{ lib , nixpkgsOnBuildForBuild , nixpkgsOnBuildForHost , coreboot-toolchain ? throw "missing" , fmap ? throw "you must provide an FMAP (flash chip partition table)" , config ? throw "you must provide a -style structuredConfig" , iasl ? null # a specific iasl to use, if needed , console_loglevel ? "6" # 8=SPEW, 7=DEBUG, 6=INFO # Can be null or an integer (0, 1, 2, ...); note: the mapping from # these integers to ttyS* values is occasionally not the identity # map. , uart-for-console ? throw "you must provide uart-for-console" }: let version = "4.9"; inherit (nixpkgsOnBuildForBuild) stdenv lib git python3 ncurses fetchgit; buildLinuxConfigFile = (nixpkgsOnBuildForHost.buildLinux { inherit src version; }).passthru.configfile; generate-config-pl = buildLinuxConfigFile.generateConfig; src = fetchgit { url = "https://review.coreboot.org/coreboot"; branchName = "${version}"; rev = "7f520c8fe6fc991df2c4e91f42843d4290744ebb"; hash = "sha256-lX6QnUS4a/F4Y68qK9i45O4OP+UEjHlCK+YaKJOQLUo="; fetchSubmodules = false; }; in stdenv.mkDerivation { pname = "coreboot"; inherit version; passthru = { inherit src fmap; }; inherit src; patches = let inherit (nixpkgsOnBuildForBuild) fetchpatch; in [ # backport upstream commits newer than ${version} (fetchpatch { # Makefile.inc: Use `define` for cbfs-files-processor-defconfig url = "https://github.com/coreboot/coreboot/commit/1c08a9a9c4986f2b3c47322f041e289121536dc0.patch"; hash = "sha256-DqrzD8JVW0z+s426p2PCtmO24Of14r4FDN8FynaqS14="; }) (fetchpatch { # Makefile.inc: Adapt $(spc) definition url = "https://github.com/coreboot/coreboot/commit/0f6f70c3942c152c512b1aa51b6f6079a05e003b.patch"; hash = "sha256-x7PK/PLYXqWG6Y8IbmUXAqp2L8/pkPW7btmdyWoR1cI="; }) (fetchpatch { # asus/am1i-a: Enable UART according to CONFIG_UART_FOR_CONSOLE url = "https://github.com/coreboot/coreboot/commit/16a70c3d40db0d31d8b6c6c13603d27ad6bf5be3.patch"; hash = "sha256-tG465Y56TMYQdiyeGPg9I5BfakAkxi0pyBWvmJRgMKM="; }) (fetchpatch { # drivers/spi/gigadevice.c: Add the rest of >=1MB Gigadevice GD25 chips url = "https://github.com/coreboot/coreboot/commit/2db6e6806b0966d5e921752aa3f91af0310b3181.patch"; hash = "sha256-Bvtz4joH+v5RSzDPAa8w0in/UKXdPvGO2tijamHPAfs="; }) # the next two patches are required in order for the third patch to apply properly (fetchpatch { # AUTHORS, util/: Drop individual copyright notices url = "https://github.com/coreboot/coreboot/commit/ea063cb9750030d7e5c8f62ed2acfa58c60dd807.patch"; hash = "sha256-wd3QUFSDS66k2TRJcYpCvvi++yeg4E0/lbrj09mx1Kk="; includes = [ "util/rockchip/make_idb.py" ]; }) (fetchpatch { # util: Add SPDX header, replacing boiler plate where applicable url = "https://github.com/coreboot/coreboot/commit/1afe286367857471482660583fd784d9b8a7211c.patch"; hash = "sha256-qhkC3nOLl7T8m6T9Ning0hOg8rnhIxMun8Xts4xXqHA="; includes = [ "util/rockchip/make_idb.py" ]; }) (fetchpatch { # util/rockchip: Port make_idb.py to python3 url = "https://github.com/coreboot/coreboot/commit/46eaa5a1bac3c1fbd7c84bd2f609736eb6aa50fb.patch"; hash = "sha256-sjw6X6UjOV00S3uRfnTLEPjAvvMxSn1RdNdNtwRXYjE="; includes = [ "util/rockchip/make_idb.py" ]; }) # remove submodules for hermeticity (not needed anyways) ./patches/0006-remove-submodules.patch # additional Kconfig options ./patches/0009-payloads-Kconfig-add-CONFIG_UNCOMPRESSED_PAYLOAD.patch # rk3399 patches ./patches/0010-rk3399-mainboard-google-gru-add-define-for-GPIO_PEN_.patch ./patches/0011-rk3399-src-Kconfig-increase-HEAP_SIZE-to-0x40000-byt.patch ./patches/0012-rk3399-include-soc-memlayout.ld-enlarge-RAMSTAGE-and.patch # kgpe-d16 patches ./patches/0013-kgpe-d16-src-arch-x86-use-CONFIG_CBFS_PREFIX-instead.patch ./patches/0014-kgpe-d16-ignore-nvram-for-power_state-always_on-iomm.patch ./patches/0015-kgpe-d16-factor-out-is_recovery_jumper_set-print-val.patch ./patches/0016-kgpe-d16-src-drivers-pc80-factor-rewrite_cmos-out-of.patch ./patches/0022-kgpe-d16-disable-sanitize_cmos-it-causes-too-many-pr.patch ./patches/0023-kgpe-d16-disable-TPM.patch ./patches/0024-amd-sb700-early_setup.c-select-console-properly.patch ./patches/0025-southbridge-amd-sb700-lpc.c-set-SPI-flash-aperture-t.patch ./patches/0001-mainboard-asus-kgpe-d16-romstage.c-support-console-o.patch ./patches/0002-southbridge-amd-sb700-lpc.c-leave-LPC-timeout-mechan.patch ./patches/0003-treewide-reduce-many-messages-to-BIOS_SPEW.patch ./patches/0001-mc146818rtc.c-mute-erroneous-warning.patch ./patches/0002-mc146818rtc_boot.c-always-report-cmos_chksum_valid-i.patch ./patches/0003-kgpe-d16-bootblock.c-use-RTC_BOOT_BYTE-even-when-CON.patch ./patches/0004-superio-winbond-w83667hg-a-superio.c-do-not-use-get_.patch ./patches/0001-romstage-print-out-dimm-voltages.patch ./patches/0002-kgpe-d16-do-not-enable-hw-monitor-until-kernel-boots.patch ./patches/0026-kgpe-d16-start-w83667hg-a-watchdog-during-romstage.patch # am1i patches ./patches/0021-am1i-omit-amdfw.rom-completely-it-has-broken-address.patch # normal/fallback functionality (ownerboot-specific) ./patches/0017-use_fallback-platform-independent-part.patch ./patches/0018-use_fallback-rk3399-gru-kevin-use-fallback-if-watchd.patch ./patches/0019-use_fallback-rk3399-gru-kevin-update-for-coreboot-4..patch ./patches/0020-use_fallback-kgpe-d16-implement-using-nvram-with-cmo.patch ]; postPatch = '' patchShebangs . # (from nixpkgs kernel/generic.nix): patch kconfig to print "###" # after every question so that generate-config.pl from the generic # builder can answer them. sed -e '/fflush(stdout);/i\printf("###");' -i util/kconfig/conf.c # don't print the "grouping subheadings", because they confuse # nixpkgs' perl script sed -i 's/printf(.*indent.*menu_get_prompt.*;//' util/kconfig/conf.c ''; nativeBuildInputs = [ git python3 ncurses nixpkgsOnBuildForBuild.perl # for generate-config.pl ] ++ coreboot-toolchain; enableParallelBuilding = false; # does not work passAsFile = [ "structuredConfig" ]; structuredConfig = (lib.evalModules { modules = [ buildLinuxConfigFile.passthru.module { settings = with lib.kernel; config // { "DEFAULT_CONSOLE_LOGLEVEL_${toString console_loglevel}" = lib.mkForce yes; DEFAULT_CONSOLE_LOGLEVEL = lib.mkForce (freeform (toString console_loglevel)); FMDFILE = lib.mkForce (freeform "${fmap}"); PAYLOAD_NONE = lib.mkForce yes; } // lib.optionalAttrs (uart-for-console != null) { UART_FOR_CONSOLE = lib.mkForce (freeform "${builtins.toString uart-for-console}"); } // lib.optionalAttrs (iasl != null) { ANY_TOOLCHAIN = lib.mkForce yes; }; _file = "structuredExtraConfig"; } ]; }).config.intermediateNixConfig; configurePhase = assert uart-for-console == null || lib.isInt uart-for-console; '' runHook preConfigure make config < /dev/null DEBUG=1 \ ignoreConfigErrors=0 \ MAKE_FLAGS="" \ ARCH="${nixpkgsOnBuildForHost.stdenv.hostPlatform.linuxArch}" \ HOSTCC=$HOSTCC \ HOSTCXX=$HOSTCXX \ SRC=. \ BUILD_ROOT=$(pwd) \ KERNEL_CONFIG=$structuredConfigPath \ perl -w ${generate-config-pl} runHook postConfigure ''; preBuild = '' mkdir -p build/cbfs/prefix/ ''; makeFlags = [ "build/coreboot.rom" ] ++ lib.optionals (iasl != null) [ "IASL=${iasl}/bin/iasl" #] ++ [ "V=1" ]; # see https://review.coreboot.org/c/coreboot/+/12825/ for why this is needed postBuild = '' build/util/cbfstool/cbfstool build/coreboot.rom add-master-header -r NORMAL ''; dontPatchELF = true; installPhase = '' runHook preInstall mkdir -p $out cp build/coreboot.rom $out/ # note that coreboot's `Makefile` rewrites the `.config`, so we # keep a copy of the final version grep -v '^#' .config | sort > $out/config runHook postInstall ''; passthru = { inherit config; }; }