5 include /usr
/share
/dpkg
/default.mk
8 export $(EDK2_TOOLCHAIN
)_AARCH64_PREFIX
=aarch64-linux-gnu-
10 export PYTHON3_ENABLE
=TRUE
12 ifeq ($(DEB_BUILD_ARCH
),amd64
)
15 ifeq ($(DEB_BUILD_ARCH
),i386
)
18 ifeq ($(DEB_BUILD_ARCH
),arm64
)
19 EDK2_BUILD_ARCH
=AARCH64
22 COMMON_FLAGS
= -DNETWORK_HTTP_BOOT_ENABLE
=TRUE
23 COMMON_FLAGS
+= -DNETWORK_IP6_ENABLE
=TRUE
24 COMMON_FLAGS
+= -DNETWORK_TLS_ENABLE
25 COMMON_FLAGS
+= -DSECURE_BOOT_ENABLE
=TRUE
26 COMMON_FLAGS
+= -DTPM2_ENABLE
=TRUE
27 OVMF_COMMON_FLAGS
= $(COMMON_FLAGS
)
28 OVMF_2M_FLAGS
= $(OVMF_COMMON_FLAGS
) -DFD_SIZE_2MB
29 OVMF_4M_FLAGS
= $(OVMF_COMMON_FLAGS
) -DFD_SIZE_4MB
30 OVMF_2M_SMM_FLAGS
= $(OVMF_2M_FLAGS
) -DSMM_REQUIRE
=TRUE
31 OVMF_4M_SMM_FLAGS
= $(OVMF_4M_FLAGS
) -DSMM_REQUIRE
=TRUE
32 OVMF32_4M_FLAGS
= $(OVMF_COMMON_FLAGS
) -DFD_SIZE_4MB
33 OVMF32_4M_SMM_FLAGS
= $(OVMF32_4M_FLAGS
) -DSMM_REQUIRE
=TRUE
35 AAVMF_FLAGS
= $(COMMON_FLAGS
) -DTPM2_CONFIG_ENABLE
=TRUE
37 OVMF_VARS_GENERATOR
= .
/qemu-ovmf-secureboot-1-1-3
/ovmf-vars-generator
39 # Clear variables used internally by the edk2 build system
44 undefine EDK_TOOLS_PATH
50 override_dh_auto_build
: build-qemu-efi-aarch64 build-ovmf build-ovmf32
52 debian
/setup-build-stamp
:
53 cp
-a debian
/Logo.bmp MdeModulePkg
/Logo
/Logo.bmp
54 set
-e
; . .
/edksetup.sh
; \
55 make
-C BaseTools ARCH
=$(EDK2_BUILD_ARCH
)
58 OVMF_BUILD_DIR
= Build
/OvmfX64
/RELEASE_
$(EDK2_TOOLCHAIN
)
59 OVMF3264_BUILD_DIR
= Build
/Ovmf3264
/RELEASE_
$(EDK2_TOOLCHAIN
)
60 OVMF_ENROLL
= $(OVMF3264_BUILD_DIR
)/X64
/EnrollDefaultKeys.efi
61 OVMF_SHELL
= $(OVMF3264_BUILD_DIR
)/X64
/Shell.efi
62 OVMF_BINARIES
= $(OVMF_ENROLL
) $(OVMF_SHELL
)
63 OVMF_IMAGES
:= $(addprefix debian
/ovmf-install
/,OVMF_CODE.fd OVMF_CODE_4M.fd OVMF_CODE.secboot.fd OVMF_CODE_4M.secboot.fd OVMF_VARS.fd OVMF_VARS_4M.fd
)
64 OVMF_PREENROLLED_VARS
:= $(addprefix debian
/ovmf-install
/,OVMF_VARS.ms.fd OVMF_VARS_4M.ms.fd OVMF_VARS_4M.snakeoil.fd
)
66 OVMF32_BUILD_DIR
= Build
/OvmfIa32
/RELEASE_
$(EDK2_TOOLCHAIN
)
67 OVMF32_SHELL
= $(OVMF32_BUILD_DIR
)/IA32
/Shell.efi
68 OVMF32_BINARIES
= $(OVMF32_SHELL
)
69 OVMF32_IMAGES
:= $(addprefix debian
/ovmf32-install
/,OVMF32_CODE_4M.secboot.fd OVMF_VARS_4M.fd
)
71 QEMU_EFI_BUILD_DIR
= Build
/ArmVirtQemu-
$(EDK2_HOST_ARCH
)/RELEASE_
$(EDK2_TOOLCHAIN
)
72 AAVMF_BUILD_DIR
= Build
/ArmVirtQemu-AARCH64
/RELEASE_
$(EDK2_TOOLCHAIN
)
73 AAVMF_ENROLL
= $(AAVMF_BUILD_DIR
)/AARCH64
/EnrollDefaultKeys.efi
74 AAVMF_SHELL
= $(AAVMF_BUILD_DIR
)/AARCH64
/Shell.efi
75 AAVMF_BINARIES
= $(AAVMF_ENROLL
) $(AAVMF_SHELL
)
76 AAVMF_CODE
= $(AAVMF_BUILD_DIR
)/FV
/AAVMF_CODE.fd
77 AAVMF_VARS
= $(AAVMF_BUILD_DIR
)/FV
/AAVMF_VARS.fd
78 AAVMF_IMAGES
= $(AAVMF_CODE
) $(AAVMF_VARS
)
79 AAVMF_PREENROLLED_VARS
= $(addprefix $(AAVMF_BUILD_DIR
)/FV
/,AAVMF_VARS.ms.fd AAVMF_VARS.snakeoil.fd
)
81 build-ovmf32
: $(OVMF32_BINARIES
) $(OVMF32_IMAGES
)
82 $(OVMF32_BINARIES
) $(OVMF32_IMAGES
): debian
/setup-build-stamp
83 rm -rf debian
/ovmf32-install
84 mkdir debian
/ovmf32-install
85 set
-e
; . .
/edksetup.sh
; \
87 -t
$(EDK2_TOOLCHAIN
) \
88 -p OvmfPkg
/OvmfPkgIa32.dsc \
89 $(OVMF32_4M_SMM_FLAGS
) -b RELEASE
90 cp
$(OVMF32_BUILD_DIR
)/FV
/OVMF_CODE.fd \
91 debian
/ovmf32-install
/OVMF32_CODE_4M.secboot.fd
92 cp
$(OVMF32_BUILD_DIR
)/FV
/OVMF_VARS.fd \
93 debian
/ovmf32-install
/OVMF32_VARS_4M.fd
95 build-ovmf
: $(OVMF_BINARIES
) $(OVMF_IMAGES
) $(OVMF_PREENROLLED_VARS
)
96 $(OVMF_BINARIES
) $(OVMF_IMAGES
): debian
/setup-build-stamp
97 rm -rf debian
/ovmf-install
98 mkdir debian
/ovmf-install
99 set
-e
; . .
/edksetup.sh
; \
101 -t
$(EDK2_TOOLCHAIN
) \
102 -p OvmfPkg
/OvmfPkgX64.dsc \
103 $(OVMF_2M_FLAGS
) -b RELEASE
104 cp
$(OVMF_BUILD_DIR
)/FV
/OVMF_CODE.fd \
106 cp
$(OVMF_BUILD_DIR
)/FV
/OVMF_VARS.fd debian
/ovmf-install
/
108 set
-e
; . .
/edksetup.sh
; \
109 build
-a IA32
-a X64 \
110 -t
$(EDK2_TOOLCHAIN
) \
111 -p OvmfPkg
/OvmfPkgIa32X64.dsc \
112 $(OVMF_4M_FLAGS
) -b RELEASE
113 cp
$(OVMF3264_BUILD_DIR
)/FV
/OVMF_CODE.fd \
114 debian
/ovmf-install
/OVMF_CODE_4M.fd
115 cp
$(OVMF3264_BUILD_DIR
)/FV
/OVMF_VARS.fd \
116 debian
/ovmf-install
/OVMF_VARS_4M.fd
118 set
-e
; . .
/edksetup.sh
; \
120 -t
$(EDK2_TOOLCHAIN
) \
121 -p OvmfPkg
/OvmfPkgX64.dsc \
122 $(OVMF_2M_SMM_FLAGS
) -b RELEASE
123 cp
$(OVMF_BUILD_DIR
)/FV
/OVMF_CODE.fd \
124 debian
/ovmf-install
/OVMF_CODE.secboot.fd
126 set
-e
; . .
/edksetup.sh
; \
127 build
-a IA32
-a X64 \
128 -t
$(EDK2_TOOLCHAIN
) \
129 -p OvmfPkg
/OvmfPkgIa32X64.dsc \
130 $(OVMF_4M_SMM_FLAGS
) -b RELEASE
131 cp
$(OVMF3264_BUILD_DIR
)/FV
/OVMF_CODE.fd \
132 debian
/ovmf-install
/OVMF_CODE_4M.secboot.fd
134 ifeq ($(call dpkg_vendor_derives_from_v1
,ubuntu
),yes
)
135 debian
/PkKek-1-vendor.pem
: debian
/PkKek-1-Ubuntu.pem
137 debian
/PkKek-1-vendor.pem
: debian
/PkKek-1-Debian.pem
139 ln
-sf
`basename $<` $@
141 debian
/oem-string-
%: debian
/PkKek-1-
%.pem
143 sed
-e
's/.*-----BEGIN CERTIFICATE-----/4e32566d-8e9e-4f52-81d3-5bb9715f9727:/' -e
's/-----END CERTIFICATE-----//' > $@
145 %/AAVMF_VARS.ms.fd
: %/AAVMF_CODE.fd
%/AAVMF_VARS.fd debian
/oem-string-vendor
$(AAVMF_ENROLL
) $(AAVMF_SHELL
)
146 PYTHONPATH
=$(CURDIR
)/debian
/python \
147 .
/debian
/edk2-vars-generator.py \
148 -f AAVMF
-e
$(AAVMF_ENROLL
) -s
$(AAVMF_SHELL
) \
149 -c
$(AAVMF_CODE
) -V
$(AAVMF_VARS
) \
150 -C
`< debian/oem-string-vendor` -o
$@
152 %/AAVMF_VARS.snakeoil.fd
: %/AAVMF_CODE.fd
%/AAVMF_VARS.fd debian
/oem-string-snakeoil
$(AAVMF_ENROLL
) $(AAVMF_SHELL
)
153 PYTHONPATH
=$(CURDIR
)/debian
/python \
154 .
/debian
/edk2-vars-generator.py \
155 -f AAVMF
-e
$(AAVMF_ENROLL
) -s
$(AAVMF_SHELL
) \
156 -c
$(AAVMF_CODE
) -V
$(AAVMF_VARS
) \
157 -C
`< debian/oem-string-snakeoil` -o
$@
159 %/OVMF_VARS.ms.fd
: %/OVMF_CODE.fd
%/OVMF_VARS.fd debian
/oem-string-vendor
$(OVMF_ENROLL
) $(OVMF_SHELL
)
160 PYTHONPATH
=$(CURDIR
)/debian
/python \
161 .
/debian
/edk2-vars-generator.py \
162 -f OVMF
-e
$(OVMF_ENROLL
) -s
$(OVMF_SHELL
) \
163 -c debian
/ovmf-install
/OVMF_CODE.fd \
164 -V debian
/ovmf-install
/OVMF_VARS.fd \
165 -C
`< debian/oem-string-vendor` -o
$@
167 %/OVMF_VARS_4M.ms.fd
: %/OVMF_CODE_4M.fd
%/OVMF_VARS_4M.fd debian
/oem-string-vendor
$(OVMF_ENROLL
) $(OVMF_SHELL
)
168 PYTHONPATH
=$(CURDIR
)/debian
/python \
169 .
/debian
/edk2-vars-generator.py \
170 -f OVMF_4M
-e
$(OVMF_ENROLL
) -s
$(OVMF_SHELL
) \
171 -c debian
/ovmf-install
/OVMF_CODE_4M.fd \
172 -V debian
/ovmf-install
/OVMF_VARS_4M.fd \
173 -C
`< debian/oem-string-vendor` -o
$@
175 %/OVMF_VARS_4M.snakeoil.fd
: %/OVMF_CODE_4M.fd
%/OVMF_VARS_4M.fd debian
/oem-string-snakeoil
$(OVMF_ENROLL
) $(OVMF_SHELL
)
176 PYTHONPATH
=$(CURDIR
)/debian
/python \
177 .
/debian
/edk2-vars-generator.py \
178 -f OVMF_4M
-e
$(OVMF_ENROLL
) -s
$(OVMF_SHELL
) \
179 -c debian
/ovmf-install
/OVMF_CODE_4M.fd \
180 -V debian
/ovmf-install
/OVMF_VARS_4M.fd \
181 -C
`< debian/oem-string-snakeoil` -o
$@
183 ArmPkg
/Library
/GccLto
/liblto-aarch64.a
: ArmPkg
/Library
/GccLto
/liblto-aarch64.s
184 $($(EDK2_TOOLCHAIN
)_AARCH64_PREFIX
)gcc
-c
-fpic
$< -o
$@
186 build-qemu-efi
: debian
/setup-build-stamp
187 set
-e
; . .
/edksetup.sh
; \
188 build
-a
$(EDK2_HOST_ARCH
) \
189 -t
$(EDK2_TOOLCHAIN
) \
190 -p ArmVirtPkg
/ArmVirtQemu.dsc \
191 $(AAVMF_FLAGS
) -b RELEASE
192 dd if
=/dev
/zero of
=$(QEMU_EFI_BUILD_DIR
)/FV
/$(FW_NAME
)_CODE.fd bs
=1M seek
=64 count
=0
193 dd if
=$(QEMU_EFI_BUILD_DIR
)/FV
/QEMU_EFI.fd of
=$(QEMU_EFI_BUILD_DIR
)/FV
/$(FW_NAME
)_CODE.fd conv
=notrunc
194 dd if
=/dev
/zero of
=$(QEMU_EFI_BUILD_DIR
)/FV
/$(FW_NAME
)_VARS.fd bs
=1M seek
=64 count
=0
196 build-qemu-efi-aarch64
: $(AAVMF_BINARIES
) $(AAVMF_PREENROLLED_VARS
)
197 $(AAVMF_BINARIES
): ArmPkg
/Library
/GccLto
/liblto-aarch64.a
198 $(MAKE
) -f debian
/rules build-qemu-efi EDK2_ARCH_DIR
=AArch64 EDK2_HOST_ARCH
=AARCH64 FW_NAME
=AAVMF
200 override_dh_auto_clean
:
201 -. .
/edksetup.sh
; build
clean
202 make
-C BaseTools
clean
204 # Only embed code that is actually used; requested by the Ubuntu Security Team
205 EMBEDDED_SUBMODULES
+= CryptoPkg
/Library
/OpensslLib
/openssl
206 EMBEDDED_SUBMODULES
+= ArmPkg
/Library
/ArmSoftFloatLib
/berkeley-softfloat-3
207 EMBEDDED_SUBMODULES
+= MdeModulePkg
/Library
/BrotliCustomDecompressLib
/brotli
209 # Should be executed on a checkout of the upstream master branch,
210 # with the debian/ directory manually copied in.
211 rm -rf edk2.tmp
&& git clone . edk2.tmp
212 # Embed submodules. Don't recurse - openssl will bring in MBs of
213 # stuff we don't need
214 set
-e
; cd edk2.tmp
; \
215 for submodule in
$(EMBEDDED_SUBMODULES
); do \
216 git submodule update
--init
$$submodule; \
218 rm -rf edk2-
$(DEB_VERSION_UPSTREAM
) && \
219 mkdir edk2-
$(DEB_VERSION_UPSTREAM
)
220 cd edk2.tmp
&& git archive HEAD | \
221 tar xv
-C ..
/edk2-
$(DEB_VERSION_UPSTREAM
)
222 cd edk2.tmp
&& git submodule
foreach \
223 'git archive HEAD | tar xv -C $$toplevel/../edk2-$(DEB_VERSION_UPSTREAM)/$$sm_path'
224 ln
-s ..
/debian edk2-
$(DEB_VERSION_UPSTREAM
)
225 # Remove known-binary files
226 cd edk2-
$(DEB_VERSION_UPSTREAM
) && python3 .
/debian
/remove-binaries.py
227 # Look for possible unknown binary files
228 cd edk2-
$(DEB_VERSION_UPSTREAM
) && python3 .
/debian
/find-binaries.py
229 rm edk2-
$(DEB_VERSION_UPSTREAM
)/debian
230 tar Jcvf ..
/edk2_
$(DEB_VERSION_UPSTREAM
).orig.
tar.xz \
231 edk2-
$(DEB_VERSION_UPSTREAM
)
232 rm -rf edk2.tmp edk2-
$(DEB_VERSION_UPSTREAM
)
234 .PHONY
: build-ovmf build-ovmf32 build-qemu-efi build-qemu-efi-aarch64