rpms
/
edk2
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Ship the JSON firmware "descriptor files" 

From version 4.1 (due in August 2019) onwards, QEMU ships the so-called
firmware "descriptor files".  These are small JSON files that describe
details about UEFI firmware binaries — such as the fimware binary path,
its architecture, supported machine type, NVRAM template and so forth.

You can see examples of these files from the QEMU upstream Git:
https://git.qemu.org/?p=qemu.git;a=tree;f=pc-bios/descriptors

    $> tree descriptors/
    descriptors/
    ├── 50-edk2-i386-secure.json
    ├── 50-edk2-x86_64-secure.json
    ├── 60-edk2-aarch64.json
    ├── 60-edk2-arm.json
    ├── 60-edk2-i386.json
    └── 60-edk2-x86_64.json

QEMU 4.1 itself will ship the above files.  However, Fedora needs to
ship these file as part of its EDK2 package.

Why?
----

(1) Quoting (with minor formatting edits) Laszlo Ersek:

      Distributions providing their own EDK2 packages would not include
      the descriptors from upstream QEMU, even if they otherwise package
      QEMU.  That's beause the descriptor files in QEMU match the
      firmware bundled with QEMU -- but the firmware images in the
      distros' own EDK2 packages are different.  So, if a distro
      provides an EDK2 package, then the same EDK2 package should offer
      matching descriptors.  QEMU offers descriptors (soon) because QEMU
      technically distributes edk2 firmware binaries (soon).  [Where
      "soon" == QEMU 4.1]

(2) And as Dan Berrangé reminded on IRC:

      In Fedora, we need to ship them [the "descriptor files"] as part
      of the EDK2 package, because Fedora throws away all the firmware
      files that QEMU bundles, because we're [Fedora] required to
      rebuild everything from pristine source.

                    - - -

In this patch:

(*) Use the firmware descriptor files provided by Laszlo (thanks!) in
    this comment here:
    https://bugzilla.redhat.com/show_bug.cgi?id=1728652#c2 ("RFE: Ship
    the JSON firmware "descriptor files" as part of EDK2").

    On the double-digit priority prefixes, refer to the rationale here:
    https://src.fedoraproject.org/rpms/edk2/pull-request/3#comment-27523

(*) Install the JSON files for the relevant architectures in
    `/usr/share/qemu/firmware`, as required by specification[+].  And
    make each EDK2 own this directory; multiple RPMs owning the same
    directory is no problem.

[+] https://git.qemu.org/?p=qemu.git;a=blob;f=docs/interop/firmware.json

Resolves: rhbz#1728652

Signed-off-by: Kashyap Chamarthy <kchamart@redhat.com>
This commit is contained in:
Kashyap Chamarthy 2019-07-12 09:20:38 +00:00 committed by Cole Robinson
parent 1b8f6277e4
commit 674b3c8a27
9 changed files with 312 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
40-edk2-ovmf-ia32-sb-enrolled.json Normal file
View File

@ -0,0 +1,35 @@
{
"description": "OVMF for i386, with SB+SMM, SB enabled, MS certs enrolled",
"interface-types": [
"uefi"
],
"mapping": {
"device": "flash",
"executable": {
"filename": "/usr/share/edk2/ovmf-ia32/OVMF_CODE.secboot.fd",
"format": "raw"
},
"nvram-template": {
"filename": "/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd",
"format": "raw"
}
},
"targets": [
{
"architecture": "i386",
"machines": [
"pc-q35-*"
]
}
],
"features": [
"acpi-s3",
"enrolled-keys",
"requires-smm",
"secure-boot",
"verbose-dynamic"
],
"tags": [
]
}

36
40-edk2-ovmf-sb-enrolled.json Normal file
View File

@ -0,0 +1,36 @@
{
"description": "OVMF for x86_64, with SB+SMM, SB enabled, MS certs enrolled",
"interface-types": [
"uefi"
],
"mapping": {
"device": "flash",
"executable": {
"filename": "/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd",
"format": "raw"
},
"nvram-template": {
"filename": "/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd",
"format": "raw"
}
},
"targets": [
{
"architecture": "x86_64",
"machines": [
"pc-q35-*"
]
}
],
"features": [
"acpi-s3",
"amd-sev",
"enrolled-keys",
"requires-smm",
"secure-boot",
"verbose-dynamic"
],
"tags": [
]
}

34
50-edk2-ovmf-ia32-sb.json Normal file
View File

@ -0,0 +1,34 @@
{
"description": "OVMF for i386, with SB+SMM, empty varstore",
"interface-types": [
"uefi"
],
"mapping": {
"device": "flash",
"executable": {
"filename": "/usr/share/edk2/ovmf-ia32/OVMF_CODE.secboot.fd",
"format": "raw"
},
"nvram-template": {
"filename": "/usr/share/edk2/ovmf/OVMF_VARS.fd",
"format": "raw"
}
},
"targets": [
{
"architecture": "i386",
"machines": [
"pc-q35-*"
]
}
],
"features": [
"acpi-s3",
"requires-smm",
"secure-boot",
"verbose-dynamic"
],
"tags": [
]
}

35
50-edk2-ovmf-sb.json Normal file
View File

@ -0,0 +1,35 @@
{
"description": "OVMF for x86_64, with SB+SMM, empty varstore",
"interface-types": [
"uefi"
],
"mapping": {
"device": "flash",
"executable": {
"filename": "/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd",
"format": "raw"
},
"nvram-template": {
"filename": "/usr/share/edk2/ovmf/OVMF_VARS.fd",
"format": "raw"
}
},
"targets": [
{
"architecture": "x86_64",
"machines": [
"pc-q35-*"
]
}
],
"features": [
"acpi-s3",
"amd-sev",
"requires-smm",
"secure-boot",
"verbose-dynamic"
],
"tags": [
]
}

33
60-edk2-ovmf-ia32.json Normal file
View File

@ -0,0 +1,33 @@
{
"description": "OVMF for i386, without SB, without SMM, with empty varstore",
"interface-types": [
"uefi"
],
"mapping": {
"device": "flash",
"executable": {
"filename": "/usr/share/edk2/ovmf-ia32/OVMF_CODE.fd",
"format": "raw"
},
"nvram-template": {
"filename": "/usr/share/edk2/ovmf/OVMF_VARS.fd",
"format": "raw"
}
},
"targets": [
{
"architecture": "i386",
"machines": [
"pc-i440fx-*",
"pc-q35-*"
]
}
],
"features": [
"acpi-s3",
"verbose-dynamic"
],
"tags": [
]
}

34
60-edk2-ovmf.json Normal file
View File

@ -0,0 +1,34 @@
{
"description": "OVMF for x86_64, without SB, without SMM, with empty varstore",
"interface-types": [
"uefi"
],
"mapping": {
"device": "flash",
"executable": {
"filename": "/usr/share/edk2/ovmf/OVMF_CODE.fd",
"format": "raw"
},
"nvram-template": {
"filename": "/usr/share/edk2/ovmf/OVMF_VARS.fd",
"format": "raw"
}
},
"targets": [
{
"architecture": "x86_64",
"machines": [
"pc-i440fx-*",
"pc-q35-*"
]
}
],
"features": [
"acpi-s3",
"amd-sev",
"verbose-dynamic"
],
"tags": [
]
}

31
70-edk2-aarch64-verbose.json Normal file
View File

@ -0,0 +1,31 @@
{
"description": "UEFI firmware for aarch64, verbose logs",
"interface-types": [
"uefi"
],
"mapping": {
"device": "flash",
"executable": {
"filename": "/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw",
"format": "raw"
},
"nvram-template": {
"filename": "/usr/share/edk2/aarch64/vars-template-pflash.raw",
"format": "raw"
}
},
"targets": [
{
"architecture": "aarch64",
"machines": [
"virt-*"
]
}
],
"features": [
"verbose-static"
],
"tags": [
]
}

31
70-edk2-arm-verbose.json Normal file
View File

@ -0,0 +1,31 @@
{
"description": "UEFI firmware for arm, verbose logs",
"interface-types": [
"uefi"
],
"mapping": {
"device": "flash",
"executable": {
"filename": "/usr/share/edk2/arm/QEMU_EFI-pflash.raw",
"format": "raw"
},
"nvram-template": {
"filename": "/usr/share/edk2/arm/vars-template-pflash.raw",
"format": "raw"
}
},
"targets": [
{
"architecture": "arm",
"machines": [
"virt-*"
]
}
],
"features": [
"verbose-static"
],
"tags": [
]
}

43
edk2.spec
View File

@ -76,6 +76,16 @@ Source11: build-iso.sh
Source12: update-tarball.sh
Source13: openssl-patch-to-tarball.sh
# Fedora-specific JSON "descriptor files"
Source14: 40-edk2-ovmf-sb-enrolled.json
Source15: 50-edk2-ovmf-sb.json
Source16: 60-edk2-ovmf.json
Source17: 40-edk2-ovmf-ia32-sb-enrolled.json
Source18: 50-edk2-ovmf-ia32-sb.json
Source19: 60-edk2-ovmf-ia32.json
Source20: 70-edk2-aarch64-verbose.json
Source21: 70-edk2-arm-verbose.json
# non-upstream patches
Patch0001: 0001-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch
Patch0002: 0002-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-the-DXE-.patch
@ -424,9 +434,27 @@ ln -sf ../%{name}/ovmf/OVMF_CODE.secboot.fd %{buildroot}/usr/share/OVMF
ln -sf ../%{name}/ovmf/OVMF_VARS.fd %{buildroot}/usr/share/OVMF
ln -sf ../%{name}/ovmf/OVMF_VARS.secboot.fd %{buildroot}/usr/share/OVMF
ln -sf ../%{name}/ovmf/UefiShell.iso %{buildroot}/usr/share/OVMF
# For distro-provided firmware packages, the specification
# (https://git.qemu.org/?p=qemu.git;a=blob;f=docs/interop/firmware.json)
# says the JSON "descriptor files" to be searched in this directory:
# `/usr/share/firmware/`. Create it.
mkdir -p %{buildroot}/%{_datadir}/qemu/firmware
# Install the two variants of the x86_64 firmware descriptor files
# (50-edk2-x86_64-secure.json and 60-edk2-x86_64.json)
install -pm 644 %{SOURCE14} %{buildroot}/%{_datadir}/qemu/firmware
install -pm 644 %{SOURCE15} %{buildroot}/%{_datadir}/qemu/firmware
install -pm 644 %{SOURCE16} %{buildroot}/%{_datadir}/qemu/firmware
%endif
%if 0%{?build_ovmf_ia32:1}
cp -a ovmf-ia32 %{buildroot}/usr/share/%{name}
# Install the two variants of the ia32 firmware descriptor files
# (50-edk2-i386-secure.json and 60-edk2-i386.json)
install -pm 644 %{SOURCE17} %{buildroot}/%{_datadir}/qemu/firmware
install -pm 644 %{SOURCE18} %{buildroot}/%{_datadir}/qemu/firmware
install -pm 644 %{SOURCE19} %{buildroot}/%{_datadir}/qemu/firmware
%endif
%if 0%{?build_aavmf_aarch64:1}
cp -a aarch64 %{buildroot}/usr/share/%{name}
@ -434,10 +462,15 @@ cp -a aarch64 %{buildroot}/usr/share/%{name}
mkdir %{buildroot}/usr/share/AAVMF
ln -sf ../%{name}/aarch64/QEMU_EFI-pflash.raw %{buildroot}/usr/share/AAVMF/AAVMF_CODE.fd
ln -sf ../%{name}/aarch64/vars-template-pflash.raw %{buildroot}/usr/share/AAVMF/AAVMF_VARS.fd
# Install the AArch64 firmware descriptor file (60-edk2-aarch64.json)
install -pm 644 %{SOURCE20} %{buildroot}/%{_datadir}/qemu/firmware
%endif
%if 0%{?build_aavmf_arm:1}
cp -a arm %{buildroot}/usr/share/%{name}
ln -sf ../%{name}/arm/QEMU_EFI-pflash.raw %{buildroot}/usr/share/AAVMF/AAVMF32_CODE.fd
# Install the ARM firmware descriptor file (60-edk2-arm.json)
install -pm 644 %{SOURCE21} %{buildroot}/%{_datadir}/qemu/firmware
%endif
install qemu-ovmf-secureboot-%{qosb_version}/ovmf-vars-generator %{buildroot}%{_bindir}
@ -495,9 +528,11 @@ install qemu-ovmf-secureboot-%{qosb_version}/ovmf-vars-generator %{buildroot}%{_
%doc ovmf-whitepaper-c770f8c.txt
%dir /usr/share/%{name}
%dir /usr/share/%{name}/ovmf
%dir /usr/share/qemu/firmware
/usr/share/%{name}/ovmf/OVMF*.fd
/usr/share/%{name}/ovmf/*.efi
/usr/share/%{name}/ovmf/*.iso
/usr/share/qemu/firmware/*.json
/usr/share/OVMF
%endif
@ -509,9 +544,11 @@ install qemu-ovmf-secureboot-%{qosb_version}/ovmf-vars-generator %{buildroot}%{_
%doc ovmf-whitepaper-c770f8c.txt
%dir /usr/share/%{name}
%dir /usr/share/%{name}/ovmf-ia32
%dir /usr/share/qemu/firmware
/usr/share/%{name}/ovmf-ia32/OVMF*.fd
/usr/share/%{name}/ovmf-ia32/*.efi
/usr/share/%{name}/ovmf-ia32/*.iso
/usr/share/qemu/firmware/*.json
%endif
%if 0%{?build_aavmf_aarch64:1}
@ -520,8 +557,10 @@ install qemu-ovmf-secureboot-%{qosb_version}/ovmf-vars-generator %{buildroot}%{_
%license LICENSE.openssl
%dir /usr/share/%{name}
%dir /usr/share/%{name}/aarch64
%dir /usr/share/qemu/firmware
/usr/share/%{name}/aarch64/QEMU*.fd
/usr/share/%{name}/aarch64/*.raw
/usr/share/qemu/firmware/*.json
/usr/share/AAVMF/AAVMF_*
%endif
@ -531,8 +570,10 @@ install qemu-ovmf-secureboot-%{qosb_version}/ovmf-vars-generator %{buildroot}%{_
%license LICENSE.openssl
%dir /usr/share/%{name}
%dir /usr/share/%{name}/arm
%dir /usr/share/qemu/firmware
/usr/share/%{name}/arm/QEMU*.fd
/usr/share/%{name}/arm/*.raw
/usr/share/qemu/firmware/*.json
/usr/share/AAVMF/AAVMF32_*
%endif
@ -542,6 +583,8 @@ install qemu-ovmf-secureboot-%{qosb_version}/ovmf-vars-generator %{buildroot}%{_
- Update to stable-201905
- Update to openssl-1.1.1b
- Ship VARS file for ovmf-ia32 (bug 1688596)
- Ship Fedora-variant JSON "firmware descriptor files"
- Resolves rhbz#1728652
* Mon Mar 18 2019 Cole Robinson <aintdiscole@gmail.com> - 20190308stable-1
- Use YYYYMMDD versioning to fix upgrade path