLAGS)
# keep BUILD_OPTFLAGS last
VFR_CXXFLAGS = $(BUILD_OPTFLAGS)
+# keep EXTRA_LDFLAGS last
+VFR_LFLAGS = $(EXTRA_LDFLAGS)
+
LINKER = $(BUILD_CXX)
EXTRA_CLEAN_OBJECTS = EfiVfrParser.cpp EfiVfrParser.h VfrParser.dlg VfrTokens.h VfrLexer.cpp VfrLexer.h VfrSyntax.cpp tokens.h
@@ -42,7 +45,7 @@ APPLICATION = $(MAKEROOT)/bin/$(APPNAME)
all: $(MAKEROOT)/bin $(APPLICATION)
$(APPLICATION): $(OBJECTS)
- $(LINKER) -o $(APPLICATION) $(LFLAGS) $(OBJECTS) -L$(MAKEROOT)/libs $(LIBS)
+ $(LINKER) -o $(APPLICATION) $(VFR_LFLAGS) $(OBJECTS) -L$(MAKEROOT)/libs $(LIBS)
VfrCompiler.o: ../Include/Common/BuildVersion.h

75
0099-Tweak-the-tools_def-to-support-cross-compiling.patch Normal file
View File

@ -0,0 +1,75 @@
From 0784bdc810bcbd275a78ceb0c2cf04f2f0f68061 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Thu, 16 Aug 2018 15:45:47 -0400
Subject: [PATCH] Tweak the tools_def to support cross-compiling.
These files are meant for customization, so this is not upstream.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
---
BaseTools/Conf/tools_def.template | 44 +++++++++++++++----------------
1 file changed, 22 insertions(+), 22 deletions(-)
diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template
index a22b96c0b8..8b134ca93f 100755
--- a/BaseTools/Conf/tools_def.template
+++ b/BaseTools/Conf/tools_def.template
@@ -5068,17 +5068,17 @@ RELEASE_GCC49_AARCH64_DLINK_FLAGS = DEF(GCC49_AARCH64_DLINK_FLAGS)
##################
# GCC5 IA32 definitions
##################
-*_GCC5_IA32_OBJCOPY_PATH = DEF(GCC5_IA32_PREFIX)objcopy
-*_GCC5_IA32_CC_PATH = DEF(GCC5_IA32_PREFIX)gcc
-*_GCC5_IA32_SLINK_PATH = DEF(GCC5_IA32_PREFIX)gcc-ar
-*_GCC5_IA32_DLINK_PATH = DEF(GCC5_IA32_PREFIX)gcc
-*_GCC5_IA32_ASLDLINK_PATH = DEF(GCC5_IA32_PREFIX)gcc
-*_GCC5_IA32_ASM_PATH = DEF(GCC5_IA32_PREFIX)gcc
-*_GCC5_IA32_PP_PATH = DEF(GCC5_IA32_PREFIX)gcc
-*_GCC5_IA32_VFRPP_PATH = DEF(GCC5_IA32_PREFIX)gcc
-*_GCC5_IA32_ASLCC_PATH = DEF(GCC5_IA32_PREFIX)gcc
-*_GCC5_IA32_ASLPP_PATH = DEF(GCC5_IA32_PREFIX)gcc
-*_GCC5_IA32_RC_PATH = DEF(GCC5_IA32_PREFIX)objcopy
+*_GCC5_IA32_OBJCOPY_PATH = ENV(GCC5_IA32_PREFIX)objcopy
+*_GCC5_IA32_CC_PATH = ENV(GCC5_IA32_PREFIX)gcc
+*_GCC5_IA32_SLINK_PATH = ENV(GCC5_IA32_PREFIX)gcc-ar
+*_GCC5_IA32_DLINK_PATH = ENV(GCC5_IA32_PREFIX)gcc
+*_GCC5_IA32_ASLDLINK_PATH = ENV(GCC5_IA32_PREFIX)gcc
+*_GCC5_IA32_ASM_PATH = ENV(GCC5_IA32_PREFIX)gcc
+*_GCC5_IA32_PP_PATH = ENV(GCC5_IA32_PREFIX)gcc
+*_GCC5_IA32_VFRPP_PATH = ENV(GCC5_IA32_PREFIX)gcc
+*_GCC5_IA32_ASLCC_PATH = ENV(GCC5_IA32_PREFIX)gcc
+*_GCC5_IA32_ASLPP_PATH = ENV(GCC5_IA32_PREFIX)gcc
+*_GCC5_IA32_RC_PATH = ENV(GCC5_IA32_PREFIX)objcopy
*_GCC5_IA32_ASLCC_FLAGS = DEF(GCC_ASLCC_FLAGS) -m32 -fno-lto
*_GCC5_IA32_ASLDLINK_FLAGS = DEF(GCC5_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386 -no-pie
@@ -5100,17 +5100,17 @@ RELEASE_GCC5_IA32_DLINK_FLAGS = DEF(GCC5_IA32_X64_DLINK_FLAGS) -flto -Os -Wl,
##################
# GCC5 X64 definitions
##################
-*_GCC5_X64_OBJCOPY_PATH = DEF(GCC5_X64_PREFIX)objcopy
-*_GCC5_X64_CC_PATH = DEF(GCC5_X64_PREFIX)gcc
-*_GCC5_X64_SLINK_PATH = DEF(GCC5_X64_PREFIX)gcc-ar
-*_GCC5_X64_DLINK_PATH = DEF(GCC5_X64_PREFIX)gcc
-*_GCC5_X64_ASLDLINK_PATH = DEF(GCC5_X64_PREFIX)gcc
-*_GCC5_X64_ASM_PATH = DEF(GCC5_X64_PREFIX)gcc
-*_GCC5_X64_PP_PATH = DEF(GCC5_X64_PREFIX)gcc
-*_GCC5_X64_VFRPP_PATH = DEF(GCC5_X64_PREFIX)gcc
-*_GCC5_X64_ASLCC_PATH = DEF(GCC5_X64_PREFIX)gcc
-*_GCC5_X64_ASLPP_PATH = DEF(GCC5_X64_PREFIX)gcc
-*_GCC5_X64_RC_PATH = DEF(GCC5_X64_PREFIX)objcopy
+*_GCC5_X64_OBJCOPY_PATH = ENV(GCC5_X64_PREFIX)objcopy
+*_GCC5_X64_CC_PATH = ENV(GCC5_X64_PREFIX)gcc
+*_GCC5_X64_SLINK_PATH = ENV(GCC5_X64_PREFIX)gcc-ar
+*_GCC5_X64_DLINK_PATH = ENV(GCC5_X64_PREFIX)gcc
+*_GCC5_X64_ASLDLINK_PATH = ENV(GCC5_X64_PREFIX)gcc
+*_GCC5_X64_ASM_PATH = ENV(GCC5_X64_PREFIX)gcc
+*_GCC5_X64_PP_PATH = ENV(GCC5_X64_PREFIX)gcc
+*_GCC5_X64_VFRPP_PATH = ENV(GCC5_X64_PREFIX)gcc
+*_GCC5_X64_ASLCC_PATH = ENV(GCC5_X64_PREFIX)gcc
+*_GCC5_X64_ASLPP_PATH = ENV(GCC5_X64_PREFIX)gcc
+*_GCC5_X64_RC_PATH = ENV(GCC5_X64_PREFIX)objcopy
*_GCC5_X64_ASLCC_FLAGS = DEF(GCC_ASLCC_FLAGS) -m64 -fno-lto
*_GCC5_X64_ASLDLINK_FLAGS = DEF(GCC5_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_x86_64

2028
EDKII_openssl-1.0.2j-no-srp.patch
View File

File diff suppressed because it is too large Load Diff

26
build-iso.sh
View File

@ -6,25 +6,21 @@ dir="$1"
# cfg
shell="$dir/Shell.efi"
enroll="$dir/EnrollDefaultKeys.efi"
root="$dir/image"
vfat="$dir/shell.img"
iso="$dir/UefiShell.iso"
export MTOOLS_SKIP_CHECK=1
# calc size
s1=$(stat --format=%s -- $shell)
s2=$(stat --format=%s -- $enroll)
size=$(( ($s1 + $s2) * 11 / 10 ))
set -x
# create non-partitioned FAT image
/usr/sbin/mkdosfs -C "$vfat" -n UEFI_SHELL -- "$(( $size / 1024 ))"
mmd -i "$vfat" ::efi
mmd -i "$vfat" ::efi/boot
mcopy -i "$vfat" "$shell" ::efi/boot/bootx64.efi
mcopy -i "$vfat" "$enroll" ::
#mdir -i "$vfat" -/ ::
# create non-partitioned (1.44 MB floppy disk) FAT image
mkdir "$root"
mkdir "$root"/efi
mkdir "$root"/efi/boot
cp "$shell" "$root"/efi/boot/bootx64.efi
cp "$enroll" "$root"
qemu-img convert --image-opts \
driver=vvfat,floppy=on,fat-type=12,label=UEFI_SHELL,dir="$root/" \
$vfat
# build ISO with FAT image file as El Torito EFI boot image
genisoimage -input-charset ASCII -J -rational-rock \
-efi-boot "${vfat##*/}" -no-emul-boot -o "$iso" -- "$vfat"
rm -f "$vfat"
rm -rf "$root/" "$vfat"

221
edk2.spec
View File

@ -1,11 +1,21 @@
%global edk2_date 20170209
%global edk2_githash 296153c5
%global openssl_version 1.0.2j
%global edk2_date 20180815
%global edk2_githash cb5f4f45ce
%global openssl_version 1.1.0h
%global qosb_version 1.1.3
%define qosb_testing 0
%ifarch x86_64
%define qosb_testing 1
%endif
%if 0%{?fedora:1}
%define cross 1
%endif
%ifarch %{ix86} x86_64
%if 0%{?fedora:1}
%define build_ovmf_ia32 1
%endif
%ifarch x86_64
%define build_ovmf_x64 1
%endif
@ -25,48 +35,61 @@
Name: edk2
Version: %{edk2_date}git%{edk2_githash}
Release: 7%{dist}
Release: 1%{dist}
Summary: EFI Development Kit II
Group: Applications/Emulators
License: BSD
URL: http://www.tianocore.org/edk2/
# Tarball generated from git object update-tarball.sh script
Source0: edk2-%{edk2_date}-%{edk2_githash}.tar.xz
# We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below.
# The original openssl upstream tarball cannot be shipped in the .src.rpm.
Source1: openssl-%{openssl_version}-hobbled.tar.xz
Source2: hobble-openssl
Source3: build-iso.sh
Source9: update-tarball.sh
Source2: ovmf-whitepaper-c770f8c.txt
Source3: https://github.com/puiterwijk/qemu-ovmf-secureboot/archive/v%{qosb_version}/qemu-ovmf-secureboot-%{qosb_version}.tar.gz
Source10: hobble-openssl
Source11: build-iso.sh
Source12: update-tarball.sh
Source13: openssl-patch-to-tarball.sh
# This is the version of the OpenSSL patch that EDK2 applies, but
# with all changes to srp.* files removed.
Source10: EDKII_openssl-1.0.2j-no-srp.patch
# Debug output tweaks, not for upstream
# non-upstream patches
Patch0001: 0001-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch
Patch0002: 0002-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-the-DXE-.patch
Patch0003: 0003-OvmfPkg-enable-DEBUG_VERBOSE.patch
Patch0004: 0004-OvmfPkg-increase-max-debug-message-length-to-512.patch
Patch0005: 0005-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch
# Exclude EFI shell from firmware, suggested by pjones re: secureboot.
# Not for upstream, see bug 1325023#c16
Patch0006: 0006-EXCLUDE_SHELL_FROM_FD.patch
# Ship EnrollDefaultKeys application.
# Not for upstream, see bug 1325023#c16
Patch0007: 0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch
# More text console resolutions. Upstreaming attempted, but failed
Patch0008: 0008-MdeModulePkg-TerminalDxe-add-other-text-resolutions.patch
Patch0005: 0005-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch
Patch0006: 0006-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch
Patch0007: 0007-MdeModulePkg-TerminalDxe-add-other-text-resolutions.patch
Patch0008: 0008-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch
Patch0009: 0009-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch
Patch0010: 0010-ArmVirtPkg-QemuFwCfgLib-allow-UEFI_DRIVER-client-mod.patch
Patch0011: 0011-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch
Patch0012: 0012-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch
Patch0013: 0013-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch
Patch0014: 0014-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch
Patch0015: 0015-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch
Patch0016: 0016-ArmVirtPkg-set-early-hello-message-RH-only.patch
# Fix passing through RPM build flags (bz 1540244)
Patch0017: 0017-BaseTools-footer.makefile-expand-BUILD_CFLAGS-last-f.patch
Patch0018: 0018-BaseTools-header.makefile-remove-c-from-BUILD_CFLAGS.patch
Patch0019: 0019-BaseTools-Source-C-split-O2-to-BUILD_OPTFLAGS.patch
Patch0020: 0020-BaseTools-Source-C-take-EXTRA_OPTFLAGS-from-the-call.patch
Patch0021: 0021-BaseTools-Source-C-take-EXTRA_LDFLAGS-from-the-calle.patch
Patch0022: 0022-BaseTools-VfrCompile-honor-EXTRA_LDFLAGS.patch
%if 0%{?cross:1}
# Tweak the tools_def to support cross-compiling.
# These files are meant for customization, so this is not upstream.
Patch0009: 0009-Tweak-the-tools_def-to-support-cross-compiling.patch
# These files are meant for customization, so this is not upstream too.
Patch0099: 0099-Tweak-the-tools_def-to-support-cross-compiling.patch
%endif
# fix for build failure, sent upstream
Patch0010: 0010-VfrCompile-fix-invalid-comparison-between-pointer-an.patch
# openssl patches from Fedora
Patch1021: openssl-1.1.0-issuer-hash.patch
Patch1039: openssl-1.1.0-cc-reqs.patch
Patch1040: openssl-1.1.0-disable-ssl3.patch
Patch1044: openssl-1.1.0-bio-fd-preserve-nl.patch
%if 0%{?fedora:1}
#
# actual firmware builds support cross-compiling. edk2-tools
# in theory should build everywhere without much trouble, but
@ -74,7 +97,11 @@ Patch0010: 0010-VfrCompile-fix-invalid-comparison-between-pointer-an.patch
# (such as ppc), so lets limit things to the known-good ones.
#
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64
%else
ExclusiveArch: x86_64 aarch64
%endif
BuildRequires: gcc gcc-c++
BuildRequires: python
BuildRequires: libuuid-devel
%if 0%{?cross:1}
@ -84,10 +111,22 @@ BuildRequires: gcc-x86_64-linux-gnu
%endif
BuildRequires: iasl
BuildRequires: nasm
BuildRequires: dosfstools
BuildRequires: mtools
BuildRequires: qemu-img
BuildRequires: genisoimage
# These are for QOSB
BuildRequires: python3-requests
BuildRequires: qemu-system-x86
%if %{?qosb_testing}
# This is used for testing the enrollment: builds are run in a chroot, lacking
# a kernel. The testing is only performed on x86_64 for now, but we can't make
# the BuildRequires only on a specific arch, as that'd come through in the SRPM
# NOTE: The actual enrollment needs to happen in all builds for all architectures,
# because OVMF is built as noarch, which means that koji enforces that the build
# results don't actually differ per arch, and then it picks a random arches' build
# for the actual RPM.
BuildRequires: kernel-core
%endif
%description
EDK II is a development code base for creating UEFI drivers, applications
@ -119,10 +158,22 @@ BuildArch: noarch
This package documents the tools that are needed to
build EFI executables and ROMs using the GNU tools.
%package qosb
Summary: Tool to enroll secureboot
Group: Development/Tools
Buildarch: noarch
%description qosb
This package contains QOSB (QEMU OVMF Secure Boot), which can enroll OVMF
variable files to enforce Secure Boot.
%if 0%{?build_ovmf_x64:1}
%package ovmf
Summary: Open Virtual Machine Firmware
# OVMF includes the Secure Boot and IPv6 features; it has a builtin OpenSSL
# library.
License: BSD and OpenSSL
Provides: bundled(openssl)
Provides: OVMF = %{version}-%{release}
Obsoletes: OVMF < %{version}-%{release}
BuildArch: noarch
@ -134,7 +185,10 @@ Open Virtual Machine Firmware (x64)
%if 0%{?build_ovmf_ia32:1}
%package ovmf-ia32
Summary: Open Virtual Machine Firmware
# OVMF includes the Secure Boot and IPv6 features; it has a builtin OpenSSL
# library.
License: BSD and OpenSSL
Provides: bundled(openssl)
BuildArch: noarch
%description ovmf-ia32
EFI Development Kit II
@ -147,6 +201,9 @@ Summary: AARCH64 Virtual Machine Firmware
Provides: AAVMF = %{version}-%{release}
Obsoletes: AAVMF < %{version}-%{release}
BuildArch: noarch
# No Secure Boot for AAVMF yet, but we include OpenSSL for the IPv6 stack.
License: BSD and OpenSSL
Provides: bundled(openssl)
%description aarch64
EFI Development Kit II
AARCH64 UEFI Firmware
@ -164,24 +221,32 @@ armv7 UEFI Firmware
%prep
%setup -q -n tianocore-%{name}-%{edk2_githash}
# Ensure old shell and binary packages are not used
rm -rf EdkShellBinPkg
rm -rf EdkShellPkg
rm -rf FatBinPkg
rm -rf ShellBinPkg
# copy whitepaper into place
cp -a -- %{SOURCE2} .
# extract openssl into place
tar -xvf %{SOURCE1} --strip-components=1
# Extract QOSB
tar -xvf %{SOURCE3}
mv qemu-ovmf-secureboot-%{qosb_version}/README.md README.qosb
mv qemu-ovmf-secureboot-%{qosb_version}/LICENSE LICENSE.qosb
%autopatch -p1
# replace upstream patch with ours
cp %{SOURCE10} CryptoPkg/Library/OpensslLib/EDKII_openssl-%{openssl_version}.patch
# add openssl
tar -C CryptoPkg/Library/OpensslLib -xf %{SOURCE1}
(cd CryptoPkg/Library/OpensslLib/openssl-%{openssl_version};
patch -p1 < ../EDKII_openssl-%{openssl_version}.patch)
(cd CryptoPkg/Library/OpensslLib; ./Install.sh)
cp CryptoPkg/Library/OpensslLib/openssl-*/LICENSE LICENSE.openssl
base64 --decode < MdeModulePkg/Logo/Logo-OpenSSL.bmp.b64 > MdeModulePkg/Logo/Logo-OpenSSL.bmp
%build
source ./edksetup.sh
# compiler
CC_FLAGS="-t GCC49"
CC_FLAGS="-t GCC5"
# parallel builds
JOBS="%{?_smp_mflags}"
@ -191,11 +256,13 @@ if test "$JOBS" != ""; then
fi
# common features
CC_FLAGS="${CC_FLAGS} -b DEBUG"
CC_FLAGS="${CC_FLAGS} --cmd-len=65536"
CC_FLAGS="$CC_FLAGS --cmd-len=65536 -t %{TOOLCHAIN} -b DEBUG --hash"
CC_FLAGS="$CC_FLAGS -D NETWORK_IP6_ENABLE"
CC_FLAGS="$CC_FLAGS -D TPM2_ENABLE"
# ovmf features
OVMF_FLAGS="${CC_FLAGS}"
OVMF_FLAGS="${OVMF_FLAGS} -D TLS_ENABLE"
OVMF_FLAGS="${OVMF_FLAGS} -D HTTP_BOOT_ENABLE"
OVMF_FLAGS="${OVMF_FLAGS} -D NETWORK_IP6_ENABLE"
OVMF_FLAGS="${OVMF_FLAGS} -D FD_SIZE_2MB"
@ -211,15 +278,17 @@ ARM_FLAGS="${CC_FLAGS}"
ARM_FLAGS="${ARM_FLAGS} -D DEBUG_PRINT_ERROR_LEVEL=0x8040004F"
unset MAKEFLAGS
make -C BaseTools #%{?_smp_mflags}
make -C BaseTools %{?_smp_mflags} \
EXTRA_OPTFLAGS="%{optflags}" \
EXTRA_LDFLAGS="%{__global_ldflags}"
sed -i -e 's/-Werror//' Conf/tools_def.txt
%if 0%{?cross:1}
export GCC49_IA32_PREFIX="x86_64-linux-gnu-"
export GCC49_X64_PREFIX="x86_64-linux-gnu-"
export GCC49_AARCH64_PREFIX="aarch64-linux-gnu-"
export GCC49_ARM_PREFIX="arm-linux-gnu-"
export GCC5_IA32_PREFIX="x86_64-linux-gnu-"
export GCC5_X64_PREFIX="x86_64-linux-gnu-"
export GCC5_AARCH64_PREFIX="aarch64-linux-gnu-"
export GCC5_ARM_PREFIX="arm-linux-gnu-"
%endif
# build ovmf (x64)
@ -237,7 +306,15 @@ cp Build/Ovmf3264/*/FV/OVMF_CODE.fd ovmf/OVMF_CODE.secboot.fd
cp Build/Ovmf3264/*/X64/Shell.efi ovmf/
cp Build/Ovmf3264/*/X64/EnrollDefaultKeys.efi ovmf
sh %{_sourcedir}/build-iso.sh ovmf/
unset GCC49_X64_PREFIX
# Build enrolled VARS file
python3 qemu-ovmf-secureboot-%{qosb_version}/ovmf-vars-generator \
--qemu-binary /usr/bin/qemu-system-x86_64 \
--skip-testing \
--ovmf-binary ovmf/OVMF_CODE.secboot.fd \
--ovmf-template-vars ovmf/OVMF_VARS.fd \
--uefi-shell-iso ovmf/UefiShell.iso \
ovmf/OVMF_VARS.secboot.fd
%endif
@ -256,7 +333,6 @@ cp Build/OvmfIa32/*/FV/OVMF_CODE.fd ovmf-ia32/OVMF_CODE.secboot.fd
cp Build/OvmfIa32/*/IA32/Shell.efi ovmf-ia32/Shell.efi
cp Build/OvmfIa32/*/IA32/EnrollDefaultKeys.efi ovmf-ia32/EnrollDefaultKeys.efi
sh %{_sourcedir}/build-iso.sh ovmf-ia32/
unset GCC49_IA32_PREFIX
%endif
@ -268,7 +344,6 @@ cp Build/ArmVirtQemu-AARCH64/DEBUG_*/FV/*.fd aarch64
dd of="aarch64/QEMU_EFI-pflash.raw" if="/dev/zero" bs=1M count=64
dd of="aarch64/QEMU_EFI-pflash.raw" if="aarch64/QEMU_EFI.fd" conv=notrunc
dd of="aarch64/vars-template-pflash.raw" if="/dev/zero" bs=1M count=64
unset GCC49_AARCH64_PREFIX
%endif
@ -280,10 +355,27 @@ cp Build/ArmVirtQemu-ARM/DEBUG_*/FV/*.fd arm
dd of="arm/QEMU_EFI-pflash.raw" if="/dev/zero" bs=1M count=64
dd of="arm/QEMU_EFI-pflash.raw" if="arm/QEMU_EFI.fd" conv=notrunc
dd of="arm/vars-template-pflash.raw" if="/dev/zero" bs=1M count=64
unset GCC49_ARM_PREFIX
%endif
%check
%if 0%{?build_ovmf_x64:1}
%if 0%{?qosb_testing}
# Verify enrolled VARS file
python3 qemu-ovmf-secureboot-%{qosb_version}/ovmf-vars-generator \
--qemu-binary /usr/bin/qemu-system-x86_64 \
--skip-enrollment \
--print-output \
--ovmf-binary ovmf/OVMF_CODE.secboot.fd \
--ovmf-template-vars ovmf/OVMF_VARS.fd \
--uefi-shell-iso ovmf/UefiShell.iso \
--no-download \
--kernel-path `rpm -ql kernel-core | grep "\/vmlinuz$" -m 1` \
ovmf/OVMF_VARS.secboot.fd
%endif
%endif
%install
cp CryptoPkg/Library/OpensslLib/openssl/LICENSE LICENSE.openssl
mkdir -p %{buildroot}%{_bindir} \
%{buildroot}%{_datadir}/%{name}/Conf \
%{buildroot}%{_datadir}/%{name}/Scripts
@ -314,6 +406,7 @@ mkdir %{buildroot}/usr/share/OVMF
ln -sf ../%{name}/ovmf/OVMF_CODE.fd %{buildroot}/usr/share/OVMF
ln -sf ../%{name}/ovmf/OVMF_CODE.secboot.fd %{buildroot}/usr/share/OVMF
ln -sf ../%{name}/ovmf/OVMF_VARS.fd %{buildroot}/usr/share/OVMF
ln -sf ../%{name}/ovmf/OVMF_VARS.secboot.fd %{buildroot}/usr/share/OVMF
ln -sf ../%{name}/ovmf/UefiShell.iso %{buildroot}/usr/share/OVMF
%endif
%if 0%{?build_ovmf_ia32:1}
@ -331,9 +424,15 @@ cp -a arm %{buildroot}/usr/share/%{name}
ln -sf ../%{name}/arm/QEMU_EFI-pflash.raw %{buildroot}/usr/share/AAVMF/AAVMF32_CODE.fd
%endif
install qemu-ovmf-secureboot-%{qosb_version}/ovmf-vars-generator %{buildroot}%{_bindir}
%files tools
%license License.txt
%license LICENSE.openssl
%{_bindir}/BootSectImage
%{_bindir}/Brotli
%{_bindir}/DevicePath
%{_bindir}/EfiLdrImage
%{_bindir}/EfiRom
%{_bindir}/GenCrc32
@ -372,11 +471,17 @@ ln -sf ../%{name}/arm/QEMU_EFI-pflash.raw %{buildroot}/usr/share/AAVMF/
%files tools-doc
%doc BaseTools/UserManuals/*.rtf
%files qosb
%license LICENSE.qosb
%doc README.qosb
%{_bindir}/ovmf-vars-generator
%if 0%{?build_ovmf_x64:1}
%files ovmf
%license OvmfPkg/License.txt
%license LICENSE.openssl
%doc OvmfPkg/README
%doc ovmf-whitepaper-c770f8c.txt
%dir /usr/share/%{name}
%dir /usr/share/%{name}/ovmf
/usr/share/%{name}/ovmf/OVMF*.fd
@ -390,6 +495,7 @@ ln -sf ../%{name}/arm/QEMU_EFI-pflash.raw %{buildroot}/usr/share/AAVMF/
%license OvmfPkg/License.txt
%license LICENSE.openssl
%doc OvmfPkg/README
%doc ovmf-whitepaper-c770f8c.txt
%dir /usr/share/%{name}
%dir /usr/share/%{name}/ovmf-ia32
/usr/share/%{name}/ovmf-ia32/OVMF*.fd
@ -399,7 +505,8 @@ ln -sf ../%{name}/arm/QEMU_EFI-pflash.raw %{buildroot}/usr/share/AAVMF/
%if 0%{?build_aavmf_aarch64:1}
%files aarch64
%license ArmVirtPkg/License.txt
%license OvmfPkg/License.txt
%license LICENSE.openssl
%dir /usr/share/%{name}
%dir /usr/share/%{name}/aarch64
/usr/share/%{name}/aarch64/QEMU*.fd
@ -409,7 +516,8 @@ ln -sf ../%{name}/arm/QEMU_EFI-pflash.raw %{buildroot}/usr/share/AAVMF/
%if 0%{?build_aavmf_arm:1}
%files arm
%license ArmVirtPkg/License.txt
%license OvmfPkg/License.txt
%license LICENSE.openssl
%dir /usr/share/%{name}
%dir /usr/share/%{name}/arm
/usr/share/%{name}/arm/QEMU*.fd
@ -419,6 +527,9 @@ ln -sf ../%{name}/arm/QEMU_EFI-pflash.raw %{buildroot}/usr/share/AAVMF/
%changelog
* Fri Aug 31 2018 Cole Robinson <crobinso@redhat.com> - 20180815gitcb5f4f45ce-1
- Update to edk2 git cb5f4f45ce, edk2-stable201808
* Mon Nov 13 2017 Paolo Bonzini <pbonzini@redhat.com> - 20170209git296153c5-6
- Allow non-cross builds
- Install /usr/share/OVMF and /usr/share/AAVMF

34
openssl-1.1.0-bio-fd-preserve-nl.patch Normal file
View File

@ -0,0 +1,34 @@
diff --git a/CryptoPkg/Library/OpensslLib/openssl/crypto/bio/bss_fd.c b/CryptoPkg/Library/OpensslLib/openssl/crypto/bio/bss_fd.c
index 2bd3517..a886655 100644
--- a/CryptoPkg/Library/OpensslLib/openssl/crypto/bio/bss_fd.c
+++ b/CryptoPkg/Library/OpensslLib/openssl/crypto/bio/bss_fd.c
@@ -204,8 +204,10 @@ static int fd_gets(BIO *bp, char *buf, int size)
char *ptr = buf;
char *end = buf + size - 1;
- while ((ptr < end) && (fd_read(bp, ptr, 1) > 0) && (ptr[0] != '\n'))
- ptr++;
+ while (ptr < end && fd_read(bp, ptr, 1) > 0) {
+ if (*ptr++ == '\n')
+ break;
+ }
ptr[0] = '\0';
diff --git a/CryptoPkg/Library/OpensslLib/openssl/doc/crypto/BIO_read.pod b/CryptoPkg/Library/OpensslLib/openssl/doc/crypto/BIO_read.pod
index 45871c1..fe70e9f 100644
--- a/CryptoPkg/Library/OpensslLib/openssl/doc/crypto/BIO_read.pod
+++ b/CryptoPkg/Library/OpensslLib/openssl/doc/crypto/BIO_read.pod
@@ -23,7 +23,8 @@ in B<buf>. Usually this operation will attempt to read a line of data
from the BIO of maximum length B<len-1>. There are exceptions to this,
however; for example, BIO_gets() on a digest BIO will calculate and
return the digest and other BIOs may not support BIO_gets() at all.
-The returned string is always NUL-terminated.
+The returned string is always NUL-terminated and the '\n' is preserved
+if present in the input data.
BIO_write() attempts to write B<len> bytes from B<buf> to BIO B<b>.
--
2.17.0

29
openssl-1.1.0-cc-reqs.patch Normal file
View File

@ -0,0 +1,29 @@
--- a/CryptoPkg/Library/OpensslLib/openssl/crypto/rsa/rsa_gen.c
+++ b/CryptoPkg/Library/OpensslLib/openssl/crypto/rsa/rsa_gen.c
@@ -86,6 +86,12 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
if (!rsa->iqmp && ((rsa->iqmp = BN_secure_new()) == NULL))
goto err;
+ /* prepare minimum p and q difference */
+ if (!BN_one(r3))
+ goto err;
+ if (bitsp > 100 && !BN_lshift(r3, r3, bitsp - 100))
+ goto err;
+
if (BN_copy(rsa->e, e_value) == NULL)
goto err;
@@ -118,7 +124,9 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
do {
if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb))
goto err;
- } while (BN_cmp(rsa->p, rsa->q) == 0);
+ if (!BN_sub(r2, rsa->q, rsa->p))
+ goto err;
+ } while (BN_ucmp(r2, r3) <= 0);
if (!BN_sub(r2, rsa->q, BN_value_one()))
goto err;
ERR_set_mark();
--
2.17.0

65
openssl-1.1.0-disable-ssl3.patch Normal file
View File

@ -0,0 +1,65 @@
diff --git a/CryptoPkg/Library/OpensslLib/openssl/ssl/ssl_lib.c b/CryptoPkg/Library/OpensslLib/openssl/ssl/ssl_lib.c
index 8a190d2..6b4c5ae 100644
--- a/CryptoPkg/Library/OpensslLib/openssl/ssl/ssl_lib.c
+++ b/CryptoPkg/Library/OpensslLib/openssl/ssl/ssl_lib.c
@@ -2653,6 +2653,13 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
* or by using the SSL_CONF library.
*/
ret->options |= SSL_OP_NO_COMPRESSION;
+ /*
+ * Disable SSLv3 by default. Applications can
+ * re-enable it by configuring
+ * SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3);
+ * or by using the SSL_CONF library.
+ */
+ ret->options |= SSL_OP_NO_SSLv3;
ret->tlsext_status_type = -1;
diff --git a/CryptoPkg/Library/OpensslLib/openssl/test/ssl_test.c b/CryptoPkg/Library/OpensslLib/openssl/test/ssl_test.c
index 2cbbddd..1a409d1 100644
--- a/CryptoPkg/Library/OpensslLib/openssl/test/ssl_test.c
+++ b/CryptoPkg/Library/OpensslLib/openssl/test/ssl_test.c
@@ -277,6 +277,7 @@ static int execute_test(SSL_TEST_FIXTURE fixture)
SSL_TEST_SERVERNAME_CB_NONE) {
server2_ctx = SSL_CTX_new(TLS_server_method());
TEST_check(server2_ctx != NULL);
+ SSL_CTX_clear_options(server2_ctx, SSL_OP_NO_SSLv3);
}
client_ctx = SSL_CTX_new(TLS_client_method());
TEST_check(SSL_CTX_set_max_proto_version(client_ctx, TLS_MAX_VERSION));
@@ -290,11 +291,15 @@ static int execute_test(SSL_TEST_FIXTURE fixture)
TLS_MAX_VERSION));
TEST_check(resume_server_ctx != NULL);
TEST_check(resume_client_ctx != NULL);
+ SSL_CTX_clear_options(resume_server_ctx, SSL_OP_NO_SSLv3);
+ SSL_CTX_clear_options(resume_client_ctx, SSL_OP_NO_SSLv3);
}
}
TEST_check(server_ctx != NULL);
TEST_check(client_ctx != NULL);
+ SSL_CTX_clear_options(server_ctx, SSL_OP_NO_SSLv3);
+ SSL_CTX_clear_options(client_ctx, SSL_OP_NO_SSLv3);
TEST_check(CONF_modules_load(conf, fixture.test_app, 0) > 0);
diff --git a/CryptoPkg/Library/OpensslLib/openssl/test/ssltest_old.c b/CryptoPkg/Library/OpensslLib/openssl/test/ssltest_old.c
index e77c692..e586072 100644
--- a/CryptoPkg/Library/OpensslLib/openssl/test/ssltest_old.c
+++ b/CryptoPkg/Library/OpensslLib/openssl/test/ssltest_old.c
@@ -1460,6 +1460,11 @@ int main(int argc, char *argv[])
ERR_print_errors(bio_err);
goto end;
}
+
+ SSL_CTX_clear_options(c_ctx, SSL_OP_NO_SSLv3);
+ SSL_CTX_clear_options(s_ctx, SSL_OP_NO_SSLv3);
+ SSL_CTX_clear_options(s_ctx2, SSL_OP_NO_SSLv3);
+
/*
* Since we will use low security ciphersuites and keys for testing set
* security level to zero by default. Tests can override this by adding
--
2.17.0

13
openssl-1.1.0-issuer-hash.patch Normal file
View File

@ -0,0 +1,13 @@
--- a/CryptoPkg/Library/OpensslLib/openssl/crypto/x509/x509_cmp.c
+++ b/CryptoPkg/Library/OpensslLib/openssl/crypto/x509/x509_cmp.c
@@ -39,6 +39,7 @@ unsigned long X509_issuer_and_serial_hash(X509 *a)
if (ctx == NULL)
goto err;
+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
f = X509_NAME_oneline(a->cert_info.issuer, NULL, 0);
if (!EVP_DigestInit_ex(ctx, EVP_md5(), NULL))
goto err;
--
2.17.0

63
openssl-patch-to-tarball.sh Normal file
View File

@ -0,0 +1,63 @@
#! /bin/sh
: << \EOF
For importing the hobbled OpenSSL tarball from Fedora, the following
steps are necessary. Note that both the "sources" file format and the
pkgs.fedoraproject.org directory structure have changed, accommodating
SHA512 checksums.
# in a separate directory
fedpkg clone -a openssl
cd openssl
fedpkg switch-branch master
gitk -- sources
# the commit that added the 1.1.0h hobbled tarball is 6eb8f620273
# subject "update to upstream version 1.1.0h"
git checkout 6eb8f620273
# fetch the hobbled tarball and verify the checksum
(
set -e
while read HASH_TYPE FN EQ HASH; do
# remove leading and trailing parens
FN="${FN#(*}"
FN="${FN%*)}"
wget \
http://pkgs.fedoraproject.org/repo/pkgs/openssl/$FN/sha512/$HASH/$FN
done <sources
sha512sum -c sources
)
# unpack the hobbled tarball into edk2, according to
# "OpenSSL-HOWTO.txt"; WORKSPACE stands for the root of the edk2 project
# tree
tar -x --xz -f openssl-1.1.0h-hobbled.tar.xz
mv -- openssl-1.1.0h "$WORKSPACE"/CryptoPkg/Library/OpensslLib/openssl
# update the INF files as described in "OpenSSL-HOWTO.txt", then save
# the results as a single commit
(cd "$WORKSPACE"/CryptoPkg/Library/OpensslLib && perl process_files.pl)
git rm --cached CryptoPkg/Library/OpensslLib/openssl
git commit -m'remove openssl submodule'
git add -A CryptoPkg/Library/OpensslLib/openssl
git commit -m'add openssl 1.1.0h'
git format-patch -1
Then run the patch through this script which will build a new tar file.
EOF
set -e
edk2_githash=$(awk '/^%global edk2_githash/ {print $3}' edk2.spec)
openssl_version=$(awk '/^%global openssl_version/ {print $3}' edk2.spec)
mkdir -p tianocore-openssl-${openssl_version}
(exec 3> openssl-${openssl_version}-hobbled.tar.xz
cd tianocore-openssl-${openssl_version}
git init .
git config core.whitespace cr-at-eol
git config am.keepcr true
git am
git archive --format=tar --prefix=tianocore-edk2-${edk2_githash}/ \
HEAD CryptoPkg/Library/OpensslLib/ | \
xz -9ev >&3) < $1
rm -rf tianocore-openssl-${openssl_version}

2422
ovmf-whitepaper-c770f8c.txt Normal file
View File

File diff suppressed because it is too large Load Diff

5
sources
View File

@ -1,2 +1,3 @@
SHA512 (openssl-1.0.2j-hobbled.tar.xz) = 87c7c4e45f83c49b36154f4c66d3799fdc63286f9841b4dd71d4bdc3b26206be6009e33462533f0c1cc0efd9ef6aa05b772728ed0ee3e88f952586cdcf513003
SHA512 (edk2-20170209-296153c5.tar.xz) = b9b1936bde197712fe0f5dc3cf227095c08803486866967703959f4adc131c48b1b5f3bcdd8a4a40fe234eba5a7fdf887087d4d522db01a0920eb85cc7ab9454
SHA512 (qemu-ovmf-secureboot-1.1.3.tar.gz) = f830a525f66379e8e3c61d006fab49547e6709f7aa0f95e70f23c7d26407cc804a0ced9dcfd26af63391d603e9cb5a0714c222c7cdca8599e41852e22e13be80
SHA512 (openssl-1.1.0h-hobbled.tar.xz) = 6b544a5560a0a3d59b368e3f216284e79389112c87bb34289f8f6644a2454407161a1755b292e8045ff7c172237b070973b03610fd1da3d5204f4118a8644724
SHA512 (edk2-20180815-cb5f4f45ce.tar.xz) = 2912bb30b5be1d7efc1b7aa6d337fd1403fc9ea7cfc580c22dd770d82273ce4c801eba2d60a6f2fda4bc1c6e49747be606de4acfdcca286c10e44b11369cde9d

15
update-tarball.sh
View File

@ -1,4 +1,4 @@
#!/bin/sh
#!/bin/bash
user="tianocore"
repo="edk2"
@ -8,21 +8,30 @@ uri="https://github.com/${user}/${repo}"
api="${uri/github.com/api.github.com/repos}"
tar="${uri/github.com/codeload.github.com}/legacy.tar.gz"
if test $# -ge 1; then
hash=$1
short=$1
else
hash=$(curl -s "${api}/git/refs/heads/${branch}" | grep '"sha"' | cut -d'"' -f4)
if test "$hash" = ""; then
echo "# failed to fetch $branch hash"
exit 1
fi
short=$(echo $hash | sed -e 's/^\(.......\).*/\1/')
fi
if test $# = 2; then
date=$2
else
date=$(curl -s "${api}/git/commits/$hash" | awk '
/"committer"/ { c=1 }
/"date"/ { if (c) { print } }
' | cut -d'"' -f4)
date="${date%T*}"
date="${date//-/}"
fi
name="${repo}-${date}-${short}.tar.gz"
name="${repo}-${date}-${short}.tar.xz"
if test -f "$name"; then
echo "# exists: $name"
@ -41,5 +50,5 @@ echo
echo "# cleanup ..."
rm -vf ${repo}-*.tar*
echo "# fetching $name ..."
curl "$tar/$hash" > "$name"
curl "$tar/$hash" | zcat | xz -9e > "$name"
exit 0