nixpkgs/pkgs/applications/virtualization/OVMF/default.nix

{ stdenv, lib, edk2, nasm, iasl, seabios, openssl, secureBoot ? false }:

let

  targetArch = if stdenv.isi686 then
    "Ia32"
  else if stdenv.isx86_64 then
    "X64"
  else
    throw "Unsupported architecture";

  version = (builtins.parseDrvName edk2.name).version;

  src = edk2.src;
in

stdenv.mkDerivation (edk2.setup "OvmfPkg/OvmfPkg${targetArch}.dsc" {
  name = "OVMF-${version}";

  inherit src;

  outputs = [ "out" "fd" ];

  # TODO: properly include openssl for secureBoot
  buildInputs = [nasm iasl] ++ stdenv.lib.optionals (secureBoot == true) [ openssl ];

  hardeningDisable = [ "stackprotector" "pic" "fortify" ];

  unpackPhase = ''
    # $fd is overwritten during the build
    export OUTPUT_FD=$fd

    for file in \
      "${src}"/{UefiCpuPkg,MdeModulePkg,IntelFrameworkModulePkg,PcAtChipsetPkg,FatBinPkg,EdkShellBinPkg,MdePkg,ShellPkg,OptionRomPkg,IntelFrameworkPkg,FatPkg,CryptoPkg,SourceLevelDebugPkg};
    do
      ln -sv "$file" .
    done

    ${if seabios != null then ''
        cp -r ${src}/OvmfPkg .
        chmod +w OvmfPkg/Csm/Csm16
        cp ${seabios}/Csm16.bin OvmfPkg/Csm/Csm16/Csm16.bin
    '' else ''
        ln -sv ${src}/OvmfPkg .
    ''}

    ${lib.optionalString secureBoot ''
      ln -sv ${src}/SecurityPkg .
      ln -sv ${src}/CryptoPkg .
    ''}
  '';

  buildPhase = if seabios == null then ''
      build ${lib.optionalString secureBoot "-DSECURE_BOOT_ENABLE=TRUE"}
    '' else ''
      build -D CSM_ENABLE -D FD_SIZE_2MB ${lib.optionalString secureBoot "-DSECURE_BOOT_ENABLE=TRUE"}
    '';

  postFixup = ''
    mkdir -vp $OUTPUT_FD/FV
    mv -v $out/FV/OVMF{,_CODE,_VARS}.fd $OUTPUT_FD/FV
  '';

  dontPatchELF = true;

  meta = {
    description = "Sample UEFI firmware for QEMU and KVM";
    homepage = https://sourceforge.net/apps/mediawiki/tianocore/index.php?title=OVMF;
    license = stdenv.lib.licenses.bsd2;
    platforms = ["x86_64-linux" "i686-linux"];
  };
})
OVMF: Reformat a bit for readability - Use 'somePkg == null' instead of 'somePkg == false' which is more conventional in rest of Nixpkgs - Use lib.optionalString where applicable 2018-03-14 14:52:32 +01:00			`{ stdenv, lib, edk2, nasm, iasl, seabios, openssl, secureBoot ? false }:`
EDK2: Significant cleanup and modularization, and add OVMF as an example of how to use it svn path=/nixpkgs/trunk/; revision=33059 2012-03-14 07:57:58 +01:00
OVMF: Actually support i686 svn path=/nixpkgs/trunk/; revision=33060 2012-03-14 08:29:11 +01:00			`let`

			`targetArch = if stdenv.isi686 then`
			`"Ia32"`
			`else if stdenv.isx86_64 then`
			`"X64"`
			`else`
			`throw "Unsupported architecture";`

OVMF: get version number from edk2 OVMF is built from edk2 sources so that's where its version number comes from (logically). The edk2 version number is 2014-12-10, so this change only ensures the version numbers won't drift apart in the future. (There is no hash change.) 2017-04-22 11:57:23 +02:00			`version = (builtins.parseDrvName edk2.name).version;`
OVMF: add 'src' attribute No functional change, but allows getting the source via the standard attribute: `nix-build -A OVMF.src`. 2017-09-13 16:34:05 +02:00
			`src = edk2.src;`
OVMF: Actually support i686 svn path=/nixpkgs/trunk/; revision=33060 2012-03-14 08:29:11 +01:00			`in`

			`stdenv.mkDerivation (edk2.setup "OvmfPkg/OvmfPkg${targetArch}.dsc" {`
OVMF: get version number from edk2 OVMF is built from edk2 sources so that's where its version number comes from (logically). The edk2 version number is 2014-12-10, so this change only ensures the version numbers won't drift apart in the future. (There is no hash change.) 2017-04-22 11:57:23 +02:00			`name = "OVMF-${version}";`
EDK2: Significant cleanup and modularization, and add OVMF as an example of how to use it svn path=/nixpkgs/trunk/; revision=33059 2012-03-14 07:57:58 +01:00
OVMF: add 'src' attribute No functional change, but allows getting the source via the standard attribute: `nix-build -A OVMF.src`. 2017-09-13 16:34:05 +02:00			`inherit src;`

OVMF: separate output for ovmf binaries OVMF{,CODE,VARS}.fd are now available in a dedicated fd output, greatly reducing the closure in the common case where only those files are used (a few MBs versus several hundred MBs for the full OVMF). Note: it's unclear why `dontPatchELF` is now necessary for the build to pass (on my end, at any rate) but it doesn't make much sense to run this fixup anyway, Note: my reading of xen's INSTALL suggests that --with-system-ovmf should point directly to the OVMF binary. As such, the previous invocation was incorrect (it pointed to the root of the OVMF tree). In any case, I have only built xen with `--with-system-ovmf`, I have not tested it. Fixes https://github.com/NixOS/nixpkgs/issues/25854 Closes https://github.com/NixOS/nixpkgs/pull/25855 2017-05-18 12:46:14 +02:00			`outputs = [ "out" "fd" ];`

Update QEMU Nixos Virtual Machine The Nixos Qemu VM that are used for VM tests can now start without boot menu even when using a bootloader. The Nixos Qemu VM with bootloader can emulate a EFI boot now. 2015-01-26 21:13:31 +01:00			`# TODO: properly include openssl for secureBoot`
Revert "OVMF: build with gcc 4.8, I'm no idea what I'm doing (ZHF)" This reverts commit 0abe34e4543125f62ef3335fb3bc065e2df996db. 2015-07-22 11:58:02 +02:00			`buildInputs = [nasm iasl] ++ stdenv.lib.optionals (secureBoot == true) [ openssl ];`
Update QEMU Nixos Virtual Machine The Nixos Qemu VM that are used for VM tests can now start without boot menu even when using a bootloader. The Nixos Qemu VM with bootloader can emulate a EFI boot now. 2015-01-26 21:13:31 +01:00
Use general hardening flag toggle lists The following parameters are now available: * hardeningDisable To disable specific hardening flags * hardeningEnable To enable specific hardening flags Only the cc-wrapper supports this right now, but these may be reused by other wrappers, builders or setup hooks. cc-wrapper supports the following flags: * fortify * stackprotector * pie (disabled by default) * pic * strictoverflow * format * relro * bindnow 2016-02-26 18:38:15 +01:00			`hardeningDisable = [ "stackprotector" "pic" "fortify" ];`
OVMF: no stackprotector/pic/fortify hardening 2016-02-09 00:18:03 +01:00
OMVF: Only need some of the sources, and symlinks instead of copies are fine svn path=/nixpkgs/trunk/; revision=33090 2012-03-14 23:43:07 +01:00			`unpackPhase = ''`
OVMF: fix build $fd for the output was overwritten during the build 2017-05-29 12:20:05 +02:00			`# $fd is overwritten during the build`
			`export OUTPUT_FD=$fd`

OMVF: Only need some of the sources, and symlinks instead of copies are fine svn path=/nixpkgs/trunk/; revision=33090 2012-03-14 23:43:07 +01:00			`for file in \`
OVMF: add 'src' attribute No functional change, but allows getting the source via the standard attribute: `nix-build -A OVMF.src`. 2017-09-13 16:34:05 +02:00			`"${src}"/{UefiCpuPkg,MdeModulePkg,IntelFrameworkModulePkg,PcAtChipsetPkg,FatBinPkg,EdkShellBinPkg,MdePkg,ShellPkg,OptionRomPkg,IntelFrameworkPkg,FatPkg,CryptoPkg,SourceLevelDebugPkg};`
OMVF: Only need some of the sources, and symlinks instead of copies are fine svn path=/nixpkgs/trunk/; revision=33090 2012-03-14 23:43:07 +01:00			`do`
			`ln -sv "$file" .`
			`done`
Update QEMU Nixos Virtual Machine The Nixos Qemu VM that are used for VM tests can now start without boot menu even when using a bootloader. The Nixos Qemu VM with bootloader can emulate a EFI boot now. 2015-01-26 21:13:31 +01:00
OVMF: Reformat a bit for readability - Use 'somePkg == null' instead of 'somePkg == false' which is more conventional in rest of Nixpkgs - Use lib.optionalString where applicable 2018-03-14 14:52:32 +01:00			`${if seabios != null then ''`
OVMF: add 'src' attribute No functional change, but allows getting the source via the standard attribute: `nix-build -A OVMF.src`. 2017-09-13 16:34:05 +02:00			`cp -r ${src}/OvmfPkg .`
Update QEMU Nixos Virtual Machine The Nixos Qemu VM that are used for VM tests can now start without boot menu even when using a bootloader. The Nixos Qemu VM with bootloader can emulate a EFI boot now. 2015-01-26 21:13:31 +01:00			`chmod +w OvmfPkg/Csm/Csm16`
			`cp ${seabios}/Csm16.bin OvmfPkg/Csm/Csm16/Csm16.bin`
OVMF: Reformat a bit for readability - Use 'somePkg == null' instead of 'somePkg == false' which is more conventional in rest of Nixpkgs - Use lib.optionalString where applicable 2018-03-14 14:52:32 +01:00			`'' else ''`
			`ln -sv ${src}/OvmfPkg .`
			`''}`
Update QEMU Nixos Virtual Machine The Nixos Qemu VM that are used for VM tests can now start without boot menu even when using a bootloader. The Nixos Qemu VM with bootloader can emulate a EFI boot now. 2015-01-26 21:13:31 +01:00
OVMF: Reformat a bit for readability - Use 'somePkg == null' instead of 'somePkg == false' which is more conventional in rest of Nixpkgs - Use lib.optionalString where applicable 2018-03-14 14:52:32 +01:00			`${lib.optionalString secureBoot ''`
			`ln -sv ${src}/SecurityPkg .`
			`ln -sv ${src}/CryptoPkg .`
			`''}`
			`'';`
Update QEMU Nixos Virtual Machine The Nixos Qemu VM that are used for VM tests can now start without boot menu even when using a bootloader. The Nixos Qemu VM with bootloader can emulate a EFI boot now. 2015-01-26 21:13:31 +01:00
OVMF: Reformat a bit for readability - Use 'somePkg == null' instead of 'somePkg == false' which is more conventional in rest of Nixpkgs - Use lib.optionalString where applicable 2018-03-14 14:52:32 +01:00			`buildPhase = if seabios == null then ''`
			`build ${lib.optionalString secureBoot "-DSECURE_BOOT_ENABLE=TRUE"}`
Update QEMU Nixos Virtual Machine The Nixos Qemu VM that are used for VM tests can now start without boot menu even when using a bootloader. The Nixos Qemu VM with bootloader can emulate a EFI boot now. 2015-01-26 21:13:31 +01:00			`'' else ''`
OVMF: Reformat a bit for readability - Use 'somePkg == null' instead of 'somePkg == false' which is more conventional in rest of Nixpkgs - Use lib.optionalString where applicable 2018-03-14 14:52:32 +01:00			`build -D CSM_ENABLE -D FD_SIZE_2MB ${lib.optionalString secureBoot "-DSECURE_BOOT_ENABLE=TRUE"}`
Update QEMU Nixos Virtual Machine The Nixos Qemu VM that are used for VM tests can now start without boot menu even when using a bootloader. The Nixos Qemu VM with bootloader can emulate a EFI boot now. 2015-01-26 21:13:31 +01:00			`'';`
EDK2: Significant cleanup and modularization, and add OVMF as an example of how to use it svn path=/nixpkgs/trunk/; revision=33059 2012-03-14 07:57:58 +01:00
OVMF: separate output for ovmf binaries OVMF{,CODE,VARS}.fd are now available in a dedicated fd output, greatly reducing the closure in the common case where only those files are used (a few MBs versus several hundred MBs for the full OVMF). Note: it's unclear why `dontPatchELF` is now necessary for the build to pass (on my end, at any rate) but it doesn't make much sense to run this fixup anyway, Note: my reading of xen's INSTALL suggests that --with-system-ovmf should point directly to the OVMF binary. As such, the previous invocation was incorrect (it pointed to the root of the OVMF tree). In any case, I have only built xen with `--with-system-ovmf`, I have not tested it. Fixes https://github.com/NixOS/nixpkgs/issues/25854 Closes https://github.com/NixOS/nixpkgs/pull/25855 2017-05-18 12:46:14 +02:00			`postFixup = ''`
OVMF: fix build $fd for the output was overwritten during the build 2017-05-29 12:20:05 +02:00			`mkdir -vp $OUTPUT_FD/FV`
			`mv -v $out/FV/OVMF{,_CODE,_VARS}.fd $OUTPUT_FD/FV`
OVMF: separate output for ovmf binaries OVMF{,CODE,VARS}.fd are now available in a dedicated fd output, greatly reducing the closure in the common case where only those files are used (a few MBs versus several hundred MBs for the full OVMF). Note: it's unclear why `dontPatchELF` is now necessary for the build to pass (on my end, at any rate) but it doesn't make much sense to run this fixup anyway, Note: my reading of xen's INSTALL suggests that --with-system-ovmf should point directly to the OVMF binary. As such, the previous invocation was incorrect (it pointed to the root of the OVMF tree). In any case, I have only built xen with `--with-system-ovmf`, I have not tested it. Fixes https://github.com/NixOS/nixpkgs/issues/25854 Closes https://github.com/NixOS/nixpkgs/pull/25855 2017-05-18 12:46:14 +02:00			`'';`

			`dontPatchELF = true;`

EDK2: Significant cleanup and modularization, and add OVMF as an example of how to use it svn path=/nixpkgs/trunk/; revision=33059 2012-03-14 07:57:58 +01:00			`meta = {`
			`description = "Sample UEFI firmware for QEMU and KVM";`
Change many homepage urls from http to https #30636 2017-11-10 22:13:27 +01:00			`homepage = https://sourceforge.net/apps/mediawiki/tianocore/index.php?title=OVMF;`
Fix license attribute of many bsd-like licensed packages 2014-12-21 00:00:35 +01:00			`license = stdenv.lib.licenses.bsd2;`
EDK2: Significant cleanup and modularization, and add OVMF as an example of how to use it svn path=/nixpkgs/trunk/; revision=33059 2012-03-14 07:57:58 +01:00			`platforms = ["x86_64-linux" "i686-linux"];`
			`};`
			`})`