Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 681936

Summary: sys-firmware/edk2-ovmf lacks Secure Boot support
Product: Gentoo Linux Reporter: Sebastian Hamann <gentoo-bugs>
Component: Current packagesAssignee: Matthias Maier <tamiko>
Status: RESOLVED FIXED    
Severity: normal CC: virtualization
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Sebastian Hamann 2019-03-28 17:04:11 UTC 
Currently available versions of sys-firmware/edk2-ovmf only install a firmware build without Secure Boot support. A build with Secure Boot support would allow easily experimenting/developing/testing Secure Boot in a VM.

Build instructions from Tianocore:
https://github.com/tianocore/tianocore.github.io/wiki/Testing-SMM-with-QEMU,-KVM-and-libvirt

What Fedora does:
https://src.fedoraproject.org/rpms/edk2/blob/master/f/edk2.spec

Similar feature request on Arch Linux:
https://bugs.archlinux.org/task/59465

I think, the gist of it is to add -D SMM_REQUIRE -D SECURE_BOOT_ENABLE to the build process. Some fiddling with OpenSSL may be required as well.

I extracted OVMF_CODE.secboot.fd from Fedora's edk2-ovmf-20190308stable-1.fc31.noarch.rpm and dropped it on my Gentoo system. It works fine with qemu and libvirt.
Comment 1 Larry the Git Cow gentoo-dev 2019-07-28 23:17:50 UTC 
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6137d4c59ea47d77517e925d8bfd46b8b3b1f669

commit 6137d4c59ea47d77517e925d8bfd46b8b3b1f669
Author:     Matthias Maier <tamiko@gentoo.org>
AuthorDate: 2019-07-28 21:00:39 +0000
Commit:     Matthias Maier <tamiko@gentoo.org>
CommitDate: 2019-07-28 23:17:16 +0000

    sys-firmware/edk2-ovmf: version bump to 201905
    
     * switch to new upstream version number
    
     * add secure boot support
    
     * versions contains security fixes for all vulnerabilities identified
       in #678906c1
    
    Closes: https://bugs.gentoo.org/680920
    Closes: https://bugs.gentoo.org/681936
    Closes: https://bugs.gentoo.org/665152
    Bug: https://bugs.gentoo.org/678906
    Package-Manager: Portage-2.3.69, Repoman-2.3.16
    Signed-off-by: Matthias Maier <tamiko@gentoo.org>

 sys-firmware/edk2-ovmf/Manifest                |   5 +-
 sys-firmware/edk2-ovmf/edk2-ovmf-201905.ebuild | 153 +++++++++++++++++++++++++
 2 files changed, 156 insertions(+), 2 deletions(-)