diff --git a/.gitignore b/.gitignore index 8f78221804..fd6e6c38c7 100644 --- a/.gitignore +++ b/.gitignore @@ -97,6 +97,7 @@ *.gcno *.gcov /pc-bios/bios-pq/status +/pc-bios/edk2-*.fd /pc-bios/vgabios-pq/status /pc-bios/optionrom/linuxboot.asm /pc-bios/optionrom/linuxboot.bin diff --git a/MAINTAINERS b/MAINTAINERS index 1aa19dc4ef..23db6f8408 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -2224,6 +2224,18 @@ F: include/hw/i2c/smbus_master.h F: include/hw/i2c/smbus_slave.h F: include/hw/i2c/smbus_eeprom.h +EDK2 Firmware +M: Laszlo Ersek +M: Philippe Mathieu-Daudé +S: Supported +F: pc-bios/descriptors/??-edk2-*.json +F: pc-bios/edk2-* +F: roms/Makefile.edk2 +F: roms/edk2 +F: roms/edk2-* +F: tests/data/uefi-boot-images/ +F: tests/uefi-test-tools/ + Usermode Emulation ------------------ Overall diff --git a/Makefile b/Makefile index 04a0d45050..626a04d305 100644 --- a/Makefile +++ b/Makefile @@ -296,6 +296,10 @@ ui/input-keymap-%.c: $(KEYCODEMAP_GEN) $(KEYCODEMAP_CSV) $(SRC_PATH)/ui/Makefile $(KEYCODEMAP_GEN): .git-submodule-status $(KEYCODEMAP_CSV): .git-submodule-status +edk2-decompressed = $(basename $(wildcard pc-bios/edk2-*.fd.bz2)) +pc-bios/edk2-%.fd: pc-bios/edk2-%.fd.bz2 + $(call quiet-command,bzip2 -d -c $< > $@,"BUNZIP2",$<) + # Don't try to regenerate Makefile or configure # We don't generate any of them Makefile: ; @@ -445,6 +449,7 @@ $(SOFTMMU_SUBDIR_RULES): $(block-obj-y) $(SOFTMMU_SUBDIR_RULES): $(crypto-obj-y) $(SOFTMMU_SUBDIR_RULES): $(io-obj-y) $(SOFTMMU_SUBDIR_RULES): config-all-devices.mak +$(SOFTMMU_SUBDIR_RULES): $(edk2-decompressed) subdir-%: $(call quiet-command,$(MAKE) $(SUBDIR_MAKEFLAGS) -C $* V="$(V)" TARGET_DIR="$*/" all,) @@ -633,6 +638,7 @@ clean: ! -path ./roms/edk2/ArmPkg/Library/GccLto/liblto-arm.a \ ! -path ./roms/edk2/BaseTools/Source/Python/UPT/Dll/sqlite3.dll \ -exec rm {} + + rm -f $(edk2-decompressed) rm -f $(filter-out %.tlb,$(TOOLS)) $(HELPERS-y) qemu-ga TAGS cscope.* *.pod *~ */*~ rm -f fsdev/*.pod scsi/*.pod rm -f qemu-img-cmds.h @@ -723,9 +729,14 @@ spapr-rtas.bin slof.bin skiboot.lid \ palcode-clipper \ u-boot.e500 u-boot-sam460-20100605.bin \ qemu_vga.ndrv \ +edk2-licenses.txt \ hppa-firmware.img + +DESCS=50-edk2-i386-secure.json 50-edk2-x86_64-secure.json \ +60-edk2-aarch64.json 60-edk2-arm.json 60-edk2-i386.json 60-edk2-x86_64.json else BLOBS= +DESCS= endif # Note that we manually filter-out the non-Sphinx documentation which @@ -786,7 +797,8 @@ endif ICON_SIZES=16x16 24x24 32x32 48x48 64x64 128x128 256x256 512x512 -install: all $(if $(BUILD_DOCS),install-doc) install-datadir install-localstatedir +install: all $(if $(BUILD_DOCS),install-doc) install-datadir install-localstatedir \ + $(if $(INSTALL_BLOBS),$(edk2-decompressed)) ifneq ($(TOOLS),) $(call install-prog,$(subst qemu-ga,qemu-ga$(EXESUF),$(TOOLS)),$(DESTDIR)$(bindir)) endif @@ -808,6 +820,21 @@ ifneq ($(BLOBS),) set -e; for x in $(BLOBS); do \ $(INSTALL_DATA) $(SRC_PATH)/pc-bios/$$x "$(DESTDIR)$(qemu_datadir)"; \ done +endif +ifdef INSTALL_BLOBS + set -e; for x in $(edk2-decompressed); do \ + $(INSTALL_DATA) $$x "$(DESTDIR)$(qemu_datadir)"; \ + done +endif +ifneq ($(DESCS),) + $(INSTALL_DIR) "$(DESTDIR)$(qemu_datadir)/firmware" + set -e; tmpf=$$(mktemp); trap 'rm -f -- "$$tmpf"' EXIT; \ + for x in $(DESCS); do \ + sed -e 's,@DATADIR@,$(DESTDIR)$(qemu_datadir),' \ + "$(SRC_PATH)/pc-bios/descriptors/$$x" > "$$tmpf"; \ + $(INSTALL_DATA) "$$tmpf" \ + "$(DESTDIR)$(qemu_datadir)/firmware/$$x"; \ + done endif for s in $(ICON_SIZES); do \ mkdir -p "$(DESTDIR)/$(qemu_icondir)/hicolor/$${s}/apps"; \ diff --git a/configure b/configure index 1c563a7027..e1ad87b697 100755 --- a/configure +++ b/configure @@ -7892,6 +7892,7 @@ for bios_file in \ $source_path/pc-bios/*.img \ $source_path/pc-bios/openbios-* \ $source_path/pc-bios/u-boot.* \ + $source_path/pc-bios/edk2-*.fd.bz2 \ $source_path/pc-bios/palcode-* do LINKS="$LINKS pc-bios/$(basename $bios_file)" diff --git a/pc-bios/README b/pc-bios/README index d421cb3f1f..807d95dd54 100644 --- a/pc-bios/README +++ b/pc-bios/README @@ -50,3 +50,14 @@ - QemuMacDrivers (https://github.com/ozbenh/QemuMacDrivers) is a project to provide virtualised drivers for PPC MacOS guests. + +- The "edk2-*.fd.bz2" images are platform firmware binaries and matching UEFI + variable store templates built from the TianoCore community's EFI Development + Kit II project + . The images + were built at git tag "edk2-stable201903". The firmware binaries bundle parts + of the OpenSSL project, at git tag "OpenSSL_1_1_0j" (the OpenSSL tag is a + function of the edk2 tag). Licensing information is given in + "edk2-licenses.txt". The image files are described by the JSON documents in + the "pc-bios/descriptors" directory, which conform to the + "docs/interop/firmware.json" schema. diff --git a/pc-bios/descriptors/50-edk2-i386-secure.json b/pc-bios/descriptors/50-edk2-i386-secure.json new file mode 100644 index 0000000000..d7108c1da0 --- /dev/null +++ b/pc-bios/descriptors/50-edk2-i386-secure.json @@ -0,0 +1,34 @@ +{ + "description": "UEFI firmware for i386, with Secure Boot and SMM", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + "executable": { + "filename": "@DATADIR@/edk2-i386-secure-code.fd", + "format": "raw" + }, + "nvram-template": { + "filename": "@DATADIR@/edk2-i386-vars.fd", + "format": "raw" + } + }, + "targets": [ + { + "architecture": "i386", + "machines": [ + "pc-q35-*" + ] + } + ], + "features": [ + "acpi-s3", + "requires-smm", + "secure-boot", + "verbose-dynamic" + ], + "tags": [ + + ] +} diff --git a/pc-bios/descriptors/50-edk2-x86_64-secure.json b/pc-bios/descriptors/50-edk2-x86_64-secure.json new file mode 100644 index 0000000000..387eb35623 --- /dev/null +++ b/pc-bios/descriptors/50-edk2-x86_64-secure.json @@ -0,0 +1,35 @@ +{ + "description": "UEFI firmware for x86_64, with Secure Boot and SMM", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + "executable": { + "filename": "@DATADIR@/edk2-x86_64-secure-code.fd", + "format": "raw" + }, + "nvram-template": { + "filename": "@DATADIR@/edk2-i386-vars.fd", + "format": "raw" + } + }, + "targets": [ + { + "architecture": "x86_64", + "machines": [ + "pc-q35-*" + ] + } + ], + "features": [ + "acpi-s3", + "amd-sev", + "requires-smm", + "secure-boot", + "verbose-dynamic" + ], + "tags": [ + + ] +} diff --git a/pc-bios/descriptors/60-edk2-aarch64.json b/pc-bios/descriptors/60-edk2-aarch64.json new file mode 100644 index 0000000000..800a21bda6 --- /dev/null +++ b/pc-bios/descriptors/60-edk2-aarch64.json @@ -0,0 +1,31 @@ +{ + "description": "UEFI firmware for aarch64", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + "executable": { + "filename": "@DATADIR@/edk2-aarch64-code.fd", + "format": "raw" + }, + "nvram-template": { + "filename": "@DATADIR@/edk2-arm-vars.fd", + "format": "raw" + } + }, + "targets": [ + { + "architecture": "aarch64", + "machines": [ + "virt-*" + ] + } + ], + "features": [ + "verbose-static" + ], + "tags": [ + + ] +} diff --git a/pc-bios/descriptors/60-edk2-arm.json b/pc-bios/descriptors/60-edk2-arm.json new file mode 100644 index 0000000000..d5f1bba6cc --- /dev/null +++ b/pc-bios/descriptors/60-edk2-arm.json @@ -0,0 +1,31 @@ +{ + "description": "UEFI firmware for arm", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + "executable": { + "filename": "@DATADIR@/edk2-arm-code.fd", + "format": "raw" + }, + "nvram-template": { + "filename": "@DATADIR@/edk2-arm-vars.fd", + "format": "raw" + } + }, + "targets": [ + { + "architecture": "arm", + "machines": [ + "virt-*" + ] + } + ], + "features": [ + "verbose-static" + ], + "tags": [ + + ] +} diff --git a/pc-bios/descriptors/60-edk2-i386.json b/pc-bios/descriptors/60-edk2-i386.json new file mode 100644 index 0000000000..2f8dec74fe --- /dev/null +++ b/pc-bios/descriptors/60-edk2-i386.json @@ -0,0 +1,33 @@ +{ + "description": "UEFI firmware for i386", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + "executable": { + "filename": "@DATADIR@/edk2-i386-code.fd", + "format": "raw" + }, + "nvram-template": { + "filename": "@DATADIR@/edk2-i386-vars.fd", + "format": "raw" + } + }, + "targets": [ + { + "architecture": "i386", + "machines": [ + "pc-i440fx-*", + "pc-q35-*" + ] + } + ], + "features": [ + "acpi-s3", + "verbose-dynamic" + ], + "tags": [ + + ] +} diff --git a/pc-bios/descriptors/60-edk2-x86_64.json b/pc-bios/descriptors/60-edk2-x86_64.json new file mode 100644 index 0000000000..968cb65cf9 --- /dev/null +++ b/pc-bios/descriptors/60-edk2-x86_64.json @@ -0,0 +1,34 @@ +{ + "description": "UEFI firmware for x86_64", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + "executable": { + "filename": "@DATADIR@/edk2-x86_64-code.fd", + "format": "raw" + }, + "nvram-template": { + "filename": "@DATADIR@/edk2-i386-vars.fd", + "format": "raw" + } + }, + "targets": [ + { + "architecture": "x86_64", + "machines": [ + "pc-i440fx-*", + "pc-q35-*" + ] + } + ], + "features": [ + "acpi-s3", + "amd-sev", + "verbose-dynamic" + ], + "tags": [ + + ] +} diff --git a/pc-bios/edk2-aarch64-code.fd.bz2 b/pc-bios/edk2-aarch64-code.fd.bz2 new file mode 100644 index 0000000000..b213334d95 Binary files /dev/null and b/pc-bios/edk2-aarch64-code.fd.bz2 differ diff --git a/pc-bios/edk2-arm-code.fd.bz2 b/pc-bios/edk2-arm-code.fd.bz2 new file mode 100644 index 0000000000..a494a8391e Binary files /dev/null and b/pc-bios/edk2-arm-code.fd.bz2 differ diff --git a/pc-bios/edk2-arm-vars.fd.bz2 b/pc-bios/edk2-arm-vars.fd.bz2 new file mode 100644 index 0000000000..2a5a9af31a Binary files /dev/null and b/pc-bios/edk2-arm-vars.fd.bz2 differ diff --git a/pc-bios/edk2-i386-code.fd.bz2 b/pc-bios/edk2-i386-code.fd.bz2 new file mode 100644 index 0000000000..5440ca856d Binary files /dev/null and b/pc-bios/edk2-i386-code.fd.bz2 differ diff --git a/pc-bios/edk2-i386-secure-code.fd.bz2 b/pc-bios/edk2-i386-secure-code.fd.bz2 new file mode 100644 index 0000000000..24ae88ac3e Binary files /dev/null and b/pc-bios/edk2-i386-secure-code.fd.bz2 differ diff --git a/pc-bios/edk2-i386-vars.fd.bz2 b/pc-bios/edk2-i386-vars.fd.bz2 new file mode 100644 index 0000000000..4a1bc45238 Binary files /dev/null and b/pc-bios/edk2-i386-vars.fd.bz2 differ diff --git a/pc-bios/edk2-licenses.txt b/pc-bios/edk2-licenses.txt new file mode 100644 index 0000000000..8bdb1abc99 --- /dev/null +++ b/pc-bios/edk2-licenses.txt @@ -0,0 +1,209 @@ +==> edk2/License.txt <== +Copyright (c) 2004 - 2016, Intel Corporation. All rights reserved. +Copyright (c) 2008 - 2010, Apple Inc. All rights reserved. +Copyright (c) 2011 - 2015, ARM Limited. All rights reserved. +Copyright (c) 2014 - 2015, Linaro Limited. All rights reserved. +Copyright (c) 2013 - 2015, Red Hat, Inc. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + +* Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +* Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in + the documentation and/or other materials provided with the + distribution. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +POSSIBILITY OF SUCH DAMAGE. + +==> edk2/OvmfPkg/License.txt <== +Copyright (c) 2012, Intel Corporation. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + +* Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +* Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in + the documentation and/or other materials provided with the + distribution. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +POSSIBILITY OF SUCH DAMAGE. + + +Some files are subject to the following license, the MIT license. Those files +are located in: +- OvmfPkg/Include/IndustryStandard/Xen/ +- OvmfPkg/XenBusDxe/ +- OvmfPkg/XenPvBlkDxe/ + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. + +==> edk2/CryptoPkg/Library/OpensslLib/openssl/LICENSE <== + + LICENSE ISSUES + ============== + + The OpenSSL toolkit stays under a double license, i.e. both the conditions of + the OpenSSL License and the original SSLeay license apply to the toolkit. + See below for the actual license texts. + + OpenSSL License + --------------- + +/* ==================================================================== + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + + Original SSLeay License + ----------------------- + +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + diff --git a/pc-bios/edk2-x86_64-code.fd.bz2 b/pc-bios/edk2-x86_64-code.fd.bz2 new file mode 100644 index 0000000000..6a0b1f9831 Binary files /dev/null and b/pc-bios/edk2-x86_64-code.fd.bz2 differ diff --git a/pc-bios/edk2-x86_64-secure-code.fd.bz2 b/pc-bios/edk2-x86_64-secure-code.fd.bz2 new file mode 100644 index 0000000000..3ef6452c03 Binary files /dev/null and b/pc-bios/edk2-x86_64-secure-code.fd.bz2 differ diff --git a/roms/Makefile b/roms/Makefile index 1ff78b63bb..0ce84a45ad 100644 --- a/roms/Makefile +++ b/roms/Makefile @@ -61,6 +61,7 @@ default: @echo " skiboot -- update skiboot.lid" @echo " u-boot.e500 -- update u-boot.e500" @echo " u-boot.sam460 -- update u-boot.sam460" + @echo " efi -- update UEFI (edk2) platform firmware" bios: build-seabios-config-seabios-128k build-seabios-config-seabios-256k cp seabios/builds/seabios-128k/bios.bin ../pc-bios/bios.bin @@ -102,7 +103,7 @@ pxe-rom-%: build-pxe-roms efirom: $(patsubst %,efi-rom-%,$(pxerom_variants)) -efi-rom-%: build-pxe-roms build-efi-roms $(EDK2_EFIROM) +efi-rom-%: build-pxe-roms build-efi-roms edk2-basetools $(EDK2_EFIROM) -f "0x$(VID)" -i "0x$(DID)" -l 0x02 \ -b ipxe/src/bin/$(VID)$(DID).rom \ -ec ipxe/src/bin-i386-efi/$(VID)$(DID).efidrv \ @@ -131,7 +132,7 @@ build-efi-roms: build-pxe-roms # EDK2_BASETOOLS_LDFLAGS='...' \ # efirom # -$(EDK2_EFIROM): +edk2-basetools: $(MAKE) -C edk2/BaseTools \ EXTRA_OPTFLAGS='$(EDK2_BASETOOLS_OPTFLAGS)' \ EXTRA_LDFLAGS='$(EDK2_BASETOOLS_LDFLAGS)' @@ -156,6 +157,9 @@ skiboot: $(MAKE) -C skiboot CROSS=$(powerpc64_cross_prefix) cp skiboot/skiboot.lid ../pc-bios/skiboot.lid +efi: edk2-basetools + $(MAKE) -f Makefile.edk2 + clean: rm -rf seabios/.config seabios/out seabios/builds $(MAKE) -C sgabios clean @@ -166,3 +170,4 @@ clean: rm -rf u-boot/build.e500 $(MAKE) -C u-boot-sam460ex distclean $(MAKE) -C skiboot clean + $(MAKE) -f Makefile.edk2 clean diff --git a/roms/Makefile.edk2 b/roms/Makefile.edk2 new file mode 100644 index 0000000000..822c547fec --- /dev/null +++ b/roms/Makefile.edk2 @@ -0,0 +1,148 @@ +# Makefile for building firmware binaries and variable store templates for a +# number of virtual platforms in edk2. +# +# Copyright (C) 2019 Red Hat, Inc. +# +# This program and the accompanying materials are licensed and made available +# under the terms and conditions of the BSD License that accompanies this +# distribution. The full text of the license may be found at +# . +# +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT +# WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +SHELL = /bin/bash + +toolchain = $(shell source ./edk2-funcs.sh && qemu_edk2_get_toolchain $(1)) + +licenses := \ + edk2/License.txt \ + edk2/OvmfPkg/License.txt \ + edk2/CryptoPkg/Library/OpensslLib/openssl/LICENSE + +# The "edk2-arm-vars.fd" varstore template is suitable for aarch64 as well. +# Similarly, the "edk2-i386-vars.fd" varstore template is suitable for x86_64 +# as well, independently of "secure" too. +flashdevs := \ + aarch64-code \ + arm-code \ + i386-code \ + i386-secure-code \ + x86_64-code \ + x86_64-secure-code \ + \ + arm-vars \ + i386-vars + +all: $(foreach flashdev,$(flashdevs),../pc-bios/edk2-$(flashdev).fd.bz2) \ + ../pc-bios/edk2-licenses.txt + +../pc-bios/edk2-%.fd.bz2: ../pc-bios/edk2-%.fd + bzip2 -9 -c $< > $@ + +# When the build completes, we need not keep the uncompressed flash device +# files. +.INTERMEDIATE: $(foreach flashdev,$(flashdevs),../pc-bios/edk2-$(flashdev).fd) + +submodules: + cd edk2 && git submodule update --init --force + +# See notes on the ".NOTPARALLEL" target and the "+" indicator in +# "tests/uefi-test-tools/Makefile". +.NOTPARALLEL: + +../pc-bios/edk2-aarch64-code.fd: submodules + +./edk2-build.sh \ + aarch64 \ + --arch=AARCH64 \ + --platform=ArmVirtPkg/ArmVirtQemu.dsc \ + -D NETWORK_IP6_ENABLE \ + -D HTTP_BOOT_ENABLE + cp edk2/Build/ArmVirtQemu-AARCH64/DEBUG_$(call toolchain,aarch64)/FV/QEMU_EFI.fd \ + $@ + truncate --size=64M $@ + +../pc-bios/edk2-arm-code.fd: submodules + +./edk2-build.sh \ + arm \ + --arch=ARM \ + --platform=ArmVirtPkg/ArmVirtQemu.dsc \ + -D NETWORK_IP6_ENABLE \ + -D HTTP_BOOT_ENABLE + cp edk2/Build/ArmVirtQemu-ARM/DEBUG_$(call toolchain,arm)/FV/QEMU_EFI.fd \ + $@ + truncate --size=64M $@ + +../pc-bios/edk2-i386-code.fd: submodules + +./edk2-build.sh \ + i386 \ + --arch=IA32 \ + --platform=OvmfPkg/OvmfPkgIa32.dsc \ + -D NETWORK_IP6_ENABLE \ + -D HTTP_BOOT_ENABLE \ + -D TLS_ENABLE \ + -D TPM2_ENABLE \ + -D TPM2_CONFIG_ENABLE + cp edk2/Build/OvmfIa32/DEBUG_$(call toolchain,i386)/FV/OVMF_CODE.fd $@ + +../pc-bios/edk2-i386-secure-code.fd: submodules + +./edk2-build.sh \ + i386 \ + --arch=IA32 \ + --platform=OvmfPkg/OvmfPkgIa32.dsc \ + -D NETWORK_IP6_ENABLE \ + -D HTTP_BOOT_ENABLE \ + -D TLS_ENABLE \ + -D TPM2_ENABLE \ + -D TPM2_CONFIG_ENABLE \ + -D SECURE_BOOT_ENABLE \ + -D SMM_REQUIRE + cp edk2/Build/OvmfIa32/DEBUG_$(call toolchain,i386)/FV/OVMF_CODE.fd $@ + +../pc-bios/edk2-x86_64-code.fd: submodules + +./edk2-build.sh \ + x86_64 \ + --arch=X64 \ + --platform=OvmfPkg/OvmfPkgX64.dsc \ + -D NETWORK_IP6_ENABLE \ + -D HTTP_BOOT_ENABLE \ + -D TLS_ENABLE \ + -D TPM2_ENABLE \ + -D TPM2_CONFIG_ENABLE + cp edk2/Build/OvmfX64/DEBUG_$(call toolchain,x86_64)/FV/OVMF_CODE.fd $@ + +../pc-bios/edk2-x86_64-secure-code.fd: submodules + +./edk2-build.sh \ + x86_64 \ + --arch=IA32 \ + --arch=X64 \ + --platform=OvmfPkg/OvmfPkgIa32X64.dsc \ + -D NETWORK_IP6_ENABLE \ + -D HTTP_BOOT_ENABLE \ + -D TLS_ENABLE \ + -D TPM2_ENABLE \ + -D TPM2_CONFIG_ENABLE \ + -D SECURE_BOOT_ENABLE \ + -D SMM_REQUIRE + cp edk2/Build/Ovmf3264/DEBUG_$(call toolchain,x86_64)/FV/OVMF_CODE.fd $@ + +../pc-bios/edk2-arm-vars.fd: ../pc-bios/edk2-arm-code.fd + cp edk2/Build/ArmVirtQemu-ARM/DEBUG_$(call toolchain,arm)/FV/QEMU_VARS.fd \ + $@ + truncate --size=64M $@ + +../pc-bios/edk2-i386-vars.fd: ../pc-bios/edk2-i386-code.fd + cp edk2/Build/OvmfIa32/DEBUG_$(call toolchain,i386)/FV/OVMF_VARS.fd $@ + +# The license file accumulates several individual licenses from under edk2, +# prefixing each individual license with a header (generated by "tail") that +# states its pathname. +../pc-bios/edk2-licenses.txt: submodules + tail -n $(shell cat $(licenses) | wc -l) $(licenses) > $@ + dos2unix $@ + +clean: + rm -rf edk2/Build + cd edk2/Conf && \ + rm -rf .cache BuildEnv.sh build_rule.txt target.txt \ + tools_def.txt diff --git a/roms/edk2 b/roms/edk2 index 8558838922..89910a39dc 160000 --- a/roms/edk2 +++ b/roms/edk2 @@ -1 +1 @@ -Subproject commit 85588389222a3636baf0f9ed8227f2434af4c3f9 +Subproject commit 89910a39dcfd788057caa5d88b7e76e112d187b5 diff --git a/roms/edk2-build.sh b/roms/edk2-build.sh new file mode 100755 index 0000000000..4f46f8a6a2 --- /dev/null +++ b/roms/edk2-build.sh @@ -0,0 +1,55 @@ +#!/bin/bash + +# Wrapper shell script for building a virtual platform firmware in edk2. +# +# Copyright (C) 2019 Red Hat, Inc. +# +# This program and the accompanying materials are licensed and made available +# under the terms and conditions of the BSD License that accompanies this +# distribution. The full text of the license may be found at +# . +# +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT +# WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +set -e -u -C + +# Save the command line arguments. We need to reset $# to 0 before sourcing +# "edksetup.sh", as it will inherit $@. +emulation_target=$1 +shift +num_args=0 +args=() +for arg in "$@"; do + args[num_args++]="$arg" +done +shift $num_args + +cd edk2 + +# Work around . +export PYTHON_COMMAND=python2 + +# Source "edksetup.sh" carefully. +set +e +u +C +source ./edksetup.sh +ret=$? +set -e -u -C +if [ $ret -ne 0 ]; then + exit $ret +fi + +# Fetch some option arguments, and set the cross-compilation environment (if +# any), for the edk2 "build" utility. +source ../edk2-funcs.sh +edk2_toolchain=$(qemu_edk2_get_toolchain "$emulation_target") +edk2_thread_count=$(qemu_edk2_get_thread_count "$MAKEFLAGS") +qemu_edk2_set_cross_env "$emulation_target" + +# Build the platform firmware. +build \ + --cmd-len=65536 \ + -n "$edk2_thread_count" \ + --buildtarget=DEBUG \ + --tagname="$edk2_toolchain" \ + "${args[@]}" diff --git a/roms/edk2-funcs.sh b/roms/edk2-funcs.sh new file mode 100644 index 0000000000..a9fae7ee89 --- /dev/null +++ b/roms/edk2-funcs.sh @@ -0,0 +1,253 @@ +# Shell script that defines functions for determining some environmental +# characteristics for the edk2 "build" utility. +# +# This script is meant to be sourced, in a bash environment. +# +# Copyright (C) 2019 Red Hat, Inc. +# +# This program and the accompanying materials are licensed and made available +# under the terms and conditions of the BSD License that accompanies this +# distribution. The full text of the license may be found at +# . +# +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT +# WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + + +# Verify whether the QEMU system emulation target is supported by the UEFI spec +# and edk2. Print a message to the standard error, and return with nonzero +# status, if verification fails. +# +# Parameters: +# $1: QEMU system emulation target +qemu_edk2_verify_arch() +{ + local emulation_target="$1" + local program_name=$(basename -- "$0") + + case "$emulation_target" in + (arm|aarch64|i386|x86_64) + ;; + (*) + printf '%s: unknown/unsupported QEMU system emulation target "%s"\n' \ + "$program_name" "$emulation_target" >&2 + return 1 + ;; + esac +} + + +# Translate the QEMU system emulation target to the edk2 architecture +# identifier. Print the result to the standard output. +# +# Parameters: +# $1: QEMU system emulation target +qemu_edk2_get_arch() +{ + local emulation_target="$1" + + if ! qemu_edk2_verify_arch "$emulation_target"; then + return 1 + fi + + case "$emulation_target" in + (arm) + printf 'ARM\n' + ;; + (aarch64) + printf 'AARCH64\n' + ;; + (i386) + printf 'IA32\n' + ;; + (x86_64) + printf 'X64\n' + ;; + esac +} + + +# Translate the QEMU system emulation target to the gcc cross-compilation +# architecture identifier. Print the result to the standard output. +# +# Parameters: +# $1: QEMU system emulation target +qemu_edk2_get_gcc_arch() +{ + local emulation_target="$1" + + if ! qemu_edk2_verify_arch "$emulation_target"; then + return 1 + fi + + case "$emulation_target" in + (arm|aarch64|x86_64) + printf '%s\n' "$emulation_target" + ;; + (i386) + printf 'i686\n' + ;; + esac +} + + +# Determine the gcc cross-compiler prefix (if any) for use with the edk2 +# toolchain. Print the result to the standard output. +# +# Parameters: +# $1: QEMU system emulation target +qemu_edk2_get_cross_prefix() +{ + local emulation_target="$1" + local gcc_arch + local host_arch + + if ! gcc_arch=$(qemu_edk2_get_gcc_arch "$emulation_target"); then + return 1 + fi + + host_arch=$(uname -m) + + if [ "$gcc_arch" == "$host_arch" ] || + ( [ "$gcc_arch" == i686 ] && [ "$host_arch" == x86_64 ] ); then + # no cross-compiler needed + : + else + printf '%s-linux-gnu-\n' "$gcc_arch" + fi +} + + +# Determine the edk2 toolchain tag for the QEMU system emulation target. Print +# the result to the standard output. Print a message to the standard error, and +# return with nonzero status, if the (conditional) gcc version check fails. +# +# Parameters: +# $1: QEMU system emulation target +qemu_edk2_get_toolchain() +{ + local emulation_target="$1" + local program_name=$(basename -- "$0") + local cross_prefix + local gcc_version + + if ! qemu_edk2_verify_arch "$emulation_target"; then + return 1 + fi + + case "$emulation_target" in + (arm|aarch64) + printf 'GCC5\n' + ;; + + (i386|x86_64) + if ! cross_prefix=$(qemu_edk2_get_cross_prefix "$emulation_target"); then + return 1 + fi + + gcc_version=$("${cross_prefix}gcc" -v 2>&1 | tail -1 | awk '{print $3}') + # Run "git-blame" on "OvmfPkg/build.sh" in edk2 for more information on + # the mapping below. + case "$gcc_version" in + ([1-3].*|4.[0-7].*) + printf '%s: unsupported gcc version "%s"\n' \ + "$program_name" "$gcc_version" >&2 + return 1 + ;; + (4.8.*) + printf 'GCC48\n' + ;; + (4.9.*|6.[0-2].*) + printf 'GCC49\n' + ;; + (*) + printf 'GCC5\n' + ;; + esac + ;; + esac +} + + +# Determine the name of the environment variable that exposes the +# cross-compiler prefix to the edk2 "build" utility. Print the result to the +# standard output. +# +# Parameters: +# $1: QEMU system emulation target +qemu_edk2_get_cross_prefix_var() +{ + local emulation_target="$1" + local edk2_toolchain + local edk2_arch + + if ! edk2_toolchain=$(qemu_edk2_get_toolchain "$emulation_target"); then + return 1 + fi + + case "$emulation_target" in + (arm|aarch64) + if ! edk2_arch=$(qemu_edk2_get_arch "$emulation_target"); then + return 1 + fi + printf '%s_%s_PREFIX\n' "$edk2_toolchain" "$edk2_arch" + ;; + (i386|x86_64) + printf '%s_BIN\n' "$edk2_toolchain" + ;; + esac +} + + +# Set and export the environment variable(s) necessary for cross-compilation, +# whenever needed by the edk2 "build" utility. +# +# Parameters: +# $1: QEMU system emulation target +qemu_edk2_set_cross_env() +{ + local emulation_target="$1" + local cross_prefix + local cross_prefix_var + + if ! cross_prefix=$(qemu_edk2_get_cross_prefix "$emulation_target"); then + return 1 + fi + + if [ -z "$cross_prefix" ]; then + # Nothing to do. + return 0 + fi + + if ! cross_prefix_var=$(qemu_edk2_get_cross_prefix_var \ + "$emulation_target"); then + return 1 + fi + + eval "export $cross_prefix_var=\$cross_prefix" +} + + +# Determine the "-n" option argument (that is, the number of modules to build +# in parallel) for the edk2 "build" utility. Print the result to the standard +# output. +# +# Parameters: +# $1: the value of the MAKEFLAGS variable +qemu_edk2_get_thread_count() +{ + local makeflags="$1" + + if [[ "$makeflags" == *--jobserver-auth=* ]] || + [[ "$makeflags" == *--jobserver-fds=* ]]; then + # If there is a job server, allow the edk2 "build" utility to parallelize + # as many module builds as there are logical CPUs in the system. The "make" + # instances forked by "build" are supposed to limit themselves through the + # job server. The zero value below causes the edk2 "build" utility to fetch + # the logical CPU count with Python's multiprocessing.cpu_count() method. + printf '0\n' + else + # Build a single module at a time. + printf '1\n' + fi +} diff --git a/tests/Makefile.include b/tests/Makefile.include index 36fc73fef5..e2432d5e77 100644 --- a/tests/Makefile.include +++ b/tests/Makefile.include @@ -912,7 +912,7 @@ check-speed: $(check-speed-y) # gtester tests with TAP output -$(patsubst %, check-report-qtest-%.tap, $(QTEST_TARGETS)): check-report-qtest-%.tap: $(check-qtest-y) +$(patsubst %, check-report-qtest-%.tap, $(QTEST_TARGETS)): check-report-qtest-%.tap: subdir-%-softmmu $(check-qtest-y) $(call do_test_tap, $(check-qtest-$*-y) $(check-qtest-generic-y), \ QTEST_QEMU_BINARY=$*-softmmu/qemu-system-$* \ QTEST_QEMU_IMG=qemu-img$(EXESUF)) diff --git a/tests/uefi-test-tools/build.sh b/tests/uefi-test-tools/build.sh index 155cb75c4d..8aa7935c43 100755 --- a/tests/uefi-test-tools/build.sh +++ b/tests/uefi-test-tools/build.sh @@ -29,6 +29,9 @@ export PACKAGES_PATH=$(realpath -- "$edk2_dir") export WORKSPACE=$PWD mkdir -p Conf +# Work around . +export PYTHON_COMMAND=python2 + # Source "edksetup.sh" carefully. set +e +u +C source "$PACKAGES_PATH/edksetup.sh" @@ -38,97 +41,12 @@ if [ $ret -ne 0 ]; then exit $ret fi -# Map the QEMU system emulation target to the following types of architecture -# identifiers: -# - edk2, -# - gcc cross-compilation. -# Cover only those targets that are supported by the UEFI spec and edk2. -case "$emulation_target" in - (arm) - edk2_arch=ARM - gcc_arch=arm - ;; - (aarch64) - edk2_arch=AARCH64 - gcc_arch=aarch64 - ;; - (i386) - edk2_arch=IA32 - gcc_arch=i686 - ;; - (x86_64) - edk2_arch=X64 - gcc_arch=x86_64 - ;; - (*) - printf '%s: unknown/unsupported QEMU system emulation target "%s"\n' \ - "$program_name" "$emulation_target" >&2 - exit 1 - ;; -esac - -# Check if cross-compilation is needed. -host_arch=$(uname -m) -if [ "$gcc_arch" == "$host_arch" ] || - ( [ "$gcc_arch" == i686 ] && [ "$host_arch" == x86_64 ] ); then - cross_prefix= -else - cross_prefix=${gcc_arch}-linux-gnu- -fi - -# Expose cross_prefix (which is possibly empty) to the edk2 tools. While at it, -# determine the suitable edk2 toolchain as well. -# - For ARM and AARCH64, edk2 only offers the GCC5 toolchain tag, which covers -# the gcc-5+ releases. -# - For IA32 and X64, edk2 offers the GCC44 through GCC49 toolchain tags, in -# addition to GCC5. Unfortunately, the mapping between the toolchain tags and -# the actual gcc releases isn't entirely trivial. Run "git-blame" on -# "OvmfPkg/build.sh" in edk2 for more information. -# And, because the above is too simple, we have to assign cross_prefix to an -# edk2 build variable that is specific to both the toolchain tag and the target -# architecture. -case "$edk2_arch" in - (ARM) - edk2_toolchain=GCC5 - export GCC5_ARM_PREFIX=$cross_prefix - ;; - (AARCH64) - edk2_toolchain=GCC5 - export GCC5_AARCH64_PREFIX=$cross_prefix - ;; - (IA32|X64) - gcc_version=$("${cross_prefix}gcc" -v 2>&1 | tail -1 | awk '{print $3}') - case "$gcc_version" in - ([1-3].*|4.[0-3].*) - printf '%s: unsupported gcc version "%s"\n' \ - "$program_name" "$gcc_version" >&2 - exit 1 - ;; - (4.4.*) - edk2_toolchain=GCC44 - ;; - (4.5.*) - edk2_toolchain=GCC45 - ;; - (4.6.*) - edk2_toolchain=GCC46 - ;; - (4.7.*) - edk2_toolchain=GCC47 - ;; - (4.8.*) - edk2_toolchain=GCC48 - ;; - (4.9.*|6.[0-2].*) - edk2_toolchain=GCC49 - ;; - (*) - edk2_toolchain=GCC5 - ;; - esac - eval "export ${edk2_toolchain}_BIN=\$cross_prefix" - ;; -esac +# Fetch some option arguments, and set the cross-compilation environment (if +# any), for the edk2 "build" utility. +source "$edk2_dir/../edk2-funcs.sh" +edk2_arch=$(qemu_edk2_get_arch "$emulation_target") +edk2_toolchain=$(qemu_edk2_get_toolchain "$emulation_target") +qemu_edk2_set_cross_env "$emulation_target" # Build the UEFI binary mkdir -p log