microsoft · Sumynwa · Apr 28, 2026 · May 6, 2026
@@ -11,7 +11,7 @@
 Summary:        Signed HvLoader.efi for %{buildarch} systems
 Name:           edk2-hvloader-signed-%{buildarch}
 Version:        %{GITDATE}git%{GITCOMMIT}
-Release:        16%{?dist}
+Release:        17%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -74,6 +74,9 @@ popd
 /boot/efi/HvLoader.efi
 
 %changelog
+* Wed May 06 2026 Sumedh Sharma <sumsharma@microsoft.com> - 20240524git3e722403cd16-17
+- Bump release for consistency with edk2 spec.
+
 * Wed Apr 22 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 20240524git3e722403cd16-16
 - Bump release for consistency with edk2 spec.
 

@@ -0,0 +1,38 @@
+From 84e7054790d128c7c9b2dd9d8059ccf54066c70c Mon Sep 17 00:00:00 2001
+From: Mike Beaton <mjsbeaton@gmail.com>
+Date: Thu, 11 Dec 2025 19:36:43 +0000
+Subject: [PATCH] ArmVirtPkg: Increase firmware size
+
+Although almost all tool chain plus package combinations currently stay
+under the 2MB firmware size, except for NOOPT builds, ArmVirtQemu DEBUG
+built with CLANGDWARF now sneaks over.
+
+Noting that images will be padded to 64MB for before use anyway, we now
+choose 3MB as the default for all. But keep the 2MB vs. 3MB code which
+checks FD_SIZE_IN_MB, in this and other files, available for reference
+the next time a size change is needed.
+
+Signed-off-by: Mike Beaton <mjsbeaton@gmail.com>
+---
+ ArmVirtPkg/ArmVirt.dsc.inc | 7 ++-----
+ 1 file changed, 2 insertions(+), 5 deletions(-)
+
+diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
+index 7044790..30aa81c 100644
+--- a/ArmVirtPkg/ArmVirt.dsc.inc
++++ b/ArmVirtPkg/ArmVirt.dsc.inc
+@@ -11,11 +11,8 @@
+ [Defines]
+   DEFINE DEBUG_PRINT_ERROR_LEVEL = 0x8000004F
+
+-!if $(TARGET) != NOOPT
+-  DEFINE FD_SIZE_IN_MB    = 2
+-!else
+-  DEFINE FD_SIZE_IN_MB    = 3
+-!endif
++# Various builds now exceed 2MB so choose 3MB as the default.
++DEFINE FD_SIZE_IN_MB    = 3
+
+ !if $(FD_SIZE_IN_MB) == 2
+   DEFINE FD_SIZE          = 0x200000
+-- 
@@ -241,21 +241,6 @@ dest = Fedora/ovmf-ia32
 cpy1 = FV/OVMF_CODE.fd OVMF_CODE.secboot.fd
 cpy2 = IA32/EnrollDefaultKeys.efi
 
-[build.armvirt.arm]
-desc = ArmVirt build for qemu, 32-bit (arm v7)
-conf = ArmVirtPkg/ArmVirtQemu.dsc
-arch = ARM
-opts = ovmf.common
-pcds = nx.broken.shim.grub
-plat = ArmVirtQemu-ARM
-dest = Fedora/arm
-cpy1 = FV/QEMU_EFI.fd
-cpy2 = FV/QEMU_VARS.fd
-cpy3 = FV/QEMU_EFI.fd  QEMU_EFI-pflash.raw
-cpy4 = FV/QEMU_VARS.fd vars-template-pflash.raw
-pad3 = QEMU_EFI-pflash.raw      64m
-pad4 = vars-template-pflash.raw 64m
-
 
 #####################################################################
 # experimental builds

@@ -7,7 +7,6 @@
   "40-edk2-ovmf-ia32-sb.json": "de562405d0f9a9400eb58239e10753455216196dface2631858bcf1a3c886ac7",
   "41-edk2-ovmf-2m-raw-x64-sb.json": "c9c505b6308af28f29c16b4108f7f295408f975a47c94fb7aef523cb2a999d8e",
   "50-edk2-aarch64-qcow2.json": "a62d1c8b3801a33d670863fd4824252f65b93b64af8e5fd8908e6e09d8d5db99",
-  "50-edk2-arm-verbose.json": "8805fce3e313705b7b43be6f2601776871c35bac0914fa05c34d09c929044253",
   "50-edk2-loongarch64.json": "733d208b45c1d15cb96273f9eb405adb91876d64306c6ad791351f6861b85053",
   "50-edk2-ovmf-4m-qcow2-x64-nosb.json": "a97c1339a837d106ccb25132a68cdeaf13f2b7cff3d4c7411ce4457e75b68278",
   "50-edk2-ovmf-ia32-nosb.json": "b360162bd55df3b1cb4bfa8d0b7c2b46a7c7b492aabf6d0d57c3dbf3d8c7fd10",
@@ -23,7 +22,7 @@
   "DBXUpdate-20230509.x64.bin": "3e56c3d9e5b12edbd9e4006413d87fba099de1eba33d2bea566e742166cb366a",
   "README.experimental": "71ce0b179d0e1325723cc444e45f7eeb67cce4cc1b336f3c5f586de16a6a78fd",
   "edk2-3e722403cd16.tar.xz": "7ec671f04a183fb0e7f70bba008e8f66e60b44e1709b7bacd293ddb9196f4456",
-  "edk2-build.fedora": "0c8ed554f434a4b392620cec4e47af5b2ec5288542337216be849b5f7ac93329",
+  "edk2-build.fedora": "03475abf4448b180e613038cbfe8fca5af6be60a661c7b16a44f9cac2626b6dc",
   "edk2-build.fedora.platforms": "a4c1c1b34917b451a7f2386bfc053a980e62316b2bbdece1e024d2633d2356c7",
   "edk2-build.py": "b4be60833465d372662ac4f1f89f40b9c65d59fb17f7716059f980503069ddb7",
   "edk2-build.rhel-9": "477723037cadf03fa15756de563995cc556ccf84d9a4ba059ea37c97c3a0e3e7",
@@ -32,7 +31,6 @@
   "hvloader-target.txt": "fcf4f427d3b80e67296be2a1d17ec124d65f673d4f6ea37d238f8d3fc1ddc4b8",
   "jansson-2.13.1.tar.bz2": "ee90a0f879d2b7b7159124ff22b937a2a9a8c36d3bb65d1da7dd3f04370a10bd",
   "openssl-rhel-db0287935122edceb91dcda8dfb53b4090734e22.tar.xz": "9fcc5b49513d6ae21c7ddc3d1bbb1f8973cfbe76f2392d10106a8cd435e3eb47",
-  "ovmf-whitepaper-c770f8c.txt": "842518adadaa837914dbb13a6628002fb7f7acca107c6d6f41815b399dc9f8b8",
-  "softfloat-20180726-gitb64af41.tar.xz": "c7f2172357ca3022621b9464fd92bf2b462256bda3e019bf9a669fa6b5aeea91"
+  "ovmf-whitepaper-c770f8c.txt": "842518adadaa837914dbb13a6628002fb7f7acca107c6d6f41815b399dc9f8b8"
  }
-}
+}
@@ -1,5 +1,4 @@
 %bcond_without experimental
-%bcond_with arm
 
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -25,7 +24,6 @@ Distribution:   Azure Linux
 # Can't build aarch64 due to a dependency on "nasm", which doesn't
 # officially support the ARM64 architecture. See here:
 # https://github.com/netwide-assembler/nasm/pull/3
-ExclusiveArch: x86_64
 
 # edk2-stable202402
 %define GITDATE        20240524
@@ -42,20 +40,29 @@ ExclusiveArch: x86_64
 %define HVLOADER_VER    1.0.1
 %define HVLOADER_COMMIT 286f1c642ed624af2c7840fbca7923497891fe68
 
+%define edk2_arch X64
+%ifarch aarch64
+%define edk2_arch AARCH64
+%endif
+
 %define build_ovmf 1
-%define build_aarch64 0
+%ifarch aarch64
+%define build_ovmf 0
+%endif
+%define build_aarch64 1
 %define build_riscv64 0
 
 # Undefine this to get *HUGE* (50MB+) verbose build logs
 %define silent --silent
- 
+
 %global softfloat_version 20180726-gitb64af41
+
 %define disable_werror 1
 
 
 Name:       edk2
 Version:    %{GITDATE}git%{GITCOMMIT}
-Release:    16%{?dist}
+Release:    17%{?dist}
 Summary:    UEFI firmware for 64-bit virtual machines
 License:    Apache-2.0 AND (BSD-2-Clause OR GPL-2.0-or-later) AND BSD-2-Clause-Patent AND BSD-3-Clause AND BSD-4-Clause AND ISC AND MIT AND LicenseRef-Fedora-Public-Domain
 URL:        https://www.tianocore.org
@@ -67,21 +74,18 @@ URL:        https://www.tianocore.org
 Source0: https://src.fedoraproject.org/repo/pkgs/edk2/edk2-%{GITCOMMIT}.tar.xz/sha512/58550636ea26810a0184423765db24e43319a0cc5e38dfd5fbd7f09b5f6e1c2d2b9e1e33112a3b721e05c7f088dbfd8a2ddd4a73d833c3019a16101ef1d0342a/edk2-%{GITCOMMIT}.tar.xz
 Source1: ovmf-whitepaper-c770f8c.txt
 Source2: openssl-rhel-%{OPENSSL_COMMIT}.tar.xz
-Source3: softfloat-%{softfloat_version}.tar.xz
-Source4: edk2-platforms-%{PLATFORMS_COMMIT}.tar.xz
-Source5: jansson-2.13.1.tar.bz2
-Source6: README.experimental
-Source7: hvloader-%{HVLOADER_COMMIT}.tar.gz
-Source8: hvloader-target.txt
+Source3: edk2-platforms-%{PLATFORMS_COMMIT}.tar.xz
+Source4: jansson-2.13.1.tar.bz2
+Source5: README.experimental
+Source6: hvloader-%{HVLOADER_COMMIT}.tar.gz
+Source7: hvloader-target.txt
 
 # json description files
 Source10: 50-edk2-aarch64-qcow2.json
 Source11: 51-edk2-aarch64-raw.json
 Source12: 52-edk2-aarch64-verbose-qcow2.json
 Source13: 53-edk2-aarch64-verbose-raw.json
 
-Source20: 50-edk2-arm-verbose.json
-
 Source30: 30-edk2-ovmf-ia32-sb-enrolled.json
 Source31: 40-edk2-ovmf-ia32-sb.json
 Source32: 50-edk2-ovmf-ia32-nosb.json
@@ -131,6 +135,7 @@ Patch0018: 0018-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flo.patch
 Patch0019: 0019-NetworkPkg-DxeNetLib-adjust-PseudoRandom-error-loggi.patch
 Patch0020: CVE-2024-38796.patch
 Patch0021: CVE-2025-2296.patch
+Patch0022: ArmVirtPkg_Increase_firmware_size.patch
 
 # Patches for the vendored OpenSSL are in the range from 1000 to 1999 (inclusive).
 Patch1000: CVE-2022-3996.patch
@@ -149,8 +154,6 @@ Patch1012: CVE-2025-69420.patch
 Patch1013: CVE-2025-69421.patch
 Patch1014: CVE-2026-22796.patch
 Patch1015: CVE-2025-69419.patch
-Patch1016: CVE-2026-28389.patch
-Patch1017: CVE-2026-28390.patch
 
 # python3-devel and libuuid-devel are required for building tools.
 # python3-devel is also needed for varstore template generation and
@@ -190,6 +193,11 @@ BuildRequires:  python3-pefile
 # endif build_ovmf
 %endif
 
+%ifarch x86_64
+%if %{build_aarch64}
+BuildRequires:  gcc-aarch64-linux-gnu
+%endif
+%endif
 
 %package ovmf
 Summary:    UEFI firmware for x86_64 virtual machines
@@ -217,6 +225,7 @@ and KVM.
 %package aarch64
 Summary:    UEFI firmware for aarch64 virtual machines
 BuildArch:  noarch
+BuildRequires:  python3-virt-firmware >= 24.2
 Provides:   AAVMF = %{version}-%{release}
 Obsoletes:  AAVMF < 20180508-100.gitee3198e672e2.el7
 
@@ -289,16 +298,6 @@ EFI Development Kit II
 Open Virtual Machine Firmware (experimental builds)
 %endif
 
-%if %{with arm}
-%package arm
-Summary:        ARM Virtual Machine Firmware
-BuildArch:      noarch
-License:        Apache-2.0 AND (BSD-2-Clause OR GPL-2.0-or-later) AND BSD-2-Clause-Patent AND BSD-3-Clause AND BSD-4-Clause AND ISC AND LicenseRef-Fedora-Public-Domain
-%description arm
-EFI Development Kit II
-ARMv7 UEFI Firmware
-%endif
-
 %if %{build_riscv64}
 %package riscv64
 Summary:        RISC-V Virtual Machine Firmware
@@ -371,10 +370,9 @@ git commit -m 'add vendored openssl'
 cp -a -- %{SOURCE1} .
 
 # extract softfloat into place
-tar -xf %{SOURCE3} --strip-components=1 --directory ArmPkg/Library/ArmSoftFloatLib/berkeley-softfloat-3/
-tar -xf %{SOURCE4} --strip-components=1 --wildcards "*/Drivers" "*/Features" "*/Platform" "*/Silicon"
+tar -xf %{SOURCE3} --strip-components=1 --wildcards "*/Drivers" "*/Features" "*/Platform" "*/Silicon"
 mkdir -p RedfishPkg/Library/JsonLib/jansson
-tar -xf %{SOURCE5} --strip-components=1 --directory RedfishPkg/Library/JsonLib/jansson
+tar -xf %{SOURCE4} --strip-components=1 --directory RedfishPkg/Library/JsonLib/jansson
 
 # include paths pointing to unused submodules
 mkdir -p MdePkg/Library/MipiSysTLib/mipisyst/library/include
@@ -387,9 +385,8 @@ mkdir -p SecurityPkg/DeviceSecurity/SpdmLib/libspdm/include
 chmod -Rf a+rX,u+w,g-w,o-w .
 
 cp -a -- \
-   %{SOURCE6} \
+   %{SOURCE5} \
    %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} \
-   %{SOURCE20} \
    %{SOURCE30} %{SOURCE31} %{SOURCE32} \
    %{SOURCE40} %{SOURCE41} %{SOURCE42} %{SOURCE43} %{SOURCE44} \
    %{SOURCE45} %{SOURCE46} %{SOURCE47} %{SOURCE48} \
@@ -400,7 +397,7 @@ cp -a -- \
    .
 
 # extract hvloader source into place
-tar -xf %{SOURCE7} --directory MdeModulePkg/Application
+tar -xf %{SOURCE6} --directory MdeModulePkg/Application
 sed -i '/MdeModulePkg\/Application\/HelloWorld\/HelloWorld.inf/a \ \ MdeModulePkg\/Application\/HvLoader-%{HVLOADER_VER}/HvLoader.inf' MdeModulePkg/MdeModulePkg.dsc
 
 %build
@@ -504,6 +501,7 @@ done
 %endif
 
 %if %{build_aarch64}
+# gcc does not provide 32 bit arm cross compiler, so only building 64 bit targets
 ./edk2-build.py --config edk2-build.fedora %{?silent} --release-date "$RELEASE_DATE" -m armvirt
 ./edk2-build.py --config edk2-build.fedora.platforms %{?silent} -m aa64
 virt-fw-vars --input   Fedora/aarch64/vars-template-pflash.raw \
@@ -527,8 +525,8 @@ done
 
 source ./edksetup.sh
 make -C BaseTools
-cp %{SOURCE8} Conf/target.txt
-build -p MdeModulePkg/MdeModulePkg.dsc -m MdeModulePkg/Application/HvLoader-%{HVLOADER_VER}/HvLoader.inf
+cp %{SOURCE7} Conf/target.txt
+build -p MdeModulePkg/MdeModulePkg.dsc -m MdeModulePkg/Application/HvLoader-%{HVLOADER_VER}/HvLoader.inf -a %{edk2_arch}
 
 %install
 
@@ -554,7 +552,7 @@ install BaseTools/Scripts/GccBase.lds \
 # install firmware images
 mkdir -p %{buildroot}%{_datadir}/%{name}
 cp -av Fedora/* %{buildroot}%{_datadir}/%{name}
-%if !%{with experimental}
+%if !%{with experimental} || "%{edk2_arch}" == "AARCH64"
 rm -rf %{buildroot}%{_datadir}/%{name}/experimental
 %endif
 
@@ -598,8 +596,6 @@ ln -s ../%{name}/aarch64/QEMU_EFI-silent-pflash.raw \
   %{buildroot}%{_datadir}/AAVMF/AAVMF_CODE.fd
 ln -s ../%{name}/aarch64/vars-template-pflash.raw \
   %{buildroot}%{_datadir}/AAVMF/AAVMF_VARS.fd
-ln -s ../%{name}/arm/QEMU_EFI-pflash.raw \
-   %{buildroot}%{_datadir}/AAVMF/AAVMF32_CODE.fd
 
 # json description files
 install -m 0644 \
@@ -608,9 +604,6 @@ install -m 0644 \
         52-edk2-aarch64-verbose-qcow2.json \
         53-edk2-aarch64-verbose-raw.json \
         %{buildroot}%{_datadir}/qemu/firmware
-install -m 0644 \
-        50-edk2-arm-verbose.json \
-        %{buildroot}%{_datadir}/qemu/firmware
 # endif build_aarch64
 %endif
 
@@ -629,7 +622,7 @@ done
 %endif
 
 mkdir -p %{buildroot}/boot/efi
-cp ./Build/MdeModule/RELEASE_GCC5/X64/MdeModulePkg/Application/HvLoader-%{HVLOADER_VER}/HvLoader/OUTPUT/HvLoader.efi %{buildroot}/boot/efi
+cp ./Build/MdeModule/RELEASE_GCC5/%{edk2_arch}/MdeModulePkg/Application/HvLoader-%{HVLOADER_VER}/HvLoader/OUTPUT/HvLoader.efi %{buildroot}/boot/efi
 
 %check
 for file in %{buildroot}%{_datadir}/%{name}/*/*VARS.secboot.fd; do
@@ -766,19 +759,6 @@ done
 %{_datadir}/%{name}/xen/*.fd
 %endif
 
-%if %{with arm}
-%files arm
-%common_files
-%dir %{_datadir}/AAVMF/
-%{_datadir}/AAVMF/AAVMF32_CODE.fd
-%dir %{_datadir}/%{name}/arm
-%{_datadir}/%{name}/arm/QEMU_EFI-pflash.raw
-%{_datadir}/%{name}/arm/QEMU_EFI.fd
-%{_datadir}/%{name}/arm/QEMU_VARS.fd
-%{_datadir}/%{name}/arm/vars-template-pflash.raw
-%{_datadir}/qemu/firmware/50-edk2-arm-verbose.json
-%endif
-
 %if %{build_riscv64}
 %files riscv64
 %common_files
@@ -812,6 +792,12 @@ done
 /boot/efi/HvLoader.efi
 
 %changelog
+* Wed May 06 2026 Sumedh Sharma <sumsharma@microsoft.com> - 20240524git3e722403cd16-17
+- Enable build_aarch64 to build arm64 firmware bins
+- Disable OVMF compilation on aarch64 hosts due to missing cross gcc-x86_64-linux-gnu
+- Remove 32bit arm compilation due to missing gcc compiler/cross-compiler
+- Add patch to increase default firmware size in ArmVirtPkg to 3Mb for debug package builds
+
 * Wed Apr 22 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 20240524git3e722403cd16-16
 - Patch for CVE-2026-28390, CVE-2026-28389