]>
Commit | Line | Data |
---|---|---|
33bf0acc | 1 | #!/usr/bin/make -f |
33bf0acc | 2 | |
a65627a8 | 3 | SHELL=/bin/bash |
33bf0acc | 4 | |
2b1d392a | 5 | include /usr/share/dpkg/default.mk |
33bf0acc | 6 | |
a65627a8 | 7 | EDK2_TOOLCHAIN = GCC5 |
33bf0acc TL |
8 | export $(EDK2_TOOLCHAIN)_AARCH64_PREFIX=aarch64-linux-gnu- |
9 | ||
1345c3eb | 10 | export PYTHON3_ENABLE=TRUE |
1da98c7b | 11 | |
33bf0acc TL |
12 | ifeq ($(DEB_BUILD_ARCH),amd64) |
13 | EDK2_BUILD_ARCH=X64 | |
33bf0acc | 14 | endif |
a65627a8 TL |
15 | ifeq ($(DEB_BUILD_ARCH),i386) |
16 | EDK2_BUILD_ARCH=IA32 | |
17 | endif | |
33bf0acc TL |
18 | ifeq ($(DEB_BUILD_ARCH),arm64) |
19 | EDK2_BUILD_ARCH=AARCH64 | |
20 | endif | |
a65627a8 | 21 | |
13d9aa9d TL |
22 | COMMON_FLAGS = -DNETWORK_HTTP_BOOT_ENABLE=TRUE |
23 | COMMON_FLAGS += -DNETWORK_TLS_ENABLE | |
24 | COMMON_FLAGS += -DSECURE_BOOT_ENABLE=TRUE | |
a65627a8 TL |
25 | OVMF_COMMON_FLAGS = $(COMMON_FLAGS) -DTPM_ENABLE=TRUE |
26 | OVMF_2M_FLAGS = $(OVMF_COMMON_FLAGS) -DFD_SIZE_2MB | |
27 | OVMF_4M_FLAGS = $(OVMF_COMMON_FLAGS) -DFD_SIZE_4MB | |
28 | OVMF_2M_SMM_FLAGS = $(OVMF_2M_FLAGS) -DSMM_REQUIRE=TRUE | |
29 | OVMF_4M_SMM_FLAGS = $(OVMF_4M_FLAGS) -DSMM_REQUIRE=TRUE | |
30 | OVMF32_4M_FLAGS = $(OVMF_COMMON_FLAGS) -DFD_SIZE_4MB | |
31 | OVMF32_4M_SMM_FLAGS = $(OVMF32_4M_FLAGS) -DSMM_REQUIRE=TRUE | |
32 | ||
33 | AAVMF_FLAGS = $(COMMON_FLAGS) -DTPM2_ENABLE=TRUE -DTPM2_CONFIG_ENABLE=TRUE | |
34 | ||
35 | OVMF_VARS_GENERATOR = ./qemu-ovmf-secureboot-1-1-3/ovmf-vars-generator | |
33bf0acc TL |
36 | |
37 | # Clear variables used internally by the edk2 build system | |
38 | undefine WORKSPACE | |
39 | undefine ECP_SOURCE | |
40 | undefine EDK_SOURCE | |
41 | undefine EFI_SOURCE | |
42 | undefine EDK_TOOLS_PATH | |
43 | undefine CONF_PATH | |
44 | ||
45 | %: | |
46 | dh $@ | |
47 | ||
a65627a8 | 48 | override_dh_auto_build: build-qemu-efi-aarch64 build-ovmf build-ovmf32 |
33bf0acc | 49 | |
a65627a8 | 50 | debian/setup-build-stamp: |
33bf0acc | 51 | cp -a debian/Logo.bmp MdeModulePkg/Logo/Logo.bmp |
a65627a8 | 52 | set -e; . ./edksetup.sh; \ |
33bf0acc | 53 | make -C BaseTools ARCH=$(EDK2_BUILD_ARCH) |
a65627a8 TL |
54 | touch $@ |
55 | ||
56 | OVMF_BUILD_DIR = Build/OvmfX64/RELEASE_$(EDK2_TOOLCHAIN) | |
57 | OVMF3264_BUILD_DIR = Build/Ovmf3264/RELEASE_$(EDK2_TOOLCHAIN) | |
58 | OVMF_ENROLL = $(OVMF3264_BUILD_DIR)/X64/EnrollDefaultKeys.efi | |
59 | OVMF_SHELL = $(OVMF3264_BUILD_DIR)/X64/Shell.efi | |
60 | OVMF_BINARIES = $(OVMF_ENROLL) $(OVMF_SHELL) | |
61 | OVMF_IMAGES := $(addprefix debian/ovmf-install/,OVMF_CODE.fd OVMF_CODE_4M.fd OVMF_CODE.secboot.fd OVMF_CODE_4M.secboot.fd OVMF_VARS.fd OVMF_VARS_4M.fd) | |
62 | OVMF_PREENROLLED_VARS := $(addprefix debian/ovmf-install/,OVMF_VARS.ms.fd OVMF_VARS_4M.ms.fd OVMF_VARS_4M.snakeoil.fd) | |
33bf0acc | 63 | |
a65627a8 TL |
64 | OVMF32_BUILD_DIR = Build/OvmfIa32/RELEASE_$(EDK2_TOOLCHAIN) |
65 | OVMF32_SHELL = $(OVMF32_BUILD_DIR)/IA32/Shell.efi | |
66 | OVMF32_BINARIES = $(OVMF32_SHELL) | |
67 | OVMF32_IMAGES := $(addprefix debian/ovmf32-install/,OVMF32_CODE_4M.secboot.fd OVMF_VARS_4M.fd) | |
68 | ||
69 | QEMU_EFI_BUILD_DIR = Build/ArmVirtQemu-$(EDK2_HOST_ARCH)/RELEASE_$(EDK2_TOOLCHAIN) | |
70 | AAVMF_BUILD_DIR = Build/ArmVirtQemu-AARCH64/RELEASE_$(EDK2_TOOLCHAIN) | |
71 | AAVMF_ENROLL = $(AAVMF_BUILD_DIR)/AARCH64/EnrollDefaultKeys.efi | |
72 | AAVMF_SHELL = $(AAVMF_BUILD_DIR)/AARCH64/Shell.efi | |
73 | AAVMF_BINARIES = $(AAVMF_ENROLL) $(AAVMF_SHELL) | |
74 | AAVMF_CODE = $(AAVMF_BUILD_DIR)/FV/AAVMF_CODE.fd | |
75 | AAVMF_VARS = $(AAVMF_BUILD_DIR)/FV/AAVMF_VARS.fd | |
76 | AAVMF_IMAGES = $(AAVMF_CODE) $(AAVMF_VARS) | |
77 | AAVMF_PREENROLLED_VARS = $(addprefix $(AAVMF_BUILD_DIR)/FV/,AAVMF_VARS.ms.fd AAVMF_VARS.snakeoil.fd) | |
78 | ||
79 | build-ovmf32: $(OVMF32_BINARIES) $(OVMF32_IMAGES) | |
80 | $(OVMF32_BINARIES) $(OVMF32_IMAGES): debian/setup-build-stamp | |
81 | rm -rf debian/ovmf32-install | |
82 | mkdir debian/ovmf32-install | |
83 | set -e; . ./edksetup.sh; \ | |
84 | build -a IA32 \ | |
85 | -t $(EDK2_TOOLCHAIN) \ | |
86 | -p OvmfPkg/OvmfPkgIa32.dsc \ | |
87 | $(OVMF32_4M_SMM_FLAGS) -b RELEASE | |
88 | cp $(OVMF32_BUILD_DIR)/FV/OVMF_CODE.fd \ | |
89 | debian/ovmf32-install/OVMF32_CODE_4M.secboot.fd | |
90 | cp $(OVMF32_BUILD_DIR)/FV/OVMF_VARS.fd \ | |
91 | debian/ovmf32-install/OVMF32_VARS_4M.fd | |
92 | ||
93 | build-ovmf: $(OVMF_BINARIES) $(OVMF_IMAGES) $(OVMF_PREENROLLED_VARS) | |
94 | $(OVMF_BINARIES) $(OVMF_IMAGES): debian/setup-build-stamp | |
95 | rm -rf debian/ovmf-install | |
96 | mkdir debian/ovmf-install | |
97 | set -e; . ./edksetup.sh; \ | |
98 | build -a X64 \ | |
99 | -t $(EDK2_TOOLCHAIN) \ | |
100 | -p OvmfPkg/OvmfPkgX64.dsc \ | |
101 | $(OVMF_2M_FLAGS) -b RELEASE | |
102 | cp $(OVMF_BUILD_DIR)/FV/OVMF_CODE.fd \ | |
103 | debian/ovmf-install/ | |
104 | cp $(OVMF_BUILD_DIR)/FV/OVMF_VARS.fd debian/ovmf-install/ | |
105 | rm -rf Build/OvmfX64 | |
106 | set -e; . ./edksetup.sh; \ | |
107 | build -a IA32 -a X64 \ | |
108 | -t $(EDK2_TOOLCHAIN) \ | |
109 | -p OvmfPkg/OvmfPkgIa32X64.dsc \ | |
110 | $(OVMF_4M_FLAGS) -b RELEASE | |
111 | cp $(OVMF3264_BUILD_DIR)/FV/OVMF_CODE.fd \ | |
112 | debian/ovmf-install/OVMF_CODE_4M.fd | |
113 | cp $(OVMF3264_BUILD_DIR)/FV/OVMF_VARS.fd \ | |
114 | debian/ovmf-install/OVMF_VARS_4M.fd | |
115 | rm -rf Build/OvmfX64 | |
33bf0acc | 116 | set -e; . ./edksetup.sh; \ |
a65627a8 TL |
117 | build -a X64 \ |
118 | -t $(EDK2_TOOLCHAIN) \ | |
119 | -p OvmfPkg/OvmfPkgX64.dsc \ | |
120 | $(OVMF_2M_SMM_FLAGS) -b RELEASE | |
121 | cp $(OVMF_BUILD_DIR)/FV/OVMF_CODE.fd \ | |
122 | debian/ovmf-install/OVMF_CODE.secboot.fd | |
123 | rm -rf Build/OvmfX64 | |
124 | set -e; . ./edksetup.sh; \ | |
125 | build -a IA32 -a X64 \ | |
126 | -t $(EDK2_TOOLCHAIN) \ | |
127 | -p OvmfPkg/OvmfPkgIa32X64.dsc \ | |
128 | $(OVMF_4M_SMM_FLAGS) -b RELEASE | |
129 | cp $(OVMF3264_BUILD_DIR)/FV/OVMF_CODE.fd \ | |
130 | debian/ovmf-install/OVMF_CODE_4M.secboot.fd | |
131 | ||
132 | ifeq ($(call dpkg_vendor_derives_from_v1,ubuntu),yes) | |
133 | debian/PkKek-1-vendor.pem: debian/PkKek-1-Ubuntu.pem | |
134 | else | |
135 | debian/PkKek-1-vendor.pem: debian/PkKek-1-Debian.pem | |
136 | endif | |
137 | ln -sf `basename $<` $@ | |
138 | ||
139 | debian/oem-string-%: debian/PkKek-1-%.pem | |
140 | tr -d '\n' < $< | \ | |
141 | sed -e 's/.*-----BEGIN CERTIFICATE-----/4e32566d-8e9e-4f52-81d3-5bb9715f9727:/' -e 's/-----END CERTIFICATE-----//' > $@ | |
142 | ||
143 | %/AAVMF_VARS.ms.fd: %/AAVMF_CODE.fd %/AAVMF_VARS.fd debian/oem-string-vendor $(AAVMF_ENROLL) $(AAVMF_SHELL) | |
144 | PYTHONPATH=$(CURDIR)/debian/python \ | |
145 | ./debian/edk2-vars-generator.py \ | |
146 | -f AAVMF -e $(AAVMF_ENROLL) -s $(AAVMF_SHELL) \ | |
147 | -c $(AAVMF_CODE) -V $(AAVMF_VARS) \ | |
148 | -C `< debian/oem-string-vendor` -o $@ | |
149 | ||
150 | %/AAVMF_VARS.snakeoil.fd: %/AAVMF_CODE.fd %/AAVMF_VARS.fd debian/oem-string-snakeoil $(AAVMF_ENROLL) $(AAVMF_SHELL) | |
151 | PYTHONPATH=$(CURDIR)/debian/python \ | |
152 | ./debian/edk2-vars-generator.py \ | |
153 | -f AAVMF -e $(AAVMF_ENROLL) -s $(AAVMF_SHELL) \ | |
154 | -c $(AAVMF_CODE) -V $(AAVMF_VARS) \ | |
155 | -C `< debian/oem-string-snakeoil` -o $@ | |
156 | ||
157 | %/OVMF_VARS.ms.fd: %/OVMF_CODE.fd %/OVMF_VARS.fd debian/oem-string-vendor $(OVMF_ENROLL) $(OVMF_SHELL) | |
158 | PYTHONPATH=$(CURDIR)/debian/python \ | |
159 | ./debian/edk2-vars-generator.py \ | |
160 | -f OVMF -e $(OVMF_ENROLL) -s $(OVMF_SHELL) \ | |
161 | -c debian/ovmf-install/OVMF_CODE.fd \ | |
162 | -V debian/ovmf-install/OVMF_VARS.fd \ | |
163 | -C `< debian/oem-string-vendor` -o $@ | |
164 | ||
165 | %/OVMF_VARS_4M.ms.fd: %/OVMF_CODE_4M.fd %/OVMF_VARS_4M.fd debian/oem-string-vendor $(OVMF_ENROLL) $(OVMF_SHELL) | |
166 | PYTHONPATH=$(CURDIR)/debian/python \ | |
167 | ./debian/edk2-vars-generator.py \ | |
168 | -f OVMF_4M -e $(OVMF_ENROLL) -s $(OVMF_SHELL) \ | |
169 | -c debian/ovmf-install/OVMF_CODE_4M.fd \ | |
170 | -V debian/ovmf-install/OVMF_VARS_4M.fd \ | |
171 | -C `< debian/oem-string-vendor` -o $@ | |
172 | ||
173 | %/OVMF_VARS_4M.snakeoil.fd: %/OVMF_CODE_4M.fd %/OVMF_VARS_4M.fd debian/oem-string-snakeoil $(OVMF_ENROLL) $(OVMF_SHELL) | |
174 | PYTHONPATH=$(CURDIR)/debian/python \ | |
175 | ./debian/edk2-vars-generator.py \ | |
176 | -f OVMF_4M -e $(OVMF_ENROLL) -s $(OVMF_SHELL) \ | |
177 | -c debian/ovmf-install/OVMF_CODE_4M.fd \ | |
178 | -V debian/ovmf-install/OVMF_VARS_4M.fd \ | |
179 | -C `< debian/oem-string-snakeoil` -o $@ | |
180 | ||
181 | ArmPkg/Library/GccLto/liblto-aarch64.a: ArmPkg/Library/GccLto/liblto-aarch64.s | |
182 | $($(EDK2_TOOLCHAIN)_AARCH64_PREFIX)gcc -c -fpic $< -o $@ | |
183 | ||
184 | build-qemu-efi: debian/setup-build-stamp | |
20ffa59c | 185 | set -e; . ./edksetup.sh; \ |
20ffa59c TL |
186 | build -a $(EDK2_HOST_ARCH) \ |
187 | -t $(EDK2_TOOLCHAIN) \ | |
188 | -p ArmVirtPkg/ArmVirtQemu.dsc \ | |
a65627a8 TL |
189 | $(AAVMF_FLAGS) -b RELEASE |
190 | dd if=/dev/zero of=$(QEMU_EFI_BUILD_DIR)/FV/$(FW_NAME)_CODE.fd bs=1M seek=64 count=0 | |
191 | dd if=$(QEMU_EFI_BUILD_DIR)/FV/QEMU_EFI.fd of=$(QEMU_EFI_BUILD_DIR)/FV/$(FW_NAME)_CODE.fd conv=notrunc | |
192 | dd if=/dev/zero of=$(QEMU_EFI_BUILD_DIR)/FV/$(FW_NAME)_VARS.fd bs=1M seek=64 count=0 | |
193 | ||
194 | build-qemu-efi-aarch64: $(AAVMF_BINARIES) $(AAVMF_PREENROLLED_VARS) | |
195 | $(AAVMF_BINARIES): ArmPkg/Library/GccLto/liblto-aarch64.a | |
20ffa59c TL |
196 | $(MAKE) -f debian/rules build-qemu-efi EDK2_ARCH_DIR=AArch64 EDK2_HOST_ARCH=AARCH64 FW_NAME=AAVMF |
197 | ||
33bf0acc | 198 | override_dh_auto_clean: |
a65627a8 TL |
199 | -. ./edksetup.sh; build clean |
200 | make -C BaseTools clean | |
201 | ||
202 | # Only embed code that is actually used; requested by the Ubuntu Security Team | |
203 | EMBEDDED_SUBMODULES += CryptoPkg/Library/OpensslLib/openssl | |
204 | EMBEDDED_SUBMODULES += ArmPkg/Library/ArmSoftFloatLib/berkeley-softfloat-3 | |
205 | EMBEDDED_SUBMODULES += MdeModulePkg/Library/BrotliCustomDecompressLib/brotli | |
206 | get-orig-source: | |
207 | # Should be executed on a checkout of the upstream master branch, | |
208 | # with the debian/ directory manually copied in. | |
209 | rm -rf edk2.tmp && git clone . edk2.tmp | |
210 | # Embed submodules. Don't recurse - openssl will bring in MBs of | |
211 | # stuff we don't need | |
212 | set -e; cd edk2.tmp; \ | |
213 | for submodule in $(EMBEDDED_SUBMODULES); do \ | |
214 | git submodule update --init $$submodule; \ | |
215 | done | |
216 | rm -rf edk2-$(DEB_VERSION_UPSTREAM) && \ | |
217 | mkdir edk2-$(DEB_VERSION_UPSTREAM) | |
218 | cd edk2.tmp && git archive HEAD | \ | |
219 | tar xv -C ../edk2-$(DEB_VERSION_UPSTREAM) | |
220 | cd edk2.tmp && git submodule foreach \ | |
221 | 'git archive HEAD | tar xv -C $$toplevel/../edk2-$(DEB_VERSION_UPSTREAM)/$$sm_path' | |
222 | ln -s ../debian edk2-$(DEB_VERSION_UPSTREAM) | |
223 | # Remove known-binary files | |
224 | cd edk2-$(DEB_VERSION_UPSTREAM) && python3 ./debian/remove-binaries.py | |
225 | # Look for possible unknown binary files | |
226 | cd edk2-$(DEB_VERSION_UPSTREAM) && python3 ./debian/find-binaries.py | |
227 | rm edk2-$(DEB_VERSION_UPSTREAM)/debian | |
228 | tar Jcvf ../edk2_$(DEB_VERSION_UPSTREAM).orig.tar.xz \ | |
229 | edk2-$(DEB_VERSION_UPSTREAM) | |
230 | rm -rf edk2.tmp edk2-$(DEB_VERSION_UPSTREAM) | |
231 | ||
232 | .PHONY: build-ovmf build-ovmf32 build-qemu-efi build-qemu-efi-aarch64 |