handheld-daemon-ui: 3.2.3 -> 3.3.0 (#361609)
[NixPkgs.git] / pkgs / misc / arm-trusted-firmware / default.nix
blobf9d107f12ffa5a26d5e7afb5749779f6a95ffe20
1 { lib, stdenv, fetchFromGitHub, fetchFromGitLab, openssl, pkgsCross, buildPackages
3 # Warning: this blob (hdcp.bin) runs on the main CPU (not the GPU) at
4 # privilege level EL3, which is above both the kernel and the
5 # hypervisor.
7 # This parameter applies only to platforms which are believed to use
8 # hdcp.bin. On all other platforms, or if unfreeIncludeHDCPBlob=false,
9 # hdcp.bin will be deleted before building.
10 , unfreeIncludeHDCPBlob ? true
13 let
14   buildArmTrustedFirmware = { filesToInstall
15             , installDir ? "$out"
16             , platform ? null
17             , platformCanUseHDCPBlob ? false  # set this to true if the platform is able to use hdcp.bin
18             , extraMakeFlags ? []
19             , extraMeta ? {}
20             , ... } @ args:
22            # delete hdcp.bin if either: the platform is thought to
23            # not need it or unfreeIncludeHDCPBlob is false
24            let deleteHDCPBlobBeforeBuild = !platformCanUseHDCPBlob || !unfreeIncludeHDCPBlob; in
26            stdenv.mkDerivation (rec {
28     pname = "arm-trusted-firmware${lib.optionalString (platform != null) "-${platform}"}";
29     version = "2.10.0";
31     src = fetchFromGitHub {
32       owner = "ARM-software";
33       repo = "arm-trusted-firmware";
34       rev = "v${version}";
35       hash = "sha256-CAuftVST9Fje/DWaaoX0K2SfWwlGMaUFG4huuwsTOSU=";
36     };
38     patches = lib.optionals deleteHDCPBlobBeforeBuild [
39       # this is a rebased version of https://gitlab.com/vicencb/kevinboot/-/blob/master/atf.patch
40       ./remove-hdcp-blob.patch
41     ];
43     postPatch = lib.optionalString deleteHDCPBlobBeforeBuild ''
44       rm plat/rockchip/rk3399/drivers/dp/hdcp.bin
45     '';
47     depsBuildBuild = [ buildPackages.stdenv.cc ];
49     # For Cortex-M0 firmware in RK3399
50     nativeBuildInputs = [ pkgsCross.arm-embedded.stdenv.cc ];
52     buildInputs = [ openssl ];
54     makeFlags = [
55       "HOSTCC=$(CC_FOR_BUILD)"
56       "M0_CROSS_COMPILE=${pkgsCross.arm-embedded.stdenv.cc.targetPrefix}"
57       "CROSS_COMPILE=${stdenv.cc.targetPrefix}"
58       # binutils 2.39 regression
59       # `warning: /build/source/build/rk3399/release/bl31/bl31.elf has a LOAD segment with RWX permissions`
60       # See also: https://developer.trustedfirmware.org/T996
61       "LDFLAGS=-no-warn-rwx-segments"
62     ] ++ (lib.optional (platform != null) "PLAT=${platform}")
63       ++ extraMakeFlags;
65     installPhase = ''
66       runHook preInstall
68       mkdir -p ${installDir}
69       cp ${lib.concatStringsSep " " filesToInstall} ${installDir}
71       runHook postInstall
72     '';
74     hardeningDisable = [ "all" ];
75     dontStrip = true;
77     # Fatal error: can't create build/sun50iw1p1/release/bl31/sunxi_clocks.o: No such file or directory
78     enableParallelBuilding = false;
80     meta = with lib; {
81       homepage = "https://github.com/ARM-software/arm-trusted-firmware";
82       description = "Reference implementation of secure world software for ARMv8-A";
83       license = [ licenses.bsd3 ] ++ lib.optionals (!deleteHDCPBlobBeforeBuild) [ licenses.unfreeRedistributable ];
84       maintainers = with maintainers; [ lopsided98 ];
85     } // extraMeta;
86   } // builtins.removeAttrs args [ "extraMeta" ]);
88 in {
89   inherit buildArmTrustedFirmware;
91   armTrustedFirmwareTools = buildArmTrustedFirmware rec {
92     # Normally, arm-trusted-firmware builds the build tools for buildPlatform
93     # using CC_FOR_BUILD (or as it calls it HOSTCC). Since want to build them
94     # for the hostPlatform here, we trick it by overriding the HOSTCC setting
95     # and, to be safe, remove CC_FOR_BUILD from the environment.
96     depsBuildBuild = [ ];
97     extraMakeFlags = [
98       "HOSTCC=${stdenv.cc.targetPrefix}gcc"
99       "fiptool" "certtool"
100     ];
101     filesToInstall = [
102       "tools/fiptool/fiptool"
103       "tools/cert_create/cert_create"
104     ];
105     postInstall = ''
106       mkdir -p "$out/bin"
107       find "$out" -type f -executable -exec mv -t "$out/bin" {} +
108     '';
109   };
111   armTrustedFirmwareAllwinner = buildArmTrustedFirmware rec {
112     platform = "sun50i_a64";
113     extraMeta.platforms = ["aarch64-linux"];
114     filesToInstall = ["build/${platform}/release/bl31.bin"];
115   };
117   armTrustedFirmwareAllwinnerH616 = buildArmTrustedFirmware rec {
118     platform = "sun50i_h616";
119     extraMeta.platforms = ["aarch64-linux"];
120     filesToInstall = ["build/${platform}/release/bl31.bin"];
121   };
123   armTrustedFirmwareAllwinnerH6 = buildArmTrustedFirmware rec {
124     platform = "sun50i_h6";
125     extraMeta.platforms = ["aarch64-linux"];
126     filesToInstall = ["build/${platform}/release/bl31.bin"];
127   };
129   armTrustedFirmwareQemu = buildArmTrustedFirmware rec {
130     platform = "qemu";
131     extraMeta.platforms = ["aarch64-linux"];
132     filesToInstall = [
133       "build/${platform}/release/bl1.bin"
134       "build/${platform}/release/bl2.bin"
135       "build/${platform}/release/bl31.bin"
136     ];
137   };
139   armTrustedFirmwareRK3328 = buildArmTrustedFirmware rec {
140     extraMakeFlags = [ "bl31" ];
141     platform = "rk3328";
142     extraMeta.platforms = ["aarch64-linux"];
143     filesToInstall = [ "build/${platform}/release/bl31/bl31.elf"];
144   };
146   armTrustedFirmwareRK3399 = buildArmTrustedFirmware rec {
147     extraMakeFlags = [ "bl31" ];
148     platform = "rk3399";
149     extraMeta.platforms = ["aarch64-linux"];
150     filesToInstall = [ "build/${platform}/release/bl31/bl31.elf"];
151     platformCanUseHDCPBlob = true;
152   };
154   armTrustedFirmwareRK3588 = buildArmTrustedFirmware rec {
155     extraMakeFlags = [ "bl31" ];
156     platform = "rk3588";
157     extraMeta.platforms = ["aarch64-linux"];
158     filesToInstall = [ "build/${platform}/release/bl31/bl31.elf"];
160     # TODO: remove this once the following get merged:
161     # 1: https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/21840
162     # 2: https://review.trustedfirmware.org/c/ci/tf-a-ci-scripts/+/21833
163     src = fetchFromGitLab {
164       domain = "gitlab.collabora.com";
165       owner = "hardware-enablement/rockchip-3588";
166       repo = "trusted-firmware-a";
167       rev = "002d8e85ce5f4f06ebc2c2c52b4923a514bfa701";
168       hash = "sha256-1XOG7ILIgWa3uXUmAh9WTfSGLD/76OsmWrUhIxm/zTg=";
169     };
170   };
172   armTrustedFirmwareS905 = buildArmTrustedFirmware rec {
173     extraMakeFlags = [ "bl31" ];
174     platform = "gxbb";
175     extraMeta.platforms = ["aarch64-linux"];
176     filesToInstall = [ "build/${platform}/release/bl31.bin"];
177   };