#!/usr/bin/make -f SHELL=/bin/bash include /usr/share/dpkg/default.mk EDK2_TOOLCHAIN = GCC5 export $(EDK2_TOOLCHAIN)_AARCH64_PREFIX=aarch64-linux-gnu- export $(EDK2_TOOLCHAIN)_ARM_PREFIX=arm-linux-gnueabihf- export PYTHON3_ENABLE=TRUE ifeq ($(DEB_BUILD_ARCH),amd64) EDK2_BUILD_ARCH=X64 endif ifeq ($(DEB_BUILD_ARCH),i386) EDK2_BUILD_ARCH=IA32 endif ifeq ($(DEB_BUILD_ARCH),arm64) EDK2_BUILD_ARCH=AARCH64 endif COMMON_FLAGS = -DNETWORK_HTTP_BOOT_ENABLE=TRUE -DNETWORK_TLS_ENABLE -DSECURE_BOOT_ENABLE=TRUE OVMF_COMMON_FLAGS = $(COMMON_FLAGS) -DTPM_ENABLE=TRUE OVMF_2M_FLAGS = $(OVMF_COMMON_FLAGS) -DFD_SIZE_2MB OVMF_4M_FLAGS = $(OVMF_COMMON_FLAGS) -DFD_SIZE_4MB OVMF_2M_SMM_FLAGS = $(OVMF_2M_FLAGS) -DSMM_REQUIRE=TRUE OVMF_4M_SMM_FLAGS = $(OVMF_4M_FLAGS) -DSMM_REQUIRE=TRUE OVMF32_4M_FLAGS = $(OVMF_COMMON_FLAGS) -DFD_SIZE_4MB OVMF32_4M_SMM_FLAGS = $(OVMF32_4M_FLAGS) -DSMM_REQUIRE=TRUE AAVMF_FLAGS = $(COMMON_FLAGS) OVMF_VARS_GENERATOR = ./qemu-ovmf-secureboot-1-1-3/ovmf-vars-generator # Clear variables used internally by the edk2 build system undefine WORKSPACE undefine ECP_SOURCE undefine EDK_SOURCE undefine EFI_SOURCE undefine EDK_TOOLS_PATH undefine CONF_PATH %: dh $@ override_dh_auto_build: build-qemu-efi-aarch64 build-qemu-efi-arm build-ovmf build-ovmf32 debian/setup-build-stamp: set -e; . ./edksetup.sh; \ make -C BaseTools ARCH=$(EDK2_BUILD_ARCH) touch $@ OVMF_BUILD_DIR = Build/OvmfX64/RELEASE_$(EDK2_TOOLCHAIN) OVMF3264_BUILD_DIR = Build/Ovmf3264/RELEASE_$(EDK2_TOOLCHAIN) OVMF_ENROLL = $(OVMF3264_BUILD_DIR)/X64/EnrollDefaultKeys.efi OVMF_SHELL = $(OVMF3264_BUILD_DIR)/X64/Shell.efi OVMF_BINARIES = $(OVMF_ENROLL) $(OVMF_SHELL) OVMF_IMAGES := $(addprefix debian/ovmf-install/,OVMF_CODE.fd OVMF_CODE_4M.fd OVMF_CODE.secboot.fd OVMF_CODE_4M.secboot.fd OVMF_VARS.fd OVMF_VARS_4M.fd) OVMF_PREENROLLED_VARS := $(addprefix debian/ovmf-install/,OVMF_VARS.ms.fd OVMF_VARS_4M.ms.fd OVMF_VARS_4M.snakeoil.fd) OVMF32_BUILD_DIR = Build/OvmfIa32/RELEASE_$(EDK2_TOOLCHAIN) OVMF32_SHELL = $(OVMF32_BUILD_DIR)/IA32/Shell.efi OVMF32_BINARIES = $(OVMF32_SHELL) OVMF32_IMAGES := $(addprefix debian/ovmf32-install/,OVMF32_CODE_4M.secboot.fd OVMF_VARS_4M.fd) QEMU_EFI_BUILD_DIR = Build/ArmVirtQemu-$(EDK2_HOST_ARCH)/RELEASE_$(EDK2_TOOLCHAIN) AAVMF_BUILD_DIR = Build/ArmVirtQemu-AARCH64/RELEASE_$(EDK2_TOOLCHAIN) AAVMF_ENROLL = $(AAVMF_BUILD_DIR)/AARCH64/EnrollDefaultKeys.efi AAVMF_SHELL = $(AAVMF_BUILD_DIR)/AARCH64/Shell.efi AAVMF_BINARIES = $(AAVMF_ENROLL) $(AAVMF_SHELL) build-ovmf32: $(OVMF32_BINARIES) $(OVMF32_IMAGES) $(OVMF32_BINARIES) $(OVMF32_IMAGES): debian/setup-build-stamp rm -rf debian/ovmf32-install mkdir debian/ovmf32-install set -e; . ./edksetup.sh; \ build -a IA32 \ -t $(EDK2_TOOLCHAIN) \ -p OvmfPkg/OvmfPkgIa32.dsc \ $(OVMF32_4M_SMM_FLAGS) -b RELEASE cp $(OVMF32_BUILD_DIR)/FV/OVMF_CODE.fd \ debian/ovmf32-install/OVMF32_CODE_4M.secboot.fd cp $(OVMF32_BUILD_DIR)/FV/OVMF_VARS.fd \ debian/ovmf32-install/OVMF32_VARS_4M.fd build-ovmf: $(OVMF_BINARIES) $(OVMF_IMAGES) $(OVMF_PREENROLLED_VARS) $(OVMF_BINARIES) $(OVMF_IMAGES): debian/setup-build-stamp rm -rf debian/ovmf-install mkdir debian/ovmf-install set -e; . ./edksetup.sh; \ build -a X64 \ -t $(EDK2_TOOLCHAIN) \ -p OvmfPkg/OvmfPkgX64.dsc \ $(OVMF_2M_FLAGS) -b RELEASE cp $(OVMF_BUILD_DIR)/FV/OVMF_CODE.fd \ $(OVMF_BUILD_DIR)/FV/OVMF.fd debian/ovmf-install/ cp $(OVMF_BUILD_DIR)/FV/OVMF_VARS.fd debian/ovmf-install/ rm -rf Build/OvmfX64 set -e; . ./edksetup.sh; \ build -a IA32 -a X64 \ -t $(EDK2_TOOLCHAIN) \ -p OvmfPkg/OvmfPkgIa32X64.dsc \ $(OVMF_4M_FLAGS) -b RELEASE cp $(OVMF3264_BUILD_DIR)/FV/OVMF_CODE.fd \ debian/ovmf-install/OVMF_CODE_4M.fd cp $(OVMF3264_BUILD_DIR)/FV/OVMF_VARS.fd \ debian/ovmf-install/OVMF_VARS_4M.fd rm -rf Build/OvmfX64 set -e; . ./edksetup.sh; \ build -a X64 \ -t $(EDK2_TOOLCHAIN) \ -p OvmfPkg/OvmfPkgX64.dsc \ $(OVMF_2M_SMM_FLAGS) -b RELEASE cp $(OVMF_BUILD_DIR)/FV/OVMF_CODE.fd \ debian/ovmf-install/OVMF_CODE.secboot.fd rm -rf Build/OvmfX64 set -e; . ./edksetup.sh; \ build -a IA32 -a X64 \ -t $(EDK2_TOOLCHAIN) \ -p OvmfPkg/OvmfPkgIa32X64.dsc \ $(OVMF_4M_SMM_FLAGS) -b RELEASE cp $(OVMF3264_BUILD_DIR)/FV/OVMF_CODE.fd \ debian/ovmf-install/OVMF_CODE_4M.secboot.fd debian/PkKek-1-vendor.pem: debian/PkKek-1-$(DEB_VENDOR).pem ln -sf `basename $<` $@ debian/oem-string-%: debian/PkKek-1-%.pem tr -d '\n' < $< | \ sed -e 's/.*-----BEGIN CERTIFICATE-----/4e32566d-8e9e-4f52-81d3-5bb9715f9727:/' -e 's/-----END CERTIFICATE-----//' > $@ debian/shell.aa64.img: VFAT_ROOT=debian/vfat-root-aa64 debian/shell.aa64.img: SHELL_BIN=$(AAVMF_SHELL) debian/shell.aa64.img: ENROLL_BIN=$(AAVMF_ENROLL) debian/shell.aa64.img: $(AAVMF_SHELL) $(AAVMF_ENROLL) debian/shell.x64.img: VFAT_ROOT=debian/vfat-root-x64 debian/shell.x64.img: SHELL_BIN=$(OVMF_SHELL) debian/shell.x64.img: ENROLL_BIN=$(OVMF_ENROLL) debian/shell.x64.img: $(OVMF_SHELL) $(OVMF_ENROLL) debian/shell.%.img: rm -rf $(VFAT_ROOT) mkdir -p $(VFAT_ROOT)/efi/boot cp $(SHELL_BIN) \ $(VFAT_ROOT)/efi/boot/boot`echo $@ | cut -d. -f2`.efi cp $(ENROLL_BIN) $(VFAT_ROOT) qemu-img convert --image-opts \ driver=vvfat,floppy=on,fat-type=12,label=UEFI_SHELL,dir=$(VFAT_ROOT) $@ debian/UefiShell.%.iso: debian/shell.%.img rm -rf debian/iso-root-`echo $@ | cut -d. -f2` mkdir -p debian/iso-root-`echo $@ | cut -d. -f2` cp $< debian/iso-root-`echo $@ | cut -d. -f2` xorriso --as mkisofs -input-charset ASCII -J -rational-rock \ -e `basename $<` -no-emul-boot -o $@ \ debian/iso-root-`echo $@ | cut -d. -f2` %.ms.fd: %.fd debian/UefiShell.x64.iso debian/oem-string-vendor python3 $(OVMF_VARS_GENERATOR) --qemu-binary /usr/bin/qemu-system-x86_64 \ --print-output \ --disable-smm \ --skip-testing \ --oem-string `< debian/oem-string-vendor` \ --ovmf-binary $(subst VARS,CODE,$<) \ --ovmf-template-vars $< \ --uefi-shell-iso debian/UefiShell.x64.iso $@ %.snakeoil.fd: %.fd debian/UefiShell.x64.iso debian/oem-string-snakeoil python3 $(OVMF_VARS_GENERATOR) --qemu-binary /usr/bin/qemu-system-x86_64 \ --print-output \ --disable-smm \ --skip-testing \ --no-default \ --oem-string `< debian/oem-string-snakeoil` \ --ovmf-binary $(subst VARS,CODE,$<) \ --ovmf-template-vars $< \ --uefi-shell-iso debian/UefiShell.x64.iso $@ ArmPkg/Library/GccLto/liblto-aarch64.a: ArmPkg/Library/GccLto/liblto-aarch64.s $($(EDK2_TOOLCHAIN)_AARCH64_PREFIX)gcc -c -fpic $< -o $@ ArmPkg/Library/GccLto/liblto-arm.a: ArmPkg/Library/GccLto/liblto-arm.s $($(EDK2_TOOLCHAIN)_ARM_PREFIX)gcc -c -fpic $< -o $@ build-qemu-efi: debian/setup-build-stamp set -e; . ./edksetup.sh; \ build -a $(EDK2_HOST_ARCH) \ -t $(EDK2_TOOLCHAIN) \ -p ArmVirtPkg/ArmVirtQemu.dsc \ $(AAVMF_FLAGS) -b RELEASE dd if=/dev/zero of=$(QEMU_EFI_BUILD_DIR)/FV/$(FW_NAME)_CODE.fd bs=1M seek=64 count=0 dd if=$(QEMU_EFI_BUILD_DIR)/FV/QEMU_EFI.fd of=$(QEMU_EFI_BUILD_DIR)/FV/$(FW_NAME)_CODE.fd conv=notrunc dd if=/dev/zero of=$(QEMU_EFI_BUILD_DIR)/FV/$(FW_NAME)_VARS.fd bs=1M seek=64 count=0 build-qemu-efi-aarch64: $(AAVMF_BINARIES) $(AAVMF_BINARIES): ArmPkg/Library/GccLto/liblto-aarch64.a $(MAKE) -f debian/rules build-qemu-efi EDK2_ARCH_DIR=AArch64 EDK2_HOST_ARCH=AARCH64 FW_NAME=AAVMF build-qemu-efi-arm: ArmPkg/Library/GccLto/liblto-arm.a $(MAKE) -f debian/rules build-qemu-efi EDK2_ARCH_DIR=Arm EDK2_HOST_ARCH=ARM FW_NAME=AAVMF32 override_dh_auto_clean: -. ./edksetup.sh; build clean make -C BaseTools clean rm -rf Conf/.cache Build .pc-post rm -rf debian/ovmf-install debian/ovmf32-install rm -rf debian/iso-root-* debian/vfat-root-* rm -f debian/PkKek-1-vendor.pem rm -f debian/oem-string-vendor debian/oem-string-snakeoil rm -f debian/shell.*.img debian/UefiShell.*.iso rm -f ArmPkg/Library/GccLto/liblto-*.a rm -f debian/setup-build-stamp get-orig-source: # Should be executed on a checkout of the upstream master branch, # with the debian/ directory manually copied in. rm -rf edk2.tmp && git clone . edk2.tmp # Don't recurse, openssl will bring in MBs of stuff we don't need cd edk2.tmp && git submodule update --init rm -rf edk2-$(DEB_VERSION_UPSTREAM) && \ mkdir edk2-$(DEB_VERSION_UPSTREAM) cd edk2.tmp && git archive HEAD | \ tar xv -C ../edk2-$(DEB_VERSION_UPSTREAM) cd edk2.tmp && git submodule foreach \ 'git archive HEAD | tar xv -C $$toplevel/../edk2-$(DEB_VERSION_UPSTREAM)/$$sm_path' ln -s ../debian edk2-$(DEB_VERSION_UPSTREAM) # Remove unused embedded source, requested by Ubuntu security team rm -r edk2-$(DEB_VERSION_UPSTREAM)/BaseTools/Source/C/BrotliCompress # Remove known-binary files cd edk2-$(DEB_VERSION_UPSTREAM) && python3 ./debian/remove-binaries.py # Look for possible unknown binary files cd edk2-$(DEB_VERSION_UPSTREAM) && python3 ./debian/find-binaries.py rm edk2-$(DEB_VERSION_UPSTREAM)/debian tar Jcvf ../edk2_$(DEB_VERSION_UPSTREAM).orig.tar.xz \ edk2-$(DEB_VERSION_UPSTREAM) rm -rf edk2.tmp edk2-$(DEB_VERSION_UPSTREAM) .PHONY: build-ovmf build-ovmf32 build-qemu-efi build-qemu-efi-aarch64 build-qemu-efi-arm