5 include /usr
/share
/dpkg
/default.mk
8 export $(EDK2_TOOLCHAIN
)_AARCH64_PREFIX
=aarch64-linux-gnu-
10 export PYTHON3_ENABLE
=TRUE
12 ifeq ($(DEB_BUILD_ARCH
),amd64
)
15 ifeq ($(DEB_BUILD_ARCH
),i386
)
18 ifeq ($(DEB_BUILD_ARCH
),arm64
)
19 EDK2_BUILD_ARCH
=AARCH64
22 COMMON_FLAGS
= -DNETWORK_HTTP_BOOT_ENABLE
=TRUE
-DNETWORK_TLS_ENABLE
-DSECURE_BOOT_ENABLE
=TRUE
23 OVMF_COMMON_FLAGS
= $(COMMON_FLAGS
) -DTPM_ENABLE
=TRUE
24 OVMF_2M_FLAGS
= $(OVMF_COMMON_FLAGS
) -DFD_SIZE_2MB
25 OVMF_4M_FLAGS
= $(OVMF_COMMON_FLAGS
) -DFD_SIZE_4MB
26 OVMF_2M_SMM_FLAGS
= $(OVMF_2M_FLAGS
) -DSMM_REQUIRE
=TRUE
27 OVMF_4M_SMM_FLAGS
= $(OVMF_4M_FLAGS
) -DSMM_REQUIRE
=TRUE
28 OVMF32_4M_FLAGS
= $(OVMF_COMMON_FLAGS
) -DFD_SIZE_4MB
29 OVMF32_4M_SMM_FLAGS
= $(OVMF32_4M_FLAGS
) -DSMM_REQUIRE
=TRUE
31 AAVMF_FLAGS
= $(COMMON_FLAGS
) -DTPM2_ENABLE
=TRUE
-DTPM2_CONFIG_ENABLE
=TRUE
33 OVMF_VARS_GENERATOR
= .
/qemu-ovmf-secureboot-1-1-3
/ovmf-vars-generator
35 # Clear variables used internally by the edk2 build system
40 undefine EDK_TOOLS_PATH
46 override_dh_auto_build
: build-qemu-efi-aarch64 build-ovmf build-ovmf32
48 debian
/setup-build-stamp
:
49 cp
-a debian
/Logo.bmp MdeModulePkg
/Logo
/Logo.bmp
50 set
-e
; . .
/edksetup.sh
; \
51 make
-C BaseTools ARCH
=$(EDK2_BUILD_ARCH
)
54 OVMF_BUILD_DIR
= Build
/OvmfX64
/RELEASE_
$(EDK2_TOOLCHAIN
)
55 OVMF3264_BUILD_DIR
= Build
/Ovmf3264
/RELEASE_
$(EDK2_TOOLCHAIN
)
56 OVMF_ENROLL
= $(OVMF3264_BUILD_DIR
)/X64
/EnrollDefaultKeys.efi
57 OVMF_SHELL
= $(OVMF3264_BUILD_DIR
)/X64
/Shell.efi
58 OVMF_BINARIES
= $(OVMF_ENROLL
) $(OVMF_SHELL
)
59 OVMF_IMAGES
:= $(addprefix debian
/ovmf-install
/,OVMF_CODE.fd OVMF_CODE_4M.fd OVMF_CODE.secboot.fd OVMF_CODE_4M.secboot.fd OVMF_VARS.fd OVMF_VARS_4M.fd
)
60 OVMF_PREENROLLED_VARS
:= $(addprefix debian
/ovmf-install
/,OVMF_VARS.ms.fd OVMF_VARS_4M.ms.fd OVMF_VARS_4M.snakeoil.fd
)
62 OVMF32_BUILD_DIR
= Build
/OvmfIa32
/RELEASE_
$(EDK2_TOOLCHAIN
)
63 OVMF32_SHELL
= $(OVMF32_BUILD_DIR
)/IA32
/Shell.efi
64 OVMF32_BINARIES
= $(OVMF32_SHELL
)
65 OVMF32_IMAGES
:= $(addprefix debian
/ovmf32-install
/,OVMF32_CODE_4M.secboot.fd OVMF_VARS_4M.fd
)
67 QEMU_EFI_BUILD_DIR
= Build
/ArmVirtQemu-
$(EDK2_HOST_ARCH
)/RELEASE_
$(EDK2_TOOLCHAIN
)
68 AAVMF_BUILD_DIR
= Build
/ArmVirtQemu-AARCH64
/RELEASE_
$(EDK2_TOOLCHAIN
)
69 AAVMF_ENROLL
= $(AAVMF_BUILD_DIR
)/AARCH64
/EnrollDefaultKeys.efi
70 AAVMF_SHELL
= $(AAVMF_BUILD_DIR
)/AARCH64
/Shell.efi
71 AAVMF_BINARIES
= $(AAVMF_ENROLL
) $(AAVMF_SHELL
)
72 AAVMF_CODE
= $(AAVMF_BUILD_DIR
)/FV
/AAVMF_CODE.fd
73 AAVMF_VARS
= $(AAVMF_BUILD_DIR
)/FV
/AAVMF_VARS.fd
74 AAVMF_IMAGES
= $(AAVMF_CODE
) $(AAVMF_VARS
)
75 AAVMF_PREENROLLED_VARS
= $(addprefix $(AAVMF_BUILD_DIR
)/FV
/,AAVMF_VARS.ms.fd AAVMF_VARS.snakeoil.fd
)
77 build-ovmf32
: $(OVMF32_BINARIES
) $(OVMF32_IMAGES
)
78 $(OVMF32_BINARIES
) $(OVMF32_IMAGES
): debian
/setup-build-stamp
79 rm -rf debian
/ovmf32-install
80 mkdir debian
/ovmf32-install
81 set
-e
; . .
/edksetup.sh
; \
83 -t
$(EDK2_TOOLCHAIN
) \
84 -p OvmfPkg
/OvmfPkgIa32.dsc \
85 $(OVMF32_4M_SMM_FLAGS
) -b RELEASE
86 cp
$(OVMF32_BUILD_DIR
)/FV
/OVMF_CODE.fd \
87 debian
/ovmf32-install
/OVMF32_CODE_4M.secboot.fd
88 cp
$(OVMF32_BUILD_DIR
)/FV
/OVMF_VARS.fd \
89 debian
/ovmf32-install
/OVMF32_VARS_4M.fd
91 build-ovmf
: $(OVMF_BINARIES
) $(OVMF_IMAGES
) $(OVMF_PREENROLLED_VARS
)
92 $(OVMF_BINARIES
) $(OVMF_IMAGES
): debian
/setup-build-stamp
93 rm -rf debian
/ovmf-install
94 mkdir debian
/ovmf-install
95 set
-e
; . .
/edksetup.sh
; \
97 -t
$(EDK2_TOOLCHAIN
) \
98 -p OvmfPkg
/OvmfPkgX64.dsc \
99 $(OVMF_2M_FLAGS
) -b RELEASE
100 cp
$(OVMF_BUILD_DIR
)/FV
/OVMF_CODE.fd \
102 cp
$(OVMF_BUILD_DIR
)/FV
/OVMF_VARS.fd debian
/ovmf-install
/
104 set
-e
; . .
/edksetup.sh
; \
105 build
-a IA32
-a X64 \
106 -t
$(EDK2_TOOLCHAIN
) \
107 -p OvmfPkg
/OvmfPkgIa32X64.dsc \
108 $(OVMF_4M_FLAGS
) -b RELEASE
109 cp
$(OVMF3264_BUILD_DIR
)/FV
/OVMF_CODE.fd \
110 debian
/ovmf-install
/OVMF_CODE_4M.fd
111 cp
$(OVMF3264_BUILD_DIR
)/FV
/OVMF_VARS.fd \
112 debian
/ovmf-install
/OVMF_VARS_4M.fd
114 set
-e
; . .
/edksetup.sh
; \
116 -t
$(EDK2_TOOLCHAIN
) \
117 -p OvmfPkg
/OvmfPkgX64.dsc \
118 $(OVMF_2M_SMM_FLAGS
) -b RELEASE
119 cp
$(OVMF_BUILD_DIR
)/FV
/OVMF_CODE.fd \
120 debian
/ovmf-install
/OVMF_CODE.secboot.fd
122 set
-e
; . .
/edksetup.sh
; \
123 build
-a IA32
-a X64 \
124 -t
$(EDK2_TOOLCHAIN
) \
125 -p OvmfPkg
/OvmfPkgIa32X64.dsc \
126 $(OVMF_4M_SMM_FLAGS
) -b RELEASE
127 cp
$(OVMF3264_BUILD_DIR
)/FV
/OVMF_CODE.fd \
128 debian
/ovmf-install
/OVMF_CODE_4M.secboot.fd
130 ifeq ($(call dpkg_vendor_derives_from_v1
,ubuntu
),yes
)
131 debian
/PkKek-1-vendor.pem
: debian
/PkKek-1-Ubuntu.pem
133 debian
/PkKek-1-vendor.pem
: debian
/PkKek-1-Debian.pem
135 ln
-sf
`basename $<` $@
137 debian
/oem-string-
%: debian
/PkKek-1-
%.pem
139 sed
-e
's/.*-----BEGIN CERTIFICATE-----/4e32566d-8e9e-4f52-81d3-5bb9715f9727:/' -e
's/-----END CERTIFICATE-----//' > $@
141 %/AAVMF_VARS.ms.fd
: %/AAVMF_CODE.fd
%/AAVMF_VARS.fd debian
/oem-string-vendor
$(AAVMF_ENROLL
) $(AAVMF_SHELL
)
142 PYTHONPATH
=$(CURDIR
)/debian
/python \
143 .
/debian
/edk2-vars-generator.py \
144 -f AAVMF
-e
$(AAVMF_ENROLL
) -s
$(AAVMF_SHELL
) \
145 -c
$(AAVMF_CODE
) -V
$(AAVMF_VARS
) \
146 -C
`< debian/oem-string-vendor` -o
$@
148 %/AAVMF_VARS.snakeoil.fd
: %/AAVMF_CODE.fd
%/AAVMF_VARS.fd debian
/oem-string-snakeoil
$(AAVMF_ENROLL
) $(AAVMF_SHELL
)
149 PYTHONPATH
=$(CURDIR
)/debian
/python \
150 .
/debian
/edk2-vars-generator.py \
151 -f AAVMF
-e
$(AAVMF_ENROLL
) -s
$(AAVMF_SHELL
) \
152 -c
$(AAVMF_CODE
) -V
$(AAVMF_VARS
) \
153 -C
`< debian/oem-string-snakeoil` -o
$@
155 %/OVMF_VARS.ms.fd
: %/OVMF_CODE.fd
%/OVMF_VARS.fd debian
/oem-string-vendor
$(OVMF_ENROLL
) $(OVMF_SHELL
)
156 PYTHONPATH
=$(CURDIR
)/debian
/python \
157 .
/debian
/edk2-vars-generator.py \
158 -f OVMF
-e
$(OVMF_ENROLL
) -s
$(OVMF_SHELL
) \
159 -c debian
/ovmf-install
/OVMF_CODE.fd \
160 -V debian
/ovmf-install
/OVMF_VARS.fd \
161 -C
`< debian/oem-string-vendor` -o
$@
163 %/OVMF_VARS_4M.ms.fd
: %/OVMF_CODE_4M.fd
%/OVMF_VARS_4M.fd debian
/oem-string-vendor
$(OVMF_ENROLL
) $(OVMF_SHELL
)
164 PYTHONPATH
=$(CURDIR
)/debian
/python \
165 .
/debian
/edk2-vars-generator.py \
166 -f OVMF_4M
-e
$(OVMF_ENROLL
) -s
$(OVMF_SHELL
) \
167 -c debian
/ovmf-install
/OVMF_CODE_4M.fd \
168 -V debian
/ovmf-install
/OVMF_VARS_4M.fd \
169 -C
`< debian/oem-string-vendor` -o
$@
171 %/OVMF_VARS_4M.snakeoil.fd
: %/OVMF_CODE_4M.fd
%/OVMF_VARS_4M.fd debian
/oem-string-snakeoil
$(OVMF_ENROLL
) $(OVMF_SHELL
)
172 PYTHONPATH
=$(CURDIR
)/debian
/python \
173 .
/debian
/edk2-vars-generator.py \
174 -f OVMF_4M
-e
$(OVMF_ENROLL
) -s
$(OVMF_SHELL
) \
175 -c debian
/ovmf-install
/OVMF_CODE_4M.fd \
176 -V debian
/ovmf-install
/OVMF_VARS_4M.fd \
177 -C
`< debian/oem-string-snakeoil` -o
$@
179 ArmPkg
/Library
/GccLto
/liblto-aarch64.a
: ArmPkg
/Library
/GccLto
/liblto-aarch64.s
180 $($(EDK2_TOOLCHAIN
)_AARCH64_PREFIX
)gcc
-c
-fpic
$< -o
$@
182 build-qemu-efi
: debian
/setup-build-stamp
183 set
-e
; . .
/edksetup.sh
; \
184 build
-a
$(EDK2_HOST_ARCH
) \
185 -t
$(EDK2_TOOLCHAIN
) \
186 -p ArmVirtPkg
/ArmVirtQemu.dsc \
187 $(AAVMF_FLAGS
) -b RELEASE
188 dd if
=/dev
/zero of
=$(QEMU_EFI_BUILD_DIR
)/FV
/$(FW_NAME
)_CODE.fd bs
=1M seek
=64 count
=0
189 dd if
=$(QEMU_EFI_BUILD_DIR
)/FV
/QEMU_EFI.fd of
=$(QEMU_EFI_BUILD_DIR
)/FV
/$(FW_NAME
)_CODE.fd conv
=notrunc
190 dd if
=/dev
/zero of
=$(QEMU_EFI_BUILD_DIR
)/FV
/$(FW_NAME
)_VARS.fd bs
=1M seek
=64 count
=0
192 build-qemu-efi-aarch64
: $(AAVMF_BINARIES
) $(AAVMF_PREENROLLED_VARS
)
193 $(AAVMF_BINARIES
): ArmPkg
/Library
/GccLto
/liblto-aarch64.a
194 $(MAKE
) -f debian
/rules build-qemu-efi EDK2_ARCH_DIR
=AArch64 EDK2_HOST_ARCH
=AARCH64 FW_NAME
=AAVMF
196 override_dh_auto_clean
:
197 -. .
/edksetup.sh
; build
clean
198 make
-C BaseTools
clean
200 # Only embed code that is actually used; requested by the Ubuntu Security Team
201 EMBEDDED_SUBMODULES
+= CryptoPkg
/Library
/OpensslLib
/openssl
202 EMBEDDED_SUBMODULES
+= ArmPkg
/Library
/ArmSoftFloatLib
/berkeley-softfloat-3
203 EMBEDDED_SUBMODULES
+= MdeModulePkg
/Library
/BrotliCustomDecompressLib
/brotli
205 # Should be executed on a checkout of the upstream master branch,
206 # with the debian/ directory manually copied in.
207 rm -rf edk2.tmp
&& git clone . edk2.tmp
208 # Embed submodules. Don't recurse - openssl will bring in MBs of
209 # stuff we don't need
210 set
-e
; cd edk2.tmp
; \
211 for submodule in
$(EMBEDDED_SUBMODULES
); do \
212 git submodule update
--init
$$submodule; \
214 rm -rf edk2-
$(DEB_VERSION_UPSTREAM
) && \
215 mkdir edk2-
$(DEB_VERSION_UPSTREAM
)
216 cd edk2.tmp
&& git archive HEAD | \
217 tar xv
-C ..
/edk2-
$(DEB_VERSION_UPSTREAM
)
218 cd edk2.tmp
&& git submodule
foreach \
219 'git archive HEAD | tar xv -C $$toplevel/../edk2-$(DEB_VERSION_UPSTREAM)/$$sm_path'
220 ln
-s ..
/debian edk2-
$(DEB_VERSION_UPSTREAM
)
221 # Remove known-binary files
222 cd edk2-
$(DEB_VERSION_UPSTREAM
) && python3 .
/debian
/remove-binaries.py
223 # Look for possible unknown binary files
224 cd edk2-
$(DEB_VERSION_UPSTREAM
) && python3 .
/debian
/find-binaries.py
225 rm edk2-
$(DEB_VERSION_UPSTREAM
)/debian
226 tar Jcvf ..
/edk2_
$(DEB_VERSION_UPSTREAM
).orig.
tar.xz \
227 edk2-
$(DEB_VERSION_UPSTREAM
)
228 rm -rf edk2.tmp edk2-
$(DEB_VERSION_UPSTREAM
)
230 .PHONY
: build-ovmf build-ovmf32 build-qemu-efi build-qemu-efi-aarch64