diff options
| author |   Patrick Ohly <patrick.ohly@intel.com> | 2017-06-16 11:53:48 +0200 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-06-16 10:58:19 +0100 |
| commit | 1d9a88f635549e68562de681e297b9270ad02d4e (patch) | |
| tree | 915bed660ccbb345443e7392d9688dfc1e56522e /meta/recipes-core/ovmf/ovmf_git.bb | |
| parent | ec7feb9d315f357b9a073425a31b352ec24ddfd9 (diff) | |
| download | openembedded-core-contrib-1d9a88f635549e68562de681e297b9270ad02d4e.tar.gz | |
ovmf: fix secureboot PACKAGECONFIG + OpenSSL update
The recent ovmf update broke secureboot because upstream changed the
way how openssl gets compiled into ovmf. It's now integrated directly
into the ovmf build process, without having to patch it first.
In addition, more recent OpenSSL releases are supported. 1.1.0e was
explicitly mentioned in the ovmf commits and because the current
1.1.0f only has minor build enhancements, 1.1.0e is used here.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core/ovmf/ovmf_git.bb')
| -rw-r--r-- | meta/recipes-core/ovmf/ovmf_git.bb | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/meta/recipes-core/ovmf/ovmf_git.bb b/meta/recipes-core/ovmf/ovmf_git.bb index 5d7216e80e..28f0cde1d9 100644 --- a/meta/recipes-core/ovmf/ovmf_git.bb +++ b/meta/recipes-core/ovmf/ovmf_git.bb @@ -18,14 +18,16 @@ SRC_URI = "git://github.com/tianocore/edk2.git;branch=master \ file://no-stack-protector-all-archs.patch \ " +OPENSSL_RELEASE = "openssl-1.1.0e" + SRC_URI_append_class-target = " \ - ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'http://www.openssl.org/source/openssl-1.0.2j.tar.gz;name=openssl;subdir=${S}/CryptoPkg/Library/OpensslLib', '', d)} \ + ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'http://www.openssl.org/source/${OPENSSL_RELEASE}.tar.gz;name=openssl;subdir=${S}/CryptoPkg/Library/OpensslLib', '', d)} \ file://0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch \ " SRCREV="ec4910cd3336565fdb61dafdd9ec4ae7a6160ba3" -SRC_URI[openssl.md5sum] = "96322138f0b69e61b7212bc53d5e912b" -SRC_URI[openssl.sha256sum] = "e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431" +SRC_URI[openssl.md5sum] = "51c42d152122e474754aea96f66928c6" +SRC_URI[openssl.sha256sum] = "57be8618979d80c910728cfc99369bf97b2a1abd8f366ab6ebdee8975ad3874c" inherit deploy @@ -187,10 +189,7 @@ do_compile_class-target() { # building with Secure Boot enabled. bbnote "Building with Secure Boot." rm -rf ${S}/Build/Ovmf$OVMF_DIR_SUFFIX - if ! [ -f ${S}/CryptoPkg/Library/OpensslLib/openssl-*/edk2-patch-applied ]; then - ( cd ${S}/CryptoPkg/Library/OpensslLib/openssl-* && patch -p1 <$(echo ../EDKII_openssl-*.patch) && touch edk2-patch-applied ) - fi - ( cd ${S}/CryptoPkg/Library/OpensslLib/ && ./Install.sh ) + ln -sf ${OPENSSL_RELEASE} ${S}/CryptoPkg/Library/OpensslLib/openssl ${S}/OvmfPkg/build.sh $PARALLEL_JOBS -a $OVMF_ARCH -b RELEASE -t ${FIXED_GCCVER} ${OVMF_SECURE_BOOT_FLAGS} ln ${build_dir}/FV/OVMF.fd ${WORKDIR}/ovmf/ovmf.secboot.fd ln ${build_dir}/FV/OVMF_CODE.fd ${WORKDIR}/ovmf/ovmf.secboot.code.fd |