From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0.migadu.com ([2001:41d0:303:5f26::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms8.migadu.com with LMTPS id SBsaBatZmWUx1AAAkFu2QA (envelope-from ) for ; Sat, 06 Jan 2024 14:46:19 +0100 Received: from aspmx1.migadu.com ([2001:41d0:303:e224::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0.migadu.com with LMTPS id sE8IOapZmWXAsAAAqHPOHw (envelope-from ) for ; Sat, 06 Jan 2024 14:46:19 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=wolfsden.cz header.s=mail header.b=WVSPnKAh; dkim=fail ("headers rsa verify failed") header.d=wolfsden.cz header.s=mail header.b=a7WkL+2c; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org"; dmarc=fail reason="SPF not aligned (relaxed)" header.from=wolfsden.cz (policy=none) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1704548778; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:list-id:list-help:list-unsubscribe:list-subscribe: list-post:dkim-signature; bh=/KY/6tJgNq3fvXms2jj1BzUMkzVSCAkpv/GdsYwGcds=; b=u/gKvgI6q0qC6mIUkmYGi4RwQoTj/9tsFZlmPwc9WnB/77MakSWpBxom9M7KwH2HRnJOTC A65khAEZgTjaJsQOi/qpdXrEN1yQjzjxQCyNjkOe0zh6xJVSEvZ8+z6KPtcwtZdEWfn9hZ thNeqbhqe8XOspG6+88+hfJ1WzIZOogLqVYYGIcWYrdgBc0u1UxsACK+/N6msIpDutGZSy Yl/SoR3Q0RqQrmNp/m/XwIU3L2YWoIsRaW9br+cTZcZTJfZCSLIAgTKuHBnL3mMFUr8z6L xCrvCGHkSsdJzsImrDcWZOfWIei+X7gUSaiPAvxWsGMQ1nwxeYpupKYrLVTAiA== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1704548778; a=rsa-sha256; cv=none; b=IWfXubStm3PDNwZ8x7aTV6Wxzh5QSvypJHD2uMDquqhjw5n8PhntsqdxyvRYEFrVVYv5YE EZuvgkSfDbXpUWDwmb65ds2a/M7bVDtbcQt/xrgQx8eDQHapU0EynW5BLe61fnBAFAVBBj pzwLXx5nu4FnqV2T/4PXNjWtecyogcFNqe2WlJysREjykGszUbz9gSj7pbW9DIg0bV5/X8 h6/PZvGRTp7G5B7v+HRVdmIVbAsgfAID9+6nGthFHTMd0REhpDvTyQ+bAKeL5EPPkeyYR2 GAQe3GdL+L0CB4MOnp6hb0xhjlYSLU0z8134bc3LVlRdBDHTqt1jGWlMWdbBAg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=wolfsden.cz header.s=mail header.b=WVSPnKAh; dkim=fail ("headers rsa verify failed") header.d=wolfsden.cz header.s=mail header.b=a7WkL+2c; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org"; dmarc=fail reason="SPF not aligned (relaxed)" header.from=wolfsden.cz (policy=none) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 52A2E209E8 for ; Sat, 6 Jan 2024 14:46:17 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rM6zx-0006zQ-0x; Sat, 06 Jan 2024 08:46:01 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rM6zt-0006zE-Rh for bug-guix@gnu.org; Sat, 06 Jan 2024 08:45:57 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rM6zt-0008Hn-JB for bug-guix@gnu.org; Sat, 06 Jan 2024 08:45:57 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rM6zy-0004tN-5x for bug-guix@gnu.org; Sat, 06 Jan 2024 08:46:02 -0500 X-Loop: help-debbugs@gnu.org Subject: bug#68286: ovmf does not contain secureboot firmware Resent-From: Tomas Volf <~@wolfsden.cz> Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Sat, 06 Jan 2024 13:46:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 68286 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 68286@debbugs.gnu.org X-Debbugs-Original-To: bug-guix@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.170454875217797 (code B ref -1); Sat, 06 Jan 2024 13:46:01 +0000 Received: (at submit) by debbugs.gnu.org; 6 Jan 2024 13:45:52 +0000 Received: from localhost ([127.0.0.1]:58826 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rM6zn-0004cR-Hf for submit@debbugs.gnu.org; Sat, 06 Jan 2024 08:45:52 -0500 Received: from lists.gnu.org ([2001:470:142::17]:50900) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <~@wolfsden.cz>) id 1rM6zl-0004Gd-Cy for submit@debbugs.gnu.org; Sat, 06 Jan 2024 08:45:50 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <~@wolfsden.cz>) id 1rM6zQ-0006sD-IY for bug-guix@gnu.org; Sat, 06 Jan 2024 08:45:31 -0500 Received: from wolfsden.cz ([37.205.8.62]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <~@wolfsden.cz>) id 1rM6zK-0007xi-CA for bug-guix@gnu.org; Sat, 06 Jan 2024 08:45:28 -0500 Received: by wolfsden.cz (Postfix, from userid 104) id 417BA244B45; Sat, 6 Jan 2024 13:45:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1704548719; bh=lz59KcRfYS6ljarOo+vx92yh3CPT2QPz1GvUMykF2bo=; h=Date:From:To:Subject; b=WVSPnKAhfc7BJB9q5Pr4h9/+YFwqeyaMCfEvvaaS+tZx5I7abgY/Q8rweVHvVZ7RN aDgBKtgNM1FknZ/4kT52rQVwPgpu5d2U04ysuLD896s2CksiXzznweeoojnCflRaAG 7GBpNwbOlzuUPyz2YfTsJ1TUkkKu8Rk2P40rkjGxjEa0rG2pr3B5GXOPzBgAR/poRh Vq++kNOMiV2RL4gF3+C5YFVOcq4wmTwAdUhmnlgDeZz4XZkt+LK8pWRs33D0Jo+h0a THC0igk8FeM7w1NNG7WKpVivUOiBFUIuGuAk/kZc7odO3ra4OfNUbPMITEA9zYYBiZ YLX/NActGvvn8Vf62v9N7msd8Oqb9RtUF+J7/lWqHneNrZUHNAdFdxOwiBy4MIdMPH iWTaftlBX5omo7/qkaxxsUtC0i1x4+fkjiXNlIx8RzjcDB8oHkdT29GI5czceoZLIe sC6apVfCI9A5ZVZrpMltOk3t+h3vWSmyC4MCQd+E5Z0tGCmxkLu5whNcx0AZnDf3li EGYN/5ZIWIVB+GJ3OF8Q+3ifnuxqwBPfbCh2wmAVgxib8J3lXhJxfTdi6z6JrJrcds o0B8dEgEJlJafwagXC1Og9V1nDsMyyQLFzVnf8SiGmlUrd5v1JK60loY9FHpGmkOYD ckbU6X3h69lWGpIhNggS5ygg= Received: from localhost (unknown [193.32.127.155]) by wolfsden.cz (Postfix) with ESMTPSA id 3412D244648 for ; Sat, 6 Jan 2024 13:45:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1704548718; bh=lz59KcRfYS6ljarOo+vx92yh3CPT2QPz1GvUMykF2bo=; h=Date:From:To:Subject; b=a7WkL+2cFSf/5+mJ9/xGvAXfpSDuuBlhcozx5ED9XepX6bdFuL1MiRw7lrjIF3ZPb udDjRSZ9CO0wO4+Sb82kOkcbrKcO+ZX0+yEWnwg+cmZjsZBG4ErWQVQDJwmotyDk0o wHjvNPjGH0EOwV9dbbkNw3mT/kOilCS/vq9znel1ZdVmwUgqt3XuuoYDBpxfuKbK8h +4GzRjvwR9c8LyAQoeSNFRVIZZ/q1c66aQzxhvVB7dj4HebgTJx3UJ8ywCGKwjqTja JgZwc8DjrKsWVB8r4+ju0KlYE6jxALLArIxijqobadKrMjKBoBJxfRomP6iXhIMXPd qa3iVMjz9UWoDrjfzEhODMKo7xM3wyl1C46tmS4qHh1ZP+6QUX6Ba4pnn4yi1+xFNr nvjL3pfv+qN2pCm169Yk7HMfcyTUSuRIaT9qpzhT7eQcUrFaK27OysL9T8tYIrVBYL h9ItA0tEyrWTcT5Mst7Y1AmbBh9qPuzzTx9U/cPu0OmraCKCNbxqpLVZiS9gUnVOA4 +W+BYSCSzTPLHJTwp8eD4N2tDogPnFnQKIWGUuv8cHiVsngWghUizlz9c4Rpt8o5C2 N0gxBV9acA/lt19G+Mqoc3llu/x9oMVscR5MXt6QctXqpaTWpC7ZKT3kD1fG/31mDP fnzC6sCgbDx6b+0oWyAogqlQ= Date: Sat, 6 Jan 2024 14:45:17 +0100 From: Tomas Volf <~@wolfsden.cz> Message-ID: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="zPvpMSyCK5JXjtjQ" Content-Disposition: inline Received-SPF: pass client-ip=37.205.8.62; envelope-from=~@wolfsden.cz; helo=wolfsden.cz X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, T_SPF_TEMPERROR=0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: bug-guix-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: -6.80 X-Spam-Score: -6.80 X-Migadu-Queue-Id: 52A2E209E8 X-Migadu-Scanner: mx12.migadu.com X-TUID: LSsgJY8WZrr3 --zPvpMSyCK5JXjtjQ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hello, looking at the ovmf package, is seems that it does not contain files required for secureboot. When I compare what Archlinux ships: usr/share/edk2/ia32/OVMF.4m.fd usr/share/edk2/ia32/OVMF.fd usr/share/edk2/ia32/OVMF_CODE.4m.fd usr/share/edk2/ia32/OVMF_CODE.csm.4m.fd usr/share/edk2/ia32/OVMF_CODE.csm.fd usr/share/edk2/ia32/OVMF_CODE.fd usr/share/edk2/ia32/OVMF_CODE.secboot.4m.fd usr/share/edk2/ia32/OVMF_CODE.secboot.fd usr/share/edk2/ia32/OVMF_VARS.4m.fd usr/share/edk2/ia32/OVMF_VARS.fd usr/share/edk2/x64/ usr/share/edk2/x64/MICROVM.4m.fd usr/share/edk2/x64/MICROVM.fd usr/share/edk2/x64/OVMF.4m.fd usr/share/edk2/x64/OVMF.fd usr/share/edk2/x64/OVMF_CODE.4m.fd usr/share/edk2/x64/OVMF_CODE.csm.4m.fd usr/share/edk2/x64/OVMF_CODE.csm.fd usr/share/edk2/x64/OVMF_CODE.fd usr/share/edk2/x64/OVMF_CODE.secboot.4m.fd usr/share/edk2/x64/OVMF_CODE.secboot.fd usr/share/edk2/x64/OVMF_VARS.4m.fd usr/share/edk2/x64/OVMF_VARS.fd with what we do: /gnu/store/nqv29p1kz1lwc6g3rifyi5mrapcx97wf-ovmf-202308/share/firmware/ovmf_code_ia32.bin /gnu/store/nqv29p1kz1lwc6g3rifyi5mrapcx97wf-ovmf-202308/share/firmware/ovmf_code_x64.bin /gnu/store/nqv29p1kz1lwc6g3rifyi5mrapcx97wf-ovmf-202308/share/firmware/ovmf_ia32.bin /gnu/store/nqv29p1kz1lwc6g3rifyi5mrapcx97wf-ovmf-202308/share/firmware/ovmf_vars_ia32.bin /gnu/store/nqv29p1kz1lwc6g3rifyi5mrapcx97wf-ovmf-202308/share/firmware/ovmf_vars_x64.bin /gnu/store/nqv29p1kz1lwc6g3rifyi5mrapcx97wf-ovmf-202308/share/firmware/ovmf_x64.bin There seem to be some files missing. The secboot would be useful, but the csm might be as well. I tried to make a patch to build multiple firmwares, however due to how other packages inherit from it, it was quite messy. I wonder if having just a single ovmf package would simplify things. The size bloat from merging them seems... negligible. At least for the QEMU use case. Have a nice day, Tomas Volf -- There are only two hard things in Computer Science: cache invalidation, naming things and off-by-one errors. --zPvpMSyCK5JXjtjQ Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEt4NJs4wUfTYpiGikL7/ufbZ/wakFAmWZWW0ACgkQL7/ufbZ/ wamBTg/9GU5OHRT+tx+Eb6LKgsdWJtZYQ/N/5+UkKCUgQ7CLEbEkmEGnDVdXZUjo 2QnMTEgqnCVVDk2ipFjVEeJS9ln+X32rKdmSeIwMHhvjIAejpRg7rchaW0ZMiloz vLSw3CEc23vc3kCzfhPrSI8JAB+oVhGzeMpzk46voPHJ58zr01FCtKRmWUA0NYFz NOY9oj0Iyzd8CUZtBQwPZXRYR32iM/PFR8hBuSGygHf7YEk6SS8SK2p4cSqJtJet eqH4kw9oEftHirdDrUaVvmQAzZsOpLSe6m6hkbR2OBcH3glx9NBVUYyGsQ09Uj4F j+7R31fywBaAxW4zz4lDySQ59bukdCMsmnCeDlR4ggjLU0S7sUl6E40BGgodwC7H k0Mp3e5ZIAf5GJl0a41L80UdgqywyUiVjrofSORvk4Kg95y83YxADVZe351pxRed g96lfTtwhk2/x65dlmtQlLmJts0UitsxNKQe+faeyBR26XsaDdCzAl+v2mThQyLu 6lNzBLNDW5HM9mZ+8eipQYWUJG6ziQpbl5D/3EogApRpGn5sApcNRw27wZcakxpf N4JjTcziv4MgXaqtsKn+7PHRBUVgI0syLbpnqZ57XDYbEI4US4us3xjjOWRcb1Is HzfD7QHqciS+CSQA3Zk4NXwRGY1h/GSf6085Ar633n0REiOxyFU= =w+3B -----END PGP SIGNATURE----- --zPvpMSyCK5JXjtjQ--