GNU bug report logs - #68286
ovmf does not contain secureboot firmware

Previous Next

Package: guix;

Reported by: Tomas Volf <~@wolfsden.cz>

Date: Sat, 6 Jan 2024 13:46:01 UTC

Severity: normal

To reply to this bug, email your comments to 68286 AT debbugs.gnu.org.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-guix <at> gnu.org:
bug#68286; Package guix. (Sat, 06 Jan 2024 13:46:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Tomas Volf <~@wolfsden.cz>:
New bug report received and forwarded. Copy sent to bug-guix <at> gnu.org. (Sat, 06 Jan 2024 13:46:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Tomas Volf <~@wolfsden.cz>
To: bug-guix <at> gnu.org
Subject: ovmf does not contain secureboot firmware
Date: Sat, 6 Jan 2024 14:45:17 +0100

[Message part 1 (text/plain, inline)]
Hello,

looking at the ovmf package, is seems that it does not contain files required
for secureboot.  When I compare what Archlinux ships:

    usr/share/edk2/ia32/OVMF.4m.fd
    usr/share/edk2/ia32/OVMF.fd
    usr/share/edk2/ia32/OVMF_CODE.4m.fd
    usr/share/edk2/ia32/OVMF_CODE.csm.4m.fd
    usr/share/edk2/ia32/OVMF_CODE.csm.fd
    usr/share/edk2/ia32/OVMF_CODE.fd
    usr/share/edk2/ia32/OVMF_CODE.secboot.4m.fd
    usr/share/edk2/ia32/OVMF_CODE.secboot.fd
    usr/share/edk2/ia32/OVMF_VARS.4m.fd
    usr/share/edk2/ia32/OVMF_VARS.fd
    usr/share/edk2/x64/
    usr/share/edk2/x64/MICROVM.4m.fd
    usr/share/edk2/x64/MICROVM.fd
    usr/share/edk2/x64/OVMF.4m.fd
    usr/share/edk2/x64/OVMF.fd
    usr/share/edk2/x64/OVMF_CODE.4m.fd
    usr/share/edk2/x64/OVMF_CODE.csm.4m.fd
    usr/share/edk2/x64/OVMF_CODE.csm.fd
    usr/share/edk2/x64/OVMF_CODE.fd
    usr/share/edk2/x64/OVMF_CODE.secboot.4m.fd
    usr/share/edk2/x64/OVMF_CODE.secboot.fd
    usr/share/edk2/x64/OVMF_VARS.4m.fd
    usr/share/edk2/x64/OVMF_VARS.fd

with what we do:

    /gnu/store/nqv29p1kz1lwc6g3rifyi5mrapcx97wf-ovmf-202308/share/firmware/ovmf_code_ia32.bin
    /gnu/store/nqv29p1kz1lwc6g3rifyi5mrapcx97wf-ovmf-202308/share/firmware/ovmf_code_x64.bin
    /gnu/store/nqv29p1kz1lwc6g3rifyi5mrapcx97wf-ovmf-202308/share/firmware/ovmf_ia32.bin
    /gnu/store/nqv29p1kz1lwc6g3rifyi5mrapcx97wf-ovmf-202308/share/firmware/ovmf_vars_ia32.bin
    /gnu/store/nqv29p1kz1lwc6g3rifyi5mrapcx97wf-ovmf-202308/share/firmware/ovmf_vars_x64.bin
    /gnu/store/nqv29p1kz1lwc6g3rifyi5mrapcx97wf-ovmf-202308/share/firmware/ovmf_x64.bin

There seem to be some files missing.  The secboot would be useful, but the csm
might be as well.

I tried to make a patch to build multiple firmwares, however due to how other
packages inherit from it, it was quite messy.  I wonder if having just a single
ovmf package would simplify things. The size bloat from merging them
seems... negligible.  At least for the QEMU use case.

Have a nice day,
Tomas Volf

--
There are only two hard things in Computer Science:
cache invalidation, naming things and off-by-one errors.

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 1 year and 161 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.