diff --git a/alarm/uefi-raspberrypi4/.gitignore b/alarm/uefi-raspberrypi4/.gitignore new file mode 100644 index 0000000000..2ba1b93288 --- /dev/null +++ b/alarm/uefi-raspberrypi4/.gitignore @@ -0,0 +1,2 @@ +*.cer +*.bin diff --git a/alarm/uefi-raspberrypi4/70-post-install-uefi.hook b/alarm/uefi-raspberrypi4/70-post-install-uefi.hook new file mode 100644 index 0000000000..a478eb9ce6 --- /dev/null +++ b/alarm/uefi-raspberrypi4/70-post-install-uefi.hook @@ -0,0 +1,12 @@ +[Trigger] +Type = File +Operation = Install +Operation = Upgrade +Target = boot/Image +Target = boot/Image.gz +Target = boot/RPI_EFI.fd + +[Action] +Description = Copying kernel binaries... +When = PostTransaction +Exec = /usr/share/libalpm/scripts/post-install-uefi diff --git a/alarm/uefi-raspberrypi4/80-pre-remove-uefi.hook b/alarm/uefi-raspberrypi4/80-pre-remove-uefi.hook new file mode 100644 index 0000000000..6edd79144d --- /dev/null +++ b/alarm/uefi-raspberrypi4/80-pre-remove-uefi.hook @@ -0,0 +1,9 @@ +[Trigger] +Type = File +Operation = Remove +Target = boot/RPI_EFI.fd + +[Action] +Description = Removing copied files for UEFI... +When = PreTransaction +Exec = /usr/share/libalpm/scripts/pre-remove-uefi diff --git a/alarm/uefi-raspberrypi4/PKGBUILD b/alarm/uefi-raspberrypi4/PKGBUILD new file mode 100644 index 0000000000..c3063eb458 --- /dev/null +++ b/alarm/uefi-raspberrypi4/PKGBUILD @@ -0,0 +1,143 @@ +# Maintainer: zhanghua + +buildarch=8 # aarch64 + +pkgname="uefi-raspberrypi4" +pkgver=1.35.r0.g218b601 +pkgrel=2 +backup=("boot/config.txt") +pkgdesc="UEFI firmware for RaspberryPi 4B" +url="https://github.com/pftf/RPi4" +arch=("aarch64") +license=("custom:edk2" "custom:broadcom") +makedepends=("git" "acpica" "openssl" "util-linux" "python") +source=( + "git+https://github.com/pftf/RPi4" + # Submodules + "git+https://github.com/tianocore/edk2" + "git+https://github.com/tianocore/edk2-non-osi" + "git+https://github.com/tianocore/edk2-platforms" + + "git+https://github.com/openssl/openssl" + "git+https://github.com/ucb-bar/berkeley-softfloat-3" + "cmocka::git+https://github.com/tianocore/edk2-cmocka" + "git+https://github.com/kkos/oniguruma" + "git+https://github.com/google/brotli" + "git+https://github.com/akheron/jansson" + "git+https://github.com/google/googletest" + "git+https://github.com/Zeex/subhook" + "libfdt::git+https://github.com/devicetree-org/pylibfdt" + "mipisyst::git+https://github.com/MIPI-Alliance/public-mipi-sys-t" + + "git+https://github.com/google/wycheproof" + "boringssl::git+https://boringssl.googlesource.com/boringssl.git" + "git+https://github.com/krb5/krb5" + "pyca-cryptography::git+https://github.com/pyca/cryptography" + + "git+https://github.com/riscv/opensbi" + + "LICENCE.EDK2::https://raw.githubusercontent.com/tianocore/edk2/master/License.txt" + "LICENCE.broadcom::https://raw.githubusercontent.com/raspberrypi/firmware/master/boot/LICENCE.broadcom" + "ms_kek.cer::https://go.microsoft.com/fwlink/?LinkId=321185" + "ms_db1.cer::https://go.microsoft.com/fwlink/?linkid=321192" + "ms_db2.cer::https://go.microsoft.com/fwlink/?linkid=321194" + "arm64_dbx.bin::https://uefi.org/sites/default/files/resources/dbxupdate_arm64.bin" + "70-post-install-uefi.hook" + "80-pre-remove-uefi.hook" + "post-install-uefi" + "pre-remove-uefi" +) +sha256sums=('SKIP' + 'SKIP' + 'SKIP' + 'SKIP' + 'SKIP' + 'SKIP' + 'SKIP' + 'SKIP' + 'SKIP' + 'SKIP' + 'SKIP' + 'SKIP' + 'SKIP' + 'SKIP' + 'SKIP' + 'SKIP' + 'SKIP' + 'SKIP' + 'SKIP' + '50ce20c9cfdb0e19ee34fe0a51fc0afe961f743697b068359ab2f862b494df80' + 'c7283ff51f863d93a275c66e3b4cb08021a5dd4d8c1e7acc47d872fbe52d3d6b' + 'a1117f516a32cefcba3f2d1ace10a87972fd6bbe8fe0d0b996e09e65d802a503' + 'e8e95f0733a55e8bad7be0a1413ee23c51fcea64b3c8fa6a786935fddcc71961' + '48e99b991f57fc52f76149599bff0a58c47154229b9f8d603ac40d3500248507' + 'f42c187f8b01b497f81fb0459164b27d16ca2af0b95c7331a82c1a27a731a885' + '8e55eb4afdd6b572d2413e87b64219d2f9d3bd033de2dfd37e176e92d25d5821' + 'caa86b22a1452d8974e7bbecbb6d9fb591a58da928a06d5e13cee9592e785b12' + 'aed9dfd4c1e7c6092179e8bec63be3fc7b5d958c94063d60a7d1fe4a36f460ef' + 'e7db4c6150688a4aa6922435f531e5fa6e95d39380bb67ddb5a3554335eb419d') + +pkgver(){ + cd ${srcdir}/RPi4 + git describe --tags --long | sed "s/v//;s/-/.r/;s/-/./g" +} +prepare(){ + target_dirs=( + "${srcdir}/RPi4" + "${srcdir}/RPi4/edk2" + "${srcdir}/RPi4/edk2/CryptoPkg/Library/OpensslLib/openssl" + "${srcdir}/RPi4/edk2-platforms" + ) + for target_dir in "${target_dirs[@]}" + do + msg2 "Processing ${target_dir}..." + cd ${target_dir} + git submodule init + git config --file .gitmodules --get-regexp 'submodule.*.path' | while read -r submodule + do + module=$(echo "${submodule}" | cut -d " " -f 1) + path=$(echo "${submodule}" | cut -d " " -f 2) + name=$(basename "${path}") + msg2 "Modifying ${module} to use local path ${name}..." + git config "${module/%.path/.url}" "${srcdir}/${name}" + done + git -c protocol.file.allow=always submodule update + done + cd ${srcdir}/RPi4 + mkdir -p keys + cp "${srcdir}"/{ms_kek.cer,ms_db1.cer,ms_db2.cer,arm64_dbx.bin} keys/ + openssl req -new -x509 -newkey rsa:2048 -subj "/CN=Raspberry Pi Platform Key/" -keyout /dev/null -outform DER -out keys/pk.cer -days 7300 -nodes -sha256 + echo \ + "#!/usr/bin/env bash + + export WORKSPACE=\$PWD + export PACKAGES_PATH=\$WORKSPACE/edk2:\$WORKSPACE/edk2-platforms:\$WORKSPACE/edk2-non-osi + export BUILD_FLAGS=\"-D SECURE_BOOT_ENABLE=TRUE -D INCLUDE_TFTP_COMMAND=TRUE -D NETWORK_ISCSI_ENABLE=TRUE -D SMC_PCI_SUPPORT=1\" + export DEFAULT_KEYS=\"-D DEFAULT_KEYS=TRUE -D PK_DEFAULT_FILE=\$WORKSPACE/keys/pk.cer -D KEK_DEFAULT_FILE1=\$WORKSPACE/keys/ms_kek.cer -D DB_DEFAULT_FILE1=\$WORKSPACE/keys/ms_db1.cer -D DB_DEFAULT_FILE2=\$WORKSPACE/keys/ms_db2.cer -D DBX_DEFAULT_FILE1=\$WORKSPACE/keys/arm64_dbx.bin\" + source edk2/edksetup.sh + build -a AARCH64 -t GCC -p edk2-platforms/Platform/RaspberryPi/RPi4/RPi4.dsc -b RELEASE -n \$(nproc) --pcd gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVendor=L\"https://github.com/pftf/RPi4\" --pcd gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVersionString=L\"UEFI Firmware ${pkgver}-${pkgrel}\" --pcd gRaspberryPiTokenSpaceGuid.PcdRamLimitTo3GB=0 \${BUILD_FLAGS} \${DEFAULT_KEYS} + " > build.sh + patch --binary -d edk2 -p1 -i ../0001-MdeModulePkg-UefiBootManagerLib-Signal-ReadyToBoot-o.patch + patch --binary -d edk2-platforms -p1 -i ../0002-Check-for-Boot-Discovery-Policy-change.patch +} +build(){ + cd ${srcdir}/RPi4 + MAKEFLAGS="" make -C edk2/BaseTools + bash build.sh +} +package(){ + conflicts=("uboot-raspberrypi") + depends=("raspberrypi-overlays" "linux-aarch64>=5.8" "raspberrypi-bootloader") + optdepends=( + "firmware-raspberrypi: firmware for RaspberryPi 4B" + "linux-firmware: firmware for RaspberryPi 4B") + + install -Dm644 "${srcdir}/RPi4/Build/RPi4/RELEASE_GCC/FV/RPI_EFI.fd" "${pkgdir}/boot/RPI_EFI.fd" + install -Dm644 "${srcdir}/RPi4/config.txt" "${pkgdir}/boot/config.txt" + install -Dm644 "${srcdir}/70-post-install-uefi.hook" "${pkgdir}/usr/share/libalpm/hooks/70-post-install-uefi.hook" + install -Dm644 "${srcdir}/80-pre-remove-uefi.hook" "${pkgdir}/usr/share/libalpm/hooks/80-pre-remove-uefi.hook" + install -Dm755 "${srcdir}/post-install-uefi" "${pkgdir}/usr/share/libalpm/scripts/post-install-uefi" + install -Dm755 "${srcdir}/pre-remove-uefi" "${pkgdir}/usr/share/libalpm/scripts/pre-remove-uefi" + install -Dm644 "${srcdir}/LICENCE.EDK2" "${pkgdir}/usr/share/licenses/${pkgname}/LICENCE.EDK2" + install -Dm644 "${srcdir}/LICENCE.broadcom" "${pkgdir}/usr/share/licenses/${pkgname}/LICENCE.broadcom" +} diff --git a/alarm/uefi-raspberrypi4/post-install-uefi b/alarm/uefi-raspberrypi4/post-install-uefi new file mode 100644 index 0000000000..bf5c25184d --- /dev/null +++ b/alarm/uefi-raspberrypi4/post-install-uefi @@ -0,0 +1,4 @@ +#!/usr/bin/env bash + +echo "Copying device tree from kernel..." +cp /boot/dtbs/broadcom/bcm2711-rpi-4-b.dtb /boot/bcm2711-rpi-4-b.dtb diff --git a/alarm/uefi-raspberrypi4/pre-remove-uefi b/alarm/uefi-raspberrypi4/pre-remove-uefi new file mode 100644 index 0000000000..3ea0bc2da0 --- /dev/null +++ b/alarm/uefi-raspberrypi4/pre-remove-uefi @@ -0,0 +1,4 @@ +#!/usr/bin/env bash + +echo "Removing /boot/bcm2711-rpi-4-b" +rm -f /boot/bcm2711-rpi-4-b.dtb