safeboot: build a disk image for running under ovmf

boards/safeboot/safeboot.config

@@ -62,7 +62,7 @@ export CONFIG_BOOT_DEV="/dev/sda1"
 
 #borrowed from https://github.com/orangecms/webboot/blob/boot-via-qemu/run-webboot.sh
 TPMDIR=$(build)/$(BOARD)/vtpm
-run:
+run-coreboot:
 	@mkdir -p "$(TPMDIR)"
 	swtpm socket \
 		--tpm2 \
@@ -84,3 +84,50 @@ run:
 		-device tpm-tis,tpmdev=tpm0 \
 
 	stty sane
+
+$(build)/$(BOARD)/unified.efi: $(build)/$(BOARD)/bzImage $(build)/$(BOARD)/initrd.cpio.xz
+	echo "console=ttyS0 mode=linux" > "$(build)/$(BOARD)/cmdline.txt"
+
+	DIR=$(build)/$(safeboot_dir) $(build)/$(safeboot_dir)/sbin/safeboot \
+		unify-kernel \
+		"$@" \
+		linux="$(build)/$(BOARD)/bzImage" \
+		initrd="$(build)/$(BOARD)/initrd.cpio.xz" \
+		cmdline="$(build)/$(BOARD)/cmdline.txt" \
+
+$(build)/$(BOARD)/hda1.bin: $(build)/$(BOARD)/unified.efi
+	mkdir -p "$(build)/$(BOARD)/hda1/boot/EFI/BOOT"
+	cp "$<" "$(build)/$(BOARD)/hda1/boot/EFI/BOOT/BOOTX64.EFI"
+	$(build)/$(safeboot_dir)/sbin/mkfat \
+		"$(build)/$(BOARD)/hda1.bin" \
+		"$(build)/$(BOARD)/hda1/boot"
+
+$(build)/$(BOARD)/hda.bin: $(build)/$(BOARD)/hda1.bin
+	$(build)/$(safeboot_dir)/sbin/mkgpt \
+		"$@" \
+		"$<"
+
+
+run-ovmf: $(build)/$(BOARD)/hda.bin
+	@mkdir -p "$(TPMDIR)"
+	swtpm socket \
+		--tpm2 \
+		--tpmstate dir="$(TPMDIR)" \
+		--flags "startup-clear" \
+		--ctrl type=unixio,path="$(TPMDIR)/sock" &
+	sleep 0.5
+
+	-qemu-system-x86_64 \
+		--machine q35 \
+		-m 4G \
+		--serial /dev/tty \
+		--bios "/usr/share/ovmf/OVMF.fd" \
+		-object rng-random,filename=/dev/urandom,id=rng0 \
+		-device virtio-rng-pci,rng=rng0 \
+		-netdev user,id=u1 -device e1000,netdev=u1 \
+		-chardev socket,id=chrtpm,path="$(TPMDIR)/sock" \
+		-tpmdev emulator,id=tpm0,chardev=chrtpm \
+		-device tpm-tis,tpmdev=tpm0 \
+		-drive "file=$<,format=raw" \
+
+	stty sane