Backport a patch [1] to fix the below build failure:
/buildarea/tmp/work/corei7-64-wrs-linux/ovmf/edk2-stable202502/sources/ovmf-edk2-stable202502/SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdBoolAlt.h:13:17: error: two or more data types in declaration specifiers
13 | typedef BOOLEAN bool;
| ^~~~
/buildarea/tmp/work/corei7-64-wrs-linux/ovmf/edk2-stable202502/sources/ovmf-edk2-stable202502/SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdBoolAlt.h:13:1: error: useless type name in empty declaration [-Werror]
13 | typedef BOOLEAN bool;
[1] 772fa11ac8
(From OE-Core rev: 24600013b65c954bd704a6eb673197ac06b87f69)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Some of them were introduced by mass-removal of S = WORKDIR/git assignments;
rather than try to fix up (or redo) just these, I've run this sed command over
the whole tree:
sed -i -z -E 's/([ \t\f\v\r]*\n){3,}/\n\n/g' `find . -name *.bb -o -name *.inc`
The rationale is that more than one empty line is wasting vertical screen space, and
does nothing for readability.
(From OE-Core rev: cedc4ff7c9bcfb22a20e43e47f9759f4007a4f1a)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Removing all the S = ${WORKDIR}/git assignments works because BB_GIT_DEFAULT_DESTSUFFIX
is set to match S from bitbake.conf (which itself is set to match typical tarball
releases).
A few recipes are setting S to a sub-directory of the git tree and need
to be adjusted accordingly.
bzip2 recipe is fetching a tarball and separately cloning tests;
adjust the recipe to put the latter into 'bzip2-tests', instead of 'git'.
devupstream.bbclass no longer needs to rewrite S, and is adjusted accordingly.
Adjust scripts/lib/recipetool/append.py to not hardcode 'git' as unpack
destination.
Adjust kernel-yocto.bbclass to use the git unpack variable instead
of hardcoding 'git' (there's also removal of repetition of
string constants and a correction of workdir/unpackdir mismatch in
one of the if-else branches).
Ensure build-appliance-image recipe does not use 'git' as checkout directory for
poky repo, but rather explicitly name it 'poky'.
Ensure reproducible.py code that looks for git repositories does not
hardcode 'git' but uses the destination set by BB_GIT_DEFAULT_DESTSUFFIX.
Ensure recipetool does not write out unneeded S settings into newly
created recipes that fetch from git.
Adjust selftest to not hardcode 'git' as unpack directory.
(From OE-Core rev: f80c07019ddadaf9c5fb890faabfda7920ecd15e)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
In release mode, OVMF does not output any debug information to the QEMU port, making it extremely difficult to debug boot issues.
This commit introduces packageconfig debug flag to enable it
Usage:
PACKAGECONFIG:append:pn-ovmf = " debug"
runqemu qemuparams="-debugcon file:debug.log -global isa-debugcon.iobase=0x402"
The OVMF debug console output will be written to debug.log.
(From OE-Core rev: 50393dadf4a0086334efa184dd249cdf7f543488)
Signed-off-by: Pavel Zhukov <pavel@zhukoff.net>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Recipes are much more readable with whitespace around the assignment operators.
Fix various assignments in OE-Core to show this is definitely the preferred
formatting.
(From OE-Core rev: 30ea609d3357fb3de911f2f6a5e6856c151b976a)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Includes patches for CVE-2023-45236, CVE-2023-45237 and
CVE-2024-25742. Refreshed patches with devtool.
Changes:
https://github.com/tianocore/edk2/releases
edk2-stable202408
Release Date 2024-08-23
New Features & Bug Fixes
CryptoPkg:Add more crypto APIs (AESGCM/PEM/X509/RSA/PKCS5/PKCS7/Authenticode) based on Mbedtls
CryptoPkg: Enable Openssl native instruction support for AARCH64
CryptoPkg: Add support for aes128-sha256 and aes256-sha256 cipher
UefiCpuPkg: S3 cleanup
MdePkg/BaseLib: Add CRC16 CCITT False Implementation
DynamicTablesPkg: ACPI TPM2 generator
DynamicTablesPkg: Prepare for supporting other archs
BaseTools: Add VS2022 support
OvmfPkg: Add LoongArchVirt instance to OvmfPkg and enable it
edk2-stable202405
Release Date 2024-05-24
New Features & Bug Fixes
SecurityPkg:Add EFI Device Authentication Signature Database and SPDM
CryptoPkg:add additional RSAES-OAEP crypto functions
OvmfPkg:Add 5-level paging support
OvmfPkg:SEV-SNP Support for running under an SVSM
OvmfPkg:RBP register shall be cleared in TDVMCALL
OvmfPkg:Harden #VC instruction emulation (CVE-2024-25742)
Add SPI bus driver stack
NetworkPkg: Predictable TCP ISNs
NetworkPkg: Use of a Weak PseudoRandom Number Generator
UefiCpuPkg: Add new SmmRelocationLib library
Bugzilla List
Update Notes
NetworkPkg SECURITY PATCH CVE-2023-45237 requires the platform to provide the right implementation of the EFI_RNG_PROTOCOL
(i.e., using a GUID that appears in the allowlist) and EFI_HASH2_PROTOCOL. If it is not implemented, the platform will lose the ability to do network boot.
(From OE-Core rev: 50ae1d4afe436498b157f19e085532a6f0525d85)
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Move the -pipe option out of the optimization flags and directly into
the flags variables since we always use it now.
Also move the debug prefix mapping there to match the nativesdk case
which already does this.
Fix the documentation and two recipe usages to match the change.
(From OE-Core rev: 9badf68d78d995f7d5d4cf27e045f029fc6d4044)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
CVE-2014-8271 has an unusual versioning, svn_16280, which breaks
the version comparison and gives us warning like below:
Failed to compare 202308 < svn_16280 for CVE-2014-8271
The fix has been there since 2014, our current version has included
the fix.
(From OE-Core rev: fdd74b3f3e3a8a07a6107e6ef07198ebe63d2bc8)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This should not be necessary, as ovmf is already marked as
COMPATIBLE_HOST:class-target='(i.86|x86_64).*'
and existing upstream code handles both.
If/when ovmf is used on other targets, the situation can be revisited.
(From OE-Core rev: 4a75ca7c5a1c6330748fd1efa0a23af4acd23099)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Host distros have started deploying gcc12 as well e.g. archlinux
this build failure shows up which has been fixed upstream
In function ‘GetAlignmentFromFile’,
inlined from ‘main’ at GenFfs.c:816:20:
GenFfs.c:545:5: error: pointer ‘InFileHandle’ used after ‘fclose’ [-Werror=use-after-free]
545 | Error(NULL, 0, 4001, "Resource", "memory cannot be allocated of %s", InFileHandle);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
(From OE-Core rev: 7b67f19d353d88107f52cceda3c858730ac1db54)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
0001-Fix-VLA-parameter-warning.patch
removed since it's included in 202202
Changelog:
=========
OvmfPkg Add new target for Cloud Hypervisor
Add TDVF to OvmfPkg
Add new APIs to UefiCpuPkg/UefiCpuLib
Add AMD Secure Nested Paging Support
Add SSDT PCI generator in DynamicTablesPkg
Support ACPI 6.4 PPTT changes
Add FdtHwInfoParser library
Add DynamicPlatRepo library
Make package and platform builds reproducible across source format changes
Add Uncrustify CI Plugin
Apply uncrustify changes to all package C and H files
(From OE-Core rev: 5e280a4d6bf67c3b7d26c444bc52f25e63ae57a4)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
By enabling TPM support the boot will be measured into the TPM's
Platform Configuration Registers (PCRs).
(From OE-Core rev: e71280883c217d86b4636da6e549334183f1aff7)
Signed-off-by: Kristian Klausen <kristian@klausen.dk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
"BSD" is ambiguous, use the precise license BSD-2-Clause-Patent.
(From OE-Core rev: 3e5c91e3517f15c25ecf56877a15962427dd0f3b)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is the result of automated script conversion:
scripts/contrib/convert-overrides.py <oe-core directory>
converting the metadata to use ":" as the override character instead of "_".
(From OE-Core rev: 42344347be29f0997cc2f7636d9603b1fe1875ae)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Reformat patches using git, so that rebasing them to newer versions is easier.
(From OE-Core rev: 796f5a422a1bb9059ca8045b5aa199aa02b0e46a)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When building in longer paths, the ovmf build changes in many ways. This adds a
patch addressing various causes of problems. Full details are in the patch header.
(From OE-Core rev: 9113a5815f3c682ef99fd777e35e892b2e08237f)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
lto tends to break reproducibility and makes ovmf near impossible to debug
reproducibility issues in. Disable it and supress the warnings that then
generates from Werror.
(From OE-Core rev: 627b6ed763eca90192203932784872b60a65fcaa)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We want to pass ${DEBUG_PREFIX_MAP} to gcc commands and also pass in
--debug-prefix-map to nasm (we carry a patch to nasm for this). The
tools definitions are built by ovmf-native so we need to pass this in
at target build time when we know the right values.
By using determininistc file paths in the ovmf build, it removes the
opportunitity for gcc/ld to change the output binaries due to path
lengths overflowing section sizes and causing small changes in the
binary output.
This also means that if builds have reproducibility issues in future, it
becomes much easier to compare intermediate build artefacts.
(From OE-Core rev: 51f51310d6d5cced2b55bf27dbb9a5717740a206)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
OVMF is mostly reproducible, but the final .efi binaries have a 'NM10'
segment in that references the original input file, and this input file
has the build path in.
This can be solved by passing --zero to GenFw so that this segment is
zero'd out in release builds.
[ YOCTO #14264 ]
(From OE-Core rev: 8b4e5a3b8c3eabfbb94ab577529240b2e270efa7)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
0003-ovmf-enable-long-path-file.patch
removed since it is not available in 202102.
(From OE-Core rev: c364d64adcb8c7fdfe196186efa868381f8630e7)
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
do_deploy should clean up ${DEPLOYDIR} before running, just like do_install
cleans up ${D} before running. This reduces the risk of DEPLOYDIR being
accidentally contaminated by files from previous runs, possibly even with
different config, in case of incremental builds.
It is convenient to have this in deploy.bbclass, so it doesn't have to be
duplicated in every recipe, considering for example meta-freescale, which
has 23 affected recipes.
All recipes using deploy.bbclass (grep -r 'inherit .*deploy') in poky,
meta-openembedded and meta-freescale look like they either benefit from
this or are at least not affected negatively by it. The only exception
I've noticed was uboot-sign.bbclass, which was however fixed by the
previous patch.
(From OE-Core rev: 7083a7d56f4d90c81d2e6652ee291d20fd908bbe)
Signed-off-by: Daniel Klauer <daniel.klauer@gin.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The OVMF target binaries are (currently) x86-specific, but the native
tools to build them are not.
Make the COMPATIBLE_HOST assignment target-specific, so that the native
tools can be built on an arm64 build server.
(From OE-Core rev: 58ebb47688fc98fdaeb78b4033bd31100218d5d6)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Instead of depending on iasl-native, depend on ovmf-native as iasl was merged
into that recipe some time ago.
bc-native doesn't appear to be a build requirement anymore, and for clarity
merge two overridden DEPENDS into a single DEPENDS.
(From OE-Core rev: 78d2f68a956ff49410b238456ce0a23c5a0667aa)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
