FS#72856 - [edk2-ovmf]: SeaBios CSM support?
Attached to Project:
Arch Linux
Opened by YuutaW (YuutaW) - Saturday, 27 November 2021, 22:33 GMT
Last edited by David Runge (dvzrv) - Friday, 24 December 2021, 11:33 GMT
Opened by YuutaW (YuutaW) - Saturday, 27 November 2021, 22:33 GMT
Last edited by David Runge (dvzrv) - Friday, 24 December 2021, 11:33 GMT
|
Details
Description:
I am using the edk2-ovmf package from the official repository to boot UEFI virtual machines, but some guest operating systems (e.g. Windows 7) require CSM support to successfully run. Unfortunately, this package does not enable that support. Adding CSM support through SeaBios is quite easy, as you can just build SeaBios in the PKGBUILD, then enable the option in OVMF to tell it to use the SeaBios binary. Learn more: https://www.seabios.org/Build_overview#Build_as_a_UEFI_Compatibility_Support_Module_(CSM). I also made a simplified PKGBUILD for my personal use, but it would be better if you include this feature in the official repository. # Maintainer: David Runge <dvzrv@archlinux.org> _brotli_ver=1.0.9 _openssl_ver=1.1.1k pkgdesc="Firmware for Virtual Machines (x86_64, i686) with CSM support" provides=('ovmf') conflicts=('ovmf' 'edk2-ovmf') replaces=('ovmf') license+=('MIT') pkgname=edk2-ovmf-csm install="${pkgname}.install" pkgbase=edk2 pkgver=202105 pkgrel=1 pkgdesc="Modern, feature-rich firmware development environment for the UEFI specifications" arch=('any') url="https://github.com/tianocore/edk2" license=('BSD') makedepends=('aarch64-linux-gnu-gcc' 'acpica' 'git' 'iasl' 'util-linux-libs' 'nasm' 'python') options=(!makeflags) source=("$pkgbase-$pkgver.tar.gz::https://github.com/tianocore/${pkgbase}/archive/${pkgbase}-stable${pkgver}.tar.gz" "https://www.openssl.org/source/openssl-${_openssl_ver}.tar.gz"{,.asc} "brotli-${_brotli_ver}.tar.gz::https://github.com/google/brotli/archive/v${_brotli_ver}.tar.gz" "${pkgbase}-202102-brotli-1.0.9.patch" "50-edk2-ovmf-csm-i386-secure.json" "50-edk2-ovmf-csm-x86_64-secure.json" "60-edk2-ovmf-csm-i386.json" "60-edk2-ovmf-csm-x86_64.json" "seabios::git+https://git.seabios.org/seabios.git" "seabios_config") sha512sums=('c263345cbb243c63985f974a61f37c577a139d6a7099d2b8c9e1a553e5ebf16de12fb711b72624081c6bf637f8084bbf71731ab99e5747d81da460388ac25791' '73cd042d4056585e5a9dd7ab68e7c7310a3a4c783eafa07ab0b560e7462b924e4376436a6d38a155c687f6942a881cfc0c1b9394afcde1d8c46bf396e7d51121' 'SKIP' 'b8e2df955e8796ac1f022eb4ebad29532cb7e3aa6a4b6aee91dbd2c7d637eee84d9a144d3e878895bb5e62800875c2c01c8f737a1261020c54feacf9f676b5f5' 'fe0fd592d4b436a35a49a74ad5dd989311b297b9abacb13ed8d4da0986169c91ffbc34cef0f2d52bf40c833d252f6e65311ab0e4e4ca6798390febfb9a787a4a' 'f8246b0a3195b8f9142a91492299b1b38101ca3168a93e197dac5a8f5843e0d366fa36cbcdc41c22f4cf07e745437cbd82e3c31f4ac816915e2a4e787cd5ac32' '1e1e0c1bf1016ff7009d25dccf13350df61f329622a0d887f230e6e3aec31956d31cf956026d857e42e74a820cc43ed610e90865cc51d50253db1ac4f46dbf30' 'dfbce347dd12647eedd3541a95197590090be147ef01acd20f281a952d708ce5f7f4b4718ace82534d34d3998eaa7d4becce8569f2603f14cf124dd51ca852db' '33fbab51b7ca349fc6fbdd6bef76c17b8c3f15d8bdaec3b6788db7672b465c75647993565e7aad0db033aca6a024f1f2377c195ce377a7dce2485347898f7533' 'SKIP' '9714dd532a5ff4daca691a9cb4ec0cfe90948ae36ac0227998de0734835a707f7e40cb064f7fb5256afc98ff06e6d9b287fc2b760f82b17e5f3828f916bf676f') b2sums=('3ec01d467562380ca2fd3bd807d2f6c55e4637c1afd71533f8f5b22cc634dc4c8cb63dab921677f8b315d17b3c9d0b6b00a0e2f3f8da61107033e9e81bf5a64d' 'e9bd90f17bc819c4960d07bbee04346e8a7adb87a764a09d033ef76f1d638c67b180c4f2beb84ec25fbff54ccc9c14c13b9b16a27cac231a5dd22b02635d5cec' 'SKIP' '8b9939d5224396ef33b43e019250ba4bc8949903583615e8dc02c85340fc0a1e2d1632161e00b0ee7355d77f05529ac772f482e05d2089afd71a0bf71e803904' 'eb549f711aa31b0a46f3e9b74076e52e0e1734045c227f410016c6de46a3b7b2959287d49b5ef853236c57fa3b3143b1da31fd9ef6fd592ba22ba9af15941a76' 'dcea93c17804c42a2038ee9401de4ff4029521d65bcac313a5e241eff28fa6cc7b7c2d6ac12f314cadae67917ebe87b10465ea60c3525c194a4f3bc9bd726f2a' 'daa33e391010ca0594b2a634027e8d730d5d69743c5f51bc94b26670548466dfc4423c65d3d1ce1cb86e909205c3d867658cd6bf00f1e556acf41b71996ef590' '19da35840614dba852bee0fa06bf448602fa72c0390bd9f81381016ad65b914f1790fe00ea568b4a06c8340fb7faa30740ede9df3b4faade405536b35d3d472b' '58c3da3b489f2b1391911417dacc362e23c9928d871878381152ad9d6e861934cf8309e93e29c4374d33aabb0d1b08fe9d6f31f0167d374cc612d3d76d5c8044' 'SKIP' '9c9670726f837bba5f48e59eb7d8d82634649c2d599da15ec6f0751c33546aebbcd133aada9e99037f551a0ca7f85429d3a09c3a68626c284e2a77e4775d5aff') validpgpkeys=('8657ABB260F056B1E5190839D9C4D26D0E604491') # Matt Caswell <matt@openssl.org> _arch_list=('IA32' 'X64') _build_type='RELEASE' _build_plugin='GCC5' prepare() { mv -v "$pkgbase-$pkgbase-stable$pkgver" "$pkgbase-$pkgver" cd "$pkgbase-$pkgver" # patch to be able to use brotli 1.0.9 patch -Np1 -i "../${pkgbase}-202102-brotli-1.0.9.patch" # NOTE: patching brotli itself is not necessary (extra/brotli cherry-picks a patch for the pkgconfig integration) # symlinking openssl into place rm -rfv CryptoPkg/Library/OpensslLib/openssl ln -sfv "${srcdir}/openssl-$_openssl_ver" CryptoPkg/Library/OpensslLib/openssl # symlinking brotli into place rm -rfv BaseTools/Source/C/BrotliCompress/brotli MdeModulePkg/Library/BrotliCustomDecompressLib/brotli ln -sfv "${srcdir}/brotli-${_brotli_ver}" BaseTools/Source/C/BrotliCompress/brotli ln -sfv "${srcdir}/brotli-${_brotli_ver}" MdeModulePkg/Library/BrotliCustomDecompressLib/brotli # -Werror, not even once sed -e 's/ -Werror//g' \ -i BaseTools/Conf/*.template BaseTools/Source/C/Makefiles/*.makefile } build() { echo "Building SeaBios" cd $srcdir/seabios cp ../seabios_config ./.config make cp out/Csm16.bin ../edk2-$pkgver/OvmfPkg/Csm/Csm16 pwd cd "../$pkgbase-$pkgver" export GCC5_IA32_PREFIX="x86_64-linux-gnu-" export GCC5_X64_PREFIX="x86_64-linux-gnu-" local _arch echo "Building base tools" make -C BaseTools . edksetup.sh for _arch in ${_arch_list[@]}; do if [[ "${_arch}" == 'IA32' ]]; then echo "Building ovmf (${_arch}) with secure boot" OvmfPkg/build.sh -p OvmfPkg/OvmfPkgIa32.dsc \ -a "${_arch}" \ -b "${_build_type}" \ -n "$(nproc)" \ -t "${_build_plugin}" \ -D LOAD_X64_ON_IA32_ENABLE \ -D NETWORK_IP6_ENABLE \ -D TPM_ENABLE \ -D HTTP_BOOT_ENABLE \ -D TLS_ENABLE \ -D FD_SIZE_2MB \ -D SECURE_BOOT_ENABLE \ -D SMM_REQUIRE \ -D EXCLUDE_SHELL_FROM_FD \ -D CSM_ENABLE mv -v Build/Ovmf{Ia32,IA32-secure} echo "Building ovmf (${_arch}) without secure boot" OvmfPkg/build.sh -p OvmfPkg/OvmfPkgIa32.dsc \ -a "${_arch}" \ -b "${_build_type}" \ -n "$(nproc)" \ -t "${_build_plugin}" \ -D LOAD_X64_ON_IA32_ENABLE \ -D NETWORK_IP6_ENABLE \ -D TPM_ENABLE \ -D HTTP_BOOT_ENABLE \ -D TLS_ENABLE \ -D FD_SIZE_2MB \ -D CSM_ENABLE mv -v Build/Ovmf{Ia32,IA32} fi if [[ "${_arch}" == 'X64' ]]; then echo "Building ovmf (${_arch}) with secure boot" OvmfPkg/build.sh -p "OvmfPkg/OvmfPkg${_arch}.dsc" \ -a "${_arch}" \ -b "${_build_type}" \ -n "$(nproc)" \ -t "${_build_plugin}" \ -D NETWORK_IP6_ENABLE \ -D TPM_ENABLE \ -D FD_SIZE_2MB \ -D TLS_ENABLE \ -D HTTP_BOOT_ENABLE \ -D SECURE_BOOT_ENABLE \ -D SMM_REQUIRE \ -D EXCLUDE_SHELL_FROM_FD \ -D CSM_ENABLE mv -v Build/OvmfX64{,-secure} echo "Building ovmf (${_arch}) without secure boot" OvmfPkg/build.sh -p "OvmfPkg/OvmfPkg${_arch}.dsc" \ -a "${_arch}" \ -b "${_build_type}" \ -n "$(nproc)" \ -t "${_build_plugin}" \ -D NETWORK_IP6_ENABLE \ -D TPM_ENABLE \ -D FD_SIZE_2MB \ -D TLS_ENABLE \ -D HTTP_BOOT_ENABLE \ -D CSM_ENABLE fi done } package() { cd "$pkgbase-$pkgver" local _arch # installing the various firmwares for _arch in ${_arch_list[@]}; do # installing OVMF.fd for xen: https://bugs.archlinux.org/task/58635 install -vDm 644 "Build/Ovmf${_arch}/${_build_type}_${_build_plugin}/FV/OVMF.fd" \ -t "${pkgdir}/usr/share/${pkgname}/${_arch,,}" install -vDm 644 "Build/Ovmf${_arch}/${_build_type}_${_build_plugin}/FV/OVMF_CODE.fd" \ -t "${pkgdir}/usr/share/${pkgname}/${_arch,,}" install -vDm 644 "Build/Ovmf${_arch}/${_build_type}_${_build_plugin}/FV/OVMF_VARS.fd" \ -t "${pkgdir}/usr/share/${pkgname}/${_arch,,}" install -vDm 644 "Build/Ovmf${_arch}-secure/${_build_type}_${_build_plugin}/FV/OVMF_CODE.fd" \ "${pkgdir}/usr/share/${pkgname}/${_arch,,}/OVMF_CODE.secboot.fd" done # installing qemu descriptors in accordance with qemu: # https://git.qemu.org/?p=qemu.git;a=tree;f=pc-bios/descriptors # https://bugs.archlinux.org/task/64206 install -vDm 644 ../*"${pkgname}"*.json -t "${pkgdir}/usr/share/qemu/firmware" # adding symlink for previous ovmf location # https://bugs.archlinux.org/task/66528 ln -svf "/usr/share/${pkgname}" "${pkgdir}/usr/share/ovmf" # adding a symlink for applications with questionable heuristics (such as lxd) ln -svf "/usr/share/${pkgname}" "${pkgdir}/usr/share/OVMF" # licenses install -vDm 644 License.txt -t "${pkgdir}/usr/share/licenses/${pkgname}" install -vDm 644 OvmfPkg/License.txt \ "${pkgdir}/usr/share/licenses/${pkgname}/OvmfPkg.License.txt" # docs install -vDm 644 {OvmfPkg/README,ReadMe.rst,Maintainers.txt} \ -t "${pkgdir}/usr/share/doc/${pkgname}" } Additional info: * package version(s): edk2-ovmf 202108-1 * config and/or log files etc. * link to upstream bug report, if any Steps to reproduce: |
This task depends upon
Closed by David Runge (dvzrv)
Friday, 24 December 2021, 11:33 GMT
Reason for closing: Implemented
Additional comments about closing: Implemented with 202111-1
Friday, 24 December 2021, 11:33 GMT
Reason for closing: Implemented
Additional comments about closing: Implemented with 202111-1
A UEFI Class 3 system (as is currently provided by the edk2-ovmf package) cannot boot Windows 7 without workarounds.
I will add it to the edk2 202111 update
Perhaps it would be better to provide the CSM enabled firmware in a separate file. E.g. OVMF_CODE.with_csm.fd