From dd7299d459e1f56b9f9e5992d9e30eef0f08fcaa Mon Sep 17 00:00:00 2001
From: Nikita Korolev <nikita.korolev@flant.com>
Date: Fri, 17 Jan 2025 00:59:22 +0300
Subject: [PATCH] minimize script output

Signed-off-by: Nikita Korolev <nikita.korolev@flant.com>
---
 images/virt-firmware-artifact/build.sh      | 40 +++++++++++++++++++--
 images/virt-firmware-artifact/werf.inc.yaml |  2 +-
 images/virt-launcher/werf.inc.yaml          |  1 +
 3 files changed, 39 insertions(+), 4 deletions(-)

diff --git a/images/virt-firmware-artifact/build.sh b/images/virt-firmware-artifact/build.sh
index af9f03a58d..9b78d50806 100755
--- a/images/virt-firmware-artifact/build.sh
+++ b/images/virt-firmware-artifact/build.sh
@@ -16,10 +16,10 @@
 
 # set -e
 
-versionEdk2=stable202411
-gitRepoName=edk2
+versionEdk2="stable202411"
+gitRepoName="edk2"
 EDK2_DIR="/${gitRepoName}-${versionEdk2}"
-FIRMWARE=/FIRMWARE
+FIRMWARE="/FIRMWARE"
 
 cp -f Logo.bmp $EDK2_DIR/MdeModulePkg/Logo/
 cd $EDK2_DIR
@@ -37,6 +37,13 @@ download_DBXUpdate() {
     curl -L $UEFI_BIN_URL_BASE/x64_DBXUpdate_$DBXDATE.bin -o $dst_dir/DBXUpdate-$DBXDATE.x64.bin
 }
 
+echo_dbg() {
+  local str=$1
+  echo ""
+  echo "===$str==="
+  echo ""
+}
+
 # compiler
 CC_FLAGS="-t GCC5"
 CC_FLAGS="${CC_FLAGS} -b RELEASE"
@@ -97,31 +104,40 @@ build_iso() {
 
 # Build with neither SB nor SMM; include UEFI shell.
 # mkdir -p OVMF
+echo_dbg "build ${OVMF_2M_FLAGS} -a X64 -p OvmfPkg/OvmfPkgX64.dsc"
 build ${OVMF_2M_FLAGS} -a X64 -p OvmfPkg/OvmfPkgX64.dsc
 cp -p Build/OvmfX64/*/FV/OVMF_CODE.fd $FIRMWARE/OVMF_CODE.fd
 cp -p Build/OvmfX64/*/FV/OVMF_VARS.fd $FIRMWARE/OVMF_VARS.fd
 
 # Build 4MB with neither SB nor SMM; include UEFI shell.
+echo_dbg "build ${OVMF_4M_FLAGS} -a X64 -p OvmfPkg/OvmfPkgX64.dsc"
 build ${OVMF_4M_FLAGS} -a X64 -p OvmfPkg/OvmfPkgX64.dsc
 cp -p Build/OvmfX64/*/FV/OVMF_CODE.fd $FIRMWARE/OVMF_CODE_4M.fd
 cp -p Build/OvmfX64/*/FV/OVMF_VARS.fd $FIRMWARE/OVMF_VARS_4M.fd
 
 # Build with SB and SMM; exclude UEFI shell.
+echo_dbg "build ${OVMF_2M_FLAGS} ${OVMF_SB_FLAGS} -a X64 -p OvmfPkg/OvmfPkgX64.dsc"
 build ${OVMF_2M_FLAGS} ${OVMF_SB_FLAGS} -a X64 -p OvmfPkg/OvmfPkgX64.dsc
 cp -p Build/OvmfX64/*/FV/OVMF_CODE.fd $FIRMWARE/OVMF_CODE.secboot.fd
 
 # Build 4MB with SB and SMM; exclude UEFI shell.
+echo_dbg "build ${OVMF_4M_FLAGS} ${OVMF_SB_FLAGS} -a X64 -p OvmfPkg/OvmfPkgX64.dsc"
 build ${OVMF_4M_FLAGS} ${OVMF_SB_FLAGS} -a X64 -p OvmfPkg/OvmfPkgX64.dsc
 cp -p Build/OvmfX64/*/FV/OVMF_CODE.fd $FIRMWARE/OVMF_CODE_4M.secboot.fd
 
 # Build AmdSev and IntelTdx variants
 touch OvmfPkg/AmdSev/Grub/grub.efi   # dummy
+
+echo_dbg "build ${OVMF_2M_FLAGS} -a X64 -p OvmfPkg/AmdSev/AmdSevX64.dsc"
 build ${OVMF_2M_FLAGS} -a X64 -p OvmfPkg/AmdSev/AmdSevX64.dsc
 cp -p Build/AmdSev/*/FV/OVMF.fd $FIRMWARE/OVMF.amdsev.fd
+
+echo_dbg "build ${OVMF_2M_FLAGS} -a X64 -p OvmfPkg/IntelTdx/IntelTdxX64.dsc"
 build ${OVMF_2M_FLAGS} -a X64 -p OvmfPkg/IntelTdx/IntelTdxX64.dsc
 cp -p Build/IntelTdx/*/FV/OVMF.fd $FIRMWARE/OVMF.inteltdx.fd
 
 # build shell
+echo_dbg "build shell"
 build ${OVMF_2M_FLAGS} -a X64 -p ShellPkg/ShellPkg.dsc
 build ${OVMF_2M_FLAGS} -a IA32 -p ShellPkg/ShellPkg.dsc
 
@@ -133,10 +149,28 @@ cp -p Build/OvmfX64/*/X64/EnrollDefaultKeys.efi $FIRMWARE/
 build_iso $FIRMWARE
 download_DBXUpdate
 
+enroll() {
+  virt-fw-vars --input   OVMF/OVMF_VARS.fd \
+              --output  OVMF/OVMF_VARS.secboot.fd \
+              --set-dbx DBXUpdate-%DBXDATE.x64.bin \
+              --secure-boot --enroll-altlinux --distro-keys altlinux
+
+  virt-fw-vars --input   OVMF/OVMF_VARS_4M.fd \
+              --output  OVMF/OVMF_VARS_4M.secboot.fd \
+              --set-dbx DBXUpdate-%DBXDATE.x64.bin \
+              --secure-boot --enroll-altlinux --distro-keys altlinux
+
+  virt-fw-vars --input   OVMF/OVMF.inteltdx.fd \
+              --output  OVMF/OVMF.inteltdx.secboot.fd \
+              --set-dbx DBXUpdate-%DBXDATE.x64.bin \
+              --secure-boot --enroll-altlinux --distro-keys altlinux
+}
+
 cp -p $FIRMWARE/OVMF_VARS.fd $FIRMWARE/OVMF_VARS.secboot.fd
 cp -p $FIRMWARE/OVMF_VARS_4M.fd $FIRMWARE/OVMF_VARS_4M.secboot.fd
 cp -p $FIRMWARE/OVMF.inteltdx.fd $FIRMWARE/OVMF.inteltdx.secboot.fd
 
 # build microvm
+echo_dbg "build ${OVMF_2M_FLAGS} -a X64 -p OvmfPkg/Microvm/MicrovmX64.dsc"
 build ${OVMF_2M_FLAGS} -a X64 -p OvmfPkg/Microvm/MicrovmX64.dsc
 cp -p Build/MicrovmX64/*/FV/MICROVM.fd $FIRMWARE
diff --git a/images/virt-firmware-artifact/werf.inc.yaml b/images/virt-firmware-artifact/werf.inc.yaml
index da8a146569..bbfdda11c4 100644
--- a/images/virt-firmware-artifact/werf.inc.yaml
+++ b/images/virt-firmware-artifact/werf.inc.yaml
@@ -65,6 +65,6 @@ shell:
     # mkdir -p /FIRMWARE
   setup:
   - |
-    /build.sh
+    /build.sh 2>&1 > /dev/null
 
     ls -lah /FIRMWARE
diff --git a/images/virt-launcher/werf.inc.yaml b/images/virt-launcher/werf.inc.yaml
index 0a0e48f5c1..2700d3f7c7 100644
--- a/images/virt-launcher/werf.inc.yaml
+++ b/images/virt-launcher/werf.inc.yaml
@@ -158,6 +158,7 @@ shell:
 */}}
   - |
     # Link to dir OVMF
+    mkdir -p /usr/share/edk2
     ln -s /usr/share/OVMF /usr/share/edk2/ovmf
     ln -s /usr/share/OVMF/OVMF_CODE.fd /usr/share/OVMF/OVMF_CODE.cc.fd