From 3a5d550526daed4b8750cf51ffe193c496738ce4 Mon Sep 17 00:00:00 2001 From: hanliyang Date: Tue, 8 Apr 2025 12:20:40 +0000 Subject: [PATCH] Build OVMF.fd using AmdSevX64.dsc to support Full Disk Encryption Signed-off-by: hanliyang --- ...ntegrate-grub2-x86_64-efi-modules-fr.patch | 29 +++++++++++++++++++ edk2.spec | 17 +++++++++-- 2 files changed, 43 insertions(+), 3 deletions(-) create mode 100644 1005-OvmfPkg-AmdSev-Integrate-grub2-x86_64-efi-modules-fr.patch diff --git a/1005-OvmfPkg-AmdSev-Integrate-grub2-x86_64-efi-modules-fr.patch b/1005-OvmfPkg-AmdSev-Integrate-grub2-x86_64-efi-modules-fr.patch new file mode 100644 index 0000000..b8cb00c --- /dev/null +++ b/1005-OvmfPkg-AmdSev-Integrate-grub2-x86_64-efi-modules-fr.patch @@ -0,0 +1,29 @@ +From e3eef5a946ed4662960a773cbf5dff175945f25e Mon Sep 17 00:00:00 2001 +From: hanliyang +Date: Mon, 14 Apr 2025 17:00:36 +0800 +Subject: [PATCH] OvmfPkg/AmdSev: Integrate grub2 x86_64-efi modules from the + system path to grub.efi which is used to support Full Disk Encryption + +The builder system should ensure that the efisecret.mod exist in the +system path. + +Signed-off-by: hanliyang +--- + OvmfPkg/AmdSev/Grub/grub.sh | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/OvmfPkg/AmdSev/Grub/grub.sh b/OvmfPkg/AmdSev/Grub/grub.sh +index c8e57a1..760a03b 100644 +--- a/OvmfPkg/AmdSev/Grub/grub.sh ++++ b/OvmfPkg/AmdSev/Grub/grub.sh +@@ -84,7 +84,6 @@ mcopy -i "${basedir}/disk.fat" -- "${basedir}/grub.cfg" ::grub.cfg + ${mkimage} -O x86_64-efi \ + -p '(crypto0)' \ + -c "${basedir}/grub-bootstrap.cfg" \ +- -d "/opt/grub/lib/grub/x86_64-efi" \ + -m "${basedir}/disk.fat" \ + -o "${basedir}/grub.efi" \ + ${GRUB_MODULES} +-- +2.25.1 + diff --git a/edk2.spec b/edk2.spec index f158043..5cbc736 100644 --- a/edk2.spec +++ b/edk2.spec @@ -1,4 +1,4 @@ -%define anolis_release 10 +%define anolis_release 11 %undefine _auto_set_build_flags ExclusiveArch: x86_64 aarch64 loongarch64 @@ -96,6 +96,11 @@ Patch1002: 1002-Bugfix-for-CVE-2023-45236.patch Patch1003: 1003-OvmfPkg-AmdSev-Support-full-disk-encryption-based-on.patch Patch1004: 1004-OvmfPkg-AmdSev-Add-missing-module-CsvDxe.patch +# Get grub2 x64 module from CI system path when building OVMF.amdsev.fd using +# AmdSevX64.dsc, this will enable the OVMF.amdsev.fd to support Full Disk +# Encryption right out of the box. +Patch1005: 1005-OvmfPkg-AmdSev-Integrate-grub2-x86_64-efi-modules-fr.patch + BuildRequires: python3-devel BuildRequires: libuuid-devel %ifnarch loongarch64 @@ -109,6 +114,11 @@ BuildRequires: nasm BuildRequires: dosfstools BuildRequires: mtools BuildRequires: xorriso + +# For build OVMF.amdsev.fd using AmdSevX64.dsc, we need grub2-mkimage and some +# modules in grub2-efi-x64-modules package if we don't touch dummy grub.efi. +BuildRequires: grub2-tools +BuildRequires: grub2-efi-x64-modules %endif %package ovmf @@ -298,8 +308,6 @@ export EXTRA_OPTFLAGS="%{optflags}" export EXTRA_LDFLAGS="%{__global_ldflags}" export RELEASE_DATE="$(echo %{GITDATE} | sed -e 's|\(....\)\(..\)\(..\)|\2/\3/\1|')" -touch OvmfPkg/AmdSev/Grub/grub.efi # dummy - %if %{build_ovmf} ./edk2-build.py --config edk2-build --release-date "$RELEASE_DATE" -m ovmf @@ -500,6 +508,9 @@ install -m 0644 \ %changelog +* Tue Apr 08 2025 hanliyang - 202402-11 +- Build OVMF.fd using AmdSevX64.dsc to support Full Disk Encryption + * Mon Mar 17 2025 hanliyang - 202402-10 - Add missing module CsvDxe -- Gitee