edk2: Deprecate hvloader; introduce edk2-hvloader (#10221)

2024-08-26 14:43:37 -07:00 · 2024-08-26 14:43:37 -07:00 · 34254ef77a
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@ -62,7 +62,6 @@
 /SPECS/virtiofsd/* @microsoft/cbl-mariner-kata-containers

 /SPECS/cloud-hypervisor-cvm/* @microsoft/cbl-mariner-kata-containers
-/SPECS/hvloader/* @microsoft/cbl-mariner-kata-containers

 /SPECS/cloud-init/* @microsoft/cbl-mariner-provisioning
 /SPECS/walinuxagent/* @microsoft/cbl-mariner-provisioning
--- a/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md
+++ b/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md
--- a/LICENSES-AND-NOTICES/SPECS/data/licenses.json
+++ b/LICENSES-AND-NOTICES/SPECS/data/licenses.json
@ -2231,7 +2231,6 @@
                "GSL",
                "gtk-update-icon-cache",
                "helm",
-                "hvloader",
                "ig",
                "intel-pf-bb-config",
                "ivykis",
--- a/SPECS/edk2/edk2.signatures.json
+++ b/SPECS/edk2/edk2.signatures.json
@ -28,9 +28,11 @@
  "edk2-build.py": "b4be60833465d372662ac4f1f89f40b9c65d59fb17f7716059f980503069ddb7",
  "edk2-build.rhel-9": "477723037cadf03fa15756de563995cc556ccf84d9a4ba059ea37c97c3a0e3e7",
  "edk2-platforms-a912d9fcf7d1.tar.xz": "dc2c8a0eb131ccba28f52c83d14617cae049ddd466f98a8cd229215051b9754a",
+  "hvloader-286f1c642ed624af2c7840fbca7923497891fe68.tar.gz": "4e0a15cfab98a89a0a93f747df876ea3ee5366c3ffbd158c28e296bf52c7dfba",
+  "hvloader-target.txt": "fcf4f427d3b80e67296be2a1d17ec124d65f673d4f6ea37d238f8d3fc1ddc4b8",
  "jansson-2.13.1.tar.bz2": "ee90a0f879d2b7b7159124ff22b937a2a9a8c36d3bb65d1da7dd3f04370a10bd",
  "openssl-rhel-db0287935122edceb91dcda8dfb53b4090734e22.tar.xz": "9fcc5b49513d6ae21c7ddc3d1bbb1f8973cfbe76f2392d10106a8cd435e3eb47",
  "ovmf-whitepaper-c770f8c.txt": "842518adadaa837914dbb13a6628002fb7f7acca107c6d6f41815b399dc9f8b8",
  "softfloat-20180726-gitb64af41.tar.xz": "c7f2172357ca3022621b9464fd92bf2b462256bda3e019bf9a669fa6b5aeea91"
 }
-}
+}
--- a/SPECS/edk2/edk2.spec
+++ b/SPECS/edk2/edk2.spec
@ -39,6 +39,9 @@ ExclusiveArch: x86_64

 %define DBXDATE        20230509

+%define HVLOADER_VER    1.0.1
+%define HVLOADER_COMMIT 286f1c642ed624af2c7840fbca7923497891fe68
+
 %define build_ovmf 1
 %define build_aarch64 0
 %define build_riscv64 0
@ -52,7 +55,7 @@ ExclusiveArch: x86_64

 Name:       edk2
 Version:    %{GITDATE}git%{GITCOMMIT}
-Release:    1%{?dist}
+Release:    2%{?dist}
 Summary:    UEFI firmware for 64-bit virtual machines
 License:    Apache-2.0 AND (BSD-2-Clause OR GPL-2.0-or-later) AND BSD-2-Clause-Patent AND BSD-3-Clause AND BSD-4-Clause AND ISC AND MIT AND LicenseRef-Fedora-Public-Domain
 URL:        http://www.tianocore.org
@ -68,6 +71,8 @@ Source3: softfloat-%{softfloat_version}.tar.xz
 Source4: edk2-platforms-%{PLATFORMS_COMMIT}.tar.xz
 Source5: jansson-2.13.1.tar.bz2
 Source6: README.experimental
+Source7: hvloader-%{HVLOADER_COMMIT}.tar.gz
+Source8: hvloader-target.txt

 # json description files
 Source10: 50-edk2-aarch64-qcow2.json
@ -305,6 +310,18 @@ This package provides tools that are needed to build EFI executables
 and ROMs using the GNU tools.  You do not need to install this package;
 you probably want to install edk2-tools only.

+%package hvloader
+Summary:        Loader binary for loading type 1 hypervisors under Linux.
+Requires:       python3
+
+%description hvloader
+HvLoader.efi is an EFI application for loading an external hypervisor loader.
+
+HvLoader.efi loads a given hypervisor loader binary (DLL, EFI, etc.), and 
+calls it's entry point passing HvLoader.efi ImageHandle. This way the 
+hypervisor loader binary has access to HvLoader.efi's command line options,
+and use those as configuration parameters. The first HvLoader.efi command line
+option is the path to hypervisor loader binary.


 %prep
@ -330,6 +347,7 @@ tar -xf %{SOURCE3} --strip-components=1 --directory ArmPkg/Library/ArmSoftFloatL
 tar -xf %{SOURCE4} --strip-components=1 --wildcards "*/Drivers" "*/Features" "*/Platform" "*/Silicon"
 mkdir -p RedfishPkg/Library/JsonLib/jansson
 tar -xf %{SOURCE5} --strip-components=1 --directory RedfishPkg/Library/JsonLib/jansson
+
 # include paths pointing to unused submodules
 mkdir -p MdePkg/Library/MipiSysTLib/mipisyst/library/include
 mkdir -p CryptoPkg/Library/MbedTlsLib/mbedtls/include
@ -353,6 +371,10 @@ cp -a -- \
   %{SOURCE90} %{SOURCE91} \
   .

+# extract hvloader source into place
+tar -xf %{SOURCE7} --directory MdeModulePkg/Application
+sed -i '/MdeModulePkg\/Application\/HelloWorld\/HelloWorld.inf/a \ \ MdeModulePkg\/Application\/HvLoader-%{HVLOADER_VER}/HvLoader.inf' MdeModulePkg/MdeModulePkg.dsc
+
 %build

 chmod +x ./edk2-build.py
@ -475,6 +497,11 @@ for raw in */riscv/*.raw; do
 done
 %endif

+source ./edksetup.sh
+make -C BaseTools
+cp %{SOURCE8} Conf/target.txt
+build -p MdeModulePkg/MdeModulePkg.dsc -m MdeModulePkg/Application/HvLoader-%{HVLOADER_VER}/HvLoader.inf
+
 %install

 cp -a OvmfPkg/License.txt License.OvmfPkg.txt
@ -573,6 +600,9 @@ done
 %py_byte_compile %{python3} %{buildroot}%{_datadir}/edk2/Python
 %endif

+mkdir -p %{buildroot}/boot/efi
+cp ./Build/MdeModule/RELEASE_GCC5/X64/MdeModulePkg/Application/HvLoader-%{HVLOADER_VER}/HvLoader/OUTPUT/HvLoader.efi %{buildroot}/boot/efi
+
 %check
 for file in %{buildroot}%{_datadir}/%{name}/*/*VARS.secboot.fd; do
    test -f "$file" || continue
@ -749,7 +779,13 @@ done
 %dir %{_datadir}/%{name}
 %{_datadir}/%{name}/Python

+%files hvloader
+/boot/efi/HvLoader.efi
+
 %changelog
+* Wed Aug 21 2024 Cameron Baird <cameronbaird@microsoft.com> - 20240524git3e722403cd16-2
+- Introduce edk2-hvloader subpackage
+
 * Tue Jul 30 2024 Betty Lakes <bettylakes@microsoft.com> - 20240524git3e722403cd16-1
 - Upgrade to 20240524git3e722403cd16 to fix CVE-2023-45236, CVE-2023-45237

--- a/SPECS/edk2/hvloader-target.txt
+++ b/SPECS/edk2/hvloader-target.txt
--- a/SPECS/hvloader/hvloader.signatures.json
+++ b/SPECS/hvloader/hvloader.signatures.json
@ -1,7 +0,0 @@
-{
- "Signatures": {
-  "edk2-stable202405-submodules.tar.gz": "aa9ef0f245b006c3e2cb069cf3356d3e8942b41b9d6cda5349be265548b15e5f",
-  "hvloader-1.0.1.tar.gz": "4e0a15cfab98a89a0a93f747df876ea3ee5366c3ffbd158c28e296bf52c7dfba",
-  "target-x86.txt": "fcf4f427d3b80e67296be2a1d17ec124d65f673d4f6ea37d238f8d3fc1ddc4b8"
- }
-}
--- a/SPECS/hvloader/hvloader.spec
+++ b/SPECS/hvloader/hvloader.spec
@ -1,77 +0,0 @@
-%define  debug_package %{nil}
-%define  name_github   HvLoader
-%define  edk2_tag      edk2-stable202405
-Summary:        HvLoader.efi is an EFI application for loading an external hypervisor loader.
-Name:           hvloader
-Version:        1.0.1
-Release:        5%{?dist}
-License:        MIT
-Vendor:         Microsoft Corporation
-Distribution:   Azure Linux
-Group:          Applications/System
-URL:            https://github.com/microsoft/HvLoader
-Source0:        https://github.com/microsoft/HvLoader/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
-# Instructions to generate edk2 submodules: https://github.com/tianocore/edk2/tree/edk2-stable202405?tab=readme-ov-file#submodules
-Source1:        https://github.com/tianocore/edk2/archive/refs/tags/%{edk2_tag}.tar.gz#/%{edk2_tag}-submodules.tar.gz
-Source2:        target-x86.txt
-BuildRequires:  bc
-BuildRequires:  gcc
-BuildRequires:  build-essential
-BuildRequires:  gcc-c++
-BuildRequires:  genisoimage
-BuildRequires:  acpica-tools
-BuildRequires:  libuuid-devel
-BuildRequires:  nasm
-BuildRequires:  python3
-BuildRequires:  python3-devel
-ExclusiveArch:  x86_64
-
-%description
-HvLoader.efi is an EFI application for loading an external hypervisor loader.
-
-HvLoader.efi loads a given hypervisor loader binary (DLL, EFI, etc.), and 
-calls it's entry point passing HvLoader.efi ImageHandle. This way the 
-hypervisor loader binary has access to HvLoader.efi's command line options,
-and use those as configuration parameters. The first HvLoader.efi command line
-option is the path to hypervisor loader binary.
-
-%prep
-%autosetup -a 0 -a 1 -c "%{name}-%{version}"
-set -x
-ls -l
-mv %{name_github}-%{version} MdeModulePkg/Application
-
-%build
-export EDK_TOOLS_PATH=$(pwd)/BaseTools
-source ./edksetup.sh
-make -C BaseTools
-sed -i '/MdeModulePkg\/Application\/HelloWorld\/HelloWorld.inf/a \ \ MdeModulePkg\/Application\/%{name_github}-%{version}/HvLoader.inf' MdeModulePkg/MdeModulePkg.dsc
-cp %{SOURCE2} Conf/target.txt
-build -p MdeModulePkg/MdeModulePkg.dsc -m MdeModulePkg/Application/%{name_github}-%{version}/HvLoader.inf
-
-%install
-mkdir -p %{buildroot}/boot/efi
-cp ./Build/MdeModule/RELEASE_GCC5/X64/MdeModulePkg/Application/%{name_github}-%{version}/%{name_github}/OUTPUT/HvLoader.efi %{buildroot}/boot/efi
-
-%files
-%license MdeModulePkg/Application/%{name_github}-%{version}/LICENSE
-/boot/efi/HvLoader.efi
-
-%changelog
-* Thu Jul 25 2024 Betty Lakes <bettylakes@microsoft.com> - 1.0.1-5
- Update edk2_tag to edk2-stable202405 to fix CVE-2022-36763, CVE-2022-36764, CVE-2022-36765, CVE-2023-45230, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237
- Remove CVE-2024-1298 and CVE-2023-0464 patches, since they were fixed in version edk2-stable202405
-
-* Fri Jul 12 2024 Archana Choudhary <archana1@microsoft.com> - 1.0.1-4
- Add patch to resolve CVE-2023-0464
-
-* Fri Jul 12 2024 Archana Choudhary <archana1@microsoft.com> - 1.0.1-3
- Add patch to resolve CVE-2024-1298
-
-* Wed Jun 05 2024 Chris Co <chrco@microsoft.com> - 1.0.1-2
- Update edk2_tag to edk2-stable202305
-
-* Tue May 02 2023 Cameron Baird <cameronbaird@microsoft.com> - 1.0.1-1
- Add hvloader.spec
- License verified
- Original version for CBL-Mariner