[OE-core] [PATCH 0/5] ovmf: Bump to edk2-stable201905 and add improvements
Ricardo Neri
ricardo.neri-calderon at linux.intel.com
Wed Aug 7 20:18:05 UTC 2019
On Wed, Aug 07, 2019 at 07:36:26PM +0100, Richard Purdie wrote:
> On Tue, 2019-08-06 at 18:44 -0700, Ricardo Neri wrote:
> > Hi,
> >
> > Fixes [YOCTO #13438]
> >
> > I have implemented this patchset to bump the OVMF recipe to the
> > latest
> > stable release of OVMF: edk2-stable201905. I continued Ross Burton's
> > initial work to update the recipe [1].
> >
> > The majority of the patches we were carrying with the recipe have
> > been
> > taken upstream in EDK2 and I have removed them. Plus, EDK2 now adds
> > openssl as a git submodule and not a patching script. Thus, I removed
> > support for this script and switched to the gitsm bitbake fetcher.
> >
> > Also, now the EnrollDefaultKeys EFI application requires a separate
> > Platform Key and first Key Exchange Key certificate instead of an
> > hard-coded certificate embedded in the application. The hypervisor
> > shall
> > pass this certificated to EnrollDefaultKeys via the Type 11 SMBus
> > table.
> > I have updated the ovmf recipe to create the needed certificate and
> > also updated runqemu to provide such certificate when using an OVMF
> > binary with support for Secure Boot.
> >
> > Lastly, I defined the recipe's PV and took Ross' change to use
> > python3
> > from HOSTTOOLS.
>
> Thanks for the patches. I can't get the to apply at all. I know we have
> problems due to the line endings in ovmf and the mailing list is
> probably messing them up. Could you share a git tree with the patches
> in somewhere please?
Thanks for considering the patches, Richard! You can pull the patches
from here:
The following changes since commit 96decf673992b1cd1eebac45a5cd534eef27ebd7:
waffle: upgrade 1.5.2 -> 1.6.0 (2019-08-07 16:08:08 +0100)
are available in the Git repository at:
https://github.com/ricardon/openembedded-core.git rneri/ovmf_updates
for you to fetch changes up to e81cf432b29056dda5496a5454fdfb9cc15dc2fa:
runqemu: Add support to handle EnrollDefaultKeys PK/KEK1 certificate (2019-08-07 13:09:32 -0700)
----------------------------------------------------------------
Ricardo Neri (5):
ovmf: Update to version edk2-stable201905
ovmf: Set PV
ovmf: Use HOSTTOOLS' python3
ovmf: Generate test Platform key and first Key Exchange Key
runqemu: Add support to handle EnrollDefaultKeys PK/KEK1 certificate
.../ovmf/0001-BaseTools-header.makefile-add-Wno-stringop-truncatio.patch | 71 ---
meta/recipes-core/ovmf/ovmf/0001-ia32-Dont-use-pie.patch | 46 --
.../ovmf/ovmf/0002-BaseTools-header.makefile-add-Wno-restrict.patch | 102 ---
.../ovmf/0003-BaseTools-header.makefile-revert-gcc-8-Wno-xxx-optio.patch | 53 --
.../ovmf/0003-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch | 33 +-
.../ovmf/0004-BaseTools-GenVtf-silence-false-stringop-overflow-war.patch | 66 --
.../ovmf/0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch | 1124 ---------------------------------
meta/recipes-core/ovmf/ovmf/no-stack-protector-all-archs.patch | 26 +-
meta/recipes-core/ovmf/ovmf_git.bb | 40 +-
scripts/runqemu | 32 +
10 files changed, 90 insertions(+), 1503 deletions(-)
delete mode 100644 meta/recipes-core/ovmf/ovmf/0001-BaseTools-header.makefile-add-Wno-stringop-truncatio.patch
delete mode 100644 meta/recipes-core/ovmf/ovmf/0001-ia32-Dont-use-pie.patch
delete mode 100644 meta/recipes-core/ovmf/ovmf/0002-BaseTools-header.makefile-add-Wno-restrict.patch
delete mode 100644 meta/recipes-core/ovmf/ovmf/0003-BaseTools-header.makefile-revert-gcc-8-Wno-xxx-optio.patch
delete mode 100644 meta/recipes-core/ovmf/ovmf/0004-BaseTools-GenVtf-silence-false-stringop-overflow-war.patch
delete mode 100644 meta/recipes-core/ovmf/ovmf/0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch
Thanks and BR,
Ricardo
More information about the Openembedded-core
mailing list