openclaw/tqma6-yocto-mirror
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Complete Yocto mirror with license table for TQMa6UL (2038-compliance)

Browse Source 
- 264 license table entries with exact download URLs (224/264 resolved)
- Complete sources/ directory with all BitBake recipes
- Build configuration: tqma6ul-multi-mba6ulx, spaetzle (musl)
- Full traceability for Softwarefreigabeantrag
- GCC 13.4.0, Linux 6.6.102, U-Boot 2023.04, musl 1.2.4
- License distribution: GPL-2.0 (24), MIT (23), GPL-2.0+ (18), BSD-3 (16)
This commit is contained in:
Siggi (OpenClaw Agent)
2026-03-01 20:58:18 +00:00
commit 16accb6b24
15086 changed files with 1292356 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
sources/poky/meta/recipes-core/ovmf/ovmf-shell-image.bb Normal file
View File

@@ -0,0 +1,21 @@
SUMMARY = "boot image with UEFI shell and tools"
COMPATIBLE_HOST:class-target='(i.86|x86_64).*'
# For this image recipe, only the wic format with a
# single vfat partition makes sense. Because we have no
# boot loader and no rootfs partition, not additional
# tools are needed for this .wks file.
IMAGE_FSTYPES:forcevariable = 'wic'
WKS_FILE = "ovmf/ovmf-shell-image.wks"
WKS_FILE_DEPENDS = ""
inherit image
# We want a minimal image with just ovmf-shell-efi unpacked in it. We
# avoid installing unnecessary stuff as much as possible, but some
# things still get through and need to be removed.
PACKAGE_INSTALL = "ovmf-shell-efi"
LINGUAS_INSTALL = ""
do_image () {
rm -rf `ls -d ${IMAGE_ROOTFS}/* | grep -v efi`
}

51
sources/poky/meta/recipes-core/ovmf/ovmf/0001-MdeModulePkg-Potential-UINT32-overflow-in-S3-ResumeC.patch Normal file
View File

@@ -0,0 +1,51 @@
From 150ea3ea4c821b133a782eeb33ef2a9c8fd8d7c3 Mon Sep 17 00:00:00 2001
From: Hongxu Jia <hongxu.jia@windriver.com>
Date: Fri, 22 Nov 2024 13:05:57 +0800
Subject: [PATCH] MdeModulePkg: Potential UINT32 overflow in S3 ResumeCount
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4677
Attacker able to modify physical memory and ResumeCount.
System will crash/DoS when ResumeCount reaches its MAX_UINT32.
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Dandan Bi <dandan.bi@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Signed-off-by: Pakkirisamy ShanmugavelX <shanmugavelx.pakkirisamy@intel.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
CVE: CVE-2024-1298
Upstream-Status: Backport [https://github.com/tianocore/edk2/commit/284dbac43da752ee34825c8b3f6f9e8281cb5a19]
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
---
.../FirmwarePerformancePei.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTablePei/FirmwarePerformancePei.c b/MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTablePei/FirmwarePerformancePei.c
index 2f2b2a8..2ba9215 100644
--- a/MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTablePei/FirmwarePerformancePei.c
+++ b/MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTablePei/FirmwarePerformancePei.c
@@ -112,11 +112,15 @@ FpdtStatusCodeListenerPei (
//
S3ResumeTotal = MultU64x32 (AcpiS3ResumeRecord->AverageResume, AcpiS3ResumeRecord->ResumeCount);
AcpiS3ResumeRecord->ResumeCount++;
- AcpiS3ResumeRecord->AverageResume = DivU64x32 (S3ResumeTotal + AcpiS3ResumeRecord->FullResume, AcpiS3ResumeRecord->ResumeCount);
+ if (AcpiS3ResumeRecord->ResumeCount > 0) {
+ AcpiS3ResumeRecord->AverageResume = DivU64x32 (S3ResumeTotal + AcpiS3ResumeRecord->FullResume, AcpiS3ResumeRecord->ResumeCount);
+ DEBUG ((DEBUG_INFO, "\nFPDT: S3 Resume Performance - AverageResume = 0x%x\n", AcpiS3ResumeRecord->AverageResume));
+ } else {
+ DEBUG ((DEBUG_ERROR, "\nFPDT: S3 ResumeCount reaches the MAX_UINT32 value. S3 ResumeCount record reset to Zero."));
+ }
- DEBUG ((DEBUG_INFO, "FPDT: S3 Resume Performance - ResumeCount = %d\n", AcpiS3ResumeRecord->ResumeCount));
- DEBUG ((DEBUG_INFO, "FPDT: S3 Resume Performance - FullResume = %ld\n", AcpiS3ResumeRecord->FullResume));
- DEBUG ((DEBUG_INFO, "FPDT: S3 Resume Performance - AverageResume = %ld\n", AcpiS3ResumeRecord->AverageResume));
+ DEBUG ((DEBUG_INFO, "FPDT: S3 Resume Performance - ResumeCount = 0x%x\n", AcpiS3ResumeRecord->ResumeCount));
+ DEBUG ((DEBUG_INFO, "FPDT: S3 Resume Performance - FullResume = 0x%x\n", AcpiS3ResumeRecord->FullResume));
//
// Update S3 Suspend Performance Record.
--
2.34.1

36
sources/poky/meta/recipes-core/ovmf/ovmf/0001-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch Normal file
View File

@@ -0,0 +1,36 @@
From 5f7bd3f3c4747d5bb2733f017f8c5b93b63a74e3 Mon Sep 17 00:00:00 2001
From: Doug Flick <dougflick@microsoft.com>
Date: Fri, 22 Nov 2024 13:03:33 +0800
Subject: [PATCH] MdePkg: Fix overflow issue in BasePeCoffLib
The RelocDir->Size is a UINT32 value, and RelocDir->VirtualAddress is
also a UINT32 value. The current code does not check for overflow when
adding RelocDir->Size to RelocDir->VirtualAddress. This patch adds a
check to ensure that the addition does not overflow.
Signed-off-by: Doug Flick <dougflick@microsoft.com>
Authored-by: sriraamx gobichettipalayam <sri..@intel.com>
CVE: CVE-2024-38796
Upstream-Status: Backport [https://github.com/tianocore/edk2/commit/c95233b8525ca6828921affd1496146cff262e65]
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
---
MdePkg/Library/BasePeCoffLib/BasePeCoff.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
index 86ff2e7..128090d 100644
--- a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
+++ b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
@@ -1054,7 +1054,7 @@ PeCoffLoaderRelocateImage (
RelocDir = &Hdr.Te->DataDirectory[0];
}
- if ((RelocDir != NULL) && (RelocDir->Size > 0)) {
+ if ((RelocDir != NULL) && (RelocDir->Size > 0) && (RelocDir->Size - 1 < MAX_UINT32 - RelocDir->VirtualAddress)) {
RelocBase = (EFI_IMAGE_BASE_RELOCATION *)PeCoffLoaderImageAddress (ImageContext, RelocDir->VirtualAddress, TeStrippedOffset);
RelocBaseEnd = (EFI_IMAGE_BASE_RELOCATION *)PeCoffLoaderImageAddress (
ImageContext,
--
2.34.1

33
sources/poky/meta/recipes-core/ovmf/ovmf/0001-ovmf-update-path-to-native-BaseTools.patch Normal file
View File

@@ -0,0 +1,33 @@
From d8df6b6433351763e1db791dd84d432983d2b249 Mon Sep 17 00:00:00 2001
From: Ricardo Neri <ricardo.neri-calderon@linux.intel.com>
Date: Thu, 9 Jun 2016 02:23:01 -0700
Subject: [PATCH 1/4] ovmf: update path to native BaseTools
BaseTools is a set of utilities to build EDK-based firmware. These utilities
are used during the build process. Thus, they need to be built natively.
When cross-compiling, we need to provide a path to the location of these
tools. The BBAKE_EDK_TOOLS_PATH string is used as a pattern to be replaced
with the appropriate location before building.
Signed-off-by: Ricardo Neri <ricardo.neri-calderon@linux.intel.com>
Upstream-Status: Inappropriate [oe-core cross compile specific]
---
OvmfPkg/build.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/OvmfPkg/build.sh b/OvmfPkg/build.sh
index b0334fb76e..094f86f096 100755
--- a/OvmfPkg/build.sh
+++ b/OvmfPkg/build.sh
@@ -24,7 +24,7 @@ then
# this assumes svn pulls have the same root dir
# export EDK_TOOLS_PATH=`pwd`/../BaseTools
# This version is for the tools source in edk2
- export EDK_TOOLS_PATH=`pwd`/BaseTools
+ export EDK_TOOLS_PATH=BBAKE_EDK_TOOLS_PATH/BaseTools
echo $EDK_TOOLS_PATH
source edksetup.sh BaseTools
else
--
2.30.2

69
sources/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch Normal file
View File

@@ -0,0 +1,69 @@
From ac9df4fb92965f1f95a5bdbde5f2f86d0c569711 Mon Sep 17 00:00:00 2001
From: Ricardo Neri <ricardo.neri-calderon@linux.intel.com>
Date: Fri, 26 Jul 2019 17:34:26 -0400
Subject: [PATCH] BaseTools: makefile: adjust to build in under bitbake
Prepend the build flags with those of bitbake. This is to build
using the bitbake native sysroot include and library directories.
Note from Alex: this is not appropriate for upstream submission as
the recipe already does lots of similar in-place fixups elsewhere, so
this patch shold be converted to follow that pattern. We're not going
to fight against how upstream wants to configure the build.
Signed-off-by: Ricardo Neri <ricardo.neri@linux.intel.com>
Upstream-Status: Inappropriate [needs to be converted to in-recipe fixups]
---
BaseTools/Source/C/Makefiles/header.makefile | 15 +++++++--------
1 file changed, 7 insertions(+), 8 deletions(-)
diff --git a/BaseTools/Source/C/Makefiles/header.makefile b/BaseTools/Source/C/Makefiles/header.makefile
index d369908a09..22c670f316 100644
--- a/BaseTools/Source/C/Makefiles/header.makefile
+++ b/BaseTools/Source/C/Makefiles/header.makefile
@@ -85,35 +85,34 @@ endif
INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT) -I $(MAKEROOT)/Include/Common -I $(MAKEROOT)/Include/ -I $(MAKEROOT)/Include/IndustryStandard -I $(MAKEROOT)/Common/ -I .. -I . $(ARCH_INCLUDE)
INCLUDE += -I $(EDK2_PATH)/MdePkg/Include
-CPPFLAGS = $(INCLUDE)
+CPPFLAGS += $(INCLUDE)
# keep EXTRA_OPTFLAGS last
BUILD_OPTFLAGS = -O2 $(EXTRA_OPTFLAGS)
ifeq ($(DARWIN),Darwin)
# assume clang or clang compatible flags on OS X
-CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror \
+CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror \
-Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -g
else
ifneq ($(CLANG),)
-CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -fwrapv \
+CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -fwrapv \
-fno-delete-null-pointer-checks -Wall -Werror \
-Wno-deprecated-declarations -Wno-self-assign \
-Wno-unused-result -nostdlib -g
else
-CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -fwrapv \
+CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -fwrapv \
-fno-delete-null-pointer-checks -Wall -Werror \
-Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict \
-Wno-unused-result -nostdlib -g
endif
endif
ifneq ($(CLANG),)
-LDFLAGS =
-CXXFLAGS = -Wno-deprecated-register -Wno-unused-result -std=c++14
+CXXFLAGS += -Wno-deprecated-register -Wno-unused-result -std=c++14
else
-LDFLAGS =
-CXXFLAGS = -Wno-unused-result
+CXXFLAGS += -Wno-unused-result
endif
+
ifeq ($(HOST_ARCH), IA32)
#
# Snow Leopard is a 32-bit and 64-bit environment. uname -m returns i386, but gcc defaults
--
2.30.2

104
sources/poky/meta/recipes-core/ovmf/ovmf/0003-debug-prefix-map.patch Normal file
View File

@@ -0,0 +1,104 @@
From 03e536b20d0b72cf078052f6748de8df3836625c Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex.kanavin@gmail.com>
Date: Mon, 14 Jun 2021 19:56:28 +0200
Subject: [PATCH 3/4] debug prefix map
We want to pass ${DEBUG_PREFIX_MAP} to gcc commands and also pass in
--debug-prefix-map to nasm (we carry a patch to nasm for this). The
tools definitions file is built by ovmf-native so we need to pass this in
at target build time when we know the right values so we use the environment.
By using determininistc file paths during the ovmf build, it removes the
opportunitity for gcc/ld to change the output binaries due to path lengths
overflowing section sizes and causing small changes in the binary output.
Previously we relied on the stripped output being the same which isn't always
the case if the size of the debug symbols varies.
Upstream-Status: Submitted [https://github.com/tianocore/edk2/pull/2202]
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
---
BaseTools/Conf/tools_def.template | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template
index 503a6687c1..10ac38ef9e 100755
--- a/BaseTools/Conf/tools_def.template
+++ b/BaseTools/Conf/tools_def.template
@@ -739,7 +739,7 @@ NOOPT_*_*_OBJCOPY_ADDDEBUGFLAG = --add-gnu-debuglink="$(DEBUG_DIR)/$(MODULE_
*_*_*_DTCPP_PATH = DEF(DTCPP_BIN)
*_*_*_DTC_PATH = DEF(DTC_BIN)
-DEFINE GCC_ALL_CC_FLAGS = -g -Os -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -include AutoGen.h -fno-common
+DEFINE GCC_ALL_CC_FLAGS = -g -Os -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -include AutoGen.h -fno-common ENV(GCC_PREFIX_MAP)
DEFINE GCC_ARM_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mlittle-endian -mabi=aapcs -fno-short-enums -funsigned-char -ffunction-sections -fdata-sections -fomit-frame-pointer -Wno-address -mthumb -fno-pic -fno-pie
DEFINE GCC_LOONGARCH64_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mabi=lp64d -fno-asynchronous-unwind-tables -fno-plt -Wno-address -fno-short-enums -fsigned-char -ffunction-sections -fdata-sections
DEFINE GCC_ARM_CC_XIPFLAGS = -mno-unaligned-access
@@ -759,8 +759,8 @@ DEFINE GCC_ARM_ASLDLINK_FLAGS = DEF(GCC_ARM_DLINK_FLAGS) -Wl,--entry,Refere
DEFINE GCC_AARCH64_ASLDLINK_FLAGS = DEF(GCC_AARCH64_DLINK_FLAGS) -Wl,--entry,ReferenceAcpiTable -u $(IMAGE_ENTRY_POINT) DEF(GCC_ARM_AARCH64_ASLDLINK_FLAGS)
DEFINE GCC_LOONGARCH64_ASLDLINK_FLAGS = DEF(GCC_LOONGARCH64_DLINK_FLAGS) -Wl,--entry,ReferenceAcpiTable -u $(IMAGE_ENTRY_POINT)
DEFINE GCC_IA32_X64_DLINK_FLAGS = DEF(GCC_IA32_X64_DLINK_COMMON) --entry _$(IMAGE_ENTRY_POINT) --file-alignment 0x20 --section-alignment 0x20 -Map $(DEST_DIR_DEBUG)/$(BASE_NAME).map
-DEFINE GCC_ASM_FLAGS = -c -x assembler -imacros AutoGen.h
-DEFINE GCC_PP_FLAGS = -E -x assembler-with-cpp -include AutoGen.h
+DEFINE GCC_ASM_FLAGS = -c -x assembler -imacros AutoGen.h ENV(GCC_PREFIX_MAP)
+DEFINE GCC_PP_FLAGS = -E -x assembler-with-cpp -include AutoGen.h ENV(GCC_PREFIX_MAP)
DEFINE GCC_VFRPP_FLAGS = -x c -E -P -DVFRCOMPILE --include $(MODULE_NAME)StrDefs.h
DEFINE GCC_ASLPP_FLAGS = -x c -E -include AutoGen.h
DEFINE GCC_ASLCC_FLAGS = -x c
@@ -913,7 +913,7 @@ DEFINE GCC5_LOONGARCH64_PP_FLAGS = -mabi=lp64d -march=loongarch64 DEF(
*_GCC48_IA32_DLINK2_FLAGS = DEF(GCC48_IA32_DLINK2_FLAGS)
*_GCC48_IA32_RC_FLAGS = DEF(GCC_IA32_RC_FLAGS)
*_GCC48_IA32_OBJCOPY_FLAGS =
-*_GCC48_IA32_NASM_FLAGS = -f elf32
+*_GCC48_IA32_NASM_FLAGS = -f elf32 ENV(NASM_PREFIX_MAP)
DEBUG_GCC48_IA32_CC_FLAGS = DEF(GCC48_IA32_CC_FLAGS)
RELEASE_GCC48_IA32_CC_FLAGS = DEF(GCC48_IA32_CC_FLAGS) -Wno-unused-but-set-variable
@@ -941,7 +941,7 @@ RELEASE_GCC48_IA32_CC_FLAGS = DEF(GCC48_IA32_CC_FLAGS) -Wno-unused-but-set
*_GCC48_X64_DLINK2_FLAGS = DEF(GCC48_X64_DLINK2_FLAGS)
*_GCC48_X64_RC_FLAGS = DEF(GCC_X64_RC_FLAGS)
*_GCC48_X64_OBJCOPY_FLAGS =
-*_GCC48_X64_NASM_FLAGS = -f elf64
+*_GCC48_X64_NASM_FLAGS = -f elf64 ENV(NASM_PREFIX_MAP)
DEBUG_GCC48_X64_CC_FLAGS = DEF(GCC48_X64_CC_FLAGS)
RELEASE_GCC48_X64_CC_FLAGS = DEF(GCC48_X64_CC_FLAGS) -Wno-unused-but-set-variable
@@ -1050,7 +1050,7 @@ RELEASE_GCC48_AARCH64_CC_FLAGS = DEF(GCC48_AARCH64_CC_FLAGS) -Wno-unused-but-s
*_GCC49_IA32_DLINK2_FLAGS = DEF(GCC49_IA32_DLINK2_FLAGS)
*_GCC49_IA32_RC_FLAGS = DEF(GCC_IA32_RC_FLAGS)
*_GCC49_IA32_OBJCOPY_FLAGS =
-*_GCC49_IA32_NASM_FLAGS = -f elf32
+*_GCC49_IA32_NASM_FLAGS = -f elf32 ENV(NASM_PREFIX_MAP)
DEBUG_GCC49_IA32_CC_FLAGS = DEF(GCC49_IA32_CC_FLAGS)
RELEASE_GCC49_IA32_CC_FLAGS = DEF(GCC49_IA32_CC_FLAGS) -Wno-unused-but-set-variable -Wno-unused-const-variable
@@ -1078,7 +1078,7 @@ RELEASE_GCC49_IA32_CC_FLAGS = DEF(GCC49_IA32_CC_FLAGS) -Wno-unused-but-set
*_GCC49_X64_DLINK2_FLAGS = DEF(GCC49_X64_DLINK2_FLAGS)
*_GCC49_X64_RC_FLAGS = DEF(GCC_X64_RC_FLAGS)
*_GCC49_X64_OBJCOPY_FLAGS =
-*_GCC49_X64_NASM_FLAGS = -f elf64
+*_GCC49_X64_NASM_FLAGS = -f elf64 ENV(NASM_PREFIX_MAP)
DEBUG_GCC49_X64_CC_FLAGS = DEF(GCC49_X64_CC_FLAGS)
RELEASE_GCC49_X64_CC_FLAGS = DEF(GCC49_X64_CC_FLAGS) -Wno-unused-but-set-variable -Wno-unused-const-variable
@@ -1337,7 +1337,7 @@ RELEASE_GCCNOLTO_AARCH64_DLINK_XIPFLAGS = -z common-page-size=0x20
*_GCC5_IA32_DLINK2_FLAGS = DEF(GCC5_IA32_DLINK2_FLAGS) -no-pie
*_GCC5_IA32_RC_FLAGS = DEF(GCC_IA32_RC_FLAGS)
*_GCC5_IA32_OBJCOPY_FLAGS =
-*_GCC5_IA32_NASM_FLAGS = -f elf32
+*_GCC5_IA32_NASM_FLAGS = -f elf32 ENV(NASM_PREFIX_MAP)
DEBUG_GCC5_IA32_CC_FLAGS = DEF(GCC5_IA32_CC_FLAGS) -flto
DEBUG_GCC5_IA32_DLINK_FLAGS = DEF(GCC5_IA32_X64_DLINK_FLAGS) -flto -Os -Wl,-m,elf_i386,--oformat=elf32-i386
@@ -1369,7 +1369,7 @@ RELEASE_GCC5_IA32_DLINK_FLAGS = DEF(GCC5_IA32_X64_DLINK_FLAGS) -flto -Os -Wl,
*_GCC5_X64_DLINK2_FLAGS = DEF(GCC5_X64_DLINK2_FLAGS)
*_GCC5_X64_RC_FLAGS = DEF(GCC_X64_RC_FLAGS)
*_GCC5_X64_OBJCOPY_FLAGS =
-*_GCC5_X64_NASM_FLAGS = -f elf64
+*_GCC5_X64_NASM_FLAGS = -f elf64 ENV(NASM_PREFIX_MAP)
DEBUG_GCC5_X64_CC_FLAGS = DEF(GCC5_X64_CC_FLAGS) -flto -DUSING_LTO
DEBUG_GCC5_X64_DLINK_FLAGS = DEF(GCC5_X64_DLINK_FLAGS) -flto -Os
--
2.30.2

180
sources/poky/meta/recipes-core/ovmf/ovmf/0004-reproducible.patch Normal file
View File

@@ -0,0 +1,180 @@
From c59850367a190d70dec43e0a66f399a4d8a5ffed Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex.kanavin@gmail.com>
Date: Mon, 14 Jun 2021 19:57:30 +0200
Subject: [PATCH 4/4] reproducible
This patch fixes various things which make the build more reproducible. Some changes
here only change intermediate artefacts but that means when you have two build trees
giving differing results, the differences can be isolated more easily. The issues here
usually become apparent with longer paths.
This was all debugged with:
TMPDIR = "${TOPDIR}/tmp"
vs.
TMPDIR = "${TOPDIR}/tmp-inital-mylongpath-mylongpath-mylongpath-mylongpath-mylongpath-mylongpath-mylongpath-mylongpath-mylongpath"
The patch specifically:
* Sorts output in GNUmakefile
* Always generates indirect flags files used to avoid pathlength issues else the
compile commands suddenly change when using longer paths
* Sorts the AutoGenTimeStamp file contents
* Makes the TargetDescBlock objects from BuildEngine sortable to allow the makefile fix
* Fix ElfConvert within GenFw so that only the basename of the binary being converted
is used, else the output from "GenFw XXX.bin" differs from "GenFw /long/path/XXX.bin"
with sufficiently long paths
Upstream-Status: Submitted [https://github.com/tianocore/edk2/pull/2176]
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
---
BaseTools/Source/C/GenFw/Elf64Convert.c | 8 ++++---
.../Source/Python/AutoGen/BuildEngine.py | 3 +++
BaseTools/Source/Python/AutoGen/GenMake.py | 24 +++++++++----------
.../Source/Python/AutoGen/ModuleAutoGen.py | 5 +++-
4 files changed, 24 insertions(+), 16 deletions(-)
diff --git a/BaseTools/Source/C/GenFw/Elf64Convert.c b/BaseTools/Source/C/GenFw/Elf64Convert.c
index 9c17c90b16..fcc7864141 100644
--- a/BaseTools/Source/C/GenFw/Elf64Convert.c
+++ b/BaseTools/Source/C/GenFw/Elf64Convert.c
@@ -15,6 +15,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#ifndef __GNUC__
#include <windows.h>
#include <io.h>
+#else
+#define _GNU_SOURCE
#endif
#include <assert.h>
#include <stdio.h>
@@ -990,7 +992,7 @@ ScanSections64 (
}
mCoffOffset = mDebugOffset + sizeof(EFI_IMAGE_DEBUG_DIRECTORY_ENTRY) +
sizeof(EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY) +
- strlen(mInImageName) + 1;
+ strlen(basename(mInImageName)) + 1;
//
// Add more space in the .debug data region for the DllCharacteristicsEx
@@ -2261,7 +2263,7 @@ WriteDebug64 (
EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY *Nb10;
EFI_IMAGE_DEBUG_EX_DLLCHARACTERISTICS_ENTRY *DllEntry;
- Len = strlen(mInImageName) + 1;
+ Len = strlen(basename(mInImageName)) + 1;
NtHdr = (EFI_IMAGE_OPTIONAL_HEADER_UNION *)(mCoffFile + mNtHdrOffset);
DataDir = &NtHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_DEBUG];
@@ -2294,7 +2296,7 @@ WriteDebug64 (
Nb10 = (EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY*)(Dir + 1);
Nb10->Signature = CODEVIEW_SIGNATURE_NB10;
- strcpy ((char *)(Nb10 + 1), mInImageName);
+ strcpy ((char *)(Nb10 + 1), basename(mInImageName));
}
STATIC
diff --git a/BaseTools/Source/Python/AutoGen/BuildEngine.py b/BaseTools/Source/Python/AutoGen/BuildEngine.py
index 752a1a1f6a..02054cccf8 100644
--- a/BaseTools/Source/Python/AutoGen/BuildEngine.py
+++ b/BaseTools/Source/Python/AutoGen/BuildEngine.py
@@ -70,6 +70,9 @@ class TargetDescBlock(object):
else:
return str(Other) == self.Target.Path
+ def __lt__(self, other):
+ return str(self) < str(other)
+
def AddInput(self, Input):
if Input not in self.Inputs:
self.Inputs.append(Input)
diff --git a/BaseTools/Source/Python/AutoGen/GenMake.py b/BaseTools/Source/Python/AutoGen/GenMake.py
index daec9c6d54..0e8cc20efe 100755
--- a/BaseTools/Source/Python/AutoGen/GenMake.py
+++ b/BaseTools/Source/Python/AutoGen/GenMake.py
@@ -575,7 +575,7 @@ cleanlib:
os.remove(RespFileList)
# convert source files and binary files to build targets
- self.ResultFileList = [str(T.Target) for T in MyAgo.CodaTargetList]
+ self.ResultFileList = sorted([str(T.Target) for T in MyAgo.CodaTargetList])
if len(self.ResultFileList) == 0 and len(MyAgo.SourceFileList) != 0:
EdkLogger.error("build", AUTOGEN_ERROR, "Nothing to build",
ExtraData="[%s]" % str(MyAgo))
@@ -726,7 +726,7 @@ cleanlib:
OutputFile = ''
DepsFileList = []
- for Cmd in self.GenFfsList:
+ for Cmd in sorted(self.GenFfsList):
if Cmd[2]:
for CopyCmd in Cmd[2]:
Src, Dst = CopyCmd
@@ -759,7 +759,7 @@ cleanlib:
self.BuildTargetList.append('\t%s' % CmdString)
self.ParseSecCmd(DepsFileList, Cmd[1])
- for SecOutputFile, SecDepsFile, SecCmd in self.FfsOutputFileList :
+ for SecOutputFile, SecDepsFile, SecCmd in sorted(self.FfsOutputFileList):
self.BuildTargetList.append('%s : %s' % (self.ReplaceMacro(SecOutputFile), self.ReplaceMacro(SecDepsFile)))
self.BuildTargetList.append('\t%s' % self.ReplaceMacro(SecCmd))
self.FfsOutputFileList = []
@@ -798,13 +798,13 @@ cleanlib:
def CommandExceedLimit(self):
FlagDict = {
- 'CC' : { 'Macro' : '$(CC_FLAGS)', 'Value' : False},
- 'PP' : { 'Macro' : '$(PP_FLAGS)', 'Value' : False},
- 'APP' : { 'Macro' : '$(APP_FLAGS)', 'Value' : False},
- 'ASLPP' : { 'Macro' : '$(ASLPP_FLAGS)', 'Value' : False},
- 'VFRPP' : { 'Macro' : '$(VFRPP_FLAGS)', 'Value' : False},
- 'ASM' : { 'Macro' : '$(ASM_FLAGS)', 'Value' : False},
- 'ASLCC' : { 'Macro' : '$(ASLCC_FLAGS)', 'Value' : False},
+ 'CC' : { 'Macro' : '$(CC_FLAGS)', 'Value' : True},
+ 'PP' : { 'Macro' : '$(PP_FLAGS)', 'Value' : True},
+ 'APP' : { 'Macro' : '$(APP_FLAGS)', 'Value' : True},
+ 'ASLPP' : { 'Macro' : '$(ASLPP_FLAGS)', 'Value' : True},
+ 'VFRPP' : { 'Macro' : '$(VFRPP_FLAGS)', 'Value' : True},
+ 'ASM' : { 'Macro' : '$(ASM_FLAGS)', 'Value' : True},
+ 'ASLCC' : { 'Macro' : '$(ASLCC_FLAGS)', 'Value' : True},
}
RespDict = {}
@@ -1007,9 +1007,9 @@ cleanlib:
if not self.ObjTargetDict.get(T.Target.SubDir):
self.ObjTargetDict[T.Target.SubDir] = set()
self.ObjTargetDict[T.Target.SubDir].add(NewFile)
- for Type in self._AutoGenObject.Targets:
+ for Type in sorted(self._AutoGenObject.Targets):
resp_file_number = 0
- for T in self._AutoGenObject.Targets[Type]:
+ for T in sorted(self._AutoGenObject.Targets[Type]):
# Generate related macros if needed
if T.GenFileListMacro and T.FileListMacro not in self.FileListMacros:
self.FileListMacros[T.FileListMacro] = []
diff --git a/BaseTools/Source/Python/AutoGen/ModuleAutoGen.py b/BaseTools/Source/Python/AutoGen/ModuleAutoGen.py
index d05410b329..99b3f64aba 100755
--- a/BaseTools/Source/Python/AutoGen/ModuleAutoGen.py
+++ b/BaseTools/Source/Python/AutoGen/ModuleAutoGen.py
@@ -1474,6 +1474,9 @@ class ModuleAutoGen(AutoGen):
for File in Files:
if File.lower().endswith('.pdb'):
AsBuiltInfDict['binary_item'].append('DISPOSABLE|' + File)
+
+ AsBuiltInfDict['binary_item'] = sorted(AsBuiltInfDict['binary_item'])
+
HeaderComments = self.Module.HeaderComments
StartPos = 0
for Index in range(len(HeaderComments)):
@@ -1749,7 +1752,7 @@ class ModuleAutoGen(AutoGen):
if os.path.exists (self.TimeStampPath):
os.remove (self.TimeStampPath)
- SaveFileOnChange(self.TimeStampPath, "\n".join(FileSet), False)
+ SaveFileOnChange(self.TimeStampPath, "\n".join(sorted(FileSet)), False)
# Ignore generating makefile when it is a binary module
if self.IsBinaryModule:
--
2.30.2

4
sources/poky/meta/recipes-core/ovmf/ovmf/ovmf-shell-image.wks Normal file
View File

@@ -0,0 +1,4 @@
# short-description: Create an EFI disk image with just the EFI system partition
part / --source rootfs --ondisk sda --fstype=vfat --align 1024
bootloader --ptable gpt --timeout=5

282
sources/poky/meta/recipes-core/ovmf/ovmf_git.bb Normal file
View File

@@ -0,0 +1,282 @@
SUMMARY = "OVMF - UEFI firmware for Qemu and KVM"
DESCRIPTION = "OVMF is an EDK II based project to enable UEFI support for \
Virtual Machines. OVMF contains sample UEFI firmware for QEMU and KVM"
HOMEPAGE = "https://github.com/tianocore/tianocore.github.io/wiki/OVMF"
LICENSE = "BSD-2-Clause-Patent"
LICENSE:class-target = "${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'BSD-2-Clause-Patent & OpenSSL', 'BSD-2-Clause-Patent', d)}"
LIC_FILES_CHKSUM = "file://OvmfPkg/License.txt;md5=06357ddc23f46577c2aeaeaf7b776d65"
# Enabling Secure Boot adds a dependency on OpenSSL and implies
# compiling OVMF twice, so it is disabled by default. Distros
# may change that default.
PACKAGECONFIG ??= ""
PACKAGECONFIG += "${@bb.utils.contains('MACHINE_FEATURES', 'tpm', 'tpm', '', d)}"
PACKAGECONFIG += "${@bb.utils.contains('MACHINE_FEATURES', 'tpm2', 'tpm', '', d)}"
PACKAGECONFIG[secureboot] = ",,,"
PACKAGECONFIG[tpm] = "-D TPM_ENABLE=TRUE,-D TPM_ENABLE=FALSE,,"
# GCC12 trips on it
#see https://src.fedoraproject.org/rpms/edk2/blob/rawhide/f/0032-Basetools-turn-off-gcc12-warning.patch
BUILD_CFLAGS += "-Wno-error=stringop-overflow"
SRC_URI = "gitsm://github.com/tianocore/edk2.git;branch=master;protocol=https \
file://0001-ovmf-update-path-to-native-BaseTools.patch \
file://0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch \
file://0003-debug-prefix-map.patch \
file://0004-reproducible.patch \
file://0001-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch \
file://0001-MdeModulePkg-Potential-UINT32-overflow-in-S3-ResumeC.patch \
"
PV = "edk2-stable202402"
SRCREV = "edc6681206c1a8791981a2f911d2fb8b3d2f5768"
UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>edk2-stable.*)"
CVE_PRODUCT = "edk2"
CVE_VERSION = "${@d.getVar('PV').split('stable')[1]}"
CVE_STATUS[CVE-2014-8271] = "fixed-version: Fixed in svn_16280, which is an unusual versioning breaking version comparison."
CVE_STATUS[CVE-2014-4859] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions."
CVE_STATUS[CVE-2014-4860] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions."
CVE_STATUS[CVE-2019-14553] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions."
CVE_STATUS[CVE-2019-14559] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions."
CVE_STATUS[CVE-2019-14562] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions."
CVE_STATUS[CVE-2019-14563] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions."
CVE_STATUS[CVE-2019-14575] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions."
CVE_STATUS[CVE-2019-14586] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions."
CVE_STATUS[CVE-2019-14587] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions."
inherit deploy
PARALLEL_MAKE = ""
S = "${WORKDIR}/git"
DEPENDS = "nasm-native acpica-native ovmf-native util-linux-native"
EDK_TOOLS_DIR="edk2_basetools"
# OVMF has trouble building with the default optimization of -O2.
BUILD_OPTIMIZATION="-pipe"
# OVMF supports IA only, although it could conceivably support ARM someday.
COMPATIBLE_HOST:class-target='(i.86|x86_64).*'
# Additional build flags for OVMF with Secure Boot.
# Fedora also uses "-D SMM_REQUIRE -D EXCLUDE_SHELL_FROM_FD".
OVMF_SECURE_BOOT_EXTRA_FLAGS ??= ""
OVMF_SECURE_BOOT_FLAGS = "-DSECURE_BOOT_ENABLE=TRUE ${OVMF_SECURE_BOOT_EXTRA_FLAGS}"
export PYTHON_COMMAND = "${HOSTTOOLS_DIR}/python3"
do_patch[postfuncs] += "fix_basetools_location"
fix_basetools_location () {
}
fix_basetools_location:class-target() {
# Replaces the fake path inserted by 0002-ovmf-update-path-to-native-BaseTools.patch.
# Necessary for finding the actual BaseTools from ovmf-native.
sed -i -e 's#BBAKE_EDK_TOOLS_PATH#${STAGING_BINDIR_NATIVE}/${EDK_TOOLS_DIR}#' ${S}/OvmfPkg/build.sh
}
do_patch[postfuncs] += "fix_iasl"
fix_iasl() {
}
fix_iasl:class-native() {
# iasl is not installed under /usr/bin when building with OE.
sed -i -e 's#/usr/bin/iasl#${STAGING_BINDIR_NATIVE}/iasl#' ${S}/BaseTools/Conf/tools_def.template
}
# Inject CC and friends into the build. LINKER already is in GNUmakefile.
# Must be idempotent and thus remove old assignments that were inserted
# earlier.
do_patch[postfuncs] += "fix_toolchain"
fix_toolchain() {
sed -i \
-e '/^\(CC\|CXX\|AS\|AR\|LD\|LINKER\) =/d' \
-e '/^APPLICATION/a CC = ${CC}\nCXX = ${CXX}\nAS = ${AS}\nAR = ${AR}\nLD = ${LD}\nLINKER = $(CC)' \
${S}/BaseTools/Source/C/Makefiles/app.makefile
sed -i \
-e '/^\(CC\|CXX\|AS\|AR\|LD\)/d' \
-e '/^VFR_CPPFLAGS/a CC = ${CC}\nCXX = ${CXX}\nAS = ${AS}\nAR = ${AR}\nLD = ${LD}' \
${S}/BaseTools/Source/C/VfrCompile/GNUmakefile
}
fix_toolchain:append:class-native() {
# This tools_def.template is going to be used by the target ovmf and
# defines which compilers to use. For the GCC toolchain definitions,
# that will be ${HOST_PREFIX}gcc. However, "make" doesn't need that
# prefix.
#
# Injecting ENV(HOST_PREFIX) matches exporting that value as env
# variable in do_compile:class-target.
sed -i \
-e 's#\(ENV\|DEF\)(GCC.*_PREFIX)#ENV(HOST_PREFIX)#' \
-e 's#ENV(HOST_PREFIX)make#make#' \
${S}/BaseTools/Conf/tools_def.template
sed -i \
-e '/^\(LFLAGS\|CFLAGS\) +=/d' \
-e '/^LINKER/a LFLAGS += ${BUILD_LDFLAGS}\nCFLAGS += ${BUILD_CFLAGS}' \
${S}/BaseTools/Source/C/Makefiles/app.makefile \
${S}/BaseTools/Source/C/VfrCompile/GNUmakefile
# Linking with gold fails:
# internal error in do_layout, at ../../gold/object.cc:1821
# make: *** [.../OUTPUT/Facs.acpi] Error 1
# We intentionally hard-code the use of ld.bfd regardless of DISTRO_FEATURES
# to make ovmf-native reusable across distros.
sed -i \
-e 's#^\(DEFINE GCC.*DLINK.*FLAGS *=\)#\1 -fuse-ld=bfd#' \
-e 's#-flto#-fno-lto#g' \
-e 's#-DUSING_LTO##g' \
${S}/BaseTools/Conf/tools_def.template
}
# We disable lto above since the results are not reproducible and make it hard to compare
# binary build aretfacts to debug reproducibility problems.
# Surprisingly, if you disable lto, you see compiler warnings which are fatal. We therefore
# have to hack warnings overrides into GCC_PREFIX_MAP to allow it to build.
# We want to pass ${DEBUG_PREFIX_MAP} to gcc commands and also pass in
# --debug-prefix-map to nasm (we carry a patch to nasm for this). The
# tools definitions are built by ovmf-native so we need to pass this in
# at target build time when we know the right values.
export NASM_PREFIX_MAP = "--debug-prefix-map=${WORKDIR}=${TARGET_DBGSRC_DIR}"
export GCC_PREFIX_MAP = "${DEBUG_PREFIX_MAP} -Wno-stringop-overflow -Wno-maybe-uninitialized"
GCC_VER="$(${CC} -v 2>&1 | tail -n1 | awk '{print $3}')"
fixup_target_tools() {
case ${1} in
4.4.*)
FIXED_GCCVER=GCC44
;;
4.5.*)
FIXED_GCCVER=GCC45
;;
4.6.*)
FIXED_GCCVER=GCC46
;;
4.7.*)
FIXED_GCCVER=GCC47
;;
4.8.*)
FIXED_GCCVER=GCC48
;;
4.9.*)
FIXED_GCCVER=GCC49
;;
*)
FIXED_GCCVER=GCC5
;;
esac
echo ${FIXED_GCCVER}
}
do_compile:class-native() {
oe_runmake -C ${S}/BaseTools
}
do_compile:class-target() {
export LFLAGS="${LDFLAGS}"
PARALLEL_JOBS="${@oe.utils.parallel_make_argument(d, '-n %d')}"
OVMF_ARCH="X64"
if [ "${TARGET_ARCH}" != "x86_64" ] ; then
OVMF_ARCH="IA32"
fi
# The build for the target uses BaseTools/Conf/tools_def.template
# from ovmf-native to find the compiler, which depends on
# exporting HOST_PREFIX.
export HOST_PREFIX="${HOST_PREFIX}"
# BaseTools/Conf gets copied to Conf, but only if that does not
# exist yet. To ensure that an updated template gets used during
# incremental builds, we need to remove the copy before we start.
rm -f `ls ${S}/Conf/*.txt | grep -v ReadMe.txt`
# ${WORKDIR}/ovmf is a well-known location where do_install and
# do_deploy will be able to find the files.
rm -rf ${WORKDIR}/ovmf
mkdir ${WORKDIR}/ovmf
OVMF_DIR_SUFFIX="X64"
if [ "${TARGET_ARCH}" != "x86_64" ] ; then
OVMF_DIR_SUFFIX="Ia32" # Note the different capitalization
fi
FIXED_GCCVER=$(fixup_target_tools ${GCC_VER})
bbnote FIXED_GCCVER is ${FIXED_GCCVER}
build_dir="${S}/Build/Ovmf$OVMF_DIR_SUFFIX/RELEASE_${FIXED_GCCVER}"
bbnote "Building without Secure Boot."
rm -rf ${S}/Build/Ovmf$OVMF_DIR_SUFFIX
${S}/OvmfPkg/build.sh $PARALLEL_JOBS -a $OVMF_ARCH -b RELEASE -t ${FIXED_GCCVER} ${PACKAGECONFIG_CONFARGS}
ln ${build_dir}/FV/OVMF.fd ${WORKDIR}/ovmf/ovmf.fd
ln ${build_dir}/FV/OVMF_CODE.fd ${WORKDIR}/ovmf/ovmf.code.fd
ln ${build_dir}/FV/OVMF_VARS.fd ${WORKDIR}/ovmf/ovmf.vars.fd
ln ${build_dir}/${OVMF_ARCH}/Shell.efi ${WORKDIR}/ovmf/
if ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'true', 'false', d)}; then
# Repeat build with the Secure Boot flags.
bbnote "Building with Secure Boot."
rm -rf ${S}/Build/Ovmf$OVMF_DIR_SUFFIX
${S}/OvmfPkg/build.sh $PARALLEL_JOBS -a $OVMF_ARCH -b RELEASE -t ${FIXED_GCCVER} ${PACKAGECONFIG_CONFARGS} ${OVMF_SECURE_BOOT_FLAGS}
ln ${build_dir}/FV/OVMF.fd ${WORKDIR}/ovmf/ovmf.secboot.fd
ln ${build_dir}/FV/OVMF_CODE.fd ${WORKDIR}/ovmf/ovmf.secboot.code.fd
ln ${build_dir}/${OVMF_ARCH}/EnrollDefaultKeys.efi ${WORKDIR}/ovmf/
fi
}
do_install:class-native() {
install -d ${D}/${bindir}/edk2_basetools
find ${S}/BaseTools -name \*.pyc -exec rm -rf \{\} \;
cp -r ${S}/BaseTools ${D}/${bindir}/${EDK_TOOLS_DIR}
}
do_install:class-target() {
# Content for UEFI shell iso. We install the EFI shell as
# bootx64/ia32.efi because then it can be started even when the
# firmware itself does not contain it.
install -d ${D}/efi/boot
install ${WORKDIR}/ovmf/Shell.efi ${D}/efi/boot/boot${@ "ia32" if "${TARGET_ARCH}" != "x86_64" else "x64"}.efi
if ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'true', 'false', d)}; then
install ${WORKDIR}/ovmf/EnrollDefaultKeys.efi ${D}
fi
}
# This always gets packaged because ovmf-shell-image depends on it.
# This allows testing that recipe in all configurations because it
# can always be part of a world build.
#
# However, EnrollDefaultKeys.efi is only included when Secure Boot is enabled.
PACKAGES =+ "ovmf-shell-efi"
FILES:ovmf-shell-efi = " \
EnrollDefaultKeys.efi \
efi/ \
"
DEPLOYDEP = ""
DEPLOYDEP:class-target = "qemu-system-native:do_populate_sysroot"
DEPLOYDEP:class-target += " ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'openssl-native:do_populate_sysroot', '', d)}"
do_deploy[depends] += "${DEPLOYDEP}"
do_deploy() {
}
do_deploy:class-target() {
# For use with "runqemu ovmf".
for i in \
ovmf \
ovmf.code \
ovmf.vars \
${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'ovmf.secboot ovmf.secboot.code', '', d)} \
; do
qemu-img convert -f raw -O qcow2 ${WORKDIR}/ovmf/$i.fd ${DEPLOYDIR}/$i.qcow2
done
if ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'true', 'false', d)}; then
# Create a test Platform Key and first Key Exchange Key to use with EnrollDefaultKeys
openssl req -new -x509 -newkey rsa:2048 -keyout ${DEPLOYDIR}/OvmfPkKek1.key \
-out ${DEPLOYDIR}/OvmfPkKek1.crt -nodes -days 20 -subj "/CN=OVMFSecBootTest"
openssl x509 -in ${DEPLOYDIR}/OvmfPkKek1.crt -out ${DEPLOYDIR}/OvmfPkKek1.pem -outform PEM
fi
}
addtask do_deploy after do_compile before do_build
BBCLASSEXTEND = "native"
TOOLCHAIN = "gcc"