ar
/
nibylandia
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: ar:c4d0913360b481c6cefcb3dac1c3157dbc24702b
Branches Tags
ar:main
...
compare: ar:f355364c2e23b2f760b7159da641eafc0c2732fd
Branches Tags
ar:main

5 Commits
c4d0913360 ... f355364c2e

Author SHA1 Message Date
Ari Gerus f355364c2e rpi5: edk2 building, with default config
CI / x86_64-linux (push) Successful in 1m7s Details
CI / aarch64-linux (push) Successful in 2m1s Details
2024-04-23 12:51:39 +02:00
Ari Gerus 718e2a32e3 rpi5: uefi & arm-tf current packaging state 2024-04-20 18:54:58 +02:00
Ari Gerus 19df296944 chore: fmt 2024-04-19 17:30:14 +02:00
Ari Gerus 62928cdb2e rpi5: uefi & arm-tf current packaging state 
[skip-ci arm64]
 2024-04-19 13:54:24 +02:00
Ari Gerus a7050f0528 chore: flake lock updates 2024-04-19 13:53:31 +02:00
9 changed files with 222 additions and 50 deletions
Show Stats Expand all files Collapse all files

30
flake.lock
View File

@ -304,11 +304,11 @@
]
},
"locked": {
"lastModified": 1713294767,
"narHash": "sha256-LmaabaQZdx52MPGKPRt9Opoc9Gd9RbwvCdysUUYQoXI=",
"lastModified": 1713523170,
"narHash": "sha256-e5X+1R2zSXCG88DRx9VW0wdRNiO2V3CQJwE7rSeFlEY=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "fa8c16e2452bf092ac76f09ee1fb1e9f7d0796e7",
"rev": "b62cad68b754224caec1e3b0dbadf86821b0b255",
"type": "github"
},
"original": {
@ -366,11 +366,11 @@
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1713192402,
"narHash": "sha256-M2rleMvDJyhJEDWMcwhJNAuNFtvZhN3vadve7x2KiOk=",
"lastModified": 1713369831,
"narHash": "sha256-G4OGxvlIIjphpkxcRAkf1QInYsAeqbfNh6Yl1JLy2uM=",
"owner": "nix-community",
"repo": "lanzaboote",
"rev": "1197e51e8f57135349bed4de791d8bab7f8cc150",
"rev": "850f27322239f8cfa56b122cc9a278ab99a49015",
"type": "github"
},
"original": {
@ -388,11 +388,11 @@
"spectrum": "spectrum"
},
"locked": {
"lastModified": 1713189110,
"narHash": "sha256-c/yG/AsPmMBMe4RAxn4KOkOaR4rsW5s3AjtfriOQKD8=",
"lastModified": 1713463636,
"narHash": "sha256-IPdnR0Rs7XoffnCn6rExYDlft/GHD/UFgQ11lTVEK48=",
"owner": "astro",
"repo": "microvm.nix",
"rev": "a1341f7195e34d9bb88c12314cc3b0c4429f9b0a",
"rev": "6a4f822a817180be03fcdceb654088d002c9ec5e",
"type": "github"
},
"original": {
@ -484,11 +484,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1712909959,
"narHash": "sha256-7/5ubuwdEbQ7Z+Vqd4u0mM5L2VMNDsBh54visp27CtQ=",
"lastModified": 1713521961,
"narHash": "sha256-EwR8wW9AqJhSIY+0oxWRybUZ32BVKuZ9bjlRh8SJvQ8=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "f58b25254be441cd2a9b4b444ed83f1e51244f1f",
"rev": "5d48925b815fd202781bfae8fb6f45c07112fdb2",
"type": "github"
},
"original": {
@ -579,11 +579,11 @@
},
"nixpkgs_4": {
"locked": {
"lastModified": 1713354889,
"narHash": "sha256-/wGfpg6ssTd7zISfRNvZxaHYSC849LqCXAv0ELdKHxw=",
"lastModified": 1713521817,
"narHash": "sha256-u9JiIKJx2xVg7hlLQmxXGYGqr0roNUU3jI+zfBu9c8U=",
"owner": "arachnist",
"repo": "nixpkgs",
"rev": "71053157d9e5c8e01433d546e351fc223186b7a6",
"rev": "d7e7561adbd82113512253139a6c9fadf84ef42c",
"type": "github"
},
"original": {

3
modules/common.nix
View File

@ -1,7 +1,6 @@
{ config, lib, pkgs, inputs, ... }:
let
meta = import ../meta.nix;
let meta = import ../meta.nix;
in {
imports = with inputs; [
nix-index-database.nixosModules.nix-index

30
nixos/akamanto/default.nix
View File

@ -31,7 +31,6 @@ let
sha256 = "sha256-0uoq5bvL/4L9oa/JY54qHMRw5vE7V//HxLFMOEqGUjA=";
};
});
rootfsBuilder = import "${inputs.nixpkgs}/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.nix" { pkgs = pkgs.buildPackages; };
in {
# https://en.wikipedia.org/wiki/Aka_Manto
networking.hostName = "akamanto";
@ -44,7 +43,7 @@ in {
];
nixpkgs.overlays = [ inputs.self.overlays.rpi5 ];
sdImage = {
compressImage = false;
firmwareSize = 1024;
@ -56,7 +55,7 @@ in {
echo ''${path/\/nix\/store\/}
}
cp ${pkgs.rpi5-uefi}/boot/* firmware
cp ${pkgs.rpi5-uefi}/* firmware
mkdir -p firmware/EFI/nixos
touch firmware/EFI/nixos-sd-system-image
@ -64,10 +63,16 @@ in {
kernelFile=$(storePath ${config.boot.kernelPackages.kernel})-${config.system.boot.loader.kernelFile}
initrdFile=$(storePath ${config.system.build.initialRamdisk})-${config.system.boot.loader.initrdFile}
cp ${config.boot.kernelPackages.kernel + "/" + config.system.boot.loader.kernelFile} \
cp ${
config.boot.kernelPackages.kernel + "/"
+ config.system.boot.loader.kernelFile
} \
firmware/EFI/nixos/$kernelFile
cp ${config.system.build.initialRamdisk + "/" + config.system.boot.loader.initrdFile} \
cp ${
config.system.build.initialRamdisk + "/"
+ config.system.boot.loader.initrdFile
} \
firmware/EFI/nixos/$initrdFile
mkdir -p firmware/EFI/boot
@ -79,7 +84,7 @@ in {
${pkgs.grub2_efi}/bin/grub-mkimage --directory=${pkgs.grub2_efi}/lib/grub/arm64-efi \
-o firmware/EFI/boot/bootaa64.efi \
-p /EFI/boot -O arm64-efi ''${MODULES[@]}
cat <<EOF > firmware/EFI/boot/grub.cfg
search --set=root --file /EFI/nixos-sd-system-image
@ -90,7 +95,9 @@ in {
set default="0"
menuentry '${config.system.nixos.distroName} ${config.system.nixos.label}' {
linux /EFI/nixos/$kernelFile init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams}
linux /EFI/nixos/$kernelFile init=${config.system.build.toplevel}/init ${
toString config.boot.kernelParams
}
initrd /EFI/nixos/$initrdFile
devicetree /bcm2712-rpi-5-b.dtb
}
@ -107,7 +114,12 @@ in {
boot = {
kernelPackages = lib.mkForce pkgs.linuxPackages_rpi5;
supportedFilesystems = lib.mkForce [ "vfat" "ext4" ];
kernelParams = [ "fbcon=rotate:2" "8250.nr_uarts=11" "console=ttyAMA10,115200" "console=tty0" ];
kernelParams = [
"fbcon=rotate:2"
"8250.nr_uarts=11"
"console=ttyAMA10,115200"
"console=tty0"
];
initrd.availableKernelModules = lib.mkForce [
"usbhid"
"usb_storage"
@ -122,7 +134,7 @@ in {
device = "nodev";
};
};
fileSystems = lib.mkForce {
"/" = {
device = "/dev/disk/by-label/NIXOS_SD";

2
nixos/zorigami/default.nix
View File

@ -469,7 +469,7 @@
forceSSL = true;
enableACME = true;
};
${config.services.matrix-synapse.settings.server_name} = {
"${config.services.matrix-synapse.settings.server_name}" = {
enableACME = true;
forceSSL = true;

5
overlays/rpi5.nix
View File

@ -8,6 +8,9 @@ self: super: rec {
};
linuxPackages_rpi5 = self.linuxPackagesFor linux_rpi5;
rpi5-arm-tf = self.callPackage ../pkgs/rpi5-arm-tf.nix { };
rpi5-edk2-tools = self.callPackage ../pkgs/rpi5-edk2-tools.nix { };
rpi5-uefi = self.callPackage ../pkgs/rpi5-uefi.nix { };
rpi5-uefi-bin = self.callPackage ../pkgs/rpi5-uefi-bin.nix { };
}

46
pkgs/rpi5-arm-tf.nix Normal file
View File

@ -0,0 +1,46 @@
{ lib, stdenv, fetchFromGitHub, runCommand, buildPackages, pkgsCross, openssl }:
stdenv.mkDerivation rec {
name = "arm-trusted-firmware-rpi5";
version = "20240316";
src = fetchFromGitHub {
owner = "worproject";
repo = "arm-trusted-firmware";
rev = "682607fbd775e37fb5631508434dab9e60220c9a";
hash = "sha256-Kdn9xJtHhwxvqpzC6osW2xWdZrlOmowaxBLPYGmtHYQ=";
};
depsBuildBuild = [ buildPackages.stdenv.cc ];
nativeBuildInputs = [ pkgsCross.arm-embedded.stdenv.cc ];
makeFlags = [
"HOSTCC=$(CC_FOR_BUILD)"
"AS=$(CC_FOR_BUILD)"
"CROSS_COMPILE=${stdenv.cc.targetPrefix}"
# binutils 2.39 regression
# `warning: /build/source/build/rk3399/release/bl31/bl31.elf has a LOAD segment with RWX permissions`
# See also: https://developer.trustedfirmware.org/T996
"LDFLAGS=-no-warn-rwx-segments"
"PLAT=rpi5"
"PRELOADED_BL33_BASE=0x20000"
"RPI3_PRELOADED_DTB_BASE=0x1F0000"
"SUPPORT_VFP=1"
"SMC_PCI_SUPPORT=1"
];
filesToInstall = [ "build/rpi5/release/*" ];
installPhase = ''
runHook preInstall
mkdir -p $out
cp -r ${lib.concatStringsSep " " filesToInstall} $out
runHook postInstall
'';
hardeningDisable = [ "all" ];
dontStrip = true;
}

58
pkgs/rpi5-edk2-tools.nix Normal file
View File

@ -0,0 +1,58 @@
{ lib, stdenv, fetchFromGitHub, openssl, buildPackages, runCommand, clangStdenv
, fetchpatch, libuuid, python3 }:
let
srcWithVendoring = fetchFromGitHub {
owner = "worproject";
repo = "rpi5-uefi";
rev = "c1ca184c608dca75a346cc56b8eaf42648d83e86";
fetchSubmodules = true;
hash = "sha256-mGMqgJXsEFq79aHes8HUGcKrfbGjeAHTA/xzbq5qURs=";
};
pythonEnv = buildPackages.python3.withPackages (ps: [ ps.tkinter ]);
in stdenv.mkDerivation {
name = "rpi5-edk2-tools";
version = "20240316";
# We don't want EDK2 to keep track of OpenSSL,
# they're frankly bad at it.
src = runCommand "edk2-unvendored-src" { } ''
cp --no-preserve=mode -r ${srcWithVendoring} $out
rm -rf $out/edk2/CryptoPkg/Library/OpensslLib/openssl
mkdir -p $out/edk2/CryptoPkg/Library/OpensslLib/openssl
tar --strip-components=1 -xf ${buildPackages.openssl.src} -C $out/edk2/CryptoPkg/Library/OpensslLib/openssl
chmod -R +w $out/
# Fix missing INT64_MAX include that edk2 explicitly does not provide
# via it's own <stdint.h>. Let's pull in openssl's definition instead:
sed -i $out/edk2/CryptoPkg/Library/OpensslLib/openssl/crypto/property/property_parse.c \
-e '1i #include "internal/numbers.h"'
'';
nativeBuildInputs = [ pythonEnv ];
depsBuildBuild = [ buildPackages.stdenv.cc buildPackages.bash ];
depsHostHost = [ libuuid ];
strictDeps = true;
# trick taken from https://src.fedoraproject.org/rpms/edk2/blob/08f2354cd280b4ce5a7888aa85cf520e042955c3/f/edk2.spec#_319
GCC5_AARCH64_PREFIX = stdenv.cc.targetPrefix;
makeFlags = [ "-C edk2/BaseTools" "-j 14" ];
env.NIX_CFLAGS_COMPILE = "-Wno-return-type"
+ lib.optionalString stdenv.cc.isGNU " -Wno-error=stringop-truncation"
+ lib.optionalString stdenv.isDarwin " -Wno-error=macro-redefined";
hardeningDisable = [ "format" "fortify" ];
installPhase = ''
mkdir -vp $out
mv -v edk2/BaseTools $out
mv -v edk2/edksetup.sh $out
# patchShebangs fails to see these when cross compiling
for i in $out/BaseTools/BinWrappers/PosixLike/*; do
substituteInPlace $i --replace '/usr/bin/env bash' ${buildPackages.bash}/bin/bash
chmod +x "$i"
done
'';
}

25
pkgs/rpi5-uefi-bin.nix Normal file
View File

@ -0,0 +1,25 @@
{ stdenv, lib, fetchzip }:
let version = "v0.3";
in stdenv.mkDerivation {
pname = "rpi5-uefi";
inherit version;
src = fetchzip {
url =
"https://github.com/worproject/rpi5-uefi/releases/download/${version}/RPi5_UEFI_Release_${version}.zip";
sha256 = "sha256-bjEvq7KlEFANnFVL0LyexXEeoXj7rHGnwQpq09PhIb0=";
stripRoot = false;
};
installPhase = ''
runHook preInstall
mkdir -p $out/boot
mv ./* $out/boot
runHook postInstall
'';
meta = with lib; { description = "EDK2 port for raspberry pi 5"; };
}

73
pkgs/rpi5-uefi.nix
View File

@ -1,28 +1,57 @@
{ stdenv, lib, fetchzip }:
{ lib, stdenv, openssl, pkgsCross, buildPackages, runCommand, rpi5-arm-tf
, rpi5-edk2-tools, libuuid, python3, bc, util-linux, nasm, acpica-tools }:
let pythonEnv = buildPackages.python3.withPackages (ps: [ ps.tkinter ]);
in stdenv.mkDerivation rec {
name = "rpi5-uefi";
version = "20240316";
inherit (rpi5-edk2-tools) src;
nativeBuildInputs = [ bc pythonEnv util-linux nasm acpica-tools ];
depsBuildBuild = [ buildPackages.stdenv.cc ];
strictDeps = true;
# trick taken from https://src.fedoraproject.org/rpms/edk2/blob/08f2354cd280b4ce5a7888aa85cf520e042955c3/f/edk2.spec#_319
GCC5_AARCH64_PREFIX = stdenv.cc.targetPrefix;
env.NIX_CFLAGS_COMPILE = toString [ "-Wformat" ];
prePatch = ''
rm -rf edk2/BaseTools
ln -sv ${rpi5-edk2-tools}/BaseTools edk2/BaseTools
'';
configurePhase = ''
runHook preConfigure
export WORKSPACE="$PWD"
export PACKAGES_PATH=$WORKSPACE/edk2:$WORKSPACE/edk2-platforms:$WORKSPACE/edk2-non-osi
. $WORKSPACE/edk2/edksetup.sh BaseTools
runHook postConfigure
'';
buildPhase = ''
runHook preBuild
build -a AARCH64 \
-b RELEASE \
-t GCC \
-p edk2-platforms/Platform/RaspberryPi/RPi5/RPi5.dsc \
-D TFA_BUILD_ARTIFACTS=${rpi5-arm-tf} \
--pcd gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVersionString=L"${version}" \
-n $NIX_BUILD_CORES $buildFlags
runHook postBuild
'';
let
version = "v0.3";
in
stdenv.mkDerivation {
pname = "rpi5-uefi";
version = version;
src = fetchzip {
url = "https://github.com/worproject/rpi5-uefi/releases/download/${version}/RPi5_UEFI_Release_${version}.zip";
sha256 = "sha256-bjEvq7KlEFANnFVL0LyexXEeoXj7rHGnwQpq09PhIb0=";
stripRoot = false;
};
installPhase = ''
runHook preInstall
mkdir -p $out/boot
mv ./* $out/boot
mkdir -p $out
mv -v Build/RPi5/RELEASE_GCC/FV/RPI_EFI.fd $out/
mv -v config.txt $out/
runHook postInstall
'';
meta = with lib; {
description = "EDK2 port for raspberry pi 5";
};
}