cip-dev@lists.cip-project.org | [isar-cip-core][PATCH 1/8] add recipe for edk2

Home Messages Hashtags Subgroups

Date Date 1 - 5 of 5

[isar-cip-core][PATCH 1/8] add recipe for edk2

Schultschik, Sven #10054 From: Sven Schultschik <sven.schultschik@...> provide a recipe to create the BL32_AP_MM.fd binary by edk2 which is needed for the qemu optee generation as dependency. Signed-off-by: Sven Schultschik <sven.schultschik@...> --- .../edk2/edk2-platformstandalonemmrpmb.inc \| 56 +++++++++++++++++ .../edk2-platformstandalonemmrpmb_202205.bb \| 12 ++++ recipes-bsp/edk2/files/rules.tmpl \| 61 +++++++++++++++++++ 3 files changed, 129 insertions(+) create mode 100644 recipes-bsp/edk2/edk2-platformstandalonemmrpmb.inc create mode 100644 recipes-bsp/edk2/edk2-platformstandalonemmrpmb_202205.bb create mode 100755 recipes-bsp/edk2/files/rules.tmpl diff --git a/recipes-bsp/edk2/edk2-platformstandalonemmrpmb.inc b/recipes-bsp/edk2/edk2-platformstandalonemmrpmb.inc new file mode 100644 index 0000000..3277cc8 --- /dev/null +++ b/recipes-bsp/edk2/edk2-platformstandalonemmrpmb.inc @@ -0,0 +1,56 @@ +# +# CIP Core, generic profile +# +# Copyright (c) Siemens AG, 2022 +# +# Authors: +# Sven Schultschik <sven.schultschik@...> +# +# SPDX-License-Identifier: MIT +# + +HOMEPAGE = "https://github.com/tianocore/edk2" +MAINTAINER = "Sven Schultschik <sven.schultschik@...>" +LICENSE = "BSD-2-Clause-Patent" + +inherit dpkg + +SRC_URI = "https://github.com/tianocore/edk2/archive/refs/tags/edk2-stable${PV}.tar.gz;name=edk2 \ + https://github.com/google/brotli/archive/${SRC_REV_brotli}.tar.gz;name=brotli \ + https://github.com/openssl/openssl/archive/refs/tags/${SRC_REV_openssl}.tar.gz;name=openssl \ + git://github.com/tianocore/edk2-platforms.git;protocol=https;destsuffix=git/edk2-platforms;name=edk2-platforms \ + file://rules.tmpl \ + " +SRC_URI[edk2.sha256sum] = "e6cf93bae78b30a10732b8afb5cc438735dc9ec976ae65d12dab041c18bb7987" +SRC_URI[brotli.sha256sum] = "6d6cacce05086b7debe75127415ff9c3661849f564fe2f5f3b0383d48aa4ed77" +SRC_URI[openssl.sha256sum] = "6b2d2440ced8c802aaa61475919f0870ec556694c466ebea460e35ea2b14839e" + +SRC_REV_brotli = "f4153a09f87cbb9c826d8fc12c74642bb2d879ea" +SRC_REV_openssl = "OpenSSL_1_1_1n" +SRCREV_edk2-platforms = "3b896d1a325686de3942723c42f286090453e37a" + +S = "${WORKDIR}/git" + +DEBIAN_BUILD_DEPENDS = "python3:native, dh-python, uuid-dev:native" + +EDK2_BINARIES ?= "Build/MmStandaloneRpmb/RELEASE_GCC5/FV/BL32_AP_MM.fd" + +BUILD_DEPENDS += "" + +TEMPLATE_FILES = "rules.tmpl" + +do_prepare_build() { + deb_debianize + + mkdir -p ${S}/edk2 + cp -a ${WORKDIR}/edk2-edk2-stable${PV}/* "${S}/edk2/" + cp -a ${WORKDIR}/brotli-${SRC_REV_brotli}/* "${S}/edk2/BaseTools/Source/C/BrotliCompress/brotli" + cp -a ${WORKDIR}/brotli-${SRC_REV_brotli}/* "${S}/edk2/MdeModulePkg/Library/BrotliCustomDecompressLib/brotli" + cp -a ${WORKDIR}/openssl-${SRC_REV_openssl}/* "${S}/edk2/CryptoPkg/Library/OpensslLib/openssl" + + rm -f ${S}/debian/edk2.install + for binary in ${EDK2_BINARIES}; do + echo "$binary /usr/lib/edk2/" >> \ + ${S}/debian/edk2-platformstandalonemmrpmb.install + done +} diff --git a/recipes-bsp/edk2/edk2-platformstandalonemmrpmb_202205.bb b/recipes-bsp/edk2/edk2-platformstandalonemmrpmb_202205.bb new file mode 100644 index 0000000..84761c9 --- /dev/null +++ b/recipes-bsp/edk2/edk2-platformstandalonemmrpmb_202205.bb @@ -0,0 +1,12 @@ +# +# CIP Core, generic profile +# +# Copyright (c) Siemens AG, 2022 +# +# Authors: +# Sven Schultschik <sven.schultschik@...> +# +# SPDX-License-Identifier: MIT +# + +require edk2-platformstandalonemmrpmb.inc diff --git a/recipes-bsp/edk2/files/rules.tmpl b/recipes-bsp/edk2/files/rules.tmpl new file mode 100755 index 0000000..388e49a --- /dev/null +++ b/recipes-bsp/edk2/files/rules.tmpl @@ -0,0 +1,61 @@ +#!/usr/bin/make -f +# +# Copyright (c) Siemens AG, 2022 +# +# SPDX-License-Identifier: MIT + +ifneq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE)) +export CROSS_COMPILE=$(DEB_HOST_GNU_TYPE)- +endif + +export WORKSPACE=$(shell pwd) +export PACKAGES_PATH=$(WORKSPACE)/edk2:$(WORKSPACE)/edk2-platforms +export ACTIVE_PLATFORM="Platform/StandaloneMm/PlatformStandaloneMmPkg/PlatformStandaloneMmRpmb.dsc" + +# https://github.com/tianocore/edk2-platforms/blob/master/Readme.md#if-cross-compiling +ifeq (arm64,$(DEB_TARGET_ARCH)) +export TARGET_ARCH = 'AARCH64' +else ifeq ((armhf,$(DEB_TARGET_ARCH)) +export TARGET_ARCH = 'ARM' +else ifeq ((amd64,$(DEB_TARGET_ARCH)) +export TARGET_ARCH = 'X64' +else ifeq ((i386,$(DEB_TARGET_ARCH)) +export TARGET_ARCH = 'IA32' +else +$(error DEB_TARGET_ARCH $(DEB_TARGET_ARCH) unsupported) +endif +# When cross-compiling, or building with a different version of the compiler than +# the default `gcc`, we additionally need to inform the +# build command which toolchain to use. We do this by setting the environment +# variable `{TOOL_CHAIN_TAG}_{TARGET_ARCH}_PREFIX` - in the case above, +# GCC5_AARCH64_PREFIX. +# export GCC5_AARCH64_PREFIX=aarch64-linux-gnu- +# using export here at TOP Level does not work, because +# GCC5_$(TARGET_ARCH)_PREFIX gets deleted again for what reason ever +# Therefore it is set right before the build command +# export GCC5_$(TARGET_ARCH)_PREFIX=$(DEB_HOST_GNU_TYPE)- + + +export SHELL=/bin/bash + +# ENV Vars which should get set by edksetup.sh +export PYTHON_COMMAND=python3 +export PYTHONHASHSEED=1 +export CONF_PATH=$(WORKSPACE)/edk2/Conf +export EDK_TOOLS_PATH=$(WORKSPACE)/edk2/BaseTools +export PATH=$(WORKSPACE)/edk2/BaseTools/Bin/Linux-$(TARGET_ARCH):$(WORKSPACE)/edk2/BaseTools/BinWrappers/PosixLike::/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +override_dh_auto_build: + source edk2/edksetup.sh --reconfig + + CFLAGS= LDFLAGS= make -C edk2/BaseTools + + (export GCC5_$(TARGET_ARCH)_PREFIX=$(DEB_HOST_GNU_TYPE)- && \ + build -p $(ACTIVE_PLATFORM) -b RELEASE -a $(TARGET_ARCH) -t GCC5 -n $(shell nproc)) + +override_dh_auto_install: + +override_dh_auto_test: + +%: + dh $@ --no-parallel -- 2.30.2
More All Messages By This Member
Su, Bao Cheng #10329 On Sun, 2022-11-20 at 21:47 +0100, Schultschik, Sven via lists.cip- project.org wrote: From: Sven Schultschik <sven.schultschik@...> provide a recipe to create the BL32_AP_MM.fd binary by edk2 which is needed for the qemu optee generation as dependency. Signed-off-by: Sven Schultschik <sven.schultschik@...> --- .../edk2/edk2-platformstandalonemmrpmb.inc \| 56 +++++++++++++++++ .../edk2-platformstandalonemmrpmb_202205.bb \| 12 ++++ recipes-bsp/edk2/files/rules.tmpl \| 61 +++++++++++++++++++ 3 files changed, 129 insertions(+) create mode 100644 recipes-bsp/edk2/edk2-platformstandalonemmrpmb.inc create mode 100644 recipes-bsp/edk2/edk2-platformstandalonemmrpmb_202205.bb create mode 100755 recipes-bsp/edk2/files/rules.tmpl diff --git a/recipes-bsp/edk2/edk2-platformstandalonemmrpmb.inc b/recipes-bsp/edk2/edk2-platformstandalonemmrpmb.inc new file mode 100644 index 0000000..3277cc8 --- /dev/null +++ b/recipes-bsp/edk2/edk2-platformstandalonemmrpmb.inc @@ -0,0 +1,56 @@ +# +# CIP Core, generic profile +# +# Copyright (c) Siemens AG, 2022 +# +# Authors: +# Sven Schultschik <sven.schultschik@...> +# +# SPDX-License-Identifier: MIT +# + +HOMEPAGE = "https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftianocore%2Fedk2&;data=05%7C01%7Cbaocheng.su%40ad011.siemens.com%7Cd8e95371c5514a59b97208dacb389eee%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C638045741292237684%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=9P%2FE9X1XBTC3KyoKEEdnFQMk75K0kWyJ27GIaNYLt8I%3D&reserved=0" +MAINTAINER = "Sven Schultschik <sven.schultschik@...>" +LICENSE = "BSD-2-Clause-Patent" + +inherit dpkg + +SRC_URI = "https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftianocore%2Fedk2%2Farchive%2Frefs%2Ftags%2Fedk2-stable%24&;data=05%7C01%7Cbaocheng.su%40ad011.siemens.com%7Cd8e95371c5514a59b97208dacb389eee%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C638045741292237684%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=iRpR%2FuUjJ7fm14hsvfXPeWP6IlyaUzHToet79uU2e4Y%3D&reserved=0{PV}.tar.gz;name=edk2 \ + https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fgoogle%2Fbrotli%2Farchive%2F%24&;data=05%7C01%7Cbaocheng.su%40ad011.siemens.com%7Cd8e95371c5514a59b97208dacb389eee%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C638045741292237684%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=pxp4gT%2Fm7pxMANDx0oXWpjknB%2ByUWFupdtQQsZn%2B1g8%3D&reserved=0{SRC_REV_brotli}.tar.gz;name=brotli \ + https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fopenssl%2Fopenssl%2Farchive%2Frefs%2Ftags%2F%24&;data=05%7C01%7Cbaocheng.su%40ad011.siemens.com%7Cd8e95371c5514a59b97208dacb389eee%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C638045741292237684%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=po8JpMAv3G51dPOvS6lDetWvdZiY6LjDruaR%2BejGESA%3D&reserved=0{SRC_REV_openssl}.tar.gz;name=openssl \ + git://github.com/tianocore/edk2-platforms.git;protocol=https;destsuffix=git/edk2-platforms;name=edk2-platforms \ + file://rules.tmpl \ + " +SRC_URI[edk2.sha256sum] = "e6cf93bae78b30a10732b8afb5cc438735dc9ec976ae65d12dab041c18bb7987" +SRC_URI[brotli.sha256sum] = "6d6cacce05086b7debe75127415ff9c3661849f564fe2f5f3b0383d48aa4ed77" +SRC_URI[openssl.sha256sum] = "6b2d2440ced8c802aaa61475919f0870ec556694c466ebea460e35ea2b14839e" + +SRC_REV_brotli = "f4153a09f87cbb9c826d8fc12c74642bb2d879ea" +SRC_REV_openssl = "OpenSSL_1_1_1n" +SRCREV_edk2-platforms = "3b896d1a325686de3942723c42f286090453e37a" + +S = "${WORKDIR}/git" + +DEBIAN_BUILD_DEPENDS = "python3:native, dh-python, uuid-dev:native" + +EDK2_BINARIES ?= "Build/MmStandaloneRpmb/RELEASE_GCC5/FV/BL32_AP_MM.fd" + +BUILD_DEPENDS += "" + +TEMPLATE_FILES = "rules.tmpl" + +do_prepare_build() { + deb_debianize + + mkdir -p ${S}/edk2 + cp -a ${WORKDIR}/edk2-edk2-stable${PV}/* "${S}/edk2/" + cp -a ${WORKDIR}/brotli-${SRC_REV_brotli}/* "${S}/edk2/BaseTools/Source/C/BrotliCompress/brotli" + cp -a ${WORKDIR}/brotli-${SRC_REV_brotli}/* "${S}/edk2/MdeModulePkg/Library/BrotliCustomDecompressLib/brotli" + cp -a ${WORKDIR}/openssl-${SRC_REV_openssl}/* "${S}/edk2/CryptoPkg/Library/OpensslLib/openssl" + + rm -f ${S}/debian/edk2.install + for binary in ${EDK2_BINARIES}; do + echo "$binary /usr/lib/edk2/" >> \ + ${S}/debian/edk2-platformstandalonemmrpmb.install + done +} diff --git a/recipes-bsp/edk2/edk2-platformstandalonemmrpmb_202205.bb b/recipes-bsp/edk2/edk2-platformstandalonemmrpmb_202205.bb new file mode 100644 index 0000000..84761c9 --- /dev/null +++ b/recipes-bsp/edk2/edk2-platformstandalonemmrpmb_202205.bb 2022.05 is a bit older version, the latest ones are 2022.08 and even 2022.11. Not sure if any security updates between these versions, but I would blindly use the newer version. - Baocheng @@ -0,0 +1,12 @@ +# +# CIP Core, generic profile +# +# Copyright (c) Siemens AG, 2022 +# +# Authors: +# Sven Schultschik <sven.schultschik@...> +# +# SPDX-License-Identifier: MIT +# + +require edk2-platformstandalonemmrpmb.inc Sorry, after some rethinking, I find maybe it's not a good idea to have the multiple version supportive for EDK2, since: 1. EDK2 has too many sub-components, if multi version need be supported, somebody must have to maintain a list of these sub-components for each version, which could be a not easy job. Also, it's hard to notice if the wrong versions of some sub-components are selected. So it would increase the chance of making mistake. 2. Unlike kernel, there should be no real requirement of using different version of EDK2 stmm for different products/projects, from security point of view, the latest security version should always be used. 3. Best practice, per my understanding, is we have an unified EDK2-stmm version in cip-core and downstreams just use it. if new version is required, then upsteam it into cip-core. - Baocheng diff --git a/recipes-bsp/edk2/files/rules.tmpl b/recipes-bsp/edk2/files/rules.tmpl new file mode 100755 index 0000000..388e49a --- /dev/null +++ b/recipes-bsp/edk2/files/rules.tmpl @@ -0,0 +1,61 @@ +#!/usr/bin/make -f +# +# Copyright (c) Siemens AG, 2022 +# +# SPDX-License-Identifier: MIT + +ifneq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE)) +export CROSS_COMPILE=$(DEB_HOST_GNU_TYPE)- +endif + +export WORKSPACE=$(shell pwd) +export PACKAGES_PATH=$(WORKSPACE)/edk2:$(WORKSPACE)/edk2-platforms +export ACTIVE_PLATFORM="Platform/StandaloneMm/PlatformStandaloneMmPkg/PlatformStandaloneMmRpmb.dsc" + +# https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftianocore%2Fedk2-platforms%2Fblob%2Fmaster%2FReadme.md%23if-cross-compiling&;data=05%7C01%7Cbaocheng.su%40ad011.siemens.com%7Cd8e95371c5514a59b97208dacb389eee%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C638045741292237684%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=FewD9iEjYriBF2%2FwENcbaS594qR18lg%2BQZ8HgHRt6JQ%3D&reserved=0 +ifeq (arm64,$(DEB_TARGET_ARCH)) +export TARGET_ARCH = 'AARCH64' +else ifeq ((armhf,$(DEB_TARGET_ARCH)) +export TARGET_ARCH = 'ARM' +else ifeq ((amd64,$(DEB_TARGET_ARCH)) +export TARGET_ARCH = 'X64' +else ifeq ((i386,$(DEB_TARGET_ARCH)) +export TARGET_ARCH = 'IA32' +else +$(error DEB_TARGET_ARCH $(DEB_TARGET_ARCH) unsupported) +endif +# When cross-compiling, or building with a different version of the compiler than +# the default `gcc`, we additionally need to inform the +# build command which toolchain to use. We do this by setting the environment +# variable `{TOOL_CHAIN_TAG}_{TARGET_ARCH}_PREFIX` - in the case above, +# GCC5_AARCH64_PREFIX. +# export GCC5_AARCH64_PREFIX=aarch64-linux-gnu- +# using export here at TOP Level does not work, because +# GCC5_$(TARGET_ARCH)_PREFIX gets deleted again for what reason ever +# Therefore it is set right before the build command +# export GCC5_$(TARGET_ARCH)_PREFIX=$(DEB_HOST_GNU_TYPE)- + + +export SHELL=/bin/bash + +# ENV Vars which should get set by edksetup.sh +export PYTHON_COMMAND=python3 +export PYTHONHASHSEED=1 +export CONF_PATH=$(WORKSPACE)/edk2/Conf +export EDK_TOOLS_PATH=$(WORKSPACE)/edk2/BaseTools +export PATH=$(WORKSPACE)/edk2/BaseTools/Bin/Linux-$(TARGET_ARCH):$(WORKSPACE)/edk2/BaseTools/BinWrappers/PosixLike::/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +override_dh_auto_build: + source edk2/edksetup.sh --reconfig + + CFLAGS= LDFLAGS= make -C edk2/BaseTools + + (export GCC5_$(TARGET_ARCH)_PREFIX=$(DEB_HOST_GNU_TYPE)- && \ + build -p $(ACTIVE_PLATFORM) -b RELEASE -a $(TARGET_ARCH) -t GCC5 -n $(shell nproc)) + +override_dh_auto_install: + +override_dh_auto_test: + +%: + dh $@ --no-parallel
More All Messages By This Member
Jan Kiszka #10330 On 09.01.23 07:42, Su, Bao Cheng (DI FA CTR IPC CN PRC4) wrote: On Sun, 2022-11-20 at 21:47 +0100, Schultschik, Sven via lists.cip- project.org wrote: From: Sven Schultschik <sven.schultschik@...> provide a recipe to create the BL32_AP_MM.fd binary by edk2 which is needed for the qemu optee generation as dependency. Should mention the StandaloneMm for RPMB, what it is and then mention where it will be used. Also adjust the subject - we are not building complete EDK2. Signed-off-by: Sven Schultschik <sven.schultschik@...> --- .../edk2/edk2-platformstandalonemmrpmb.inc \| 56 +++++++++++++++++ .../edk2-platformstandalonemmrpmb_202205.bb \| 12 ++++ Recipe name became too unreadable. "edk2-standalonemm-rpmb" maybe? By convention, we don't use camel-cases in recipes, so this cannot help with separating words. recipes-bsp/edk2/files/rules.tmpl \| 61 +++++++++++++++++++ 3 files changed, 129 insertions(+) create mode 100644 recipes-bsp/edk2/edk2-platformstandalonemmrpmb.inc create mode 100644 recipes-bsp/edk2/edk2-platformstandalonemmrpmb_202205.bb create mode 100755 recipes-bsp/edk2/files/rules.tmpl diff --git a/recipes-bsp/edk2/edk2-platformstandalonemmrpmb.inc b/recipes-bsp/edk2/edk2-platformstandalonemmrpmb.inc new file mode 100644 index 0000000..3277cc8 --- /dev/null +++ b/recipes-bsp/edk2/edk2-platformstandalonemmrpmb.inc @@ -0,0 +1,56 @@ +# +# CIP Core, generic profile +# +# Copyright (c) Siemens AG, 2022 +# +# Authors: +# Sven Schultschik <sven.schultschik@...> +# +# SPDX-License-Identifier: MIT +# + +HOMEPAGE = "https://github.com/tianocore/edk2" +MAINTAINER = "Sven Schultschik <sven.schultschik@...>" +LICENSE = "BSD-2-Clause-Patent" We don't track licenses this way, so better drop this line. + +inherit dpkg + +SRC_URI = "https://github.com/tianocore/edk2/archive/refs/tags/edk2-stable${PV}.tar.gz;name=edk2 \ + https://github.com/google/brotli/archive/${SRC_REV_brotli}.tar.gz;name=brotli \ + https://github.com/openssl/openssl/archive/refs/tags/${SRC_REV_openssl}.tar.gz;name=openssl \ Can we use the Debian sources here? Would avoid separate version tracking (SVM, OSS license checking...). + git://github.com/tianocore/edk2-platforms.git;protocol=https;destsuffix=git/edk2-platforms;name=edk2-platforms \ Why not using an archive here as well? Even works when there is no release tag. + file://rules.tmpl \ + " +SRC_URI[edk2.sha256sum] = "e6cf93bae78b30a10732b8afb5cc438735dc9ec976ae65d12dab041c18bb7987" +SRC_URI[brotli.sha256sum] = "6d6cacce05086b7debe75127415ff9c3661849f564fe2f5f3b0383d48aa4ed77" +SRC_URI[openssl.sha256sum] = "6b2d2440ced8c802aaa61475919f0870ec556694c466ebea460e35ea2b14839e" + +SRC_REV_brotli = "f4153a09f87cbb9c826d8fc12c74642bb2d879ea" +SRC_REV_openssl = "OpenSSL_1_1_1n" +SRCREV_edk2-platforms = "3b896d1a325686de3942723c42f286090453e37a" Would be good to clarify how these revisions were selected. Do they come from the EDK2 build manifest? + +S = "${WORKDIR}/git" + +DEBIAN_BUILD_DEPENDS = "python3:native, dh-python, uuid-dev:native" + +EDK2_BINARIES ?= "Build/MmStandaloneRpmb/RELEASE_GCC5/FV/BL32_AP_MM.fd" + +BUILD_DEPENDS += "" Useless line. + +TEMPLATE_FILES = "rules.tmpl" Which variables are you actually replacing? + +do_prepare_build() { + deb_debianize + + mkdir -p ${S}/edk2 + cp -a ${WORKDIR}/edk2-edk2-stable${PV}/* "${S}/edk2/" + cp -a ${WORKDIR}/brotli-${SRC_REV_brotli}/* "${S}/edk2/BaseTools/Source/C/BrotliCompress/brotli" + cp -a ${WORKDIR}/brotli-${SRC_REV_brotli}/* "${S}/edk2/MdeModulePkg/Library/BrotliCustomDecompressLib/brotli" + cp -a ${WORKDIR}/openssl-${SRC_REV_openssl}/* "${S}/edk2/CryptoPkg/Library/OpensslLib/openssl" + + rm -f ${S}/debian/edk2.install + for binary in ${EDK2_BINARIES}; do + echo "$binary /usr/lib/edk2/" >> \ + ${S}/debian/edk2-platformstandalonemmrpmb.install + done +} diff --git a/recipes-bsp/edk2/edk2-platformstandalonemmrpmb_202205.bb b/recipes-bsp/edk2/edk2-platformstandalonemmrpmb_202205.bb new file mode 100644 index 0000000..84761c9 --- /dev/null +++ b/recipes-bsp/edk2/edk2-platformstandalonemmrpmb_202205.bb 2022.05 is a bit older version, the latest ones are 2022.08 and even 2022.11. Not sure if any security updates between these versions, but I would blindly use the newer version. Ack. - Baocheng @@ -0,0 +1,12 @@ +# +# CIP Core, generic profile +# +# Copyright (c) Siemens AG, 2022 +# +# Authors: +# Sven Schultschik <sven.schultschik@...> +# +# SPDX-License-Identifier: MIT +# + +require edk2-platformstandalonemmrpmb.inc Sorry, after some rethinking, I find maybe it's not a good idea to have the multiple version supportive for EDK2, since: 1. EDK2 has too many sub-components, if multi version need be supported, somebody must have to maintain a list of these sub-components for each version, which could be a not easy job. Also, it's hard to notice if the wrong versions of some sub-components are selected. So it would increase the chance of making mistake. 2. Unlike kernel, there should be no real requirement of using different version of EDK2 stmm for different products/projects, from security point of view, the latest security version should always be used. 3. Best practice, per my understanding, is we have an unified EDK2-stmm version in cip-core and downstreams just use it. if new version is required, then upsteam it into cip-core. - Baocheng diff --git a/recipes-bsp/edk2/files/rules.tmpl b/recipes-bsp/edk2/files/rules.tmpl new file mode 100755 index 0000000..388e49a --- /dev/null +++ b/recipes-bsp/edk2/files/rules.tmpl @@ -0,0 +1,61 @@ +#!/usr/bin/make -f +# +# Copyright (c) Siemens AG, 2022 +# +# SPDX-License-Identifier: MIT + +ifneq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE)) +export CROSS_COMPILE=$(DEB_HOST_GNU_TYPE)- +endif + +export WORKSPACE=$(shell pwd) +export PACKAGES_PATH=$(WORKSPACE)/edk2:$(WORKSPACE)/edk2-platforms +export ACTIVE_PLATFORM="Platform/StandaloneMm/PlatformStandaloneMmPkg/PlatformStandaloneMmRpmb.dsc" + +# https://github.com/tianocore/edk2-platforms/blob/master/Readme.md#if-cross-compiling +ifeq (arm64,$(DEB_TARGET_ARCH)) +export TARGET_ARCH = 'AARCH64' +else ifeq ((armhf,$(DEB_TARGET_ARCH)) +export TARGET_ARCH = 'ARM' +else ifeq ((amd64,$(DEB_TARGET_ARCH)) +export TARGET_ARCH = 'X64' +else ifeq ((i386,$(DEB_TARGET_ARCH)) +export TARGET_ARCH = 'IA32' +else +$(error DEB_TARGET_ARCH $(DEB_TARGET_ARCH) unsupported) +endif Maybe a blank line here to make things more readable. +# When cross-compiling, or building with a different version of the compiler than +# the default `gcc`, we additionally need to inform the +# build command which toolchain to use. We do this by setting the environment +# variable `{TOOL_CHAIN_TAG}_{TARGET_ARCH}_PREFIX` - in the case above, +# GCC5_AARCH64_PREFIX. +# export GCC5_AARCH64_PREFIX=aarch64-linux-gnu- +# using export here at TOP Level does not work, because +# GCC5_$(TARGET_ARCH)_PREFIX gets deleted again for what reason ever +# Therefore it is set right before the build command +# export GCC5_$(TARGET_ARCH)_PREFIX=$(DEB_HOST_GNU_TYPE)- Context? This refers to something done much more below. + + One blank line too much. +export SHELL=/bin/bash Needed? + +# ENV Vars which should get set by edksetup.sh +export PYTHON_COMMAND=python3 +export PYTHONHASHSEED=1 +export CONF_PATH=$(WORKSPACE)/edk2/Conf +export EDK_TOOLS_PATH=$(WORKSPACE)/edk2/BaseTools +export PATH=$(WORKSPACE)/edk2/BaseTools/Bin/Linux-$(TARGET_ARCH):$(WORKSPACE)/edk2/BaseTools/BinWrappers/PosixLike::/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +override_dh_auto_build: +source edk2/edksetup.sh --reconfig + +CFLAGS= LDFLAGS= make -C edk2/BaseTools + +(export GCC5_$(TARGET_ARCH)_PREFIX=$(DEB_HOST_GNU_TYPE)- && \ +build -p $(ACTIVE_PLATFORM) -b RELEASE -a $(TARGET_ARCH) -t GCC5 -n $(shell nproc)) + +override_dh_auto_install: + +override_dh_auto_test: + +%: +dh $@ --no-parallel I've discussed with Baocheng to pull this in earlier. Unfortunately, the situation for QEMU is still ugly, and I do not like that U-Boot hack which does not allow us to truly explore EFI vars in RPMB (even more if kernel patches will show up soon that allow using those via the normal kernel APIs). Jan -- Siemens AG, Technology Competence Center Embedded Linux
More All Messages By This Member
Schultschik, Sven #10342 On Mon, 2023-01-09 at 06:42 +0000, Su, Bao Cheng (DI FA CTR IPC CN PRC4) wrote: 2022.05 is a bit older version, the latest ones are 2022.08 and even 2022.11. Not sure if any security updates between these versions, but I would blindly use the newer version. - Baocheng Indeed the patch itself has some age now. I didn't update after the feedback, that the patch won't be merge till qemu has a rpmb implementation. smime.p7s
More All Messages By This Member
Schultschik, Sven #10343 On Mon, 2023-01-09 at 08:40 +0100, Jan Kiszka wrote: On 09.01.23 07:42, Su, Bao Cheng (DI FA CTR IPC CN PRC4) wrote: On Sun, 2022-11-20 at 21:47 +0100, Schultschik, Sven via lists.cip- project.org wrote: From: Sven Schultschik <sven.schultschik@...> provide a recipe to create the BL32_AP_MM.fd binary by edk2 which is needed for the qemu optee generation as dependency. Should mention the StandaloneMm for RPMB, what it is and then mention where it will be used. Also adjust the subject - we are not building complete EDK2. Signed-off-by: Sven Schultschik <sven.schultschik@...> --- .../edk2/edk2-platformstandalonemmrpmb.inc \| 56 +++++++++++++++++ .../edk2-platformstandalonemmrpmb_202205.bb \| 12 ++++ Recipe name became too unreadable. "edk2-standalonemm-rpmb" maybe? By convention, we don't use camel-cases in recipes, so this cannot help with separating words. Made the changes yesterday, but as I can see you already did with the other patch you send in. Would be good to clarify how these revisions were selected. Do they come from the EDK2 build manifest? Those are submodules. So look into the edk2 repo on the specific location which version they used in the submodul at the version you want to use edk2. +export SHELL=/bin/bash Needed? Yes. source edk2/edksetup.sh only works under bin/bash smime.p7s
More All Messages By This Member

1 - 5 of 5

1

Previous Topic Next Topic

Home Hashtags Subgroups Terms