diff --git a/edk2.spec b/edk2.spec index 8b5551d3e107cd9ab50b52894ab4d3c4d29ae796..2bddc0e0ded84986026645a80a06a0a40fc48f60 100644 --- a/edk2.spec +++ b/edk2.spec @@ -7,7 +7,7 @@ Name: edk2 Version: %{stable_date} -Release: 21 +Release: 22 Summary: EFI Development Kit II License: BSD-2-Clause-Patent and OpenSSL and MIT URL: https://github.com/tianocore/edk2 @@ -268,6 +268,14 @@ build $BUILD_OPTION for ovmf_bin in $(ls Build/OvmfX64/*/FV/OVMF*.fd.secure_boot); do mv ${ovmf_bin} $(echo ${ovmf_bin} | sed 's/\.secure_boot//') done + + # Build OVMF using OvmfPkg/AmdSev/AmdSevX64.dsc. The build depends on + # OvmfPkg/AmdSev/Grub/grub.efi, and grub.efi further depends on Grub + # with efisecret support. When the build system's native Grub + # supports efisecret, remove this fake OvmfPkg/AmdSev/Grub/grub.efi. + touch OvmfPkg/AmdSev/Grub/grub.efi + BUILD_OPTION=$(echo $BUILD_OPTION | sed 's/ -p OvmfPkg\/OvmfPkgX64.dsc/ -p OvmfPkg\/AmdSev\/AmdSevX64.dsc/g') + build $BUILD_OPTION %endif %install @@ -316,6 +324,8 @@ chmod +x %{buildroot}%{_bindir}/Rsa2048Sha256GenerateKeys %endif %ifarch x86_64 + mkdir -p %{buildroot}/usr/share/%{name}/ovmf.amdsev + mv Build/AmdSev/*/FV/OVMF*.fd %{buildroot}/usr/share/%{name}/ovmf.amdsev mkdir -p %{buildroot}/usr/share/%{name}/ovmf.nosb mv Build/OvmfX64/*/FV/OVMF*.nosb.fd %{buildroot}/usr/share/%{name}/ovmf.nosb mkdir -p %{buildroot}/usr/share/%{name}/ovmf @@ -402,6 +412,7 @@ chmod +x %{buildroot}%{_bindir}/Rsa2048Sha256GenerateKeys %dir %{_datadir}/%{name} %{_datadir}/%{name}/ovmf %{_datadir}/%{name}/ovmf.nosb +%{_datadir}/%{name}/ovmf.amdsev %{_datadir}/qemu/firmware/10-edk2-ovmf-x64-nosb.json %endif @@ -430,6 +441,9 @@ chmod +x %{buildroot}%{_bindir}/Rsa2048Sha256GenerateKeys %endif %changelog +* Tue Mar 18 2025 hanliyang - 202308-22 +- Add build process that uses OvmfPkg/AmdSev/AmdSevX64.dsc + * Mon Mar 17 2025 huyu - 202308-21 - fix CVE-2024-4603