initial commit
commit
726ab87eae
|
@ -0,0 +1 @@
|
|||
result
|
|
@ -0,0 +1,158 @@
|
|||
{ stdenv, fetchurl, fetchgit
|
||||
, linkFarm, overrideCC
|
||||
, writeText, writeShellScriptBin
|
||||
, gnat, bison, flex, zlib, python3
|
||||
, libfaketime, gnumake
|
||||
# options
|
||||
, rev # coreboot git revision
|
||||
, sources # coreboot sources attrset
|
||||
, arch ? "i386" # target architecture
|
||||
, conf ? { } # coreboot configuration
|
||||
}:
|
||||
|
||||
let
|
||||
lib = stdenv.lib;
|
||||
adaStdenv = overrideCC stdenv gnat;
|
||||
version = lib.substring 0 6 rev;
|
||||
|
||||
in rec {
|
||||
|
||||
## Sources
|
||||
|
||||
# coreboot source
|
||||
src = fetchgit {
|
||||
url = "https://review.coreboot.org/coreboot.git";
|
||||
fetchSubmodules = true;
|
||||
inherit (sources) rev sha256;
|
||||
};
|
||||
|
||||
# seabios source
|
||||
seabios = builtins.fetchGit {
|
||||
url = "https://review.coreboot.org/seabios.git";
|
||||
rev = conf.seabios.revision_id;
|
||||
};
|
||||
|
||||
# tarballs needed to build the toolchain
|
||||
tarballs = linkFarm "toolchain-tarballs"
|
||||
(map (file: { name = file.name; path = toString file; })
|
||||
sources.toolchain);
|
||||
|
||||
|
||||
## Helpers
|
||||
|
||||
# converts Nix attrs to Kconfig format
|
||||
toConf = top: n: v: with builtins;
|
||||
let
|
||||
prefix = lib.optionalString top "CONFIG_";
|
||||
nconv = n: replaceStrings ["-"] ["_"] (lib.toUpper n);
|
||||
vconv = v: if isBool v then (if v then "y" else "n")
|
||||
else if (isString v) || (isPath v) || (lib.isDerivation v) then "\"${v}\""
|
||||
else toString v;
|
||||
in
|
||||
if (lib.isAttrs v && ! lib.isDerivation v)
|
||||
then (lib.concatMapStringsSep "\n"
|
||||
(line: "${prefix}${nconv n}_${line}")
|
||||
(lib.mapAttrsToList (toConf false) v))
|
||||
else "${prefix}${nconv n}=${vconv v}";
|
||||
|
||||
# the coreboot Kconfig file
|
||||
defConfig = with lib;
|
||||
writeText "defconfig"
|
||||
(concatStringsSep "\n"
|
||||
(mapAttrsToList (toConf true) conf));
|
||||
|
||||
# returns the current revision
|
||||
fakegit = writeShellScriptBin "git" "echo ${version}";
|
||||
|
||||
# does nothing, just to trick buildgcc
|
||||
fakecurl = writeShellScriptBin "curl" "echo curl 1.2.3";
|
||||
|
||||
# runs make with faketime for determinism
|
||||
faketime = writeShellScriptBin "make" ''
|
||||
exec ${libfaketime}/bin/faketime -f '1970-01-01 00:00:01' \
|
||||
${gnumake}/bin/make "$@"
|
||||
'';
|
||||
|
||||
|
||||
## Packages
|
||||
|
||||
# the coreboot compilers toolchain
|
||||
toolchain = adaStdenv.mkDerivation {
|
||||
pname = "coreboot-toolchain";
|
||||
inherit version src;
|
||||
nativeBuildInputs = [
|
||||
fakecurl fakegit
|
||||
bison flex zlib
|
||||
];
|
||||
|
||||
# link source tarballs
|
||||
preBuild = "ln -s ${tarballs} util/crossgcc/tarballs";
|
||||
|
||||
# https://github.com/NixOS/nixpkgs/pull/107435
|
||||
hardeningDisable = [ "format" ];
|
||||
|
||||
makeFlags =
|
||||
[ "CPUS=$(NIX_BUILD_CORES)"
|
||||
"DEST=$(out)"
|
||||
"crossgcc-${arch}"
|
||||
];
|
||||
dontInstall = true;
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "Coreboot compilers toolchain";
|
||||
homepage = "https://www.coreboot.org";
|
||||
license = licenses.gpl2Only;
|
||||
platforms = platforms.all;
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
# the final coreboot rom
|
||||
coreboot = stdenv.mkDerivation {
|
||||
pname = "coreboot";
|
||||
inherit src version;
|
||||
nativeBuildInputs = [ faketime fakegit ]
|
||||
++ lib.optional (conf ? "use-me-cleaner") python3;
|
||||
|
||||
postPatch = "patchShebangs .";
|
||||
|
||||
preBuild = ''
|
||||
# write default configuration
|
||||
cp ${defConfig} .config
|
||||
make olddefconfig
|
||||
|
||||
# copy payload
|
||||
${lib.optionalString (conf ? "seabios") ''
|
||||
cp -r ${seabios} payloads/external/SeaBIOS/seabios
|
||||
chmod -R +w payloads/external/SeaBIOS/seabios
|
||||
''}
|
||||
'';
|
||||
|
||||
makeFlags =
|
||||
[ "ARCH=${arch}"
|
||||
# https://review.coreboot.org/c/coreboot/+/48937
|
||||
"XGCCPATH=${toolchain}/bin/"
|
||||
];
|
||||
|
||||
installPhase = ''
|
||||
install -Dm644 build/coreboot.rom $out/coreboot.rom
|
||||
install -Dm644 .config $out/config
|
||||
make savedefconfig DEFCONFIG=$out/defconfig
|
||||
'';
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "Fast, secure and flexible OpenSource firmware";
|
||||
longDescription = ''
|
||||
coreboot is an extended firmware platform that delivers a lightning
|
||||
fast and secure boot experience on modern computers and embedded
|
||||
systems. As an Open Source project it provides auditability and maximum
|
||||
control over technology.
|
||||
'';
|
||||
homepage = "https://www.coreboot.org";
|
||||
license = licenses.gpl2Only;
|
||||
platforms = platforms.all;
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
}
|
|
@ -0,0 +1,33 @@
|
|||
{ stdenv, bison, flex
|
||||
# options
|
||||
, macAddress ? "00:de:ad:c0:ff:ee"
|
||||
, model ? "82579LM"
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation {
|
||||
name = "gbe.bin";
|
||||
|
||||
src = (builtins.fetchGit {
|
||||
url = "https://review.coreboot.org/coreboot.git";
|
||||
rev = "219caf83580a86acf073f73662356a078bd96244";
|
||||
}).outPath + "/util/bincfg";
|
||||
|
||||
buildInputs = [ bison flex ];
|
||||
makeFlags = [ "bincfg" "gen-gbe-${model}" ];
|
||||
|
||||
configurePhase = stdenv.lib.concatImapStrings
|
||||
(i: n: ''
|
||||
sed -i gbe-${model}.set -e \
|
||||
's@\("mac_address_${toString (i - 1)}" = 0x\)[0-9A-F]\+@\1${n}@'
|
||||
'')
|
||||
(stdenv.lib.splitString ":" macAddress);
|
||||
|
||||
installPhase = "install -Dm644 flashregion_3_gbe.bin $out";
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "The Intel Gigabit Ethernet configuration";
|
||||
homepage = "https://www.coreboot.org";
|
||||
license = licenses.gpl2Only;
|
||||
platforms = platforms.all;
|
||||
};
|
||||
}
|
|
@ -0,0 +1,48 @@
|
|||
#!/usr/bin/env nix-shell
|
||||
#! nix-shell -i sh -p nix-prefetch-git jq
|
||||
|
||||
# shellcheck shell=sh
|
||||
|
||||
# print usage
|
||||
if test -z "$1" || test "$1" = "-h"; then
|
||||
>&2 printf 'Usage: %s REV\n' "$0"
|
||||
>&2 printf 'Fetch and generate the Nix expression for the coreboot sources.\n'
|
||||
>&2 printf 'The result is written to stdout.\n\n'
|
||||
>&2 printf ' REV: \t revision of the coreboot git repository\n'
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# fetch coreboot source code
|
||||
url=https://review.coreboot.org/coreboot.git
|
||||
info=$(nix-prefetch-git "$url" "$1" --fetch-submodules)
|
||||
coreboot=$(echo "$info" | jq .path -r)
|
||||
hash=$(echo "$info" | jq .sha256 -r)
|
||||
|
||||
# extract version numbers and URLs
|
||||
buildgcc="$coreboot/util/crossgcc/buildgcc"
|
||||
# shellcheck disable=SC2046
|
||||
export $(grep '^[A-Z]\+_VERSION=' "$buildgcc" | tail -n+2)
|
||||
urls=$(awk -F'=|"' '/^[A-Z]+_ARCHIVE=/{print $3}' "$buildgcc")
|
||||
|
||||
# generate Nix expression
|
||||
cat <<EOF
|
||||
{ fetchurl }:
|
||||
{ rev = "$1";
|
||||
sha256 = "$hash";
|
||||
toolchain = [
|
||||
EOF
|
||||
|
||||
for url in $urls; do
|
||||
# expand version inside the url
|
||||
url="$(eval echo "$url")"
|
||||
# prefetch to compute the hash
|
||||
hash=$(nix-prefetch-url --type sha256 "$url")
|
||||
|
||||
cat <<EOF
|
||||
(fetchurl {
|
||||
url = "$url";
|
||||
sha256 = "$hash";
|
||||
})
|
||||
EOF
|
||||
done
|
||||
printf " ];\n}"
|
File diff suppressed because one or more lines are too long
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
After Width: | Height: | Size: 14 KiB |
|
@ -0,0 +1,53 @@
|
|||
{ pkgs ? import <nixpkgs> { } }:
|
||||
|
||||
pkgs.callPackage ../../coreboot.nix {
|
||||
# last known good
|
||||
rev = "d8bc5c127ad13ed0475bbf7465f6ba56a5fa34ee";
|
||||
sources = pkgs.callPackage ./sources.nix { };
|
||||
|
||||
conf = {
|
||||
# main
|
||||
vendor.lenovo = true;
|
||||
board.lenovo-x230 = true;
|
||||
|
||||
# drivers
|
||||
tpm-deactivate = true;
|
||||
drivers-ps2-keyboard = true;
|
||||
pciexp = {
|
||||
hotplug = true;
|
||||
clk-pm = true;
|
||||
l1-sub-state = true;
|
||||
};
|
||||
|
||||
# display
|
||||
bootsplash = true;
|
||||
generic-linear-framebuffer = true;
|
||||
linear-framebuffer = {
|
||||
max-width = 1024;
|
||||
max-height = 768;
|
||||
};
|
||||
|
||||
# custom bootsplash
|
||||
bootsplash-image = true;
|
||||
bootsplash-file = ./bootsplash.jpg;
|
||||
|
||||
# payload
|
||||
seabios = {
|
||||
revision = true;
|
||||
revision_id = "ef88eeaf052c8a7d28c5f85e790c5e45bcffa45e";
|
||||
};
|
||||
|
||||
# blobs
|
||||
have-ifd-bin = true;
|
||||
have-me-bin = true;
|
||||
have-gbe-bin = true;
|
||||
ifd-bin-path = ./blobs/ifd.bin;
|
||||
me-bin-path = ./blobs/me.bin;
|
||||
gbe-bin-path = pkgs.callPackage ../../gbe.nix { macAddress = "e5:36:eb:9b:6c:3e"; };
|
||||
|
||||
# neutralise me
|
||||
check-me = true;
|
||||
use-me-cleaner = true;
|
||||
};
|
||||
|
||||
}
|
|
@ -0,0 +1,66 @@
|
|||
{ fetchurl }:
|
||||
{ rev = "d8bc5c127ad13ed0475bbf7465f6ba56a5fa34ee";
|
||||
sha256 = "0hg8xrmvvqx4kh5zq64nx8a7x1vvnw4lsimj12nwgvszmnhvsvmq";
|
||||
toolchain = [
|
||||
(fetchurl {
|
||||
url = "https://ftpmirror.gnu.org/gmp/gmp-6.1.2.tar.xz";
|
||||
sha256 = "04hrwahdxyqdik559604r7wrj9ffklwvipgfxgj4ys4skbl6bdc7";
|
||||
})
|
||||
(fetchurl {
|
||||
url = "https://ftpmirror.gnu.org/mpfr/mpfr-4.0.2.tar.xz";
|
||||
sha256 = "12m3amcavhpqygc499s3fzqlb8f2j2rr7fkqsm10xbjfc04fffqx";
|
||||
})
|
||||
(fetchurl {
|
||||
url = "https://ftpmirror.gnu.org/mpc/mpc-1.1.0.tar.gz";
|
||||
sha256 = "0biwnhjm3rx3hc0rfpvyniky4lpzsvdcwhmcn7f0h4iw2hwcb1b9";
|
||||
})
|
||||
(fetchurl {
|
||||
url = "https://ftpmirror.gnu.org/gcc/gcc-8.3.0/gcc-8.3.0.tar.xz";
|
||||
sha256 = "0b3xv411xhlnjmin2979nxcbnidgvzqdf4nbhix99x60dkzavfk4";
|
||||
})
|
||||
(fetchurl {
|
||||
url = "https://ftpmirror.gnu.org/binutils/binutils-2.33.1.tar.xz";
|
||||
sha256 = "1grcf8jaw3i0bk6f9xfzxw3qfgmn6fgkr108isdkbh1y3hnzqrmb";
|
||||
})
|
||||
(fetchurl {
|
||||
url = "https://ftpmirror.gnu.org/gdb/gdb-9.2.tar.xz";
|
||||
sha256 = "0mf5fn8v937qwnal4ykn3ji1y2sxk0fa1yfqi679hxmpg6pdf31n";
|
||||
})
|
||||
(fetchurl {
|
||||
url = "https://acpica.org/sites/acpica/files/acpica-unix2-20200528.tar.gz";
|
||||
sha256 = "01ajxnz9dpnvdbib7yv20dw21a1yyfgwiw3whg0xi57cf4app2md";
|
||||
})
|
||||
(fetchurl {
|
||||
url = "https://www.python.org/ftp/python/3.8.1/Python-3.8.1.tar.xz";
|
||||
sha256 = "1s4lwn5vzsajlc88m6hkghsvnjw4d00l2dsgng0m2w6vyqbl32bm";
|
||||
})
|
||||
(fetchurl {
|
||||
url = "https://downloads.sourceforge.net/sourceforge/expat/expat-2.2.9.tar.bz2";
|
||||
sha256 = "0dx2m58gkj7cadk51lmp54ma7cqjhff4kjmwv8ks80j3vj2301pi";
|
||||
})
|
||||
(fetchurl {
|
||||
url = "https://releases.llvm.org/9.0.0/llvm-9.0.0.src.tar.xz";
|
||||
sha256 = "117ymdz1by2nkfq1c2p9m4050dp848kbjbiv6nsfj8hzy9f5d86n";
|
||||
})
|
||||
(fetchurl {
|
||||
url = "https://releases.llvm.org/9.0.0/cfe-9.0.0.src.tar.xz";
|
||||
sha256 = "0426ma80i41qsgzm1qdz81mjskck426diygxi2k5vji2gkpixa3v";
|
||||
})
|
||||
(fetchurl {
|
||||
url = "https://releases.llvm.org/9.0.0/compiler-rt-9.0.0.src.tar.xz";
|
||||
sha256 = "03ni43lbkp63lr3p6sc94dphqmvnz5av5mml0xmk930xvnbcvr2n";
|
||||
})
|
||||
(fetchurl {
|
||||
url = "https://releases.llvm.org/9.0.0/clang-tools-extra-9.0.0.src.tar.xz";
|
||||
sha256 = "045cldmcfd8s33wyjlviifgpnw52yqicd6v4ysvdg4i96p78c77a";
|
||||
})
|
||||
(fetchurl {
|
||||
url = "https://cmake.org/files/v3.16/cmake-3.16.2.tar.gz";
|
||||
sha256 = "1ag65ignli58kpmji6gjhj8xw4w1qdr910i99hsvx8hcqrp7h2cc";
|
||||
})
|
||||
(fetchurl {
|
||||
url = "https://www.nasm.us/pub/nasm/releasebuilds/2.14.02/nasm-2.14.02.tar.bz2";
|
||||
sha256 = "1g409sr1kj7v1089s9kv0i4azvddkcwcypnbakfryyi71b3jdz9l";
|
||||
})
|
||||
];
|
||||
}
|
|
@ -0,0 +1,29 @@
|
|||
{ pkgs ? import <nixpkgs> { } }:
|
||||
|
||||
pkgs.callPackage ../../coreboot.nix {
|
||||
# last known good
|
||||
rev = "d8bc5c127ad13ed0475bbf7465f6ba56a5fa34ee";
|
||||
sources = pkgs.callPackage ../charlie/sources.nix { };
|
||||
|
||||
conf = {
|
||||
# display
|
||||
bootsplash = true;
|
||||
generic-linear-framebuffer = true;
|
||||
linear-framebuffer = {
|
||||
max-width = 1366;
|
||||
max-height = 768;
|
||||
};
|
||||
|
||||
# custom bootsplash
|
||||
bootsplash-image = true;
|
||||
bootsplash-file = ../charlie/bootsplash.jpg;
|
||||
|
||||
# payload
|
||||
seabios = {
|
||||
revision = true;
|
||||
revision_id = "ef88eeaf052c8a7d28c5f85e790c5e45bcffa45e";
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
}
|
Loading…
Reference in New Issue