GNU logs - #68286, boring messages

Message sent to bug-guix@HIDDEN:


X-Loop: help-debbugs@HIDDEN
Subject: bug#68286: ovmf does not contain secureboot firmware
Resent-From: Tomas Volf <~@wolfsden.cz>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Sat, 06 Jan 2024 13:46:01 +0000
Resent-Message-ID: <handler.68286.B.170454875217797 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: report 68286
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: 68286 <at> debbugs.gnu.org
X-Debbugs-Original-To: bug-guix@HIDDEN
Received: via spool by submit <at> debbugs.gnu.org id=B.170454875217797
          (code B ref -1); Sat, 06 Jan 2024 13:46:01 +0000
Received: (at submit) by debbugs.gnu.org; 6 Jan 2024 13:45:52 +0000
Received: from localhost ([127.0.0.1]:58826 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1rM6zn-0004cR-Hf
	for submit <at> debbugs.gnu.org; Sat, 06 Jan 2024 08:45:52 -0500
Received: from lists.gnu.org ([2001:470:142::17]:50900)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <~@wolfsden.cz>) id 1rM6zl-0004Gd-Cy
 for submit <at> debbugs.gnu.org; Sat, 06 Jan 2024 08:45:50 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <~@wolfsden.cz>) id 1rM6zQ-0006sD-IY
 for bug-guix@HIDDEN; Sat, 06 Jan 2024 08:45:31 -0500
Received: from wolfsden.cz ([37.205.8.62])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <~@wolfsden.cz>) id 1rM6zK-0007xi-CA
 for bug-guix@HIDDEN; Sat, 06 Jan 2024 08:45:28 -0500
Received: by wolfsden.cz (Postfix, from userid 104)
 id 417BA244B45; Sat,  6 Jan 2024 13:45:19 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail;
 t=1704548719; bh=lz59KcRfYS6ljarOo+vx92yh3CPT2QPz1GvUMykF2bo=;
 h=Date:From:To:Subject;
 b=WVSPnKAhfc7BJB9q5Pr4h9/+YFwqeyaMCfEvvaaS+tZx5I7abgY/Q8rweVHvVZ7RN
 aDgBKtgNM1FknZ/4kT52rQVwPgpu5d2U04ysuLD896s2CksiXzznweeoojnCflRaAG
 7GBpNwbOlzuUPyz2YfTsJ1TUkkKu8Rk2P40rkjGxjEa0rG2pr3B5GXOPzBgAR/poRh
 Vq++kNOMiV2RL4gF3+C5YFVOcq4wmTwAdUhmnlgDeZz4XZkt+LK8pWRs33D0Jo+h0a
 THC0igk8FeM7w1NNG7WKpVivUOiBFUIuGuAk/kZc7odO3ra4OfNUbPMITEA9zYYBiZ
 YLX/NActGvvn8Vf62v9N7msd8Oqb9RtUF+J7/lWqHneNrZUHNAdFdxOwiBy4MIdMPH
 iWTaftlBX5omo7/qkaxxsUtC0i1x4+fkjiXNlIx8RzjcDB8oHkdT29GI5czceoZLIe
 sC6apVfCI9A5ZVZrpMltOk3t+h3vWSmyC4MCQd+E5Z0tGCmxkLu5whNcx0AZnDf3li
 EGYN/5ZIWIVB+GJ3OF8Q+3ifnuxqwBPfbCh2wmAVgxib8J3lXhJxfTdi6z6JrJrcds
 o0B8dEgEJlJafwagXC1Og9V1nDsMyyQLFzVnf8SiGmlUrd5v1JK60loY9FHpGmkOYD
 ckbU6X3h69lWGpIhNggS5ygg=
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on wolfsden
X-Spam-Level: 
X-Spam-Status: No, score=-1.2 required=5.0 tests=ALL_TRUSTED,DKIM_SIGNED,
 DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,T_SCC_BODY_TEXT_LINE,
 URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6
Received: from localhost (unknown [193.32.127.155])
 by wolfsden.cz (Postfix) with ESMTPSA id 3412D244648
 for <bug-guix@HIDDEN>; Sat,  6 Jan 2024 13:45:18 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail;
 t=1704548718; bh=lz59KcRfYS6ljarOo+vx92yh3CPT2QPz1GvUMykF2bo=;
 h=Date:From:To:Subject;
 b=a7WkL+2cFSf/5+mJ9/xGvAXfpSDuuBlhcozx5ED9XepX6bdFuL1MiRw7lrjIF3ZPb
 udDjRSZ9CO0wO4+Sb82kOkcbrKcO+ZX0+yEWnwg+cmZjsZBG4ErWQVQDJwmotyDk0o
 wHjvNPjGH0EOwV9dbbkNw3mT/kOilCS/vq9znel1ZdVmwUgqt3XuuoYDBpxfuKbK8h
 +4GzRjvwR9c8LyAQoeSNFRVIZZ/q1c66aQzxhvVB7dj4HebgTJx3UJ8ywCGKwjqTja
 JgZwc8DjrKsWVB8r4+ju0KlYE6jxALLArIxijqobadKrMjKBoBJxfRomP6iXhIMXPd
 qa3iVMjz9UWoDrjfzEhODMKo7xM3wyl1C46tmS4qHh1ZP+6QUX6Ba4pnn4yi1+xFNr
 nvjL3pfv+qN2pCm169Yk7HMfcyTUSuRIaT9qpzhT7eQcUrFaK27OysL9T8tYIrVBYL
 h9ItA0tEyrWTcT5Mst7Y1AmbBh9qPuzzTx9U/cPu0OmraCKCNbxqpLVZiS9gUnVOA4
 +W+BYSCSzTPLHJTwp8eD4N2tDogPnFnQKIWGUuv8cHiVsngWghUizlz9c4Rpt8o5C2
 N0gxBV9acA/lt19G+Mqoc3llu/x9oMVscR5MXt6QctXqpaTWpC7ZKT3kD1fG/31mDP
 fnzC6sCgbDx6b+0oWyAogqlQ=
Date: Sat, 6 Jan 2024 14:45:17 +0100
From: Tomas Volf <~@wolfsden.cz>
Message-ID: <ZZlZbUOr1BGtKJ0q@ws>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature"; boundary="zPvpMSyCK5JXjtjQ"
Content-Disposition: inline
Received-SPF: pass client-ip=37.205.8.62; envelope-from=~@wolfsden.cz;
 helo=wolfsden.cz
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001,
 T_SCC_BODY_TEXT_LINE=-0.01,
 T_SPF_TEMPERROR=0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: 1.0 (+)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.0 (/)


--zPvpMSyCK5JXjtjQ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

Hello,

looking at the ovmf package, is seems that it does not contain files required
for secureboot.  When I compare what Archlinux ships:

    usr/share/edk2/ia32/OVMF.4m.fd
    usr/share/edk2/ia32/OVMF.fd
    usr/share/edk2/ia32/OVMF_CODE.4m.fd
    usr/share/edk2/ia32/OVMF_CODE.csm.4m.fd
    usr/share/edk2/ia32/OVMF_CODE.csm.fd
    usr/share/edk2/ia32/OVMF_CODE.fd
    usr/share/edk2/ia32/OVMF_CODE.secboot.4m.fd
    usr/share/edk2/ia32/OVMF_CODE.secboot.fd
    usr/share/edk2/ia32/OVMF_VARS.4m.fd
    usr/share/edk2/ia32/OVMF_VARS.fd
    usr/share/edk2/x64/
    usr/share/edk2/x64/MICROVM.4m.fd
    usr/share/edk2/x64/MICROVM.fd
    usr/share/edk2/x64/OVMF.4m.fd
    usr/share/edk2/x64/OVMF.fd
    usr/share/edk2/x64/OVMF_CODE.4m.fd
    usr/share/edk2/x64/OVMF_CODE.csm.4m.fd
    usr/share/edk2/x64/OVMF_CODE.csm.fd
    usr/share/edk2/x64/OVMF_CODE.fd
    usr/share/edk2/x64/OVMF_CODE.secboot.4m.fd
    usr/share/edk2/x64/OVMF_CODE.secboot.fd
    usr/share/edk2/x64/OVMF_VARS.4m.fd
    usr/share/edk2/x64/OVMF_VARS.fd

with what we do:

    /gnu/store/nqv29p1kz1lwc6g3rifyi5mrapcx97wf-ovmf-202308/share/firmware/ovmf_code_ia32.bin
    /gnu/store/nqv29p1kz1lwc6g3rifyi5mrapcx97wf-ovmf-202308/share/firmware/ovmf_code_x64.bin
    /gnu/store/nqv29p1kz1lwc6g3rifyi5mrapcx97wf-ovmf-202308/share/firmware/ovmf_ia32.bin
    /gnu/store/nqv29p1kz1lwc6g3rifyi5mrapcx97wf-ovmf-202308/share/firmware/ovmf_vars_ia32.bin
    /gnu/store/nqv29p1kz1lwc6g3rifyi5mrapcx97wf-ovmf-202308/share/firmware/ovmf_vars_x64.bin
    /gnu/store/nqv29p1kz1lwc6g3rifyi5mrapcx97wf-ovmf-202308/share/firmware/ovmf_x64.bin

There seem to be some files missing.  The secboot would be useful, but the csm
might be as well.

I tried to make a patch to build multiple firmwares, however due to how other
packages inherit from it, it was quite messy.  I wonder if having just a single
ovmf package would simplify things. The size bloat from merging them
seems... negligible.  At least for the QEMU use case.

Have a nice day,
Tomas Volf

--
There are only two hard things in Computer Science:
cache invalidation, naming things and off-by-one errors.

--zPvpMSyCK5JXjtjQ
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEt4NJs4wUfTYpiGikL7/ufbZ/wakFAmWZWW0ACgkQL7/ufbZ/
wamBTg/9GU5OHRT+tx+Eb6LKgsdWJtZYQ/N/5+UkKCUgQ7CLEbEkmEGnDVdXZUjo
2QnMTEgqnCVVDk2ipFjVEeJS9ln+X32rKdmSeIwMHhvjIAejpRg7rchaW0ZMiloz
vLSw3CEc23vc3kCzfhPrSI8JAB+oVhGzeMpzk46voPHJ58zr01FCtKRmWUA0NYFz
NOY9oj0Iyzd8CUZtBQwPZXRYR32iM/PFR8hBuSGygHf7YEk6SS8SK2p4cSqJtJet
eqH4kw9oEftHirdDrUaVvmQAzZsOpLSe6m6hkbR2OBcH3glx9NBVUYyGsQ09Uj4F
j+7R31fywBaAxW4zz4lDySQ59bukdCMsmnCeDlR4ggjLU0S7sUl6E40BGgodwC7H
k0Mp3e5ZIAf5GJl0a41L80UdgqywyUiVjrofSORvk4Kg95y83YxADVZe351pxRed
g96lfTtwhk2/x65dlmtQlLmJts0UitsxNKQe+faeyBR26XsaDdCzAl+v2mThQyLu
6lNzBLNDW5HM9mZ+8eipQYWUJG6ziQpbl5D/3EogApRpGn5sApcNRw27wZcakxpf
N4JjTcziv4MgXaqtsKn+7PHRBUVgI0syLbpnqZ57XDYbEI4US4us3xjjOWRcb1Is
HzfD7QHqciS+CSQA3Zk4NXwRGY1h/GSf6085Ar633n0REiOxyFU=
=w+3B
-----END PGP SIGNATURE-----

--zPvpMSyCK5JXjtjQ--

Message sent:


Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailer: MIME-tools 5.505 (Entity 5.505)
Content-Type: text/plain; charset=utf-8
X-Loop: help-debbugs@HIDDEN
From: help-debbugs@HIDDEN (GNU bug Tracking System)
To: Tomas Volf <~@wolfsden.cz>
Subject: bug#68286: Acknowledgement (ovmf does not contain secureboot
 firmware)
Message-ID: <handler.68286.B.170454875217797.ack <at> debbugs.gnu.org>
References: <ZZlZbUOr1BGtKJ0q@ws>
X-Gnu-PR-Message: ack 68286
X-Gnu-PR-Package: guix
Reply-To: 68286 <at> debbugs.gnu.org
Date: Sat, 06 Jan 2024 13:46:02 +0000

Thank you for filing a new bug report with debbugs.gnu.org.

This is an automatically generated reply to let you know your message
has been received.

Your message is being forwarded to the package maintainers and other
interested parties for their attention; they will reply in due course.

Your message has been sent to the package maintainer(s):
 bug-guix@HIDDEN

If you wish to submit further information on this problem, please
send it to 68286 <at> debbugs.gnu.org.

Please do not send mail to help-debbugs@HIDDEN unless you wish
to report a problem with the Bug-tracking system.

--=20
68286: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D68286
GNU Bug Tracking System
Contact help-debbugs@HIDDEN with problems
Last modified: Sat, 20 Jan 2024 12:30:02 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.