[pve-edk2-firmware.git] / debian / rules

#!/usr/bin/make -f

SHELL=/bin/bash

include /usr/share/dpkg/default.mk

EDK2_TOOLCHAIN = GCC5
export $(EDK2_TOOLCHAIN)_AARCH64_PREFIX=aarch64-linux-gnu-

export PYTHON3_ENABLE=TRUE

ifeq ($(DEB_BUILD_ARCH),amd64)
	EDK2_BUILD_ARCH=X64
endif
ifeq ($(DEB_BUILD_ARCH),i386)
	EDK2_BUILD_ARCH=IA32
endif
ifeq ($(DEB_BUILD_ARCH),arm64)
	EDK2_BUILD_ARCH=AARCH64
endif

COMMON_FLAGS  = -DNETWORK_HTTP_BOOT_ENABLE=TRUE
COMMON_FLAGS += -DNETWORK_IP6_ENABLE=TRUE
COMMON_FLAGS += -DNETWORK_TLS_ENABLE
COMMON_FLAGS += -DSECURE_BOOT_ENABLE=TRUE
OVMF_COMMON_FLAGS = $(COMMON_FLAGS) -DTPM_ENABLE=TRUE
OVMF_2M_FLAGS = $(OVMF_COMMON_FLAGS) -DFD_SIZE_2MB
OVMF_4M_FLAGS = $(OVMF_COMMON_FLAGS) -DFD_SIZE_4MB
OVMF_2M_SMM_FLAGS = $(OVMF_2M_FLAGS) -DSMM_REQUIRE=TRUE
OVMF_4M_SMM_FLAGS = $(OVMF_4M_FLAGS) -DSMM_REQUIRE=TRUE
OVMF32_4M_FLAGS = $(OVMF_COMMON_FLAGS) -DFD_SIZE_4MB
OVMF32_4M_SMM_FLAGS =  $(OVMF32_4M_FLAGS) -DSMM_REQUIRE=TRUE

AAVMF_FLAGS  = $(COMMON_FLAGS) -DTPM2_ENABLE=TRUE -DTPM2_CONFIG_ENABLE=TRUE

OVMF_VARS_GENERATOR = ./qemu-ovmf-secureboot-1-1-3/ovmf-vars-generator

# Clear variables used internally by the edk2 build system
undefine WORKSPACE
undefine ECP_SOURCE
undefine EDK_SOURCE
undefine EFI_SOURCE
undefine EDK_TOOLS_PATH
undefine CONF_PATH

%:
	dh $@

override_dh_auto_build: build-qemu-efi-aarch64 build-ovmf build-ovmf32

debian/setup-build-stamp:
	cp -a debian/Logo.bmp MdeModulePkg/Logo/Logo.bmp
	set -e; . ./edksetup.sh; \
	make -C BaseTools ARCH=$(EDK2_BUILD_ARCH)
	touch $@

OVMF_BUILD_DIR = Build/OvmfX64/RELEASE_$(EDK2_TOOLCHAIN)
OVMF3264_BUILD_DIR = Build/Ovmf3264/RELEASE_$(EDK2_TOOLCHAIN)
OVMF_ENROLL = $(OVMF3264_BUILD_DIR)/X64/EnrollDefaultKeys.efi
OVMF_SHELL =  $(OVMF3264_BUILD_DIR)/X64/Shell.efi
OVMF_BINARIES = $(OVMF_ENROLL) $(OVMF_SHELL)
OVMF_IMAGES := $(addprefix debian/ovmf-install/,OVMF_CODE.fd OVMF_CODE_4M.fd OVMF_CODE.secboot.fd OVMF_CODE_4M.secboot.fd OVMF_VARS.fd OVMF_VARS_4M.fd)
OVMF_PREENROLLED_VARS := $(addprefix debian/ovmf-install/,OVMF_VARS.ms.fd OVMF_VARS_4M.ms.fd OVMF_VARS_4M.snakeoil.fd)

OVMF32_BUILD_DIR = Build/OvmfIa32/RELEASE_$(EDK2_TOOLCHAIN)
OVMF32_SHELL = $(OVMF32_BUILD_DIR)/IA32/Shell.efi
OVMF32_BINARIES = $(OVMF32_SHELL)
OVMF32_IMAGES  := $(addprefix debian/ovmf32-install/,OVMF32_CODE_4M.secboot.fd OVMF_VARS_4M.fd)

QEMU_EFI_BUILD_DIR = Build/ArmVirtQemu-$(EDK2_HOST_ARCH)/RELEASE_$(EDK2_TOOLCHAIN)
AAVMF_BUILD_DIR = Build/ArmVirtQemu-AARCH64/RELEASE_$(EDK2_TOOLCHAIN)
AAVMF_ENROLL    = $(AAVMF_BUILD_DIR)/AARCH64/EnrollDefaultKeys.efi
AAVMF_SHELL     = $(AAVMF_BUILD_DIR)/AARCH64/Shell.efi
AAVMF_BINARIES  = $(AAVMF_ENROLL) $(AAVMF_SHELL)
AAVMF_CODE      = $(AAVMF_BUILD_DIR)/FV/AAVMF_CODE.fd
AAVMF_VARS      = $(AAVMF_BUILD_DIR)/FV/AAVMF_VARS.fd
AAVMF_IMAGES    = $(AAVMF_CODE) $(AAVMF_VARS)
AAVMF_PREENROLLED_VARS = $(addprefix $(AAVMF_BUILD_DIR)/FV/,AAVMF_VARS.ms.fd AAVMF_VARS.snakeoil.fd)

build-ovmf32: $(OVMF32_BINARIES) $(OVMF32_IMAGES)
$(OVMF32_BINARIES) $(OVMF32_IMAGES): debian/setup-build-stamp
	rm -rf debian/ovmf32-install
	mkdir debian/ovmf32-install
	set -e; . ./edksetup.sh; \
		build -a IA32 \
			-t $(EDK2_TOOLCHAIN) \
			-p OvmfPkg/OvmfPkgIa32.dsc \
			$(OVMF32_4M_SMM_FLAGS) -b RELEASE
	cp $(OVMF32_BUILD_DIR)/FV/OVMF_CODE.fd \
		debian/ovmf32-install/OVMF32_CODE_4M.secboot.fd
	cp $(OVMF32_BUILD_DIR)/FV/OVMF_VARS.fd \
		debian/ovmf32-install/OVMF32_VARS_4M.fd

build-ovmf: $(OVMF_BINARIES) $(OVMF_IMAGES) $(OVMF_PREENROLLED_VARS)
$(OVMF_BINARIES) $(OVMF_IMAGES): debian/setup-build-stamp
	rm -rf debian/ovmf-install
	mkdir debian/ovmf-install
	set -e; . ./edksetup.sh; \
		build -a X64 \
			-t $(EDK2_TOOLCHAIN) \
			-p OvmfPkg/OvmfPkgX64.dsc \
			$(OVMF_2M_FLAGS) -b RELEASE
	cp $(OVMF_BUILD_DIR)/FV/OVMF_CODE.fd \
		debian/ovmf-install/
	cp $(OVMF_BUILD_DIR)/FV/OVMF_VARS.fd debian/ovmf-install/
	rm -rf Build/OvmfX64
	set -e; . ./edksetup.sh; \
		build -a IA32 -a X64 \
			-t $(EDK2_TOOLCHAIN) \
			-p OvmfPkg/OvmfPkgIa32X64.dsc \
			$(OVMF_4M_FLAGS) -b RELEASE
	cp $(OVMF3264_BUILD_DIR)/FV/OVMF_CODE.fd \
		debian/ovmf-install/OVMF_CODE_4M.fd
	cp $(OVMF3264_BUILD_DIR)/FV/OVMF_VARS.fd \
		debian/ovmf-install/OVMF_VARS_4M.fd
	rm -rf Build/OvmfX64
	set -e; . ./edksetup.sh; \
		build -a X64 \
			-t $(EDK2_TOOLCHAIN) \
			-p OvmfPkg/OvmfPkgX64.dsc \
			$(OVMF_2M_SMM_FLAGS) -b RELEASE
	cp $(OVMF_BUILD_DIR)/FV/OVMF_CODE.fd \
		debian/ovmf-install/OVMF_CODE.secboot.fd
	rm -rf Build/OvmfX64
	set -e; . ./edksetup.sh; \
		build -a IA32 -a X64 \
			-t $(EDK2_TOOLCHAIN) \
			-p OvmfPkg/OvmfPkgIa32X64.dsc \
			$(OVMF_4M_SMM_FLAGS) -b RELEASE
	cp $(OVMF3264_BUILD_DIR)/FV/OVMF_CODE.fd \
		debian/ovmf-install/OVMF_CODE_4M.secboot.fd

ifeq ($(call dpkg_vendor_derives_from_v1,ubuntu),yes)
debian/PkKek-1-vendor.pem: debian/PkKek-1-Ubuntu.pem
else
debian/PkKek-1-vendor.pem: debian/PkKek-1-Debian.pem
endif
	ln -sf `basename $<` $@

debian/oem-string-%: debian/PkKek-1-%.pem
	tr -d '\n' < $< | \
		sed -e 's/.*-----BEGIN CERTIFICATE-----/4e32566d-8e9e-4f52-81d3-5bb9715f9727:/' -e 's/-----END CERTIFICATE-----//' > $@

%/AAVMF_VARS.ms.fd: %/AAVMF_CODE.fd %/AAVMF_VARS.fd debian/oem-string-vendor $(AAVMF_ENROLL) $(AAVMF_SHELL)
	PYTHONPATH=$(CURDIR)/debian/python \
	./debian/edk2-vars-generator.py \
		-f AAVMF -e $(AAVMF_ENROLL) -s $(AAVMF_SHELL) \
		-c $(AAVMF_CODE) -V $(AAVMF_VARS) \
		-C `< debian/oem-string-vendor` -o $@

%/AAVMF_VARS.snakeoil.fd: %/AAVMF_CODE.fd %/AAVMF_VARS.fd debian/oem-string-snakeoil $(AAVMF_ENROLL) $(AAVMF_SHELL)
	PYTHONPATH=$(CURDIR)/debian/python \
	./debian/edk2-vars-generator.py \
		-f AAVMF -e $(AAVMF_ENROLL) -s $(AAVMF_SHELL) \
		-c $(AAVMF_CODE) -V $(AAVMF_VARS) \
		-C `< debian/oem-string-snakeoil` -o $@

%/OVMF_VARS.ms.fd: %/OVMF_CODE.fd %/OVMF_VARS.fd debian/oem-string-vendor $(OVMF_ENROLL) $(OVMF_SHELL)
	PYTHONPATH=$(CURDIR)/debian/python \
	./debian/edk2-vars-generator.py \
		-f OVMF -e $(OVMF_ENROLL) -s $(OVMF_SHELL) \
		-c debian/ovmf-install/OVMF_CODE.fd \
		-V debian/ovmf-install/OVMF_VARS.fd \
		-C `< debian/oem-string-vendor` -o $@

%/OVMF_VARS_4M.ms.fd: %/OVMF_CODE_4M.fd %/OVMF_VARS_4M.fd debian/oem-string-vendor $(OVMF_ENROLL) $(OVMF_SHELL)
	PYTHONPATH=$(CURDIR)/debian/python \
	./debian/edk2-vars-generator.py \
		-f OVMF_4M -e $(OVMF_ENROLL) -s $(OVMF_SHELL) \
		-c debian/ovmf-install/OVMF_CODE_4M.fd \
		-V debian/ovmf-install/OVMF_VARS_4M.fd \
		-C `< debian/oem-string-vendor` -o $@

%/OVMF_VARS_4M.snakeoil.fd: %/OVMF_CODE_4M.fd %/OVMF_VARS_4M.fd debian/oem-string-snakeoil $(OVMF_ENROLL) $(OVMF_SHELL)
	PYTHONPATH=$(CURDIR)/debian/python \
	./debian/edk2-vars-generator.py \
		-f OVMF_4M -e $(OVMF_ENROLL) -s $(OVMF_SHELL) \
		-c debian/ovmf-install/OVMF_CODE_4M.fd \
		-V debian/ovmf-install/OVMF_VARS_4M.fd \
		-C `< debian/oem-string-snakeoil` -o $@

ArmPkg/Library/GccLto/liblto-aarch64.a:	ArmPkg/Library/GccLto/liblto-aarch64.s
	$($(EDK2_TOOLCHAIN)_AARCH64_PREFIX)gcc -c -fpic $< -o $@

build-qemu-efi: debian/setup-build-stamp
	set -e; . ./edksetup.sh; \
		build -a $(EDK2_HOST_ARCH) \
			-t $(EDK2_TOOLCHAIN) \
			-p ArmVirtPkg/ArmVirtQemu.dsc \
			$(AAVMF_FLAGS) -b RELEASE
	dd if=/dev/zero of=$(QEMU_EFI_BUILD_DIR)/FV/$(FW_NAME)_CODE.fd bs=1M seek=64 count=0
	dd if=$(QEMU_EFI_BUILD_DIR)/FV/QEMU_EFI.fd of=$(QEMU_EFI_BUILD_DIR)/FV/$(FW_NAME)_CODE.fd conv=notrunc
	dd if=/dev/zero of=$(QEMU_EFI_BUILD_DIR)/FV/$(FW_NAME)_VARS.fd bs=1M seek=64 count=0

build-qemu-efi-aarch64: $(AAVMF_BINARIES) $(AAVMF_PREENROLLED_VARS)
$(AAVMF_BINARIES): ArmPkg/Library/GccLto/liblto-aarch64.a
	$(MAKE) -f debian/rules build-qemu-efi EDK2_ARCH_DIR=AArch64 EDK2_HOST_ARCH=AARCH64 FW_NAME=AAVMF

override_dh_auto_clean:
	-. ./edksetup.sh; build clean
	make -C BaseTools clean

# Only embed code that is actually used; requested by the Ubuntu Security Team
EMBEDDED_SUBMODULES += CryptoPkg/Library/OpensslLib/openssl
EMBEDDED_SUBMODULES += ArmPkg/Library/ArmSoftFloatLib/berkeley-softfloat-3
EMBEDDED_SUBMODULES += MdeModulePkg/Library/BrotliCustomDecompressLib/brotli
get-orig-source:
	# Should be executed on a checkout of the upstream master branch,
	# with the debian/ directory manually copied in.
	rm -rf edk2.tmp && git clone . edk2.tmp
	# Embed submodules. Don't recurse - openssl will bring in MBs of
	# stuff we don't need
	set -e; cd edk2.tmp; \
	for submodule in $(EMBEDDED_SUBMODULES); do \
		git submodule update --init $$submodule; \
	done
	rm -rf edk2-$(DEB_VERSION_UPSTREAM) && \
		mkdir edk2-$(DEB_VERSION_UPSTREAM)
	cd edk2.tmp && git archive HEAD | \
		tar xv -C ../edk2-$(DEB_VERSION_UPSTREAM)
	cd edk2.tmp && git submodule foreach \
		'git archive HEAD | tar xv -C $$toplevel/../edk2-$(DEB_VERSION_UPSTREAM)/$$sm_path'
	ln -s ../debian edk2-$(DEB_VERSION_UPSTREAM)
	# Remove known-binary files
	cd edk2-$(DEB_VERSION_UPSTREAM) && python3 ./debian/remove-binaries.py
	# Look for possible unknown binary files
	cd edk2-$(DEB_VERSION_UPSTREAM) && python3 ./debian/find-binaries.py
	rm edk2-$(DEB_VERSION_UPSTREAM)/debian
	tar Jcvf ../edk2_$(DEB_VERSION_UPSTREAM).orig.tar.xz \
		edk2-$(DEB_VERSION_UPSTREAM)
	rm -rf edk2.tmp edk2-$(DEB_VERSION_UPSTREAM)

.PHONY: build-ovmf build-ovmf32 build-qemu-efi build-qemu-efi-aarch64
Commit	Line	Data
33bf0acc	1	#!/usr/bin/make -f
33bf0acc	2
a65627a8	3	SHELL=/bin/bash
33bf0acc	4
2b1d392a	5	include /usr/share/dpkg/default.mk
33bf0acc	6
a65627a8	7	EDK2_TOOLCHAIN = GCC5
33bf0acc TL	8	export $(EDK2_TOOLCHAIN)_AARCH64_PREFIX=aarch64-linux-gnu-
33bf0acc TL	9
1345c3eb	10	export PYTHON3_ENABLE=TRUE
1da98c7b	11
33bf0acc TL	12	ifeq ($(DEB_BUILD_ARCH),amd64)
33bf0acc TL	13	EDK2_BUILD_ARCH=X64
33bf0acc	14	endif
a65627a8 TL	15	ifeq ($(DEB_BUILD_ARCH),i386)
	16	EDK2_BUILD_ARCH=IA32
	17	endif
33bf0acc TL	18	ifeq ($(DEB_BUILD_ARCH),arm64)
	19	EDK2_BUILD_ARCH=AARCH64
	20	endif
a65627a8	21
13d9aa9d	22	COMMON_FLAGS = -DNETWORK_HTTP_BOOT_ENABLE=TRUE
a2b8eeec	23	COMMON_FLAGS += -DNETWORK_IP6_ENABLE=TRUE
13d9aa9d TL	24	COMMON_FLAGS += -DNETWORK_TLS_ENABLE
13d9aa9d TL	25	COMMON_FLAGS += -DSECURE_BOOT_ENABLE=TRUE
a65627a8 TL	26	OVMF_COMMON_FLAGS = $(COMMON_FLAGS) -DTPM_ENABLE=TRUE
	27	OVMF_2M_FLAGS = $(OVMF_COMMON_FLAGS) -DFD_SIZE_2MB
	28	OVMF_4M_FLAGS = $(OVMF_COMMON_FLAGS) -DFD_SIZE_4MB
	29	OVMF_2M_SMM_FLAGS = $(OVMF_2M_FLAGS) -DSMM_REQUIRE=TRUE
	30	OVMF_4M_SMM_FLAGS = $(OVMF_4M_FLAGS) -DSMM_REQUIRE=TRUE
	31	OVMF32_4M_FLAGS = $(OVMF_COMMON_FLAGS) -DFD_SIZE_4MB
	32	OVMF32_4M_SMM_FLAGS = $(OVMF32_4M_FLAGS) -DSMM_REQUIRE=TRUE
	33
	34	AAVMF_FLAGS = $(COMMON_FLAGS) -DTPM2_ENABLE=TRUE -DTPM2_CONFIG_ENABLE=TRUE
	35
	36	OVMF_VARS_GENERATOR = ./qemu-ovmf-secureboot-1-1-3/ovmf-vars-generator
33bf0acc TL	37
	38	# Clear variables used internally by the edk2 build system
	39	undefine WORKSPACE
	40	undefine ECP_SOURCE
	41	undefine EDK_SOURCE
	42	undefine EFI_SOURCE
	43	undefine EDK_TOOLS_PATH
	44	undefine CONF_PATH
	45
	46	%:
	47	dh $@
	48
a65627a8	49	override_dh_auto_build: build-qemu-efi-aarch64 build-ovmf build-ovmf32
33bf0acc	50
a65627a8	51	debian/setup-build-stamp:
33bf0acc	52	cp -a debian/Logo.bmp MdeModulePkg/Logo/Logo.bmp
a65627a8	53	set -e; . ./edksetup.sh; \
33bf0acc	54	make -C BaseTools ARCH=$(EDK2_BUILD_ARCH)
a65627a8 TL	55	touch $@
	56
	57	OVMF_BUILD_DIR = Build/OvmfX64/RELEASE_$(EDK2_TOOLCHAIN)
	58	OVMF3264_BUILD_DIR = Build/Ovmf3264/RELEASE_$(EDK2_TOOLCHAIN)
	59	OVMF_ENROLL = $(OVMF3264_BUILD_DIR)/X64/EnrollDefaultKeys.efi
	60	OVMF_SHELL = $(OVMF3264_BUILD_DIR)/X64/Shell.efi
	61	OVMF_BINARIES = $(OVMF_ENROLL) $(OVMF_SHELL)
	62	OVMF_IMAGES := $(addprefix debian/ovmf-install/,OVMF_CODE.fd OVMF_CODE_4M.fd OVMF_CODE.secboot.fd OVMF_CODE_4M.secboot.fd OVMF_VARS.fd OVMF_VARS_4M.fd)
	63	OVMF_PREENROLLED_VARS := $(addprefix debian/ovmf-install/,OVMF_VARS.ms.fd OVMF_VARS_4M.ms.fd OVMF_VARS_4M.snakeoil.fd)
33bf0acc	64
a65627a8 TL	65	OVMF32_BUILD_DIR = Build/OvmfIa32/RELEASE_$(EDK2_TOOLCHAIN)
	66	OVMF32_SHELL = $(OVMF32_BUILD_DIR)/IA32/Shell.efi
	67	OVMF32_BINARIES = $(OVMF32_SHELL)
	68	OVMF32_IMAGES := $(addprefix debian/ovmf32-install/,OVMF32_CODE_4M.secboot.fd OVMF_VARS_4M.fd)
	69
	70	QEMU_EFI_BUILD_DIR = Build/ArmVirtQemu-$(EDK2_HOST_ARCH)/RELEASE_$(EDK2_TOOLCHAIN)
	71	AAVMF_BUILD_DIR = Build/ArmVirtQemu-AARCH64/RELEASE_$(EDK2_TOOLCHAIN)
	72	AAVMF_ENROLL = $(AAVMF_BUILD_DIR)/AARCH64/EnrollDefaultKeys.efi
	73	AAVMF_SHELL = $(AAVMF_BUILD_DIR)/AARCH64/Shell.efi
	74	AAVMF_BINARIES = $(AAVMF_ENROLL) $(AAVMF_SHELL)
	75	AAVMF_CODE = $(AAVMF_BUILD_DIR)/FV/AAVMF_CODE.fd
	76	AAVMF_VARS = $(AAVMF_BUILD_DIR)/FV/AAVMF_VARS.fd
	77	AAVMF_IMAGES = $(AAVMF_CODE) $(AAVMF_VARS)
	78	AAVMF_PREENROLLED_VARS = $(addprefix $(AAVMF_BUILD_DIR)/FV/,AAVMF_VARS.ms.fd AAVMF_VARS.snakeoil.fd)
	79
	80	build-ovmf32: $(OVMF32_BINARIES) $(OVMF32_IMAGES)
	81	$(OVMF32_BINARIES) $(OVMF32_IMAGES): debian/setup-build-stamp
	82	rm -rf debian/ovmf32-install
	83	mkdir debian/ovmf32-install
	84	set -e; . ./edksetup.sh; \
	85	build -a IA32 \
	86	-t $(EDK2_TOOLCHAIN) \
	87	-p OvmfPkg/OvmfPkgIa32.dsc \
	88	$(OVMF32_4M_SMM_FLAGS) -b RELEASE
	89	cp $(OVMF32_BUILD_DIR)/FV/OVMF_CODE.fd \
	90	debian/ovmf32-install/OVMF32_CODE_4M.secboot.fd
	91	cp $(OVMF32_BUILD_DIR)/FV/OVMF_VARS.fd \
	92	debian/ovmf32-install/OVMF32_VARS_4M.fd
	93
	94	build-ovmf: $(OVMF_BINARIES) $(OVMF_IMAGES) $(OVMF_PREENROLLED_VARS)
	95	$(OVMF_BINARIES) $(OVMF_IMAGES): debian/setup-build-stamp
	96	rm -rf debian/ovmf-install
	97	mkdir debian/ovmf-install
	98	set -e; . ./edksetup.sh; \
	99	build -a X64 \
	100	-t $(EDK2_TOOLCHAIN) \
	101	-p OvmfPkg/OvmfPkgX64.dsc \
	102	$(OVMF_2M_FLAGS) -b RELEASE
	103	cp $(OVMF_BUILD_DIR)/FV/OVMF_CODE.fd \
	104	debian/ovmf-install/
	105	cp $(OVMF_BUILD_DIR)/FV/OVMF_VARS.fd debian/ovmf-install/
	106	rm -rf Build/OvmfX64
	107	set -e; . ./edksetup.sh; \
	108	build -a IA32 -a X64 \
	109	-t $(EDK2_TOOLCHAIN) \
	110	-p OvmfPkg/OvmfPkgIa32X64.dsc \
	111	$(OVMF_4M_FLAGS) -b RELEASE
	112	cp $(OVMF3264_BUILD_DIR)/FV/OVMF_CODE.fd \
	113	debian/ovmf-install/OVMF_CODE_4M.fd
	114	cp $(OVMF3264_BUILD_DIR)/FV/OVMF_VARS.fd \
	115	debian/ovmf-install/OVMF_VARS_4M.fd
	116	rm -rf Build/OvmfX64
33bf0acc	117	set -e; . ./edksetup.sh; \
a65627a8 TL	118	build -a X64 \
	119	-t $(EDK2_TOOLCHAIN) \
	120	-p OvmfPkg/OvmfPkgX64.dsc \
	121	$(OVMF_2M_SMM_FLAGS) -b RELEASE
	122	cp $(OVMF_BUILD_DIR)/FV/OVMF_CODE.fd \
	123	debian/ovmf-install/OVMF_CODE.secboot.fd
	124	rm -rf Build/OvmfX64
	125	set -e; . ./edksetup.sh; \
	126	build -a IA32 -a X64 \
	127	-t $(EDK2_TOOLCHAIN) \
	128	-p OvmfPkg/OvmfPkgIa32X64.dsc \
	129	$(OVMF_4M_SMM_FLAGS) -b RELEASE
	130	cp $(OVMF3264_BUILD_DIR)/FV/OVMF_CODE.fd \
	131	debian/ovmf-install/OVMF_CODE_4M.secboot.fd
	132
	133	ifeq ($(call dpkg_vendor_derives_from_v1,ubuntu),yes)
	134	debian/PkKek-1-vendor.pem: debian/PkKek-1-Ubuntu.pem
	135	else
	136	debian/PkKek-1-vendor.pem: debian/PkKek-1-Debian.pem
	137	endif
	138	ln -sf `basename $<` $@
	139
	140	debian/oem-string-%: debian/PkKek-1-%.pem
	141	tr -d '\n' < $< \| \
	142	sed -e 's/.*-----BEGIN CERTIFICATE-----/4e32566d-8e9e-4f52-81d3-5bb9715f9727:/' -e 's/-----END CERTIFICATE-----//' > $@
	143
	144	%/AAVMF_VARS.ms.fd: %/AAVMF_CODE.fd %/AAVMF_VARS.fd debian/oem-string-vendor $(AAVMF_ENROLL) $(AAVMF_SHELL)
	145	PYTHONPATH=$(CURDIR)/debian/python \
	146	./debian/edk2-vars-generator.py \
	147	-f AAVMF -e $(AAVMF_ENROLL) -s $(AAVMF_SHELL) \
	148	-c $(AAVMF_CODE) -V $(AAVMF_VARS) \
	149	-C `< debian/oem-string-vendor` -o $@
	150
	151	%/AAVMF_VARS.snakeoil.fd: %/AAVMF_CODE.fd %/AAVMF_VARS.fd debian/oem-string-snakeoil $(AAVMF_ENROLL) $(AAVMF_SHELL)
	152	PYTHONPATH=$(CURDIR)/debian/python \
	153	./debian/edk2-vars-generator.py \
	154	-f AAVMF -e $(AAVMF_ENROLL) -s $(AAVMF_SHELL) \
	155	-c $(AAVMF_CODE) -V $(AAVMF_VARS) \
	156	-C `< debian/oem-string-snakeoil` -o $@
	157
	158	%/OVMF_VARS.ms.fd: %/OVMF_CODE.fd %/OVMF_VARS.fd debian/oem-string-vendor $(OVMF_ENROLL) $(OVMF_SHELL)
	159	PYTHONPATH=$(CURDIR)/debian/python \
	160	./debian/edk2-vars-generator.py \
	161	-f OVMF -e $(OVMF_ENROLL) -s $(OVMF_SHELL) \
	162	-c debian/ovmf-install/OVMF_CODE.fd \
	163	-V debian/ovmf-install/OVMF_VARS.fd \
	164	-C `< debian/oem-string-vendor` -o $@
	165
	166	%/OVMF_VARS_4M.ms.fd: %/OVMF_CODE_4M.fd %/OVMF_VARS_4M.fd debian/oem-string-vendor $(OVMF_ENROLL) $(OVMF_SHELL)
	167	PYTHONPATH=$(CURDIR)/debian/python \
	168	./debian/edk2-vars-generator.py \
	169	-f OVMF_4M -e $(OVMF_ENROLL) -s $(OVMF_SHELL) \
	170	-c debian/ovmf-install/OVMF_CODE_4M.fd \
	171	-V debian/ovmf-install/OVMF_VARS_4M.fd \
	172	-C `< debian/oem-string-vendor` -o $@
	173
	174	%/OVMF_VARS_4M.snakeoil.fd: %/OVMF_CODE_4M.fd %/OVMF_VARS_4M.fd debian/oem-string-snakeoil $(OVMF_ENROLL) $(OVMF_SHELL)
	175	PYTHONPATH=$(CURDIR)/debian/python \
	176	./debian/edk2-vars-generator.py \
	177	-f OVMF_4M -e $(OVMF_ENROLL) -s $(OVMF_SHELL) \
	178	-c debian/ovmf-install/OVMF_CODE_4M.fd \
	179	-V debian/ovmf-install/OVMF_VARS_4M.fd \
	180	-C `< debian/oem-string-snakeoil` -o $@
	181
182	ArmPkg/Library/GccLto/liblto-aarch64.a: ArmPkg/Library/GccLto/liblto-aarch64.s
183	$($(EDK2_TOOLCHAIN)_AARCH64_PREFIX)gcc -c -fpic $< -o $@
184
185	build-qemu-efi: debian/setup-build-stamp
20ffa59c	186	set -e; . ./edksetup.sh; \
20ffa59c TL	187	build -a $(EDK2_HOST_ARCH) \
	188	-t $(EDK2_TOOLCHAIN) \
	189	-p ArmVirtPkg/ArmVirtQemu.dsc \
a65627a8 TL	190	$(AAVMF_FLAGS) -b RELEASE
	191	dd if=/dev/zero of=$(QEMU_EFI_BUILD_DIR)/FV/$(FW_NAME)_CODE.fd bs=1M seek=64 count=0
	192	dd if=$(QEMU_EFI_BUILD_DIR)/FV/QEMU_EFI.fd of=$(QEMU_EFI_BUILD_DIR)/FV/$(FW_NAME)_CODE.fd conv=notrunc
	193	dd if=/dev/zero of=$(QEMU_EFI_BUILD_DIR)/FV/$(FW_NAME)_VARS.fd bs=1M seek=64 count=0
	194
	195	build-qemu-efi-aarch64: $(AAVMF_BINARIES) $(AAVMF_PREENROLLED_VARS)
	196	$(AAVMF_BINARIES): ArmPkg/Library/GccLto/liblto-aarch64.a
20ffa59c TL	197	$(MAKE) -f debian/rules build-qemu-efi EDK2_ARCH_DIR=AArch64 EDK2_HOST_ARCH=AARCH64 FW_NAME=AAVMF
20ffa59c TL	198
33bf0acc	199	override_dh_auto_clean:
a65627a8 TL	200	-. ./edksetup.sh; build clean
	201	make -C BaseTools clean
	202
	203	# Only embed code that is actually used; requested by the Ubuntu Security Team
	204	EMBEDDED_SUBMODULES += CryptoPkg/Library/OpensslLib/openssl
	205	EMBEDDED_SUBMODULES += ArmPkg/Library/ArmSoftFloatLib/berkeley-softfloat-3
	206	EMBEDDED_SUBMODULES += MdeModulePkg/Library/BrotliCustomDecompressLib/brotli
	207	get-orig-source:
	208	# Should be executed on a checkout of the upstream master branch,
	209	# with the debian/ directory manually copied in.
	210	rm -rf edk2.tmp && git clone . edk2.tmp
	211	# Embed submodules. Don't recurse - openssl will bring in MBs of
	212	# stuff we don't need
	213	set -e; cd edk2.tmp; \
	214	for submodule in $(EMBEDDED_SUBMODULES); do \
	215	git submodule update --init $$submodule; \
	216	done
	217	rm -rf edk2-$(DEB_VERSION_UPSTREAM) && \
	218	mkdir edk2-$(DEB_VERSION_UPSTREAM)
	219	cd edk2.tmp && git archive HEAD \| \
	220	tar xv -C ../edk2-$(DEB_VERSION_UPSTREAM)
	221	cd edk2.tmp && git submodule foreach \
	222	'git archive HEAD \| tar xv -C $$toplevel/../edk2-$(DEB_VERSION_UPSTREAM)/$$sm_path'
	223	ln -s ../debian edk2-$(DEB_VERSION_UPSTREAM)
	224	# Remove known-binary files
	225	cd edk2-$(DEB_VERSION_UPSTREAM) && python3 ./debian/remove-binaries.py
	226	# Look for possible unknown binary files
	227	cd edk2-$(DEB_VERSION_UPSTREAM) && python3 ./debian/find-binaries.py
	228	rm edk2-$(DEB_VERSION_UPSTREAM)/debian
	229	tar Jcvf ../edk2_$(DEB_VERSION_UPSTREAM).orig.tar.xz \
	230	edk2-$(DEB_VERSION_UPSTREAM)
	231	rm -rf edk2.tmp edk2-$(DEB_VERSION_UPSTREAM)
	232
	233	.PHONY: build-ovmf build-ovmf32 build-qemu-efi build-qemu-efi-aarch64