pyrox.dev
1{ stdenv, edk2, nasm, iasl, seabios, openssl, secureBoot ? false }:
2
3let
4
5 targetArch = if stdenv.isi686 then
6 "Ia32"
7 else if stdenv.isx86_64 then
8 "X64"
9 else
10 throw "Unsupported architecture";
11
12 version = (builtins.parseDrvName edk2.name).version;
13
14 src = edk2.src;
15in
16
17stdenv.mkDerivation (edk2.setup "OvmfPkg/OvmfPkg${targetArch}.dsc" {
18 name = "OVMF-${version}";
19
20 inherit src;
21
22 outputs = [ "out" "fd" ];
23
24 # TODO: properly include openssl for secureBoot
25 buildInputs = [nasm iasl] ++ stdenv.lib.optionals (secureBoot == true) [ openssl ];
26
27 hardeningDisable = [ "stackprotector" "pic" "fortify" ];
28
29 unpackPhase = ''
30 # $fd is overwritten during the build
31 export OUTPUT_FD=$fd
32
33 for file in \
34 "${src}"/{UefiCpuPkg,MdeModulePkg,IntelFrameworkModulePkg,PcAtChipsetPkg,FatBinPkg,EdkShellBinPkg,MdePkg,ShellPkg,OptionRomPkg,IntelFrameworkPkg,FatPkg,CryptoPkg,SourceLevelDebugPkg};
35 do
36 ln -sv "$file" .
37 done
38
39 ${if (seabios == false) then ''
40 ln -sv ${src}/OvmfPkg .
41 '' else ''
42 cp -r ${src}/OvmfPkg .
43 chmod +w OvmfPkg/Csm/Csm16
44 cp ${seabios}/Csm16.bin OvmfPkg/Csm/Csm16/Csm16.bin
45 ''}
46
47 ${if (secureBoot == true) then ''
48 ln -sv ${src}/SecurityPkg .
49 ln -sv ${src}/CryptoPkg .
50 '' else ''
51 ''}
52 '';
53
54 buildPhase = if (seabios == false) then ''
55 build ${if secureBoot then "-DSECURE_BOOT_ENABLE=TRUE" else ""}
56 '' else ''
57 build -D CSM_ENABLE -D FD_SIZE_2MB ${if secureBoot then "-DSECURE_BOOT_ENABLE=TRUE" else ""}
58 '';
59
60 postFixup = ''
61 mkdir -vp $OUTPUT_FD/FV
62 mv -v $out/FV/OVMF{,_CODE,_VARS}.fd $OUTPUT_FD/FV
63 '';
64
65 dontPatchELF = true;
66
67 meta = {
68 description = "Sample UEFI firmware for QEMU and KVM";
69 homepage = https://sourceforge.net/apps/mediawiki/tianocore/index.php?title=OVMF;
70 license = stdenv.lib.licenses.bsd2;
71 platforms = ["x86_64-linux" "i686-linux"];
72 };
73})