[gentoo-commits] repo/gentoo:master commit in: sys-firmware/edk2/

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/edk2/

[James Le Cuirot]

commit:     14804cc2b74bb38b68677ab2727d374be0cad71b
Author:     James Le Cuirot <chewi <AT> gentoo <DOT> org>
AuthorDate: Wed Sep 25 16:42:44 2024 +0000
Commit:     James Le Cuirot <chewi <AT> gentoo <DOT> org>
CommitDate: Thu Oct 10 16:29:34 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=14804cc2

sys-firmware/edk2: Add missing BDEPEND on sys-apps/which

The new version bump won't use this.

Closes: https://bugs.gentoo.org/853271
Signed-off-by: James Le Cuirot <chewi <AT> gentoo.org>

 sys-firmware/edk2/edk2-202202.ebuild | 1 +
 sys-firmware/edk2/edk2-202405.ebuild | 1 +
 2 files changed, 2 insertions(+)

diff --git a/sys-firmware/edk2/edk2-202202.ebuild b/sys-firmware/edk2/edk2-202202.ebuild
index 9adf4e411eeb..539834c04ff2 100644
--- a/sys-firmware/edk2/edk2-202202.ebuild
+++ b/sys-firmware/edk2/edk2-202202.ebuild
@@ -30,6 +30,7 @@ KEYWORDS="-* amd64"
 
 BDEPEND="app-emulation/qemu
 	>=dev-lang/nasm-2.0.7
+	sys-apps/which
 	>=sys-power/iasl-20160729
 	${PYTHON_DEPS}"
 RDEPEND="!sys-firmware/edk2-ovmf-bin"

diff --git a/sys-firmware/edk2/edk2-202405.ebuild b/sys-firmware/edk2/edk2-202405.ebuild
index af3e168f1b95..045d8e67c200 100644
--- a/sys-firmware/edk2/edk2-202405.ebuild
+++ b/sys-firmware/edk2/edk2-202405.ebuild
@@ -33,6 +33,7 @@ KEYWORDS="-* ~amd64"
 
 BDEPEND="app-emulation/qemu
 	>=dev-lang/nasm-2.0.7
+	sys-apps/which
 	>=sys-power/iasl-20160729
 	${PYTHON_DEPS}"
 RDEPEND="!sys-firmware/edk2-ovmf-bin"

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/edk2/

[James Le Cuirot]

commit:     21806a819cc79eb9f19415f7b5ed29393c2a3f43
Author:     James Le Cuirot <chewi <AT> gentoo <DOT> org>
AuthorDate: Wed Sep 25 15:17:24 2024 +0000
Commit:     James Le Cuirot <chewi <AT> gentoo <DOT> org>
CommitDate: Thu Oct 10 16:29:32 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=21806a81

sys-firmware/edk2: Drop obsolete reference to USE=binary and update URL

I don't think using UefiShell.img actually works any more, but the new version
bump will automatically create OVMF_VARS.secboot.fd for you.

Closes: https://bugs.gentoo.org/926630
Signed-off-by: James Le Cuirot <chewi <AT> gentoo.org>

 sys-firmware/edk2/edk2-202202.ebuild | 13 ++++---------
 sys-firmware/edk2/edk2-202405.ebuild | 13 ++++---------
 2 files changed, 8 insertions(+), 18 deletions(-)

diff --git a/sys-firmware/edk2/edk2-202202.ebuild b/sys-firmware/edk2/edk2-202202.ebuild
index 2baca0ed771a..9adf4e411eeb 100644
--- a/sys-firmware/edk2/edk2-202202.ebuild
+++ b/sys-firmware/edk2/edk2-202202.ebuild
@@ -49,16 +49,11 @@ virtual machines. The firmware is located under
 	/usr/share/edk2-ovmf/OVMF_VARS.fd
 	/usr/share/edk2-ovmf/OVMF_CODE.secboot.fd
 
-If USE=binary is enabled, we also install an OVMF variables file (coming from
-fedora) that contains secureboot default keys
-
-	/usr/share/edk2-ovmf/OVMF_VARS.secboot.fd
-
-If you have compiled this package by hand, you need to either populate all
-necessary EFI variables by hand by booting
-	/usr/share/edk2-ovmf/UefiShell.(iso|img)
+To use Secure Boot, you need to either populate the necessary EFI
+variables by booting:
+	/usr/share/edk2-ovmf/UefiShell.img
 or creating OVMF_VARS.secboot.fd by hand:
-	https://github.com/puiterwijk/qemu-ovmf-secureboot
+	https://github.com/rhuefi/qemu-ovmf-secureboot
 
 The firmware does not support csm (due to no free csm implementation
 available). If you need a firmware with csm support you have to download

diff --git a/sys-firmware/edk2/edk2-202405.ebuild b/sys-firmware/edk2/edk2-202405.ebuild
index aca5700f3df5..cfd276ee0215 100644
--- a/sys-firmware/edk2/edk2-202405.ebuild
+++ b/sys-firmware/edk2/edk2-202405.ebuild
@@ -44,16 +44,11 @@ virtual machines. The firmware is located under
 	/usr/share/edk2-ovmf/OVMF_VARS.fd
 	/usr/share/edk2-ovmf/OVMF_CODE.secboot.fd
 
-If USE=binary is enabled, we also install an OVMF variables file (coming from
-fedora) that contains secureboot default keys
-
-	/usr/share/edk2-ovmf/OVMF_VARS.secboot.fd
-
-If you have compiled this package by hand, you need to either populate all
-necessary EFI variables by hand by booting
-	/usr/share/edk2-ovmf/UefiShell.(iso|img)
+To use Secure Boot, you need to either populate the necessary EFI
+variables by booting:
+	/usr/share/edk2-ovmf/UefiShell.img
 or creating OVMF_VARS.secboot.fd by hand:
-	https://github.com/puiterwijk/qemu-ovmf-secureboot
+	https://github.com/rhuefi/qemu-ovmf-secureboot
 
 The firmware does not support csm (due to no free csm implementation
 available). If you need a firmware with csm support you have to download

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/edk2/

[Sam James]

commit:     d8e702512e163a0e0f33923333b141faa9838a49
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Jan  6 04:16:00 2025 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Jan  6 04:16:00 2025 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d8e70251

sys-firmware/edk2: Stabilize 202408 arm64, #947251

Signed-off-by: Sam James <sam <AT> gentoo.org>

 sys-firmware/edk2/edk2-202408.ebuild | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sys-firmware/edk2/edk2-202408.ebuild b/sys-firmware/edk2/edk2-202408.ebuild
index 1dbbdba77d98..3e18d683cf73 100644
--- a/sys-firmware/edk2/edk2-202408.ebuild
+++ b/sys-firmware/edk2/edk2-202408.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2024 Gentoo Authors
+# Copyright 1999-2025 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=8
@@ -49,7 +49,7 @@ SRC_URI="
 S="${WORKDIR}/${PN}-${PN}-stable${PV}"
 LICENSE="BSD-2 MIT"
 SLOT="0"
-KEYWORDS="-* ~amd64 ~arm64"
+KEYWORDS="-* ~amd64 arm64"
 
 BDEPEND="
 	${PYTHON_DEPS}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/edk2/

[James Le Cuirot]

commit:     582da995df2eabb2cf75cbf5e0e6b3bdfce8ecc1
Author:     James Le Cuirot <chewi <AT> gentoo <DOT> org>
AuthorDate: Tue Jan  7 23:21:24 2025 +0000
Commit:     James Le Cuirot <chewi <AT> gentoo <DOT> org>
CommitDate: Tue Jan  7 23:21:24 2025 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=582da995

sys-firmware/edk2: Keyword 202411 for ~riscv

Signed-off-by: James Le Cuirot <chewi <AT> gentoo.org>

 sys-firmware/edk2/edk2-202411.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys-firmware/edk2/edk2-202411.ebuild b/sys-firmware/edk2/edk2-202411.ebuild
index fac445b9165e..0d9486646734 100644
--- a/sys-firmware/edk2/edk2-202411.ebuild
+++ b/sys-firmware/edk2/edk2-202411.ebuild
@@ -48,7 +48,7 @@ SRC_URI="
 S="${WORKDIR}/${PN}-${PN}-stable${PV}"
 LICENSE="BSD-2 MIT"
 SLOT="0"
-KEYWORDS="-* ~amd64 ~arm64"
+KEYWORDS="-* ~amd64 ~arm64 ~riscv"
 
 BDEPEND="
 	${PYTHON_DEPS}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/edk2/

[Sam James]

commit:     02640861029de627e73621556672e8eb30c97671
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Feb  8 01:28:09 2025 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Feb  8 01:28:49 2025 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=02640861

sys-firmware/edk2: Stabilize 202408 amd64, #947251

Signed-off-by: Sam James <sam <AT> gentoo.org>

 sys-firmware/edk2/edk2-202408.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys-firmware/edk2/edk2-202408.ebuild b/sys-firmware/edk2/edk2-202408.ebuild
index 3e18d683cf73..9f934d953f50 100644
--- a/sys-firmware/edk2/edk2-202408.ebuild
+++ b/sys-firmware/edk2/edk2-202408.ebuild
@@ -49,7 +49,7 @@ SRC_URI="
 S="${WORKDIR}/${PN}-${PN}-stable${PV}"
 LICENSE="BSD-2 MIT"
 SLOT="0"
-KEYWORDS="-* ~amd64 arm64"
+KEYWORDS="-* amd64 arm64"
 
 BDEPEND="
 	${PYTHON_DEPS}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/edk2/

[James Le Cuirot]

commit:     880253a0c6acecd64ae58d0bb718d56e64bf0587
Author:     James Le Cuirot <chewi <AT> gentoo <DOT> org>
AuthorDate: Sun Feb  9 19:20:46 2025 +0000
Commit:     James Le Cuirot <chewi <AT> gentoo <DOT> org>
CommitDate: Sun Feb  9 19:20:46 2025 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=880253a0

sys-firmware/edk2: Drop old 202405

Signed-off-by: James Le Cuirot <chewi <AT> gentoo.org>

 sys-firmware/edk2/Manifest           |   3 -
 sys-firmware/edk2/edk2-202405.ebuild | 162 -----------------------------------
 2 files changed, 165 deletions(-)

diff --git a/sys-firmware/edk2/Manifest b/sys-firmware/edk2/Manifest
index 0a7656de0d30..5a43b725ee36 100644
--- a/sys-firmware/edk2/Manifest
+++ b/sys-firmware/edk2/Manifest
@@ -4,10 +4,7 @@ DIST edk2-202408.tar.gz 17548980 BLAKE2B 12723a593d2767577f74cfa69f4a02ec7843479
 DIST edk2-202411.tar.gz 17669304 BLAKE2B 2aa1d5c5d7b99a1abccf0c8b0b04a74006319a269ec03814ab9a28d38299f7d00f57d457c4e011067ad8dfc816430372ab02130ec138b148999662764a411483 SHA512 633483a1ff915f6e5f5a6d3c329f517d6c070368855f1d5348a80e22e71ac13ff4c6774c8620482a4e5cefe03907edc3a904ae405cbfe2dcd025ddd82f039eaf
 DIST edk2-ovmf-202202-qemu-firmware.tar.xz 664 BLAKE2B 1aa4e25804ce0f3c967c80999315de24eaef6682e42dddd81c274ce4603ec3d15186de752de49e2527c6bd5517080c002a357ed6bc389b5afd6f7a4d93edeb44 SHA512 f9a29212274a99796784673d873e0eee7d3e2a5cf9e63192453841ee3a4ef4b813c7b2357fc7000f39c71ed6c66636daab772abb51d3972a2a56ade8a4c68faf
 DIST edk2-ovmf-202202.tar.gz 14208170 BLAKE2B d8411e6808b335ccd551349a10c983b9448a357e73273fa6c30a07785e27feffed0224950ee98b668712c33f6739a9b006e5043b7dfd014f48dba9fd449b3354 SHA512 200690a4867331de06e0478869b85577bc510213ebe679f2103160efb84d94c82ac8481ef1f15c3e42c1e9f22b7c5ef0d6c8f2c655bce7702ce843551cf9bb83
-DIST edk2-ovmf-202405.tar.gz 17091190 BLAKE2B ee2f4c8674ecd7a17e4ee1b067cf1caffb46c3345f39ab15b715964b8e114d01538ae4d4152ab6a3eeebdae602128604d57c02fc0da83f46c291559fe39f49d2 SHA512 3bad4c8417b0c9b68fc6b6b85a4b15c5be8daf672177ce66d7b224b1da7a90f643021adbdd6bc96f95417fc8654c4c6b191cd39f6c1be955946360bfa8e2cb5f
-DIST libspdm-370b5944c046bab043dd8b133727b2135af7747a.tar.gz 1962880 BLAKE2B 89606315fadcf00b2909f264a6edcb2b900dfe248357ea45c37c5a9c947a4d684866627d85132cc51d44d90853d63814eaf9d2b4acdd1a9621b1d6600ca4a0a4 SHA512 07b2b376a84e86647d7a831ee6686d1cf647033ac339afb7c4ea7846cf4e9f7f529a2866bc68ea172d44f1f1efadc8bf1646c3d7fe7e6b6175286ef9c743b206
 DIST libspdm-50924a4c8145fc721e17208f55814d2b38766fe6.tar.gz 1967479 BLAKE2B fe15ac34fa65a86b13ed3a44959d860dc1bf39fd9a4bd2dcde2d2ec6ad9490f5d7d53320c481f9cf931a636527719c29eb315d178f2bd48cb905216849b633b4 SHA512 f11e748e40b66c37365175ff0ef9c0a695db2e7da50da2cf8a33267064b53e5938cfb1363d27e5ce0a174b2059533352bb8a44c48003db900c6b844167473198
-DIST mbedtls-370b5944c046bab043dd8b133727b2135af7747a.tar.gz 4587796 BLAKE2B c28df5c52ac3ed5ef6a2b9eba29f3894d3f5f11083869e8b137cd66d4f72b2a0971c91636ce4626869bd06eeb5e661d90160021f92564b9449fb13001b8e379f SHA512 a421c03c740867210f9e30457bc951928cafec3622e1e304f8c18ce5c5e27c5c8e6c7715180ecb74c6a997e4b91ee160e52b357e1bb65ff76ce8414a87ec4889
 DIST mbedtls-8c89224991adff88d53cd380f42a2baa36f91454.tar.gz 4587796 BLAKE2B c28df5c52ac3ed5ef6a2b9eba29f3894d3f5f11083869e8b137cd66d4f72b2a0971c91636ce4626869bd06eeb5e661d90160021f92564b9449fb13001b8e379f SHA512 a421c03c740867210f9e30457bc951928cafec3622e1e304f8c18ce5c5e27c5c8e6c7715180ecb74c6a997e4b91ee160e52b357e1bb65ff76ce8414a87ec4889
 DIST mipi-sys-t-370b5944c046bab043dd8b133727b2135af7747a.tar.gz 378522 BLAKE2B d3f1033e78ad814ebb991e66d8c1437aa3583e91481af9785b97b6021c7c45fb9dcb8d2d58d0a0fe84fbd9f108d24a27234df298eb8a2ba2340e5c9c85c89c40 SHA512 de6888577ceab7ab6915d792f3c48248cfa53357ccd310fc7f7eae4d25a932de8c7c23e5b898c9ebf61cf86cb538277273f2eb131a628b3bf0d46c9a3b9b6686
 DIST openssl-3.0.15.tar.gz 15318633 BLAKE2B f2900d0894b97e86c709079ca4336d5dc508d69e91d3a4de4420c8d9344cb54dada6ea2cdd408166e53db0c652b06654e670701166b67a0a40578676e1cea535 SHA512 acd80f2f7924d90c1416946a5c61eff461926ad60f4821bb6b08845ea18f8452fd5e88a2c2c5bd0d7590a792cb8341a3f3be042fd0a5b6c9c1b84a497c347bbf

diff --git a/sys-firmware/edk2/edk2-202405.ebuild b/sys-firmware/edk2/edk2-202405.ebuild
deleted file mode 100644
index d7056b51f5f7..000000000000
--- a/sys-firmware/edk2/edk2-202405.ebuild
+++ /dev/null
@@ -1,162 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-PYTHON_REQ_USE="sqlite"
-PYTHON_COMPAT=( python3_12 )
-
-inherit python-any-r1 readme.gentoo-r1 secureboot
-
-DESCRIPTION="UEFI firmware for 64-bit x86 virtual machines"
-HOMEPAGE="https://github.com/tianocore/edk2"
-
-BUNDLED_OPENSSL_SUBMODULE_SHA="de90e54bbe82e5be4fb9608b6f5c308bb837d355"
-BUNDLED_BROTLI_SUBMODULE_SHA="f4153a09f87cbb9c826d8fc12c74642bb2d879ea"
-BUNDLED_MIPI_SYS_T_SUBMODULE_SHA="370b5944c046bab043dd8b133727b2135af7747a"
-BUNDLED_MBEDTLS_SUBMODULE_SHA="8c89224991adff88d53cd380f42a2baa36f91454"
-BUNDLED_LIBSPDM_SUBMODULE_SHA="828ef62524bcaeca4e90d0c021221e714872e2b5"
-
-SRC_URI="https://github.com/tianocore/edk2/archive/edk2-stable${PV}.tar.gz -> edk2-ovmf-${PV}.tar.gz
-	https://github.com/openssl/openssl/archive/${BUNDLED_OPENSSL_SUBMODULE_SHA}.tar.gz -> openssl-${BUNDLED_OPENSSL_SUBMODULE_SHA}.tar.gz
-	https://github.com/google/brotli/archive/${BUNDLED_BROTLI_SUBMODULE_SHA}.tar.gz -> brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}.tar.gz
-	https://github.com/MIPI-Alliance/public-mipi-sys-t/archive/${BUNDLED_MIPI_SYS_T_SUBMODULE_SHA}.tar.gz -> mipi-sys-t-${BUNDLED_MIPI_SYS_T_SUBMODULE_SHA}.tar.gz
-	https://github.com/Mbed-TLS/mbedtls/archive/${BUNDLED_MBEDTLS_SUBMODULE_SHA}.tar.gz -> mbedtls-${BUNDLED_MIPI_SYS_T_SUBMODULE_SHA}.tar.gz
-	https://github.com/DMTF/libspdm/archive/${BUNDLED_LIBSPDM_SUBMODULE_SHA}.tar.gz -> libspdm-${BUNDLED_MIPI_SYS_T_SUBMODULE_SHA}.tar.gz
-	https://dev.gentoo.org/~ajak/distfiles/edk2-ovmf-202202-qemu-firmware.tar.xz"
-
-S="${WORKDIR}/edk2-edk2-stable${PV}"
-
-LICENSE="BSD-2 MIT"
-SLOT="0"
-KEYWORDS="-* ~amd64"
-
-BDEPEND="app-emulation/qemu
-	>=dev-lang/nasm-2.0.7
-	sys-apps/which
-	>=sys-power/iasl-20160729
-	${PYTHON_DEPS}"
-RDEPEND="!sys-firmware/edk2-bin"
-
-PATCHES=(
-	"${FILESDIR}/${PN}-202408-werror.patch"
-	"${FILESDIR}/${PN}-202408-binutils-2.41-textrels.patch"
-)
-
-DISABLE_AUTOFORMATTING=true
-DOC_CONTENTS="This package contains the tianocore edk2 UEFI firmware for 64-bit x86
-virtual machines. The firmware is located under
-	/usr/share/edk2-ovmf/OVMF_CODE.fd
-	/usr/share/edk2-ovmf/OVMF_VARS.fd
-	/usr/share/edk2-ovmf/OVMF_CODE.secboot.fd
-
-To use Secure Boot, you need to either populate the necessary EFI
-variables by booting:
-	/usr/share/edk2-ovmf/UefiShell.img
-or creating OVMF_VARS.secboot.fd by hand:
-	https://github.com/rhuefi/qemu-ovmf-secureboot
-
-The firmware does not support csm (due to no free csm implementation
-available). If you need a firmware with csm support you have to download
-one for yourself. Firmware blobs are commonly labeled
-	OVMF{,_CODE,_VARS}-with-csm.fd
-
-In order to use the firmware you can run qemu the following way
-
-	$ qemu-system-x86_64 \
-		-drive file=/usr/share/edk2-ovmf/OVMF.fd,if=pflash,format=raw,unit=0,readonly=on \
-		..."
-
-pkg_setup() {
-	python-any-r1_pkg_setup
-	secureboot_pkg_setup
-}
-
-src_prepare() {
-	# Bundled submodules
-	cp -rl "${WORKDIR}/openssl-${BUNDLED_OPENSSL_SUBMODULE_SHA}"/* "CryptoPkg/Library/OpensslLib/openssl/" \
-		|| die "copying openssl failed"
-	cp -rl "${WORKDIR}/brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}"/* "BaseTools/Source/C/BrotliCompress/brotli/" \
-		|| die "copying brotli failed"
-	cp -rl "${WORKDIR}/brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}"/* \
-		"MdeModulePkg/Library/BrotliCustomDecompressLib/brotli/" || die "copying brotli failed"
-	cp -rl "${WORKDIR}/public-mipi-sys-t-${BUNDLED_MIPI_SYS_T_SUBMODULE_SHA}"/* "MdePkg/Library/MipiSysTLib/mipisyst/" \
-		|| die "copying mipi-sys-t failed"
-	cp -rl "${WORKDIR}/mbedtls-${BUNDLED_MBEDTLS_SUBMODULE_SHA}"/* "CryptoPkg/Library/MbedTlsLib/mbedtls/" \
-		|| die "copying mbedtls failed"
-	cp -rl "${WORKDIR}/libspdm-${BUNDLED_LIBSPDM_SUBMODULE_SHA}"/* "SecurityPkg/DeviceSecurity/SpdmLib/libspdm" \
-		|| die "copying libspdm failed"
-
-	default
-}
-
-src_compile() {
-	TARGET_ARCH=X64
-	TARGET_NAME=RELEASE
-	TARGET_TOOLS=GCC5
-
-	BUILD_FLAGS="-D TLS_ENABLE \
-		-D HTTP_BOOT_ENABLE \
-		-D NETWORK_IP6_ENABLE \
-		-D TPM_ENABLE \
-		-D TPM2_ENABLE -D TPM2_CONFIG_ENABLE \
-		-D FD_SIZE_2MB"
-
-	SECUREBOOT_BUILD_FLAGS="${BUILD_FLAGS} \
-		-D SECURE_BOOT_ENABLE \
-		-D SMM_REQUIRE \
-		-D EXCLUDE_SHELL_FROM_FD"
-
-	export LDFLAGS="-z notext"
-	export EXTRA_LDFLAGS="-z notext"
-	export DLINK_FLAGS="-z notext"
-
-	emake ARCH=${TARGET_ARCH} -C BaseTools
-
-	. ./edksetup.sh
-
-	# Build all EFI firmware blobs:
-
-	mkdir -p ovmf || die
-
-	./OvmfPkg/build.sh \
-		-a "${TARGET_ARCH}" -b "${TARGET_NAME}" -t "${TARGET_TOOLS}" \
-		${BUILD_FLAGS} || die "OvmfPkg/build.sh failed"
-
-	cp Build/OvmfX64/*/FV/OVMF_*.fd ovmf/
-	rm -r Build/OvmfX64 || die
-
-	./OvmfPkg/build.sh \
-		-a "${TARGET_ARCH}" -b "${TARGET_NAME}" -t "${TARGET_TOOLS}" \
-		${SECUREBOOT_BUILD_FLAGS} || die "OvmfPkg/build.sh failed"
-
-	cp Build/OvmfX64/*/FV/OVMF_CODE.fd ovmf/OVMF_CODE.secboot.fd || die "cp failed"
-	cp Build/OvmfX64/*/X64/Shell.efi ovmf/ || die "cp failed"
-	cp Build/OvmfX64/*/X64/EnrollDefaultKeys.efi ovmf || die "cp failed"
-
-	# Build a convenience UefiShell.img:
-
-	mkdir -p iso_image/efi/boot || die "mkdir failed"
-	cp ovmf/Shell.efi iso_image/efi/boot/bootx64.efi || die "cp failed"
-	cp ovmf/EnrollDefaultKeys.efi iso_image || die "cp failed"
-	qemu-img convert --image-opts \
-		driver=vvfat,floppy=on,fat-type=12,label=UEFI_SHELL,dir=iso_image \
-		ovmf/UefiShell.img || die "qemu-img failed"
-}
-
-src_install() {
-	insinto /usr/share/edk2-ovmf
-	doins ovmf/*
-
-	insinto /usr/share/qemu/firmware
-	doins "${S}"/../edk2-edk2-stable202202/qemu/*
-	rm "${ED}"/usr/share/qemu/firmware/40-edk2-ovmf-x64-sb-enrolled.json || die "rm failed"
-
-	secureboot_auto_sign --in-place
-
-	readme.gentoo_create_doc
-}
-
-pkg_postinst() {
-	readme.gentoo_print_elog
-}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/edk2/

[Sam James]

commit:     697ce6434169aa527a4d9d923f7accee1b26f8bd
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Mar  3 20:51:23 2025 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Mar  3 20:51:23 2025 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=697ce643

sys-firmware/edk2: Stabilize 202411 arm64, #950518

Signed-off-by: Sam James <sam <AT> gentoo.org>

 sys-firmware/edk2/edk2-202411.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys-firmware/edk2/edk2-202411.ebuild b/sys-firmware/edk2/edk2-202411.ebuild
index 0d9486646734..0b8cd1c71d87 100644
--- a/sys-firmware/edk2/edk2-202411.ebuild
+++ b/sys-firmware/edk2/edk2-202411.ebuild
@@ -48,7 +48,7 @@ SRC_URI="
 S="${WORKDIR}/${PN}-${PN}-stable${PV}"
 LICENSE="BSD-2 MIT"
 SLOT="0"
-KEYWORDS="-* ~amd64 ~arm64 ~riscv"
+KEYWORDS="-* ~amd64 arm64 ~riscv"
 
 BDEPEND="
 	${PYTHON_DEPS}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/edk2/

[WANG Xuerui]

commit:     72e85f19cab8448a44c456837431d6e09fe49e71
Author:     WANG Xuerui <xen0n <AT> gentoo <DOT> org>
AuthorDate: Tue Feb 18 11:18:04 2025 +0000
Commit:     WANG Xuerui <xen0n <AT> gentoo <DOT> org>
CommitDate: Tue Mar 11 09:06:22 2025 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=72e85f19

sys-firmware/edk2: keyword 202411 for ~loong

Closes: https://github.com/gentoo/gentoo/pull/40681
Reviewed-by: Sam James <sam <AT> gentoo.org>
Signed-off-by: WANG Xuerui <xen0n <AT> gentoo.org>

 sys-firmware/edk2/edk2-202411.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys-firmware/edk2/edk2-202411.ebuild b/sys-firmware/edk2/edk2-202411.ebuild
index 93932fc6d65e..a998704605eb 100644
--- a/sys-firmware/edk2/edk2-202411.ebuild
+++ b/sys-firmware/edk2/edk2-202411.ebuild
@@ -48,7 +48,7 @@ SRC_URI="
 S="${WORKDIR}/${PN}-${PN}-stable${PV}"
 LICENSE="BSD-2 MIT"
 SLOT="0"
-KEYWORDS="-* ~amd64 arm64 ~riscv"
+KEYWORDS="-* ~amd64 arm64 ~loong ~riscv"
 
 BDEPEND="
 	${PYTHON_DEPS}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/edk2/

[James Le Cuirot]

commit:     c070507c6669dfb113f985974fae0e8a38e443b2
Author:     WANG Xuerui <xen0n <AT> gentoo <DOT> org>
AuthorDate: Tue Mar 11 09:38:30 2025 +0000
Commit:     James Le Cuirot <chewi <AT> gentoo <DOT> org>
CommitDate: Sat Mar 15 23:12:04 2025 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c070507c

sys-firmware/edk2: add 202502

Signed-off-by: WANG Xuerui <xen0n <AT> gentoo.org>
Signed-off-by: James Le Cuirot <chewi <AT> gentoo.org>

 sys-firmware/edk2/Manifest           |   3 +
 sys-firmware/edk2/edk2-202502.ebuild | 344 +++++++++++++++++++++++++++++++++++
 2 files changed, 347 insertions(+)

diff --git a/sys-firmware/edk2/Manifest b/sys-firmware/edk2/Manifest
index 5a43b725ee36..5d3bbcfca59d 100644
--- a/sys-firmware/edk2/Manifest
+++ b/sys-firmware/edk2/Manifest
@@ -2,12 +2,15 @@ DIST arm64_DBXUpdate_05092023.bin 4610 BLAKE2B 4c6628e5c297a26ca5a1235e377a794fd
 DIST brotli-f4153a09f87cbb9c826d8fc12c74642bb2d879ea.tar.gz 512229 BLAKE2B cd86cc2cc7eefad24f87cda8006409bf764922b5f23ccfb951e7a41214b12004ce532b11f94f5fb858b3bf71f9abf8ef17ba219fa96bd5be23b51873afad0fd5 SHA512 7f48e794e738b31c2005e7cef6d8c0cc0d543f1cd8c137ae8ba14602cac2873de6299a3f32ad52be869f513e7548341353ed049609daef1063975694d9a9b80b
 DIST edk2-202408.tar.gz 17548980 BLAKE2B 12723a593d2767577f74cfa69f4a02ec784347994af6eb77aea7eb9e9e9f7fedb6b47698af2f07ef98848bbb4bf16248179cf117cf9abdf17be73157a0a03fc2 SHA512 d679d905f8b0ddbf60b1c9a0282e403bf51d0fbe55d85a8ea3e4af1778874e947d224e3671f9e82cddd5cd906c1472ff3973498d969414bdd67d0b49f5b8a251
 DIST edk2-202411.tar.gz 17669304 BLAKE2B 2aa1d5c5d7b99a1abccf0c8b0b04a74006319a269ec03814ab9a28d38299f7d00f57d457c4e011067ad8dfc816430372ab02130ec138b148999662764a411483 SHA512 633483a1ff915f6e5f5a6d3c329f517d6c070368855f1d5348a80e22e71ac13ff4c6774c8620482a4e5cefe03907edc3a904ae405cbfe2dcd025ddd82f039eaf
+DIST edk2-202502.tar.gz 18217115 BLAKE2B a72fd05398b32377f6a0b80fa2c3c84ed4f53039174f8e814dc6c57617d21a3c99603d5c572a372295399658a42e3ff1ab642f8cbaa8782301268344443f6502 SHA512 1421b3e14acf6aa51c84cf0a12716990f08815fff631f4657bb9907fd8d620e9fac7794e05c2eed54d5f8966f8e9267d32bf2256237a959bd727629163b8c00d
 DIST edk2-ovmf-202202-qemu-firmware.tar.xz 664 BLAKE2B 1aa4e25804ce0f3c967c80999315de24eaef6682e42dddd81c274ce4603ec3d15186de752de49e2527c6bd5517080c002a357ed6bc389b5afd6f7a4d93edeb44 SHA512 f9a29212274a99796784673d873e0eee7d3e2a5cf9e63192453841ee3a4ef4b813c7b2357fc7000f39c71ed6c66636daab772abb51d3972a2a56ade8a4c68faf
 DIST edk2-ovmf-202202.tar.gz 14208170 BLAKE2B d8411e6808b335ccd551349a10c983b9448a357e73273fa6c30a07785e27feffed0224950ee98b668712c33f6739a9b006e5043b7dfd014f48dba9fd449b3354 SHA512 200690a4867331de06e0478869b85577bc510213ebe679f2103160efb84d94c82ac8481ef1f15c3e42c1e9f22b7c5ef0d6c8f2c655bce7702ce843551cf9bb83
 DIST libspdm-50924a4c8145fc721e17208f55814d2b38766fe6.tar.gz 1967479 BLAKE2B fe15ac34fa65a86b13ed3a44959d860dc1bf39fd9a4bd2dcde2d2ec6ad9490f5d7d53320c481f9cf931a636527719c29eb315d178f2bd48cb905216849b633b4 SHA512 f11e748e40b66c37365175ff0ef9c0a695db2e7da50da2cf8a33267064b53e5938cfb1363d27e5ce0a174b2059533352bb8a44c48003db900c6b844167473198
+DIST libspdm-98ef964e1e9a0c39c7efb67143d3a13a819432e0.tar.gz 2017163 BLAKE2B 312528eb0af2cffb4d3557354ada87302b471a4c1cc73bad74a60162cdbb057be392fd57f18bef99a437ccb879583c69afb2596bf120656787b4b6530005316d SHA512 366155f146f47f7fe81c2b7863c3dff6339dd017b3d8ebe2e843ee04fedb6911193248cea2d048547a4389b4727c1576d5b6c1f26bbe83362299b52d72527f52
 DIST mbedtls-8c89224991adff88d53cd380f42a2baa36f91454.tar.gz 4587796 BLAKE2B c28df5c52ac3ed5ef6a2b9eba29f3894d3f5f11083869e8b137cd66d4f72b2a0971c91636ce4626869bd06eeb5e661d90160021f92564b9449fb13001b8e379f SHA512 a421c03c740867210f9e30457bc951928cafec3622e1e304f8c18ce5c5e27c5c8e6c7715180ecb74c6a997e4b91ee160e52b357e1bb65ff76ce8414a87ec4889
 DIST mipi-sys-t-370b5944c046bab043dd8b133727b2135af7747a.tar.gz 378522 BLAKE2B d3f1033e78ad814ebb991e66d8c1437aa3583e91481af9785b97b6021c7c45fb9dcb8d2d58d0a0fe84fbd9f108d24a27234df298eb8a2ba2340e5c9c85c89c40 SHA512 de6888577ceab7ab6915d792f3c48248cfa53357ccd310fc7f7eae4d25a932de8c7c23e5b898c9ebf61cf86cb538277273f2eb131a628b3bf0d46c9a3b9b6686
 DIST openssl-3.0.15.tar.gz 15318633 BLAKE2B f2900d0894b97e86c709079ca4336d5dc508d69e91d3a4de4420c8d9344cb54dada6ea2cdd408166e53db0c652b06654e670701166b67a0a40578676e1cea535 SHA512 acd80f2f7924d90c1416946a5c61eff461926ad60f4821bb6b08845ea18f8452fd5e88a2c2c5bd0d7590a792cb8341a3f3be042fd0a5b6c9c1b84a497c347bbf
+DIST openssl-3.4.1.tar.gz 18346056 BLAKE2B 328a2a4f0536b15ffe6421afc99bdb5dcdf3d29f44437fdd80bbf4089f5f2658ca10907e033eda2e04c6b862e49b150ea59d8ab1807d14a3dcf64e10c32e78af SHA512 1de6307c587686711f05d1e96731c43526fa3af51e4cd94c06c880954b67f6eb4c7db3177f0ea5937d41bc1f8cadcf5bce75025b5c1a46a469376960f1001c5f
 DIST openssl-d82e959e621a3d597f1e0d50ff8c2d8b96915fd7.tar.gz 10034310 BLAKE2B 6996979dc12a523d565830e7b0943feb682a376f71ddb6f20cb8b9976bb7f12e39f088abaa45d514933ef79c0e4a2933dc6f1af4774fedaa16e74c0081c358e7 SHA512 a89bc652dc4318c5e8a9c594a43d890ca05dfc1acd6b15e2a8ab8b5628b5f33994143ff8024230e07b9e67556b28ea3a5e36763aa72dec20b52022ca8c6f2a7e
 DIST openssl-de90e54bbe82e5be4fb9608b6f5c308bb837d355.tar.gz 15337569 BLAKE2B bb0b2f4ee7838178e8e23317b6c63048611d805e20c81d6c875d9b515e6dbcf981cda38f031965c9ec45bcab3ac4725cfa793718b0212e92bf53b4c7fc3f4e32 SHA512 4bba15075dacc8c1772a95759cfe8620ff3a9d535e5d3d29bb15e4790cc543555ab45f0b239195361e534eca26249ae1b491b63cbf6b7ecda6f0840c7f6253ac
 DIST pylibfdt-cfff805481bdea27f900c32698171286542b8d3c.tar.gz 49659 BLAKE2B 05e954fc2d72618b3f56c08bdfcd64479259902ee2613d034b66ebe50e33b02b243bed1191d8dcdcea9fcb2553f84a737ae12514d30c48e776efc858a4879894 SHA512 c2f4cbda24bc4a2140135de2db19fd7ad0b6eff2a748862b4166bf0e65f3e324e2855ea4331dafa2c82f44b4d01309c8ac50159cbcc076a968a1169c8709a523

diff --git a/sys-firmware/edk2/edk2-202502.ebuild b/sys-firmware/edk2/edk2-202502.ebuild
new file mode 100644
index 000000000000..fc93ffcc1ca3
--- /dev/null
+++ b/sys-firmware/edk2/edk2-202502.ebuild
@@ -0,0 +1,344 @@
+# Copyright 1999-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_REQ_USE="sqlite"
+PYTHON_COMPAT=( python3_{12..13} )
+
+inherit edo flag-o-matic prefix python-any-r1 readme.gentoo-r1 secureboot toolchain-funcs
+
+DESCRIPTION="TianoCore EDK II UEFI firmware for virtual machines"
+HOMEPAGE="https://github.com/tianocore/edk2"
+
+DBXDATE="05092023" # MMDDYYYY
+BUNDLED_BROTLI_SUBMODULE_SHA="f4153a09f87cbb9c826d8fc12c74642bb2d879ea"
+BUNDLED_LIBFDT_SUBMODULE_SHA="cfff805481bdea27f900c32698171286542b8d3c"
+BUNDLED_LIBSPDM_SUBMODULE_SHA="98ef964e1e9a0c39c7efb67143d3a13a819432e0"
+BUNDLED_MBEDTLS_SUBMODULE_SHA="8c89224991adff88d53cd380f42a2baa36f91454"
+BUNDLED_MIPI_SYS_T_SUBMODULE_SHA="370b5944c046bab043dd8b133727b2135af7747a"
+BUNDLED_OPENSSL_SUBMODULE_P="openssl-3.4.1"
+
+SRC_URI="
+	https://github.com/tianocore/${PN}/archive/${PN}-stable${PV}.tar.gz
+		-> ${P}.tar.gz
+	https://github.com/google/brotli/archive/${BUNDLED_BROTLI_SUBMODULE_SHA}.tar.gz
+		-> brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}.tar.gz
+	https://github.com/DMTF/libspdm/archive/${BUNDLED_LIBSPDM_SUBMODULE_SHA}.tar.gz
+		-> libspdm-${BUNDLED_LIBSPDM_SUBMODULE_SHA}.tar.gz
+	https://github.com/Mbed-TLS/mbedtls/archive/${BUNDLED_MBEDTLS_SUBMODULE_SHA}.tar.gz
+		-> mbedtls-${BUNDLED_MBEDTLS_SUBMODULE_SHA}.tar.gz
+	https://github.com/MIPI-Alliance/public-mipi-sys-t/archive/${BUNDLED_MIPI_SYS_T_SUBMODULE_SHA}.tar.gz
+		-> mipi-sys-t-${BUNDLED_MIPI_SYS_T_SUBMODULE_SHA}.tar.gz
+	https://github.com/openssl/openssl/releases/download/${BUNDLED_OPENSSL_SUBMODULE_P}/${BUNDLED_OPENSSL_SUBMODULE_P}.tar.gz
+
+	amd64? (
+		https://uefi.org/sites/default/files/resources/x64_DBXUpdate_${DBXDATE}.bin
+		https://uefi.org/sites/default/files/resources/x64_DBXUpdate.bin -> x64_DBXUpdate_${DBXDATE}.bin
+	)
+
+	arm64? (
+		https://uefi.org/sites/default/files/resources/arm64_DBXUpdate_${DBXDATE}.bin
+		https://uefi.org/sites/default/files/resources/arm64_DBXUpdate.bin -> arm64_DBXUpdate_${DBXDATE}.bin
+		https://github.com/devicetree-org/pylibfdt/archive/${BUNDLED_LIBFDT_SUBMODULE_SHA}.tar.gz
+			-> pylibfdt-${BUNDLED_LIBFDT_SUBMODULE_SHA}.tar.gz
+	)
+"
+
+S="${WORKDIR}/${PN}-${PN}-stable${PV}"
+LICENSE="BSD-2 MIT"
+SLOT="0"
+KEYWORDS="-* ~amd64 ~arm64 ~loong ~riscv"
+
+BDEPEND="
+	${PYTHON_DEPS}
+	app-emulation/qemu
+	app-emulation/virt-firmware
+	>=sys-power/iasl-20160729
+	amd64? ( >=dev-lang/nasm-2.0.7 )
+"
+
+RDEPEND="
+	!sys-firmware/edk2-bin
+"
+
+PATCHES=(
+	"${FILESDIR}/${PN}-202411-werror.patch"
+	"${FILESDIR}/${PN}-202408-binutils-2.41-textrels.patch"
+)
+
+DISABLE_AUTOFORMATTING="true"
+DIR="/usr/share/${PN}"
+
+pkg_setup() {
+	python-any-r1_pkg_setup
+	secureboot_pkg_setup
+
+	local QEMU_ARCH ARCH_DIRS UNIT0 UNIT1 FMT
+
+	case "${ARCH}" in
+	amd64)
+		TARGET_ARCH="X64"
+		QEMU_ARCH="x86_64"
+		ARCH_DIRS="${DIR}/OvmfX64"
+		UNIT0="OVMF_CODE.fd"
+		UNIT1="OVMF_VARS.fd"
+		FMT="raw"
+		;;
+	arm64)
+		TARGET_ARCH="AARCH64"
+		QEMU_ARCH="aarch64"
+		ARCH_DIRS="${DIR}/ArmVirtQemu-AARCH64"
+		UNIT0="QEMU_EFI.qcow2"
+		UNIT1="QEMU_VARS.qcow2"
+		FMT="qcow2"
+		;;
+	loong)
+		TARGET_ARCH="LOONGARCH64"
+		QEMU_ARCH="loongarch64"
+		ARCH_DIRS="${DIR}/LoongArchVirtQemu"
+		UNIT0="QEMU_EFI.fd"
+		UNIT1="QEMU_VARS.fd"
+		FMT="raw"
+		;;
+	riscv)
+		TARGET_ARCH="RISCV64"
+		QEMU_ARCH="riscv64"
+		ARCH_DIRS="${DIR}/RiscVVirtQemu"
+		UNIT0="RISCV_VIRT_CODE.qcow2"
+		UNIT1="RISCV_VIRT_VARS.qcow2"
+		FMT="qcow2"
+		;;
+	esac
+
+	DOC_CONTENTS="This package includes the TianoCore EDK II UEFI firmware for ${QEMU_ARCH}
+virtual machines. The firmware is located under ${ARCH_DIRS}.
+
+In order to use the firmware, you can run QEMU like so:
+
+	$ qemu-system-${QEMU_ARCH} \\
+		-drive file=${EPREFIX}${ARCH_DIRS%% *}/${UNIT0},if=pflash,format=${FMT},unit=0,readonly=on \\
+		-drive file=/path/to/the/copy/of/${UNIT1},if=pflash,format=${FMT},unit=1 \\
+		..."
+
+	case "${ARCH}" in
+	amd64) DOC_CONTENTS+="
+
+The firmware does not support CSM due to the lack of a free
+implementation. If you need a firmware with CSM support, you have to
+download one for yourself. Firmware blobs are commonly labelled:
+
+	OVMF_CODE-with-csm.fd
+	OVMF_VARS-with-csm.fd"
+		;;
+	arm64) DOC_CONTENTS+="
+
+WARNING! QEMU_EFI.secboot_INSECURE.qcow2 does have Secure Boot
+enabled, but it must not be used in production. The lack of an SMM
+implementation for arm64 in this firmware means that the EFI
+variable store is unprotected, making the firmware unsafe."
+		;;
+	esac
+}
+
+link_mod() {
+	rmdir "$2" && ln -sfT "$1" "$2" || die "linking ${2##*/} failed"
+}
+
+src_prepare() {
+	# Bundled submodules
+	link_mod "${WORKDIR}/brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}" \
+		BaseTools/Source/C/BrotliCompress/brotli
+	link_mod "${WORKDIR}/brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}" \
+		MdeModulePkg/Library/BrotliCustomDecompressLib/brotli
+	link_mod "${WORKDIR}/libspdm-${BUNDLED_LIBSPDM_SUBMODULE_SHA}" \
+		SecurityPkg/DeviceSecurity/SpdmLib/libspdm
+	link_mod "${WORKDIR}/mbedtls-${BUNDLED_MBEDTLS_SUBMODULE_SHA}" \
+		CryptoPkg/Library/MbedTlsLib/mbedtls
+	link_mod "${WORKDIR}/public-mipi-sys-t-${BUNDLED_MIPI_SYS_T_SUBMODULE_SHA}" \
+		MdePkg/Library/MipiSysTLib/mipisyst
+	link_mod "${WORKDIR}/${BUNDLED_OPENSSL_SUBMODULE_P}" \
+		CryptoPkg/Library/OpensslLib/openssl
+
+	use arm64 &&
+		link_mod "${WORKDIR}/pylibfdt-${BUNDLED_LIBFDT_SUBMODULE_SHA}" \
+			MdePkg/Library/BaseFdtLib/libfdt
+
+	default
+
+	# Fix descriptor paths for prefix.
+	hprefixify "${FILESDIR}"/descriptors/*.json
+}
+
+mybuild() {
+	edo build \
+		-t "${TOOLCHAIN}" \
+		-b "${BUILD_TARGET}" \
+		-D NETWORK_HTTP_BOOT_ENABLE \
+		-D NETWORK_IP6_ENABLE \
+		-D NETWORK_TLS_ENABLE \
+		-D TPM1_ENABLE \
+		-D TPM2_ENABLE \
+		-D TPM2_CONFIG_ENABLE \
+		"${BUILD_ARGS[@]}" \
+		"${@}"
+}
+
+# Add the MS and Red Hat Secure Boot certificates and update the revocation list
+# for the given architecture in the given raw variables image.
+mk_fw_vars() {
+	edo virt-fw-vars \
+		--set-dbx "${DISTDIR}/$1_DBXUpdate_${DBXDATE}.bin" \
+		--secure-boot --enroll-redhat --inplace "$2"
+}
+
+# Convert the given images from raw to QCOW2 and resize them to the amount given
+# as the first argument. Specify 0 to not resize.
+raw_to_qcow2() {
+	local SIZE=$1 RAW
+	shift
+
+	for RAW in "${@}"; do
+		edo qemu-img convert -f raw -O qcow2 -o cluster_size=4096 -S 4096 "${RAW}" "${RAW%.fd}.qcow2"
+		[[ ${SIZE} != 0 ]] && edo qemu-img resize -f qcow2 "${RAW%.fd}.qcow2" "${SIZE}"
+		rm "${RAW}" || die
+	done
+}
+
+src_compile() {
+	TOOLCHAIN="GCC5"
+	BUILD_TARGET="RELEASE"
+	BUILD_DIR="${BUILD_TARGET}_${TOOLCHAIN}"
+	BUILD_ARGS=()
+
+	tc-export_build_env
+	emake -C BaseTools \
+		CC="$(tc-getBUILD_CC)" \
+		CXX="$(tc-getBUILD_CXX)" \
+		EXTRA_OPTFLAGS="${BUILD_CFLAGS}" \
+		EXTRA_LDFLAGS="${BUILD_LDFLAGS}"
+
+	export \
+		"${TOOLCHAIN}_${TARGET_ARCH}_PREFIX=${CHOST}-" \
+		"${TOOLCHAIN}_BIN=${CHOST}-"
+
+	. ./edksetup.sh
+
+	# DO NOT enable the shell with Secure Boot as it can be used as a bypass!
+
+	case "${ARCH}" in
+	amd64)
+		local SIZE
+		for SIZE in _2M _4M; do
+			mybuild -a X64 -p OvmfPkg/OvmfPkgX64.dsc \
+				-D FD_SIZE${SIZE}B \
+				-D BUILD_SHELL=FALSE \
+				-D SECURE_BOOT_ENABLE \
+				-D SMM_REQUIRE
+
+			mv -T Build/OvmfX64 Build/OvmfX64${SIZE}.secboot || die
+
+			mybuild -a X64 -p OvmfPkg/OvmfPkgX64.dsc \
+				-D FD_SIZE${SIZE}B
+
+			mv -T Build/OvmfX64 Build/OvmfX64${SIZE} || die
+
+			mk_fw_vars x64 Build/OvmfX64${SIZE}.secboot/"${BUILD_DIR}"/FV/OVMF_VARS.fd
+		done
+
+		# Fedora only converts newer images to QCOW2. 2MB images are raw.
+		raw_to_qcow2 0 Build/OvmfX64_4M*/"${BUILD_DIR}"/FV/OVMF_{CODE,VARS}.fd
+		;;
+	arm64)
+		BUILD_ARGS+=(
+			# grub.efi uses EfiLoaderData for code
+			--pcd PcdDxeNxMemoryProtectionPolicy=0xC000000000007FD1
+			# shim.efi has broken MemAttr code
+			--pcd PcdUninstallMemAttrProtocol=TRUE
+		)
+
+		mybuild -a AARCH64 -p ArmVirtPkg/ArmVirtQemu.dsc \
+			-D BUILD_SHELL=FALSE \
+			-D SECURE_BOOT_ENABLE
+
+		mv -T Build/ArmVirtQemu-AARCH64 Build/ArmVirtQemu-AARCH64.secboot_INSECURE || die
+
+		mybuild -a AARCH64 -p ArmVirtPkg/ArmVirtQemu.dsc
+
+		mk_fw_vars arm64 Build/ArmVirtQemu-AARCH64.secboot_INSECURE/"${BUILD_DIR}"/FV/QEMU_VARS.fd
+		raw_to_qcow2 64m Build/ArmVirtQemu-AARCH64*/"${BUILD_DIR}"/FV/QEMU_{EFI,VARS}.fd
+		;;
+	loong)
+		BUILD_ARGS+=(
+			# fails to seed the OpenSSL RNG during early initialization due
+			# to improper FPU enabling (maybe too late)
+			-D NETWORK_TLS_ENABLE=FALSE
+		)
+		mybuild -a LOONGARCH64 -p OvmfPkg/LoongArchVirt/LoongArchVirtQemu.dsc
+		;;
+	riscv)
+		mybuild -a RISCV64 -p OvmfPkg/RiscVVirt/RiscVVirtQemu.dsc
+		raw_to_qcow2 32m Build/RiscVVirtQemu/"${BUILD_DIR}"/FV/RISCV_VIRT_{CODE,VARS}.fd
+		;;
+	esac
+}
+
+src_install() {
+	local SIZE TYPE FMT
+
+	case "${ARCH}" in
+	amd64)
+		insinto ${DIR}/OvmfX64
+		doins Build/OvmfX64_2M/"${BUILD_DIR}"/X64/Shell.efi
+
+		for SIZE in _2M _4M; do
+			for TYPE in "" .secboot; do
+				[[ ${SIZE} = _4M ]] && FMT=qcow2 || FMT=fd
+				newins Build/OvmfX64${SIZE}${TYPE}/"${BUILD_DIR}"/FV/OVMF_CODE.${FMT} OVMF_CODE${SIZE#_2M}${TYPE}.${FMT}
+				newins Build/OvmfX64${SIZE}${TYPE}/"${BUILD_DIR}"/FV/OVMF_VARS.${FMT} OVMF_VARS${SIZE#_2M}${TYPE}.${FMT}
+			done
+		done
+
+		# Compatibility with older package versions.
+		dosym ${PN}/OvmfX64 /usr/share/edk2-ovmf
+		;;
+	arm64)
+		insinto ${DIR}/ArmVirtQemu-AARCH64
+
+		for TYPE in "" .secboot_INSECURE; do
+			newins Build/ArmVirtQemu-AARCH64${TYPE}/"${BUILD_DIR}"/FV/QEMU_EFI.qcow2 QEMU_EFI${TYPE}.qcow2
+			newins Build/ArmVirtQemu-AARCH64${TYPE}/"${BUILD_DIR}"/FV/QEMU_VARS.qcow2 QEMU_VARS${TYPE}.qcow2
+		done
+		;;
+	loong)
+		insinto ${DIR}/LoongArchVirtQemu
+		doins Build/LoongArchVirtQemu/"${BUILD_DIR}"/FV/QEMU_{EFI,VARS}.fd
+		;;
+	riscv)
+		insinto ${DIR}/RiscVVirtQemu
+		doins Build/RiscVVirtQemu/"${BUILD_DIR}"/FV/RISCV_VIRT_{CODE,VARS}.qcow2
+		;;
+	esac
+
+	insinto /usr/share/qemu/firmware
+	doins "${FILESDIR}"/descriptors/*"${TARGET_ARCH,,}"*.json
+
+	secureboot_auto_sign --in-place
+	readme.gentoo_create_doc
+}
+
+pkg_preinst() {
+	local OLD=${EROOT}/usr/share/edk2-ovmf NEW=${EROOT}/${DIR}/OvmfX64
+	if [[ -d ${OLD} && ! -L ${OLD} ]]; then
+		{
+			rm -vf "${OLD}"/{OVMF_{CODE,CODE.secboot,VARS}.fd,EnrollDefaultKeys.efi,Shell.efi,UefiShell.img} &&
+			mkdir -p "${NEW}" &&
+			find "${OLD}" -mindepth 1 -maxdepth 1 -execdir mv --update=none-fail -vt "${NEW}"/ {} + &&
+			rmdir "${OLD}"
+		} || die "unable to replace old directory with compatibility symlink"
+	fi
+}
+
+pkg_postinst() {
+	readme.gentoo_print_elog
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/edk2/

[James Le Cuirot]

commit:     d65ee7410b458128ceb9d00423a65dec250c5d2b
Author:     WANG Xuerui <xen0n <AT> gentoo <DOT> org>
AuthorDate: Wed Mar 12 06:35:36 2025 +0000
Commit:     James Le Cuirot <chewi <AT> gentoo <DOT> org>
CommitDate: Sat Mar 15 23:12:11 2025 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d65ee741

sys-firmware/edk2: re-enable loong network TLS support for 202502

The previous crash observed on 202411 simply disappeared on 202502
without any apparent relevant code change.

Signed-off-by: WANG Xuerui <xen0n <AT> gentoo.org>
Closes: https://github.com/gentoo/gentoo/pull/41014
Signed-off-by: James Le Cuirot <chewi <AT> gentoo.org>

 sys-firmware/edk2/edk2-202502.ebuild | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/sys-firmware/edk2/edk2-202502.ebuild b/sys-firmware/edk2/edk2-202502.ebuild
index 0f94d57bc040..1a270d46d45f 100644
--- a/sys-firmware/edk2/edk2-202502.ebuild
+++ b/sys-firmware/edk2/edk2-202502.ebuild
@@ -269,11 +269,6 @@ src_compile() {
 		raw_to_qcow2 64m Build/ArmVirtQemu-AARCH64*/"${BUILD_DIR}"/FV/QEMU_{EFI,VARS}.fd
 		;;
 	loong)
-		BUILD_ARGS+=(
-			# fails to seed the OpenSSL RNG during early initialization due
-			# to improper FPU enabling (maybe too late)
-			-D NETWORK_TLS_ENABLE=FALSE
-		)
 		mybuild -a LOONGARCH64 -p OvmfPkg/LoongArchVirt/LoongArchVirtQemu.dsc
 		raw_to_qcow2 0 Build/LoongArchVirtQemu/"${BUILD_DIR}"/FV/QEMU_{EFI,VARS}.fd
 		;;

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/edk2/

[James Le Cuirot]

commit:     46e58144679435eade83ab1cc8ba104ebfbb81a0
Author:     WANG Xuerui <xen0n <AT> gentoo <DOT> org>
AuthorDate: Tue Mar 11 18:46:31 2025 +0000
Commit:     James Le Cuirot <chewi <AT> gentoo <DOT> org>
CommitDate: Sat Mar 15 23:12:08 2025 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=46e58144

sys-firmware/edk2: convert loong firmware images to QCOW2

Actually they work fine.

Signed-off-by: WANG Xuerui <xen0n <AT> gentoo.org>
Signed-off-by: James Le Cuirot <chewi <AT> gentoo.org>

 sys-firmware/edk2/edk2-202502.ebuild | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/sys-firmware/edk2/edk2-202502.ebuild b/sys-firmware/edk2/edk2-202502.ebuild
index fc93ffcc1ca3..0f94d57bc040 100644
--- a/sys-firmware/edk2/edk2-202502.ebuild
+++ b/sys-firmware/edk2/edk2-202502.ebuild
@@ -97,9 +97,9 @@ pkg_setup() {
 		TARGET_ARCH="LOONGARCH64"
 		QEMU_ARCH="loongarch64"
 		ARCH_DIRS="${DIR}/LoongArchVirtQemu"
-		UNIT0="QEMU_EFI.fd"
-		UNIT1="QEMU_VARS.fd"
-		FMT="raw"
+		UNIT0="QEMU_EFI.qcow2"
+		UNIT1="QEMU_VARS.qcow2"
+		FMT="qcow2"
 		;;
 	riscv)
 		TARGET_ARCH="RISCV64"
@@ -275,6 +275,7 @@ src_compile() {
 			-D NETWORK_TLS_ENABLE=FALSE
 		)
 		mybuild -a LOONGARCH64 -p OvmfPkg/LoongArchVirt/LoongArchVirtQemu.dsc
+		raw_to_qcow2 0 Build/LoongArchVirtQemu/"${BUILD_DIR}"/FV/QEMU_{EFI,VARS}.fd
 		;;
 	riscv)
 		mybuild -a RISCV64 -p OvmfPkg/RiscVVirt/RiscVVirtQemu.dsc
@@ -312,7 +313,7 @@ src_install() {
 		;;
 	loong)
 		insinto ${DIR}/LoongArchVirtQemu
-		doins Build/LoongArchVirtQemu/"${BUILD_DIR}"/FV/QEMU_{EFI,VARS}.fd
+		doins Build/LoongArchVirtQemu/"${BUILD_DIR}"/FV/QEMU_{EFI,VARS}.qcow2
 		;;
 	riscv)
 		insinto ${DIR}/RiscVVirtQemu

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/edk2/

[James Le Cuirot]

commit:     dea3499a64ac9fcd9c56ea2e1368c3b366345c35
Author:     James Le Cuirot <chewi <AT> gentoo <DOT> org>
AuthorDate: Sat Mar 15 23:30:15 2025 +0000
Commit:     James Le Cuirot <chewi <AT> gentoo <DOT> org>
CommitDate: Sat Mar 15 23:30:15 2025 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dea3499a

sys-firmware/edk2: Drop unused flag-o-matic eclass inherit

Signed-off-by: James Le Cuirot <chewi <AT> gentoo.org>

 sys-firmware/edk2/edk2-202411.ebuild | 2 +-
 sys-firmware/edk2/edk2-202502.ebuild | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/sys-firmware/edk2/edk2-202411.ebuild b/sys-firmware/edk2/edk2-202411.ebuild
index a998704605eb..6f24731cf49a 100644
--- a/sys-firmware/edk2/edk2-202411.ebuild
+++ b/sys-firmware/edk2/edk2-202411.ebuild
@@ -6,7 +6,7 @@ EAPI=8
 PYTHON_REQ_USE="sqlite"
 PYTHON_COMPAT=( python3_{12..13} )
 
-inherit edo flag-o-matic prefix python-any-r1 readme.gentoo-r1 secureboot toolchain-funcs
+inherit edo prefix python-any-r1 readme.gentoo-r1 secureboot toolchain-funcs
 
 DESCRIPTION="TianoCore EDK II UEFI firmware for virtual machines"
 HOMEPAGE="https://github.com/tianocore/edk2"

diff --git a/sys-firmware/edk2/edk2-202502.ebuild b/sys-firmware/edk2/edk2-202502.ebuild
index 1a270d46d45f..b6685306e7a0 100644
--- a/sys-firmware/edk2/edk2-202502.ebuild
+++ b/sys-firmware/edk2/edk2-202502.ebuild
@@ -6,7 +6,7 @@ EAPI=8
 PYTHON_REQ_USE="sqlite"
 PYTHON_COMPAT=( python3_{12..13} )
 
-inherit edo flag-o-matic prefix python-any-r1 readme.gentoo-r1 secureboot toolchain-funcs
+inherit edo prefix python-any-r1 readme.gentoo-r1 secureboot toolchain-funcs
 
 DESCRIPTION="TianoCore EDK II UEFI firmware for virtual machines"
 HOMEPAGE="https://github.com/tianocore/edk2"

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/edk2/

[James Le Cuirot]

commit:     bc8236adf12a026d5c0f6434b604e4dd50313bec
Author:     James Le Cuirot <chewi <AT> gentoo <DOT> org>
AuthorDate: Sat Mar 15 23:39:29 2025 +0000
Commit:     James Le Cuirot <chewi <AT> gentoo <DOT> org>
CommitDate: Sat Mar 15 23:39:29 2025 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bc8236ad

sys-firmware/edk2: Add python3_13t to 202502

Signed-off-by: James Le Cuirot <chewi <AT> gentoo.org>

 sys-firmware/edk2/edk2-202502.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys-firmware/edk2/edk2-202502.ebuild b/sys-firmware/edk2/edk2-202502.ebuild
index b6685306e7a0..39cab3d3af2c 100644
--- a/sys-firmware/edk2/edk2-202502.ebuild
+++ b/sys-firmware/edk2/edk2-202502.ebuild
@@ -4,7 +4,7 @@
 EAPI=8
 
 PYTHON_REQ_USE="sqlite"
-PYTHON_COMPAT=( python3_{12..13} )
+PYTHON_COMPAT=( python3_{12..13} python3_13t )
 
 inherit edo prefix python-any-r1 readme.gentoo-r1 secureboot toolchain-funcs
 

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/edk2/

[James Le Cuirot]

commit:     f7335162bcbc4f5f4d0df26c1bebec82f912cc3a
Author:     James Le Cuirot <chewi <AT> gentoo <DOT> org>
AuthorDate: Sat Mar 15 23:41:28 2025 +0000
Commit:     James Le Cuirot <chewi <AT> gentoo <DOT> org>
CommitDate: Sat Mar 15 23:41:28 2025 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f7335162

sys-firmware/edk2: Add myself as co-maintainer

Signed-off-by: James Le Cuirot <chewi <AT> gentoo.org>

 sys-firmware/edk2/metadata.xml | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/sys-firmware/edk2/metadata.xml b/sys-firmware/edk2/metadata.xml
index 25727c4c2437..d159584fa220 100644
--- a/sys-firmware/edk2/metadata.xml
+++ b/sys-firmware/edk2/metadata.xml
@@ -1,12 +1,16 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
 <pkgmetadata>
-<maintainer type="project">
-	<email>virtualization@gentoo.org</email>
-	<name>Gentoo Virtualization Project</name>
-</maintainer>
-<upstream>
-	<remote-id type="github">tianocore/edk2</remote-id>
-	<remote-id type="cpe">cpe:/a:tianocore:edk2</remote-id>
-</upstream>
+	<maintainer type="project">
+		<email>virtualization@gentoo.org</email>
+		<name>Gentoo Virtualization Project</name>
+	</maintainer>
+	<maintainer type="person">
+			<email>chewi@gentoo.org</email>
+			<name>James Le Cuirot</name>
+	</maintainer>
+	<upstream>
+		<remote-id type="github">tianocore/edk2</remote-id>
+		<remote-id type="cpe">cpe:/a:tianocore:edk2</remote-id>
+	</upstream>
 </pkgmetadata>

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/edk2/

[James Le Cuirot]

commit:     4d11adf1145471e4bbba7d66d45c324a2bcd4e24
Author:     James Le Cuirot <chewi <AT> gentoo <DOT> org>
AuthorDate: Wed Mar 19 09:47:21 2025 +0000
Commit:     James Le Cuirot <chewi <AT> gentoo <DOT> org>
CommitDate: Wed Mar 19 09:47:21 2025 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4d11adf1

sys-firmware/edk2: Drop arm64 from 202502 for now

It fails to build due to a DT_TEXTREL and linker warnings now being fatal. I
will investigate soon.

Signed-off-by: James Le Cuirot <chewi <AT> gentoo.org>

 sys-firmware/edk2/edk2-202502.ebuild | 27 ++++++++++++++++++++-------
 1 file changed, 20 insertions(+), 7 deletions(-)

diff --git a/sys-firmware/edk2/edk2-202502.ebuild b/sys-firmware/edk2/edk2-202502.ebuild
index 39cab3d3af2c..7365b7469816 100644
--- a/sys-firmware/edk2/edk2-202502.ebuild
+++ b/sys-firmware/edk2/edk2-202502.ebuild
@@ -48,7 +48,7 @@ SRC_URI="
 S="${WORKDIR}/${PN}-${PN}-stable${PV}"
 LICENSE="BSD-2 MIT"
 SLOT="0"
-KEYWORDS="-* ~amd64 ~arm64 ~loong ~riscv"
+KEYWORDS="-* ~amd64 ~loong ~riscv"
 
 BDEPEND="
 	${PYTHON_DEPS}
@@ -205,6 +205,14 @@ raw_to_qcow2() {
 	done
 }
 
+nx_strict_args() {
+	"${@}" \
+		--pcd PcdDxeNxMemoryProtectionPolicy=0xC000000000007FD5 \
+		--pcd PcdImageProtectionPolicy=0x03 \
+		--pcd PcdNullPointerDetectionPropertyMask=0x03 \
+		--pcd PcdSetNxForStack=TRUE
+}
+
 src_compile() {
 	TOOLCHAIN="GCC5"
 	BUILD_TARGET="RELEASE"
@@ -228,9 +236,14 @@ src_compile() {
 
 	case "${ARCH}" in
 	amd64)
+		BUILD_ARGS+=(
+			# shim.efi has broken MemAttr code
+			--pcd PcdUninstallMemAttrProtocol=TRUE
+		)
+
 		local SIZE
 		for SIZE in _2M _4M; do
-			mybuild -a X64 -p OvmfPkg/OvmfPkgX64.dsc \
+			nx_strict_args mybuild -a X64 -p OvmfPkg/OvmfPkgX64.dsc \
 				-D FD_SIZE${SIZE}B \
 				-D BUILD_SHELL=FALSE \
 				-D SECURE_BOOT_ENABLE \
@@ -239,7 +252,8 @@ src_compile() {
 			mv -T Build/OvmfX64 Build/OvmfX64${SIZE}.secboot || die
 
 			mybuild -a X64 -p OvmfPkg/OvmfPkgX64.dsc \
-				-D FD_SIZE${SIZE}B
+				-D FD_SIZE${SIZE}B \
+				--pcd PcdDxeNxMemoryProtectionPolicy=0
 
 			mv -T Build/OvmfX64 Build/OvmfX64${SIZE} || die
 
@@ -251,19 +265,18 @@ src_compile() {
 		;;
 	arm64)
 		BUILD_ARGS+=(
-			# grub.efi uses EfiLoaderData for code
-			--pcd PcdDxeNxMemoryProtectionPolicy=0xC000000000007FD1
 			# shim.efi has broken MemAttr code
 			--pcd PcdUninstallMemAttrProtocol=TRUE
 		)
 
-		mybuild -a AARCH64 -p ArmVirtPkg/ArmVirtQemu.dsc \
+		nx_strict_args mybuild -a AARCH64 -p ArmVirtPkg/ArmVirtQemu.dsc \
 			-D BUILD_SHELL=FALSE \
 			-D SECURE_BOOT_ENABLE
 
 		mv -T Build/ArmVirtQemu-AARCH64 Build/ArmVirtQemu-AARCH64.secboot_INSECURE || die
 
-		mybuild -a AARCH64 -p ArmVirtPkg/ArmVirtQemu.dsc
+		mybuild -a AARCH64 -p ArmVirtPkg/ArmVirtQemu.dsc \
+			--pcd PcdDxeNxMemoryProtectionPolicy=0xC000000000007FD1
 
 		mk_fw_vars arm64 Build/ArmVirtQemu-AARCH64.secboot_INSECURE/"${BUILD_DIR}"/FV/QEMU_VARS.fd
 		raw_to_qcow2 64m Build/ArmVirtQemu-AARCH64*/"${BUILD_DIR}"/FV/QEMU_{EFI,VARS}.fd