]> git.proxmox.com Git - pve-edk2-firmware.git/blob - debian/rules
projects / pve-edk2-firmware.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
bump version to 4.2023.08-4
[pve-edk2-firmware.git] / debian / rules
1 #!/usr/bin/make -f
2
3 SHELL=/bin/bash
4
5 include /usr/share/dpkg/default.mk
6
7 BUILD_TYPE ?= RELEASE
8 EDK2_TOOLCHAIN = GCC5
9 export $(EDK2_TOOLCHAIN)_AARCH64_PREFIX=aarch64-linux-gnu-
10 export $(EDK2_TOOLCHAIN)_RISCV64_PREFIX=riscv64-linux-gnu-
11
12 export PYTHON3_ENABLE=TRUE
13
14 ifeq ($(DEB_BUILD_ARCH),amd64)
15 EDK2_BUILD_ARCH=X64
16 endif
17 ifeq ($(DEB_BUILD_ARCH),i386)
18 EDK2_BUILD_ARCH=IA32
19 endif
20 ifeq ($(DEB_BUILD_ARCH),arm64)
21 EDK2_BUILD_ARCH=AARCH64
22 endif
23
24 PCD_RELEASE_DATE = $(shell date -d@$(SOURCE_DATE_EPOCH) "+%m/%d/%Y")
25 PCD_FLAGS = --pcd PcdFirmwareVendor=L"Proxmox distribution of EDK II\\0"
26 PCD_FLAGS += --pcd PcdFirmwareVersionString=L"$(DEB_VERSION)\\0"
27 PCD_FLAGS += --pcd PcdFirmwareReleaseDateString=L"$(PCD_RELEASE_DATE)\\0"
28 COMMON_FLAGS = -DNETWORK_HTTP_BOOT_ENABLE=TRUE
29 COMMON_FLAGS += -DNETWORK_IP6_ENABLE=TRUE
30 COMMON_FLAGS += -DNETWORK_TLS_ENABLE
31 COMMON_FLAGS += -DSECURE_BOOT_ENABLE=TRUE
32 COMMON_FLAGS += -DPVSCSI_ENABLE=TRUE
33 COMMON_FLAGS += $(PCD_FLAGS)
34 OVMF_COMMON_FLAGS = $(COMMON_FLAGS)
35 OVMF_COMMON_FLAGS += -DTPM2_ENABLE=TRUE
36 OVMF_4M_FLAGS = $(OVMF_COMMON_FLAGS) -DFD_SIZE_4MB
37 OVMF_4M_SMM_FLAGS = $(OVMF_4M_FLAGS) -DSMM_REQUIRE=TRUE
38 OVMF32_4M_FLAGS = $(OVMF_COMMON_FLAGS) -DFD_SIZE_4MB
39 OVMF32_4M_SMM_FLAGS = $(OVMF32_4M_FLAGS) -DSMM_REQUIRE=TRUE
40
41 AAVMF_FLAGS = $(COMMON_FLAGS)
42 AAVMF_FLAGS += -DTPM2_ENABLE=TRUE
43 AAVMF_FLAGS += -DTPM2_CONFIG_ENABLE=TRUE
44 AAVMF_FLAGS += -DCAVIUM_ERRATUM_27456=TRUE
45
46 RISCV64_FLAGS = $(COMMON_FLAGS)
47
48 # Clear variables used internally by the edk2 build system
49 undefine WORKSPACE
50 undefine ECP_SOURCE
51 undefine EDK_SOURCE
52 undefine EFI_SOURCE
53 undefine EDK_TOOLS_PATH
54 undefine CONF_PATH
55
56 %:
57 dh $@
58
59 override_dh_auto_build: build-qemu-efi-aarch64 build-ovmf build-ovmf32 build-qemu-efi-riscv64
60
61 debian/setup-build-stamp:
62 cp -a debian/Logo.bmp MdeModulePkg/Logo/Logo.bmp
63 set -e; . ./edksetup.sh; \
64 make -C BaseTools ARCH=$(EDK2_BUILD_ARCH)
65 touch $@
66
67 OVMF_INSTALL_DIR = debian/ovmf-install
68 OVMF_BUILD_DIR = Build/OvmfX64/$(BUILD_TYPE)_$(EDK2_TOOLCHAIN)
69 OVMF3264_BUILD_DIR = Build/Ovmf3264/$(BUILD_TYPE)_$(EDK2_TOOLCHAIN)
70 OVMF_ENROLL = $(OVMF3264_BUILD_DIR)/X64/EnrollDefaultKeys.efi
71 OVMF_SHELL = $(OVMF3264_BUILD_DIR)/X64/Shell.efi
72 OVMF_BINARIES = $(OVMF_ENROLL) $(OVMF_SHELL)
73 OVMF_IMAGES := $(addprefix $(OVMF_INSTALL_DIR)/,OVMF_CODE_4M.fd OVMF_CODE_4M.secboot.fd OVMF_VARS_4M.fd)
74 OVMF_PREENROLLED_VARS := $(addprefix $(OVMF_INSTALL_DIR)/,OVMF_VARS_4M.ms.fd OVMF_VARS_4M.snakeoil.fd)
75
76 OVMF32_INSTALL_DIR = debian/ovmf32-install
77 OVMF32_BUILD_DIR = Build/OvmfIa32/$(BUILD_TYPE)_$(EDK2_TOOLCHAIN)
78 OVMF32_SHELL = $(OVMF32_BUILD_DIR)/IA32/Shell.efi
79 OVMF32_BINARIES = $(OVMF32_SHELL)
80 OVMF32_IMAGES := $(addprefix $(OVMF32_INSTALL_DIR)/,OVMF32_CODE_4M.secboot.fd OVMF32_VARS_4M.fd)
81
82 QEMU_EFI_BUILD_DIR = Build/ArmVirtQemu-$(EDK2_HOST_ARCH)/$(BUILD_TYPE)_$(EDK2_TOOLCHAIN)
83 AAVMF_BUILD_DIR = Build/ArmVirtQemu-AARCH64/$(BUILD_TYPE)_$(EDK2_TOOLCHAIN)
84 AAVMF_ENROLL = $(AAVMF_BUILD_DIR)/AARCH64/EnrollDefaultKeys.efi
85 AAVMF_SHELL = $(AAVMF_BUILD_DIR)/AARCH64/Shell.efi
86 AAVMF_BINARIES = $(AAVMF_ENROLL) $(AAVMF_SHELL)
87 AAVMF_CODE = $(AAVMF_BUILD_DIR)/FV/AAVMF_CODE.fd
88 AAVMF_VARS = $(AAVMF_BUILD_DIR)/FV/AAVMF_VARS.fd
89 AAVMF_IMAGES = $(AAVMF_CODE) $(AAVMF_VARS)
90 AAVMF_PREENROLLED_VARS = $(addprefix $(AAVMF_BUILD_DIR)/FV/,AAVMF_VARS.ms.fd AAVMF_VARS.snakeoil.fd)
91
92 RISCV64_BUILD_DIR = Build/RiscVVirtQemu/$(BUILD_TYPE)_$(EDK2_TOOLCHAIN)
93 RISCV64_IMAGES = $(addprefix $(RISCV64_BUILD_DIR)/FV/,RISCV_VIRT_CODE.fd RISCV_VIRT_VARS.fd)
94
95 build-ovmf32: $(OVMF32_BINARIES) $(OVMF32_IMAGES)
96 $(OVMF32_BINARIES) $(OVMF32_IMAGES): debian/setup-build-stamp
97 rm -rf $(OVMF32_INSTALL_DIR)
98 mkdir $(OVMF32_INSTALL_DIR)
99 set -e; . ./edksetup.sh; \
100 build -a IA32 \
101 -t $(EDK2_TOOLCHAIN) \
102 -p OvmfPkg/OvmfPkgIa32.dsc \
103 $(OVMF32_4M_SMM_FLAGS) -b $(BUILD_TYPE)
104 cp $(OVMF32_BUILD_DIR)/FV/OVMF_CODE.fd \
105 $(OVMF32_INSTALL_DIR)/OVMF32_CODE_4M.secboot.fd
106 cp $(OVMF32_BUILD_DIR)/FV/OVMF_VARS.fd \
107 $(OVMF32_INSTALL_DIR)/OVMF32_VARS_4M.fd
108
109 build-ovmf: $(OVMF_BINARIES) $(OVMF_IMAGES) $(OVMF_PREENROLLED_VARS)
110 $(OVMF_BINARIES) $(OVMF_IMAGES): debian/setup-build-stamp
111 rm -rf $(OVMF_INSTALL_DIR)
112 mkdir $(OVMF_INSTALL_DIR)
113 rm -rf Build/OvmfX64
114 set -e; . ./edksetup.sh; \
115 build -a IA32 -a X64 \
116 -t $(EDK2_TOOLCHAIN) \
117 -p OvmfPkg/OvmfPkgIa32X64.dsc \
118 $(OVMF_4M_FLAGS) -b $(BUILD_TYPE)
119 cp $(OVMF3264_BUILD_DIR)/FV/OVMF_CODE.fd \
120 $(OVMF_INSTALL_DIR)/OVMF_CODE_4M.fd
121 cp $(OVMF3264_BUILD_DIR)/FV/OVMF_VARS.fd \
122 $(OVMF_INSTALL_DIR)/OVMF_VARS_4M.fd
123 rm -rf Build/OvmfX64
124 set -e; . ./edksetup.sh; \
125 build -a IA32 -a X64 \
126 -t $(EDK2_TOOLCHAIN) \
127 -p OvmfPkg/OvmfPkgIa32X64.dsc \
128 $(OVMF_4M_SMM_FLAGS) -b $(BUILD_TYPE)
129 cp $(OVMF3264_BUILD_DIR)/FV/OVMF_CODE.fd \
130 $(OVMF_INSTALL_DIR)/OVMF_CODE_4M.secboot.fd
131
132 ifeq ($(call dpkg_vendor_derives_from_v1,ubuntu),yes)
133 debian/PkKek-1-vendor.pem: debian/PkKek-1-Ubuntu.pem
134 else
135 debian/PkKek-1-vendor.pem: debian/PkKek-1-Debian.pem
136 endif
137 ln -sf `basename $<` $@
138
139 debian/oem-string-%: debian/PkKek-1-%.pem
140 tr -d '\n' < $< | \
141 sed -e 's/.*-----BEGIN CERTIFICATE-----/4e32566d-8e9e-4f52-81d3-5bb9715f9727:/' -e 's/-----END CERTIFICATE-----//' > $@
142
143 %/AAVMF_VARS.ms.fd: %/AAVMF_CODE.fd %/AAVMF_VARS.fd debian/oem-string-vendor $(AAVMF_ENROLL) $(AAVMF_SHELL)
144 PYTHONPATH=$(CURDIR)/debian/python \
145 python3 ./debian/edk2-vars-generator.py \
146 -f AAVMF -e $(AAVMF_ENROLL) -s $(AAVMF_SHELL) \
147 -c $(AAVMF_CODE) -V $(AAVMF_VARS) \
148 -C `< debian/oem-string-vendor` -o $@
149
150 %/AAVMF_VARS.snakeoil.fd: %/AAVMF_CODE.fd %/AAVMF_VARS.fd debian/oem-string-snakeoil $(AAVMF_ENROLL) $(AAVMF_SHELL)
151 PYTHONPATH=$(CURDIR)/debian/python \
152 python3 ./debian/edk2-vars-generator.py \
153 -f AAVMF -e $(AAVMF_ENROLL) -s $(AAVMF_SHELL) \
154 -c $(AAVMF_CODE) -V $(AAVMF_VARS) \
155 --no-default \
156 -C `< debian/oem-string-snakeoil` -o $@
157
158 %/OVMF_VARS.ms.fd: %/OVMF_CODE.fd %/OVMF_VARS.fd debian/oem-string-vendor $(OVMF_ENROLL) $(OVMF_SHELL)
159 PYTHONPATH=$(CURDIR)/debian/python \
160 python3 ./debian/edk2-vars-generator.py \
161 -f OVMF -e $(OVMF_ENROLL) -s $(OVMF_SHELL) \
162 -c $(OVMF_INSTALL_DIR)/OVMF_CODE.fd \
163 -V $(OVMF_INSTALL_DIR)/OVMF_VARS.fd \
164 -C `< debian/oem-string-vendor` -o $@
165
166 %/OVMF_VARS_4M.ms.fd: %/OVMF_CODE_4M.fd %/OVMF_VARS_4M.fd debian/oem-string-vendor $(OVMF_ENROLL) $(OVMF_SHELL)
167 PYTHONPATH=$(CURDIR)/debian/python \
168 python3 ./debian/edk2-vars-generator.py \
169 -f OVMF_4M -e $(OVMF_ENROLL) -s $(OVMF_SHELL) \
170 -c $(OVMF_INSTALL_DIR)/OVMF_CODE_4M.fd \
171 -V $(OVMF_INSTALL_DIR)/OVMF_VARS_4M.fd \
172 -C `< debian/oem-string-vendor` -o $@
173
174 %/OVMF_VARS_4M.snakeoil.fd: %/OVMF_CODE_4M.fd %/OVMF_VARS_4M.fd debian/oem-string-snakeoil $(OVMF_ENROLL) $(OVMF_SHELL)
175 PYTHONPATH=$(CURDIR)/debian/python \
176 python3 ./debian/edk2-vars-generator.py \
177 -f OVMF_4M -e $(OVMF_ENROLL) -s $(OVMF_SHELL) \
178 -c $(OVMF_INSTALL_DIR)/OVMF_CODE_4M.fd \
179 -V $(OVMF_INSTALL_DIR)/OVMF_VARS_4M.fd \
180 --no-default \
181 -C `< debian/oem-string-snakeoil` -o $@
182
183 ArmPkg/Library/GccLto/liblto-aarch64.a: ArmPkg/Library/GccLto/liblto-aarch64.s
184 $($(EDK2_TOOLCHAIN)_AARCH64_PREFIX)gcc -c -fpic $< -o $@
185
186 ArmPkg/Library/GccLto/liblto-arm.a: ArmPkg/Library/GccLto/liblto-arm.s
187 $($(EDK2_TOOLCHAIN)_ARM_PREFIX)gcc -c -fpic $< -o $@
188
189 build-qemu-efi: debian/setup-build-stamp
190 set -e; . ./edksetup.sh; \
191 build -a $(EDK2_HOST_ARCH) \
192 -t $(EDK2_TOOLCHAIN) \
193 -p ArmVirtPkg/ArmVirtQemu.dsc \
194 $(AAVMF_FLAGS) -b $(BUILD_TYPE)
195 cp $(QEMU_EFI_BUILD_DIR)/FV/QEMU_EFI.fd \
196 $(QEMU_EFI_BUILD_DIR)/FV/$(FW_NAME)_CODE.fd
197 cp $(QEMU_EFI_BUILD_DIR)/FV/QEMU_VARS.fd \
198 $(QEMU_EFI_BUILD_DIR)/FV/$(FW_NAME)_VARS.fd
199 # QEMU expects 64MiB CODE and VARS files on ARM/AARCH64 architectures
200 # Truncate the firmware files to the expected size
201 truncate -s 64M $(QEMU_EFI_BUILD_DIR)/FV/$(FW_NAME)_CODE.fd
202 truncate -s 64M $(QEMU_EFI_BUILD_DIR)/FV/$(FW_NAME)_VARS.fd
203
204 build-qemu-efi-aarch64: $(AAVMF_BINARIES) $(AAVMF_IMAGES) $(AAVMF_PREENROLLED_VARS)
205 $(AAVMF_BINARIES) $(AAVMF_IMAGES): ArmPkg/Library/GccLto/liblto-aarch64.a
206 $(MAKE) -f debian/rules build-qemu-efi EDK2_ARCH_DIR=AArch64 EDK2_HOST_ARCH=AARCH64 FW_NAME=AAVMF
207
208 build-qemu-efi-riscv64: $(RISCV64_IMAGES)
209 $(RISCV64_IMAGES): debian/setup-build-stamp
210 set -e; . ./edksetup.sh; \
211 build -a RISCV64 \
212 -t $(EDK2_TOOLCHAIN) \
213 -p OvmfPkg/RiscVVirt/RiscVVirtQemu.dsc \
214 $(RISCV64_FLAGS) -b $(BUILD_TYPE)
215 truncate -s 32M $(RISCV64_BUILD_DIR)/FV/RISCV_VIRT_CODE.fd
216 truncate -s 32M $(RISCV64_BUILD_DIR)/FV/RISCV_VIRT_VARS.fd
217
218 override_dh_auto_clean:
219 -. ./edksetup.sh; build clean
220 make -C BaseTools clean
221
222 # Only embed code that is actually used; requested by the Ubuntu Security Team
223 EMBEDDED_SUBMODULES += CryptoPkg/Library/OpensslLib/openssl
224 EMBEDDED_SUBMODULES += ArmPkg/Library/ArmSoftFloatLib/berkeley-softfloat-3
225 EMBEDDED_SUBMODULES += MdeModulePkg/Library/BrotliCustomDecompressLib/brotli
226 EMBEDDED_SUBMODULES += MdePkg/Library/MipiSysTLib/mipisyst
227 get-orig-source:
228 # Should be executed on a checkout of the upstream master branch,
229 # with the debian/ directory manually copied in.
230 rm -rf edk2.tmp && git clone . edk2.tmp
231 # Embed submodules. Don't recurse - openssl will bring in MBs of
232 # stuff we don't need
233 set -e; cd edk2.tmp; \
234 for submodule in $(EMBEDDED_SUBMODULES); do \
235 git submodule update --depth 1 --init $$submodule; \
236 done
237 rm -rf edk2-$(DEB_VERSION_UPSTREAM) && \
238 mkdir edk2-$(DEB_VERSION_UPSTREAM)
239 cd edk2.tmp && git archive HEAD | \
240 tar xv -C ../edk2-$(DEB_VERSION_UPSTREAM)
241 cd edk2.tmp && git submodule foreach \
242 'git archive HEAD | tar xv -C $$toplevel/../edk2-$(DEB_VERSION_UPSTREAM)/$$sm_path'
243 ln -s ../debian edk2-$(DEB_VERSION_UPSTREAM)
244 # Remove known-binary files
245 cd edk2-$(DEB_VERSION_UPSTREAM) && python3 ./debian/remove-binaries.py
246 # Look for possible unknown binary files
247 cd edk2-$(DEB_VERSION_UPSTREAM) && python3 ./debian/find-binaries.py
248 rm edk2-$(DEB_VERSION_UPSTREAM)/debian
249 tar Jcvf ../edk2_$(DEB_VERSION_UPSTREAM).orig.tar.xz \
250 edk2-$(DEB_VERSION_UPSTREAM)
251 rm -rf edk2.tmp edk2-$(DEB_VERSION_UPSTREAM)
252
253 .PHONY: build-ovmf build-ovmf32 build-qemu-efi build-qemu-efi-aarch64 build-qemu-efi-riscv64
EDK2 Firmware for PVE