[PATCH 0/9] UEFI + Secure Boot + qemu

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Patrick Ohly <patrick.ohly@intel.com>
To: openembedded-core@lists.openembedded.org, ricardo.neri@intel.com
Subject: [PATCH 0/9] UEFI + Secure Boot + qemu
Date: Wed, 21 Dec 2016 14:11:24 +0100	[thread overview]
Message-ID: <cover.1482324587.git.patrick.ohly@intel.com> (raw)

There seems to be a consensus that supporting UEFI in OE-core for qemu
would be valuable, and there have been some (stalled) attempts to add
it. For reference, see:
   [OE-core] [PATCH V3 0/3] Add UEFI firmware for qemux86*
   [OE-core] Add ovmf-native to make qemu-native/runqemu support boot UEFI image?
   https://bugzilla.yoctoproject.org/show_bug.cgi?id=5654
   https://github.com/01org/luv-yocto/issues/38

This patch set includes the necessary recipes (ovmf and iasl from
meta-luv), some improvements to them (in particular, enabling Secure
Boot), and changes to runqemu to make it easier to boot with UEFI. A
special image recipes builds an image which can be used to lock down a
virtual machine by enrolling the "normal" pre-installed certificates.

I decided to keep the setup simple and use just a single file for UEFI
code and variables because that makes the usage via runqemu very
easy. See the "runqemu: support UEFI with OVMF firmware" patch for
details. The downside is that the firmware can't be updated without
loosing variables. I don't see a big need for long-lived virtual
machine instances, but would like to hear from others about that.

What's missing is automated testing of this new feature. I'm open for
suggestions here; right now I don't know enough about the automated
testing in the AB to propose something.

I've discussed the usage of ovmf/iasl with Ricardo and he agreed that
moving ovmf and iasl from meta-luv to OE-core makes sense. Ricardo,
would you be willing to act as maintainer of it there, like you did in
meta-luv?

Beware that "git am --keep-cr" must be used to import the ovmf patches
correctly.

The following changes since commit 5e21afc9395060b489156d3f90505a372b713f37:

  Revert "selftest/wic: extending test coverage for WIC script options" (2016-12-20 17:06:01 +0000)

are available in the git repository at:

  git://github.com/pohly/openembedded-core secure-boot
  https://github.com/pohly/openembedded-core/tree/secure-boot

Patrick Ohly (7):
  ovmf: explicitly depend on nasm-native
  ovmf: deploy firmware in image directory
  ovmf_git.bb: enable parallel compilation
  ovmf_git.bb: enable Secure Boot
  runqemu: let command line parameters override defaults
  runqemu: support UEFI with OVMF firmware
  ovmf: build image which enrolls standard keys

meta-luv (2):
  ovmf: move from meta-luv to OE-core
  iasl: move from meta-luv to OE-core

 meta/recipes-core/ovmf/ovmf-shell-image.bb         |   22 +
 ...s-Force-tools-variables-to-host-toolchain.patch |   48 +
 .../ovmf/0001-OvmfPkg-Enable-BGRT-in-OVMF.patch    |  110 ++
 ...0002-ovmf-update-path-to-native-BaseTools.patch |   32 +
 ...makefile-adjust-to-build-in-under-bitbake.patch |   39 +
 ...ollDefaultKeys-application-for-enrolling-.patch | 1123 ++++++++++++++++++++
 meta/recipes-core/ovmf/ovmf/ovmf-shell-image.wks   |    4 +
 meta/recipes-core/ovmf/ovmf_git.bb                 |  178 ++++
 meta/recipes-extended/iasl/iasl_20120215.bb        |   27 +
 meta/recipes-extended/iasl/iasl_20150410.bb        |   27 +
 meta/recipes-extended/iasl/iasl_20150515.bb        |   27 +
 scripts/runqemu                                    |   37 +-
 12 files changed, 1673 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-core/ovmf/ovmf-shell-image.bb
 create mode 100644 meta/recipes-core/ovmf/ovmf/0001-BaseTools-Force-tools-variables-to-host-toolchain.patch
 create mode 100644 meta/recipes-core/ovmf/ovmf/0001-OvmfPkg-Enable-BGRT-in-OVMF.patch
 create mode 100644 meta/recipes-core/ovmf/ovmf/0002-ovmf-update-path-to-native-BaseTools.patch
 create mode 100644 meta/recipes-core/ovmf/ovmf/0003-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch
 create mode 100644 meta/recipes-core/ovmf/ovmf/0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch
 create mode 100644 meta/recipes-core/ovmf/ovmf/ovmf-shell-image.wks
 create mode 100644 meta/recipes-core/ovmf/ovmf_git.bb
 create mode 100644 meta/recipes-extended/iasl/iasl_20120215.bb
 create mode 100644 meta/recipes-extended/iasl/iasl_20150410.bb
 create mode 100644 meta/recipes-extended/iasl/iasl_20150515.bb

-- 
2.1.4

next             reply	other threads:[~2016-12-21 13:11 UTC|newest]

Thread overview: 35+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-12-21 13:11 Patrick Ohly [this message]
2016-12-21 13:11 ` [PATCH 1/9] ovmf: move from meta-luv to OE-core Patrick Ohly
2016-12-28  2:58   ` Ricardo Neri
2016-12-21 13:11 ` [PATCH 2/9] iasl: " Patrick Ohly
2016-12-21 14:11   ` Fathi Boudra
2016-12-21 15:38     ` Patrick Ohly
2016-12-21 18:17       ` Fathi Boudra
2016-12-28  3:08   ` Ricardo Neri
2016-12-21 13:11 ` [PATCH 3/9] ovmf: explicitly depend on nasm-native Patrick Ohly
     [not found]   ` <1482893989.106950.45.camel@ranerica-desktop>
2017-01-04 12:56     ` Patrick Ohly
2016-12-21 13:11 ` [PATCH 4/9] ovmf: deploy firmware in image directory Patrick Ohly
2016-12-28  3:12   ` Ricardo Neri
2016-12-28 21:38   ` Ricardo Neri
2016-12-28 23:25     ` Ricardo Neri
2017-01-04 10:01     ` Patrick Ohly
2017-01-10  3:50       ` Ricardo Neri
2017-01-10  7:32         ` Patrick Ohly
2016-12-21 13:11 ` [PATCH 5/9] ovmf_git.bb: enable parallel compilation Patrick Ohly
2016-12-28  3:17   ` Ricardo Neri
2016-12-21 13:11 ` [PATCH 6/9] ovmf_git.bb: enable Secure Boot Patrick Ohly
2016-12-28 22:54   ` Ricardo Neri
2017-01-04 10:10     ` Patrick Ohly
2017-01-10  3:51       ` Ricardo Neri
2016-12-21 13:11 ` [PATCH 7/9] runqemu: let command line parameters override defaults Patrick Ohly
2016-12-21 13:11 ` [PATCH 8/9] runqemu: support UEFI with OVMF firmware Patrick Ohly
2016-12-28 23:33   ` Ricardo Neri
2017-01-04  9:43     ` Patrick Ohly
2017-01-10  3:50       ` Ricardo Neri
2017-01-10  7:29         ` Patrick Ohly
2016-12-21 13:11 ` [PATCH 9/9] ovmf: build image which enrolls standard keys Patrick Ohly
2016-12-21 14:19 ` [PATCH 0/9] UEFI + Secure Boot + qemu Fathi Boudra
2016-12-28  2:56   ` Ricardo Neri
2016-12-28 19:27     ` Patrick Ohly
2016-12-28 23:26       ` Ricardo Neri
2016-12-28  2:55 ` Ricardo Neri

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=cover.1482324587.git.patrick.ohly@intel.com \
    --to=patrick.ohly@intel.com \
    --cc=openembedded-core@lists.openembedded.org \
    --cc=ricardo.neri@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.