[OE-core] [PATCH 0/5] ovmf: Bump to edk2-stable201905 and add improvements

Ricardo Neri ricardo.neri-calderon at linux.intel.com
Wed Aug 7 01:44:34 UTC 2019 

Hi,

Fixes [YOCTO #13438]

I have implemented this patchset to bump the OVMF recipe to the latest
stable release of OVMF: edk2-stable201905. I continued Ross Burton's
initial work to update the recipe [1].

The majority of the patches we were carrying with the recipe have been
taken upstream in EDK2 and I have removed them. Plus, EDK2 now adds
openssl as a git submodule and not a patching script. Thus, I removed
support for this script and switched to the gitsm bitbake fetcher.

Also, now the EnrollDefaultKeys EFI application requires a separate
Platform Key and first Key Exchange Key certificate instead of an
hard-coded certificate embedded in the application. The hypervisor shall
pass this certificated to EnrollDefaultKeys via the Type 11 SMBus table.
I have updated the ovmf recipe to create the needed certificate and
also updated runqemu to provide such certificate when using an OVMF
binary with support for Secure Boot.

Lastly, I defined the recipe's PV and took Ross' change to use python3
from HOSTTOOLS.

Thanks and BR,
Ricardo

[1]. http://git.yoctoproject.org/cgit.cgi/poky-contrib/commit/?h=ross/nopy2&id=f95649176b7916116251a092a82618dd08ff1961

Ricardo Neri (5):
  ovmf: Update to version edk2-stable201905
  ovmf: Set PV
  ovmf: use HOSTTOOLS' python3
  ovmf: Generate test Platform key and first Key Exchange Key
  runqemu: Add support to handle EnrollDefaultKeys PK/KEK1 certificate

 ....makefile-add-Wno-stringop-truncatio.patch |   71 --
 .../ovmf/ovmf/0001-ia32-Dont-use-pie.patch    |   46 -
 ...ols-header.makefile-add-Wno-restrict.patch |  102 --
 ....makefile-revert-gcc-8-Wno-xxx-optio.patch |   53 -
 ...ile-adjust-to-build-in-under-bitbake.patch |   33 +-
 ...-silence-false-stringop-overflow-war.patch |   66 -
 ...faultKeys-application-for-enrolling-.patch | 1124 -----------------
 .../ovmf/no-stack-protector-all-archs.patch   |   26 +-
 meta/recipes-core/ovmf/ovmf_git.bb            |   40 +-
 scripts/runqemu                               |   32 +
 10 files changed, 90 insertions(+), 1503 deletions(-)
 delete mode 100644 meta/recipes-core/ovmf/ovmf/0001-BaseTools-header.makefile-add-Wno-stringop-truncatio.patch
 delete mode 100644 meta/recipes-core/ovmf/ovmf/0001-ia32-Dont-use-pie.patch
 delete mode 100644 meta/recipes-core/ovmf/ovmf/0002-BaseTools-header.makefile-add-Wno-restrict.patch
 delete mode 100644 meta/recipes-core/ovmf/ovmf/0003-BaseTools-header.makefile-revert-gcc-8-Wno-xxx-optio.patch
 delete mode 100644 meta/recipes-core/ovmf/ovmf/0004-BaseTools-GenVtf-silence-false-stringop-overflow-war.patch
 delete mode 100644 meta/recipes-core/ovmf/ovmf/0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch

-- 
2.20.1

More information about the Openembedded-core mailing list