!300 [openEuler-24.03-LTS]Add build process for OVMF binary without option '-D SECURE_BOOT_ENABLE=TRUE' to edk2.spec

From: @hanliyang Reviewed-by: @caojinhuahw Signed-off-by: @caojinhuahw
2025-03-10 09:23:44 +00:00 · 2025-03-10 09:23:44 +00:00 · 981d3b037f
commit 981d3b037f
parent ba24d73577 1ffbd1357e
1 changed files with 25 additions and 1 deletions
--- a/edk2.spec
+++ b/edk2.spec
@ -7,7 +7,7 @@

 Name: edk2
 Version: %{stable_date}
-Release: 17
+Release: 18
 Summary: EFI Development Kit II
 License: BSD-2-Clause-Patent and OpenSSL and MIT 
 URL: https://github.com/tianocore/edk2
@ -244,6 +244,24 @@ BUILD_OPTION="$BUILD_OPTION -D TPM_CONFIG_ENABLE=TRUE"

 build $BUILD_OPTION

+%ifarch x86_64
+    for ovmf_bin in $(ls Build/OvmfX64/*/FV/OVMF*.fd); do
+        mv ${ovmf_bin} ${ovmf_bin}.secure_boot
+    done
+
+    BUILD_OPTION=$(echo $BUILD_OPTION | sed 's/ -D SECURE_BOOT_ENABLE=TRUE//g')
+
+    build $BUILD_OPTION
+
+    for ovmf_bin in $(ls Build/OvmfX64/*/FV/OVMF*.fd); do
+        mv ${ovmf_bin} $(echo ${ovmf_bin} | sed 's/\.fd/\.nosb\.fd/')
+    done
+
+    for ovmf_bin in $(ls Build/OvmfX64/*/FV/OVMF*.fd.secure_boot); do
+        mv ${ovmf_bin} $(echo ${ovmf_bin} | sed 's/\.secure_boot//')
+    done
+%endif
+
 %install
 cp CryptoPkg/Library/OpensslLib/openssl/LICENSE.txt LICENSE.openssl
 mkdir -p %{buildroot}%{_bindir} \
@ -290,6 +308,8 @@ chmod +x %{buildroot}%{_bindir}/Rsa2048Sha256GenerateKeys
 %endif

 %ifarch x86_64
+    mkdir -p %{buildroot}/usr/share/%{name}/ovmf.nosb
+    mv Build/OvmfX64/*/FV/OVMF*.nosb.fd %{buildroot}/usr/share/%{name}/ovmf.nosb
    mkdir -p %{buildroot}/usr/share/%{name}/ovmf
    cp Build/OvmfX64/*/FV/OVMF*.fd %{buildroot}/usr/share/%{name}/ovmf
    install -m 0644 edk2-ovmf-x64-nosb.json %{buildroot}%{_datadir}/qemu/firmware/10-edk2-ovmf-x64-nosb.json
@ -373,6 +393,7 @@ chmod +x %{buildroot}%{_bindir}/Rsa2048Sha256GenerateKeys
 %license LICENSE.openssl
 %dir %{_datadir}/%{name}
 %{_datadir}/%{name}/ovmf
+%{_datadir}/%{name}/ovmf.nosb
 %{_datadir}/qemu/firmware/10-edk2-ovmf-x64-nosb.json
 %endif

@ -401,6 +422,9 @@ chmod +x %{buildroot}%{_bindir}/Rsa2048Sha256GenerateKeys
 %endif

 %changelog
+* Fri Feb 28 2025 hanliyang<hanliyang@hygon.cn> - 202308-18
+- Build OVMF without '-D SECURE_BOOT_ENABLE=TRUE' for X64
+
 * Sun Feb 23 2025 huyu<huyu70@h-partners.com> - 202308-17
 - fix CVE-2024-13176、CVE-2024-4741、CVE-2023-5363