1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
|
{ stdenv, lib, edk2, nasm, iasl, seabios, openssl, secureBoot ? false }:
let
projectDscPath = if stdenv.isi686 then
"OvmfPkg/OvmfPkgIa32.dsc"
else if stdenv.isx86_64 then
"OvmfPkg/OvmfPkgX64.dsc"
else if stdenv.isAarch64 then
"ArmVirtPkg/ArmVirtQemu.dsc"
else
throw "Unsupported architecture";
version = (builtins.parseDrvName edk2.name).version;
src = edk2.src;
in
stdenv.mkDerivation (edk2.setup projectDscPath {
name = "OVMF-${version}";
inherit src;
outputs = [ "out" "fd" ];
# TODO: properly include openssl for secureBoot
buildInputs = [nasm iasl] ++ stdenv.lib.optionals (secureBoot == true) [ openssl ];
hardeningDisable = [ "stackprotector" "pic" "fortify" ];
unpackPhase = ''
# $fd is overwritten during the build
export OUTPUT_FD=$fd
for file in \
"${src}"/{UefiCpuPkg,MdeModulePkg,IntelFrameworkModulePkg,PcAtChipsetPkg,FatBinPkg,EdkShellBinPkg,MdePkg,ShellPkg,OptionRomPkg,IntelFrameworkPkg,FatPkg,CryptoPkg,SourceLevelDebugPkg};
do
ln -sv "$file" .
done
${if stdenv.isAarch64 then ''
ln -sv ${src}/ArmPkg .
ln -sv ${src}/ArmPlatformPkg .
ln -sv ${src}/ArmVirtPkg .
ln -sv ${src}/EmbeddedPkg .
ln -sv ${src}/OvmfPkg .
'' else if seabios != null then ''
cp -r ${src}/OvmfPkg .
chmod +w OvmfPkg/Csm/Csm16
cp ${seabios}/Csm16.bin OvmfPkg/Csm/Csm16/Csm16.bin
'' else ''
ln -sv ${src}/OvmfPkg .
''}
${lib.optionalString secureBoot ''
ln -sv ${src}/SecurityPkg .
ln -sv ${src}/CryptoPkg .
''}
'';
buildPhase = if stdenv.isAarch64 then ''
build -n $NIX_BUILD_CORES
'' else if seabios == null then ''
build -n $NIX_BUILD_CORES ${lib.optionalString secureBoot "-DSECURE_BOOT_ENABLE=TRUE"}
'' else ''
build -n $NIX_BUILD_CORES -D CSM_ENABLE -D FD_SIZE_2MB ${lib.optionalString secureBoot "-DSECURE_BOOT_ENABLE=TRUE"}
'';
postFixup = if stdenv.isAarch64 then ''
mkdir -vp $fd/FV
mkdir -vp $fd/AAVMF
mv -v $out/FV/QEMU_{EFI,VARS}.fd $fd/FV
# Uses Fedora dir layout: https://src.fedoraproject.org/cgit/rpms/edk2.git/tree/edk2.spec
# FIXME: why is it different from Debian dir layout? https://anonscm.debian.org/cgit/pkg-qemu/edk2.git/tree/debian/rules
dd of=$fd/AAVMF/QEMU_EFI-pflash.raw if=/dev/zero bs=1M count=64
dd of=$fd/AAVMF/QEMU_EFI-pflash.raw if=$fd/FV/QEMU_EFI.fd conv=notrunc
dd of=$fd/AAVMF/vars-template-pflash.raw if=/dev/zero bs=1M count=64
'' else ''
mkdir -vp $OUTPUT_FD/FV
mv -v $out/FV/OVMF{,_CODE,_VARS}.fd $OUTPUT_FD/FV
'';
dontPatchELF = true;
meta = {
description = "Sample UEFI firmware for QEMU and KVM";
homepage = https://github.com/tianocore/tianocore.github.io/wiki/OVMF;
license = stdenv.lib.licenses.bsd2;
platforms = ["x86_64-linux" "i686-linux" "aarch64-linux"];
};
})
|