edk2: Deprecate hvloader; introduce edk2-hvloader (#10221)

2024-08-26 14:43:37 -07:00 · 2024-08-26 14:43:37 -07:00 · 34254ef77a
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@ -62,7 +62,6 @@
 /SPECS/virtiofsd/* @microsoft/cbl-mariner-kata-containers
 /SPECS/cloud-hypervisor-cvm/* @microsoft/cbl-mariner-kata-containers
 /SPECS/hvloader/* @microsoft/cbl-mariner-kata-containers
 /SPECS/cloud-init/* @microsoft/cbl-mariner-provisioning
 /SPECS/walinuxagent/* @microsoft/cbl-mariner-provisioning
--- a/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md
+++ b/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md
--- a/LICENSES-AND-NOTICES/SPECS/data/licenses.json
+++ b/LICENSES-AND-NOTICES/SPECS/data/licenses.json
@ -2231,7 +2231,6 @@
                "GSL",
                "gtk-update-icon-cache",
                "helm",
                "hvloader",
                "ig",
                "intel-pf-bb-config",
                "ivykis",
--- a/SPECS/edk2/edk2.signatures.json
+++ b/SPECS/edk2/edk2.signatures.json
@ -28,9 +28,11 @@
  "edk2-build.py": "b4be60833465d372662ac4f1f89f40b9c65d59fb17f7716059f980503069ddb7",
  "edk2-build.rhel-9": "477723037cadf03fa15756de563995cc556ccf84d9a4ba059ea37c97c3a0e3e7",
  "edk2-platforms-a912d9fcf7d1.tar.xz": "dc2c8a0eb131ccba28f52c83d14617cae049ddd466f98a8cd229215051b9754a",
  "hvloader-286f1c642ed624af2c7840fbca7923497891fe68.tar.gz": "4e0a15cfab98a89a0a93f747df876ea3ee5366c3ffbd158c28e296bf52c7dfba",
  "hvloader-target.txt": "fcf4f427d3b80e67296be2a1d17ec124d65f673d4f6ea37d238f8d3fc1ddc4b8",
  "jansson-2.13.1.tar.bz2": "ee90a0f879d2b7b7159124ff22b937a2a9a8c36d3bb65d1da7dd3f04370a10bd",
  "openssl-rhel-db0287935122edceb91dcda8dfb53b4090734e22.tar.xz": "9fcc5b49513d6ae21c7ddc3d1bbb1f8973cfbe76f2392d10106a8cd435e3eb47",
  "ovmf-whitepaper-c770f8c.txt": "842518adadaa837914dbb13a6628002fb7f7acca107c6d6f41815b399dc9f8b8",
  "softfloat-20180726-gitb64af41.tar.xz": "c7f2172357ca3022621b9464fd92bf2b462256bda3e019bf9a669fa6b5aeea91"
 }
-}
+}
--- a/SPECS/edk2/edk2.spec
+++ b/SPECS/edk2/edk2.spec
@ -39,6 +39,9 @@ ExclusiveArch: x86_64
 %define DBXDATE        20230509
 %define HVLOADER_VER    1.0.1
 %define HVLOADER_COMMIT 286f1c642ed624af2c7840fbca7923497891fe68
 %define build_ovmf 1
 %define build_aarch64 0
 %define build_riscv64 0
@ -52,7 +55,7 @@ ExclusiveArch: x86_64
 Name:       edk2
 Version:    %{GITDATE}git%{GITCOMMIT}
-Release:    1%{?dist}
+Release:    2%{?dist}
 Summary:    UEFI firmware for 64-bit virtual machines
 License:    Apache-2.0 AND (BSD-2-Clause OR GPL-2.0-or-later) AND BSD-2-Clause-Patent AND BSD-3-Clause AND BSD-4-Clause AND ISC AND MIT AND LicenseRef-Fedora-Public-Domain
 URL:        http://www.tianocore.org
@ -68,6 +71,8 @@ Source3: softfloat-%{softfloat_version}.tar.xz
 Source4: edk2-platforms-%{PLATFORMS_COMMIT}.tar.xz
 Source5: jansson-2.13.1.tar.bz2
 Source6: README.experimental
 Source7: hvloader-%{HVLOADER_COMMIT}.tar.gz
 Source8: hvloader-target.txt
 # json description files
 Source10: 50-edk2-aarch64-qcow2.json
@ -305,6 +310,18 @@ This package provides tools that are needed to build EFI executables
 and ROMs using the GNU tools.  You do not need to install this package;
 you probably want to install edk2-tools only.
 %package hvloader
 Summary:        Loader binary for loading type 1 hypervisors under Linux.
 Requires:       python3
 %description hvloader
 HvLoader.efi is an EFI application for loading an external hypervisor loader.
 HvLoader.efi loads a given hypervisor loader binary (DLL, EFI, etc.), and 
 calls it's entry point passing HvLoader.efi ImageHandle. This way the 
 hypervisor loader binary has access to HvLoader.efi's command line options,
 and use those as configuration parameters. The first HvLoader.efi command line
 option is the path to hypervisor loader binary.
 %prep
@ -330,6 +347,7 @@ tar -xf %{SOURCE3} --strip-components=1 --directory ArmPkg/Library/ArmSoftFloatL
 tar -xf %{SOURCE4} --strip-components=1 --wildcards "*/Drivers" "*/Features" "*/Platform" "*/Silicon"
 mkdir -p RedfishPkg/Library/JsonLib/jansson
 tar -xf %{SOURCE5} --strip-components=1 --directory RedfishPkg/Library/JsonLib/jansson
 # include paths pointing to unused submodules
 mkdir -p MdePkg/Library/MipiSysTLib/mipisyst/library/include
 mkdir -p CryptoPkg/Library/MbedTlsLib/mbedtls/include
@ -353,6 +371,10 @@ cp -a -- \
   %{SOURCE90} %{SOURCE91} \
   .
 # extract hvloader source into place
 tar -xf %{SOURCE7} --directory MdeModulePkg/Application
 sed -i '/MdeModulePkg\/Application\/HelloWorld\/HelloWorld.inf/a \ \ MdeModulePkg\/Application\/HvLoader-%{HVLOADER_VER}/HvLoader.inf' MdeModulePkg/MdeModulePkg.dsc
 %build
 chmod +x ./edk2-build.py
@ -475,6 +497,11 @@ for raw in */riscv/*.raw; do
 done
 %endif
 source ./edksetup.sh
 make -C BaseTools
 cp %{SOURCE8} Conf/target.txt
 build -p MdeModulePkg/MdeModulePkg.dsc -m MdeModulePkg/Application/HvLoader-%{HVLOADER_VER}/HvLoader.inf
 %install
 cp -a OvmfPkg/License.txt License.OvmfPkg.txt
@ -573,6 +600,9 @@ done
 %py_byte_compile %{python3} %{buildroot}%{_datadir}/edk2/Python
 %endif
 mkdir -p %{buildroot}/boot/efi
 cp ./Build/MdeModule/RELEASE_GCC5/X64/MdeModulePkg/Application/HvLoader-%{HVLOADER_VER}/HvLoader/OUTPUT/HvLoader.efi %{buildroot}/boot/efi
 %check
 for file in %{buildroot}%{_datadir}/%{name}/*/*VARS.secboot.fd; do
    test -f "$file" || continue
@ -749,7 +779,13 @@ done
 %dir %{_datadir}/%{name}
 %{_datadir}/%{name}/Python
 %files hvloader
 /boot/efi/HvLoader.efi
 %changelog
 * Wed Aug 21 2024 Cameron Baird <cameronbaird@microsoft.com> - 20240524git3e722403cd16-2
 - Introduce edk2-hvloader subpackage
 * Tue Jul 30 2024 Betty Lakes <bettylakes@microsoft.com> - 20240524git3e722403cd16-1
 - Upgrade to 20240524git3e722403cd16 to fix CVE-2023-45236, CVE-2023-45237
--- a/SPECS/edk2/hvloader-target.txt
+++ b/SPECS/edk2/hvloader-target.txt
--- a/SPECS/hvloader/hvloader.signatures.json
+++ b/SPECS/hvloader/hvloader.signatures.json
@ -1,7 +0,0 @@
 {
 "Signatures": {
  "edk2-stable202405-submodules.tar.gz": "aa9ef0f245b006c3e2cb069cf3356d3e8942b41b9d6cda5349be265548b15e5f",
  "hvloader-1.0.1.tar.gz": "4e0a15cfab98a89a0a93f747df876ea3ee5366c3ffbd158c28e296bf52c7dfba",
  "target-x86.txt": "fcf4f427d3b80e67296be2a1d17ec124d65f673d4f6ea37d238f8d3fc1ddc4b8"
 }
 }
--- a/SPECS/hvloader/hvloader.spec
+++ b/SPECS/hvloader/hvloader.spec
@ -1,77 +0,0 @@
 %define  debug_package %{nil}
 %define  name_github   HvLoader
 %define  edk2_tag      edk2-stable202405
 Summary:        HvLoader.efi is an EFI application for loading an external hypervisor loader.
 Name:           hvloader
 Version:        1.0.1
 Release:        5%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 Group:          Applications/System
 URL:            https://github.com/microsoft/HvLoader
 Source0:        https://github.com/microsoft/HvLoader/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
 # Instructions to generate edk2 submodules: https://github.com/tianocore/edk2/tree/edk2-stable202405?tab=readme-ov-file#submodules
 Source1:        https://github.com/tianocore/edk2/archive/refs/tags/%{edk2_tag}.tar.gz#/%{edk2_tag}-submodules.tar.gz
 Source2:        target-x86.txt
 BuildRequires:  bc
 BuildRequires:  gcc
 BuildRequires:  build-essential
 BuildRequires:  gcc-c++
 BuildRequires:  genisoimage
 BuildRequires:  acpica-tools
 BuildRequires:  libuuid-devel
 BuildRequires:  nasm
 BuildRequires:  python3
 BuildRequires:  python3-devel
 ExclusiveArch:  x86_64
 %description
 HvLoader.efi is an EFI application for loading an external hypervisor loader.
 HvLoader.efi loads a given hypervisor loader binary (DLL, EFI, etc.), and 
 calls it's entry point passing HvLoader.efi ImageHandle. This way the 
 hypervisor loader binary has access to HvLoader.efi's command line options,
 and use those as configuration parameters. The first HvLoader.efi command line
 option is the path to hypervisor loader binary.
 %prep
 %autosetup -a 0 -a 1 -c "%{name}-%{version}"
 set -x
 ls -l
 mv %{name_github}-%{version} MdeModulePkg/Application
 %build
 export EDK_TOOLS_PATH=$(pwd)/BaseTools
 source ./edksetup.sh
 make -C BaseTools
 sed -i '/MdeModulePkg\/Application\/HelloWorld\/HelloWorld.inf/a \ \ MdeModulePkg\/Application\/%{name_github}-%{version}/HvLoader.inf' MdeModulePkg/MdeModulePkg.dsc
 cp %{SOURCE2} Conf/target.txt
 build -p MdeModulePkg/MdeModulePkg.dsc -m MdeModulePkg/Application/%{name_github}-%{version}/HvLoader.inf
 %install
 mkdir -p %{buildroot}/boot/efi
 cp ./Build/MdeModule/RELEASE_GCC5/X64/MdeModulePkg/Application/%{name_github}-%{version}/%{name_github}/OUTPUT/HvLoader.efi %{buildroot}/boot/efi
 %files
 %license MdeModulePkg/Application/%{name_github}-%{version}/LICENSE
 /boot/efi/HvLoader.efi
 %changelog
 * Thu Jul 25 2024 Betty Lakes <bettylakes@microsoft.com> - 1.0.1-5
 - Update edk2_tag to edk2-stable202405 to fix CVE-2022-36763, CVE-2022-36764, CVE-2022-36765, CVE-2023-45230, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237
 - Remove CVE-2024-1298 and CVE-2023-0464 patches, since they were fixed in version edk2-stable202405
 * Fri Jul 12 2024 Archana Choudhary <archana1@microsoft.com> - 1.0.1-4
 - Add patch to resolve CVE-2023-0464
 * Fri Jul 12 2024 Archana Choudhary <archana1@microsoft.com> - 1.0.1-3
 - Add patch to resolve CVE-2024-1298
 * Wed Jun 05 2024 Chris Co <chrco@microsoft.com> - 1.0.1-2
 - Update edk2_tag to edk2-stable202305
 * Tue May 02 2023 Cameron Baird <cameronbaird@microsoft.com> - 1.0.1-1
 - Add hvloader.spec
 - License verified
 - Original version for CBL-Mariner