From 1d9a88f635549e68562de681e297b9270ad02d4e Mon Sep 17 00:00:00 2001 From: Patrick Ohly Date: Fri, 16 Jun 2017 11:53:48 +0200 Subject: ovmf: fix secureboot PACKAGECONFIG + OpenSSL update The recent ovmf update broke secureboot because upstream changed the way how openssl gets compiled into ovmf. It's now integrated directly into the ovmf build process, without having to patch it first. In addition, more recent OpenSSL releases are supported. 1.1.0e was explicitly mentioned in the ovmf commits and because the current 1.1.0f only has minor build enhancements, 1.1.0e is used here. Signed-off-by: Patrick Ohly Signed-off-by: Richard Purdie --- meta/recipes-core/ovmf/ovmf_git.bb | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/meta/recipes-core/ovmf/ovmf_git.bb b/meta/recipes-core/ovmf/ovmf_git.bb index 5d7216e80e..28f0cde1d9 100644 --- a/meta/recipes-core/ovmf/ovmf_git.bb +++ b/meta/recipes-core/ovmf/ovmf_git.bb @@ -18,14 +18,16 @@ SRC_URI = "git://github.com/tianocore/edk2.git;branch=master \ file://no-stack-protector-all-archs.patch \ " +OPENSSL_RELEASE = "openssl-1.1.0e" + SRC_URI_append_class-target = " \ - ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'http://www.openssl.org/source/openssl-1.0.2j.tar.gz;name=openssl;subdir=${S}/CryptoPkg/Library/OpensslLib', '', d)} \ + ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'http://www.openssl.org/source/${OPENSSL_RELEASE}.tar.gz;name=openssl;subdir=${S}/CryptoPkg/Library/OpensslLib', '', d)} \ file://0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch \ " SRCREV="ec4910cd3336565fdb61dafdd9ec4ae7a6160ba3" -SRC_URI[openssl.md5sum] = "96322138f0b69e61b7212bc53d5e912b" -SRC_URI[openssl.sha256sum] = "e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431" +SRC_URI[openssl.md5sum] = "51c42d152122e474754aea96f66928c6" +SRC_URI[openssl.sha256sum] = "57be8618979d80c910728cfc99369bf97b2a1abd8f366ab6ebdee8975ad3874c" inherit deploy @@ -187,10 +189,7 @@ do_compile_class-target() { # building with Secure Boot enabled. bbnote "Building with Secure Boot." rm -rf ${S}/Build/Ovmf$OVMF_DIR_SUFFIX - if ! [ -f ${S}/CryptoPkg/Library/OpensslLib/openssl-*/edk2-patch-applied ]; then - ( cd ${S}/CryptoPkg/Library/OpensslLib/openssl-* && patch -p1 <$(echo ../EDKII_openssl-*.patch) && touch edk2-patch-applied ) - fi - ( cd ${S}/CryptoPkg/Library/OpensslLib/ && ./Install.sh ) + ln -sf ${OPENSSL_RELEASE} ${S}/CryptoPkg/Library/OpensslLib/openssl ${S}/OvmfPkg/build.sh $PARALLEL_JOBS -a $OVMF_ARCH -b RELEASE -t ${FIXED_GCCVER} ${OVMF_SECURE_BOOT_FLAGS} ln ${build_dir}/FV/OVMF.fd ${WORKDIR}/ovmf/ovmf.secboot.fd ln ${build_dir}/FV/OVMF_CODE.fd ${WORKDIR}/ovmf/ovmf.secboot.code.fd -- cgit 1.2.3-korg