diff options
| author | Nikolay Amiantov <ab@fmap.me> | 2019-07-15 17:35:30 +0300 |
|---|---|---|
| committer | Nikolay Amiantov <ab@fmap.me> | 2019-08-19 19:52:30 +0300 |
| commit | c3a6c8de88889c7679b88d867c618a250befec78 (patch) | |
| tree | 67c711792a240e54077f3832f29ab687e198fa31 /pkgs/applications/virtualization/OVMF | |
| parent | 9125f51b7068fa63d2fb3092862720a584229073 (diff) | |
edk2: 2017-12-05 -> 201905
* Move to stable version; * Refactor `setup` to `mkDerivation`; * Use flags instead of `sed`; * Support Secure Boot builds.
Diffstat (limited to 'pkgs/applications/virtualization/OVMF')
| -rw-r--r-- | pkgs/applications/virtualization/OVMF/default.nix | 64 |
1 files changed, 17 insertions, 47 deletions
diff --git a/pkgs/applications/virtualization/OVMF/default.nix b/pkgs/applications/virtualization/OVMF/default.nix index c858f4c4d6d3b..ecf6f1c54218e 100644 --- a/pkgs/applications/virtualization/OVMF/default.nix +++ b/pkgs/applications/virtualization/OVMF/default.nix @@ -1,4 +1,9 @@ -{ stdenv, lib, edk2, nasm, iasl, seabios, openssl, secureBoot ? false }: +{ stdenv, lib, edk2, utillinux, nasm, iasl +, csmSupport ? false, seabios ? null +, secureBoot ? false +}: + +assert csmSupport -> seabios != null; let @@ -12,60 +17,25 @@ let throw "Unsupported architecture"; version = (builtins.parseDrvName edk2.name).version; - - src = edk2.src; in -stdenv.mkDerivation (edk2.setup projectDscPath { +edk2.mkDerivation projectDscPath { name = "OVMF-${version}"; - inherit src; - outputs = [ "out" "fd" ]; - # TODO: properly include openssl for secureBoot - buildInputs = [nasm iasl] ++ stdenv.lib.optionals (secureBoot == true) [ openssl ]; - - hardeningDisable = [ "stackprotector" "pic" "fortify" ]; + buildInputs = [ utillinux nasm iasl ]; - unpackPhase = '' - # $fd is overwritten during the build - export OUTPUT_FD=$fd + hardeningDisable = [ "format" "stackprotector" "pic" "fortify" ]; - for file in \ - "${src}"/{UefiCpuPkg,MdeModulePkg,IntelFrameworkModulePkg,PcAtChipsetPkg,FatBinPkg,EdkShellBinPkg,MdePkg,ShellPkg,OptionRomPkg,IntelFrameworkPkg,FatPkg,CryptoPkg,SourceLevelDebugPkg}; - do - ln -sv "$file" . - done + buildFlags = + lib.optional secureBoot "-DSECURE_BOOT_ENABLE=TRUE" + ++ lib.optionals csmSupport [ "-D CSM_ENABLE" "-D FD_SIZE_2MB" ]; - ${if stdenv.isAarch64 then '' - ln -sv ${src}/ArmPkg . - ln -sv ${src}/ArmPlatformPkg . - ln -sv ${src}/ArmVirtPkg . - ln -sv ${src}/EmbeddedPkg . - ln -sv ${src}/OvmfPkg . - '' else if seabios != null then '' - cp -r ${src}/OvmfPkg . - chmod +w OvmfPkg/Csm/Csm16 - cp ${seabios}/Csm16.bin OvmfPkg/Csm/Csm16/Csm16.bin - '' else '' - ln -sv ${src}/OvmfPkg . - ''} - - ${lib.optionalString secureBoot '' - ln -sv ${src}/SecurityPkg . - ln -sv ${src}/CryptoPkg . - ''} + postPatch = lib.optionalString csmSupport '' + cp ${seabios}/Csm16.bin OvmfPkg/Csm/Csm16/Csm16.bin ''; - buildPhase = if stdenv.isAarch64 then '' - build -n $NIX_BUILD_CORES - '' else if seabios == null then '' - build -n $NIX_BUILD_CORES ${lib.optionalString secureBoot "-DSECURE_BOOT_ENABLE=TRUE"} - '' else '' - build -n $NIX_BUILD_CORES -D CSM_ENABLE -D FD_SIZE_2MB ${lib.optionalString secureBoot "-DSECURE_BOOT_ENABLE=TRUE"} - ''; - postFixup = if stdenv.isAarch64 then '' mkdir -vp $fd/FV mkdir -vp $fd/AAVMF @@ -77,8 +47,8 @@ stdenv.mkDerivation (edk2.setup projectDscPath { dd of=$fd/AAVMF/QEMU_EFI-pflash.raw if=$fd/FV/QEMU_EFI.fd conv=notrunc dd of=$fd/AAVMF/vars-template-pflash.raw if=/dev/zero bs=1M count=64 '' else '' - mkdir -vp $OUTPUT_FD/FV - mv -v $out/FV/OVMF{,_CODE,_VARS}.fd $OUTPUT_FD/FV + mkdir -vp $fd/FV + mv -v $out/FV/OVMF{,_CODE,_VARS}.fd $fd/FV ''; dontPatchELF = true; @@ -89,4 +59,4 @@ stdenv.mkDerivation (edk2.setup projectDscPath { license = stdenv.lib.licenses.bsd2; platforms = ["x86_64-linux" "i686-linux" "aarch64-linux"]; }; -}) +} |