Add alarm/uefi-raspberrypi4 for UEFI firmware

alarm/uefi-raspberrypi4/.gitignore

@@ -0,0 +1,3 @@
+*.cer
+*.bin 
+*.tar.gz

alarm/uefi-raspberrypi4/70-post-install-uefi.hook

@@ -0,0 +1,12 @@
+[Trigger]
+Type = File
+Operation = Install
+Operation = Upgrade
+Target = boot/Image
+Target = boot/Image.gz
+Target = boot/RPI_EFI.fd
+
+[Action]
+Description = Copying kernel binaries...
+When = PostTransaction
+Exec = /usr/share/libalpm/scripts/post-install-uefi

alarm/uefi-raspberrypi4/80-pre-remove-uefi.hook

@@ -0,0 +1,9 @@
+[Trigger]
+Type = File
+Operation = Remove
+Target = boot/RPI_EFI.fd
+
+[Action]
+Description = Removing copied files for UEFI...
+When = PreTransaction
+Exec = /usr/share/libalpm/scripts/pre-remove-uefi

alarm/uefi-raspberrypi4/PKGBUILD

@@ -0,0 +1,201 @@
+# Maintainer: zhanghua <zhanghua.00@qq.com>
+
+buildarch=8 # aarch64
+
+declare -rAg _modules_name_map=(
+    [edk2]=https://github.com/tianocore/edk2/archive/b158dad150bf02879668f72ce306445250838201.tar.gz
+    [edk2/CryptoPkg/Library/OpensslLib/openssl]=https://github.com/openssl/openssl/archive/de90e54bbe82e5be4fb9608b6f5c308bb837d355.tar.gz
+    [edk2/CryptoPkg/Library/OpensslLib/openssl/gost-engine]=https://github.com/gost-engine/engine/archive/b2b4d629f100eaee9f5942a106b1ccefe85b8808.tar.gz
+    [edk2/CryptoPkg/Library/OpensslLib/openssl/libprov]=https://github.com/provider-corner/libprov/archive/8a126e09547630ef900177625626b6156052f0ee.tar.gz
+    [edk2/CryptoPkg/Library/OpensslLib/openssl/krb5]=https://github.com/krb5/krb5/archive/aa9b4a2a64046afd2fab7cb49c346295874a5fb6.tar.gz
+    [edk2/CryptoPkg/Library/OpensslLib/openssl/pyca-cryptography]=https://github.com/pyca/cryptography/archive/c18d0567386414efa3caef7ed586c4ca75bf3a8b.tar.gz
+    [edk2/CryptoPkg/Library/OpensslLib/openssl/wycheproof]=https://github.com/google/wycheproof/archive/2196000605e45d91097147c9c71f26b72af58003.tar.gz
+    [edk2/ArmPkg/Library/ArmSoftFloatLib/berkeley-softfloat-3]=https://github.com/ucb-bar/berkeley-softfloat-3/archive/b64af41c3276f97f0e181920400ee056b9c88037.tar.gz
+    [edk2/UnitTestFrameworkPkg/Library/CmockaLib/cmocka]=https://github.com/tianocore/edk2-cmocka/archive/1cc9cde3448cdd2e000886a26acf1caac2db7cf1.tar.gz
+    [edk2/MdeModulePkg/Universal/RegularExpressionDxe/oniguruma]=https://github.com/kkos/oniguruma/archive/abfc8ff81df4067f309032467785e06975678f0d.tar.gz
+    [edk2/MdeModulePkg/Library/BrotliCustomDecompressLib/brotli]=https://github.com/google/brotli/archive/f4153a09f87cbb9c826d8fc12c74642bb2d879ea.tar.gz
+    [edk2/BaseTools/Source/C/BrotliCompress/brotli]=https://github.com/google/brotli/archive/f4153a09f87cbb9c826d8fc12c74642bb2d879ea.tar.gz
+    [edk2/RedfishPkg/Library/JsonLib/jansson]=https://github.com/akheron/jansson/archive/e9ebfa7e77a6bee77df44e096b100e7131044059.tar.gz
+    [edk2/UnitTestFrameworkPkg/Library/GoogleTestLib/googletest]=https://github.com/google/googletest/archive/86add13493e5c881d7e4ba77fb91c1f57752b3a4.tar.gz
+    [edk2/UnitTestFrameworkPkg/Library/SubhookLib/subhook]=https://github.com/Zeex/subhook/archive/83d4e1ebef3588fae48b69a7352cc21801cb70bc.tar.gz
+    [edk2/MdePkg/Library/BaseFdtLib/libfdt]=https://github.com/devicetree-org/pylibfdt/archive/cfff805481bdea27f900c32698171286542b8d3c.tar.gz
+    [edk2/MdePkg/Library/MipiSysTLib/mipisyst]=https://github.com/MIPI-Alliance/public-mipi-sys-t/archive/370b5944c046bab043dd8b133727b2135af7747a.tar.gz
+    [edk2/MdePkg/Library/MipiSysTLib/mipisyst/external/pugixml]=https://github.com/zeux/pugixml/archive/c53fdab93af76106b963216d85897614b996f8b6.tar.gz
+    [edk2/MdePkg/Library/MipiSysTLib/mipisyst/external/googletest]=https://github.com/google/googletest/archive/a6f06bf2fd3b832822cd4e9e554b7d47f32ec084.tar.gz
+    [edk2/CryptoPkg/Library/MbedTlsLib/mbedtls]=https://github.com/Mbed-TLS/mbedtls/archive/8c89224991adff88d53cd380f42a2baa36f91454.tar.gz
+    [edk2/SecurityPkg/DeviceSecurity/SpdmLib/libspdm]=https://github.com/DMTF/libspdm/archive/50924a4c8145fc721e17208f55814d2b38766fe6.tar.gz
+    [edk2/SecurityPkg/DeviceSecurity/SpdmLib/libspdm/os_stub/openssllib/openssl]=https://github.com/openssl/openssl/archive/de90e54bbe82e5be4fb9608b6f5c308bb837d355.tar.gz
+    [edk2/SecurityPkg/DeviceSecurity/SpdmLib/libspdm/os_stub/openssllib/openssl/gost-engine]=https://github.com/gost-engine/engine/archive/b2b4d629f100eaee9f5942a106b1ccefe85b8808.tar.gz
+    [edk2/SecurityPkg/DeviceSecurity/SpdmLib/libspdm/os_stub/openssllib/openssl/gost-engine/libprov]=https://github.com/provider-corner/libprov/archive/8a126e09547630ef900177625626b6156052f0ee.tar.gz
+    [edk2/SecurityPkg/DeviceSecurity/SpdmLib/libspdm/os_stub/openssllib/openssl/krb5]=https://github.com/krb5/krb5/archive/aa9b4a2a64046afd2fab7cb49c346295874a5fb6.tar.gz
+    [edk2/SecurityPkg/DeviceSecurity/SpdmLib/libspdm/os_stub/openssllib/openssl/pyca-cryptography]=https://github.com/pyca/cryptography/archive/c18d0567386414efa3caef7ed586c4ca75bf3a8b.tar.gz
+    [edk2/SecurityPkg/DeviceSecurity/SpdmLib/libspdm/os_stub/openssllib/openssl/wycheproof]=https://github.com/C2SP/wycheproof/archive/2196000605e45d91097147c9c71f26b72af58003.tar.gz
+    [edk2/SecurityPkg/DeviceSecurity/SpdmLib/libspdm/os_stub/mbedtlslib/mbedtls]=https://github.com/Mbed-TLS/mbedtls/archive/dd79db10014d85b26d11fe57218431f2e5ede6f2.tar.gz
+    [edk2/SecurityPkg/DeviceSecurity/SpdmLib/libspdm/unit_test/cmockalib/cmocka]=https://gitlab.com/cmocka/cmocka/-/archive/a01cc69ee9536f90e57c61a198f2d1944d3d4313/cmocka-a01cc69ee9536f90e57c61a198f2d1944d3d4313.tar.gz
+
+    [edk2-non-osi]=https://github.com/tianocore/edk2-non-osi/archive/0544808c623bb73252310b1e5ef887caaf08c34b.tar.gz
+
+    [edk2-platforms]=https://github.com/tianocore/edk2-platforms/archive/6146fd7abcf6bfa083d33d1dfdc750694fc040a7.tar.gz
+    [edk2-platforms/Silicon/RISC-V/ProcessorPkg/Library/RiscVOpensbiLib/opensbi]=https://github.com/riscv-software-src/opensbi/archive/a731c7e36988c3308e1978ecde491f2f6182d490.tar.gz
+)
+
+_get_source_name_string() {
+    local host filename name commit
+    host=$(echo "$1" | cut -d / -f 3)
+    name=$(echo "$1" | cut -d / -f 5)
+    filename=${1##*/}
+    commit=${filename%%.*}
+    case "$host" in
+        gitlab.com)
+            # It contains $name in $commit
+            echo "$commit"
+            ;;
+        *)
+            echo "$name-$commit"
+            ;;
+    esac
+}
+
+_fill_gitmodules_recursively() {
+    local gitmodule
+    find "${1:-.}" -type f -name .gitmodules | while read -r gitmodule
+    do
+        local prefix
+        prefix=$(dirname "$gitmodule")"/"
+        if [[ "$gitmodule" =~ ^\.\/ ]]
+        then
+            gitmodule=${gitmodule#*\.\/}
+            prefix=${prefix#*\.\/}
+        fi
+        echo "Parsing $gitmodule to fill submodules..."
+        local p
+        grep path "$gitmodule" | awk '{print $3}' | while read -r p
+        do
+            p=${p%$'\r'} # Remove control characters
+            if [[ -n "$p" ]]
+            then
+                local target url name commit fname
+                target="$prefix$p"
+                url="${_modules_name_map[$target]}"
+                fname=$(_get_source_name_string "$url")
+                echo "Filling $target with $srcdir/$fname..."
+                cp -r "$srcdir/$fname/." "$target"
+                _fill_gitmodules_recursively "$target"
+            fi
+        done
+    done
+}
+
+pkgname="uefi-raspberrypi4" 
+pkgver=1.38
+pkgrel=1
+backup=("boot/config.txt")
+pkgdesc="UEFI firmware for RaspberryPi 4B"
+url="https://github.com/pftf/RPi4"
+arch=("aarch64")
+license=("BSD-2-Clause-Patent")
+makedepends=("acpica" "openssl" "util-linux" "python")
+source=(
+    "ms_kek1.cer::https://go.microsoft.com/fwlink/?LinkId=321185"
+    "ms_kek2.cer::https://go.microsoft.com/fwlink/?linkid=2239775"
+    "ms_db1.cer::https://go.microsoft.com/fwlink/?linkid=321192"
+    "ms_db2.cer::https://go.microsoft.com/fwlink/?linkid=321194"
+    "ms_db3.cer::https://go.microsoft.com/fwlink/?linkid=2239776"
+    "ms_db4.cer::https://go.microsoft.com/fwlink/?linkid=2239872"
+    "arm64_dbx.bin::https://uefi.org/sites/default/files/resources/dbxupdate_arm64.bin"
+    "70-post-install-uefi.hook"
+    "80-pre-remove-uefi.hook"
+    "post-install-uefi"
+    "pre-remove-uefi"
+    "RPi4-${pkgver}.tar.gz::https://github.com/pftf/RPi4/archive/refs/tags/v${pkgver}.tar.gz"
+)
+
+declare source_str uri
+for uri in "${_modules_name_map[@]}"
+do
+    source_str="$(_get_source_name_string "$uri").tar.gz::${uri}"
+    if [[ "${source[*]/${source_str}/}" == "${source[*]}" ]]
+    then
+        source+=("${source_str}")
+    fi
+done
+unset source_str uri
+
+sha256sums=('a1117f516a32cefcba3f2d1ace10a87972fd6bbe8fe0d0b996e09e65d802a503'
+            '3cd3f0309edae228767a976dd40d9f4affc4fbd5218f2e8cc3c9dd97e8ac6f9d'
+            'e8e95f0733a55e8bad7be0a1413ee23c51fcea64b3c8fa6a786935fddcc71961'
+            '48e99b991f57fc52f76149599bff0a58c47154229b9f8d603ac40d3500248507'
+            '076f1fea90ac29155ebf77c17682f75f1fdd1be196da302dc8461e350a9ae330'
+            'f6124e34125bee3fe6d79a574eaa7b91c0e7bd9d929c1a321178efd611dad901'
+            'f42c187f8b01b497f81fb0459164b27d16ca2af0b95c7331a82c1a27a731a885'
+            '8e55eb4afdd6b572d2413e87b64219d2f9d3bd033de2dfd37e176e92d25d5821'
+            'caa86b22a1452d8974e7bbecbb6d9fb591a58da928a06d5e13cee9592e785b12'
+            'aed9dfd4c1e7c6092179e8bec63be3fc7b5d958c94063d60a7d1fe4a36f460ef'
+            'e7db4c6150688a4aa6922435f531e5fa6e95d39380bb67ddb5a3554335eb419d'
+            '0f0d68e180d7b16f8febb88cac358dd32a2596c82fb448849e7a159945a2f988'
+            'eea977380ebb1871d5de38c4f7f15442ee690c90bdf790590d930a6bbf347f28'
+            'f8dd06309075e36882c10d84fe4e0bb67f70fe2df86bffcf30e65524e078cdd3'
+            '59cd4b81abafae35d94ac5d91cf4ae5b05122e688713cd6db51e5e4cef471d8f'
+            '50a9a0f08839c0e659c4f614b0c3cb93a2a4eb9013b94deb272a1d3f0c47d7dc'
+            'e1e1d75109315cbd0610b65295a081ccb4ec1886076241820ce5d61b44b87a91'
+            '962aefeeddb130deeb68c6c60c4848ddedd09d7715ed1ba8a8dadabd032d6232'
+            'b5c7e7c54e013c168f4aae036e59912785f11b4aeebd57f6165a14e879b9a82c'
+            '1193910f475fde07f3cd4fe1c1a353d69b8cedb574967134838fcdc8208d224e'
+            '6d6cacce05086b7debe75127415ff9c3661849f564fe2f5f3b0383d48aa4ed77'
+            'cc29dd6141afdddf14e9b770d5ab2839f769eee19628d31c7cb6187d0c321e9c'
+            'dbfc74f14091d66b95edab229cff9ef8f1f0ab40da30efec36ca3546a3482b76'
+            '981ab3e9634cb7c041b484cc1876f22a743dc0ae53a970117ca1b5700670a964'
+            '6467f52b39f5954d6fd242487140c459001b650e1df7511392397e099894a2a1'
+            '9fda3b9a78343ab2be6f06ce6396536e7e065abac29b47c8eb2e42cbb4c4f00b'
+            '34005d1062f73d1142ac4ca29b9f456fae99a89f0acc01edf4ff4117d59b7583'
+            '28d89f42da17357f4292574e1ba8780f4f233c6324993d4885f25b8699c75938'
+            '1f5f3eb67cccd4498940bb71c456c07c385eefeda645fa49ef2c432b5723b875'
+            '4049ab4cdfae20c376c33b139c34a805a0074dc0d6fe8f47491cd2ab3c3eba98'
+            '3c3095488b936b14538dca64d7e68bcde09a8a18d2a32a47b59877eff0340403'
+            'faae889814ea6a292f7ca03d9b36e6c7e95bab2a64777804883cc822b8d48757'
+            '1f5f3eb67cccd4498940bb71c456c07c385eefeda645fa49ef2c432b5723b875'
+            '042dea86b76568e1cbc430475c9fa0e7c433515d2d9e7b4e0a1c08b32f52ed15'
+            'e7935c0d91d6d22f6dee710a26b23e228ecc4fe8ef7e8f756558c3599f68c3b4'
+            '3c98b0abda3175c1f3a081796fae9f5081d2a6e21d1b8b29a5e5b90d690eee2f'
+            '97a0e47ae225fe45090925125eb711943bf66584ac5fd9c831d14014443124cb'
+            '5c13b8a73163617e9d985243f0ecb49a97db8fa2d2f76d9ded249aacd3e00113')
+
+
+prepare(){
+    cd "${srcdir}/RPi4-${pkgver}"
+    _fill_gitmodules_recursively
+    mkdir -p keys
+    cp "${srcdir}"/{ms_kek1.cer,ms_kek2.cer,ms_db1.cer,ms_db2.cer,ms_db3.cer,ms_db4.cer,arm64_dbx.bin} keys/
+    openssl req -new -x509 -newkey rsa:2048 -subj "/CN=Raspberry Pi Platform Key/" -keyout /dev/null -outform DER -out keys/pk.cer -days 7300 -nodes -sha256
+}
+build(){
+    cd "${srcdir}/RPi4-${pkgver}"
+    make -C edk2/BaseTools -j1
+    bash -c \
+        "#!/usr/bin/env bash
+
+        export WORKSPACE=\$PWD
+        export PACKAGES_PATH=\$WORKSPACE/edk2:\$WORKSPACE/edk2-platforms:\$WORKSPACE/edk2-non-osi
+        export BUILD_FLAGS=\"-D SECURE_BOOT_ENABLE=TRUE -D INCLUDE_TFTP_COMMAND=TRUE -D NETWORK_ISCSI_ENABLE=TRUE -D SMC_PCI_SUPPORT=1\"
+        export DEFAULT_KEYS=\"-D DEFAULT_KEYS=TRUE -D PK_DEFAULT_FILE=\$WORKSPACE/keys/pk.cer -D KEK_DEFAULT_FILE1=\$WORKSPACE/keys/ms_kek1.cer -D KEK_DEFAULT_FILE2=\$WORKSPACE/keys/ms_kek2.cer -D DB_DEFAULT_FILE1=\$WORKSPACE/keys/ms_db1.cer -D DB_DEFAULT_FILE2=\$WORKSPACE/keys/ms_db2.cer -D DB_DEFAULT_FILE3=\$WORKSPACE/keys/ms_db3.cer -D DB_DEFAULT_FILE4=\$WORKSPACE/keys/ms_db4.cer -D DBX_DEFAULT_FILE1=\$WORKSPACE/keys/arm64_dbx.bin\"
+        source edk2/edksetup.sh
+        build -a AARCH64 -t GCC -p edk2-platforms/Platform/RaspberryPi/RPi4/RPi4.dsc -b RELEASE -n \$(nproc) --pcd gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVendor=L\"https://github.com/pftf/RPi4\" --pcd gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVersionString=L\"UEFI Firmware ${pkgver}-${pkgrel}\" --pcd gRaspberryPiTokenSpaceGuid.PcdRamLimitTo3GB=0 \${BUILD_FLAGS} \${DEFAULT_KEYS}
+        "
+}
+package(){
+    conflicts=("uboot-raspberrypi")
+    depends=("raspberrypi-overlays" "linux-aarch64>=5.8" "raspberrypi-bootloader" "bash")
+    optdepends=(
+        "firmware-raspberrypi: firmware for RaspberryPi 4B"
+        "linux-firmware: firmware for RaspberryPi 4B"
+        "virt-firmware: for editing EFI variables"
+    )
+
+    install -Dm644 "${srcdir}/RPi4-${pkgver}/Build/RPi4/RELEASE_GCC/FV/RPI_EFI.fd" "${pkgdir}/boot/RPI_EFI.fd"
+    install -Dm644 "${srcdir}/RPi4-${pkgver}/config.txt" "${pkgdir}/boot/config.txt"
+    install -Dm644 "${srcdir}/RPi4-${pkgver}/License.txt" "${pkgdir}/usr/share/licenses/${pkgname}/License.txt"
+    install -Dm644 "${srcdir}/70-post-install-uefi.hook" "${pkgdir}/usr/share/libalpm/hooks/70-post-install-uefi.hook"
+    install -Dm644 "${srcdir}/80-pre-remove-uefi.hook" "${pkgdir}/usr/share/libalpm/hooks/80-pre-remove-uefi.hook"
+    install -Dm755 "${srcdir}/post-install-uefi" "${pkgdir}/usr/share/libalpm/scripts/post-install-uefi"
+    install -Dm755 "${srcdir}/pre-remove-uefi" "${pkgdir}/usr/share/libalpm/scripts/pre-remove-uefi"
+}

alarm/uefi-raspberrypi4/post-install-uefi

@@ -0,0 +1,4 @@
+#!/usr/bin/env bash 
+
+echo "Copying device tree from kernel..."
+cp /boot/dtbs/broadcom/bcm2711-rpi-4-b.dtb /boot/bcm2711-rpi-4-b.dtb

alarm/uefi-raspberrypi4/pre-remove-uefi

@@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+
+echo "Removing /boot/bcm2711-rpi-4-b"
+rm -f /boot/bcm2711-rpi-4-b.dtb