Received: (at submit) by debbugs.gnu.org; 6 Jan 2024 13:45:52 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Jan 06 08:45:52 2024
Received: from localhost ([127.0.0.1]:58826 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1rM6zn-0004cR-Hf
for submit <at> debbugs.gnu.org; Sat, 06 Jan 2024 08:45:52 -0500
Received: from lists.gnu.org ([2001:470:142::17]:50900)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <~@wolfsden.cz>) id 1rM6zl-0004Gd-Cy
for submit <at> debbugs.gnu.org; Sat, 06 Jan 2024 08:45:50 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <~@wolfsden.cz>) id 1rM6zQ-0006sD-IY
for bug-guix@HIDDEN; Sat, 06 Jan 2024 08:45:31 -0500
Received: from wolfsden.cz ([37.205.8.62])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <~@wolfsden.cz>) id 1rM6zK-0007xi-CA
for bug-guix@HIDDEN; Sat, 06 Jan 2024 08:45:28 -0500
Received: by wolfsden.cz (Postfix, from userid 104)
id 417BA244B45; Sat, 6 Jan 2024 13:45:19 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail;
t=1704548719; bh=lz59KcRfYS6ljarOo+vx92yh3CPT2QPz1GvUMykF2bo=;
h=Date:From:To:Subject;
b=WVSPnKAhfc7BJB9q5Pr4h9/+YFwqeyaMCfEvvaaS+tZx5I7abgY/Q8rweVHvVZ7RN
aDgBKtgNM1FknZ/4kT52rQVwPgpu5d2U04ysuLD896s2CksiXzznweeoojnCflRaAG
7GBpNwbOlzuUPyz2YfTsJ1TUkkKu8Rk2P40rkjGxjEa0rG2pr3B5GXOPzBgAR/poRh
Vq++kNOMiV2RL4gF3+C5YFVOcq4wmTwAdUhmnlgDeZz4XZkt+LK8pWRs33D0Jo+h0a
THC0igk8FeM7w1NNG7WKpVivUOiBFUIuGuAk/kZc7odO3ra4OfNUbPMITEA9zYYBiZ
YLX/NActGvvn8Vf62v9N7msd8Oqb9RtUF+J7/lWqHneNrZUHNAdFdxOwiBy4MIdMPH
iWTaftlBX5omo7/qkaxxsUtC0i1x4+fkjiXNlIx8RzjcDB8oHkdT29GI5czceoZLIe
sC6apVfCI9A5ZVZrpMltOk3t+h3vWSmyC4MCQd+E5Z0tGCmxkLu5whNcx0AZnDf3li
EGYN/5ZIWIVB+GJ3OF8Q+3ifnuxqwBPfbCh2wmAVgxib8J3lXhJxfTdi6z6JrJrcds
o0B8dEgEJlJafwagXC1Og9V1nDsMyyQLFzVnf8SiGmlUrd5v1JK60loY9FHpGmkOYD
ckbU6X3h69lWGpIhNggS5ygg=
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on wolfsden
X-Spam-Level:
X-Spam-Status: No, score=-1.2 required=5.0 tests=ALL_TRUSTED,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,T_SCC_BODY_TEXT_LINE,
URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6
Received: from localhost (unknown [193.32.127.155])
by wolfsden.cz (Postfix) with ESMTPSA id 3412D244648
for <bug-guix@HIDDEN>; Sat, 6 Jan 2024 13:45:18 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail;
t=1704548718; bh=lz59KcRfYS6ljarOo+vx92yh3CPT2QPz1GvUMykF2bo=;
h=Date:From:To:Subject;
b=a7WkL+2cFSf/5+mJ9/xGvAXfpSDuuBlhcozx5ED9XepX6bdFuL1MiRw7lrjIF3ZPb
udDjRSZ9CO0wO4+Sb82kOkcbrKcO+ZX0+yEWnwg+cmZjsZBG4ErWQVQDJwmotyDk0o
wHjvNPjGH0EOwV9dbbkNw3mT/kOilCS/vq9znel1ZdVmwUgqt3XuuoYDBpxfuKbK8h
+4GzRjvwR9c8LyAQoeSNFRVIZZ/q1c66aQzxhvVB7dj4HebgTJx3UJ8ywCGKwjqTja
JgZwc8DjrKsWVB8r4+ju0KlYE6jxALLArIxijqobadKrMjKBoBJxfRomP6iXhIMXPd
qa3iVMjz9UWoDrjfzEhODMKo7xM3wyl1C46tmS4qHh1ZP+6QUX6Ba4pnn4yi1+xFNr
nvjL3pfv+qN2pCm169Yk7HMfcyTUSuRIaT9qpzhT7eQcUrFaK27OysL9T8tYIrVBYL
h9ItA0tEyrWTcT5Mst7Y1AmbBh9qPuzzTx9U/cPu0OmraCKCNbxqpLVZiS9gUnVOA4
+W+BYSCSzTPLHJTwp8eD4N2tDogPnFnQKIWGUuv8cHiVsngWghUizlz9c4Rpt8o5C2
N0gxBV9acA/lt19G+Mqoc3llu/x9oMVscR5MXt6QctXqpaTWpC7ZKT3kD1fG/31mDP
fnzC6sCgbDx6b+0oWyAogqlQ=
Date: Sat, 6 Jan 2024 14:45:17 +0100
From: Tomas Volf <~@wolfsden.cz>
To: bug-guix@HIDDEN
Subject: ovmf does not contain secureboot firmware
Message-ID: <ZZlZbUOr1BGtKJ0q@ws>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature"; boundary="zPvpMSyCK5JXjtjQ"
Content-Disposition: inline
Received-SPF: pass client-ip=37.205.8.62; envelope-from=~@wolfsden.cz;
helo=wolfsden.cz
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001,
T_SCC_BODY_TEXT_LINE=-0.01,
T_SPF_TEMPERROR=0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: 1.0 (+)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.0 (/)
--zPvpMSyCK5JXjtjQ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Hello,
looking at the ovmf package, is seems that it does not contain files required
for secureboot. When I compare what Archlinux ships:
usr/share/edk2/ia32/OVMF.4m.fd
usr/share/edk2/ia32/OVMF.fd
usr/share/edk2/ia32/OVMF_CODE.4m.fd
usr/share/edk2/ia32/OVMF_CODE.csm.4m.fd
usr/share/edk2/ia32/OVMF_CODE.csm.fd
usr/share/edk2/ia32/OVMF_CODE.fd
usr/share/edk2/ia32/OVMF_CODE.secboot.4m.fd
usr/share/edk2/ia32/OVMF_CODE.secboot.fd
usr/share/edk2/ia32/OVMF_VARS.4m.fd
usr/share/edk2/ia32/OVMF_VARS.fd
usr/share/edk2/x64/
usr/share/edk2/x64/MICROVM.4m.fd
usr/share/edk2/x64/MICROVM.fd
usr/share/edk2/x64/OVMF.4m.fd
usr/share/edk2/x64/OVMF.fd
usr/share/edk2/x64/OVMF_CODE.4m.fd
usr/share/edk2/x64/OVMF_CODE.csm.4m.fd
usr/share/edk2/x64/OVMF_CODE.csm.fd
usr/share/edk2/x64/OVMF_CODE.fd
usr/share/edk2/x64/OVMF_CODE.secboot.4m.fd
usr/share/edk2/x64/OVMF_CODE.secboot.fd
usr/share/edk2/x64/OVMF_VARS.4m.fd
usr/share/edk2/x64/OVMF_VARS.fd
with what we do:
/gnu/store/nqv29p1kz1lwc6g3rifyi5mrapcx97wf-ovmf-202308/share/firmware/ovmf_code_ia32.bin
/gnu/store/nqv29p1kz1lwc6g3rifyi5mrapcx97wf-ovmf-202308/share/firmware/ovmf_code_x64.bin
/gnu/store/nqv29p1kz1lwc6g3rifyi5mrapcx97wf-ovmf-202308/share/firmware/ovmf_ia32.bin
/gnu/store/nqv29p1kz1lwc6g3rifyi5mrapcx97wf-ovmf-202308/share/firmware/ovmf_vars_ia32.bin
/gnu/store/nqv29p1kz1lwc6g3rifyi5mrapcx97wf-ovmf-202308/share/firmware/ovmf_vars_x64.bin
/gnu/store/nqv29p1kz1lwc6g3rifyi5mrapcx97wf-ovmf-202308/share/firmware/ovmf_x64.bin
There seem to be some files missing. The secboot would be useful, but the csm
might be as well.
I tried to make a patch to build multiple firmwares, however due to how other
packages inherit from it, it was quite messy. I wonder if having just a single
ovmf package would simplify things. The size bloat from merging them
seems... negligible. At least for the QEMU use case.
Have a nice day,
Tomas Volf
--
There are only two hard things in Computer Science:
cache invalidation, naming things and off-by-one errors.
--zPvpMSyCK5JXjtjQ
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEt4NJs4wUfTYpiGikL7/ufbZ/wakFAmWZWW0ACgkQL7/ufbZ/
wamBTg/9GU5OHRT+tx+Eb6LKgsdWJtZYQ/N/5+UkKCUgQ7CLEbEkmEGnDVdXZUjo
2QnMTEgqnCVVDk2ipFjVEeJS9ln+X32rKdmSeIwMHhvjIAejpRg7rchaW0ZMiloz
vLSw3CEc23vc3kCzfhPrSI8JAB+oVhGzeMpzk46voPHJ58zr01FCtKRmWUA0NYFz
NOY9oj0Iyzd8CUZtBQwPZXRYR32iM/PFR8hBuSGygHf7YEk6SS8SK2p4cSqJtJet
eqH4kw9oEftHirdDrUaVvmQAzZsOpLSe6m6hkbR2OBcH3glx9NBVUYyGsQ09Uj4F
j+7R31fywBaAxW4zz4lDySQ59bukdCMsmnCeDlR4ggjLU0S7sUl6E40BGgodwC7H
k0Mp3e5ZIAf5GJl0a41L80UdgqywyUiVjrofSORvk4Kg95y83YxADVZe351pxRed
g96lfTtwhk2/x65dlmtQlLmJts0UitsxNKQe+faeyBR26XsaDdCzAl+v2mThQyLu
6lNzBLNDW5HM9mZ+8eipQYWUJG6ziQpbl5D/3EogApRpGn5sApcNRw27wZcakxpf
N4JjTcziv4MgXaqtsKn+7PHRBUVgI0syLbpnqZ57XDYbEI4US4us3xjjOWRcb1Is
HzfD7QHqciS+CSQA3Zk4NXwRGY1h/GSf6085Ar633n0REiOxyFU=
=w+3B
-----END PGP SIGNATURE-----
--zPvpMSyCK5JXjtjQ--
Tomas Volf <~@wolfsden.cz>:bug-guix@HIDDEN.
Full text available.bug-guix@HIDDEN:bug#68286; Package guix.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.