Build Your Own OVMF Firmware for Qemu VM

By David Xiao

July 24, 2022

Overall Reference

https://wiki.ubuntu.com/UEFI/EDK2

My Environment

Hypervisor OS: Ubuntu 20.04 LTS

Kernel: 5.4

QEMU: 6.1

Guest OS Type: pc-q35-6.1

Before You Start

It does not seem to support zsh and oh-my-zsh, if you are using those as default shell like me, please first run bash and then rest of the commands in this guide.
If your nasm version is less than 2.15.05 it may have some compatibility issue per this. To install nasm_2.15.05 as a separate package on Ubuntu, the .deb file can be downloaded from here. Install it via sudo dpkg -i nasm_2.15.05-1_amd64.deb https://github.com/tianocore/edk2/blob/master/BaseTools/Bin/nasm_ext_dep.yaml

Prepare the Build Environment

sudo apt install build-essential git uuid-dev iasl nasm ;
# check nasm version and do necessary steps in the Caution section above
git clone --depth 1 "https://github.com/tianocore/edk2.git" -b "edk2-stable202205" ;
cd edk2 ;
git submodule update --init --recursive ; # Important! This retrieves all the submodules needed
make -C BaseTools ;
. edksetup.sh #make sure to include the dot

Make Changes for Config

Presuming you are running X64 just like me, the target.txt file needs to be changed a bit. See below.

$ vi Conf/target.txt

Replace it with

ACTIVE_PLATFORM = OvmfPkg/OvmfPkgX64.dsc

Replace it with

TOOL_CHAIN_TAG = GCC5

Replace it with ‘X64’ for 64bit

TARGET_ARCH = X64

Build the Ovmf Firmware

Simply run build The firmware files are located in the Build/OvmfX64/RELEASE_GCC5/FV/ folder.

Build the firmware with Secure Boot support

If you wish to build OVMF with Secure Boot - this could be helpful especially if you plan to install Windows as your guest OS, you need to follow the openssl installation instructions found in OpenSSL-HOWTO.txt, and build with the SECURE_BOOT_ENABLE option: $ build -DSECURE_BOOT_ENABLE=TRUE

Post Build

Manually copy the output files:

sudo cp Build/OvmfX64/RELEASE_GCC5/FV/OVMF_CODE.fd  /usr/share/OVMF/OVMF_CODE.secboot.202207.fd ;
sudo cp Build/OvmfX64/RELEASE_GCC5/FV/OVMF_VARS.fd  /usr/share/OVMF/OVMF_VARS.secboot.202207.fd ;

Then, make necessary changes in the VM definition file. I’m using virsh for VM management, so I’m using the following command to edit my win10 VM. When it’s complete, the section of the VM xml would look like this:

  <os>
    <type arch='x86_64' machine='pc-q35-6.1'>hvm</type>
    <loader readonly='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE.secboot.202207.fd</loader>
    <nvram>/usr/share/OVMF/OVMF_VARS.secboot.202207.fd</nvram>
  </os>