Add alarm/uefi-raspberrypi4

This is the UEFI firmware for Raspberry Pi 4 implemented by tianocore.

This allows raspbberrypi runs almost any OS with proper drivers, even Windows.

However, it has some limitations, devices such as V3D Core and GPIO are not
available currently, you can see its upstream for more info.

We have disabled the 3GB limit by default because our kernel linux-aarch64
is new enough(>=5.8). This will allow OS uses full RAM on the models
have RAM larger than 3GB.

Bump to 1.34

Stop copying kernel image

Bump to 1.35 and switch to gcc from clang

Reason: CLANG38 is missing after update, and build BaseTools with gcc is fixed by upstream.

Bump to 1.36

Other changes:
- Drop git from makedepends
- Use SPDX License identifier

Bump to 1.37

Bump to 1.38

Signed-off-by: zhanghua000 <[email protected]>

alarm/uefi-raspberrypi4/.gitignore

@@ -0,0 +1,3 @@
+*.cer
+*.bin 
+*.tar.gz

alarm/uefi-raspberrypi4/70-post-install-uefi.hook

@@ -0,0 +1,12 @@
+[Trigger]
+Type = File
+Operation = Install
+Operation = Upgrade
+Target = boot/Image
+Target = boot/Image.gz
+Target = boot/RPI_EFI.fd
+
+[Action]
+Description = Copying kernel binaries...
+When = PostTransaction
+Exec = /usr/share/libalpm/scripts/post-install-uefi

alarm/uefi-raspberrypi4/80-pre-remove-uefi.hook

@@ -0,0 +1,9 @@
+[Trigger]
+Type = File
+Operation = Remove
+Target = boot/RPI_EFI.fd
+
+[Action]
+Description = Removing copied files for UEFI...
+When = PreTransaction
+Exec = /usr/share/libalpm/scripts/pre-remove-uefi

alarm/uefi-raspberrypi4/PKGBUILD

@@ -0,0 +1,201 @@
+# Maintainer: zhanghua <[email protected]>
+
+buildarch=8 # aarch64
+
+declare -rAg _modules_name_map=(
+    [edk2]=https://github.com/tianocore/edk2/archive/b158dad150bf02879668f72ce306445250838201.tar.gz
+    [edk2/CryptoPkg/Library/OpensslLib/openssl]=https://github.com/openssl/openssl/archive/de90e54bbe82e5be4fb9608b6f5c308bb837d355.tar.gz
+    [edk2/CryptoPkg/Library/OpensslLib/openssl/gost-engine]=https://github.com/gost-engine/engine/archive/b2b4d629f100eaee9f5942a106b1ccefe85b8808.tar.gz
+    [edk2/CryptoPkg/Library/OpensslLib/openssl/libprov]=https://github.com/provider-corner/libprov/archive/8a126e09547630ef900177625626b6156052f0ee.tar.gz
+    [edk2/CryptoPkg/Library/OpensslLib/openssl/krb5]=https://github.com/krb5/krb5/archive/aa9b4a2a64046afd2fab7cb49c346295874a5fb6.tar.gz
+    [edk2/CryptoPkg/Library/OpensslLib/openssl/pyca-cryptography]=https://github.com/pyca/cryptography/archive/c18d0567386414efa3caef7ed586c4ca75bf3a8b.tar.gz
+    [edk2/CryptoPkg/Library/OpensslLib/openssl/wycheproof]=https://github.com/google/wycheproof/archive/2196000605e45d91097147c9c71f26b72af58003.tar.gz
+    [edk2/ArmPkg/Library/ArmSoftFloatLib/berkeley-softfloat-3]=https://github.com/ucb-bar/berkeley-softfloat-3/archive/b64af41c3276f97f0e181920400ee056b9c88037.tar.gz
+    [edk2/UnitTestFrameworkPkg/Library/CmockaLib/cmocka]=https://github.com/tianocore/edk2-cmocka/archive/1cc9cde3448cdd2e000886a26acf1caac2db7cf1.tar.gz
+    [edk2/MdeModulePkg/Universal/RegularExpressionDxe/oniguruma]=https://github.com/kkos/oniguruma/archive/abfc8ff81df4067f309032467785e06975678f0d.tar.gz
+    [edk2/MdeModulePkg/Library/BrotliCustomDecompressLib/brotli]=https://github.com/google/brotli/archive/f4153a09f87cbb9c826d8fc12c74642bb2d879ea.tar.gz
+    [edk2/BaseTools/Source/C/BrotliCompress/brotli]=https://github.com/google/brotli/archive/f4153a09f87cbb9c826d8fc12c74642bb2d879ea.tar.gz
+    [edk2/RedfishPkg/Library/JsonLib/jansson]=https://github.com/akheron/jansson/archive/e9ebfa7e77a6bee77df44e096b100e7131044059.tar.gz
+    [edk2/UnitTestFrameworkPkg/Library/GoogleTestLib/googletest]=https://github.com/google/googletest/archive/86add13493e5c881d7e4ba77fb91c1f57752b3a4.tar.gz
+    [edk2/UnitTestFrameworkPkg/Library/SubhookLib/subhook]=https://github.com/Zeex/subhook/archive/83d4e1ebef3588fae48b69a7352cc21801cb70bc.tar.gz
+    [edk2/MdePkg/Library/BaseFdtLib/libfdt]=https://github.com/devicetree-org/pylibfdt/archive/cfff805481bdea27f900c32698171286542b8d3c.tar.gz
+    [edk2/MdePkg/Library/MipiSysTLib/mipisyst]=https://github.com/MIPI-Alliance/public-mipi-sys-t/archive/370b5944c046bab043dd8b133727b2135af7747a.tar.gz
+    [edk2/MdePkg/Library/MipiSysTLib/mipisyst/external/pugixml]=https://github.com/zeux/pugixml/archive/c53fdab93af76106b963216d85897614b996f8b6.tar.gz
+    [edk2/MdePkg/Library/MipiSysTLib/mipisyst/external/googletest]=https://github.com/google/googletest/archive/a6f06bf2fd3b832822cd4e9e554b7d47f32ec084.tar.gz
+    [edk2/CryptoPkg/Library/MbedTlsLib/mbedtls]=https://github.com/Mbed-TLS/mbedtls/archive/8c89224991adff88d53cd380f42a2baa36f91454.tar.gz
+    [edk2/SecurityPkg/DeviceSecurity/SpdmLib/libspdm]=https://github.com/DMTF/libspdm/archive/50924a4c8145fc721e17208f55814d2b38766fe6.tar.gz
+    [edk2/SecurityPkg/DeviceSecurity/SpdmLib/libspdm/os_stub/openssllib/openssl]=https://github.com/openssl/openssl/archive/de90e54bbe82e5be4fb9608b6f5c308bb837d355.tar.gz
+    [edk2/SecurityPkg/DeviceSecurity/SpdmLib/libspdm/os_stub/openssllib/openssl/gost-engine]=https://github.com/gost-engine/engine/archive/b2b4d629f100eaee9f5942a106b1ccefe85b8808.tar.gz
+    [edk2/SecurityPkg/DeviceSecurity/SpdmLib/libspdm/os_stub/openssllib/openssl/gost-engine/libprov]=https://github.com/provider-corner/libprov/archive/8a126e09547630ef900177625626b6156052f0ee.tar.gz
+    [edk2/SecurityPkg/DeviceSecurity/SpdmLib/libspdm/os_stub/openssllib/openssl/krb5]=https://github.com/krb5/krb5/archive/aa9b4a2a64046afd2fab7cb49c346295874a5fb6.tar.gz
+    [edk2/SecurityPkg/DeviceSecurity/SpdmLib/libspdm/os_stub/openssllib/openssl/pyca-cryptography]=https://github.com/pyca/cryptography/archive/c18d0567386414efa3caef7ed586c4ca75bf3a8b.tar.gz
+    [edk2/SecurityPkg/DeviceSecurity/SpdmLib/libspdm/os_stub/openssllib/openssl/wycheproof]=https://github.com/C2SP/wycheproof/archive/2196000605e45d91097147c9c71f26b72af58003.tar.gz
+    [edk2/SecurityPkg/DeviceSecurity/SpdmLib/libspdm/os_stub/mbedtlslib/mbedtls]=https://github.com/Mbed-TLS/mbedtls/archive/dd79db10014d85b26d11fe57218431f2e5ede6f2.tar.gz
+    [edk2/SecurityPkg/DeviceSecurity/SpdmLib/libspdm/unit_test/cmockalib/cmocka]=https://gitlab.com/cmocka/cmocka/-/archive/a01cc69ee9536f90e57c61a198f2d1944d3d4313/cmocka-a01cc69ee9536f90e57c61a198f2d1944d3d4313.tar.gz
+
+    [edk2-non-osi]=https://github.com/tianocore/edk2-non-osi/archive/0544808c623bb73252310b1e5ef887caaf08c34b.tar.gz
+
+    [edk2-platforms]=https://github.com/tianocore/edk2-platforms/archive/6146fd7abcf6bfa083d33d1dfdc750694fc040a7.tar.gz
+    [edk2-platforms/Silicon/RISC-V/ProcessorPkg/Library/RiscVOpensbiLib/opensbi]=https://github.com/riscv-software-src/opensbi/archive/a731c7e36988c3308e1978ecde491f2f6182d490.tar.gz
+)
+
+_get_source_name_string() {
+    local host filename name commit
+    host=$(echo "$1" | cut -d / -f 3)
+    name=$(echo "$1" | cut -d / -f 5)
+    filename=${1##*/}
+    commit=${filename%%.*}
+    case "$host" in
+        gitlab.com)
+            # It contains $name in $commit
+            echo "$commit"
+            ;;
+        *)
+            echo "$name-$commit"
+            ;;
+    esac
+}
+
+_fill_gitmodules_recursively() {
+    local gitmodule
+    find "${1:-.}" -type f -name .gitmodules | while read -r gitmodule
+    do
+        local prefix
+        prefix=$(dirname "$gitmodule")"/"
+        if [[ "$gitmodule" =~ ^\.\/ ]]
+        then
+            gitmodule=${gitmodule#*\.\/}
+            prefix=${prefix#*\.\/}
+        fi
+        echo "Parsing $gitmodule to fill submodules..."
+        local p
+        grep path "$gitmodule" | awk '{print $3}' | while read -r p
+        do
+            p=${p%$'\r'} # Remove control characters
+            if [[ -n "$p" ]]
+            then
+                local target url name commit fname
+                target="$prefix$p"
+                url="${_modules_name_map[$target]}"
+                fname=$(_get_source_name_string "$url")
+                echo "Filling $target with $srcdir/$fname..."
+                cp -r "$srcdir/$fname/." "$target"
+                _fill_gitmodules_recursively "$target"
+            fi
+        done
+    done
+}
+
+pkgname="uefi-raspberrypi4" 
+pkgver=1.38
+pkgrel=1
+backup=("boot/config.txt")
+pkgdesc="UEFI firmware for RaspberryPi 4B"
+url="https://github.com/pftf/RPi4"
+arch=("aarch64")
+license=("BSD-2-Clause-Patent")
+makedepends=("acpica" "openssl" "util-linux" "python")
+source=(
+    "ms_kek1.cer::https://go.microsoft.com/fwlink/?LinkId=321185"
+    "ms_kek2.cer::https://go.microsoft.com/fwlink/?linkid=2239775"
+    "ms_db1.cer::https://go.microsoft.com/fwlink/?linkid=321192"
+    "ms_db2.cer::https://go.microsoft.com/fwlink/?linkid=321194"
+    "ms_db3.cer::https://go.microsoft.com/fwlink/?linkid=2239776"
+    "ms_db4.cer::https://go.microsoft.com/fwlink/?linkid=2239872"
+    "arm64_dbx.bin::https://uefi.org/sites/default/files/resources/dbxupdate_arm64.bin"
+    "70-post-install-uefi.hook"
+    "80-pre-remove-uefi.hook"
+    "post-install-uefi"
+    "pre-remove-uefi"
+    "RPi4-${pkgver}.tar.gz::https://github.com/pftf/RPi4/archive/refs/tags/v${pkgver}.tar.gz"
+)
+
+declare source_str uri
+for uri in "${_modules_name_map[@]}"
+do
+    source_str="$(_get_source_name_string "$uri").tar.gz::${uri}"
+    if [[ "${source[*]/${source_str}/}" == "${source[*]}" ]]
+    then
+        source+=("${source_str}")
+    fi
+done
+unset source_str uri
+
+sha256sums=('a1117f516a32cefcba3f2d1ace10a87972fd6bbe8fe0d0b996e09e65d802a503'
+            '3cd3f0309edae228767a976dd40d9f4affc4fbd5218f2e8cc3c9dd97e8ac6f9d'
+            'e8e95f0733a55e8bad7be0a1413ee23c51fcea64b3c8fa6a786935fddcc71961'
+            '48e99b991f57fc52f76149599bff0a58c47154229b9f8d603ac40d3500248507'
+            '076f1fea90ac29155ebf77c17682f75f1fdd1be196da302dc8461e350a9ae330'
+            'f6124e34125bee3fe6d79a574eaa7b91c0e7bd9d929c1a321178efd611dad901'
+            'f42c187f8b01b497f81fb0459164b27d16ca2af0b95c7331a82c1a27a731a885'
+            '8e55eb4afdd6b572d2413e87b64219d2f9d3bd033de2dfd37e176e92d25d5821'
+            'caa86b22a1452d8974e7bbecbb6d9fb591a58da928a06d5e13cee9592e785b12'
+            'aed9dfd4c1e7c6092179e8bec63be3fc7b5d958c94063d60a7d1fe4a36f460ef'
+            'e7db4c6150688a4aa6922435f531e5fa6e95d39380bb67ddb5a3554335eb419d'
+            '0f0d68e180d7b16f8febb88cac358dd32a2596c82fb448849e7a159945a2f988'
+            'eea977380ebb1871d5de38c4f7f15442ee690c90bdf790590d930a6bbf347f28'
+            'f8dd06309075e36882c10d84fe4e0bb67f70fe2df86bffcf30e65524e078cdd3'
+            '59cd4b81abafae35d94ac5d91cf4ae5b05122e688713cd6db51e5e4cef471d8f'
+            '50a9a0f08839c0e659c4f614b0c3cb93a2a4eb9013b94deb272a1d3f0c47d7dc'
+            'e1e1d75109315cbd0610b65295a081ccb4ec1886076241820ce5d61b44b87a91'
+            '962aefeeddb130deeb68c6c60c4848ddedd09d7715ed1ba8a8dadabd032d6232'
+            'b5c7e7c54e013c168f4aae036e59912785f11b4aeebd57f6165a14e879b9a82c'
+            '1193910f475fde07f3cd4fe1c1a353d69b8cedb574967134838fcdc8208d224e'
+            '6d6cacce05086b7debe75127415ff9c3661849f564fe2f5f3b0383d48aa4ed77'
+            'cc29dd6141afdddf14e9b770d5ab2839f769eee19628d31c7cb6187d0c321e9c'
+            'dbfc74f14091d66b95edab229cff9ef8f1f0ab40da30efec36ca3546a3482b76'
+            '981ab3e9634cb7c041b484cc1876f22a743dc0ae53a970117ca1b5700670a964'
+            '6467f52b39f5954d6fd242487140c459001b650e1df7511392397e099894a2a1'
+            '9fda3b9a78343ab2be6f06ce6396536e7e065abac29b47c8eb2e42cbb4c4f00b'
+            '34005d1062f73d1142ac4ca29b9f456fae99a89f0acc01edf4ff4117d59b7583'
+            '28d89f42da17357f4292574e1ba8780f4f233c6324993d4885f25b8699c75938'
+            '1f5f3eb67cccd4498940bb71c456c07c385eefeda645fa49ef2c432b5723b875'
+            '4049ab4cdfae20c376c33b139c34a805a0074dc0d6fe8f47491cd2ab3c3eba98'
+            '3c3095488b936b14538dca64d7e68bcde09a8a18d2a32a47b59877eff0340403'
+            'faae889814ea6a292f7ca03d9b36e6c7e95bab2a64777804883cc822b8d48757'
+            '1f5f3eb67cccd4498940bb71c456c07c385eefeda645fa49ef2c432b5723b875'
+            '042dea86b76568e1cbc430475c9fa0e7c433515d2d9e7b4e0a1c08b32f52ed15'
+            'e7935c0d91d6d22f6dee710a26b23e228ecc4fe8ef7e8f756558c3599f68c3b4'
+            '3c98b0abda3175c1f3a081796fae9f5081d2a6e21d1b8b29a5e5b90d690eee2f'
+            '97a0e47ae225fe45090925125eb711943bf66584ac5fd9c831d14014443124cb'
+            '5c13b8a73163617e9d985243f0ecb49a97db8fa2d2f76d9ded249aacd3e00113')
+
+
+prepare(){
+    cd "${srcdir}/RPi4-${pkgver}"
+    _fill_gitmodules_recursively
+    mkdir -p keys
+    cp "${srcdir}"/{ms_kek1.cer,ms_kek2.cer,ms_db1.cer,ms_db2.cer,ms_db3.cer,ms_db4.cer,arm64_dbx.bin} keys/
+    openssl req -new -x509 -newkey rsa:2048 -subj "/CN=Raspberry Pi Platform Key/" -keyout /dev/null -outform DER -out keys/pk.cer -days 7300 -nodes -sha256
+}
+build(){
+    cd "${srcdir}/RPi4-${pkgver}"
+    make -C edk2/BaseTools -j1
+    bash -c \
+        "#!/usr/bin/env bash
+
+        export WORKSPACE=\$PWD
+        export PACKAGES_PATH=\$WORKSPACE/edk2:\$WORKSPACE/edk2-platforms:\$WORKSPACE/edk2-non-osi
+        export BUILD_FLAGS=\"-D SECURE_BOOT_ENABLE=TRUE -D INCLUDE_TFTP_COMMAND=TRUE -D NETWORK_ISCSI_ENABLE=TRUE -D SMC_PCI_SUPPORT=1\"
+        export DEFAULT_KEYS=\"-D DEFAULT_KEYS=TRUE -D PK_DEFAULT_FILE=\$WORKSPACE/keys/pk.cer -D KEK_DEFAULT_FILE1=\$WORKSPACE/keys/ms_kek1.cer -D KEK_DEFAULT_FILE2=\$WORKSPACE/keys/ms_kek2.cer -D DB_DEFAULT_FILE1=\$WORKSPACE/keys/ms_db1.cer -D DB_DEFAULT_FILE2=\$WORKSPACE/keys/ms_db2.cer -D DB_DEFAULT_FILE3=\$WORKSPACE/keys/ms_db3.cer -D DB_DEFAULT_FILE4=\$WORKSPACE/keys/ms_db4.cer -D DBX_DEFAULT_FILE1=\$WORKSPACE/keys/arm64_dbx.bin\"
+        source edk2/edksetup.sh
+        build -a AARCH64 -t GCC -p edk2-platforms/Platform/RaspberryPi/RPi4/RPi4.dsc -b RELEASE -n \$(nproc) --pcd gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVendor=L\"https://github.com/pftf/RPi4\" --pcd gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVersionString=L\"UEFI Firmware ${pkgver}-${pkgrel}\" --pcd gRaspberryPiTokenSpaceGuid.PcdRamLimitTo3GB=0 \${BUILD_FLAGS} \${DEFAULT_KEYS}
+        "
+}
+package(){
+    conflicts=("uboot-raspberrypi")
+    depends=("raspberrypi-overlays" "linux-aarch64>=5.8" "raspberrypi-bootloader" "bash")
+    optdepends=(
+        "firmware-raspberrypi: firmware for RaspberryPi 4B"
+        "linux-firmware: firmware for RaspberryPi 4B"
+        "virt-firmware: for editing EFI variables"
+    )
+
+    install -Dm644 "${srcdir}/RPi4-${pkgver}/Build/RPi4/RELEASE_GCC/FV/RPI_EFI.fd" "${pkgdir}/boot/RPI_EFI.fd"
+    install -Dm644 "${srcdir}/RPi4-${pkgver}/config.txt" "${pkgdir}/boot/config.txt"
+    install -Dm644 "${srcdir}/RPi4-${pkgver}/License.txt" "${pkgdir}/usr/share/licenses/${pkgname}/License.txt"
+    install -Dm644 "${srcdir}/70-post-install-uefi.hook" "${pkgdir}/usr/share/libalpm/hooks/70-post-install-uefi.hook"
+    install -Dm644 "${srcdir}/80-pre-remove-uefi.hook" "${pkgdir}/usr/share/libalpm/hooks/80-pre-remove-uefi.hook"
+    install -Dm755 "${srcdir}/post-install-uefi" "${pkgdir}/usr/share/libalpm/scripts/post-install-uefi"
+    install -Dm755 "${srcdir}/pre-remove-uefi" "${pkgdir}/usr/share/libalpm/scripts/pre-remove-uefi"
+}

alarm/uefi-raspberrypi4/post-install-uefi

@@ -0,0 +1,4 @@
+#!/usr/bin/env bash 
+
+echo "Copying device tree from kernel..."
+cp /boot/dtbs/broadcom/bcm2711-rpi-4-b.dtb /boot/bcm2711-rpi-4-b.dtb

alarm/uefi-raspberrypi4/pre-remove-uefi

@@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+
+echo "Removing /boot/bcm2711-rpi-4-b"
+rm -f /boot/bcm2711-rpi-4-b.dtb