mirror of
https://git.yoctoproject.org/poky
synced 2026-06-03 13:49:49 +00:00
Ricardo Neri
9b90717e91
The EnrollDefaultKeys.efi application (distributed in ovmf-shell-image) expects the hypervisor to provide a Platform Key and first Key Exchange Key certificate. For QEMU, this is done by adding an OEM string in the Type 11 SMBIOS table. The string contains the EnrollDefaultKeys application GUID followed by the certificate string. For now, the string is passed in the command line until QEMU understands OEM strings from regular files (please see https://bugs.launchpad.net/qemu/+bug/1826200). If runqemu detects it is given an OVMF binary with support for Secure Boot (i.e., ovmf.secboot* binaries), extract the certificate string from the OvmfPkKek1.pem certificate and modify the command-line parameters to provide the key. Such certificate is created when building OVMF with support for Secure Boot. Cc: Ross Burton <ross.burton@intel.com> Cc: Patrick Ohly <patrick.ohly@intel.com> (From OE-Core rev: 5e47316ae62f7632fb62bc3b8093ac42f9e3541c) Signed-off-by: Ricardo Neri <ricardo.neri-calderon@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
QEMU Emulation Targets ====================== To simplify development, the build system supports building images to work with the QEMU emulator in system emulation mode. Several architectures are currently supported in 32 and 64 bit variants: * ARM (qemuarm + qemuarm64) * x86 (qemux86 + qemux86-64) * PowerPC (qemuppc only) * MIPS (qemumips + qemumips64) Use of the QEMU images is covered in the Yocto Project Reference Manual. The appropriate MACHINE variable value corresponding to the target is given in brackets.