Skip to content

Add a new [DETECT] mode for DB that reuses an existing cert if present #39

Add a new [DETECT] mode for DB that reuses an existing cert if present

Add a new [DETECT] mode for DB that reuses an existing cert if present #39

Workflow file for this run

name: Linux (gcc with EDK2)
on:
workflow_dispatch:
branches: [main]
push:
branches: [main]
tags:
- '**'
pull_request:
branches: [main]
env:
BUILD_TYPE: RELEASE
COMPILER: GCC5
GCC5_ARM_PREFIX: arm-linux-gnueabi-
GCC5_AARCH64_PREFIX: aarch64-linux-gnu-
GCC5_RISCV64_PREFIX: riscv64-linux-gnu-
jobs:
build:
runs-on: ubuntu-latest
strategy:
matrix:
TARGET_TYPE: [ia32, x64, aa64, arm, riscv64]
include:
- TARGET_TYPE: x64
TARGET_ARCH: X64
TARGET_PKGS: nasm gcc-multilib
- TARGET_TYPE: ia32
TARGET_ARCH: IA32
TARGET_PKGS: nasm gcc-multilib
- TARGET_TYPE: aa64
TARGET_ARCH: AARCH64
TARGET_PKGS: gcc-aarch64-linux-gnu
- TARGET_TYPE: arm
TARGET_ARCH: ARM
TARGET_PKGS: gcc-arm-linux-gnueabi
- TARGET_TYPE: riscv64
TARGET_ARCH: RISCV64
TARGET_PKGS: gcc-riscv64-linux-gnu
steps:
- name: Check out repository
uses: actions/checkout@v4
with:
submodules: recursive
fetch-depth: 0
- name: Set version
id: set_version
run: echo "version=$(git describe --tags)" >> $GITHUB_OUTPUT
- name: Create version.h file
run: |
git update-index --skip-worktree src/version.h
echo '#define VERSION_STRING L"${{steps.set_version.outputs.version}}"' > src/version.h
- name: Set up Linux environment
run: |
sudo apt-get update
sudo apt-get -y --no-install-recommends install python3-distutils uuid-dev ${{ matrix.TARGET_PKGS }}
- name: Set up EDK2
run: |
# We must patch EDK2's OpenSSL module to be able to import/export certificates and keys
patch --binary -d edk2 -p1 -i ../Add-extra-PKCS-encoding-and-decoding-to-OpensslLibFull.patch
# And we must patch OpenSSL itself to fix ARM and RISCV64 compilation
patch -d edk2/CryptoPkg/Library/OpensslLib/openssl -p1 -i ../../../../../OpenSSL-submodule-fixes-for-ARM-compilation.patch
patch -d edk2/CryptoPkg/Library/OpensslLib/openssl -p1 -i ../../../../../OpenSSL-submodule-fixes-for-RISCV64-compilation.patch
make -C edk2/BaseTools
- name: Build UEFI application
run: |
export WORKSPACE=$PWD
export PACKAGES_PATH=$WORKSPACE:$WORKSPACE/edk2
source edk2/edksetup.sh
build -a ${{ matrix.TARGET_ARCH }} -b ${{ env.BUILD_TYPE }} -t ${{ env.COMPILER }} -p MosbyPkg.dsc
mv Build/${{ env.BUILD_TYPE }}_${{ env.COMPILER }}/${{ matrix.TARGET_ARCH }}/Mosby.efi Mosby_${{ matrix.TARGET_TYPE }}.efi
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.TARGET_TYPE }}
path: ./*.efi
- name: Display SHA-256
run: sha256sum ./*.efi
create-release:
runs-on: ubuntu-latest
permissions:
contents: write
if: startsWith(github.ref, 'refs/tags/')
needs: build
steps:
- name: Check out repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set version
id: set_version
run: echo "version=$(git describe --tags)" >> $GITHUB_OUTPUT
- name: Download artifacts
uses: actions/download-artifact@v4
- name: Download resources
run: |
curl --create-dirs -L https://go.microsoft.com/fwlink/?LinkId=321185 -o certs/kek_ms1.cer
curl --create-dirs -L https://go.microsoft.com/fwlink/?linkid=2239775 -o certs/kek_ms2.cer
curl --create-dirs -L https://go.microsoft.com/fwlink/?linkid=321192 -o certs/db_ms1.cer
curl --create-dirs -L https://go.microsoft.com/fwlink/?linkid=321194 -o certs/db_ms2.cer
curl --create-dirs -L https://go.microsoft.com/fwlink/?linkid=2239776 -o certs/db_ms3.cer
curl --create-dirs -L https://go.microsoft.com/fwlink/?linkid=2239872 -o certs/db_ms4.cer
curl --create-dirs -L https://uefi.org/sites/default/files/resources/x86_DBXUpdate.bin -o dbx/dbx_ia32.bin
curl --create-dirs -L https://uefi.org/sites/default/files/resources/x64_DBXUpdate.bin -o dbx/dbx_x64.bin
curl --create-dirs -L https://uefi.org/sites/default/files/resources/arm_DBXUpdate.bin -o dbx/dbx_arm.bin
curl --create-dirs -L https://uefi.org/sites/default/files/resources/arm64_DBXUpdate.bin -o dbx/dbx_aa64.bin
- name: Create release archive
run: 7z a -tzip -r Mosby_${{ steps.set_version.outputs.version }}.zip README.md ./image/MosbyList.txt certs/ dbx/ ./*/*.efi
- name: Create release
uses: softprops/action-gh-release@v2
with:
token: ${{secrets.GITHUB_TOKEN}}
name: Mosby ${{ steps.set_version.outputs.version }}
files: ./*.zip