5 include /usr
/share
/dpkg
/default.mk
8 export $(EDK2_TOOLCHAIN
)_AARCH64_PREFIX
=aarch64-linux-gnu-
10 export PYTHON3_ENABLE
=TRUE
12 ifeq ($(DEB_BUILD_ARCH
),amd64
)
15 ifeq ($(DEB_BUILD_ARCH
),i386
)
18 ifeq ($(DEB_BUILD_ARCH
),arm64
)
19 EDK2_BUILD_ARCH
=AARCH64
22 COMMON_FLAGS
= -DNETWORK_HTTP_BOOT_ENABLE
=TRUE
23 COMMON_FLAGS
+= -DNETWORK_IP6_ENABLE
=TRUE
24 COMMON_FLAGS
+= -DNETWORK_TLS_ENABLE
25 COMMON_FLAGS
+= -DSECURE_BOOT_ENABLE
=TRUE
26 COMMON_FLAGS
+= -DTPM2_ENABLE
=TRUE
27 OVMF_COMMON_FLAGS
= $(COMMON_FLAGS
)
28 OVMF_2M_FLAGS
= $(OVMF_COMMON_FLAGS
) -DFD_SIZE_2MB
29 OVMF_4M_FLAGS
= $(OVMF_COMMON_FLAGS
) -DFD_SIZE_4MB
30 OVMF_2M_SMM_FLAGS
= $(OVMF_2M_FLAGS
) -DSMM_REQUIRE
=TRUE
31 OVMF_4M_SMM_FLAGS
= $(OVMF_4M_FLAGS
) -DSMM_REQUIRE
=TRUE
32 OVMF32_4M_FLAGS
= $(OVMF_COMMON_FLAGS
) -DFD_SIZE_4MB
33 OVMF32_4M_SMM_FLAGS
= $(OVMF32_4M_FLAGS
) -DSMM_REQUIRE
=TRUE
35 AAVMF_FLAGS
= $(COMMON_FLAGS
) -DTPM2_CONFIG_ENABLE
=TRUE
37 # Clear variables used internally by the edk2 build system
42 undefine EDK_TOOLS_PATH
48 override_dh_auto_build
: build-qemu-efi-aarch64 build-ovmf build-ovmf32
50 debian
/setup-build-stamp
:
51 cp
-a debian
/Logo.bmp MdeModulePkg
/Logo
/Logo.bmp
52 set
-e
; . .
/edksetup.sh
; \
53 make
-C BaseTools ARCH
=$(EDK2_BUILD_ARCH
)
56 OVMF_BUILD_DIR
= Build
/OvmfX64
/RELEASE_
$(EDK2_TOOLCHAIN
)
57 OVMF3264_BUILD_DIR
= Build
/Ovmf3264
/RELEASE_
$(EDK2_TOOLCHAIN
)
58 OVMF_ENROLL
= $(OVMF3264_BUILD_DIR
)/X64
/EnrollDefaultKeys.efi
59 OVMF_SHELL
= $(OVMF3264_BUILD_DIR
)/X64
/Shell.efi
60 OVMF_BINARIES
= $(OVMF_ENROLL
) $(OVMF_SHELL
)
61 OVMF_IMAGES
:= $(addprefix debian
/ovmf-install
/,OVMF_CODE.fd OVMF_CODE_4M.fd OVMF_CODE.secboot.fd OVMF_CODE_4M.secboot.fd OVMF_VARS.fd OVMF_VARS_4M.fd
)
62 OVMF_PREENROLLED_VARS
:= $(addprefix debian
/ovmf-install
/,OVMF_VARS.ms.fd OVMF_VARS_4M.ms.fd OVMF_VARS_4M.snakeoil.fd
)
64 OVMF32_BUILD_DIR
= Build
/OvmfIa32
/RELEASE_
$(EDK2_TOOLCHAIN
)
65 OVMF32_SHELL
= $(OVMF32_BUILD_DIR
)/IA32
/Shell.efi
66 OVMF32_BINARIES
= $(OVMF32_SHELL
)
67 OVMF32_IMAGES
:= $(addprefix debian
/ovmf32-install
/,OVMF32_CODE_4M.secboot.fd OVMF_VARS_4M.fd
)
69 QEMU_EFI_BUILD_DIR
= Build
/ArmVirtQemu-
$(EDK2_HOST_ARCH
)/RELEASE_
$(EDK2_TOOLCHAIN
)
70 AAVMF_BUILD_DIR
= Build
/ArmVirtQemu-AARCH64
/RELEASE_
$(EDK2_TOOLCHAIN
)
71 AAVMF_ENROLL
= $(AAVMF_BUILD_DIR
)/AARCH64
/EnrollDefaultKeys.efi
72 AAVMF_SHELL
= $(AAVMF_BUILD_DIR
)/AARCH64
/Shell.efi
73 AAVMF_BINARIES
= $(AAVMF_ENROLL
) $(AAVMF_SHELL
)
74 AAVMF_CODE
= $(AAVMF_BUILD_DIR
)/FV
/AAVMF_CODE.fd
75 AAVMF_VARS
= $(AAVMF_BUILD_DIR
)/FV
/AAVMF_VARS.fd
76 AAVMF_IMAGES
= $(AAVMF_CODE
) $(AAVMF_VARS
)
77 AAVMF_PREENROLLED_VARS
= $(addprefix $(AAVMF_BUILD_DIR
)/FV
/,AAVMF_VARS.ms.fd AAVMF_VARS.snakeoil.fd
)
79 build-ovmf32
: $(OVMF32_BINARIES
) $(OVMF32_IMAGES
)
80 $(OVMF32_BINARIES
) $(OVMF32_IMAGES
): debian
/setup-build-stamp
81 rm -rf debian
/ovmf32-install
82 mkdir debian
/ovmf32-install
83 set
-e
; . .
/edksetup.sh
; \
85 -t
$(EDK2_TOOLCHAIN
) \
86 -p OvmfPkg
/OvmfPkgIa32.dsc \
87 $(OVMF32_4M_SMM_FLAGS
) -b RELEASE
88 cp
$(OVMF32_BUILD_DIR
)/FV
/OVMF_CODE.fd \
89 debian
/ovmf32-install
/OVMF32_CODE_4M.secboot.fd
90 cp
$(OVMF32_BUILD_DIR
)/FV
/OVMF_VARS.fd \
91 debian
/ovmf32-install
/OVMF32_VARS_4M.fd
93 build-ovmf
: $(OVMF_BINARIES
) $(OVMF_IMAGES
) $(OVMF_PREENROLLED_VARS
)
94 $(OVMF_BINARIES
) $(OVMF_IMAGES
): debian
/setup-build-stamp
95 rm -rf debian
/ovmf-install
96 mkdir debian
/ovmf-install
97 set
-e
; . .
/edksetup.sh
; \
99 -t
$(EDK2_TOOLCHAIN
) \
100 -p OvmfPkg
/OvmfPkgX64.dsc \
101 $(OVMF_2M_FLAGS
) -b RELEASE
102 cp
$(OVMF_BUILD_DIR
)/FV
/OVMF_CODE.fd \
104 cp
$(OVMF_BUILD_DIR
)/FV
/OVMF_VARS.fd debian
/ovmf-install
/
106 set
-e
; . .
/edksetup.sh
; \
107 build
-a IA32
-a X64 \
108 -t
$(EDK2_TOOLCHAIN
) \
109 -p OvmfPkg
/OvmfPkgIa32X64.dsc \
110 $(OVMF_4M_FLAGS
) -b RELEASE
111 cp
$(OVMF3264_BUILD_DIR
)/FV
/OVMF_CODE.fd \
112 debian
/ovmf-install
/OVMF_CODE_4M.fd
113 cp
$(OVMF3264_BUILD_DIR
)/FV
/OVMF_VARS.fd \
114 debian
/ovmf-install
/OVMF_VARS_4M.fd
116 set
-e
; . .
/edksetup.sh
; \
118 -t
$(EDK2_TOOLCHAIN
) \
119 -p OvmfPkg
/OvmfPkgX64.dsc \
120 $(OVMF_2M_SMM_FLAGS
) -b RELEASE
121 cp
$(OVMF_BUILD_DIR
)/FV
/OVMF_CODE.fd \
122 debian
/ovmf-install
/OVMF_CODE.secboot.fd
124 set
-e
; . .
/edksetup.sh
; \
125 build
-a IA32
-a X64 \
126 -t
$(EDK2_TOOLCHAIN
) \
127 -p OvmfPkg
/OvmfPkgIa32X64.dsc \
128 $(OVMF_4M_SMM_FLAGS
) -b RELEASE
129 cp
$(OVMF3264_BUILD_DIR
)/FV
/OVMF_CODE.fd \
130 debian
/ovmf-install
/OVMF_CODE_4M.secboot.fd
132 ifeq ($(call dpkg_vendor_derives_from_v1
,ubuntu
),yes
)
133 debian
/PkKek-1-vendor.pem
: debian
/PkKek-1-Ubuntu.pem
135 debian
/PkKek-1-vendor.pem
: debian
/PkKek-1-Debian.pem
137 ln
-sf
`basename $<` $@
139 debian
/oem-string-
%: debian
/PkKek-1-
%.pem
141 sed
-e
's/.*-----BEGIN CERTIFICATE-----/4e32566d-8e9e-4f52-81d3-5bb9715f9727:/' -e
's/-----END CERTIFICATE-----//' > $@
143 %/AAVMF_VARS.ms.fd
: %/AAVMF_CODE.fd
%/AAVMF_VARS.fd debian
/oem-string-vendor
$(AAVMF_ENROLL
) $(AAVMF_SHELL
)
144 PYTHONPATH
=$(CURDIR
)/debian
/python \
145 .
/debian
/edk2-vars-generator.py \
146 -f AAVMF
-e
$(AAVMF_ENROLL
) -s
$(AAVMF_SHELL
) \
147 -c
$(AAVMF_CODE
) -V
$(AAVMF_VARS
) \
148 -C
`< debian/oem-string-vendor` -o
$@
150 %/AAVMF_VARS.snakeoil.fd
: %/AAVMF_CODE.fd
%/AAVMF_VARS.fd debian
/oem-string-snakeoil
$(AAVMF_ENROLL
) $(AAVMF_SHELL
)
151 PYTHONPATH
=$(CURDIR
)/debian
/python \
152 .
/debian
/edk2-vars-generator.py \
153 -f AAVMF
-e
$(AAVMF_ENROLL
) -s
$(AAVMF_SHELL
) \
154 -c
$(AAVMF_CODE
) -V
$(AAVMF_VARS
) \
155 -C
`< debian/oem-string-snakeoil` -o
$@
157 %/OVMF_VARS.ms.fd
: %/OVMF_CODE.fd
%/OVMF_VARS.fd debian
/oem-string-vendor
$(OVMF_ENROLL
) $(OVMF_SHELL
)
158 PYTHONPATH
=$(CURDIR
)/debian
/python \
159 .
/debian
/edk2-vars-generator.py \
160 -f OVMF
-e
$(OVMF_ENROLL
) -s
$(OVMF_SHELL
) \
161 -c debian
/ovmf-install
/OVMF_CODE.fd \
162 -V debian
/ovmf-install
/OVMF_VARS.fd \
163 -C
`< debian/oem-string-vendor` -o
$@
165 %/OVMF_VARS_4M.ms.fd
: %/OVMF_CODE_4M.fd
%/OVMF_VARS_4M.fd debian
/oem-string-vendor
$(OVMF_ENROLL
) $(OVMF_SHELL
)
166 PYTHONPATH
=$(CURDIR
)/debian
/python \
167 .
/debian
/edk2-vars-generator.py \
168 -f OVMF_4M
-e
$(OVMF_ENROLL
) -s
$(OVMF_SHELL
) \
169 -c debian
/ovmf-install
/OVMF_CODE_4M.fd \
170 -V debian
/ovmf-install
/OVMF_VARS_4M.fd \
171 -C
`< debian/oem-string-vendor` -o
$@
173 %/OVMF_VARS_4M.snakeoil.fd
: %/OVMF_CODE_4M.fd
%/OVMF_VARS_4M.fd debian
/oem-string-snakeoil
$(OVMF_ENROLL
) $(OVMF_SHELL
)
174 PYTHONPATH
=$(CURDIR
)/debian
/python \
175 .
/debian
/edk2-vars-generator.py \
176 -f OVMF_4M
-e
$(OVMF_ENROLL
) -s
$(OVMF_SHELL
) \
177 -c debian
/ovmf-install
/OVMF_CODE_4M.fd \
178 -V debian
/ovmf-install
/OVMF_VARS_4M.fd \
179 -C
`< debian/oem-string-snakeoil` -o
$@
181 ArmPkg
/Library
/GccLto
/liblto-aarch64.a
: ArmPkg
/Library
/GccLto
/liblto-aarch64.s
182 $($(EDK2_TOOLCHAIN
)_AARCH64_PREFIX
)gcc
-c
-fpic
$< -o
$@
184 build-qemu-efi
: debian
/setup-build-stamp
185 set
-e
; . .
/edksetup.sh
; \
186 build
-a
$(EDK2_HOST_ARCH
) \
187 -t
$(EDK2_TOOLCHAIN
) \
188 -p ArmVirtPkg
/ArmVirtQemu.dsc \
189 $(AAVMF_FLAGS
) -b RELEASE
190 dd if
=/dev
/zero of
=$(QEMU_EFI_BUILD_DIR
)/FV
/$(FW_NAME
)_CODE.fd bs
=1M seek
=64 count
=0
191 dd if
=$(QEMU_EFI_BUILD_DIR
)/FV
/QEMU_EFI.fd of
=$(QEMU_EFI_BUILD_DIR
)/FV
/$(FW_NAME
)_CODE.fd conv
=notrunc
192 dd if
=/dev
/zero of
=$(QEMU_EFI_BUILD_DIR
)/FV
/$(FW_NAME
)_VARS.fd bs
=1M seek
=64 count
=0
194 build-qemu-efi-aarch64
: $(AAVMF_BINARIES
) $(AAVMF_PREENROLLED_VARS
)
195 $(AAVMF_BINARIES
): ArmPkg
/Library
/GccLto
/liblto-aarch64.a
196 $(MAKE
) -f debian
/rules build-qemu-efi EDK2_ARCH_DIR
=AArch64 EDK2_HOST_ARCH
=AARCH64 FW_NAME
=AAVMF
198 override_dh_auto_clean
:
199 -. .
/edksetup.sh
; build
clean
200 make
-C BaseTools
clean
202 # Only embed code that is actually used; requested by the Ubuntu Security Team
203 EMBEDDED_SUBMODULES
+= CryptoPkg
/Library
/OpensslLib
/openssl
204 EMBEDDED_SUBMODULES
+= ArmPkg
/Library
/ArmSoftFloatLib
/berkeley-softfloat-3
205 EMBEDDED_SUBMODULES
+= MdeModulePkg
/Library
/BrotliCustomDecompressLib
/brotli
207 # Should be executed on a checkout of the upstream master branch,
208 # with the debian/ directory manually copied in.
209 rm -rf edk2.tmp
&& git clone . edk2.tmp
210 # Embed submodules. Don't recurse - openssl will bring in MBs of
211 # stuff we don't need
212 set
-e
; cd edk2.tmp
; \
213 for submodule in
$(EMBEDDED_SUBMODULES
); do \
214 git submodule update
--init
$$submodule; \
216 rm -rf edk2-
$(DEB_VERSION_UPSTREAM
) && \
217 mkdir edk2-
$(DEB_VERSION_UPSTREAM
)
218 cd edk2.tmp
&& git archive HEAD | \
219 tar xv
-C ..
/edk2-
$(DEB_VERSION_UPSTREAM
)
220 cd edk2.tmp
&& git submodule
foreach \
221 'git archive HEAD | tar xv -C $$toplevel/../edk2-$(DEB_VERSION_UPSTREAM)/$$sm_path'
222 ln
-s ..
/debian edk2-
$(DEB_VERSION_UPSTREAM
)
223 # Remove known-binary files
224 cd edk2-
$(DEB_VERSION_UPSTREAM
) && python3 .
/debian
/remove-binaries.py
225 # Look for possible unknown binary files
226 cd edk2-
$(DEB_VERSION_UPSTREAM
) && python3 .
/debian
/find-binaries.py
227 rm edk2-
$(DEB_VERSION_UPSTREAM
)/debian
228 tar Jcvf ..
/edk2_
$(DEB_VERSION_UPSTREAM
).orig.
tar.xz \
229 edk2-
$(DEB_VERSION_UPSTREAM
)
230 rm -rf edk2.tmp edk2-
$(DEB_VERSION_UPSTREAM
)
232 .PHONY
: build-ovmf build-ovmf32 build-qemu-efi build-qemu-efi-aarch64