handle dropping support for building 2MB-sized firmware images

Keep a static build of the last version we supported them (2023.02)
for backward compat in a new separate binary package.

We can make that optional with the next major release and handle
affected VMs in pve8to9.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

debian/README.Proxmox-VE

@@ -40,6 +40,8 @@ OVMF_VARS.ms.fd
   These images are the same as their "4M" variants, but for use with guests
   using a 2MB flash device. 2MB flash is no longer considered sufficient for
   use with Secure Boot. This is provided only for backwards compatibility.
+  NOTE: As 2MB support was removed with 2023.08 release, we now ship them as
+  static builds from our last release before that (2023.02)
 
 OVMF_CODE_4M.snakeoil.fd
 OVMF_VARS_4M.snakeoil.fd
@@ -99,4 +101,4 @@ PkKek-1-snakeoil.pem
   OVMF_VARS.snakeoil.fd template. The password for the key is
   'snakeoil'.
 
- -- dann frazier <dannf@debian.org>, Fri,  4 Feb 2022 17:01:31 -0700
+ -- Proxmox Support Team <support@proxmox.com>, dann frazier <dannf@debian.org>, Fri,  4 Feb 2022 17:01:31 -0700

debian/control

@@ -24,9 +24,22 @@ XS-Build-Indep-Architecture: amd64
 
 Package: pve-edk2-firmware
 Architecture: all
-Depends: ${misc:Depends}
+Depends: pve-edk2-firmware-legacy, ${misc:Depends}
 Multi-Arch: foreign
 Description: edk2 based UEFI firmware modules for virtual machines
  Open Virtual Machine Firmware is a build of EDK II for 64-bit, 32-bit x86
  and 64-bit ARM virtual machines. It includes full support for UEFI, including
  Secure Boot, allowing use of UEFI in place of a traditional BIOS in your VM.
+
+Package: pve-edk2-firmware-legacy
+Architecture: all
+Depends: ${misc:Depends},
+Breaks: pve-edk2-firmware (<< 4.2023.08-1),
+Multi-Arch: foreign
+Description: edk2 based legacy 2MB UEFI firmware modules for virtual machines
+ Open Virtual Machine Firmware is a build of EDK II for 64-bit, 32-bit x86
+ virtual machines. It includes full support for UEFI, including Secure Boot,
+ allowing use of UEFI in place of a traditional BIOS in your VM.
+ This packages includes a static build of legacy images that got dropped from
+ upstream because the small size results in to many limitations, but Proxmox VE
+ still needs to provide backward compat for older VMs.

debian/pve-edk2-firmware-legacy.install

@@ -0,0 +1 @@
+debian/legacy-2M-builds/*	/usr/share/pve-edk2-firmware/legacy

debian/pve-edk2-firmware-legacy.links

@@ -0,0 +1,4 @@
+usr/share/pve-edk2-firmware/legacy/OVMF_CODE.fd usr/share/pve-edk2-firmware/OVMF_CODE.fd
+usr/share/pve-edk2-firmware/legacy/OVMF_CODE.secboot.fd usr/share/pve-edk2-firmware/OVMF_CODE.secboot.fd
+usr/share/pve-edk2-firmware/legacy/OVMF_VARS.fd usr/share/pve-edk2-firmware/OVMF_VARS.fd
+usr/share/pve-edk2-firmware/legacy/OVMF_VARS.ms.fd usr/share/pve-edk2-firmware/OVMF_VARS.ms.fd

debian/rules

@@ -27,9 +27,7 @@ COMMON_FLAGS += -DSECURE_BOOT_ENABLE=TRUE
 COMMON_FLAGS += -DTPM2_ENABLE=TRUE
 COMMON_FLAGS += -DPVSCSI_ENABLE=TRUE
 OVMF_COMMON_FLAGS = $(COMMON_FLAGS)
-OVMF_2M_FLAGS = $(OVMF_COMMON_FLAGS) -DFD_SIZE_2MB
 OVMF_4M_FLAGS = $(OVMF_COMMON_FLAGS) -DFD_SIZE_4MB
-OVMF_2M_SMM_FLAGS = $(OVMF_2M_FLAGS) -DSMM_REQUIRE=TRUE
 OVMF_4M_SMM_FLAGS = $(OVMF_4M_FLAGS) -DSMM_REQUIRE=TRUE
 OVMF32_4M_FLAGS = $(OVMF_COMMON_FLAGS) -DFD_SIZE_4MB
 OVMF32_4M_SMM_FLAGS =  $(OVMF32_4M_FLAGS) -DSMM_REQUIRE=TRUE
@@ -68,8 +66,8 @@ OVMF3264_BUILD_DIR = Build/Ovmf3264/$(BUILD_TYPE)_$(EDK2_TOOLCHAIN)
 OVMF_ENROLL = $(OVMF3264_BUILD_DIR)/X64/EnrollDefaultKeys.efi
 OVMF_SHELL =  $(OVMF3264_BUILD_DIR)/X64/Shell.efi
 OVMF_BINARIES = $(OVMF_ENROLL) $(OVMF_SHELL)
-OVMF_IMAGES := $(addprefix $(OVMF_INSTALL_DIR)/,OVMF_CODE.fd OVMF_CODE_4M.fd OVMF_CODE.secboot.fd OVMF_CODE_4M.secboot.fd OVMF_VARS.fd OVMF_VARS_4M.fd)
-OVMF_PREENROLLED_VARS := $(addprefix $(OVMF_INSTALL_DIR)/,OVMF_VARS.ms.fd OVMF_VARS_4M.ms.fd OVMF_VARS_4M.snakeoil.fd)
+OVMF_IMAGES := $(addprefix $(OVMF_INSTALL_DIR)/,OVMF_CODE_4M.fd OVMF_CODE_4M.secboot.fd OVMF_VARS_4M.fd)
+OVMF_PREENROLLED_VARS := $(addprefix $(OVMF_INSTALL_DIR)/,OVMF_VARS_4M.ms.fd OVMF_VARS_4M.snakeoil.fd)
 
 OVMF32_INSTALL_DIR = debian/ovmf32-install
 OVMF32_BUILD_DIR = Build/OvmfIa32/$(BUILD_TYPE)_$(EDK2_TOOLCHAIN)
@@ -106,15 +104,6 @@ build-ovmf: $(OVMF_BINARIES) $(OVMF_IMAGES) $(OVMF_PREENROLLED_VARS)
 $(OVMF_BINARIES) $(OVMF_IMAGES): debian/setup-build-stamp
 	rm -rf $(OVMF_INSTALL_DIR)
 	mkdir $(OVMF_INSTALL_DIR)
-	set -e; . ./edksetup.sh; \
-		build -a X64 \
-			-t $(EDK2_TOOLCHAIN) \
-			-p OvmfPkg/OvmfPkgX64.dsc \
-			$(PCD_OPTIONS) \
-			$(OVMF_2M_FLAGS) -b $(BUILD_TYPE)
-	cp $(OVMF_BUILD_DIR)/FV/OVMF_CODE.fd \
-		$(OVMF_BUILD_DIR)/FV/OVMF.fd $(OVMF_INSTALL_DIR)/
-	cp $(OVMF_BUILD_DIR)/FV/OVMF_VARS.fd $(OVMF_INSTALL_DIR)/
 	rm -rf Build/OvmfX64
 	set -e; . ./edksetup.sh; \
 		build -a IA32 -a X64 \
@@ -127,15 +116,6 @@ $(OVMF_BINARIES) $(OVMF_IMAGES): debian/setup-build-stamp
 	cp $(OVMF3264_BUILD_DIR)/FV/OVMF_VARS.fd \
 		$(OVMF_INSTALL_DIR)/OVMF_VARS_4M.fd
 	rm -rf Build/OvmfX64
-	set -e; . ./edksetup.sh; \
-		build -a X64 \
-			-t $(EDK2_TOOLCHAIN) \
-			-p OvmfPkg/OvmfPkgX64.dsc \
-			$(PCD_OPTIONS) \
-			$(OVMF_2M_SMM_FLAGS) -b $(BUILD_TYPE)
-	cp $(OVMF_BUILD_DIR)/FV/OVMF_CODE.fd \
-		$(OVMF_INSTALL_DIR)/OVMF_CODE.secboot.fd
-	rm -rf Build/OvmfX64
 	set -e; . ./edksetup.sh; \
 		build -a IA32 -a X64 \
 			-t $(EDK2_TOOLCHAIN) \

debian/source/include-binaries

@@ -1 +1,5 @@
 debian/Logo.bmp
+debian/legacy-2M-builds/OVMF_VARS.ms.fd
+debian/legacy-2M-builds/OVMF_VARS.fd
+debian/legacy-2M-builds/OVMF_CODE.secboot.fd
+debian/legacy-2M-builds/OVMF_CODE.fd