Compare commits
5 Commits
c4d0913360
...
f355364c2e
Author | SHA1 | Date |
---|---|---|
Ari Gerus | f355364c2e | |
Ari Gerus | 718e2a32e3 | |
Ari Gerus | 19df296944 | |
Ari Gerus | 62928cdb2e | |
Ari Gerus | a7050f0528 |
30
flake.lock
30
flake.lock
|
@ -304,11 +304,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1713294767,
|
||||
"narHash": "sha256-LmaabaQZdx52MPGKPRt9Opoc9Gd9RbwvCdysUUYQoXI=",
|
||||
"lastModified": 1713523170,
|
||||
"narHash": "sha256-e5X+1R2zSXCG88DRx9VW0wdRNiO2V3CQJwE7rSeFlEY=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "fa8c16e2452bf092ac76f09ee1fb1e9f7d0796e7",
|
||||
"rev": "b62cad68b754224caec1e3b0dbadf86821b0b255",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -366,11 +366,11 @@
|
|||
"rust-overlay": "rust-overlay"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1713192402,
|
||||
"narHash": "sha256-M2rleMvDJyhJEDWMcwhJNAuNFtvZhN3vadve7x2KiOk=",
|
||||
"lastModified": 1713369831,
|
||||
"narHash": "sha256-G4OGxvlIIjphpkxcRAkf1QInYsAeqbfNh6Yl1JLy2uM=",
|
||||
"owner": "nix-community",
|
||||
"repo": "lanzaboote",
|
||||
"rev": "1197e51e8f57135349bed4de791d8bab7f8cc150",
|
||||
"rev": "850f27322239f8cfa56b122cc9a278ab99a49015",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -388,11 +388,11 @@
|
|||
"spectrum": "spectrum"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1713189110,
|
||||
"narHash": "sha256-c/yG/AsPmMBMe4RAxn4KOkOaR4rsW5s3AjtfriOQKD8=",
|
||||
"lastModified": 1713463636,
|
||||
"narHash": "sha256-IPdnR0Rs7XoffnCn6rExYDlft/GHD/UFgQ11lTVEK48=",
|
||||
"owner": "astro",
|
||||
"repo": "microvm.nix",
|
||||
"rev": "a1341f7195e34d9bb88c12314cc3b0c4429f9b0a",
|
||||
"rev": "6a4f822a817180be03fcdceb654088d002c9ec5e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -484,11 +484,11 @@
|
|||
},
|
||||
"nixos-hardware": {
|
||||
"locked": {
|
||||
"lastModified": 1712909959,
|
||||
"narHash": "sha256-7/5ubuwdEbQ7Z+Vqd4u0mM5L2VMNDsBh54visp27CtQ=",
|
||||
"lastModified": 1713521961,
|
||||
"narHash": "sha256-EwR8wW9AqJhSIY+0oxWRybUZ32BVKuZ9bjlRh8SJvQ8=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixos-hardware",
|
||||
"rev": "f58b25254be441cd2a9b4b444ed83f1e51244f1f",
|
||||
"rev": "5d48925b815fd202781bfae8fb6f45c07112fdb2",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -579,11 +579,11 @@
|
|||
},
|
||||
"nixpkgs_4": {
|
||||
"locked": {
|
||||
"lastModified": 1713354889,
|
||||
"narHash": "sha256-/wGfpg6ssTd7zISfRNvZxaHYSC849LqCXAv0ELdKHxw=",
|
||||
"lastModified": 1713521817,
|
||||
"narHash": "sha256-u9JiIKJx2xVg7hlLQmxXGYGqr0roNUU3jI+zfBu9c8U=",
|
||||
"owner": "arachnist",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "71053157d9e5c8e01433d546e351fc223186b7a6",
|
||||
"rev": "d7e7561adbd82113512253139a6c9fadf84ef42c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
{ config, lib, pkgs, inputs, ... }:
|
||||
|
||||
let
|
||||
meta = import ../meta.nix;
|
||||
let meta = import ../meta.nix;
|
||||
in {
|
||||
imports = with inputs; [
|
||||
nix-index-database.nixosModules.nix-index
|
||||
|
|
|
@ -31,7 +31,6 @@ let
|
|||
sha256 = "sha256-0uoq5bvL/4L9oa/JY54qHMRw5vE7V//HxLFMOEqGUjA=";
|
||||
};
|
||||
});
|
||||
rootfsBuilder = import "${inputs.nixpkgs}/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.nix" { pkgs = pkgs.buildPackages; };
|
||||
in {
|
||||
# https://en.wikipedia.org/wiki/Aka_Manto
|
||||
networking.hostName = "akamanto";
|
||||
|
@ -44,7 +43,7 @@ in {
|
|||
];
|
||||
|
||||
nixpkgs.overlays = [ inputs.self.overlays.rpi5 ];
|
||||
|
||||
|
||||
sdImage = {
|
||||
compressImage = false;
|
||||
firmwareSize = 1024;
|
||||
|
@ -56,7 +55,7 @@ in {
|
|||
echo ''${path/\/nix\/store\/}
|
||||
}
|
||||
|
||||
cp ${pkgs.rpi5-uefi}/boot/* firmware
|
||||
cp ${pkgs.rpi5-uefi}/* firmware
|
||||
|
||||
mkdir -p firmware/EFI/nixos
|
||||
touch firmware/EFI/nixos-sd-system-image
|
||||
|
@ -64,10 +63,16 @@ in {
|
|||
kernelFile=$(storePath ${config.boot.kernelPackages.kernel})-${config.system.boot.loader.kernelFile}
|
||||
initrdFile=$(storePath ${config.system.build.initialRamdisk})-${config.system.boot.loader.initrdFile}
|
||||
|
||||
cp ${config.boot.kernelPackages.kernel + "/" + config.system.boot.loader.kernelFile} \
|
||||
cp ${
|
||||
config.boot.kernelPackages.kernel + "/"
|
||||
+ config.system.boot.loader.kernelFile
|
||||
} \
|
||||
firmware/EFI/nixos/$kernelFile
|
||||
|
||||
cp ${config.system.build.initialRamdisk + "/" + config.system.boot.loader.initrdFile} \
|
||||
cp ${
|
||||
config.system.build.initialRamdisk + "/"
|
||||
+ config.system.boot.loader.initrdFile
|
||||
} \
|
||||
firmware/EFI/nixos/$initrdFile
|
||||
|
||||
mkdir -p firmware/EFI/boot
|
||||
|
@ -79,7 +84,7 @@ in {
|
|||
${pkgs.grub2_efi}/bin/grub-mkimage --directory=${pkgs.grub2_efi}/lib/grub/arm64-efi \
|
||||
-o firmware/EFI/boot/bootaa64.efi \
|
||||
-p /EFI/boot -O arm64-efi ''${MODULES[@]}
|
||||
|
||||
|
||||
cat <<EOF > firmware/EFI/boot/grub.cfg
|
||||
search --set=root --file /EFI/nixos-sd-system-image
|
||||
|
||||
|
@ -90,7 +95,9 @@ in {
|
|||
set default="0"
|
||||
|
||||
menuentry '${config.system.nixos.distroName} ${config.system.nixos.label}' {
|
||||
linux /EFI/nixos/$kernelFile init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams}
|
||||
linux /EFI/nixos/$kernelFile init=${config.system.build.toplevel}/init ${
|
||||
toString config.boot.kernelParams
|
||||
}
|
||||
initrd /EFI/nixos/$initrdFile
|
||||
devicetree /bcm2712-rpi-5-b.dtb
|
||||
}
|
||||
|
@ -107,7 +114,12 @@ in {
|
|||
boot = {
|
||||
kernelPackages = lib.mkForce pkgs.linuxPackages_rpi5;
|
||||
supportedFilesystems = lib.mkForce [ "vfat" "ext4" ];
|
||||
kernelParams = [ "fbcon=rotate:2" "8250.nr_uarts=11" "console=ttyAMA10,115200" "console=tty0" ];
|
||||
kernelParams = [
|
||||
"fbcon=rotate:2"
|
||||
"8250.nr_uarts=11"
|
||||
"console=ttyAMA10,115200"
|
||||
"console=tty0"
|
||||
];
|
||||
initrd.availableKernelModules = lib.mkForce [
|
||||
"usbhid"
|
||||
"usb_storage"
|
||||
|
@ -122,7 +134,7 @@ in {
|
|||
device = "nodev";
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
fileSystems = lib.mkForce {
|
||||
"/" = {
|
||||
device = "/dev/disk/by-label/NIXOS_SD";
|
||||
|
|
|
@ -469,7 +469,7 @@
|
|||
forceSSL = true;
|
||||
enableACME = true;
|
||||
};
|
||||
${config.services.matrix-synapse.settings.server_name} = {
|
||||
"${config.services.matrix-synapse.settings.server_name}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
|
||||
|
|
|
@ -8,6 +8,9 @@ self: super: rec {
|
|||
};
|
||||
|
||||
linuxPackages_rpi5 = self.linuxPackagesFor linux_rpi5;
|
||||
|
||||
|
||||
rpi5-arm-tf = self.callPackage ../pkgs/rpi5-arm-tf.nix { };
|
||||
rpi5-edk2-tools = self.callPackage ../pkgs/rpi5-edk2-tools.nix { };
|
||||
rpi5-uefi = self.callPackage ../pkgs/rpi5-uefi.nix { };
|
||||
rpi5-uefi-bin = self.callPackage ../pkgs/rpi5-uefi-bin.nix { };
|
||||
}
|
||||
|
|
|
@ -0,0 +1,46 @@
|
|||
{ lib, stdenv, fetchFromGitHub, runCommand, buildPackages, pkgsCross, openssl }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "arm-trusted-firmware-rpi5";
|
||||
version = "20240316";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "worproject";
|
||||
repo = "arm-trusted-firmware";
|
||||
rev = "682607fbd775e37fb5631508434dab9e60220c9a";
|
||||
hash = "sha256-Kdn9xJtHhwxvqpzC6osW2xWdZrlOmowaxBLPYGmtHYQ=";
|
||||
};
|
||||
|
||||
depsBuildBuild = [ buildPackages.stdenv.cc ];
|
||||
nativeBuildInputs = [ pkgsCross.arm-embedded.stdenv.cc ];
|
||||
|
||||
makeFlags = [
|
||||
"HOSTCC=$(CC_FOR_BUILD)"
|
||||
"AS=$(CC_FOR_BUILD)"
|
||||
"CROSS_COMPILE=${stdenv.cc.targetPrefix}"
|
||||
# binutils 2.39 regression
|
||||
# `warning: /build/source/build/rk3399/release/bl31/bl31.elf has a LOAD segment with RWX permissions`
|
||||
# See also: https://developer.trustedfirmware.org/T996
|
||||
"LDFLAGS=-no-warn-rwx-segments"
|
||||
|
||||
"PLAT=rpi5"
|
||||
"PRELOADED_BL33_BASE=0x20000"
|
||||
"RPI3_PRELOADED_DTB_BASE=0x1F0000"
|
||||
"SUPPORT_VFP=1"
|
||||
"SMC_PCI_SUPPORT=1"
|
||||
];
|
||||
|
||||
filesToInstall = [ "build/rpi5/release/*" ];
|
||||
|
||||
installPhase = ''
|
||||
runHook preInstall
|
||||
|
||||
mkdir -p $out
|
||||
cp -r ${lib.concatStringsSep " " filesToInstall} $out
|
||||
|
||||
runHook postInstall
|
||||
'';
|
||||
|
||||
hardeningDisable = [ "all" ];
|
||||
dontStrip = true;
|
||||
}
|
|
@ -0,0 +1,58 @@
|
|||
{ lib, stdenv, fetchFromGitHub, openssl, buildPackages, runCommand, clangStdenv
|
||||
, fetchpatch, libuuid, python3 }:
|
||||
|
||||
let
|
||||
srcWithVendoring = fetchFromGitHub {
|
||||
owner = "worproject";
|
||||
repo = "rpi5-uefi";
|
||||
rev = "c1ca184c608dca75a346cc56b8eaf42648d83e86";
|
||||
fetchSubmodules = true;
|
||||
hash = "sha256-mGMqgJXsEFq79aHes8HUGcKrfbGjeAHTA/xzbq5qURs=";
|
||||
};
|
||||
pythonEnv = buildPackages.python3.withPackages (ps: [ ps.tkinter ]);
|
||||
in stdenv.mkDerivation {
|
||||
name = "rpi5-edk2-tools";
|
||||
version = "20240316";
|
||||
|
||||
# We don't want EDK2 to keep track of OpenSSL,
|
||||
# they're frankly bad at it.
|
||||
src = runCommand "edk2-unvendored-src" { } ''
|
||||
cp --no-preserve=mode -r ${srcWithVendoring} $out
|
||||
rm -rf $out/edk2/CryptoPkg/Library/OpensslLib/openssl
|
||||
mkdir -p $out/edk2/CryptoPkg/Library/OpensslLib/openssl
|
||||
tar --strip-components=1 -xf ${buildPackages.openssl.src} -C $out/edk2/CryptoPkg/Library/OpensslLib/openssl
|
||||
chmod -R +w $out/
|
||||
|
||||
# Fix missing INT64_MAX include that edk2 explicitly does not provide
|
||||
# via it's own <stdint.h>. Let's pull in openssl's definition instead:
|
||||
sed -i $out/edk2/CryptoPkg/Library/OpensslLib/openssl/crypto/property/property_parse.c \
|
||||
-e '1i #include "internal/numbers.h"'
|
||||
'';
|
||||
|
||||
nativeBuildInputs = [ pythonEnv ];
|
||||
depsBuildBuild = [ buildPackages.stdenv.cc buildPackages.bash ];
|
||||
depsHostHost = [ libuuid ];
|
||||
strictDeps = true;
|
||||
|
||||
# trick taken from https://src.fedoraproject.org/rpms/edk2/blob/08f2354cd280b4ce5a7888aa85cf520e042955c3/f/edk2.spec#_319
|
||||
GCC5_AARCH64_PREFIX = stdenv.cc.targetPrefix;
|
||||
|
||||
makeFlags = [ "-C edk2/BaseTools" "-j 14" ];
|
||||
|
||||
env.NIX_CFLAGS_COMPILE = "-Wno-return-type"
|
||||
+ lib.optionalString stdenv.cc.isGNU " -Wno-error=stringop-truncation"
|
||||
+ lib.optionalString stdenv.isDarwin " -Wno-error=macro-redefined";
|
||||
|
||||
hardeningDisable = [ "format" "fortify" ];
|
||||
|
||||
installPhase = ''
|
||||
mkdir -vp $out
|
||||
mv -v edk2/BaseTools $out
|
||||
mv -v edk2/edksetup.sh $out
|
||||
# patchShebangs fails to see these when cross compiling
|
||||
for i in $out/BaseTools/BinWrappers/PosixLike/*; do
|
||||
substituteInPlace $i --replace '/usr/bin/env bash' ${buildPackages.bash}/bin/bash
|
||||
chmod +x "$i"
|
||||
done
|
||||
'';
|
||||
}
|
|
@ -0,0 +1,25 @@
|
|||
{ stdenv, lib, fetchzip }:
|
||||
|
||||
let version = "v0.3";
|
||||
in stdenv.mkDerivation {
|
||||
pname = "rpi5-uefi";
|
||||
inherit version;
|
||||
|
||||
src = fetchzip {
|
||||
url =
|
||||
"https://github.com/worproject/rpi5-uefi/releases/download/${version}/RPi5_UEFI_Release_${version}.zip";
|
||||
sha256 = "sha256-bjEvq7KlEFANnFVL0LyexXEeoXj7rHGnwQpq09PhIb0=";
|
||||
stripRoot = false;
|
||||
};
|
||||
|
||||
installPhase = ''
|
||||
runHook preInstall
|
||||
|
||||
mkdir -p $out/boot
|
||||
mv ./* $out/boot
|
||||
|
||||
runHook postInstall
|
||||
'';
|
||||
|
||||
meta = with lib; { description = "EDK2 port for raspberry pi 5"; };
|
||||
}
|
|
@ -1,28 +1,57 @@
|
|||
{ stdenv, lib, fetchzip }:
|
||||
{ lib, stdenv, openssl, pkgsCross, buildPackages, runCommand, rpi5-arm-tf
|
||||
, rpi5-edk2-tools, libuuid, python3, bc, util-linux, nasm, acpica-tools }:
|
||||
|
||||
let pythonEnv = buildPackages.python3.withPackages (ps: [ ps.tkinter ]);
|
||||
in stdenv.mkDerivation rec {
|
||||
name = "rpi5-uefi";
|
||||
version = "20240316";
|
||||
|
||||
inherit (rpi5-edk2-tools) src;
|
||||
|
||||
nativeBuildInputs = [ bc pythonEnv util-linux nasm acpica-tools ];
|
||||
depsBuildBuild = [ buildPackages.stdenv.cc ];
|
||||
strictDeps = true;
|
||||
|
||||
# trick taken from https://src.fedoraproject.org/rpms/edk2/blob/08f2354cd280b4ce5a7888aa85cf520e042955c3/f/edk2.spec#_319
|
||||
GCC5_AARCH64_PREFIX = stdenv.cc.targetPrefix;
|
||||
|
||||
env.NIX_CFLAGS_COMPILE = toString [ "-Wformat" ];
|
||||
|
||||
prePatch = ''
|
||||
rm -rf edk2/BaseTools
|
||||
ln -sv ${rpi5-edk2-tools}/BaseTools edk2/BaseTools
|
||||
'';
|
||||
|
||||
configurePhase = ''
|
||||
runHook preConfigure
|
||||
export WORKSPACE="$PWD"
|
||||
export PACKAGES_PATH=$WORKSPACE/edk2:$WORKSPACE/edk2-platforms:$WORKSPACE/edk2-non-osi
|
||||
|
||||
. $WORKSPACE/edk2/edksetup.sh BaseTools
|
||||
runHook postConfigure
|
||||
'';
|
||||
|
||||
buildPhase = ''
|
||||
runHook preBuild
|
||||
|
||||
build -a AARCH64 \
|
||||
-b RELEASE \
|
||||
-t GCC \
|
||||
-p edk2-platforms/Platform/RaspberryPi/RPi5/RPi5.dsc \
|
||||
-D TFA_BUILD_ARTIFACTS=${rpi5-arm-tf} \
|
||||
--pcd gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVersionString=L"${version}" \
|
||||
-n $NIX_BUILD_CORES $buildFlags
|
||||
|
||||
runHook postBuild
|
||||
'';
|
||||
|
||||
let
|
||||
version = "v0.3";
|
||||
in
|
||||
stdenv.mkDerivation {
|
||||
pname = "rpi5-uefi";
|
||||
version = version;
|
||||
|
||||
src = fetchzip {
|
||||
url = "https://github.com/worproject/rpi5-uefi/releases/download/${version}/RPi5_UEFI_Release_${version}.zip";
|
||||
sha256 = "sha256-bjEvq7KlEFANnFVL0LyexXEeoXj7rHGnwQpq09PhIb0=";
|
||||
stripRoot = false;
|
||||
};
|
||||
|
||||
installPhase = ''
|
||||
runHook preInstall
|
||||
|
||||
mkdir -p $out/boot
|
||||
mv ./* $out/boot
|
||||
|
||||
|
||||
mkdir -p $out
|
||||
mv -v Build/RPi5/RELEASE_GCC/FV/RPI_EFI.fd $out/
|
||||
mv -v config.txt $out/
|
||||
|
||||
runHook postInstall
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
description = "EDK2 port for raspberry pi 5";
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue