From 8b4e5a3b8c3eabfbb94ab577529240b2e270efa7 Mon Sep 17 00:00:00 2001 From: Ross Burton Date: Tue, 16 Mar 2021 19:38:02 +0000 Subject: [PATCH] ovmf: make output binaries reproducible OVMF is mostly reproducible, but the final .efi binaries have a 'NM10' segment in that references the original input file, and this input file has the build path in. This can be solved by passing --zero to GenFw so that this segment is zero'd out in release builds. [ YOCTO #14264 ] Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --- meta/recipes-core/ovmf/ovmf/zero.patch | 84 ++++++++++++++++++++++++++ meta/recipes-core/ovmf/ovmf_git.bb | 1 + 2 files changed, 85 insertions(+) create mode 100644 meta/recipes-core/ovmf/ovmf/zero.patch diff --git a/meta/recipes-core/ovmf/ovmf/zero.patch b/meta/recipes-core/ovmf/ovmf/zero.patch new file mode 100644 index 0000000000..af7a9d31f6 --- /dev/null +++ b/meta/recipes-core/ovmf/ovmf/zero.patch @@ -0,0 +1,84 @@ +Pass --zero to GenFw in release builds so that the sections that link back to +the intermediate binaries (containing build paths) are removed. + +Upstream-Status: Pending (discussion at https://bugzilla.tianocore.org/show_bug.cgi?id=3256) +Signed-off-by: Ross Burton + +From 6303b065802c9427c718fda129360189b79316e7 Mon Sep 17 00:00:00 2001 +From: Ross Burton +Date: Tue, 16 Mar 2021 16:49:49 +0000 +Subject: [PATCH] Strip build paths + +--- + OvmfPkg/AmdSev/AmdSevX64.dsc | 1 + + OvmfPkg/Bhyve/BhyveX64.dsc | 1 + + OvmfPkg/OvmfPkgIa32.dsc | 2 ++ + OvmfPkg/OvmfPkgIa32X64.dsc | 1 + + OvmfPkg/OvmfPkgX64.dsc | 1 + + OvmfPkg/OvmfXen.dsc | 1 + + 6 files changed, 7 insertions(+) + +diff --git a/OvmfPkg/Bhyve/BhyveX64.dsc b/OvmfPkg/Bhyve/BhyveX64.dsc +index 4a1cdf5aca..132f55cf69 100644 +--- a/OvmfPkg/Bhyve/BhyveX64.dsc ++++ b/OvmfPkg/Bhyve/BhyveX64.dsc +@@ -76,6 +76,7 @@ + GCC:*_*_X64_GENFW_FLAGS = --keepexceptiontable + INTEL:*_*_X64_GENFW_FLAGS = --keepexceptiontable + !endif ++ RELEASE_*_*_GENFW_FLAGS = --zero + + # + # Disable deprecated APIs. +diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc +index 1eaf3e99c6..ce20f09df8 100644 +--- a/OvmfPkg/OvmfPkgIa32.dsc ++++ b/OvmfPkg/OvmfPkgIa32.dsc +@@ -90,6 +90,8 @@ + + !include NetworkPkg/NetworkBuildOptions.dsc.inc + ++ RELEASE_*_*_GENFW_FLAGS = --zero ++ + [BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER] + GCC:*_*_*_DLINK_FLAGS = -z common-page-size=0x1000 + XCODE:*_*_*_DLINK_FLAGS = -seg1addr 0x1000 -segalign 0x1000 +diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc +index 4a5a430147..97cc438250 100644 +--- a/OvmfPkg/OvmfPkgIa32X64.dsc ++++ b/OvmfPkg/OvmfPkgIa32X64.dsc +@@ -84,6 +84,7 @@ + GCC:*_*_X64_GENFW_FLAGS = --keepexceptiontable + INTEL:*_*_X64_GENFW_FLAGS = --keepexceptiontable + !endif ++ RELEASE_*_*_GENFW_FLAGS = --zero + + # + # Disable deprecated APIs. +diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc +index d4d601b444..f544fb04bf 100644 +--- a/OvmfPkg/OvmfPkgX64.dsc ++++ b/OvmfPkg/OvmfPkgX64.dsc +@@ -84,6 +84,7 @@ + GCC:*_*_X64_GENFW_FLAGS = --keepexceptiontable + INTEL:*_*_X64_GENFW_FLAGS = --keepexceptiontable + !endif ++ RELEASE_*_*_GENFW_FLAGS = --zero + + # + # Disable deprecated APIs. +diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc +index 507029404f..fcaa35acf1 100644 +--- a/OvmfPkg/OvmfXen.dsc ++++ b/OvmfPkg/OvmfXen.dsc +@@ -74,6 +74,7 @@ + GCC:*_*_X64_GENFW_FLAGS = --keepexceptiontable + INTEL:*_*_X64_GENFW_FLAGS = --keepexceptiontable + !endif ++ RELEASE_*_*_GENFW_FLAGS = --zero + + # + # Disable deprecated APIs. +-- +2.25.1 + diff --git a/meta/recipes-core/ovmf/ovmf_git.bb b/meta/recipes-core/ovmf/ovmf_git.bb index 95ebbcc683..896b3b6320 100644 --- a/meta/recipes-core/ovmf/ovmf_git.bb +++ b/meta/recipes-core/ovmf/ovmf_git.bb @@ -16,6 +16,7 @@ SRC_URI = "gitsm://github.com/tianocore/edk2.git;branch=master;protocol=https \ file://0001-ovmf-update-path-to-native-BaseTools.patch \ file://0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch \ file://0004-ovmf-Update-to-latest.patch \ + file://zero.patch \ " PV = "edk2-stable202102" -- 2.40.1