diff --git a/alarm/uefi-raspberrypi4/.gitignore b/alarm/uefi-raspberrypi4/.gitignore new file mode 100644 index 0000000000..bdc69f1492 --- /dev/null +++ b/alarm/uefi-raspberrypi4/.gitignore @@ -0,0 +1,3 @@ +*.cer +*.bin +*.tar.gz diff --git a/alarm/uefi-raspberrypi4/70-post-install-uefi.hook b/alarm/uefi-raspberrypi4/70-post-install-uefi.hook new file mode 100644 index 0000000000..a478eb9ce6 --- /dev/null +++ b/alarm/uefi-raspberrypi4/70-post-install-uefi.hook @@ -0,0 +1,12 @@ +[Trigger] +Type = File +Operation = Install +Operation = Upgrade +Target = boot/Image +Target = boot/Image.gz +Target = boot/RPI_EFI.fd + +[Action] +Description = Copying kernel binaries... +When = PostTransaction +Exec = /usr/share/libalpm/scripts/post-install-uefi diff --git a/alarm/uefi-raspberrypi4/80-pre-remove-uefi.hook b/alarm/uefi-raspberrypi4/80-pre-remove-uefi.hook new file mode 100644 index 0000000000..6edd79144d --- /dev/null +++ b/alarm/uefi-raspberrypi4/80-pre-remove-uefi.hook @@ -0,0 +1,9 @@ +[Trigger] +Type = File +Operation = Remove +Target = boot/RPI_EFI.fd + +[Action] +Description = Removing copied files for UEFI... +When = PreTransaction +Exec = /usr/share/libalpm/scripts/pre-remove-uefi diff --git a/alarm/uefi-raspberrypi4/PKGBUILD b/alarm/uefi-raspberrypi4/PKGBUILD new file mode 100644 index 0000000000..0c977473f9 --- /dev/null +++ b/alarm/uefi-raspberrypi4/PKGBUILD @@ -0,0 +1,201 @@ +# Maintainer: zhanghua + +buildarch=8 # aarch64 + +declare -rAg _modules_name_map=( + [edk2]=https://github.com/tianocore/edk2/archive/b158dad150bf02879668f72ce306445250838201.tar.gz + [edk2/CryptoPkg/Library/OpensslLib/openssl]=https://github.com/openssl/openssl/archive/de90e54bbe82e5be4fb9608b6f5c308bb837d355.tar.gz + [edk2/CryptoPkg/Library/OpensslLib/openssl/gost-engine]=https://github.com/gost-engine/engine/archive/b2b4d629f100eaee9f5942a106b1ccefe85b8808.tar.gz + [edk2/CryptoPkg/Library/OpensslLib/openssl/libprov]=https://github.com/provider-corner/libprov/archive/8a126e09547630ef900177625626b6156052f0ee.tar.gz + [edk2/CryptoPkg/Library/OpensslLib/openssl/krb5]=https://github.com/krb5/krb5/archive/aa9b4a2a64046afd2fab7cb49c346295874a5fb6.tar.gz + [edk2/CryptoPkg/Library/OpensslLib/openssl/pyca-cryptography]=https://github.com/pyca/cryptography/archive/c18d0567386414efa3caef7ed586c4ca75bf3a8b.tar.gz + [edk2/CryptoPkg/Library/OpensslLib/openssl/wycheproof]=https://github.com/google/wycheproof/archive/2196000605e45d91097147c9c71f26b72af58003.tar.gz + [edk2/ArmPkg/Library/ArmSoftFloatLib/berkeley-softfloat-3]=https://github.com/ucb-bar/berkeley-softfloat-3/archive/b64af41c3276f97f0e181920400ee056b9c88037.tar.gz + [edk2/UnitTestFrameworkPkg/Library/CmockaLib/cmocka]=https://github.com/tianocore/edk2-cmocka/archive/1cc9cde3448cdd2e000886a26acf1caac2db7cf1.tar.gz + [edk2/MdeModulePkg/Universal/RegularExpressionDxe/oniguruma]=https://github.com/kkos/oniguruma/archive/abfc8ff81df4067f309032467785e06975678f0d.tar.gz + [edk2/MdeModulePkg/Library/BrotliCustomDecompressLib/brotli]=https://github.com/google/brotli/archive/f4153a09f87cbb9c826d8fc12c74642bb2d879ea.tar.gz + [edk2/BaseTools/Source/C/BrotliCompress/brotli]=https://github.com/google/brotli/archive/f4153a09f87cbb9c826d8fc12c74642bb2d879ea.tar.gz + [edk2/RedfishPkg/Library/JsonLib/jansson]=https://github.com/akheron/jansson/archive/e9ebfa7e77a6bee77df44e096b100e7131044059.tar.gz + [edk2/UnitTestFrameworkPkg/Library/GoogleTestLib/googletest]=https://github.com/google/googletest/archive/86add13493e5c881d7e4ba77fb91c1f57752b3a4.tar.gz + [edk2/UnitTestFrameworkPkg/Library/SubhookLib/subhook]=https://github.com/Zeex/subhook/archive/83d4e1ebef3588fae48b69a7352cc21801cb70bc.tar.gz + [edk2/MdePkg/Library/BaseFdtLib/libfdt]=https://github.com/devicetree-org/pylibfdt/archive/cfff805481bdea27f900c32698171286542b8d3c.tar.gz + [edk2/MdePkg/Library/MipiSysTLib/mipisyst]=https://github.com/MIPI-Alliance/public-mipi-sys-t/archive/370b5944c046bab043dd8b133727b2135af7747a.tar.gz + [edk2/MdePkg/Library/MipiSysTLib/mipisyst/external/pugixml]=https://github.com/zeux/pugixml/archive/c53fdab93af76106b963216d85897614b996f8b6.tar.gz + [edk2/MdePkg/Library/MipiSysTLib/mipisyst/external/googletest]=https://github.com/google/googletest/archive/a6f06bf2fd3b832822cd4e9e554b7d47f32ec084.tar.gz + [edk2/CryptoPkg/Library/MbedTlsLib/mbedtls]=https://github.com/Mbed-TLS/mbedtls/archive/8c89224991adff88d53cd380f42a2baa36f91454.tar.gz + [edk2/SecurityPkg/DeviceSecurity/SpdmLib/libspdm]=https://github.com/DMTF/libspdm/archive/50924a4c8145fc721e17208f55814d2b38766fe6.tar.gz + [edk2/SecurityPkg/DeviceSecurity/SpdmLib/libspdm/os_stub/openssllib/openssl]=https://github.com/openssl/openssl/archive/de90e54bbe82e5be4fb9608b6f5c308bb837d355.tar.gz + [edk2/SecurityPkg/DeviceSecurity/SpdmLib/libspdm/os_stub/openssllib/openssl/gost-engine]=https://github.com/gost-engine/engine/archive/b2b4d629f100eaee9f5942a106b1ccefe85b8808.tar.gz + [edk2/SecurityPkg/DeviceSecurity/SpdmLib/libspdm/os_stub/openssllib/openssl/gost-engine/libprov]=https://github.com/provider-corner/libprov/archive/8a126e09547630ef900177625626b6156052f0ee.tar.gz + [edk2/SecurityPkg/DeviceSecurity/SpdmLib/libspdm/os_stub/openssllib/openssl/krb5]=https://github.com/krb5/krb5/archive/aa9b4a2a64046afd2fab7cb49c346295874a5fb6.tar.gz + [edk2/SecurityPkg/DeviceSecurity/SpdmLib/libspdm/os_stub/openssllib/openssl/pyca-cryptography]=https://github.com/pyca/cryptography/archive/c18d0567386414efa3caef7ed586c4ca75bf3a8b.tar.gz + [edk2/SecurityPkg/DeviceSecurity/SpdmLib/libspdm/os_stub/openssllib/openssl/wycheproof]=https://github.com/C2SP/wycheproof/archive/2196000605e45d91097147c9c71f26b72af58003.tar.gz + [edk2/SecurityPkg/DeviceSecurity/SpdmLib/libspdm/os_stub/mbedtlslib/mbedtls]=https://github.com/Mbed-TLS/mbedtls/archive/dd79db10014d85b26d11fe57218431f2e5ede6f2.tar.gz + [edk2/SecurityPkg/DeviceSecurity/SpdmLib/libspdm/unit_test/cmockalib/cmocka]=https://gitlab.com/cmocka/cmocka/-/archive/a01cc69ee9536f90e57c61a198f2d1944d3d4313/cmocka-a01cc69ee9536f90e57c61a198f2d1944d3d4313.tar.gz + + [edk2-non-osi]=https://github.com/tianocore/edk2-non-osi/archive/0544808c623bb73252310b1e5ef887caaf08c34b.tar.gz + + [edk2-platforms]=https://github.com/tianocore/edk2-platforms/archive/6146fd7abcf6bfa083d33d1dfdc750694fc040a7.tar.gz + [edk2-platforms/Silicon/RISC-V/ProcessorPkg/Library/RiscVOpensbiLib/opensbi]=https://github.com/riscv-software-src/opensbi/archive/a731c7e36988c3308e1978ecde491f2f6182d490.tar.gz +) + +_get_source_name_string() { + local host filename name commit + host=$(echo "$1" | cut -d / -f 3) + name=$(echo "$1" | cut -d / -f 5) + filename=${1##*/} + commit=${filename%%.*} + case "$host" in + gitlab.com) + # It contains $name in $commit + echo "$commit" + ;; + *) + echo "$name-$commit" + ;; + esac +} + +_fill_gitmodules_recursively() { + local gitmodule + find "${1:-.}" -type f -name .gitmodules | while read -r gitmodule + do + local prefix + prefix=$(dirname "$gitmodule")"/" + if [[ "$gitmodule" =~ ^\.\/ ]] + then + gitmodule=${gitmodule#*\.\/} + prefix=${prefix#*\.\/} + fi + echo "Parsing $gitmodule to fill submodules..." + local p + grep path "$gitmodule" | awk '{print $3}' | while read -r p + do + p=${p%$'\r'} # Remove control characters + if [[ -n "$p" ]] + then + local target url name commit fname + target="$prefix$p" + url="${_modules_name_map[$target]}" + fname=$(_get_source_name_string "$url") + echo "Filling $target with $srcdir/$fname..." + cp -r "$srcdir/$fname/." "$target" + _fill_gitmodules_recursively "$target" + fi + done + done +} + +pkgname="uefi-raspberrypi4" +pkgver=1.38 +pkgrel=1 +backup=("boot/config.txt") +pkgdesc="UEFI firmware for RaspberryPi 4B" +url="https://github.com/pftf/RPi4" +arch=("aarch64") +license=("BSD-2-Clause-Patent") +makedepends=("acpica" "openssl" "util-linux" "python") +source=( + "ms_kek1.cer::https://go.microsoft.com/fwlink/?LinkId=321185" + "ms_kek2.cer::https://go.microsoft.com/fwlink/?linkid=2239775" + "ms_db1.cer::https://go.microsoft.com/fwlink/?linkid=321192" + "ms_db2.cer::https://go.microsoft.com/fwlink/?linkid=321194" + "ms_db3.cer::https://go.microsoft.com/fwlink/?linkid=2239776" + "ms_db4.cer::https://go.microsoft.com/fwlink/?linkid=2239872" + "arm64_dbx.bin::https://uefi.org/sites/default/files/resources/dbxupdate_arm64.bin" + "70-post-install-uefi.hook" + "80-pre-remove-uefi.hook" + "post-install-uefi" + "pre-remove-uefi" + "RPi4-${pkgver}.tar.gz::https://github.com/pftf/RPi4/archive/refs/tags/v${pkgver}.tar.gz" +) + +declare source_str uri +for uri in "${_modules_name_map[@]}" +do + source_str="$(_get_source_name_string "$uri").tar.gz::${uri}" + if [[ "${source[*]/${source_str}/}" == "${source[*]}" ]] + then + source+=("${source_str}") + fi +done +unset source_str uri + +sha256sums=('a1117f516a32cefcba3f2d1ace10a87972fd6bbe8fe0d0b996e09e65d802a503' + '3cd3f0309edae228767a976dd40d9f4affc4fbd5218f2e8cc3c9dd97e8ac6f9d' + 'e8e95f0733a55e8bad7be0a1413ee23c51fcea64b3c8fa6a786935fddcc71961' + '48e99b991f57fc52f76149599bff0a58c47154229b9f8d603ac40d3500248507' + '076f1fea90ac29155ebf77c17682f75f1fdd1be196da302dc8461e350a9ae330' + 'f6124e34125bee3fe6d79a574eaa7b91c0e7bd9d929c1a321178efd611dad901' + 'f42c187f8b01b497f81fb0459164b27d16ca2af0b95c7331a82c1a27a731a885' + '8e55eb4afdd6b572d2413e87b64219d2f9d3bd033de2dfd37e176e92d25d5821' + 'caa86b22a1452d8974e7bbecbb6d9fb591a58da928a06d5e13cee9592e785b12' + 'aed9dfd4c1e7c6092179e8bec63be3fc7b5d958c94063d60a7d1fe4a36f460ef' + 'e7db4c6150688a4aa6922435f531e5fa6e95d39380bb67ddb5a3554335eb419d' + '0f0d68e180d7b16f8febb88cac358dd32a2596c82fb448849e7a159945a2f988' + 'eea977380ebb1871d5de38c4f7f15442ee690c90bdf790590d930a6bbf347f28' + 'f8dd06309075e36882c10d84fe4e0bb67f70fe2df86bffcf30e65524e078cdd3' + '59cd4b81abafae35d94ac5d91cf4ae5b05122e688713cd6db51e5e4cef471d8f' + '50a9a0f08839c0e659c4f614b0c3cb93a2a4eb9013b94deb272a1d3f0c47d7dc' + 'e1e1d75109315cbd0610b65295a081ccb4ec1886076241820ce5d61b44b87a91' + '962aefeeddb130deeb68c6c60c4848ddedd09d7715ed1ba8a8dadabd032d6232' + 'b5c7e7c54e013c168f4aae036e59912785f11b4aeebd57f6165a14e879b9a82c' + '1193910f475fde07f3cd4fe1c1a353d69b8cedb574967134838fcdc8208d224e' + '6d6cacce05086b7debe75127415ff9c3661849f564fe2f5f3b0383d48aa4ed77' + 'cc29dd6141afdddf14e9b770d5ab2839f769eee19628d31c7cb6187d0c321e9c' + 'dbfc74f14091d66b95edab229cff9ef8f1f0ab40da30efec36ca3546a3482b76' + '981ab3e9634cb7c041b484cc1876f22a743dc0ae53a970117ca1b5700670a964' + '6467f52b39f5954d6fd242487140c459001b650e1df7511392397e099894a2a1' + '9fda3b9a78343ab2be6f06ce6396536e7e065abac29b47c8eb2e42cbb4c4f00b' + '34005d1062f73d1142ac4ca29b9f456fae99a89f0acc01edf4ff4117d59b7583' + '28d89f42da17357f4292574e1ba8780f4f233c6324993d4885f25b8699c75938' + '1f5f3eb67cccd4498940bb71c456c07c385eefeda645fa49ef2c432b5723b875' + '4049ab4cdfae20c376c33b139c34a805a0074dc0d6fe8f47491cd2ab3c3eba98' + '3c3095488b936b14538dca64d7e68bcde09a8a18d2a32a47b59877eff0340403' + 'faae889814ea6a292f7ca03d9b36e6c7e95bab2a64777804883cc822b8d48757' + '1f5f3eb67cccd4498940bb71c456c07c385eefeda645fa49ef2c432b5723b875' + '042dea86b76568e1cbc430475c9fa0e7c433515d2d9e7b4e0a1c08b32f52ed15' + 'e7935c0d91d6d22f6dee710a26b23e228ecc4fe8ef7e8f756558c3599f68c3b4' + '3c98b0abda3175c1f3a081796fae9f5081d2a6e21d1b8b29a5e5b90d690eee2f' + '97a0e47ae225fe45090925125eb711943bf66584ac5fd9c831d14014443124cb' + '5c13b8a73163617e9d985243f0ecb49a97db8fa2d2f76d9ded249aacd3e00113') + + +prepare(){ + cd "${srcdir}/RPi4-${pkgver}" + _fill_gitmodules_recursively + mkdir -p keys + cp "${srcdir}"/{ms_kek1.cer,ms_kek2.cer,ms_db1.cer,ms_db2.cer,ms_db3.cer,ms_db4.cer,arm64_dbx.bin} keys/ + openssl req -new -x509 -newkey rsa:2048 -subj "/CN=Raspberry Pi Platform Key/" -keyout /dev/null -outform DER -out keys/pk.cer -days 7300 -nodes -sha256 +} +build(){ + cd "${srcdir}/RPi4-${pkgver}" + make -C edk2/BaseTools -j1 + bash -c \ + "#!/usr/bin/env bash + + export WORKSPACE=\$PWD + export PACKAGES_PATH=\$WORKSPACE/edk2:\$WORKSPACE/edk2-platforms:\$WORKSPACE/edk2-non-osi + export BUILD_FLAGS=\"-D SECURE_BOOT_ENABLE=TRUE -D INCLUDE_TFTP_COMMAND=TRUE -D NETWORK_ISCSI_ENABLE=TRUE -D SMC_PCI_SUPPORT=1\" + export DEFAULT_KEYS=\"-D DEFAULT_KEYS=TRUE -D PK_DEFAULT_FILE=\$WORKSPACE/keys/pk.cer -D KEK_DEFAULT_FILE1=\$WORKSPACE/keys/ms_kek1.cer -D KEK_DEFAULT_FILE2=\$WORKSPACE/keys/ms_kek2.cer -D DB_DEFAULT_FILE1=\$WORKSPACE/keys/ms_db1.cer -D DB_DEFAULT_FILE2=\$WORKSPACE/keys/ms_db2.cer -D DB_DEFAULT_FILE3=\$WORKSPACE/keys/ms_db3.cer -D DB_DEFAULT_FILE4=\$WORKSPACE/keys/ms_db4.cer -D DBX_DEFAULT_FILE1=\$WORKSPACE/keys/arm64_dbx.bin\" + source edk2/edksetup.sh + build -a AARCH64 -t GCC -p edk2-platforms/Platform/RaspberryPi/RPi4/RPi4.dsc -b RELEASE -n \$(nproc) --pcd gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVendor=L\"https://github.com/pftf/RPi4\" --pcd gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVersionString=L\"UEFI Firmware ${pkgver}-${pkgrel}\" --pcd gRaspberryPiTokenSpaceGuid.PcdRamLimitTo3GB=0 \${BUILD_FLAGS} \${DEFAULT_KEYS} + " +} +package(){ + conflicts=("uboot-raspberrypi") + depends=("raspberrypi-overlays" "linux-aarch64>=5.8" "raspberrypi-bootloader" "bash") + optdepends=( + "firmware-raspberrypi: firmware for RaspberryPi 4B" + "linux-firmware: firmware for RaspberryPi 4B" + "virt-firmware: for editing EFI variables" + ) + + install -Dm644 "${srcdir}/RPi4-${pkgver}/Build/RPi4/RELEASE_GCC/FV/RPI_EFI.fd" "${pkgdir}/boot/RPI_EFI.fd" + install -Dm644 "${srcdir}/RPi4-${pkgver}/config.txt" "${pkgdir}/boot/config.txt" + install -Dm644 "${srcdir}/RPi4-${pkgver}/License.txt" "${pkgdir}/usr/share/licenses/${pkgname}/License.txt" + install -Dm644 "${srcdir}/70-post-install-uefi.hook" "${pkgdir}/usr/share/libalpm/hooks/70-post-install-uefi.hook" + install -Dm644 "${srcdir}/80-pre-remove-uefi.hook" "${pkgdir}/usr/share/libalpm/hooks/80-pre-remove-uefi.hook" + install -Dm755 "${srcdir}/post-install-uefi" "${pkgdir}/usr/share/libalpm/scripts/post-install-uefi" + install -Dm755 "${srcdir}/pre-remove-uefi" "${pkgdir}/usr/share/libalpm/scripts/pre-remove-uefi" +} diff --git a/alarm/uefi-raspberrypi4/post-install-uefi b/alarm/uefi-raspberrypi4/post-install-uefi new file mode 100644 index 0000000000..bf5c25184d --- /dev/null +++ b/alarm/uefi-raspberrypi4/post-install-uefi @@ -0,0 +1,4 @@ +#!/usr/bin/env bash + +echo "Copying device tree from kernel..." +cp /boot/dtbs/broadcom/bcm2711-rpi-4-b.dtb /boot/bcm2711-rpi-4-b.dtb diff --git a/alarm/uefi-raspberrypi4/pre-remove-uefi b/alarm/uefi-raspberrypi4/pre-remove-uefi new file mode 100644 index 0000000000..3ea0bc2da0 --- /dev/null +++ b/alarm/uefi-raspberrypi4/pre-remove-uefi @@ -0,0 +1,4 @@ +#!/usr/bin/env bash + +echo "Removing /boot/bcm2711-rpi-4-b" +rm -f /boot/bcm2711-rpi-4-b.dtb