[pve-devel] [PATCH edk2-firmware 2/4] Add firmware target for TDFV
Anton Iacobaeus
anton.iacobaeus at canarybit.eu
Tue Sep 16 09:52:47 CEST 2025
From: Philipp Giersfeld <philipp.giersfeld at canarybit.eu>
TDVF enables UEFI support for TDX virtual machines. Add a build target
to build TDFV in Config-B (https://github.com/tianocore/edk2/tree/master/OvmfPkg/IntelTdx#configurations-and-features)
Signed-off-by: Philipp Giersfeld <philipp.giersfeld at canarybit.eu>
Signed-off-by: Anton Iacobaeus <anton.iacobaeus at canarybit.eu>
---
debian/pve-edk2-firmware-ovmf.install | 1 +
debian/rules | 23 +++++++++++++++++++++--
2 files changed, 22 insertions(+), 2 deletions(-)
diff --git a/debian/pve-edk2-firmware-ovmf.install b/debian/pve-edk2-firmware-ovmf.install
index 981ac27..2218656 100644
--- a/debian/pve-edk2-firmware-ovmf.install
+++ b/debian/pve-edk2-firmware-ovmf.install
@@ -3,6 +3,7 @@ debian/ovmf-install/OVMF_VARS*.fd /usr/share/pve-edk2-firmware
debian/ovmf-sev-install/OVMF_SEV_CODE*.fd /usr/share/pve-edk2-firmware
debian/ovmf-sev-install/OVMF_SEV_VARS*.fd /usr/share/pve-edk2-firmware
debian/ovmf-sev-install/OVMF_SEV_4M.fd /usr/share/pve-edk2-firmware
+debian/ovmf-tdx-install/OVMF_TDX_4M.fd /usr/share/pve-edk2-firmware
debian/ovmf32-install/OVMF32_CODE*.fd /usr/share/pve-edk2-firmware
debian/ovmf32-install/OVMF32_VARS*.fd /usr/share/pve-edk2-firmware
debian/PkKek-1-snakeoil.* /usr/share/pve-edk2-firmware
diff --git a/debian/rules b/debian/rules
index 3309d4d..fce0f8f 100755
--- a/debian/rules
+++ b/debian/rules
@@ -38,6 +38,7 @@ OVMF_4M_SMM_FLAGS = $(OVMF_4M_FLAGS) -DSMM_REQUIRE=TRUE
OVMF32_4M_FLAGS = $(OVMF_COMMON_FLAGS) -DFD_SIZE_4MB
OVMF32_4M_SMM_FLAGS = $(OVMF32_4M_FLAGS) -DSMM_REQUIRE=TRUE
OVMF_SEV_4M_FLAGS = $(OVMF_4M_FLAGS)
+OVMF_TDX_4M_FLAGS = $(OVMF_4M_FLAGS)
AAVMF_FLAGS = $(COMMON_FLAGS)
AAVMF_FLAGS += -DTPM2_ENABLE=TRUE
@@ -57,7 +58,7 @@ undefine CONF_PATH
%:
dh $@
-override_dh_auto_build: build-qemu-efi-aarch64 build-ovmf build-ovmf32 build-ovmf-sev build-qemu-efi-riscv64
+override_dh_auto_build: build-qemu-efi-aarch64 build-ovmf build-ovmf32 build-ovmf-sev build-ovmf-tdx build-qemu-efi-riscv64
debian/setup-build-stamp:
cp -a debian/Logo.bmp MdeModulePkg/Logo/Logo.bmp
@@ -86,6 +87,12 @@ OVMF_SEV_SHELL = $(OVMF_SEV_BUILD_DIR)/X64/Shell.efi
OVMF_SEV_BINARIES = $(OVMF_SEV_SHELL)
OVMF_SEV_IMAGES := $(addprefix $(OVMF_SEV_INSTALL_DIR)/,OVMF_SEV_CODE_4M.fd OVMF_SEV_VARS_4M.fd OVMF_SEV_4M.fd)
+OVMF_TDX_INSTALL_DIR = debian/ovmf-tdx-install
+OVMF_TDX_BUILD_DIR = Build/IntelTdx/$(BUILD_TYPE)_$(EDK2_TOOLCHAIN)
+OVMF_TDX_SHELL = $(OVMF_TDX_BUILD_DIR)/X64/Shell.efi
+OVMF_TDX_BINARIES = $(OVMF_TDX_SHELL)
+OVMF_TDX_IMAGES := $(addprefix $(OVMF_TDX_INSTALL_DIR)/,OVMF_TDX_4M.fd)
+
QEMU_EFI_BUILD_DIR = Build/ArmVirtQemu-$(EDK2_HOST_ARCH)/$(BUILD_TYPE)_$(EDK2_TOOLCHAIN)
AAVMF_BUILD_DIR = Build/ArmVirtQemu-AARCH64/$(BUILD_TYPE)_$(EDK2_TOOLCHAIN)
AAVMF_ENROLL = $(AAVMF_BUILD_DIR)/AARCH64/EnrollDefaultKeys.efi
@@ -130,6 +137,18 @@ $(OVMF_SEV_BINARIES) $(OVMF_SEV_IMAGES): debian/setup-build-stamp
cp $(OVMF_SEV_BUILD_DIR)/FV/OVMF.fd \
$(OVMF_SEV_INSTALL_DIR)/OVMF_SEV_4M.fd
+build-ovmf-tdx: $(OVMF_TDX_BINARIES) $(OVMF_TDX_IMAGES)
+$(OVMF_TDX_BINARIES) $(OVMF_TDX_IMAGES): debian/setup-build-stamp
+ rm -rf $(OVMF_TDX_INSTALL_DIR)
+ mkdir $(OVMF_TDX_INSTALL_DIR)
+ set -e; . ./edksetup.sh; \
+ build -a X64 \
+ -t $(EDK2_TOOLCHAIN) \
+ -p OvmfPkg/IntelTdx/IntelTdxX64.dsc \
+ $(OVMF_TDX_4M_FLAGS) -b $(BUILD_TYPE)
+ cp $(OVMF_TDX_BUILD_DIR)/FV/OVMF.fd \
+ $(OVMF_TDX_INSTALL_DIR)/OVMF_TDX_4M.fd
+
build-ovmf: $(OVMF_BINARIES) $(OVMF_IMAGES) $(OVMF_PREENROLLED_VARS)
$(OVMF_BINARIES) $(OVMF_IMAGES): debian/setup-build-stamp
rm -rf $(OVMF_INSTALL_DIR)
@@ -274,4 +293,4 @@ get-orig-source:
edk2-$(DEB_VERSION_UPSTREAM)
rm -rf edk2.tmp edk2-$(DEB_VERSION_UPSTREAM)
-.PHONY: build-ovmf build-ovmf32 build-ovmf-sev build-qemu-efi build-qemu-efi-aarch64 build-qemu-efi-riscv64
+.PHONY: build-ovmf build-ovmf32 build-ovmf-sev build-ovmf-tdx build-qemu-efi build-qemu-efi-aarch64 build-qemu-efi-riscv64
--
2.43.0
More information about the pve-devel
mailing list