proxmox-mirrors/pve-edk2-firmware
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-edk2-firmware synced 2025-08-13 20:49:06 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
master
pve-edk2-firmware/debian
History
Thomas Lamprecht d6146dd6df bump version to 4.2025.02-3 
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2025-04-03 18:17:22 +02:00
..
legacy-2M-builds handle dropping support for building 2MB-sized firmware images 2023-11-19 14:29:16 +01:00
patches add patch to revert addition of EFI memory attributes protocol for x86_64 2025-03-27 16:50:29 +01:00
python/UEFI update submodule, patches and buildsys to 2023.08 2023-11-19 14:29:16 +01:00
source lintian: update overrides for source package 2025-03-05 17:21:42 +01:00
tests update submodule, patches and buildsys to 2023.08 2023-11-19 14:29:16 +01:00
binary-check.allow update submodule, patches and buildsys to 2023.08 2023-11-19 14:29:16 +01:00
binary-check.remove Update edk2 to edkstable202411 2025-03-05 17:21:42 +01:00
changelog bump version to 4.2025.02-3 2025-04-03 18:17:22 +02:00
clean debian: update build and packaging from Debian upstream 2021-10-05 14:11:09 +02:00
control d/control: add missing build-dep 2023-12-12 12:22:07 +01:00
copyright d/copyright: update 2025-03-05 17:21:42 +01:00
edk2-vars-generator.py update submodule, patches and buildsys to 2023.08 2023-11-19 14:29:16 +01:00
find-binaries.py update submodule, patches and buildsys to 2023.08 2023-11-19 14:29:16 +01:00
gbp.conf debian: update build and packaging from Debian upstream 2021-10-05 14:11:09 +02:00
Logo.bmp Initial import 2018-03-22 08:26:15 +01:00
PkKek-1-Debian.pem debian: update build and packaging from Debian upstream 2021-10-05 14:11:09 +02:00
PkKek-1-snakeoil.key debian: update build and packaging from Debian upstream 2021-10-05 14:11:09 +02:00
PkKek-1-snakeoil.pem debian: update build and packaging from Debian upstream 2021-10-05 14:11:09 +02:00
PkKek-1-Ubuntu.pem debian: update build and packaging from Debian upstream 2021-10-05 14:11:09 +02:00
PkKek-1.README debian: update build and packaging from Debian upstream 2021-10-05 14:11:09 +02:00
pve-edk2-firmware-aarch64.install split out AARCH64 files into separate package 2023-11-19 14:29:16 +01:00
pve-edk2-firmware-legacy.install handle dropping support for building 2MB-sized firmware images 2023-11-19 14:29:16 +01:00
pve-edk2-firmware-legacy.links handle dropping support for building 2MB-sized firmware images 2023-11-19 14:29:16 +01:00
pve-edk2-firmware-ovmf.install Add OVMF targets for AMD SEV-ES and SEV-SNP 2025-04-03 18:17:17 +02:00
pve-edk2-firmware-riscv.install build RISC-V images and ship as separate package 2023-11-19 14:29:16 +01:00
README.Proxmox-VE handle dropping support for building 2MB-sized firmware images 2023-11-19 14:29:16 +01:00
remove-binaries.py debian: backport packaging improvements 2022-07-19 13:46:18 +02:00
rules Add OVMF targets for AMD SEV-ES and SEV-SNP 2025-04-03 18:17:17 +02:00
watch debian: update build and packaging from Debian upstream 2021-10-05 14:11:09 +02:00

README.Proxmox-VE 

The OVMF_CODE*.fd files provide UEFI firmware for a QEMU guest that is
intended to be read-only. The OVMF_VARS*.fd files provide UEFI variable
template images which are intended to be read-write, and therefore each
guest should be given its own copy. Here's an overview of each of them:

OVMF_CODE_4M.fd
  Use this for booting guests in non-Secure Boot mode. While this image
  technically supports Secure Boot, it does so without requiring SMM
  support from QEMU, so it is less secure. Use the OVMF_VARS.fd template
  with this.

OVMF_CODE_4M.secboot.fd
  Like OVMF_CODE_4M.fd, but will abort if QEMU does not support SMM.
  Use this for guests for which you may enable Secure Boot. If you specify
  this image, you'll get a guest that is Secure Boot-*capable*, but has
  Secure Boot disabled. To enable it, you'll need to manually import
  PK/KEK/DB keys and activate Secure Boot from the UEFI setup menu.

OVMF_VARS_4M.fd
  This is an empty variable store template, which means it has no
  built-in Secure Boot keys and Secure Boot is disabled. You can use
  it with any OVMF_CODE image, but keep in mind that if you want to
  boot in Secure Boot mode, you will have to enable it manually.

OVMF_VARS_4M.ms.fd
  This template has distribution-specific PK and KEK1 keys, and
  the default Microsoft keys in KEK/DB. It also has Secure Boot
  already activated. Using this with OVMF_CODE.ms.fd will boot a
  guest directly in Secure Boot mode.

OVMF32_CODE_4M.secboot.fd
OVMF32_VARS_4M.fd
  These images are the same as their "OVMF" variants, but for 32-bit guests.

OVMF_CODE.fd
OVMF_CODE.ms.fd
OVMF_CODE.secboot.fd
OVMF_VARS.fd
OVMF_VARS.ms.fd
  These images are the same as their "4M" variants, but for use with guests
  using a 2MB flash device. 2MB flash is no longer considered sufficient for
  use with Secure Boot. This is provided only for backwards compatibility.
  NOTE: As 2MB support was removed with 2023.08 release, we now ship them as
  static builds from our last release before that (2023.02)

OVMF_CODE_4M.snakeoil.fd
OVMF_VARS_4M.snakeoil.fd
  This image is **for testing purposes only**. It includes an insecure
  "snakeoil" key in PK, KEK & DB. The private key and cert are also
  shipped in this package as well, so that testers can easily sign
  binaries that will be considered valid.

PkKek-1-snakeoil.key
PkKek-1-snakeoil.pem
  The private key and certificate for the snakeoil key. Use these
  to sign binaries that can be verified by the key in the
  OVMF_VARS.snakeoil.fd template. The password for the key is
  'snakeoil'.

 -- dann frazier <dannf@debian.org>, Thu, 30 Sep 2021 10:33:08 -0600

The AAVMF_CODE*.fd files provide UEFI firmware for a QEMU guest that is
intended to be read-only. The AAVMF_VARS*.fd files provide UEFI variable
template images which are intended to be read-write, and therefore each
guest should be given its own copy. Here's an overview of each of them:

AAVMF_CODE.fd
  Use this for booting guests in non-Secure Boot mode. While this image
  technically supports Secure Boot, it does so without requiring SMM
  support from QEMU, so it is less secure. Use the OVMF_VARS.fd template
  with this.

AAVMF_CODE.ms.fd
  This is a symlink to AAVMF_CODE.fd. It is useful in the context of libvirt
  because the included JSON firmware descriptors will tell libvirt to pair
  AAVMF_VARS.ms.fd with it, which has Secure Boot pre-enabled.

AAVMF_VARS.fd
  This is an empty variable store template, which means it has no
  built-in Secure Boot keys and Secure Boot is disabled. You can use
  it with any AAVMF_CODE image, but keep in mind that if you want to
  boot in Secure Boot mode, you will have to enable it manually.

AAVMF_VARS.ms.fd
  This template has distribution-specific PK and KEK1 keys, and
  the default Microsoft keys in KEK/DB. It also has Secure Boot
  already activated. Using this with OVMF_CODE.ms.fd will boot a
  guest directly in Secure Boot mode.

AAVMF_CODE.snakeoil.fd
AAVMF_VARS.snakeoil.fd
  This image is **for testing purposes only**. It includes an insecure
  "snakeoil" key in PK, KEK & DB. The private key and cert are also
  shipped in this package as well, so that testers can easily sign
  binaries that will be considered valid.

PkKek-1-snakeoil.key
PkKek-1-snakeoil.pem
  The private key and certificate for the snakeoil key. Use these
  to sign binaries that can be verified by the key in the
  OVMF_VARS.snakeoil.fd template. The password for the key is
  'snakeoil'.

 -- Proxmox Support Team <support@proxmox.com>, dann frazier <dannf@debian.org>, Fri,  4 Feb 2022 17:01:31 -0700