From 1e16eec79494a9bdd4d05783e73a5e32b02752ae Mon Sep 17 00:00:00 2001
From: hanliyang <hanliyang@hygon.cn>
Date: Mon, 14 Apr 2025 14:25:32 +0000
Subject: [PATCH] [Feat]Build OVMF.fd using AmdSevX64.dsc to support Full Disk
 Encryption

to #bug20426

Currently, the edk2.spec assumes the grub2-efi-x64-modules doesn't
contain efisecret.mod which is the prerequisite to build grub.efi for
the OVMF.fd using AmdSevX64.dsc, so the edk2.spec touches a dummy
grub.efi to support build OVMF.fd using AmdSevX64.dsc. Since the
https://gitee.com/src-anolis-os/grub2/pulls/69 add efisecret.mod to the
grub2-efi-x64-modules, it's reasonable to remove the dummy grub.efi from
the edk2.spec.

Signed-off-by: hanliyang <hanliyang@hygon.cn>
---
 ...ntegrate-grub2-x86_64-efi-modules-fr.patch | 29 +++++++++++++++++++
 edk2.spec                                     | 16 ++++++++--
 2 files changed, 43 insertions(+), 2 deletions(-)
 create mode 100644 0052-OvmfPkg-AmdSev-Integrate-grub2-x86_64-efi-modules-fr.patch

diff --git a/0052-OvmfPkg-AmdSev-Integrate-grub2-x86_64-efi-modules-fr.patch b/0052-OvmfPkg-AmdSev-Integrate-grub2-x86_64-efi-modules-fr.patch
new file mode 100644
index 0000000..ca2b075
--- /dev/null
+++ b/0052-OvmfPkg-AmdSev-Integrate-grub2-x86_64-efi-modules-fr.patch
@@ -0,0 +1,29 @@
+From 1bdf1ace04bd33a3d62d0d8aa81f43576566e8eb Mon Sep 17 00:00:00 2001
+From: hanliyang <hanliyang@hygon.cn>
+Date: Mon, 14 Apr 2025 17:00:36 +0800
+Subject: [PATCH] OvmfPkg/AmdSev: Integrate grub2 x86_64-efi modules from the
+ system path to grub.efi which is used to support Full Disk Encryption
+
+The builder system should ensure that the efisecret.mod exist in the
+system path.
+
+Signed-off-by: hanliyang <hanliyang@hygon.cn>
+---
+ OvmfPkg/AmdSev/Grub/grub.sh | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/OvmfPkg/AmdSev/Grub/grub.sh b/OvmfPkg/AmdSev/Grub/grub.sh
+index c8e57a1..760a03b 100644
+--- a/OvmfPkg/AmdSev/Grub/grub.sh
++++ b/OvmfPkg/AmdSev/Grub/grub.sh
+@@ -84,7 +84,6 @@ mcopy -i "${basedir}/disk.fat" -- "${basedir}/grub.cfg" ::grub.cfg
+ ${mkimage} -O x86_64-efi \
+            -p '(crypto0)' \
+            -c "${basedir}/grub-bootstrap.cfg" \
+-           -d "/opt/grub/lib/grub/x86_64-efi" \
+            -m "${basedir}/disk.fat" \
+            -o "${basedir}/grub.efi" \
+            ${GRUB_MODULES}
+-- 
+2.43.5
+
diff --git a/edk2.spec b/edk2.spec
index b2f5e2c..76ccc11 100644
--- a/edk2.spec
+++ b/edk2.spec
@@ -8,7 +8,7 @@ ExclusiveArch: x86_64 aarch64
 
 Name:       edk2
 Version:    %{GITDATE}git%{GITCOMMIT}
-Release:    13%{anolis_release}%{?dist}.6
+Release:    13%{anolis_release}%{?dist}.7
 Summary:    UEFI firmware for 64-bit virtual machines
 Group:      Applications/Emulators
 License:    BSD-2-Clause-Patent and OpenSSL and MIT
@@ -420,6 +420,11 @@ Patch1021: 0050-OvmfPkg-AmdSev-Support-build-OVMF.fd-using-AmdSevX64.patch
 # Fix boot failure on OvmfPkg/AmdSev
 Patch1022: 0051-OvmfPkg-AmdSev-Add-missing-PcdMemEncryptStatus-Base-.patch
 
+# Get grub2 x64 module from CI system path when building OVMF.amdsev.fd using
+# AmdSevX64.dsc, this will enable the OVMF.amdsev.fd to support Full Disk
+# Encryption right out of the box.
+Patch1023: 0052-OvmfPkg-AmdSev-Integrate-grub2-x86_64-efi-modules-fr.patch
+
 # python3-devel and libuuid-devel are required for building tools.
 # python3-devel is also needed for varstore template generation and
 # verification with "ovmf-vars-generator".
@@ -447,6 +452,11 @@ BuildRequires:  qemu-kvm-core >= 2.12.0-89
 BuildRequires: kernel-core >= 4.18.0-161
 BuildRequires: rpmdevtools
 
+# For build OVMF.amdsev.fd using AmdSevX64.dsc, we need grub2-mkimage and some
+# modules in grub2-efi-x64-modules package if we don't touch dummy grub.efi.
+BuildRequires: grub2-tools
+BuildRequires: grub2-efi-x64-modules
+
 %package ovmf
 Summary:    UEFI firmware for x86_64 virtual machines
 BuildArch:  noarch
@@ -649,7 +659,6 @@ cmp Build/OvmfX64/DEBUG_%{TOOLCHAIN}/FV/OVMF_VARS.fd \
   OVMF_VARS.secboot.fd
 
 # Build using AmdSevX64.dsc with neither SB nor SMM.
-touch OvmfPkg/AmdSev/Grub/grub.efi # dummy
 build ${CC_FLAGS} -D TPM_ENABLE -D FD_SIZE_4MB -a X64 \
   -D PVSCSI_ENABLE=FALSE -D MPT_SCSI_ENABLE=FALSE \
   -p OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -874,6 +883,9 @@ true
 %endif
 
 %changelog
+* Mon Apr 14 2025 hanliyang <hanliyang@hygon.cn> - 20220126gitbb1bba3d77-13.0.1.7
+- Build OVMF.fd using AmdSevX64.dsc to support Full Disk Encryption
+
 * Tue Mar 18 2025 hanliyang <hanliyang@hygon.cn> - 20220126gitbb1bba3d77-13.0.1.6
 - Fix boot failure on OvmfPkg/AmdSev
 - Add a build process that uses AmdSevX64.dsc with neither SB nor SMM enabled
-- 
Gitee