#!/usr/bin/make -f
-SHELL=/bin/bash
-# this is a simplified version from the upstream package
+SHELL=/bin/bash
-# Only used for creating our build tools.
-DEB_BUILD_ARCH ?= $(shell dpkg-architecture -qDEB_BUILD_ARCH)
-DEB_HOST_ARCH ?= $(shell dpkg-architecture -qDEB_HOST_ARCH)
-DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
+include /usr/share/dpkg/default.mk
-# for GCC5 and newer, LTO enabled
-EDK2_TOOLCHAIN=GCC5
-AARCH64_TOOLCHAIN=GCC5
+BUILD_TYPE ?= RELEASE
+EDK2_TOOLCHAIN = GCC5
export $(EDK2_TOOLCHAIN)_AARCH64_PREFIX=aarch64-linux-gnu-
+export $(EDK2_TOOLCHAIN)_RISCV64_PREFIX=riscv64-linux-gnu-
-export PYTHON3_ENABLE="TRUE"
-export PYTHON_COMMAND="python3"
+export PYTHON3_ENABLE=TRUE
ifeq ($(DEB_BUILD_ARCH),amd64)
EDK2_BUILD_ARCH=X64
endif
+ifeq ($(DEB_BUILD_ARCH),i386)
+ EDK2_BUILD_ARCH=IA32
+endif
ifeq ($(DEB_BUILD_ARCH),arm64)
EDK2_BUILD_ARCH=AARCH64
endif
-ifeq ($(DEB_HOST_ARCH),amd64)
- EDK2_HOST_ARCH=X64
-endif
+
+PCD_RELEASE_DATE = $(shell date -d@$(SOURCE_DATE_EPOCH) "+%m/%d/%Y")
+PCD_FLAGS = --pcd PcdFirmwareVendor=L"Proxmox distribution of EDK II\\0"
+PCD_FLAGS += --pcd PcdFirmwareVersionString=L"$(DEB_VERSION)\\0"
+PCD_FLAGS += --pcd PcdFirmwareReleaseDateString=L"$(PCD_RELEASE_DATE)\\0"
+COMMON_FLAGS = -DNETWORK_HTTP_BOOT_ENABLE=TRUE
+COMMON_FLAGS += -DNETWORK_IP6_ENABLE=TRUE
+COMMON_FLAGS += -DNETWORK_TLS_ENABLE
+COMMON_FLAGS += -DSECURE_BOOT_ENABLE=TRUE
+COMMON_FLAGS += -DPVSCSI_ENABLE=TRUE
+COMMON_FLAGS += $(PCD_FLAGS)
+OVMF_COMMON_FLAGS = $(COMMON_FLAGS)
+OVMF_COMMON_FLAGS += -DTPM2_ENABLE=TRUE
+OVMF_4M_FLAGS = $(OVMF_COMMON_FLAGS) -DFD_SIZE_4MB
+OVMF_4M_SMM_FLAGS = $(OVMF_4M_FLAGS) -DSMM_REQUIRE=TRUE
+OVMF32_4M_FLAGS = $(OVMF_COMMON_FLAGS) -DFD_SIZE_4MB
+OVMF32_4M_SMM_FLAGS = $(OVMF32_4M_FLAGS) -DSMM_REQUIRE=TRUE
+
+AAVMF_FLAGS = $(COMMON_FLAGS)
+AAVMF_FLAGS += -DTPM2_ENABLE=TRUE
+AAVMF_FLAGS += -DTPM2_CONFIG_ENABLE=TRUE
+AAVMF_FLAGS += -DCAVIUM_ERRATUM_27456=TRUE
+
+RISCV64_FLAGS = $(COMMON_FLAGS)
# Clear variables used internally by the edk2 build system
undefine WORKSPACE
%:
dh $@
-override_dh_auto_build: build-qemu-efi-aarch64 build-ovmf
+override_dh_auto_build: build-qemu-efi-aarch64 build-ovmf build-ovmf32 build-qemu-efi-riscv64
-setup-build:
+debian/setup-build-stamp:
cp -a debian/Logo.bmp MdeModulePkg/Logo/Logo.bmp
+ set -e; . ./edksetup.sh; \
make -C BaseTools ARCH=$(EDK2_BUILD_ARCH)
- # call this when building too, it modifies the shell environment
- . ./edksetup.sh
+ touch $@
+
+OVMF_INSTALL_DIR = debian/ovmf-install
+OVMF_BUILD_DIR = Build/OvmfX64/$(BUILD_TYPE)_$(EDK2_TOOLCHAIN)
+OVMF3264_BUILD_DIR = Build/Ovmf3264/$(BUILD_TYPE)_$(EDK2_TOOLCHAIN)
+OVMF_ENROLL = $(OVMF3264_BUILD_DIR)/X64/EnrollDefaultKeys.efi
+OVMF_SHELL = $(OVMF3264_BUILD_DIR)/X64/Shell.efi
+OVMF_BINARIES = $(OVMF_ENROLL) $(OVMF_SHELL)
+OVMF_IMAGES := $(addprefix $(OVMF_INSTALL_DIR)/,OVMF_CODE_4M.fd OVMF_CODE_4M.secboot.fd OVMF_VARS_4M.fd)
+OVMF_PREENROLLED_VARS := $(addprefix $(OVMF_INSTALL_DIR)/,OVMF_VARS_4M.ms.fd OVMF_VARS_4M.snakeoil.fd)
-build-ovmf: EDK2_ARCH_DIR=X64
-build-ovmf: EDK2_HOST_ARCH=X64
-build-ovmf: setup-build
+OVMF32_INSTALL_DIR = debian/ovmf32-install
+OVMF32_BUILD_DIR = Build/OvmfIa32/$(BUILD_TYPE)_$(EDK2_TOOLCHAIN)
+OVMF32_SHELL = $(OVMF32_BUILD_DIR)/IA32/Shell.efi
+OVMF32_BINARIES = $(OVMF32_SHELL)
+OVMF32_IMAGES := $(addprefix $(OVMF32_INSTALL_DIR)/,OVMF32_CODE_4M.secboot.fd OVMF32_VARS_4M.fd)
+
+QEMU_EFI_BUILD_DIR = Build/ArmVirtQemu-$(EDK2_HOST_ARCH)/$(BUILD_TYPE)_$(EDK2_TOOLCHAIN)
+AAVMF_BUILD_DIR = Build/ArmVirtQemu-AARCH64/$(BUILD_TYPE)_$(EDK2_TOOLCHAIN)
+AAVMF_ENROLL = $(AAVMF_BUILD_DIR)/AARCH64/EnrollDefaultKeys.efi
+AAVMF_SHELL = $(AAVMF_BUILD_DIR)/AARCH64/Shell.efi
+AAVMF_BINARIES = $(AAVMF_ENROLL) $(AAVMF_SHELL)
+AAVMF_CODE = $(AAVMF_BUILD_DIR)/FV/AAVMF_CODE.fd
+AAVMF_VARS = $(AAVMF_BUILD_DIR)/FV/AAVMF_VARS.fd
+AAVMF_IMAGES = $(AAVMF_CODE) $(AAVMF_VARS)
+AAVMF_PREENROLLED_VARS = $(addprefix $(AAVMF_BUILD_DIR)/FV/,AAVMF_VARS.ms.fd AAVMF_VARS.snakeoil.fd)
+
+RISCV64_BUILD_DIR = Build/RiscVVirtQemu/$(BUILD_TYPE)_$(EDK2_TOOLCHAIN)
+RISCV64_IMAGES = $(addprefix $(RISCV64_BUILD_DIR)/FV/,RISCV_VIRT_CODE.fd RISCV_VIRT_VARS.fd)
+
+build-ovmf32: $(OVMF32_BINARIES) $(OVMF32_IMAGES)
+$(OVMF32_BINARIES) $(OVMF32_IMAGES): debian/setup-build-stamp
+ rm -rf $(OVMF32_INSTALL_DIR)
+ mkdir $(OVMF32_INSTALL_DIR)
set -e; . ./edksetup.sh; \
- OvmfPkg/build.sh \
- -b RELEASE \
- -a $(EDK2_HOST_ARCH) \
- -t $(EDK2_TOOLCHAIN) \
- -DSECURE_BOOT_ENABLE=FALSE \
- -DTPM_ENABLE=TRUE \
- -DTPM2_ENABLE=TRUE \
- -DFD_SIZE_2MB \
- -n $$(getconf _NPROCESSORS_ONLN)
-
-build-qemu-efi: setup-build
- mkdir -p ShellBinPkg/UefiShell/$(EDK2_ARCH_DIR) FatBinPkg/EnhancedFatDxe/$(EDK2_ARCH_DIR)
+ build -a IA32 \
+ -t $(EDK2_TOOLCHAIN) \
+ -p OvmfPkg/OvmfPkgIa32.dsc \
+ $(OVMF32_4M_SMM_FLAGS) -b $(BUILD_TYPE)
+ cp $(OVMF32_BUILD_DIR)/FV/OVMF_CODE.fd \
+ $(OVMF32_INSTALL_DIR)/OVMF32_CODE_4M.secboot.fd
+ cp $(OVMF32_BUILD_DIR)/FV/OVMF_VARS.fd \
+ $(OVMF32_INSTALL_DIR)/OVMF32_VARS_4M.fd
+
+build-ovmf: $(OVMF_BINARIES) $(OVMF_IMAGES) $(OVMF_PREENROLLED_VARS)
+$(OVMF_BINARIES) $(OVMF_IMAGES): debian/setup-build-stamp
+ rm -rf $(OVMF_INSTALL_DIR)
+ mkdir $(OVMF_INSTALL_DIR)
+ rm -rf Build/OvmfX64
+ set -e; . ./edksetup.sh; \
+ build -a IA32 -a X64 \
+ -t $(EDK2_TOOLCHAIN) \
+ -p OvmfPkg/OvmfPkgIa32X64.dsc \
+ $(OVMF_4M_FLAGS) -b $(BUILD_TYPE)
+ cp $(OVMF3264_BUILD_DIR)/FV/OVMF_CODE.fd \
+ $(OVMF_INSTALL_DIR)/OVMF_CODE_4M.fd
+ cp $(OVMF3264_BUILD_DIR)/FV/OVMF_VARS.fd \
+ $(OVMF_INSTALL_DIR)/OVMF_VARS_4M.fd
+ rm -rf Build/OvmfX64
+ set -e; . ./edksetup.sh; \
+ build -a IA32 -a X64 \
+ -t $(EDK2_TOOLCHAIN) \
+ -p OvmfPkg/OvmfPkgIa32X64.dsc \
+ $(OVMF_4M_SMM_FLAGS) -b $(BUILD_TYPE)
+ cp $(OVMF3264_BUILD_DIR)/FV/OVMF_CODE.fd \
+ $(OVMF_INSTALL_DIR)/OVMF_CODE_4M.secboot.fd
+
+ifeq ($(call dpkg_vendor_derives_from_v1,ubuntu),yes)
+debian/PkKek-1-vendor.pem: debian/PkKek-1-Ubuntu.pem
+else
+debian/PkKek-1-vendor.pem: debian/PkKek-1-Debian.pem
+endif
+ ln -sf `basename $<` $@
+
+debian/oem-string-%: debian/PkKek-1-%.pem
+ tr -d '\n' < $< | \
+ sed -e 's/.*-----BEGIN CERTIFICATE-----/4e32566d-8e9e-4f52-81d3-5bb9715f9727:/' -e 's/-----END CERTIFICATE-----//' > $@
+
+%/AAVMF_VARS.ms.fd: %/AAVMF_CODE.fd %/AAVMF_VARS.fd debian/oem-string-vendor $(AAVMF_ENROLL) $(AAVMF_SHELL)
+ PYTHONPATH=$(CURDIR)/debian/python \
+ python3 ./debian/edk2-vars-generator.py \
+ -f AAVMF -e $(AAVMF_ENROLL) -s $(AAVMF_SHELL) \
+ -c $(AAVMF_CODE) -V $(AAVMF_VARS) \
+ -C `< debian/oem-string-vendor` -o $@
+
+%/AAVMF_VARS.snakeoil.fd: %/AAVMF_CODE.fd %/AAVMF_VARS.fd debian/oem-string-snakeoil $(AAVMF_ENROLL) $(AAVMF_SHELL)
+ PYTHONPATH=$(CURDIR)/debian/python \
+ python3 ./debian/edk2-vars-generator.py \
+ -f AAVMF -e $(AAVMF_ENROLL) -s $(AAVMF_SHELL) \
+ -c $(AAVMF_CODE) -V $(AAVMF_VARS) \
+ --no-default \
+ -C `< debian/oem-string-snakeoil` -o $@
+
+%/OVMF_VARS.ms.fd: %/OVMF_CODE.fd %/OVMF_VARS.fd debian/oem-string-vendor $(OVMF_ENROLL) $(OVMF_SHELL)
+ PYTHONPATH=$(CURDIR)/debian/python \
+ python3 ./debian/edk2-vars-generator.py \
+ -f OVMF -e $(OVMF_ENROLL) -s $(OVMF_SHELL) \
+ -c $(OVMF_INSTALL_DIR)/OVMF_CODE.fd \
+ -V $(OVMF_INSTALL_DIR)/OVMF_VARS.fd \
+ -C `< debian/oem-string-vendor` -o $@
+
+%/OVMF_VARS_4M.ms.fd: %/OVMF_CODE_4M.fd %/OVMF_VARS_4M.fd debian/oem-string-vendor $(OVMF_ENROLL) $(OVMF_SHELL)
+ PYTHONPATH=$(CURDIR)/debian/python \
+ python3 ./debian/edk2-vars-generator.py \
+ -f OVMF_4M -e $(OVMF_ENROLL) -s $(OVMF_SHELL) \
+ -c $(OVMF_INSTALL_DIR)/OVMF_CODE_4M.fd \
+ -V $(OVMF_INSTALL_DIR)/OVMF_VARS_4M.fd \
+ -C `< debian/oem-string-vendor` -o $@
+
+%/OVMF_VARS_4M.snakeoil.fd: %/OVMF_CODE_4M.fd %/OVMF_VARS_4M.fd debian/oem-string-snakeoil $(OVMF_ENROLL) $(OVMF_SHELL)
+ PYTHONPATH=$(CURDIR)/debian/python \
+ python3 ./debian/edk2-vars-generator.py \
+ -f OVMF_4M -e $(OVMF_ENROLL) -s $(OVMF_SHELL) \
+ -c $(OVMF_INSTALL_DIR)/OVMF_CODE_4M.fd \
+ -V $(OVMF_INSTALL_DIR)/OVMF_VARS_4M.fd \
+ --no-default \
+ -C `< debian/oem-string-snakeoil` -o $@
+
+ArmPkg/Library/GccLto/liblto-aarch64.a: ArmPkg/Library/GccLto/liblto-aarch64.s
+ $($(EDK2_TOOLCHAIN)_AARCH64_PREFIX)gcc -c -fpic $< -o $@
+
+ArmPkg/Library/GccLto/liblto-arm.a: ArmPkg/Library/GccLto/liblto-arm.s
+ $($(EDK2_TOOLCHAIN)_ARM_PREFIX)gcc -c -fpic $< -o $@
+
+build-qemu-efi: debian/setup-build-stamp
set -e; . ./edksetup.sh; \
- build -a $(EDK2_HOST_ARCH) -p ShellPkg/ShellPkg.dsc \
- -b RELEASE -t $(EDK2_TOOLCHAIN); \
- cp -a Build/Shell/RELEASE_$(EDK2_TOOLCHAIN)/$(EDK2_HOST_ARCH)/Shell_7C04A583-9E3E-4f1c-AD65-E05268D0B4D1.efi \
- ShellBinPkg/UefiShell/$(EDK2_ARCH_DIR)/Shell.efi; \
- build -a $(EDK2_HOST_ARCH) -p FatPkg/FatPkg.dsc \
- -m FatPkg/EnhancedFatDxe/Fat.inf \
- -t $(EDK2_TOOLCHAIN) -b RELEASE; \
- cp -a Build/Fat/RELEASE_$(EDK2_TOOLCHAIN)/$(EDK2_HOST_ARCH)/Fat.efi \
- FatBinPkg/EnhancedFatDxe/$(EDK2_ARCH_DIR)/Fat.efi; \
build -a $(EDK2_HOST_ARCH) \
-t $(EDK2_TOOLCHAIN) \
-p ArmVirtPkg/ArmVirtQemu.dsc \
- -DHTTP_BOOT_ENABLE=TRUE \
- -DSECURE_BOOT_ENABLE=FALSE \
- -DTPM_ENABLE=TRUE \
- -DTPM2_ENABLE=TRUE \
- -DINTEL_BDS \
- -b RELEASE
- dd if=/dev/zero of=Build/ArmVirtQemu-$(EDK2_HOST_ARCH)/RELEASE_$(EDK2_TOOLCHAIN)/FV/$(FW_NAME)_CODE.fd bs=1M seek=64 count=0
- dd if=Build/ArmVirtQemu-$(EDK2_HOST_ARCH)/RELEASE_$(EDK2_TOOLCHAIN)/FV/QEMU_EFI.fd of=Build/ArmVirtQemu-$(EDK2_HOST_ARCH)/RELEASE_$(EDK2_TOOLCHAIN)/FV/$(FW_NAME)_CODE.fd conv=notrunc
- dd if=/dev/zero of=Build/ArmVirtQemu-$(EDK2_HOST_ARCH)/RELEASE_$(EDK2_TOOLCHAIN)/FV/$(FW_NAME)_VARS.fd bs=1M seek=64 count=0
-
-build-qemu-efi-aarch64:
+ $(AAVMF_FLAGS) -b $(BUILD_TYPE)
+ cp $(QEMU_EFI_BUILD_DIR)/FV/QEMU_EFI.fd \
+ $(QEMU_EFI_BUILD_DIR)/FV/$(FW_NAME)_CODE.fd
+ cp $(QEMU_EFI_BUILD_DIR)/FV/QEMU_VARS.fd \
+ $(QEMU_EFI_BUILD_DIR)/FV/$(FW_NAME)_VARS.fd
+ # QEMU expects 64MiB CODE and VARS files on ARM/AARCH64 architectures
+ # Truncate the firmware files to the expected size
+ truncate -s 64M $(QEMU_EFI_BUILD_DIR)/FV/$(FW_NAME)_CODE.fd
+ truncate -s 64M $(QEMU_EFI_BUILD_DIR)/FV/$(FW_NAME)_VARS.fd
+
+build-qemu-efi-aarch64: $(AAVMF_BINARIES) $(AAVMF_IMAGES) $(AAVMF_PREENROLLED_VARS)
+$(AAVMF_BINARIES) $(AAVMF_IMAGES): ArmPkg/Library/GccLto/liblto-aarch64.a
$(MAKE) -f debian/rules build-qemu-efi EDK2_ARCH_DIR=AArch64 EDK2_HOST_ARCH=AARCH64 FW_NAME=AAVMF
+build-qemu-efi-riscv64: $(RISCV64_IMAGES)
+$(RISCV64_IMAGES): debian/setup-build-stamp
+ set -e; . ./edksetup.sh; \
+ build -a RISCV64 \
+ -t $(EDK2_TOOLCHAIN) \
+ -p OvmfPkg/RiscVVirt/RiscVVirtQemu.dsc \
+ $(RISCV64_FLAGS) -b $(BUILD_TYPE)
+ truncate -s 32M $(RISCV64_BUILD_DIR)/FV/RISCV_VIRT_CODE.fd
+ truncate -s 32M $(RISCV64_BUILD_DIR)/FV/RISCV_VIRT_VARS.fd
+
override_dh_auto_clean:
- set -e; \
- if [ -d BaseTools/Source/C/bin ]; then \
- . ./edksetup.sh; build clean; \
- make -C BaseTools clean; \
- fi
- rm -rf Conf/.cache Build .pc-post
-
-.PHONY: setup-build build-ovmf
+ -. ./edksetup.sh; build clean
+ make -C BaseTools clean
+
+# Only embed code that is actually used; requested by the Ubuntu Security Team
+EMBEDDED_SUBMODULES += CryptoPkg/Library/OpensslLib/openssl
+EMBEDDED_SUBMODULES += ArmPkg/Library/ArmSoftFloatLib/berkeley-softfloat-3
+EMBEDDED_SUBMODULES += MdeModulePkg/Library/BrotliCustomDecompressLib/brotli
+EMBEDDED_SUBMODULES += MdePkg/Library/MipiSysTLib/mipisyst
+get-orig-source:
+ # Should be executed on a checkout of the upstream master branch,
+ # with the debian/ directory manually copied in.
+ rm -rf edk2.tmp && git clone . edk2.tmp
+ # Embed submodules. Don't recurse - openssl will bring in MBs of
+ # stuff we don't need
+ set -e; cd edk2.tmp; \
+ for submodule in $(EMBEDDED_SUBMODULES); do \
+ git submodule update --depth 1 --init $$submodule; \
+ done
+ rm -rf edk2-$(DEB_VERSION_UPSTREAM) && \
+ mkdir edk2-$(DEB_VERSION_UPSTREAM)
+ cd edk2.tmp && git archive HEAD | \
+ tar xv -C ../edk2-$(DEB_VERSION_UPSTREAM)
+ cd edk2.tmp && git submodule foreach \
+ 'git archive HEAD | tar xv -C $$toplevel/../edk2-$(DEB_VERSION_UPSTREAM)/$$sm_path'
+ ln -s ../debian edk2-$(DEB_VERSION_UPSTREAM)
+ # Remove known-binary files
+ cd edk2-$(DEB_VERSION_UPSTREAM) && python3 ./debian/remove-binaries.py
+ # Look for possible unknown binary files
+ cd edk2-$(DEB_VERSION_UPSTREAM) && python3 ./debian/find-binaries.py
+ rm edk2-$(DEB_VERSION_UPSTREAM)/debian
+ tar Jcvf ../edk2_$(DEB_VERSION_UPSTREAM).orig.tar.xz \
+ edk2-$(DEB_VERSION_UPSTREAM)
+ rm -rf edk2.tmp edk2-$(DEB_VERSION_UPSTREAM)
+
+.PHONY: build-ovmf build-ovmf32 build-qemu-efi build-qemu-efi-aarch64 build-qemu-efi-riscv64
projects / pve-edk2-firmware.git / blobdiff