diff mbox series

[isar-cip-core] Add recipe for EDK2 StandaloneMmRpmb

Message ID b6ae5c2f-962b-4291-4673-c26f0909fc95@siemens.com (mailing list archive)
State Accepted
Headers show
Series [isar-cip-core] Add recipe for EDK2 StandaloneMmRpmb | expand

Commit Message

Jan Kiszka Jan. 10, 2023, 7:47 p.m. UTC 
From: Sven Schultschik <sven.schultschik@siemens.com>

Provide a recipe to create the BL32_AP_MM.fd binary from EDK2. This
binary provides a stand-alone version for securely managing the access
to EFI variables stored in RPMB. It needs to run in a Trusted Execution
Environment (e.g. under OPTEE on ARM), thus will become a dependency of
firmware build that what to provide UEFI secure boot with keys
provisioned into secure storage.

Signed-off-by: Sven Schultschik <sven.schultschik@siemens.com>
[Jan: refactorings]
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---

Changes to Sven's last version:
 - renamed recipe
 - dropped .inc
 - updated to 202211
 - avoid copying sub-module folders around
 - fetch edk2-plaform as archive
 - added bash as build dependency
 - smaller cleanups

I did not try fetching the openssl sources from Debian. That may work 
today with bullseye, because at least fragile with buster and will fail 
with bookworm (no more OpenSSL 1.x). We need to vendor.

As explained in the other thread, I would accelerate the merge of this 
even though we don't have in-tree users. meta-iot2050 will soon become 
the first external user while creating a useful QEMU target 
unfortunately requires creating an eMMC+RPMB model in QEMU first. :(

 recipes-bsp/edk2/edk2-standalonemm-rpmb/rules | 64 +++++++++++++++++++
 .../edk2/edk2-standalonemm-rpmb_202211.bb     | 57 +++++++++++++++++
 2 files changed, 121 insertions(+)
 create mode 100755 recipes-bsp/edk2/edk2-standalonemm-rpmb/rules
 create mode 100644 recipes-bsp/edk2/edk2-standalonemm-rpmb_202211.bb

Comments

Su, Bao Cheng Jan. 11, 2023, 3:22 a.m. UTC | #1 
On Tue, 2023-01-10 at 20:47 +0100, Jan Kiszka wrote:
> From: Sven Schultschik <sven.schultschik@siemens.com>
> 
> Provide a recipe to create the BL32_AP_MM.fd binary from EDK2. This
> binary provides a stand-alone version for securely managing the access
> to EFI variables stored in RPMB. It needs to run in a Trusted Execution
> Environment (e.g. under OPTEE on ARM), thus will become a dependency of
> firmware build that what to provide UEFI secure boot with keys
> provisioned into secure storage.
> 
> Signed-off-by: Sven Schultschik <sven.schultschik@siemens.com>
> [Jan: refactorings]
> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
> ---
> 
> Changes to Sven's last version:
>  - renamed recipe
>  - dropped .inc
>  - updated to 202211
>  - avoid copying sub-module folders around
>  - fetch edk2-plaform as archive
>  - added bash as build dependency
>  - smaller cleanups
> 
> I did not try fetching the openssl sources from Debian. That may work 
> today with bullseye, because at least fragile with buster and will fail 
> with bookworm (no more OpenSSL 1.x). We need to vendor.
> 
> As explained in the other thread, I would accelerate the merge of this 
> even though we don't have in-tree users. meta-iot2050 will soon become 
> the first external user while creating a useful QEMU target 
> unfortunately requires creating an eMMC+RPMB model in QEMU first. :(
> 
>  recipes-bsp/edk2/edk2-standalonemm-rpmb/rules | 64 +++++++++++++++++++
>  .../edk2/edk2-standalonemm-rpmb_202211.bb     | 57 +++++++++++++++++
>  2 files changed, 121 insertions(+)
>  create mode 100755 recipes-bsp/edk2/edk2-standalonemm-rpmb/rules
>  create mode 100644 recipes-bsp/edk2/edk2-standalonemm-rpmb_202211.bb
> 
> diff --git a/recipes-bsp/edk2/edk2-standalonemm-rpmb/rules b/recipes-bsp/edk2/edk2-standalonemm-rpmb/rules
> new file mode 100755
> index 00000000..4161e6ca
> --- /dev/null
> +++ b/recipes-bsp/edk2/edk2-standalonemm-rpmb/rules
> @@ -0,0 +1,64 @@
> +#!/usr/bin/make -f
> +#
> +# Copyright (c) Siemens AG, 2022-2023
> +#
> +# Authors:
> +#  Sven Schultschik <sven.schultschik@siemens.com>
> +#
> +# SPDX-License-Identifier: MIT
> +
> +ifneq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE))
> +export CROSS_COMPILE=$(DEB_HOST_GNU_TYPE)-
> +endif
> +
> +export WORKSPACE=$(shell pwd)
> +export PACKAGES_PATH=$(WORKSPACE)/edk2:$(WORKSPACE)/edk2-platforms
> +export ACTIVE_PLATFORM="Platform/StandaloneMm/PlatformStandaloneMmPkg/PlatformStandaloneMmRpmb.dsc"
> +
> +# https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftianocore%2Fedk2-platforms%2Fblob%2Fmaster%2FReadme.md%23if-cross-compiling&data=05%7C01%7Cbaocheng.su%40ad011.siemens.com%7Ca2c8b899cbb34f1725d908daf3437c75%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C638089768415009253%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=M9wloxB%2FrqEyyGgmsW0WI8w%2FfNTq726jdVILQZ0WV%2FA%3D&reserved=0
> +ifeq (arm64,$(DEB_TARGET_ARCH))
> +export TARGET_ARCH = 'AARCH64'
> +else ifeq ((armhf,$(DEB_TARGET_ARCH))
> +export TARGET_ARCH = 'ARM'
> +else ifeq ((amd64,$(DEB_TARGET_ARCH))
> +export TARGET_ARCH = 'X64'
> +else ifeq ((i386,$(DEB_TARGET_ARCH))
> +export TARGET_ARCH = 'IA32'
> +else
> +$(error DEB_TARGET_ARCH $(DEB_TARGET_ARCH) unsupported)
> +endif
> +
> +export SHELL=/bin/bash
> +
> +# ENV Vars which should get set by edksetup.sh
> +export PYTHON_COMMAND=python3
> +export PYTHONHASHSEED=1
> +export CONF_PATH=$(WORKSPACE)/edk2/Conf
> +export EDK_TOOLS_PATH=$(WORKSPACE)/edk2/BaseTools
> +export PATH=$(WORKSPACE)/edk2/BaseTools/Bin/Linux-$(TARGET_ARCH):$(WORKSPACE)/edk2/BaseTools/BinWrappers/PosixLike::/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
> +
> +# When cross-compiling, or building with a different version of the compiler than
> +# the default `gcc`, we additionally need to inform the
> +# build command which toolchain to use. We do this by setting the environment
> +# variable `{TOOL_CHAIN_TAG}_{TARGET_ARCH}_PREFIX` - in the case above,
> +# **GCC5_AARCH64_PREFIX**.
> +# export GCC5_AARCH64_PREFIX=aarch64-linux-gnu-
> +# using export here at TOP Level does not work, because
> +# GCC5_$(TARGET_ARCH)_PREFIX gets deleted again for what reason ever
> +# Therefore it is set right before the build command
> +# export GCC5_$(TARGET_ARCH)_PREFIX=$(DEB_HOST_GNU_TYPE)-
> +
> +override_dh_auto_build:
> +	source edk2/edksetup.sh --reconfig
> +
> +	CFLAGS= LDFLAGS=  make -C edk2/BaseTools
> +
> +	(export GCC5_$(TARGET_ARCH)_PREFIX=$(DEB_HOST_GNU_TYPE)- && \
> +		build -p $(ACTIVE_PLATFORM) -b RELEASE -a $(TARGET_ARCH) -t GCC5 -n $(shell nproc))
> +
> +override_dh_auto_install:
> +
> +override_dh_auto_test:
> +
> +%:
> +	dh $@ --no-parallel
> diff --git a/recipes-bsp/edk2/edk2-standalonemm-rpmb_202211.bb b/recipes-bsp/edk2/edk2-standalonemm-rpmb_202211.bb
> new file mode 100644
> index 00000000..40d979d9
> --- /dev/null
> +++ b/recipes-bsp/edk2/edk2-standalonemm-rpmb_202211.bb
> @@ -0,0 +1,57 @@
> +#
> +# CIP Core, generic profile
> +#
> +# Copyright (c) Siemens AG, 2022-2023
> +#
> +# Authors:
> +#  Sven Schultschik <sven.schultschik@siemens.com>
> +#  Jan Kiszka <jan.kiszka@siemens.com>
> +#
> +# SPDX-License-Identifier: MIT
> +#
> +
> +HOMEPAGE = "https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftianocore%2Fedk2&data=05%7C01%7Cbaocheng.su%40ad011.siemens.com%7Ca2c8b899cbb34f1725d908daf3437c75%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C638089768415009253%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=2%2FFjgVa1dX1yqQBrRiWfLwrw37A1Zo%2B60Ud773xPQn4%3D&reserved=0"
> +MAINTAINER = "Sven Schultschik <sven.schultschik@siemens.com>"
> +
> +inherit dpkg
> +
> +SRC_URI = " \
> +    https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftianocore%2Fedk2%2Farchive%2Frefs%2Ftags%2Fedk2-stable%24&data=05%7C01%7Cbaocheng.su%40ad011.siemens.com%7Ca2c8b899cbb34f1725d908daf3437c75%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C638089768415009253%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=oGt%2B0tt1XGzYuDoc%2BbYw86XTzVK2S%2FNQHq3MMCfNk3Q%3D&reserved=0{PV}.tar.gz;subdir=${S} \
> +    https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftianocore%2Fedk2-platforms%2Farchive%2F%24&data=05%7C01%7Cbaocheng.su%40ad011.siemens.com%7Ca2c8b899cbb34f1725d908daf3437c75%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C638089768415009253%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=vdFCUCKFD%2FJn74hVK1cAtbaRqTGMqyWAE7oVTMNYPek%3D&reserved=0{SRCREV-edk2-platforms}.tar.gz;name=edk2-platforms;subdir=${S} \
> +    https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fgoogle%2Fbrotli%2Farchive%2F%24&data=05%7C01%7Cbaocheng.su%40ad011.siemens.com%7Ca2c8b899cbb34f1725d908daf3437c75%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C638089768415009253%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=EHOikHx%2Fxcw9XKR0ScXY92DnTGVACK2El9F4HO5gPOk%3D&reserved=0{SRCREV-brotli}.tar.gz;name=brotli;subdir=${S} \
> +    https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fopenssl%2Fopenssl%2Farchive%2Frefs%2Ftags%2F%24&data=05%7C01%7Cbaocheng.su%40ad011.siemens.com%7Ca2c8b899cbb34f1725d908daf3437c75%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C638089768415009253%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=qV0dqlbQ7K4ZAZTwMz1ivhCEHta2V1dE6PNckdwqdlo%3D&reserved=0{PV-openssl}.tar.gz;name=openssl;subdir=${S} \
> +    file://rules \
> +    "
> +SRC_URI[sha256sum] = "b7276c0496bf4983265bf3f9886b563af1ae6e93aade91f4634ead2b1338d1b4"
> +SRC_URI[edk2-platforms.sha256sum] = "b0f5b6d832e4dcc1d47a98ae0560e0b955433e32e8ac6d12c946c66d5fa6f51a"
> +SRC_URI[brotli.sha256sum] = "6d6cacce05086b7debe75127415ff9c3661849f564fe2f5f3b0383d48aa4ed77"
> +SRC_URI[openssl.sha256sum] = "6b2d2440ced8c802aaa61475919f0870ec556694c466ebea460e35ea2b14839e"
> +
> +# according to edk2 submodules
> +SRCREV-brotli = "f4153a09f87cbb9c826d8fc12c74642bb2d879ea"
> +
> +# revision closest to edk2 release
> +SRCREV-edk2-platforms = "4ad557e494d8055f5ea16009d6e565cace6571d6"
> +
> +PV-openssl = "OpenSSL_1_1_1n"
> +
> +DEBIAN_BUILD_DEPENDS = "bash, python3:native, dh-python, uuid-dev:native"
> +
> +do_prepare_build() {
> +    deb_debianize
> +
> +    ln -sf edk2-edk2-stable${PV} ${S}/edk2
> +    ln -sf edk2-platforms-${SRCREV-edk2-platforms} ${S}/edk2-platforms
> +
> +    rm -rf ${S}/edk2/BaseTools/Source/C/BrotliCompress/brotli
> +    ln -s ../../../../../brotli-${SRCREV-brotli} ${S}/edk2/BaseTools/Source/C/BrotliCompress/brotli
> +
> +    rm -rf ${S}/edk2/MdeModulePkg/Library/BrotliCustomDecompressLib/brotli
> +    ln -s ../../../../brotli-${SRCREV-brotli} ${S}/edk2/MdeModulePkg/Library/BrotliCustomDecompressLib/brotli
> +
> +    rm -rf ${S}/edk2/CryptoPkg/Library/OpensslLib/openssl
> +    ln -s ../../../../openssl-${PV-openssl} ${S}/edk2/CryptoPkg/Library/OpensslLib/openssl
> +
> +    echo "Build/MmStandaloneRpmb/RELEASE_GCC5/FV/BL32_AP_MM.fd /usr/lib/edk2/" > \
> +        ${S}/debian/edk2-standalonemm-rpmb.install
> +}

Tested by me. It works on iot2050.
Jan Kiszka Jan. 18, 2023, 6:35 a.m. UTC | #2 
On 10.01.23 20:47, Jan Kiszka wrote:
> From: Sven Schultschik <sven.schultschik@siemens.com>
> 
> Provide a recipe to create the BL32_AP_MM.fd binary from EDK2. This
> binary provides a stand-alone version for securely managing the access
> to EFI variables stored in RPMB. It needs to run in a Trusted Execution
> Environment (e.g. under OPTEE on ARM), thus will become a dependency of
> firmware build that what to provide UEFI secure boot with keys
> provisioned into secure storage.
> 
> Signed-off-by: Sven Schultschik <sven.schultschik@siemens.com>
> [Jan: refactorings]
> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
> ---
> 
> Changes to Sven's last version:
>  - renamed recipe
>  - dropped .inc
>  - updated to 202211
>  - avoid copying sub-module folders around
>  - fetch edk2-plaform as archive
>  - added bash as build dependency
>  - smaller cleanups
> 
> I did not try fetching the openssl sources from Debian. That may work 
> today with bullseye, because at least fragile with buster and will fail 
> with bookworm (no more OpenSSL 1.x). We need to vendor.
> 
> As explained in the other thread, I would accelerate the merge of this 
> even though we don't have in-tree users. meta-iot2050 will soon become 
> the first external user while creating a useful QEMU target 
> unfortunately requires creating an eMMC+RPMB model in QEMU first. :(
> 
>  recipes-bsp/edk2/edk2-standalonemm-rpmb/rules | 64 +++++++++++++++++++
>  .../edk2/edk2-standalonemm-rpmb_202211.bb     | 57 +++++++++++++++++
>  2 files changed, 121 insertions(+)
>  create mode 100755 recipes-bsp/edk2/edk2-standalonemm-rpmb/rules
>  create mode 100644 recipes-bsp/edk2/edk2-standalonemm-rpmb_202211.bb
> 
> diff --git a/recipes-bsp/edk2/edk2-standalonemm-rpmb/rules b/recipes-bsp/edk2/edk2-standalonemm-rpmb/rules
> new file mode 100755
> index 00000000..4161e6ca
> --- /dev/null
> +++ b/recipes-bsp/edk2/edk2-standalonemm-rpmb/rules
> @@ -0,0 +1,64 @@
> +#!/usr/bin/make -f
> +#
> +# Copyright (c) Siemens AG, 2022-2023
> +#
> +# Authors:
> +#  Sven Schultschik <sven.schultschik@siemens.com>
> +#
> +# SPDX-License-Identifier: MIT
> +
> +ifneq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE))
> +export CROSS_COMPILE=$(DEB_HOST_GNU_TYPE)-
> +endif
> +
> +export WORKSPACE=$(shell pwd)
> +export PACKAGES_PATH=$(WORKSPACE)/edk2:$(WORKSPACE)/edk2-platforms
> +export ACTIVE_PLATFORM="Platform/StandaloneMm/PlatformStandaloneMmPkg/PlatformStandaloneMmRpmb.dsc"
> +
> +# https://github.com/tianocore/edk2-platforms/blob/master/Readme.md#if-cross-compiling
> +ifeq (arm64,$(DEB_TARGET_ARCH))
> +export TARGET_ARCH = 'AARCH64'
> +else ifeq ((armhf,$(DEB_TARGET_ARCH))
> +export TARGET_ARCH = 'ARM'
> +else ifeq ((amd64,$(DEB_TARGET_ARCH))
> +export TARGET_ARCH = 'X64'
> +else ifeq ((i386,$(DEB_TARGET_ARCH))
> +export TARGET_ARCH = 'IA32'
> +else
> +$(error DEB_TARGET_ARCH $(DEB_TARGET_ARCH) unsupported)
> +endif
> +
> +export SHELL=/bin/bash
> +
> +# ENV Vars which should get set by edksetup.sh
> +export PYTHON_COMMAND=python3
> +export PYTHONHASHSEED=1
> +export CONF_PATH=$(WORKSPACE)/edk2/Conf
> +export EDK_TOOLS_PATH=$(WORKSPACE)/edk2/BaseTools
> +export PATH=$(WORKSPACE)/edk2/BaseTools/Bin/Linux-$(TARGET_ARCH):$(WORKSPACE)/edk2/BaseTools/BinWrappers/PosixLike::/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
> +
> +# When cross-compiling, or building with a different version of the compiler than
> +# the default `gcc`, we additionally need to inform the
> +# build command which toolchain to use. We do this by setting the environment
> +# variable `{TOOL_CHAIN_TAG}_{TARGET_ARCH}_PREFIX` - in the case above,
> +# **GCC5_AARCH64_PREFIX**.
> +# export GCC5_AARCH64_PREFIX=aarch64-linux-gnu-
> +# using export here at TOP Level does not work, because
> +# GCC5_$(TARGET_ARCH)_PREFIX gets deleted again for what reason ever
> +# Therefore it is set right before the build command
> +# export GCC5_$(TARGET_ARCH)_PREFIX=$(DEB_HOST_GNU_TYPE)-
> +
> +override_dh_auto_build:
> +	source edk2/edksetup.sh --reconfig
> +
> +	CFLAGS= LDFLAGS=  make -C edk2/BaseTools
> +
> +	(export GCC5_$(TARGET_ARCH)_PREFIX=$(DEB_HOST_GNU_TYPE)- && \
> +		build -p $(ACTIVE_PLATFORM) -b RELEASE -a $(TARGET_ARCH) -t GCC5 -n $(shell nproc))
> +
> +override_dh_auto_install:
> +
> +override_dh_auto_test:
> +
> +%:
> +	dh $@ --no-parallel
> diff --git a/recipes-bsp/edk2/edk2-standalonemm-rpmb_202211.bb b/recipes-bsp/edk2/edk2-standalonemm-rpmb_202211.bb
> new file mode 100644
> index 00000000..40d979d9
> --- /dev/null
> +++ b/recipes-bsp/edk2/edk2-standalonemm-rpmb_202211.bb
> @@ -0,0 +1,57 @@
> +#
> +# CIP Core, generic profile
> +#
> +# Copyright (c) Siemens AG, 2022-2023
> +#
> +# Authors:
> +#  Sven Schultschik <sven.schultschik@siemens.com>
> +#  Jan Kiszka <jan.kiszka@siemens.com>
> +#
> +# SPDX-License-Identifier: MIT
> +#
> +
> +HOMEPAGE = "https://github.com/tianocore/edk2"
> +MAINTAINER = "Sven Schultschik <sven.schultschik@siemens.com>"
> +
> +inherit dpkg
> +
> +SRC_URI = " \
> +    https://github.com/tianocore/edk2/archive/refs/tags/edk2-stable${PV}.tar.gz;subdir=${S} \
> +    https://github.com/tianocore/edk2-platforms/archive/${SRCREV-edk2-platforms}.tar.gz;name=edk2-platforms;subdir=${S} \
> +    https://github.com/google/brotli/archive/${SRCREV-brotli}.tar.gz;name=brotli;subdir=${S} \
> +    https://github.com/openssl/openssl/archive/refs/tags/${PV-openssl}.tar.gz;name=openssl;subdir=${S} \
> +    file://rules \
> +    "
> +SRC_URI[sha256sum] = "b7276c0496bf4983265bf3f9886b563af1ae6e93aade91f4634ead2b1338d1b4"
> +SRC_URI[edk2-platforms.sha256sum] = "b0f5b6d832e4dcc1d47a98ae0560e0b955433e32e8ac6d12c946c66d5fa6f51a"
> +SRC_URI[brotli.sha256sum] = "6d6cacce05086b7debe75127415ff9c3661849f564fe2f5f3b0383d48aa4ed77"
> +SRC_URI[openssl.sha256sum] = "6b2d2440ced8c802aaa61475919f0870ec556694c466ebea460e35ea2b14839e"
> +
> +# according to edk2 submodules
> +SRCREV-brotli = "f4153a09f87cbb9c826d8fc12c74642bb2d879ea"
> +
> +# revision closest to edk2 release
> +SRCREV-edk2-platforms = "4ad557e494d8055f5ea16009d6e565cace6571d6"
> +
> +PV-openssl = "OpenSSL_1_1_1n"
> +
> +DEBIAN_BUILD_DEPENDS = "bash, python3:native, dh-python, uuid-dev:native"
> +
> +do_prepare_build() {
> +    deb_debianize
> +
> +    ln -sf edk2-edk2-stable${PV} ${S}/edk2
> +    ln -sf edk2-platforms-${SRCREV-edk2-platforms} ${S}/edk2-platforms
> +
> +    rm -rf ${S}/edk2/BaseTools/Source/C/BrotliCompress/brotli
> +    ln -s ../../../../../brotli-${SRCREV-brotli} ${S}/edk2/BaseTools/Source/C/BrotliCompress/brotli
> +
> +    rm -rf ${S}/edk2/MdeModulePkg/Library/BrotliCustomDecompressLib/brotli
> +    ln -s ../../../../brotli-${SRCREV-brotli} ${S}/edk2/MdeModulePkg/Library/BrotliCustomDecompressLib/brotli
> +
> +    rm -rf ${S}/edk2/CryptoPkg/Library/OpensslLib/openssl
> +    ln -s ../../../../openssl-${PV-openssl} ${S}/edk2/CryptoPkg/Library/OpensslLib/openssl
> +
> +    echo "Build/MmStandaloneRpmb/RELEASE_GCC5/FV/BL32_AP_MM.fd /usr/lib/edk2/" > \
> +        ${S}/debian/edk2-standalonemm-rpmb.install
> +}

Applied to next - even though we have no in-tree user yet. But it's
better than risking downstream deviations.

Jan
diff mbox series

Patch

diff --git a/recipes-bsp/edk2/edk2-standalonemm-rpmb/rules b/recipes-bsp/edk2/edk2-standalonemm-rpmb/rules
new file mode 100755
index 00000000..4161e6ca
--- /dev/null
+++ b/recipes-bsp/edk2/edk2-standalonemm-rpmb/rules
@@ -0,0 +1,64 @@ 
+#!/usr/bin/make -f
+#
+# Copyright (c) Siemens AG, 2022-2023
+#
+# Authors:
+#  Sven Schultschik <sven.schultschik@siemens.com>
+#
+# SPDX-License-Identifier: MIT
+
+ifneq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE))
+export CROSS_COMPILE=$(DEB_HOST_GNU_TYPE)-
+endif
+
+export WORKSPACE=$(shell pwd)
+export PACKAGES_PATH=$(WORKSPACE)/edk2:$(WORKSPACE)/edk2-platforms
+export ACTIVE_PLATFORM="Platform/StandaloneMm/PlatformStandaloneMmPkg/PlatformStandaloneMmRpmb.dsc"
+
+# https://github.com/tianocore/edk2-platforms/blob/master/Readme.md#if-cross-compiling
+ifeq (arm64,$(DEB_TARGET_ARCH))
+export TARGET_ARCH = 'AARCH64'
+else ifeq ((armhf,$(DEB_TARGET_ARCH))
+export TARGET_ARCH = 'ARM'
+else ifeq ((amd64,$(DEB_TARGET_ARCH))
+export TARGET_ARCH = 'X64'
+else ifeq ((i386,$(DEB_TARGET_ARCH))
+export TARGET_ARCH = 'IA32'
+else
+$(error DEB_TARGET_ARCH $(DEB_TARGET_ARCH) unsupported)
+endif
+
+export SHELL=/bin/bash
+
+# ENV Vars which should get set by edksetup.sh
+export PYTHON_COMMAND=python3
+export PYTHONHASHSEED=1
+export CONF_PATH=$(WORKSPACE)/edk2/Conf
+export EDK_TOOLS_PATH=$(WORKSPACE)/edk2/BaseTools
+export PATH=$(WORKSPACE)/edk2/BaseTools/Bin/Linux-$(TARGET_ARCH):$(WORKSPACE)/edk2/BaseTools/BinWrappers/PosixLike::/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
+# When cross-compiling, or building with a different version of the compiler than
+# the default `gcc`, we additionally need to inform the
+# build command which toolchain to use. We do this by setting the environment
+# variable `{TOOL_CHAIN_TAG}_{TARGET_ARCH}_PREFIX` - in the case above,
+# **GCC5_AARCH64_PREFIX**.
+# export GCC5_AARCH64_PREFIX=aarch64-linux-gnu-
+# using export here at TOP Level does not work, because
+# GCC5_$(TARGET_ARCH)_PREFIX gets deleted again for what reason ever
+# Therefore it is set right before the build command
+# export GCC5_$(TARGET_ARCH)_PREFIX=$(DEB_HOST_GNU_TYPE)-
+
+override_dh_auto_build:
+	source edk2/edksetup.sh --reconfig
+
+	CFLAGS= LDFLAGS=  make -C edk2/BaseTools
+
+	(export GCC5_$(TARGET_ARCH)_PREFIX=$(DEB_HOST_GNU_TYPE)- && \
+		build -p $(ACTIVE_PLATFORM) -b RELEASE -a $(TARGET_ARCH) -t GCC5 -n $(shell nproc))
+
+override_dh_auto_install:
+
+override_dh_auto_test:
+
+%:
+	dh $@ --no-parallel
diff --git a/recipes-bsp/edk2/edk2-standalonemm-rpmb_202211.bb b/recipes-bsp/edk2/edk2-standalonemm-rpmb_202211.bb
new file mode 100644
index 00000000..40d979d9
--- /dev/null
+++ b/recipes-bsp/edk2/edk2-standalonemm-rpmb_202211.bb
@@ -0,0 +1,57 @@ 
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2022-2023
+#
+# Authors:
+#  Sven Schultschik <sven.schultschik@siemens.com>
+#  Jan Kiszka <jan.kiszka@siemens.com>
+#
+# SPDX-License-Identifier: MIT
+#
+
+HOMEPAGE = "https://github.com/tianocore/edk2"
+MAINTAINER = "Sven Schultschik <sven.schultschik@siemens.com>"
+
+inherit dpkg
+
+SRC_URI = " \
+    https://github.com/tianocore/edk2/archive/refs/tags/edk2-stable${PV}.tar.gz;subdir=${S} \
+    https://github.com/tianocore/edk2-platforms/archive/${SRCREV-edk2-platforms}.tar.gz;name=edk2-platforms;subdir=${S} \
+    https://github.com/google/brotli/archive/${SRCREV-brotli}.tar.gz;name=brotli;subdir=${S} \
+    https://github.com/openssl/openssl/archive/refs/tags/${PV-openssl}.tar.gz;name=openssl;subdir=${S} \
+    file://rules \
+    "
+SRC_URI[sha256sum] = "b7276c0496bf4983265bf3f9886b563af1ae6e93aade91f4634ead2b1338d1b4"
+SRC_URI[edk2-platforms.sha256sum] = "b0f5b6d832e4dcc1d47a98ae0560e0b955433e32e8ac6d12c946c66d5fa6f51a"
+SRC_URI[brotli.sha256sum] = "6d6cacce05086b7debe75127415ff9c3661849f564fe2f5f3b0383d48aa4ed77"
+SRC_URI[openssl.sha256sum] = "6b2d2440ced8c802aaa61475919f0870ec556694c466ebea460e35ea2b14839e"
+
+# according to edk2 submodules
+SRCREV-brotli = "f4153a09f87cbb9c826d8fc12c74642bb2d879ea"
+
+# revision closest to edk2 release
+SRCREV-edk2-platforms = "4ad557e494d8055f5ea16009d6e565cace6571d6"
+
+PV-openssl = "OpenSSL_1_1_1n"
+
+DEBIAN_BUILD_DEPENDS = "bash, python3:native, dh-python, uuid-dev:native"
+
+do_prepare_build() {
+    deb_debianize
+
+    ln -sf edk2-edk2-stable${PV} ${S}/edk2
+    ln -sf edk2-platforms-${SRCREV-edk2-platforms} ${S}/edk2-platforms
+
+    rm -rf ${S}/edk2/BaseTools/Source/C/BrotliCompress/brotli
+    ln -s ../../../../../brotli-${SRCREV-brotli} ${S}/edk2/BaseTools/Source/C/BrotliCompress/brotli
+
+    rm -rf ${S}/edk2/MdeModulePkg/Library/BrotliCustomDecompressLib/brotli
+    ln -s ../../../../brotli-${SRCREV-brotli} ${S}/edk2/MdeModulePkg/Library/BrotliCustomDecompressLib/brotli
+
+    rm -rf ${S}/edk2/CryptoPkg/Library/OpensslLib/openssl
+    ln -s ../../../../openssl-${PV-openssl} ${S}/edk2/CryptoPkg/Library/OpensslLib/openssl
+
+    echo "Build/MmStandaloneRpmb/RELEASE_GCC5/FV/BL32_AP_MM.fd /usr/lib/edk2/" > \
+        ${S}/debian/edk2-standalonemm-rpmb.install
+}