public inbox for pve-devel@lists.proxmox.com
 help / color / mirror / Atom feed
From: Anton Iacobaeus <anton.iacobaeus@canarybit.eu>
To: pve-devel@lists.proxmox.com
Cc: Anton Iacobaeus <anton.iacobaeus@canarybit.eu>,
	Philipp Giersfeld <philipp.giersfeld@canarybit.eu>
Subject: [pve-devel] [PATCH edk2-firmware 2/4] Add firmware target for TDFV
Date: Tue, 16 Sep 2025 09:52:47 +0200	[thread overview]
Message-ID: <20250916075406.33084-5-anton.iacobaeus@canarybit.eu> (raw)
In-Reply-To: <20250916075406.33084-2-anton.iacobaeus@canarybit.eu>

From: Philipp Giersfeld <philipp.giersfeld@canarybit.eu>

TDVF enables UEFI support for TDX virtual machines. Add a build target
to build TDFV in Config-B (https://github.com/tianocore/edk2/tree/master/OvmfPkg/IntelTdx#configurations-and-features)

Signed-off-by: Philipp Giersfeld <philipp.giersfeld@canarybit.eu>
Signed-off-by: Anton Iacobaeus <anton.iacobaeus@canarybit.eu>
---
 debian/pve-edk2-firmware-ovmf.install |  1 +
 debian/rules                          | 23 +++++++++++++++++++++--
 2 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/debian/pve-edk2-firmware-ovmf.install b/debian/pve-edk2-firmware-ovmf.install
index 981ac27..2218656 100644
--- a/debian/pve-edk2-firmware-ovmf.install
+++ b/debian/pve-edk2-firmware-ovmf.install
@@ -3,6 +3,7 @@ debian/ovmf-install/OVMF_VARS*.fd	/usr/share/pve-edk2-firmware
 debian/ovmf-sev-install/OVMF_SEV_CODE*.fd	/usr/share/pve-edk2-firmware
 debian/ovmf-sev-install/OVMF_SEV_VARS*.fd	/usr/share/pve-edk2-firmware
 debian/ovmf-sev-install/OVMF_SEV_4M.fd	/usr/share/pve-edk2-firmware
+debian/ovmf-tdx-install/OVMF_TDX_4M.fd	/usr/share/pve-edk2-firmware
 debian/ovmf32-install/OVMF32_CODE*.fd		/usr/share/pve-edk2-firmware
 debian/ovmf32-install/OVMF32_VARS*.fd		/usr/share/pve-edk2-firmware
 debian/PkKek-1-snakeoil.*			/usr/share/pve-edk2-firmware
diff --git a/debian/rules b/debian/rules
index 3309d4d..fce0f8f 100755
--- a/debian/rules
+++ b/debian/rules
@@ -38,6 +38,7 @@ OVMF_4M_SMM_FLAGS = $(OVMF_4M_FLAGS) -DSMM_REQUIRE=TRUE
 OVMF32_4M_FLAGS = $(OVMF_COMMON_FLAGS) -DFD_SIZE_4MB
 OVMF32_4M_SMM_FLAGS =  $(OVMF32_4M_FLAGS) -DSMM_REQUIRE=TRUE
 OVMF_SEV_4M_FLAGS = $(OVMF_4M_FLAGS)
+OVMF_TDX_4M_FLAGS = $(OVMF_4M_FLAGS)
 
 AAVMF_FLAGS  = $(COMMON_FLAGS)
 AAVMF_FLAGS += -DTPM2_ENABLE=TRUE
@@ -57,7 +58,7 @@ undefine CONF_PATH
 %:
 	dh $@
 
-override_dh_auto_build: build-qemu-efi-aarch64 build-ovmf build-ovmf32 build-ovmf-sev build-qemu-efi-riscv64
+override_dh_auto_build: build-qemu-efi-aarch64 build-ovmf build-ovmf32 build-ovmf-sev build-ovmf-tdx build-qemu-efi-riscv64
 
 debian/setup-build-stamp:
 	cp -a debian/Logo.bmp MdeModulePkg/Logo/Logo.bmp
@@ -86,6 +87,12 @@ OVMF_SEV_SHELL = $(OVMF_SEV_BUILD_DIR)/X64/Shell.efi
 OVMF_SEV_BINARIES = $(OVMF_SEV_SHELL)
 OVMF_SEV_IMAGES  := $(addprefix $(OVMF_SEV_INSTALL_DIR)/,OVMF_SEV_CODE_4M.fd OVMF_SEV_VARS_4M.fd OVMF_SEV_4M.fd)
 
+OVMF_TDX_INSTALL_DIR = debian/ovmf-tdx-install
+OVMF_TDX_BUILD_DIR = Build/IntelTdx/$(BUILD_TYPE)_$(EDK2_TOOLCHAIN)
+OVMF_TDX_SHELL = $(OVMF_TDX_BUILD_DIR)/X64/Shell.efi
+OVMF_TDX_BINARIES = $(OVMF_TDX_SHELL)
+OVMF_TDX_IMAGES  := $(addprefix $(OVMF_TDX_INSTALL_DIR)/,OVMF_TDX_4M.fd)
+
 QEMU_EFI_BUILD_DIR = Build/ArmVirtQemu-$(EDK2_HOST_ARCH)/$(BUILD_TYPE)_$(EDK2_TOOLCHAIN)
 AAVMF_BUILD_DIR = Build/ArmVirtQemu-AARCH64/$(BUILD_TYPE)_$(EDK2_TOOLCHAIN)
 AAVMF_ENROLL    = $(AAVMF_BUILD_DIR)/AARCH64/EnrollDefaultKeys.efi
@@ -130,6 +137,18 @@ $(OVMF_SEV_BINARIES) $(OVMF_SEV_IMAGES): debian/setup-build-stamp
 	cp $(OVMF_SEV_BUILD_DIR)/FV/OVMF.fd \
 		$(OVMF_SEV_INSTALL_DIR)/OVMF_SEV_4M.fd
 
+build-ovmf-tdx: $(OVMF_TDX_BINARIES) $(OVMF_TDX_IMAGES)
+$(OVMF_TDX_BINARIES) $(OVMF_TDX_IMAGES): debian/setup-build-stamp
+	rm -rf $(OVMF_TDX_INSTALL_DIR)
+	mkdir $(OVMF_TDX_INSTALL_DIR)
+	set -e; . ./edksetup.sh; \
+		build -a X64 \
+			-t $(EDK2_TOOLCHAIN) \
+			-p OvmfPkg/IntelTdx/IntelTdxX64.dsc \
+			$(OVMF_TDX_4M_FLAGS) -b $(BUILD_TYPE)
+	cp $(OVMF_TDX_BUILD_DIR)/FV/OVMF.fd \
+		$(OVMF_TDX_INSTALL_DIR)/OVMF_TDX_4M.fd
+
 build-ovmf: $(OVMF_BINARIES) $(OVMF_IMAGES) $(OVMF_PREENROLLED_VARS)
 $(OVMF_BINARIES) $(OVMF_IMAGES): debian/setup-build-stamp
 	rm -rf $(OVMF_INSTALL_DIR)
@@ -274,4 +293,4 @@ get-orig-source:
 		edk2-$(DEB_VERSION_UPSTREAM)
 	rm -rf edk2.tmp edk2-$(DEB_VERSION_UPSTREAM)
 
-.PHONY: build-ovmf build-ovmf32 build-ovmf-sev build-qemu-efi build-qemu-efi-aarch64 build-qemu-efi-riscv64
+.PHONY: build-ovmf build-ovmf32 build-ovmf-sev build-ovmf-tdx build-qemu-efi build-qemu-efi-aarch64 build-qemu-efi-riscv64
-- 
2.43.0


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel


  parent reply	other threads:[~2025-09-16  9:13 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-09-16  7:52 [pve-devel] [PATCH edk2-firmware/manager/qemu-server 0/8] Add support for Intel TDX Anton Iacobaeus
2025-09-16  7:52 ` [pve-devel] [PATCH edk2-firmware 1/4] Change name of SEV-related OVMF files Anton Iacobaeus
2025-09-16  9:48   ` Thomas Lamprecht
2025-09-16  7:52 ` Anton Iacobaeus [this message]
2025-09-16  7:52 ` [pve-devel] [PATCH edk2-firmware 3/4] Add SCSI in NCCFV for TD guest Anton Iacobaeus
2025-09-16  7:52 ` [pve-devel] [PATCH edk2-firmware 4/4] Adapt APIC frequency " Anton Iacobaeus
2025-09-16  9:51   ` Thomas Lamprecht
2025-09-16  7:52 ` [pve-devel] [PATCH manager 1/1] Add support for Intel TDX Anton Iacobaeus
2025-09-16  7:52 ` [pve-devel] [PATCH qemu-server 1/3] Adapt AMD SEV code for compatibility with other platforms Anton Iacobaeus
2025-09-16  7:52 ` [pve-devel] [PATCH qemu-server 2/3] Add check for TDX support Anton Iacobaeus
2025-09-16 10:22   ` Thomas Lamprecht
2025-09-16  7:52 ` [pve-devel] [PATCH qemu-server 3/3] Add support for Intel TDX Anton Iacobaeus

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20250916075406.33084-5-anton.iacobaeus@canarybit.eu \
    --to=anton.iacobaeus@canarybit.eu \
    --cc=philipp.giersfeld@canarybit.eu \
    --cc=pve-devel@lists.proxmox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal