From 4b8d84fdec600ad4ce3df361145545436a850e4f Mon Sep 17 00:00:00 2001 From: zhanghua000 Date: Sun, 13 Nov 2022 21:32:58 +0800 Subject: [PATCH] Add alarm/uefi-raspberrypi4 This is the UEFI firmware for Raspberry Pi 4 implemented by tianocore. This allows raspbberrypi runs almost any OS with proper drivers, even Windows. However, it has some limitations, devices such as V3D Core and GPIO are not available currently, you can see its upstream for more info. We have disabled the 3GB limit by default because our kernel linux-aarch64 is new enough(>=5.8). This will allow OS uses full RAM on the models have RAM larger than 3GB. Bump to 1.34 Stop copying kernel image Bump to 1.35 and switch to gcc from clang Reason: CLANG38 is missing after update, and build BaseTools with gcc is fixed by upstream. Bump to 1.36 Other changes: - Drop git from makedepends - Use SPDX License identifier Bump to 1.37 Bump to 1.38 Signed-off-by: zhanghua000 --- alarm/uefi-raspberrypi4/.gitignore | 3 + .../70-post-install-uefi.hook | 12 ++ .../uefi-raspberrypi4/80-pre-remove-uefi.hook | 9 + alarm/uefi-raspberrypi4/PKGBUILD | 201 ++++++++++++++++++ alarm/uefi-raspberrypi4/post-install-uefi | 4 + alarm/uefi-raspberrypi4/pre-remove-uefi | 4 + 6 files changed, 233 insertions(+) create mode 100644 alarm/uefi-raspberrypi4/.gitignore create mode 100644 alarm/uefi-raspberrypi4/70-post-install-uefi.hook create mode 100644 alarm/uefi-raspberrypi4/80-pre-remove-uefi.hook create mode 100644 alarm/uefi-raspberrypi4/PKGBUILD create mode 100644 alarm/uefi-raspberrypi4/post-install-uefi create mode 100644 alarm/uefi-raspberrypi4/pre-remove-uefi diff --git a/alarm/uefi-raspberrypi4/.gitignore b/alarm/uefi-raspberrypi4/.gitignore new file mode 100644 index 000000000..bdc69f149 --- /dev/null +++ b/alarm/uefi-raspberrypi4/.gitignore @@ -0,0 +1,3 @@ +*.cer +*.bin +*.tar.gz diff --git a/alarm/uefi-raspberrypi4/70-post-install-uefi.hook b/alarm/uefi-raspberrypi4/70-post-install-uefi.hook new file mode 100644 index 000000000..a478eb9ce --- /dev/null +++ b/alarm/uefi-raspberrypi4/70-post-install-uefi.hook @@ -0,0 +1,12 @@ +[Trigger] +Type = File +Operation = Install +Operation = Upgrade +Target = boot/Image +Target = boot/Image.gz +Target = boot/RPI_EFI.fd + +[Action] +Description = Copying kernel binaries... +When = PostTransaction +Exec = /usr/share/libalpm/scripts/post-install-uefi diff --git a/alarm/uefi-raspberrypi4/80-pre-remove-uefi.hook b/alarm/uefi-raspberrypi4/80-pre-remove-uefi.hook new file mode 100644 index 000000000..6edd79144 --- /dev/null +++ b/alarm/uefi-raspberrypi4/80-pre-remove-uefi.hook @@ -0,0 +1,9 @@ +[Trigger] +Type = File +Operation = Remove +Target = boot/RPI_EFI.fd + +[Action] +Description = Removing copied files for UEFI... +When = PreTransaction +Exec = /usr/share/libalpm/scripts/pre-remove-uefi diff --git a/alarm/uefi-raspberrypi4/PKGBUILD b/alarm/uefi-raspberrypi4/PKGBUILD new file mode 100644 index 000000000..0c977473f --- /dev/null +++ b/alarm/uefi-raspberrypi4/PKGBUILD @@ -0,0 +1,201 @@ +# Maintainer: zhanghua + +buildarch=8 # aarch64 + +declare -rAg _modules_name_map=( + [edk2]=https://github.com/tianocore/edk2/archive/b158dad150bf02879668f72ce306445250838201.tar.gz + [edk2/CryptoPkg/Library/OpensslLib/openssl]=https://github.com/openssl/openssl/archive/de90e54bbe82e5be4fb9608b6f5c308bb837d355.tar.gz + [edk2/CryptoPkg/Library/OpensslLib/openssl/gost-engine]=https://github.com/gost-engine/engine/archive/b2b4d629f100eaee9f5942a106b1ccefe85b8808.tar.gz + [edk2/CryptoPkg/Library/OpensslLib/openssl/libprov]=https://github.com/provider-corner/libprov/archive/8a126e09547630ef900177625626b6156052f0ee.tar.gz + [edk2/CryptoPkg/Library/OpensslLib/openssl/krb5]=https://github.com/krb5/krb5/archive/aa9b4a2a64046afd2fab7cb49c346295874a5fb6.tar.gz + [edk2/CryptoPkg/Library/OpensslLib/openssl/pyca-cryptography]=https://github.com/pyca/cryptography/archive/c18d0567386414efa3caef7ed586c4ca75bf3a8b.tar.gz + [edk2/CryptoPkg/Library/OpensslLib/openssl/wycheproof]=https://github.com/google/wycheproof/archive/2196000605e45d91097147c9c71f26b72af58003.tar.gz + [edk2/ArmPkg/Library/ArmSoftFloatLib/berkeley-softfloat-3]=https://github.com/ucb-bar/berkeley-softfloat-3/archive/b64af41c3276f97f0e181920400ee056b9c88037.tar.gz + [edk2/UnitTestFrameworkPkg/Library/CmockaLib/cmocka]=https://github.com/tianocore/edk2-cmocka/archive/1cc9cde3448cdd2e000886a26acf1caac2db7cf1.tar.gz + [edk2/MdeModulePkg/Universal/RegularExpressionDxe/oniguruma]=https://github.com/kkos/oniguruma/archive/abfc8ff81df4067f309032467785e06975678f0d.tar.gz + [edk2/MdeModulePkg/Library/BrotliCustomDecompressLib/brotli]=https://github.com/google/brotli/archive/f4153a09f87cbb9c826d8fc12c74642bb2d879ea.tar.gz + [edk2/BaseTools/Source/C/BrotliCompress/brotli]=https://github.com/google/brotli/archive/f4153a09f87cbb9c826d8fc12c74642bb2d879ea.tar.gz + [edk2/RedfishPkg/Library/JsonLib/jansson]=https://github.com/akheron/jansson/archive/e9ebfa7e77a6bee77df44e096b100e7131044059.tar.gz + [edk2/UnitTestFrameworkPkg/Library/GoogleTestLib/googletest]=https://github.com/google/googletest/archive/86add13493e5c881d7e4ba77fb91c1f57752b3a4.tar.gz + [edk2/UnitTestFrameworkPkg/Library/SubhookLib/subhook]=https://github.com/Zeex/subhook/archive/83d4e1ebef3588fae48b69a7352cc21801cb70bc.tar.gz + [edk2/MdePkg/Library/BaseFdtLib/libfdt]=https://github.com/devicetree-org/pylibfdt/archive/cfff805481bdea27f900c32698171286542b8d3c.tar.gz + [edk2/MdePkg/Library/MipiSysTLib/mipisyst]=https://github.com/MIPI-Alliance/public-mipi-sys-t/archive/370b5944c046bab043dd8b133727b2135af7747a.tar.gz + [edk2/MdePkg/Library/MipiSysTLib/mipisyst/external/pugixml]=https://github.com/zeux/pugixml/archive/c53fdab93af76106b963216d85897614b996f8b6.tar.gz + [edk2/MdePkg/Library/MipiSysTLib/mipisyst/external/googletest]=https://github.com/google/googletest/archive/a6f06bf2fd3b832822cd4e9e554b7d47f32ec084.tar.gz + [edk2/CryptoPkg/Library/MbedTlsLib/mbedtls]=https://github.com/Mbed-TLS/mbedtls/archive/8c89224991adff88d53cd380f42a2baa36f91454.tar.gz + [edk2/SecurityPkg/DeviceSecurity/SpdmLib/libspdm]=https://github.com/DMTF/libspdm/archive/50924a4c8145fc721e17208f55814d2b38766fe6.tar.gz + [edk2/SecurityPkg/DeviceSecurity/SpdmLib/libspdm/os_stub/openssllib/openssl]=https://github.com/openssl/openssl/archive/de90e54bbe82e5be4fb9608b6f5c308bb837d355.tar.gz + [edk2/SecurityPkg/DeviceSecurity/SpdmLib/libspdm/os_stub/openssllib/openssl/gost-engine]=https://github.com/gost-engine/engine/archive/b2b4d629f100eaee9f5942a106b1ccefe85b8808.tar.gz + [edk2/SecurityPkg/DeviceSecurity/SpdmLib/libspdm/os_stub/openssllib/openssl/gost-engine/libprov]=https://github.com/provider-corner/libprov/archive/8a126e09547630ef900177625626b6156052f0ee.tar.gz + [edk2/SecurityPkg/DeviceSecurity/SpdmLib/libspdm/os_stub/openssllib/openssl/krb5]=https://github.com/krb5/krb5/archive/aa9b4a2a64046afd2fab7cb49c346295874a5fb6.tar.gz + [edk2/SecurityPkg/DeviceSecurity/SpdmLib/libspdm/os_stub/openssllib/openssl/pyca-cryptography]=https://github.com/pyca/cryptography/archive/c18d0567386414efa3caef7ed586c4ca75bf3a8b.tar.gz + [edk2/SecurityPkg/DeviceSecurity/SpdmLib/libspdm/os_stub/openssllib/openssl/wycheproof]=https://github.com/C2SP/wycheproof/archive/2196000605e45d91097147c9c71f26b72af58003.tar.gz + [edk2/SecurityPkg/DeviceSecurity/SpdmLib/libspdm/os_stub/mbedtlslib/mbedtls]=https://github.com/Mbed-TLS/mbedtls/archive/dd79db10014d85b26d11fe57218431f2e5ede6f2.tar.gz + [edk2/SecurityPkg/DeviceSecurity/SpdmLib/libspdm/unit_test/cmockalib/cmocka]=https://gitlab.com/cmocka/cmocka/-/archive/a01cc69ee9536f90e57c61a198f2d1944d3d4313/cmocka-a01cc69ee9536f90e57c61a198f2d1944d3d4313.tar.gz + + [edk2-non-osi]=https://github.com/tianocore/edk2-non-osi/archive/0544808c623bb73252310b1e5ef887caaf08c34b.tar.gz + + [edk2-platforms]=https://github.com/tianocore/edk2-platforms/archive/6146fd7abcf6bfa083d33d1dfdc750694fc040a7.tar.gz + [edk2-platforms/Silicon/RISC-V/ProcessorPkg/Library/RiscVOpensbiLib/opensbi]=https://github.com/riscv-software-src/opensbi/archive/a731c7e36988c3308e1978ecde491f2f6182d490.tar.gz +) + +_get_source_name_string() { + local host filename name commit + host=$(echo "$1" | cut -d / -f 3) + name=$(echo "$1" | cut -d / -f 5) + filename=${1##*/} + commit=${filename%%.*} + case "$host" in + gitlab.com) + # It contains $name in $commit + echo "$commit" + ;; + *) + echo "$name-$commit" + ;; + esac +} + +_fill_gitmodules_recursively() { + local gitmodule + find "${1:-.}" -type f -name .gitmodules | while read -r gitmodule + do + local prefix + prefix=$(dirname "$gitmodule")"/" + if [[ "$gitmodule" =~ ^\.\/ ]] + then + gitmodule=${gitmodule#*\.\/} + prefix=${prefix#*\.\/} + fi + echo "Parsing $gitmodule to fill submodules..." + local p + grep path "$gitmodule" | awk '{print $3}' | while read -r p + do + p=${p%$'\r'} # Remove control characters + if [[ -n "$p" ]] + then + local target url name commit fname + target="$prefix$p" + url="${_modules_name_map[$target]}" + fname=$(_get_source_name_string "$url") + echo "Filling $target with $srcdir/$fname..." + cp -r "$srcdir/$fname/." "$target" + _fill_gitmodules_recursively "$target" + fi + done + done +} + +pkgname="uefi-raspberrypi4" +pkgver=1.38 +pkgrel=1 +backup=("boot/config.txt") +pkgdesc="UEFI firmware for RaspberryPi 4B" +url="https://github.com/pftf/RPi4" +arch=("aarch64") +license=("BSD-2-Clause-Patent") +makedepends=("acpica" "openssl" "util-linux" "python") +source=( + "ms_kek1.cer::https://go.microsoft.com/fwlink/?LinkId=321185" + "ms_kek2.cer::https://go.microsoft.com/fwlink/?linkid=2239775" + "ms_db1.cer::https://go.microsoft.com/fwlink/?linkid=321192" + "ms_db2.cer::https://go.microsoft.com/fwlink/?linkid=321194" + "ms_db3.cer::https://go.microsoft.com/fwlink/?linkid=2239776" + "ms_db4.cer::https://go.microsoft.com/fwlink/?linkid=2239872" + "arm64_dbx.bin::https://uefi.org/sites/default/files/resources/dbxupdate_arm64.bin" + "70-post-install-uefi.hook" + "80-pre-remove-uefi.hook" + "post-install-uefi" + "pre-remove-uefi" + "RPi4-${pkgver}.tar.gz::https://github.com/pftf/RPi4/archive/refs/tags/v${pkgver}.tar.gz" +) + +declare source_str uri +for uri in "${_modules_name_map[@]}" +do + source_str="$(_get_source_name_string "$uri").tar.gz::${uri}" + if [[ "${source[*]/${source_str}/}" == "${source[*]}" ]] + then + source+=("${source_str}") + fi +done +unset source_str uri + +sha256sums=('a1117f516a32cefcba3f2d1ace10a87972fd6bbe8fe0d0b996e09e65d802a503' + '3cd3f0309edae228767a976dd40d9f4affc4fbd5218f2e8cc3c9dd97e8ac6f9d' + 'e8e95f0733a55e8bad7be0a1413ee23c51fcea64b3c8fa6a786935fddcc71961' + '48e99b991f57fc52f76149599bff0a58c47154229b9f8d603ac40d3500248507' + '076f1fea90ac29155ebf77c17682f75f1fdd1be196da302dc8461e350a9ae330' + 'f6124e34125bee3fe6d79a574eaa7b91c0e7bd9d929c1a321178efd611dad901' + 'f42c187f8b01b497f81fb0459164b27d16ca2af0b95c7331a82c1a27a731a885' + '8e55eb4afdd6b572d2413e87b64219d2f9d3bd033de2dfd37e176e92d25d5821' + 'caa86b22a1452d8974e7bbecbb6d9fb591a58da928a06d5e13cee9592e785b12' + 'aed9dfd4c1e7c6092179e8bec63be3fc7b5d958c94063d60a7d1fe4a36f460ef' + 'e7db4c6150688a4aa6922435f531e5fa6e95d39380bb67ddb5a3554335eb419d' + '0f0d68e180d7b16f8febb88cac358dd32a2596c82fb448849e7a159945a2f988' + 'eea977380ebb1871d5de38c4f7f15442ee690c90bdf790590d930a6bbf347f28' + 'f8dd06309075e36882c10d84fe4e0bb67f70fe2df86bffcf30e65524e078cdd3' + '59cd4b81abafae35d94ac5d91cf4ae5b05122e688713cd6db51e5e4cef471d8f' + '50a9a0f08839c0e659c4f614b0c3cb93a2a4eb9013b94deb272a1d3f0c47d7dc' + 'e1e1d75109315cbd0610b65295a081ccb4ec1886076241820ce5d61b44b87a91' + '962aefeeddb130deeb68c6c60c4848ddedd09d7715ed1ba8a8dadabd032d6232' + 'b5c7e7c54e013c168f4aae036e59912785f11b4aeebd57f6165a14e879b9a82c' + '1193910f475fde07f3cd4fe1c1a353d69b8cedb574967134838fcdc8208d224e' + '6d6cacce05086b7debe75127415ff9c3661849f564fe2f5f3b0383d48aa4ed77' + 'cc29dd6141afdddf14e9b770d5ab2839f769eee19628d31c7cb6187d0c321e9c' + 'dbfc74f14091d66b95edab229cff9ef8f1f0ab40da30efec36ca3546a3482b76' + '981ab3e9634cb7c041b484cc1876f22a743dc0ae53a970117ca1b5700670a964' + '6467f52b39f5954d6fd242487140c459001b650e1df7511392397e099894a2a1' + '9fda3b9a78343ab2be6f06ce6396536e7e065abac29b47c8eb2e42cbb4c4f00b' + '34005d1062f73d1142ac4ca29b9f456fae99a89f0acc01edf4ff4117d59b7583' + '28d89f42da17357f4292574e1ba8780f4f233c6324993d4885f25b8699c75938' + '1f5f3eb67cccd4498940bb71c456c07c385eefeda645fa49ef2c432b5723b875' + '4049ab4cdfae20c376c33b139c34a805a0074dc0d6fe8f47491cd2ab3c3eba98' + '3c3095488b936b14538dca64d7e68bcde09a8a18d2a32a47b59877eff0340403' + 'faae889814ea6a292f7ca03d9b36e6c7e95bab2a64777804883cc822b8d48757' + '1f5f3eb67cccd4498940bb71c456c07c385eefeda645fa49ef2c432b5723b875' + '042dea86b76568e1cbc430475c9fa0e7c433515d2d9e7b4e0a1c08b32f52ed15' + 'e7935c0d91d6d22f6dee710a26b23e228ecc4fe8ef7e8f756558c3599f68c3b4' + '3c98b0abda3175c1f3a081796fae9f5081d2a6e21d1b8b29a5e5b90d690eee2f' + '97a0e47ae225fe45090925125eb711943bf66584ac5fd9c831d14014443124cb' + '5c13b8a73163617e9d985243f0ecb49a97db8fa2d2f76d9ded249aacd3e00113') + + +prepare(){ + cd "${srcdir}/RPi4-${pkgver}" + _fill_gitmodules_recursively + mkdir -p keys + cp "${srcdir}"/{ms_kek1.cer,ms_kek2.cer,ms_db1.cer,ms_db2.cer,ms_db3.cer,ms_db4.cer,arm64_dbx.bin} keys/ + openssl req -new -x509 -newkey rsa:2048 -subj "/CN=Raspberry Pi Platform Key/" -keyout /dev/null -outform DER -out keys/pk.cer -days 7300 -nodes -sha256 +} +build(){ + cd "${srcdir}/RPi4-${pkgver}" + make -C edk2/BaseTools -j1 + bash -c \ + "#!/usr/bin/env bash + + export WORKSPACE=\$PWD + export PACKAGES_PATH=\$WORKSPACE/edk2:\$WORKSPACE/edk2-platforms:\$WORKSPACE/edk2-non-osi + export BUILD_FLAGS=\"-D SECURE_BOOT_ENABLE=TRUE -D INCLUDE_TFTP_COMMAND=TRUE -D NETWORK_ISCSI_ENABLE=TRUE -D SMC_PCI_SUPPORT=1\" + export DEFAULT_KEYS=\"-D DEFAULT_KEYS=TRUE -D PK_DEFAULT_FILE=\$WORKSPACE/keys/pk.cer -D KEK_DEFAULT_FILE1=\$WORKSPACE/keys/ms_kek1.cer -D KEK_DEFAULT_FILE2=\$WORKSPACE/keys/ms_kek2.cer -D DB_DEFAULT_FILE1=\$WORKSPACE/keys/ms_db1.cer -D DB_DEFAULT_FILE2=\$WORKSPACE/keys/ms_db2.cer -D DB_DEFAULT_FILE3=\$WORKSPACE/keys/ms_db3.cer -D DB_DEFAULT_FILE4=\$WORKSPACE/keys/ms_db4.cer -D DBX_DEFAULT_FILE1=\$WORKSPACE/keys/arm64_dbx.bin\" + source edk2/edksetup.sh + build -a AARCH64 -t GCC -p edk2-platforms/Platform/RaspberryPi/RPi4/RPi4.dsc -b RELEASE -n \$(nproc) --pcd gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVendor=L\"https://github.com/pftf/RPi4\" --pcd gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVersionString=L\"UEFI Firmware ${pkgver}-${pkgrel}\" --pcd gRaspberryPiTokenSpaceGuid.PcdRamLimitTo3GB=0 \${BUILD_FLAGS} \${DEFAULT_KEYS} + " +} +package(){ + conflicts=("uboot-raspberrypi") + depends=("raspberrypi-overlays" "linux-aarch64>=5.8" "raspberrypi-bootloader" "bash") + optdepends=( + "firmware-raspberrypi: firmware for RaspberryPi 4B" + "linux-firmware: firmware for RaspberryPi 4B" + "virt-firmware: for editing EFI variables" + ) + + install -Dm644 "${srcdir}/RPi4-${pkgver}/Build/RPi4/RELEASE_GCC/FV/RPI_EFI.fd" "${pkgdir}/boot/RPI_EFI.fd" + install -Dm644 "${srcdir}/RPi4-${pkgver}/config.txt" "${pkgdir}/boot/config.txt" + install -Dm644 "${srcdir}/RPi4-${pkgver}/License.txt" "${pkgdir}/usr/share/licenses/${pkgname}/License.txt" + install -Dm644 "${srcdir}/70-post-install-uefi.hook" "${pkgdir}/usr/share/libalpm/hooks/70-post-install-uefi.hook" + install -Dm644 "${srcdir}/80-pre-remove-uefi.hook" "${pkgdir}/usr/share/libalpm/hooks/80-pre-remove-uefi.hook" + install -Dm755 "${srcdir}/post-install-uefi" "${pkgdir}/usr/share/libalpm/scripts/post-install-uefi" + install -Dm755 "${srcdir}/pre-remove-uefi" "${pkgdir}/usr/share/libalpm/scripts/pre-remove-uefi" +} diff --git a/alarm/uefi-raspberrypi4/post-install-uefi b/alarm/uefi-raspberrypi4/post-install-uefi new file mode 100644 index 000000000..bf5c25184 --- /dev/null +++ b/alarm/uefi-raspberrypi4/post-install-uefi @@ -0,0 +1,4 @@ +#!/usr/bin/env bash + +echo "Copying device tree from kernel..." +cp /boot/dtbs/broadcom/bcm2711-rpi-4-b.dtb /boot/bcm2711-rpi-4-b.dtb diff --git a/alarm/uefi-raspberrypi4/pre-remove-uefi b/alarm/uefi-raspberrypi4/pre-remove-uefi new file mode 100644 index 000000000..3ea0bc2da --- /dev/null +++ b/alarm/uefi-raspberrypi4/pre-remove-uefi @@ -0,0 +1,4 @@ +#!/usr/bin/env bash + +echo "Removing /boot/bcm2711-rpi-4-b" +rm -f /boot/bcm2711-rpi-4-b.dtb