mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-06-04 02:00:04 +00:00
Code Issues Projects Releases Wiki Activity

ovmf: fix secureboot PACKAGECONFIG + OpenSSL update

Browse Source 
The recent ovmf update broke secureboot because upstream changed the
way how openssl gets compiled into ovmf. It's now integrated directly
into the ovmf build process, without having to patch it first.

In addition, more recent OpenSSL releases are supported. 1.1.0e was
explicitly mentioned in the ovmf commits and because the current
1.1.0f only has minor build enhancements, 1.1.0e is used here.

(From OE-Core rev: 1d9a88f635549e68562de681e297b9270ad02d4e)

Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Patrick Ohly
2017-06-16 11:53:48 +02:00
committed by Richard Purdie
parent 31a9e8d114
commit 9ea5a31776
1 changed files with 6 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-core/ovmf/ovmf_git.bb
+6 -7
View File
@@ -18,14 +18,16 @@ SRC_URI = "git://github.com/tianocore/edk2.git;branch=master \
file://no-stack-protector-all-archs.patch \
"
OPENSSL_RELEASE = "openssl-1.1.0e"
SRC_URI_append_class-target = " \
${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'http://www.openssl.org/source/openssl-1.0.2j.tar.gz;name=openssl;subdir=${S}/CryptoPkg/Library/OpensslLib', '', d)} \
${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'http://www.openssl.org/source/${OPENSSL_RELEASE}.tar.gz;name=openssl;subdir=${S}/CryptoPkg/Library/OpensslLib', '', d)} \
file://0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch \
"
SRCREV="ec4910cd3336565fdb61dafdd9ec4ae7a6160ba3"
SRC_URI[openssl.md5sum] = "96322138f0b69e61b7212bc53d5e912b"
SRC_URI[openssl.sha256sum] = "e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431"
SRC_URI[openssl.md5sum] = "51c42d152122e474754aea96f66928c6"
SRC_URI[openssl.sha256sum] = "57be8618979d80c910728cfc99369bf97b2a1abd8f366ab6ebdee8975ad3874c"
inherit deploy
@@ -187,10 +189,7 @@ do_compile_class-target() {
# building with Secure Boot enabled.
bbnote "Building with Secure Boot."
rm -rf ${S}/Build/Ovmf$OVMF_DIR_SUFFIX
if ! [ -f ${S}/CryptoPkg/Library/OpensslLib/openssl-*/edk2-patch-applied ]; then
( cd ${S}/CryptoPkg/Library/OpensslLib/openssl-* && patch -p1 <$(echo ../EDKII_openssl-*.patch) && touch edk2-patch-applied )
fi
( cd ${S}/CryptoPkg/Library/OpensslLib/ && ./Install.sh )
ln -sf ${OPENSSL_RELEASE} ${S}/CryptoPkg/Library/OpensslLib/openssl
${S}/OvmfPkg/build.sh $PARALLEL_JOBS -a $OVMF_ARCH -b RELEASE -t ${FIXED_GCCVER} ${OVMF_SECURE_BOOT_FLAGS}
ln ${build_dir}/FV/OVMF.fd ${WORKDIR}/ovmf/ovmf.secboot.fd
ln ${build_dir}/FV/OVMF_CODE.fd ${WORKDIR}/ovmf/ovmf.secboot.code.fd