erebion/coreboot
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
coreboot/payloads/external/edk2/Makefile
Sean Rhodes 817394f12c Makefile.mk: generate EDK2 update capsule 
Generate a signed UEFI capsule from the final coreboot ROM image using
EDK2 BaseTools.

When using an EDK2 payload and enabling DRIVERS_EFI_UPDATE_CAPSULES and
DRIVERS_EFI_GENERATE_CAPSULE, the build produces build/coreboot.cap once
the ROM is finalised (after all files were added to CBFS). The capsule
can also be generated explicitly with `make capsule`.

Move the capsule generation and certificate preparation into
payloads/external/edk2/Makefile, including generating the trusted root
certificate PCD include via BinToPcd.

Support capsule flows with an embedded FmpDxe driver by optionally
embedding FmpDxe.efi into generated capsules, and wiring the
embedded-driver Kconfig options through to the EDK2 payload build and
capsule generation.

Always set PersistAcrossReset on the capsule. Make InitiateReset
configurable (default off) because Linux rejects capsules with
InitiateReset when writing via /dev/efi_capsule_loader.

Use CONFIG_DRIVERS_EFI_MAIN_FW_VERSION for GenerateCapsule
--fw-version, but fall back to parsing a leading <major>.<minor> from
CONFIG_LOCALVERSION when it is left at 0. If
CONFIG_DRIVERS_EFI_MAIN_FW_LSV is 0, use the resolved firmware version.

Document capsule generation and embedded driver configuration.

Corresponding edk2 patches can be found at:
https://github.com/tianocore/edk2/pull/12053

Change-Id: I5f56b894d40ddb49f3158bb72f0143d0ebe9c34c
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/90862
Reviewed-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2026-03-16 19:51:14 +00:00

464 lines
17 KiB
Makefile
Raw Blame History

## SPDX-License-Identifier: GPL-2.0-only
# force the shell to bash - the edksetup.sh script doesn't work with dash
export SHELL := env bash
project_name = edk2
export WORKSPACE := $(CURDIR)/workspace
strip_quotes = $(subst ",,$(1))
EDK2_REPOSITORY := $(call strip_quotes,$(CONFIG_EDK2_REPOSITORY))
EDK2_PLATFORMS_REPOSITORY := $(call strip_quotes,$(CONFIG_EDK2_PLATFORMS_REPOSITORY))
EDK2_PATH_REPO_ROOT := $(word 3,$(subst /, ,$(EDK2_REPOSITORY)))
export EDK2_PATH := $(WORKSPACE)/$(EDK2_PATH_REPO_ROOT)
define edk2_abspath
$(if $(filter /%,$(1)),$(1),$(EDK2_PATH)/$(1))
endef
ifeq ($(CONFIG_EDK2_USE_EDK2_PLATFORMS),y)
BUILD_STR += -D USE_EDK2_PLATFORMS=TRUE
export EDK2_PLATFORMS_PATH := $(WORKSPACE)/edk2-platforms
export PACKAGES_PATH := $(EDK2_PATH):\
$(EDK2_PLATFORMS_PATH)/Platform/Intel:\
$(EDK2_PLATFORMS_PATH)/Silicon/Intel:\
$(EDK2_PLATFORMS_PATH)/Features/Intel:\
$(EDK2_PLATFORMS_PATH)/Features/Intel/Debugging:\
$(EDK2_PLATFORMS_PATH)/Features/Intel/Network:\
$(EDK2_PLATFORMS_PATH)/Features/Intel/OutOfBandManagement:\
$(EDK2_PLATFORMS_PATH)/Features/Intel/PowerManagement:\
$(EDK2_PLATFORMS_PATH)/Features/Intel/SystemInformation:\
$(EDK2_PLATFORMS_PATH)/Features/Intel/UserInterface
else
export PACKAGES_PATH := $(EDK2_PATH)
endif
OBJCOPY = $(GCC_PREFIX)objcopy
ifeq ($(CONFIG_EDK2_UEFIPAYLOAD),y)
BUILD_STR += -p UefiPayloadPkg/UefiPayloadPkg.dsc
endif
BUILD_STR += -t GCC
BUILD_STR += -D BOOTLOADER=COREBOOT
ifneq ($(V),1)
BUILD_STR += -q
ifeq ($(CONFIG_EDK2_UEFIPAYLOAD),y)
BUILD_STR += -s
endif
endif
BUILD_STR += -D BUILD_ARCH=X64
#
# EDK II (edk2/master) has the following build options relevant to coreboot:
#
#
# OPTION = DEFAULT_VALUE
#
# BOOTSPLASH_IMAGE = FALSE
ifneq ($(CONFIG_EDK2_BOOTSPLASH_FILE),)
BUILD_STR += -D BOOTSPLASH_IMAGE=TRUE
endif
# BOOT_MANAGER_ESCAPE = FALSE
ifeq ($(CONFIG_EDK2_BOOT_MANAGER_ESCAPE),y)
BUILD_STR += -D BOOT_MANAGER_ESCAPE=TRUE
endif
# BUILD_TARGETS = DEBUG
ifeq ($(CONFIG_EDK2_DEBUG),y)
RELEASE_STR = DEBUG
else
RELEASE_STR = RELEASE
endif
# CPU_TIMER_LIB_ENABLE = TRUE
ifneq ($(CONFIG_EDK2_CPU_TIMER_LIB),y)
BUILD_STR += -D CPU_TIMER_LIB_ENABLE=FALSE
else
BUILD_STR += --pcd gUefiCpuPkgTokenSpaceGuid.PcdCpuCoreCrystalClockFrequency=$(CONFIG_CPU_XTAL_HZ)
endif
# DISABLE_SERIAL_TERMINAL = FALSE
ifneq ($(CONFIG_EDK2_SERIAL_SUPPORT),y)
BUILD_STR += -D DISABLE_SERIAL_TERMINAL=TRUE
endif
# VARIABLE_SUPPORT = EMU
# MAX_VARIABLE_SIZE = 0x10000
ifeq ($(CONFIG_SMMSTORE_V2),y)
BUILD_STR += -D VARIABLE_SUPPORT=SMMSTORE
BUILD_STR += --pcd gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize=0x8000
endif
# PCIE_BASE_ADDRESS = 0
ifneq ($(CONFIG_ECAM_MMCONF_LENGTH),)
BUILD_STR += --pcd gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress=$(CONFIG_ECAM_MMCONF_BASE_ADDRESS)
endif
# PCIE_BASE_LENGTH = 0
ifneq ($(CONFIG_ECAM_MMCONF_LENGTH),)
BUILD_STR += --pcd gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseSize=$(CONFIG_ECAM_MMCONF_LENGTH)
endif
# PS2_KEYBOARD_ENABLE = FALSE
ifeq ($(CONFIG_EDK2_PS2_SUPPORT),y)
BUILD_STR += -D PS2_KEYBOARD_ENABLE=TRUE
endif
# PLATFORM_BOOT_TIMEOUT = 3
ifneq ($(CONFIG_EDK2_BOOT_TIMEOUT),)
BUILD_STR += -D PLATFORM_BOOT_TIMEOUT=$(CONFIG_EDK2_BOOT_TIMEOUT)
endif
# SIO_BUS_ENABLE = FALSE
ifeq ($(CONFIG_EDK2_PS2_SUPPORT),y)
BUILD_STR += -D SIO_BUS_ENABLE=TRUE
endif
# SHELL_TYPE = BUILD_SHELL
ifneq ($(CONFIG_EDK2_HAVE_EFI_SHELL),y)
BUILD_STR += -D SHELL_TYPE=NONE
endif
# USE_CBMEM_FOR_CONSOLE = FALSE
ifeq ($(CONFIG_EDK2_CBMEM_LOGGING),y)
BUILD_STR += -D USE_CBMEM_FOR_CONSOLE=TRUE
endif
# SD_MMC_TIMEOUT = 1000000
ifneq ($(CONFIG_EDK2_SD_MMC_TIMEOUT),)
BUILD_STR += -D SD_MMC_TIMEOUT=$(shell echo $$(( $(CONFIG_EDK2_SD_MMC_TIMEOUT) * 1000)) )
endif
# EDK2_SECURE_BOOT_SUPPORT = FALSE
ifeq ($(CONFIG_EDK2_SECURE_BOOT_SUPPORT), y)
BUILD_STR += -D SECURE_BOOT_ENABLE=TRUE
endif
# PCIEXP_SUPPORT_RESIZABLE_BARS = FALSE
ifeq ($(CONFIG_PCIEXP_SUPPORT_RESIZABLE_BARS), y)
BUILD_STR += --pcd gEfiMdeModulePkgTokenSpaceGuid.PcdPcieResizableBarSupport=TRUE
endif
# Preserve VRT bit in RTC_ADDRESS_REGISTER_D
# AMD SoC sets this every 1.024msec, but the generic code assumes it's read-only and
# hardcoded to 1 like on every Intel chipset since Intel ICH.
ifeq ($(CONFIG_SOC_AMD_COMMON_BLOCK_PSP_GEN2), y)
BUILD_STR += --pcd gPcAtChipsetPkgTokenSpaceGuid.PcdInitialValueRtcRegisterD=0x80
endif
# CAPSULE_SUPPORT = FALSE
# CAPSULE_MAIN_FW_GUID =
ifeq ($(CONFIG_DRIVERS_EFI_UPDATE_CAPSULES),y)
BUILD_STR += -D CAPSULE_SUPPORT=TRUE
BUILD_STR += -D CAPSULE_MAIN_FW_GUID=$(CONFIG_DRIVERS_EFI_MAIN_FW_GUID)
endif
ifeq ($(CONFIG_DRIVERS_EFI_CAPSULE_ACCEPT_EMBEDDED_DRIVERS),y)
BUILD_STR += --pcd gEfiMdeModulePkgTokenSpaceGuid.PcdCapsuleEmbeddedDriverSupport=TRUE
endif
ifeq ($(CONFIG_DRIVERS_EFI_CAPSULE_EMBED_FMP_DXE),y)
BUILD_STR += -D CAPSULE_EMBED_FMP_DXE=TRUE
endif
CAPSULE_PCD_INC_REL := BaseTools/Source/Python/Pkcs7Sign/TestRoot.cer.gFmpDevicePkgTokenSpaceGuid.PcdFmpDevicePkcs7CertBufferXdr.inc
CAPSULE_PCD_INC := $(EDK2_PATH)/$(CAPSULE_PCD_INC_REL)
CAPSULE_PCD_NAME := gFmpDevicePkgTokenSpaceGuid.PcdFmpDevicePkcs7CertBufferXdr
CAPSULE_GUID := $(call strip_quotes,$(CONFIG_DRIVERS_EFI_MAIN_FW_GUID))
CAPSULE_REGIONS := $(call strip_quotes,$(CONFIG_DRIVERS_EFI_CAPSULE_REGIONS))
CAPSULE_LOCALVERSION := $(call strip_quotes,$(CONFIG_LOCALVERSION))
CAPSULE_SIGNER_PRIVATE_CERT := $(call strip_quotes,$(CONFIG_DRIVERS_EFI_CAPSULE_SIGNER_PRIVATE_CERT))
CAPSULE_OTHER_PUBLIC_CERT := $(call strip_quotes,$(CONFIG_DRIVERS_EFI_CAPSULE_OTHER_PUBLIC_CERT))
CAPSULE_TRUSTED_PUBLIC_CERT := $(call strip_quotes,$(CONFIG_DRIVERS_EFI_CAPSULE_TRUSTED_PUBLIC_CERT))
CAPSULE_SIGNER_PRIVATE_CERT_PATH := $(call edk2_abspath,$(CAPSULE_SIGNER_PRIVATE_CERT))
CAPSULE_OTHER_PUBLIC_CERT_PATH := $(call edk2_abspath,$(CAPSULE_OTHER_PUBLIC_CERT))
CAPSULE_TRUSTED_PUBLIC_CERT_PATH := $(call edk2_abspath,$(CAPSULE_TRUSTED_PUBLIC_CERT))
# AppendRmapManifest.py moved from BaseTools/Scripts to UefiPayloadPkg/Tools in
# newer edk2 trees.
EDK2_APPEND_RMAP_MANIFEST = $(firstword $(wildcard \
$(EDK2_PATH)/UefiPayloadPkg/Tools/AppendRmapManifest.py \
$(EDK2_PATH)/BaseTools/Scripts/AppendRmapManifest.py \
))
# If FmpDxe is built, edk2 also places it in the top-level X64 output dir.
EDK2_FMP_DXE = $(WORKSPACE)/Build/UefiPayloadPkgX64/$(RELEASE_STR)_GCC/X64/FmpDxe.efi
CAPSULE_ROOT_CERT_DER := $(WORKSPACE)/capsule_trusted_root.der
#
# One or more downstream edk2 repositories support the following additional options:
#
ifeq ($(CONFIG_EDK2_REPO_OFFICIAL),)
# FOLLOW_BGRT_SPEC = FALSE
ifeq ($(CONFIG_EDK2_FOLLOW_BGRT_SPEC),y)
BUILD_STR += -D FOLLOW_BGRT_SPEC=TRUE
endif
# GOP_DRIVER = FALSE
ifeq ($(CONFIG_EDK2_GOP_DRIVER), y)
BUILD_STR += -D USE_PLATFORM_GOP=TRUE
endif
# PRIORITIZE_INTERNAL = FALSE
ifeq ($(CONFIG_EDK2_PRIORITIZE_INTERNAL),y)
BUILD_STR += -D PRIORITIZE_INTERNAL=TRUE
endif
# TPM_ENABLE = TRUE
ifeq ($(CONFIG_EDK2_DISABLE_TPM),y)
BUILD_STR += -D TPM_ENABLE=FALSE
endif
# TIMER_SUPPORT = HPET
ifeq ($(CONFIG_EDK2_USE_LAPIC_TIMER),y)
BUILD_STR += -D TIMER_SUPPORT=LAPIC
endif
# LOAD_OPTION_ROMS = FALSE
ifeq ($(CONFIG_EDK2_LOAD_OPTION_ROMS),y)
BUILD_STR += -D LOAD_OPTION_ROMS=TRUE
endif
# NETWORK_IPXE = FALSE
ifeq ($(CONFIG_EDK2_IPXE),y)
BUILD_STR += -D NETWORK_IPXE=TRUE
BUILD_STR += --pcd gUefiPayloadPkgTokenSpaceGuid.PcdiPXEOptionName=L"$(CONFIG_EDK2_IPXE_OPTION_NAME)"
endif
endif # !CONFIG_EDK2_REPO_OFFICIAL
#
# EDKII has the below PCDs that are relevant to coreboot:
#
# Allows EDKII to use the full framebuffer
ifeq ($(CONFIG_EDK2_FULL_SCREEN_SETUP),y)
BUILD_STR += --pcd gEfiMdeModulePkgTokenSpaceGuid.PcdConOutRow=0
BUILD_STR += --pcd gEfiMdeModulePkgTokenSpaceGuid.PcdConOutColumn=0
BUILD_STR += --pcd gEfiMdeModulePkgTokenSpaceGuid.PcdSetupConOutRow=0
BUILD_STR += --pcd gEfiMdeModulePkgTokenSpaceGuid.PcdSetupConOutColumn=0
else
BUILD_STR += --pcd gEfiMdeModulePkgTokenSpaceGuid.PcdConOutRow=40
BUILD_STR += --pcd gEfiMdeModulePkgTokenSpaceGuid.PcdConOutColumn=128
BUILD_STR += --pcd gEfiMdeModulePkgTokenSpaceGuid.PcdSetupConOutRow=40
BUILD_STR += --pcd gEfiMdeModulePkgTokenSpaceGuid.PcdSetupConOutColumn=128
endif
BUILD_STR += --pcd gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemId="COREv4"
BUILD_STR += --pcd gUefiCpuPkgTokenSpaceGuid.PcdFirstTimeWakeUpAPsBySipi=FALSE
# coreboot produces SMBIOS 3.0.0 tables
BUILD_STR += --pcd gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosVersion=0x0300
BUILD_STR += --pcd gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosDocRev=0x0
bootloader = $(word 8,$(subst /, ,$(BUILD_STR)))
ifneq ($(CONFIG_EDK2_CUSTOM_BUILD_PARAMS),)
BUILD_STR += $(CONFIG_EDK2_CUSTOM_BUILD_PARAMS)
endif
all: UefiPayloadPkg
$(WORKSPACE):
mkdir $(WORKSPACE)
$(EDK2_PLATFORMS_PATH): $(WORKSPACE)
if [ ! -d "$(EDK2_PLATFORMS_PATH)" ]; then \
git clone --recurse-submodules $(CONFIG_EDK2_PLATFORMS_REPOSITORY) $(EDK2_PLATFORMS_PATH) -j5; \
fi
cd $(EDK2_PLATFORMS_PATH); \
if ! git rev-parse --verify -q $(CONFIG_EDK2_PLATFORMS_TAG_OR_REV)^{object} >/dev/null; then \
echo " $(CONFIG_EDK2_PLATFORMS_TAG_OR_REV) is not a valid git reference"; \
exit 1; \
fi; \
if git status --ignore-submodules=dirty | grep -q "nothing to commit, working tree clean"; then \
echo " Checking out edk2-platforms revision $(CONFIG_EDK2_PLATFORMS_TAG_OR_REV)"; \
git checkout --detach $(CONFIG_EDK2_PLATFORMS_TAG_OR_REV) -f; \
else \
echo " Working directory not clean; will not overwrite"; \
fi; \
git submodule update --init --checkout
$(EDK2_PATH): $(WORKSPACE)
if [ ! -d "$(EDK2_PATH)" ]; then \
git clone --recurse-submodules $(CONFIG_EDK2_REPOSITORY) $(EDK2_PATH) -j5; \
fi
cd $(EDK2_PATH); \
git checkout MdeModulePkg/Logo/Logo.bmp > /dev/null 2>&1 || true; \
git checkout "$(CAPSULE_PCD_INC_REL)" > /dev/null 2>&1 || true; \
if ! git ls-files --error-unmatch "$(CAPSULE_PCD_INC_REL)" >/dev/null 2>&1; then \
rm -f "$(CAPSULE_PCD_INC_REL)" || true; \
fi; \
if [ -e UefiPayloadPkg/ShimLayer/UniversalPayload.o ]; then \
rm UefiPayloadPkg/ShimLayer/UniversalPayload.o; \
fi; \
echo " Fetching new commits from $(CONFIG_EDK2_REPOSITORY)"; \
git fetch origin 2>/dev/null; \
if ! git rev-parse --verify -q $(CONFIG_EDK2_TAG_OR_REV)^{object} >/dev/null; then \
echo " $(CONFIG_EDK2_TAG_OR_REV) is not a valid git reference"; \
exit 1; \
fi; \
if git status --ignore-submodules=dirty | grep -q -e clean -e "nothing added"; then \
echo " Checking out $(project_name) revision $(CONFIG_EDK2_TAG_OR_REV)"; \
git checkout --detach $(CONFIG_EDK2_TAG_OR_REV) -f; \
git submodule update --checkout --recursive; \
else \
echo " Working directory not clean; will not overwrite"; \
fi; \
git submodule update --init --checkout
logo: $(EDK2_PATH)
case "$(CONFIG_EDK2_BOOTSPLASH_FILE)" in \
"") ;; \
/*) convert -background None $(CONFIG_EDK2_BOOTSPLASH_FILE) \
BMP3:$(EDK2_PATH)/MdeModulePkg/Logo/Logo.bmp;; \
*) convert -background None $(top)/$(CONFIG_EDK2_BOOTSPLASH_FILE) \
BMP3:$(EDK2_PATH)/MdeModulePkg/Logo/Logo.bmp;; \
esac \
gop_driver: $(EDK2_PATH)
if [ -n "$(CONFIG_EDK2_GOP_DRIVER)" ]; then \
echo "Using GOP driver $(CONFIG_EDK2_GOP_FILE)"; \
cp $(top)/$(CONFIG_EDK2_GOP_FILE) $(EDK2_PATH)/UefiPayloadPkg/IntelGopDriver.efi; \
cp $(top)/$(CONFIG_INTEL_GMA_VBT_FILE) $(EDK2_PATH)/UefiPayloadPkg/vbt.bin; \
fi; \
ipxe_rom: $(EDK2_PATH)
if [ "$(CONFIG_EDK2_IPXE)" == "y" ]; then \
echo " Including externally built iPXE"; \
mkdir -p $(EDK2_PATH)/UefiPayloadPkg/NetworkDrivers/; \
cp $(top)/payloads/external/iPXE/ipxe/ipxe.rom \
$(EDK2_PATH)/UefiPayloadPkg/NetworkDrivers/ipxe.efi; \
fi \
checktools:
echo -n "EDK2: Checking uuid-dev:"
echo "#include <uuid/uuid.h>" > libtest.c
echo "int main(int argc, char **argv) { (void) argc; (void) argv; return 0; }" >> libtest.c
$(HOSTCC) $(HOSTCCFLAGS) libtest.c -o libtest >/dev/null 2>&1 && echo " Found!" || \
( echo " Not found!"; \
echo "ERROR: please_install uuid-dev (libuuid-devel)"; exit 1 )
rm -rf libtest.c libtest
echo -n "EDK2: Checking nasm:"
type nasm > /dev/null 2>&1 && echo " Found!" || \
( echo " Not found!"; echo "ERROR: Please install nasm."; exit 1 )
echo -n "EDK2: Checking imagemagick:"
-convert -size 1x1 xc: test.png &> /dev/null;
if [ -f test.png ]; then \
rm test.png && echo " Found!"; \
else \
echo " Not found!"; \
echo "ERROR: Please install imagemagick"; \
exit 1; \
fi
ifeq ($(CONFIG_DRIVERS_EFI_UPDATE_CAPSULES)$(CONFIG_DRIVERS_EFI_GENERATE_CAPSULE),yy)
capsule_keys: $(EDK2_PATH)
type openssl > /dev/null 2>&1 || ( echo "ERROR: Please install openssl."; exit 1 )
test -f "$(CAPSULE_TRUSTED_PUBLIC_CERT_PATH)"
test -f "$(EDK2_PATH)/BaseTools/Scripts/BinToPcd.py"
mkdir -p "$(dir $(CAPSULE_PCD_INC))"
openssl x509 -in "$(CAPSULE_TRUSTED_PUBLIC_CERT_PATH)" -outform der -out "$(CAPSULE_ROOT_CERT_DER)"
python3 "$(EDK2_PATH)/BaseTools/Scripts/BinToPcd.py" -q -x \
-i "$(CAPSULE_ROOT_CERT_DER)" -o "$(CAPSULE_PCD_INC)" -p "$(CAPSULE_PCD_NAME)"
prep: capsule_keys
endif
print:
echo " ##### $(project_name) Build Summary #####"
echo " Repository: $(CONFIG_EDK2_REPOSITORY)"
echo " Branch: $(CONFIG_EDK2_TAG_OR_REV)"
echo " Packages path: $(PACKAGES_PATH)"
echo " $(BUILD_STR)" | \
sed -e 's/ --/ -/g' -e 's/ -/ \n /g' | sort | sed \
-e 's/a /Architecture: /g' \
-e 's/b /Release: /g' \
-e 's/D /Option: /g' \
-e 's/pcd /Pcd: /g' \
-e 's/p /Payload: /g' \
-e 's/q /Build: Quiet/' \
-e 's/s /Build: Silent/' \
-e 's/t /Toolchain: /'
prep: $(EDK2_PATH) $(EDK2_PLATFORMS_PATH) clean checktools logo gop_driver ipxe_rom
cd $(WORKSPACE); \
source $(EDK2_PATH)/edksetup.sh; \
unset CC; $(MAKE) -C $(EDK2_PATH)/BaseTools 2>&1; \
$(WORKSPACE)/Build/UefiPayloadPkgX64/$(RELEASE_STR)_GCC/FV/UEFIPAYLOAD.fd: \
prep print
cd $(WORKSPACE); \
source $(EDK2_PATH)/edksetup.sh; \
echo -n "EDK2: Building... "; \
build -a IA32 -a X64 -b $(RELEASE_STR) $(BUILD_STR) \
-y $(WORKSPACE)/Build/UefiPayloadPkgX64/UEFIPAYLOAD.txt; \
if [ ! -f $@ ]; then \
echo "Failed!"; \
exit 1; \
fi
echo "Success!"; \
$(WORKSPACE)/Build/UefiPayloadPkgX64/UniversalPayload.elf: \
prep print
cd $(WORKSPACE); \
source $(EDK2_PATH)/edksetup.sh; \
echo -n "EDK2: Building... "; \
$(EDK2_PATH)/UefiPayloadPkg/UniversalPayloadBuild.sh -a IA32 -b $(RELEASE_STR) $(BUILD_STR)
if [ ! -f $@ ]; then \
echo "Failed!"; \
exit 1; \
fi
echo "Success!"; \
$(WORKSPACE)/Build/UefiPayloadPkgX64/$(RELEASE_STR)_GCC/IA32/UefiPayloadPkg/ShimLayer/ShimLayer/DEBUG/ShimLayer.dll: \
$(WORKSPACE)/Build/UefiPayloadPkgX64/UniversalPayload.elf prep
cd $(WORKSPACE)/Build/UefiPayloadPkgX64 && \
$(OBJCOPY) -I binary UniversalPayload.elf -O elf32-i386 -B i386 \
$(EDK2_PATH)/UefiPayloadPkg/ShimLayer/UniversalPayload.o; \
cd $(WORKSPACE) && \
source $(EDK2_PATH)/edksetup.sh; \
build -p UefiPayloadPkg/UefiPayloadPkg.dsc -b $(RELEASE_STR) -a IA32 -a X64 \
-m UefiPayloadPkg/ShimLayer/ShimLayer.inf \
-t COREBOOT -D BOOTLOADER=COREBOOT -D SHIMLAYER=TRUE \
-y $(WORKSPACE)/Build/UefiPayloadPkgX64/ShimLayer.txt
UefiPayloadPkg: $(WORKSPACE)/Build/UefiPayloadPkgX64/$(RELEASE_STR)_GCC/FV/UEFIPAYLOAD.fd
mv $(WORKSPACE)/Build/UefiPayloadPkgX64/$(RELEASE_STR)_GCC/FV/UEFIPAYLOAD.fd \
../../../build/UEFIPAYLOAD.fd
UniversalPayload: $(WORKSPACE)/Build/UefiPayloadPkgX64/$(RELEASE_STR)_GCC/IA32/UefiPayloadPkg/ShimLayer/ShimLayer/DEBUG/ShimLayer.dll
mv $(WORKSPACE)/Build/UefiPayloadPkgX64/$(RELEASE_STR)_GCC/IA32/UefiPayloadPkg/ShimLayer/ShimLayer/DEBUG/ShimLayer.dll \
../../../build/ShimmedUniversalPayload.elf
clean:
test -d $(WORKSPACE) && (cd $(WORKSPACE); rm -rf Build; rm -f Conf/tools_def.txt) || exit 0
distclean:
rm -rf $(WORKSPACE)
.PHONY: $(EDK2_PATH) checktools logo UefiPayloadPkg UniversalPayload clean distclean
.PHONY: coreboot_capsule capsule_keys
coreboot_capsule: $(EDK2_PATH)
test -n "$(COREBOOT_ROM)"
test -n "$(COREBOOT_CAPSULE_OUT)"
test -f "$(COREBOOT_ROM)"
test -f "$(EDK2_APPEND_RMAP_MANIFEST)"
test -x "$(EDK2_PATH)/BaseTools/BinWrappers/PosixLike/GenerateCapsule"
test -f "$(CAPSULE_SIGNER_PRIVATE_CERT_PATH)"
test -f "$(CAPSULE_OTHER_PUBLIC_CERT_PATH)"
test -f "$(CAPSULE_TRUSTED_PUBLIC_CERT_PATH)"
rmap_rom="$${COREBOOT_CAPSULE_OUT%.cap}.rmap.rom"; \
set -e; \
python3 "$(EDK2_APPEND_RMAP_MANIFEST)" -o "$$rmap_rom" $(foreach r,$(CAPSULE_REGIONS),-r $(r)) "$(COREBOOT_ROM)"; \
embedded_driver_args=(); \
if [ "$(CONFIG_DRIVERS_EFI_CAPSULE_EMBED_FMP_DXE)" = "y" ]; then \
test -f "$(EDK2_FMP_DXE)"; \
embedded_driver_args=( --embedded-driver "$(EDK2_FMP_DXE)" ); \
fi; \
fw_version=$$(( $(CONFIG_DRIVERS_EFI_MAIN_FW_VERSION) )); \
if [ $$fw_version -eq 0 ]; then \
if [[ "$(CAPSULE_LOCALVERSION)" =~ ^[^0-9]*([0-9]+)[.]([0-9]+) ]]; then \
fw_version=$$(( (10#$${BASH_REMATCH[1]} << 16) | 10#$${BASH_REMATCH[2]} )); \
fi; \
fi; \
lsv=$$(( $(CONFIG_DRIVERS_EFI_MAIN_FW_LSV) )); \
if [ $$lsv -eq 0 ]; then \
lsv=$$fw_version; \
fi; \
capflags=( --capflag PersistAcrossReset ); \
if [ "$(CONFIG_DRIVERS_EFI_CAPSULE_INITIATE_RESET)" = "y" ]; then \
capflags+=( --capflag InitiateReset ); \
fi; \
"$(EDK2_PATH)/BaseTools/BinWrappers/PosixLike/GenerateCapsule" -e -o "$(COREBOOT_CAPSULE_OUT)" \
--guid "$(CAPSULE_GUID)" \
"$${capflags[@]}" \
--fw-version $$fw_version --lsv $$lsv \
--signer-private-cert "$(CAPSULE_SIGNER_PRIVATE_CERT_PATH)" \
--other-public-cert "$(CAPSULE_OTHER_PUBLIC_CERT_PATH)" \
--trusted-public-cert "$(CAPSULE_TRUSTED_PUBLIC_CERT_PATH)" \
"$${embedded_driver_args[@]}" \
"$$rmap_rom"
Reference in a new issue View git blame Copy permalink