Bug#1055987: ITP: virt-firmware -- Tools for manipulating edk2 (ovmf/qemu-efi) firmware images
Package: wnpp
Severity: wishlist
Owner: dann frazier <dannf@debian.org>
X-Debbugs-Cc: debian-devel@lists.debian.org
* Package name : virt-firmware
Version : 23.10
Upstream Contact: Gerd Hoffmann <kraxel@redhat.com>
* URL : https://gitlab.com/kraxel/virt-firmware
* License : GPL-2+
Programming Lang: Python
Description : Tools for manipulating edk2 (ovmf/qemu-efi) firmware images
This is a collection of tools for edk2 firmware images. They support
decoding and printing the content of firmware volumes. Variable stores
(e.g. OVMF_VARS.fd) can be modified, for example to enroll secure boot
certificates. Tools included:
virt-fw-dump - Decodes and prints the content of firmware volumes.
virt-fw-vars - Print and edit variable store volumes. Currently focused on
enrolling certificates and enabling secure boot.
virt-fw-sigdb - Print and edit EFI signature database files.
host-efi-vars - Read efi variables from linux efivarfs and decode/print them.
kernel-bootcfg - Manage efi boot configuration for UKIs (unified kernel
images) when using direct boot (without boot loader like
grub or systemd-boot).
pe-dumpinfo - Information dump for pe (the format used by EFI) binaries.
pe-listsigs - List signatures and certificate chain for pe binaries. Can also
extract certificates & signatures.
My immediate motivation for packaging this is that, as the maintainer of
the edk2 package, I need to remove some deprecated image types - specifically
the OVMF 2M images. These utilities can help users migrate their VMs to
supported types by dumping/loading the variable stores.
In the future, I expect edk2 packaging to evolve into using these tools
to modify images out-of-band, instead of launching QEMU instances to
modify them in-band as part of the build.
Reply to: