From: Ricardo Neri <ricardo.neri-calderon@linux.intel.com>
To: Patrick Ohly <patrick.ohly@intel.com>
Cc: openembedded-core@lists.openembedded.org
Subject: Re: [PATCH 0/9] UEFI + Secure Boot + qemu
Date: Tue, 27 Dec 2016 18:55:37 -0800 [thread overview]
Message-ID: <1482893737.106950.41.camel@ranerica-desktop> (raw)
In-Reply-To: <cover.1482324587.git.patrick.ohly@intel.com>
On Wed, 2016-12-21 at 14:11 +0100, Patrick Ohly wrote:
> There seems to be a consensus that supporting UEFI in OE-core for qemu
> would be valuable, and there have been some (stalled) attempts to add
> it. For reference, see:
> [OE-core] [PATCH V3 0/3] Add UEFI firmware for qemux86*
> [OE-core] Add ovmf-native to make qemu-native/runqemu support boot UEFI image?
> https://bugzilla.yoctoproject.org/show_bug.cgi?id=5654
> https://github.com/01org/luv-yocto/issues/38
>
> This patch set includes the necessary recipes (ovmf and iasl from
> meta-luv), some improvements to them (in particular, enabling Secure
> Boot), and changes to runqemu to make it easier to boot with UEFI. A
> special image recipes builds an image which can be used to lock down a
> virtual machine by enrolling the "normal" pre-installed certificates.
>
> I decided to keep the setup simple and use just a single file for UEFI
> code and variables because that makes the usage via runqemu very
> easy. See the "runqemu: support UEFI with OVMF firmware" patch for
> details. The downside is that the firmware can't be updated without
> loosing variables. I don't see a big need for long-lived virtual
> machine instances, but would like to hear from others about that.
>
> What's missing is automated testing of this new feature. I'm open for
> suggestions here; right now I don't know enough about the automated
> testing in the AB to propose something.
I guess that tests could be written for buildbot. In the LUV buildbot,
we build OVMF as part of our sanity tests for LUV. We do it mostly
because we need to boot some UEFI firmware in qemu, though. We don't
extensively test OVMF. We also build OVMF with Secure Boot separately.
Now that you have kindly written the recipe, we want to leverage it. :)
>
> I've discussed the usage of ovmf/iasl with Ricardo and he agreed that
> moving ovmf and iasl from meta-luv to OE-core makes sense. Ricardo,
> would you be willing to act as maintainer of it there, like you did in
> meta-luv?
Yes, I can keep doing the same work I did in meta-luv for OVMF now in
OE-core.
Thanks and BR,
Ricardo
>
> Beware that "git am --keep-cr" must be used to import the ovmf patches
> correctly.
>
> The following changes since commit 5e21afc9395060b489156d3f90505a372b713f37:
>
> Revert "selftest/wic: extending test coverage for WIC script options" (2016-12-20 17:06:01 +0000)
>
> are available in the git repository at:
>
> git://github.com/pohly/openembedded-core secure-boot
> https://github.com/pohly/openembedded-core/tree/secure-boot
>
> Patrick Ohly (7):
> ovmf: explicitly depend on nasm-native
> ovmf: deploy firmware in image directory
> ovmf_git.bb: enable parallel compilation
> ovmf_git.bb: enable Secure Boot
> runqemu: let command line parameters override defaults
> runqemu: support UEFI with OVMF firmware
> ovmf: build image which enrolls standard keys
>
> meta-luv (2):
> ovmf: move from meta-luv to OE-core
> iasl: move from meta-luv to OE-core
>
> meta/recipes-core/ovmf/ovmf-shell-image.bb | 22 +
> ...s-Force-tools-variables-to-host-toolchain.patch | 48 +
> .../ovmf/0001-OvmfPkg-Enable-BGRT-in-OVMF.patch | 110 ++
> ...0002-ovmf-update-path-to-native-BaseTools.patch | 32 +
> ...makefile-adjust-to-build-in-under-bitbake.patch | 39 +
> ...ollDefaultKeys-application-for-enrolling-.patch | 1123 ++++++++++++++++++++
> meta/recipes-core/ovmf/ovmf/ovmf-shell-image.wks | 4 +
> meta/recipes-core/ovmf/ovmf_git.bb | 178 ++++
> meta/recipes-extended/iasl/iasl_20120215.bb | 27 +
> meta/recipes-extended/iasl/iasl_20150410.bb | 27 +
> meta/recipes-extended/iasl/iasl_20150515.bb | 27 +
> scripts/runqemu | 37 +-
> 12 files changed, 1673 insertions(+), 1 deletion(-)
> create mode 100644 meta/recipes-core/ovmf/ovmf-shell-image.bb
> create mode 100644 meta/recipes-core/ovmf/ovmf/0001-BaseTools-Force-tools-variables-to-host-toolchain.patch
> create mode 100644 meta/recipes-core/ovmf/ovmf/0001-OvmfPkg-Enable-BGRT-in-OVMF.patch
> create mode 100644 meta/recipes-core/ovmf/ovmf/0002-ovmf-update-path-to-native-BaseTools.patch
> create mode 100644 meta/recipes-core/ovmf/ovmf/0003-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch
> create mode 100644 meta/recipes-core/ovmf/ovmf/0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch
> create mode 100644 meta/recipes-core/ovmf/ovmf/ovmf-shell-image.wks
> create mode 100644 meta/recipes-core/ovmf/ovmf_git.bb
> create mode 100644 meta/recipes-extended/iasl/iasl_20120215.bb
> create mode 100644 meta/recipes-extended/iasl/iasl_20150410.bb
> create mode 100644 meta/recipes-extended/iasl/iasl_20150515.bb
>
> --
> 2.1.4
>
prev parent reply other threads:[~2016-12-28 2:55 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-21 13:11 [PATCH 0/9] UEFI + Secure Boot + qemu Patrick Ohly
2016-12-21 13:11 ` [PATCH 1/9] ovmf: move from meta-luv to OE-core Patrick Ohly
2016-12-28 2:58 ` Ricardo Neri
2016-12-21 13:11 ` [PATCH 2/9] iasl: " Patrick Ohly
2016-12-21 14:11 ` Fathi Boudra
2016-12-21 15:38 ` Patrick Ohly
2016-12-21 18:17 ` Fathi Boudra
2016-12-28 3:08 ` Ricardo Neri
2016-12-21 13:11 ` [PATCH 3/9] ovmf: explicitly depend on nasm-native Patrick Ohly
[not found] ` <1482893989.106950.45.camel@ranerica-desktop>
2017-01-04 12:56 ` Patrick Ohly
2016-12-21 13:11 ` [PATCH 4/9] ovmf: deploy firmware in image directory Patrick Ohly
2016-12-28 3:12 ` Ricardo Neri
2016-12-28 21:38 ` Ricardo Neri
2016-12-28 23:25 ` Ricardo Neri
2017-01-04 10:01 ` Patrick Ohly
2017-01-10 3:50 ` Ricardo Neri
2017-01-10 7:32 ` Patrick Ohly
2016-12-21 13:11 ` [PATCH 5/9] ovmf_git.bb: enable parallel compilation Patrick Ohly
2016-12-28 3:17 ` Ricardo Neri
2016-12-21 13:11 ` [PATCH 6/9] ovmf_git.bb: enable Secure Boot Patrick Ohly
2016-12-28 22:54 ` Ricardo Neri
2017-01-04 10:10 ` Patrick Ohly
2017-01-10 3:51 ` Ricardo Neri
2016-12-21 13:11 ` [PATCH 7/9] runqemu: let command line parameters override defaults Patrick Ohly
2016-12-21 13:11 ` [PATCH 8/9] runqemu: support UEFI with OVMF firmware Patrick Ohly
2016-12-28 23:33 ` Ricardo Neri
2017-01-04 9:43 ` Patrick Ohly
2017-01-10 3:50 ` Ricardo Neri
2017-01-10 7:29 ` Patrick Ohly
2016-12-21 13:11 ` [PATCH 9/9] ovmf: build image which enrolls standard keys Patrick Ohly
2016-12-21 14:19 ` [PATCH 0/9] UEFI + Secure Boot + qemu Fathi Boudra
2016-12-28 2:56 ` Ricardo Neri
2016-12-28 19:27 ` Patrick Ohly
2016-12-28 23:26 ` Ricardo Neri
2016-12-28 2:55 ` Ricardo Neri [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1482893737.106950.41.camel@ranerica-desktop \
--to=ricardo.neri-calderon@linux.intel.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=patrick.ohly@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox