From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1728476-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (4096 bits))
(No client certificate requested)
by finch.gentoo.org (Postfix) with ESMTPS id 111081584F2
for <garchives@archives.gentoo.org>; Sat, 15 Mar 2025 23:42:55 +0000 (UTC)
Received: from lists.gentoo.org (bobolink.gentoo.org [140.211.166.189])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (4096 bits))
(No client certificate requested)
(Authenticated sender: relay-lists.gentoo.org@gentoo.org)
by smtp.gentoo.org (Postfix) with ESMTPSA id EAC67343102
for <garchives@archives.gentoo.org>; Sat, 15 Mar 2025 23:42:54 +0000 (UTC)
Received: from bobolink.gentoo.org (localhost [127.0.0.1])
by bobolink.gentoo.org (Postfix) with ESMTP id C825011037F;
Sat, 15 Mar 2025 23:42:52 +0000 (UTC)
Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
(No client certificate requested)
by bobolink.gentoo.org (Postfix) with ESMTPS id BC19F11037F
for <gentoo-commits@lists.gentoo.org>; Sat, 15 Mar 2025 23:42:52 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
(No client certificate requested)
by smtp.gentoo.org (Postfix) with ESMTPS id 680F834309F
for <gentoo-commits@lists.gentoo.org>; Sat, 15 Mar 2025 23:42:52 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
by oystercatcher.gentoo.org (Postfix) with ESMTP id B6D6B11A8
for <gentoo-commits@lists.gentoo.org>; Sat, 15 Mar 2025 23:42:50 +0000 (UTC)
From: "James Le Cuirot" <chewi@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "James Le Cuirot" <chewi@gentoo.org>
Message-ID: <1742080324.c070507c6669dfb113f985974fae0e8a38e443b2.chewi@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: sys-firmware/edk2/
X-VCS-Repository: repo/gentoo
X-VCS-Files: sys-firmware/edk2/Manifest sys-firmware/edk2/edk2-202502.ebuild
X-VCS-Directories: sys-firmware/edk2/
X-VCS-Committer: chewi
X-VCS-Committer-Name: James Le Cuirot
X-VCS-Revision: c070507c6669dfb113f985974fae0e8a38e443b2
X-VCS-Branch: master
Date: Sat, 15 Mar 2025 23:42:50 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: 48f0f964-7729-4fa5-b915-df90625190c2
X-Archives-Hash: d4658034e37b6895e500d82618eb1831
commit: c070507c6669dfb113f985974fae0e8a38e443b2
Author: WANG Xuerui <xen0n <AT> gentoo <DOT> org>
AuthorDate: Tue Mar 11 09:38:30 2025 +0000
Commit: James Le Cuirot <chewi <AT> gentoo <DOT> org>
CommitDate: Sat Mar 15 23:12:04 2025 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c070507c
sys-firmware/edk2: add 202502
Signed-off-by: WANG Xuerui <xen0n <AT> gentoo.org>
Signed-off-by: James Le Cuirot <chewi <AT> gentoo.org>
sys-firmware/edk2/Manifest | 3 +
sys-firmware/edk2/edk2-202502.ebuild | 344 +++++++++++++++++++++++++++++++++++
2 files changed, 347 insertions(+)
diff --git a/sys-firmware/edk2/Manifest b/sys-firmware/edk2/Manifest
index 5a43b725ee36..5d3bbcfca59d 100644
--- a/sys-firmware/edk2/Manifest
+++ b/sys-firmware/edk2/Manifest
@@ -2,12 +2,15 @@ DIST arm64_DBXUpdate_05092023.bin 4610 BLAKE2B 4c6628e5c297a26ca5a1235e377a794fd
DIST brotli-f4153a09f87cbb9c826d8fc12c74642bb2d879ea.tar.gz 512229 BLAKE2B cd86cc2cc7eefad24f87cda8006409bf764922b5f23ccfb951e7a41214b12004ce532b11f94f5fb858b3bf71f9abf8ef17ba219fa96bd5be23b51873afad0fd5 SHA512 7f48e794e738b31c2005e7cef6d8c0cc0d543f1cd8c137ae8ba14602cac2873de6299a3f32ad52be869f513e7548341353ed049609daef1063975694d9a9b80b
DIST edk2-202408.tar.gz 17548980 BLAKE2B 12723a593d2767577f74cfa69f4a02ec784347994af6eb77aea7eb9e9e9f7fedb6b47698af2f07ef98848bbb4bf16248179cf117cf9abdf17be73157a0a03fc2 SHA512 d679d905f8b0ddbf60b1c9a0282e403bf51d0fbe55d85a8ea3e4af1778874e947d224e3671f9e82cddd5cd906c1472ff3973498d969414bdd67d0b49f5b8a251
DIST edk2-202411.tar.gz 17669304 BLAKE2B 2aa1d5c5d7b99a1abccf0c8b0b04a74006319a269ec03814ab9a28d38299f7d00f57d457c4e011067ad8dfc816430372ab02130ec138b148999662764a411483 SHA512 633483a1ff915f6e5f5a6d3c329f517d6c070368855f1d5348a80e22e71ac13ff4c6774c8620482a4e5cefe03907edc3a904ae405cbfe2dcd025ddd82f039eaf
+DIST edk2-202502.tar.gz 18217115 BLAKE2B a72fd05398b32377f6a0b80fa2c3c84ed4f53039174f8e814dc6c57617d21a3c99603d5c572a372295399658a42e3ff1ab642f8cbaa8782301268344443f6502 SHA512 1421b3e14acf6aa51c84cf0a12716990f08815fff631f4657bb9907fd8d620e9fac7794e05c2eed54d5f8966f8e9267d32bf2256237a959bd727629163b8c00d
DIST edk2-ovmf-202202-qemu-firmware.tar.xz 664 BLAKE2B 1aa4e25804ce0f3c967c80999315de24eaef6682e42dddd81c274ce4603ec3d15186de752de49e2527c6bd5517080c002a357ed6bc389b5afd6f7a4d93edeb44 SHA512 f9a29212274a99796784673d873e0eee7d3e2a5cf9e63192453841ee3a4ef4b813c7b2357fc7000f39c71ed6c66636daab772abb51d3972a2a56ade8a4c68faf
DIST edk2-ovmf-202202.tar.gz 14208170 BLAKE2B d8411e6808b335ccd551349a10c983b9448a357e73273fa6c30a07785e27feffed0224950ee98b668712c33f6739a9b006e5043b7dfd014f48dba9fd449b3354 SHA512 200690a4867331de06e0478869b85577bc510213ebe679f2103160efb84d94c82ac8481ef1f15c3e42c1e9f22b7c5ef0d6c8f2c655bce7702ce843551cf9bb83
DIST libspdm-50924a4c8145fc721e17208f55814d2b38766fe6.tar.gz 1967479 BLAKE2B fe15ac34fa65a86b13ed3a44959d860dc1bf39fd9a4bd2dcde2d2ec6ad9490f5d7d53320c481f9cf931a636527719c29eb315d178f2bd48cb905216849b633b4 SHA512 f11e748e40b66c37365175ff0ef9c0a695db2e7da50da2cf8a33267064b53e5938cfb1363d27e5ce0a174b2059533352bb8a44c48003db900c6b844167473198
+DIST libspdm-98ef964e1e9a0c39c7efb67143d3a13a819432e0.tar.gz 2017163 BLAKE2B 312528eb0af2cffb4d3557354ada87302b471a4c1cc73bad74a60162cdbb057be392fd57f18bef99a437ccb879583c69afb2596bf120656787b4b6530005316d SHA512 366155f146f47f7fe81c2b7863c3dff6339dd017b3d8ebe2e843ee04fedb6911193248cea2d048547a4389b4727c1576d5b6c1f26bbe83362299b52d72527f52
DIST mbedtls-8c89224991adff88d53cd380f42a2baa36f91454.tar.gz 4587796 BLAKE2B c28df5c52ac3ed5ef6a2b9eba29f3894d3f5f11083869e8b137cd66d4f72b2a0971c91636ce4626869bd06eeb5e661d90160021f92564b9449fb13001b8e379f SHA512 a421c03c740867210f9e30457bc951928cafec3622e1e304f8c18ce5c5e27c5c8e6c7715180ecb74c6a997e4b91ee160e52b357e1bb65ff76ce8414a87ec4889
DIST mipi-sys-t-370b5944c046bab043dd8b133727b2135af7747a.tar.gz 378522 BLAKE2B d3f1033e78ad814ebb991e66d8c1437aa3583e91481af9785b97b6021c7c45fb9dcb8d2d58d0a0fe84fbd9f108d24a27234df298eb8a2ba2340e5c9c85c89c40 SHA512 de6888577ceab7ab6915d792f3c48248cfa53357ccd310fc7f7eae4d25a932de8c7c23e5b898c9ebf61cf86cb538277273f2eb131a628b3bf0d46c9a3b9b6686
DIST openssl-3.0.15.tar.gz 15318633 BLAKE2B f2900d0894b97e86c709079ca4336d5dc508d69e91d3a4de4420c8d9344cb54dada6ea2cdd408166e53db0c652b06654e670701166b67a0a40578676e1cea535 SHA512 acd80f2f7924d90c1416946a5c61eff461926ad60f4821bb6b08845ea18f8452fd5e88a2c2c5bd0d7590a792cb8341a3f3be042fd0a5b6c9c1b84a497c347bbf
+DIST openssl-3.4.1.tar.gz 18346056 BLAKE2B 328a2a4f0536b15ffe6421afc99bdb5dcdf3d29f44437fdd80bbf4089f5f2658ca10907e033eda2e04c6b862e49b150ea59d8ab1807d14a3dcf64e10c32e78af SHA512 1de6307c587686711f05d1e96731c43526fa3af51e4cd94c06c880954b67f6eb4c7db3177f0ea5937d41bc1f8cadcf5bce75025b5c1a46a469376960f1001c5f
DIST openssl-d82e959e621a3d597f1e0d50ff8c2d8b96915fd7.tar.gz 10034310 BLAKE2B 6996979dc12a523d565830e7b0943feb682a376f71ddb6f20cb8b9976bb7f12e39f088abaa45d514933ef79c0e4a2933dc6f1af4774fedaa16e74c0081c358e7 SHA512 a89bc652dc4318c5e8a9c594a43d890ca05dfc1acd6b15e2a8ab8b5628b5f33994143ff8024230e07b9e67556b28ea3a5e36763aa72dec20b52022ca8c6f2a7e
DIST openssl-de90e54bbe82e5be4fb9608b6f5c308bb837d355.tar.gz 15337569 BLAKE2B bb0b2f4ee7838178e8e23317b6c63048611d805e20c81d6c875d9b515e6dbcf981cda38f031965c9ec45bcab3ac4725cfa793718b0212e92bf53b4c7fc3f4e32 SHA512 4bba15075dacc8c1772a95759cfe8620ff3a9d535e5d3d29bb15e4790cc543555ab45f0b239195361e534eca26249ae1b491b63cbf6b7ecda6f0840c7f6253ac
DIST pylibfdt-cfff805481bdea27f900c32698171286542b8d3c.tar.gz 49659 BLAKE2B 05e954fc2d72618b3f56c08bdfcd64479259902ee2613d034b66ebe50e33b02b243bed1191d8dcdcea9fcb2553f84a737ae12514d30c48e776efc858a4879894 SHA512 c2f4cbda24bc4a2140135de2db19fd7ad0b6eff2a748862b4166bf0e65f3e324e2855ea4331dafa2c82f44b4d01309c8ac50159cbcc076a968a1169c8709a523
diff --git a/sys-firmware/edk2/edk2-202502.ebuild b/sys-firmware/edk2/edk2-202502.ebuild
new file mode 100644
index 000000000000..fc93ffcc1ca3
--- /dev/null
+++ b/sys-firmware/edk2/edk2-202502.ebuild
@@ -0,0 +1,344 @@
+# Copyright 1999-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_REQ_USE="sqlite"
+PYTHON_COMPAT=( python3_{12..13} )
+
+inherit edo flag-o-matic prefix python-any-r1 readme.gentoo-r1 secureboot toolchain-funcs
+
+DESCRIPTION="TianoCore EDK II UEFI firmware for virtual machines"
+HOMEPAGE="https://github.com/tianocore/edk2"
+
+DBXDATE="05092023" # MMDDYYYY
+BUNDLED_BROTLI_SUBMODULE_SHA="f4153a09f87cbb9c826d8fc12c74642bb2d879ea"
+BUNDLED_LIBFDT_SUBMODULE_SHA="cfff805481bdea27f900c32698171286542b8d3c"
+BUNDLED_LIBSPDM_SUBMODULE_SHA="98ef964e1e9a0c39c7efb67143d3a13a819432e0"
+BUNDLED_MBEDTLS_SUBMODULE_SHA="8c89224991adff88d53cd380f42a2baa36f91454"
+BUNDLED_MIPI_SYS_T_SUBMODULE_SHA="370b5944c046bab043dd8b133727b2135af7747a"
+BUNDLED_OPENSSL_SUBMODULE_P="openssl-3.4.1"
+
+SRC_URI="
+ https://github.com/tianocore/${PN}/archive/${PN}-stable${PV}.tar.gz
+ -> ${P}.tar.gz
+ https://github.com/google/brotli/archive/${BUNDLED_BROTLI_SUBMODULE_SHA}.tar.gz
+ -> brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}.tar.gz
+ https://github.com/DMTF/libspdm/archive/${BUNDLED_LIBSPDM_SUBMODULE_SHA}.tar.gz
+ -> libspdm-${BUNDLED_LIBSPDM_SUBMODULE_SHA}.tar.gz
+ https://github.com/Mbed-TLS/mbedtls/archive/${BUNDLED_MBEDTLS_SUBMODULE_SHA}.tar.gz
+ -> mbedtls-${BUNDLED_MBEDTLS_SUBMODULE_SHA}.tar.gz
+ https://github.com/MIPI-Alliance/public-mipi-sys-t/archive/${BUNDLED_MIPI_SYS_T_SUBMODULE_SHA}.tar.gz
+ -> mipi-sys-t-${BUNDLED_MIPI_SYS_T_SUBMODULE_SHA}.tar.gz
+ https://github.com/openssl/openssl/releases/download/${BUNDLED_OPENSSL_SUBMODULE_P}/${BUNDLED_OPENSSL_SUBMODULE_P}.tar.gz
+
+ amd64? (
+ https://uefi.org/sites/default/files/resources/x64_DBXUpdate_${DBXDATE}.bin
+ https://uefi.org/sites/default/files/resources/x64_DBXUpdate.bin -> x64_DBXUpdate_${DBXDATE}.bin
+ )
+
+ arm64? (
+ https://uefi.org/sites/default/files/resources/arm64_DBXUpdate_${DBXDATE}.bin
+ https://uefi.org/sites/default/files/resources/arm64_DBXUpdate.bin -> arm64_DBXUpdate_${DBXDATE}.bin
+ https://github.com/devicetree-org/pylibfdt/archive/${BUNDLED_LIBFDT_SUBMODULE_SHA}.tar.gz
+ -> pylibfdt-${BUNDLED_LIBFDT_SUBMODULE_SHA}.tar.gz
+ )
+"
+
+S="${WORKDIR}/${PN}-${PN}-stable${PV}"
+LICENSE="BSD-2 MIT"
+SLOT="0"
+KEYWORDS="-* ~amd64 ~arm64 ~loong ~riscv"
+
+BDEPEND="
+ ${PYTHON_DEPS}
+ app-emulation/qemu
+ app-emulation/virt-firmware
+ >=sys-power/iasl-20160729
+ amd64? ( >=dev-lang/nasm-2.0.7 )
+"
+
+RDEPEND="
+ !sys-firmware/edk2-bin
+"
+
+PATCHES=(
+ "${FILESDIR}/${PN}-202411-werror.patch"
+ "${FILESDIR}/${PN}-202408-binutils-2.41-textrels.patch"
+)
+
+DISABLE_AUTOFORMATTING="true"
+DIR="/usr/share/${PN}"
+
+pkg_setup() {
+ python-any-r1_pkg_setup
+ secureboot_pkg_setup
+
+ local QEMU_ARCH ARCH_DIRS UNIT0 UNIT1 FMT
+
+ case "${ARCH}" in
+ amd64)
+ TARGET_ARCH="X64"
+ QEMU_ARCH="x86_64"
+ ARCH_DIRS="${DIR}/OvmfX64"
+ UNIT0="OVMF_CODE.fd"
+ UNIT1="OVMF_VARS.fd"
+ FMT="raw"
+ ;;
+ arm64)
+ TARGET_ARCH="AARCH64"
+ QEMU_ARCH="aarch64"
+ ARCH_DIRS="${DIR}/ArmVirtQemu-AARCH64"
+ UNIT0="QEMU_EFI.qcow2"
+ UNIT1="QEMU_VARS.qcow2"
+ FMT="qcow2"
+ ;;
+ loong)
+ TARGET_ARCH="LOONGARCH64"
+ QEMU_ARCH="loongarch64"
+ ARCH_DIRS="${DIR}/LoongArchVirtQemu"
+ UNIT0="QEMU_EFI.fd"
+ UNIT1="QEMU_VARS.fd"
+ FMT="raw"
+ ;;
+ riscv)
+ TARGET_ARCH="RISCV64"
+ QEMU_ARCH="riscv64"
+ ARCH_DIRS="${DIR}/RiscVVirtQemu"
+ UNIT0="RISCV_VIRT_CODE.qcow2"
+ UNIT1="RISCV_VIRT_VARS.qcow2"
+ FMT="qcow2"
+ ;;
+ esac
+
+ DOC_CONTENTS="This package includes the TianoCore EDK II UEFI firmware for ${QEMU_ARCH}
+virtual machines. The firmware is located under ${ARCH_DIRS}.
+
+In order to use the firmware, you can run QEMU like so:
+
+ $ qemu-system-${QEMU_ARCH} \\
+ -drive file=${EPREFIX}${ARCH_DIRS%% *}/${UNIT0},if=pflash,format=${FMT},unit=0,readonly=on \\
+ -drive file=/path/to/the/copy/of/${UNIT1},if=pflash,format=${FMT},unit=1 \\
+ ..."
+
+ case "${ARCH}" in
+ amd64) DOC_CONTENTS+="
+
+The firmware does not support CSM due to the lack of a free
+implementation. If you need a firmware with CSM support, you have to
+download one for yourself. Firmware blobs are commonly labelled:
+
+ OVMF_CODE-with-csm.fd
+ OVMF_VARS-with-csm.fd"
+ ;;
+ arm64) DOC_CONTENTS+="
+
+WARNING! QEMU_EFI.secboot_INSECURE.qcow2 does have Secure Boot
+enabled, but it must not be used in production. The lack of an SMM
+implementation for arm64 in this firmware means that the EFI
+variable store is unprotected, making the firmware unsafe."
+ ;;
+ esac
+}
+
+link_mod() {
+ rmdir "$2" && ln -sfT "$1" "$2" || die "linking ${2##*/} failed"
+}
+
+src_prepare() {
+ # Bundled submodules
+ link_mod "${WORKDIR}/brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}" \
+ BaseTools/Source/C/BrotliCompress/brotli
+ link_mod "${WORKDIR}/brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}" \
+ MdeModulePkg/Library/BrotliCustomDecompressLib/brotli
+ link_mod "${WORKDIR}/libspdm-${BUNDLED_LIBSPDM_SUBMODULE_SHA}" \
+ SecurityPkg/DeviceSecurity/SpdmLib/libspdm
+ link_mod "${WORKDIR}/mbedtls-${BUNDLED_MBEDTLS_SUBMODULE_SHA}" \
+ CryptoPkg/Library/MbedTlsLib/mbedtls
+ link_mod "${WORKDIR}/public-mipi-sys-t-${BUNDLED_MIPI_SYS_T_SUBMODULE_SHA}" \
+ MdePkg/Library/MipiSysTLib/mipisyst
+ link_mod "${WORKDIR}/${BUNDLED_OPENSSL_SUBMODULE_P}" \
+ CryptoPkg/Library/OpensslLib/openssl
+
+ use arm64 &&
+ link_mod "${WORKDIR}/pylibfdt-${BUNDLED_LIBFDT_SUBMODULE_SHA}" \
+ MdePkg/Library/BaseFdtLib/libfdt
+
+ default
+
+ # Fix descriptor paths for prefix.
+ hprefixify "${FILESDIR}"/descriptors/*.json
+}
+
+mybuild() {
+ edo build \
+ -t "${TOOLCHAIN}" \
+ -b "${BUILD_TARGET}" \
+ -D NETWORK_HTTP_BOOT_ENABLE \
+ -D NETWORK_IP6_ENABLE \
+ -D NETWORK_TLS_ENABLE \
+ -D TPM1_ENABLE \
+ -D TPM2_ENABLE \
+ -D TPM2_CONFIG_ENABLE \
+ "${BUILD_ARGS[@]}" \
+ "${@}"
+}
+
+# Add the MS and Red Hat Secure Boot certificates and update the revocation list
+# for the given architecture in the given raw variables image.
+mk_fw_vars() {
+ edo virt-fw-vars \
+ --set-dbx "${DISTDIR}/$1_DBXUpdate_${DBXDATE}.bin" \
+ --secure-boot --enroll-redhat --inplace "$2"
+}
+
+# Convert the given images from raw to QCOW2 and resize them to the amount given
+# as the first argument. Specify 0 to not resize.
+raw_to_qcow2() {
+ local SIZE=$1 RAW
+ shift
+
+ for RAW in "${@}"; do
+ edo qemu-img convert -f raw -O qcow2 -o cluster_size=4096 -S 4096 "${RAW}" "${RAW%.fd}.qcow2"
+ [[ ${SIZE} != 0 ]] && edo qemu-img resize -f qcow2 "${RAW%.fd}.qcow2" "${SIZE}"
+ rm "${RAW}" || die
+ done
+}
+
+src_compile() {
+ TOOLCHAIN="GCC5"
+ BUILD_TARGET="RELEASE"
+ BUILD_DIR="${BUILD_TARGET}_${TOOLCHAIN}"
+ BUILD_ARGS=()
+
+ tc-export_build_env
+ emake -C BaseTools \
+ CC="$(tc-getBUILD_CC)" \
+ CXX="$(tc-getBUILD_CXX)" \
+ EXTRA_OPTFLAGS="${BUILD_CFLAGS}" \
+ EXTRA_LDFLAGS="${BUILD_LDFLAGS}"
+
+ export \
+ "${TOOLCHAIN}_${TARGET_ARCH}_PREFIX=${CHOST}-" \
+ "${TOOLCHAIN}_BIN=${CHOST}-"
+
+ . ./edksetup.sh
+
+ # DO NOT enable the shell with Secure Boot as it can be used as a bypass!
+
+ case "${ARCH}" in
+ amd64)
+ local SIZE
+ for SIZE in _2M _4M; do
+ mybuild -a X64 -p OvmfPkg/OvmfPkgX64.dsc \
+ -D FD_SIZE${SIZE}B \
+ -D BUILD_SHELL=FALSE \
+ -D SECURE_BOOT_ENABLE \
+ -D SMM_REQUIRE
+
+ mv -T Build/OvmfX64 Build/OvmfX64${SIZE}.secboot || die
+
+ mybuild -a X64 -p OvmfPkg/OvmfPkgX64.dsc \
+ -D FD_SIZE${SIZE}B
+
+ mv -T Build/OvmfX64 Build/OvmfX64${SIZE} || die
+
+ mk_fw_vars x64 Build/OvmfX64${SIZE}.secboot/"${BUILD_DIR}"/FV/OVMF_VARS.fd
+ done
+
+ # Fedora only converts newer images to QCOW2. 2MB images are raw.
+ raw_to_qcow2 0 Build/OvmfX64_4M*/"${BUILD_DIR}"/FV/OVMF_{CODE,VARS}.fd
+ ;;
+ arm64)
+ BUILD_ARGS+=(
+ # grub.efi uses EfiLoaderData for code
+ --pcd PcdDxeNxMemoryProtectionPolicy=0xC000000000007FD1
+ # shim.efi has broken MemAttr code
+ --pcd PcdUninstallMemAttrProtocol=TRUE
+ )
+
+ mybuild -a AARCH64 -p ArmVirtPkg/ArmVirtQemu.dsc \
+ -D BUILD_SHELL=FALSE \
+ -D SECURE_BOOT_ENABLE
+
+ mv -T Build/ArmVirtQemu-AARCH64 Build/ArmVirtQemu-AARCH64.secboot_INSECURE || die
+
+ mybuild -a AARCH64 -p ArmVirtPkg/ArmVirtQemu.dsc
+
+ mk_fw_vars arm64 Build/ArmVirtQemu-AARCH64.secboot_INSECURE/"${BUILD_DIR}"/FV/QEMU_VARS.fd
+ raw_to_qcow2 64m Build/ArmVirtQemu-AARCH64*/"${BUILD_DIR}"/FV/QEMU_{EFI,VARS}.fd
+ ;;
+ loong)
+ BUILD_ARGS+=(
+ # fails to seed the OpenSSL RNG during early initialization due
+ # to improper FPU enabling (maybe too late)
+ -D NETWORK_TLS_ENABLE=FALSE
+ )
+ mybuild -a LOONGARCH64 -p OvmfPkg/LoongArchVirt/LoongArchVirtQemu.dsc
+ ;;
+ riscv)
+ mybuild -a RISCV64 -p OvmfPkg/RiscVVirt/RiscVVirtQemu.dsc
+ raw_to_qcow2 32m Build/RiscVVirtQemu/"${BUILD_DIR}"/FV/RISCV_VIRT_{CODE,VARS}.fd
+ ;;
+ esac
+}
+
+src_install() {
+ local SIZE TYPE FMT
+
+ case "${ARCH}" in
+ amd64)
+ insinto ${DIR}/OvmfX64
+ doins Build/OvmfX64_2M/"${BUILD_DIR}"/X64/Shell.efi
+
+ for SIZE in _2M _4M; do
+ for TYPE in "" .secboot; do
+ [[ ${SIZE} = _4M ]] && FMT=qcow2 || FMT=fd
+ newins Build/OvmfX64${SIZE}${TYPE}/"${BUILD_DIR}"/FV/OVMF_CODE.${FMT} OVMF_CODE${SIZE#_2M}${TYPE}.${FMT}
+ newins Build/OvmfX64${SIZE}${TYPE}/"${BUILD_DIR}"/FV/OVMF_VARS.${FMT} OVMF_VARS${SIZE#_2M}${TYPE}.${FMT}
+ done
+ done
+
+ # Compatibility with older package versions.
+ dosym ${PN}/OvmfX64 /usr/share/edk2-ovmf
+ ;;
+ arm64)
+ insinto ${DIR}/ArmVirtQemu-AARCH64
+
+ for TYPE in "" .secboot_INSECURE; do
+ newins Build/ArmVirtQemu-AARCH64${TYPE}/"${BUILD_DIR}"/FV/QEMU_EFI.qcow2 QEMU_EFI${TYPE}.qcow2
+ newins Build/ArmVirtQemu-AARCH64${TYPE}/"${BUILD_DIR}"/FV/QEMU_VARS.qcow2 QEMU_VARS${TYPE}.qcow2
+ done
+ ;;
+ loong)
+ insinto ${DIR}/LoongArchVirtQemu
+ doins Build/LoongArchVirtQemu/"${BUILD_DIR}"/FV/QEMU_{EFI,VARS}.fd
+ ;;
+ riscv)
+ insinto ${DIR}/RiscVVirtQemu
+ doins Build/RiscVVirtQemu/"${BUILD_DIR}"/FV/RISCV_VIRT_{CODE,VARS}.qcow2
+ ;;
+ esac
+
+ insinto /usr/share/qemu/firmware
+ doins "${FILESDIR}"/descriptors/*"${TARGET_ARCH,,}"*.json
+
+ secureboot_auto_sign --in-place
+ readme.gentoo_create_doc
+}
+
+pkg_preinst() {
+ local OLD=${EROOT}/usr/share/edk2-ovmf NEW=${EROOT}/${DIR}/OvmfX64
+ if [[ -d ${OLD} && ! -L ${OLD} ]]; then
+ {
+ rm -vf "${OLD}"/{OVMF_{CODE,CODE.secboot,VARS}.fd,EnrollDefaultKeys.efi,Shell.efi,UefiShell.img} &&
+ mkdir -p "${NEW}" &&
+ find "${OLD}" -mindepth 1 -maxdepth 1 -execdir mv --update=none-fail -vt "${NEW}"/ {} + &&
+ rmdir "${OLD}"
+ } || die "unable to replace old directory with compatibility symlink"
+ fi
+}
+
+pkg_postinst() {
+ readme.gentoo_print_elog
+}