Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 891191 - sys-firmware/edk2-ovmf{,-bin}: version bump, add 4M firmwares
Summary: sys-firmware/edk2-ovmf{,-bin}: version bump, add 4M firmwares
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Virtualization Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-01-17 12:45 UTC by Kenton Groombridge
Modified: 2024-10-10 16:33 UTC (History)
6 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
/etc/qemu/firmware/30-edk2-ovmf-sb-enrolled.json (30-edk2-ovmf-sb-enrolled.json,751 bytes, application/json)
2023-05-23 10:31 UTC, Mads
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Kenton Groombridge gentoo-dev 2023-01-17 12:45:26 UTC
Please bump to 202211. This version also adds EFI firmwares with 4M space, which seems to be needed[1] to workaround issues installing certain Windows updates on guests (e.g. KB5017308, KB5012170).

[1] https://github.com/tianocore/edk2/discussions/3221#discussioncomment-3664708
Comment 1 Mads 2023-05-22 18:52:05 UTC
How do you solve this for gentoo? Just ripping the binaries from Fedora?
Comment 2 Mads 2023-05-22 19:30:55 UTC
I'm asking because I can't seem to find a simple way of making it work by just replacing the binaries/files, I'm getting

libvirt.libvirtError: operation failed: Unable to find any firmware to satisfy 'efi'
Comment 3 Mads 2023-05-23 07:36:11 UTC
Just adding this for visibility, since people might be Googling. Currently you cannot have a Windows 11 guest VM on Gentoo without the VM crashing on itself after Windows Update (boot failure following Automatic repair and then a reset user profile).

You have to manually provide the 4M version of these binaries, and then it works.
Comment 4 Mads 2023-05-23 10:31:37 UTC
Created attachment 862260 [details]
/etc/qemu/firmware/30-edk2-ovmf-sb-enrolled.json

Here's the qemu firmware json I need in /etc/qemu/firmware for making the new 4M firmwares work (when just overwriting the files with the 4M binaries from Fedora)
Comment 5 Mads 2023-06-02 08:53:27 UTC
The crashing and reset of user folders I was talking about were related to enabling BitLocker in Windows 11 VMs in qemu (which still doesn't work properly). The real symptom with this firmware issue is that applying the mentioned Windows Updates wont succeed. It also affects Windows 10 VMs.
Comment 6 Dyweni 2023-08-19 03:44:56 UTC
edk2-stable202305 is the latest released.

https://github.com/tianocore/edk2/releases/tag/edk2-stable202305
Comment 7 Another Mortal 2023-08-26 13:57:59 UTC
Does this package have a maintainer?

The latest in-tree version sys-firmware/edk2-ovmf-202202 is not only OLD,
it has also started failing to build...
Comment 8 Larry the Git Cow gentoo-dev 2024-10-10 16:33:18 UTC
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=261679779725bee6e18de4b66f0674796a2d1278

commit 261679779725bee6e18de4b66f0674796a2d1278
Author:     James Le Cuirot <chewi@gentoo.org>
AuthorDate: 2024-09-25 13:50:28 +0000
Commit:     James Le Cuirot <chewi@gentoo.org>
CommitDate: 2024-10-10 16:29:35 +0000

    sys-firmware/edk2: Bump to 202408, Python 3.13, many other improvements
    
    The ebuild has been largely rewritten. It now:
    
    * Respects CC, CXX, and flags when building the base tools.
    * Doesn't use gcc/cc when building the firmware, enabling cross.
    * Prepares the ground for supporting platforms other than OVMF for x64.
    * Installs OVMF_VARS.secboot.fd prepared with virt-fw-vars.
    * Includes the latest UEFI DBX update in OVMF_VARS.secboot.fd.
    * Adds 4MB variants of the .fd images (in QCOW2 format).
    * Fixes network support broken by a recent bump.
    * Drops EnrollDefaultKeys.efi and UefiShell.img
      The enrollment tool hasn't actually worked for a while and is no longer needed
      now that we provide OVMF_VARS.secboot.fd. UefiShell.img is therefore of little
      use, and other distros now provide UefiShell.iso instead anyway. We can do the
      same if there is sufficient interest.
    
    This moves us closer to Fedora, but they ship far more variants. They
    have a large Python wrapper around upstream's build system, which is
    unusual in itself. Building all these would make the ebuild much more
    complex, take a long time, and use up more disk space. Perhaps USE flags
    could help here, but I'm not sure what all these variants are for.
    
    I also decided to install to paths based on upstream's names, e.g.
    edk2/ArmVirtQemu-AARCH64 as opposed to Fedora's edk2/aarch64 because
    mixing QEMU with Xen and others would be confusing when there are many
    similarly named files, even within a single architecture.
    
    Closes: https://bugs.gentoo.org/891191
    Closes: https://bugs.gentoo.org/921819
    Closes: https://bugs.gentoo.org/929838
    Signed-off-by: James Le Cuirot <chewi@gentoo.org>

 sys-firmware/edk2/Manifest                         |   4 +
 sys-firmware/edk2/edk2-202408.ebuild               | 255 +++++++++++++++++++++
 .../30-edk2-ovmf-4m-qcow2-x64-sb-enrolled.json     |  36 +++
 .../31-edk2-ovmf-2m-raw-x64-sb-enrolled.json       |  36 +++
 .../descriptors/40-edk2-ovmf-4m-qcow2-x64-sb.json  |  35 +++
 .../descriptors/41-edk2-ovmf-2m-raw-x64-sb.json    |  35 +++
 .../50-edk2-ovmf-4m-qcow2-x64-nosb.json            |  36 +++
 .../descriptors/51-edk2-ovmf-2m-raw-x64-nosb.json  |  36 +++
 8 files changed, 473 insertions(+)