xref: /OK3568_Linux_fs/yocto/poky/meta/recipes-core/ovmf/ovmf_git.bb (revision 4882a59341e53eb6f0b4789bf948001014eff981) 
1SUMMARY = "OVMF - UEFI firmware for Qemu and KVM"
2DESCRIPTION = "OVMF is an EDK II based project to enable UEFI support for \
3Virtual Machines. OVMF contains sample UEFI firmware for QEMU and KVM"
4HOMEPAGE = "https://github.com/tianocore/tianocore.github.io/wiki/OVMF"
5LICENSE = "BSD-2-Clause-Patent"
6LICENSE:class-target = "${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'BSD-2-Clause-Patent & OpenSSL', 'BSD-2-Clause-Patent', d)}"
7LIC_FILES_CHKSUM = "file://OvmfPkg/License.txt;md5=06357ddc23f46577c2aeaeaf7b776d65"
8
9# Enabling Secure Boot adds a dependency on OpenSSL and implies
10# compiling OVMF twice, so it is disabled by default. Distros
11# may change that default.
12PACKAGECONFIG ??= ""
13PACKAGECONFIG += "${@bb.utils.contains('MACHINE_FEATURES', 'tpm', 'tpm', '', d)}"
14PACKAGECONFIG += "${@bb.utils.contains('MACHINE_FEATURES', 'tpm2', 'tpm', '', d)}"
15PACKAGECONFIG[secureboot] = ",,,"
16PACKAGECONFIG[tpm] = "-D TPM_ENABLE=TRUE,-D TPM_ENABLE=FALSE,,"
17
18# GCC12 trips on it
19#see https://src.fedoraproject.org/rpms/edk2/blob/rawhide/f/0032-Basetools-turn-off-gcc12-warning.patch
20BUILD_CFLAGS += "-Wno-error=stringop-overflow"
21
22SRC_URI = "gitsm://github.com/tianocore/edk2.git;branch=master;protocol=https \
23           file://0001-ovmf-update-path-to-native-BaseTools.patch \
24           file://0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch \
25           file://0003-ovmf-Update-to-latest.patch \
26           file://0005-debug-prefix-map.patch \
27           file://0006-reproducible.patch \
28           file://0001-BaseTools-fix-gcc12-warning.patch \
29           file://0001-BaseTools-fix-gcc12-warning-1.patch \
30           "
31
32PV = "edk2-stable202202"
33SRCREV = "b24306f15daa2ff8510b06702114724b33895d3c"
34UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>edk2-stable.*)"
35
36inherit deploy
37
38PARALLEL_MAKE = ""
39
40S = "${WORKDIR}/git"
41
42DEPENDS = "nasm-native acpica-native ovmf-native util-linux-native"
43
44EDK_TOOLS_DIR="edk2_basetools"
45
46# OVMF has trouble building with the default optimization of -O2.
47BUILD_OPTIMIZATION="-pipe"
48
49# OVMF supports IA only, although it could conceivably support ARM someday.
50COMPATIBLE_HOST:class-target='(i.86|x86_64).*'
51
52# Additional build flags for OVMF with Secure Boot.
53# Fedora also uses "-D SMM_REQUIRE -D EXCLUDE_SHELL_FROM_FD".
54OVMF_SECURE_BOOT_EXTRA_FLAGS ??= ""
55OVMF_SECURE_BOOT_FLAGS = "-DSECURE_BOOT_ENABLE=TRUE ${OVMF_SECURE_BOOT_EXTRA_FLAGS}"
56
57export PYTHON_COMMAND = "${HOSTTOOLS_DIR}/python3"
58
59do_patch[postfuncs] += "fix_basetools_location"
60fix_basetools_location () {
61}
62fix_basetools_location:class-target() {
63    # Replaces the fake path inserted by 0002-ovmf-update-path-to-native-BaseTools.patch.
64    # Necessary for finding the actual BaseTools from ovmf-native.
65    sed -i -e 's#BBAKE_EDK_TOOLS_PATH#${STAGING_BINDIR_NATIVE}/${EDK_TOOLS_DIR}#' ${S}/OvmfPkg/build.sh
66}
67
68do_patch[postfuncs] += "fix_iasl"
69fix_iasl() {
70}
71fix_iasl:class-native() {
72    # iasl is not installed under /usr/bin when building with OE.
73    sed -i -e 's#/usr/bin/iasl#${STAGING_BINDIR_NATIVE}/iasl#' ${S}/BaseTools/Conf/tools_def.template
74}
75
76# Inject CC and friends into the build. LINKER already is in GNUmakefile.
77# Must be idempotent and thus remove old assignments that were inserted
78# earlier.
79do_patch[postfuncs] += "fix_toolchain"
80fix_toolchain() {
81    sed -i \
82        -e '/^\(CC\|CXX\|AS\|AR\|LD\|LINKER\) =/d' \
83        -e '/^APPLICATION/a CC = ${CC}\nCXX = ${CXX}\nAS = ${AS}\nAR = ${AR}\nLD = ${LD}\nLINKER = $(CC)' \
84        ${S}/BaseTools/Source/C/Makefiles/app.makefile
85    sed -i \
86        -e '/^\(CC\|CXX\|AS\|AR\|LD\)/d' \
87        -e '/^VFR_CPPFLAGS/a CC = ${CC}\nCXX = ${CXX}\nAS = ${AS}\nAR = ${AR}\nLD = ${LD}' \
88        ${S}/BaseTools/Source/C/VfrCompile/GNUmakefile
89}
90fix_toolchain:append:class-native() {
91    # This tools_def.template is going to be used by the target ovmf and
92    # defines which compilers to use. For the GCC toolchain definitions,
93    # that will be ${HOST_PREFIX}gcc. However, "make" doesn't need that
94    # prefix.
95    #
96    # Injecting ENV(HOST_PREFIX) matches exporting that value as env
97    # variable in do_compile:class-target.
98    sed -i \
99        -e 's#\(ENV\|DEF\)(GCC.*_PREFIX)#ENV(HOST_PREFIX)#' \
100        -e 's#ENV(HOST_PREFIX)make#make#' \
101        ${S}/BaseTools/Conf/tools_def.template
102    sed -i \
103        -e '/^\(LFLAGS\|CFLAGS\) +=/d' \
104        -e '/^LINKER/a LFLAGS += ${BUILD_LDFLAGS}\nCFLAGS += ${BUILD_CFLAGS}' \
105        ${S}/BaseTools/Source/C/Makefiles/app.makefile \
106        ${S}/BaseTools/Source/C/VfrCompile/GNUmakefile
107    # Linking with gold fails:
108    # internal error in do_layout, at ../../gold/object.cc:1821
109    # make: *** [.../OUTPUT/Facs.acpi] Error 1
110    # We intentionally hard-code the use of ld.bfd regardless of DISTRO_FEATURES
111    # to make ovmf-native reusable across distros.
112    sed -i \
113        -e 's#^\(DEFINE GCC.*DLINK.*FLAGS  *=\)#\1 -fuse-ld=bfd#' \
114        -e 's#-flto#-fno-lto#g' \
115        -e 's#-DUSING_LTO##g' \
116        ${S}/BaseTools/Conf/tools_def.template
117}
118
119# We disable lto above since the results are not reproducible and make it hard to compare
120# binary build aretfacts to debug reproducibility problems.
121# Surprisingly, if you disable lto, you see compiler warnings which are fatal. We therefore
122# have to hack warnings overrides into GCC_PREFIX_MAP to allow it to build.
123
124# We want to pass ${DEBUG_PREFIX_MAP} to gcc commands and also pass in
125# --debug-prefix-map to nasm (we carry a patch to nasm for this). The
126# tools definitions are built by ovmf-native so we need to pass this in
127# at target build time when we know the right values.
128export NASM_PREFIX_MAP = "--debug-prefix-map=${WORKDIR}=/usr/src/debug/ovmf/${EXTENDPE}${PV}-${PR}"
129export GCC_PREFIX_MAP = "${DEBUG_PREFIX_MAP} -Wno-stringop-overflow -Wno-maybe-uninitialized"
130
131GCC_VER="$(${CC} -v 2>&1 | tail -n1 | awk '{print $3}')"
132
133fixup_target_tools() {
134    case ${1} in
135      4.4.*)
136        FIXED_GCCVER=GCC44
137        ;;
138      4.5.*)
139        FIXED_GCCVER=GCC45
140        ;;
141      4.6.*)
142        FIXED_GCCVER=GCC46
143        ;;
144      4.7.*)
145        FIXED_GCCVER=GCC47
146        ;;
147      4.8.*)
148        FIXED_GCCVER=GCC48
149        ;;
150      4.9.*)
151        FIXED_GCCVER=GCC49
152        ;;
153      *)
154        FIXED_GCCVER=GCC5
155        ;;
156    esac
157    echo ${FIXED_GCCVER}
158}
159
160do_compile:class-native() {
161    oe_runmake -C ${S}/BaseTools
162}
163
164do_compile:class-target() {
165    export LFLAGS="${LDFLAGS}"
166    PARALLEL_JOBS="${@oe.utils.parallel_make_argument(d, '-n %d')}"
167    OVMF_ARCH="X64"
168    if [ "${TARGET_ARCH}" != "x86_64" ] ; then
169        OVMF_ARCH="IA32"
170    fi
171
172    # The build for the target uses BaseTools/Conf/tools_def.template
173    # from ovmf-native to find the compiler, which depends on
174    # exporting HOST_PREFIX.
175    export HOST_PREFIX="${HOST_PREFIX}"
176
177    # BaseTools/Conf gets copied to Conf, but only if that does not
178    # exist yet. To ensure that an updated template gets used during
179    # incremental builds, we need to remove the copy before we start.
180    rm -f `ls ${S}/Conf/*.txt | grep -v ReadMe.txt`
181
182    # ${WORKDIR}/ovmf is a well-known location where do_install and
183    # do_deploy will be able to find the files.
184    rm -rf ${WORKDIR}/ovmf
185    mkdir ${WORKDIR}/ovmf
186    OVMF_DIR_SUFFIX="X64"
187    if [ "${TARGET_ARCH}" != "x86_64" ] ; then
188        OVMF_DIR_SUFFIX="Ia32" # Note the different capitalization
189    fi
190    FIXED_GCCVER=$(fixup_target_tools ${GCC_VER})
191    bbnote FIXED_GCCVER is ${FIXED_GCCVER}
192    build_dir="${S}/Build/Ovmf$OVMF_DIR_SUFFIX/RELEASE_${FIXED_GCCVER}"
193
194    bbnote "Building without Secure Boot."
195    rm -rf ${S}/Build/Ovmf$OVMF_DIR_SUFFIX
196    ${S}/OvmfPkg/build.sh $PARALLEL_JOBS -a $OVMF_ARCH -b RELEASE -t ${FIXED_GCCVER} ${PACKAGECONFIG_CONFARGS}
197    ln ${build_dir}/FV/OVMF.fd ${WORKDIR}/ovmf/ovmf.fd
198    ln ${build_dir}/FV/OVMF_CODE.fd ${WORKDIR}/ovmf/ovmf.code.fd
199    ln ${build_dir}/FV/OVMF_VARS.fd ${WORKDIR}/ovmf/ovmf.vars.fd
200    ln ${build_dir}/${OVMF_ARCH}/Shell.efi ${WORKDIR}/ovmf/
201
202    if ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'true', 'false', d)}; then
203        # Repeat build with the Secure Boot flags.
204        bbnote "Building with Secure Boot."
205        rm -rf ${S}/Build/Ovmf$OVMF_DIR_SUFFIX
206        ${S}/OvmfPkg/build.sh $PARALLEL_JOBS -a $OVMF_ARCH -b RELEASE -t ${FIXED_GCCVER} ${PACKAGECONFIG_CONFARGS} ${OVMF_SECURE_BOOT_FLAGS}
207        ln ${build_dir}/FV/OVMF.fd ${WORKDIR}/ovmf/ovmf.secboot.fd
208        ln ${build_dir}/FV/OVMF_CODE.fd ${WORKDIR}/ovmf/ovmf.secboot.code.fd
209        ln ${build_dir}/${OVMF_ARCH}/EnrollDefaultKeys.efi ${WORKDIR}/ovmf/
210    fi
211}
212
213do_install:class-native() {
214    install -d ${D}/${bindir}/edk2_basetools
215    cp -r ${S}/BaseTools ${D}/${bindir}/${EDK_TOOLS_DIR}
216}
217
218do_install:class-target() {
219    # Content for UEFI shell iso. We install the EFI shell as
220    # bootx64/ia32.efi because then it can be started even when the
221    # firmware itself does not contain it.
222    install -d ${D}/efi/boot
223    install ${WORKDIR}/ovmf/Shell.efi ${D}/efi/boot/boot${@ "ia32" if "${TARGET_ARCH}" != "x86_64" else "x64"}.efi
224    if ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'true', 'false', d)}; then
225        install ${WORKDIR}/ovmf/EnrollDefaultKeys.efi ${D}
226    fi
227}
228
229# This always gets packaged because ovmf-shell-image depends on it.
230# This allows testing that recipe in all configurations because it
231# can always be part of a world build.
232#
233# However, EnrollDefaultKeys.efi is only included when Secure Boot is enabled.
234PACKAGES =+ "ovmf-shell-efi"
235FILES:ovmf-shell-efi = " \
236    EnrollDefaultKeys.efi \
237    efi/ \
238"
239
240DEPLOYDEP = ""
241DEPLOYDEP:class-target = "qemu-system-native:do_populate_sysroot"
242DEPLOYDEP:class-target += " ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'openssl-native:do_populate_sysroot', '', d)}"
243do_deploy[depends] += "${DEPLOYDEP}"
244
245do_deploy() {
246}
247do_deploy:class-target() {
248    # For use with "runqemu ovmf".
249    for i in \
250        ovmf \
251        ovmf.code \
252        ovmf.vars \
253        ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'ovmf.secboot ovmf.secboot.code', '', d)} \
254        ; do
255        qemu-img convert -f raw -O qcow2 ${WORKDIR}/ovmf/$i.fd ${DEPLOYDIR}/$i.qcow2
256    done
257
258    if ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'true', 'false', d)}; then
259        # Create a test Platform Key and first Key Exchange Key to use with EnrollDefaultKeys
260        openssl req -new -x509 -newkey rsa:2048 -keyout ${DEPLOYDIR}/OvmfPkKek1.key \
261                -out ${DEPLOYDIR}/OvmfPkKek1.crt -nodes -days 20 -subj "/CN=OVMFSecBootTest"
262        openssl x509 -in ${DEPLOYDIR}/OvmfPkKek1.crt -out ${DEPLOYDIR}/OvmfPkKek1.pem -outform PEM
263    fi
264}
265addtask do_deploy after do_compile before do_build
266
267BBCLASSEXTEND = "native"
268TOOLCHAIN = "gcc"
269