diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..f975373 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,10 @@ +#**/.git + +#edk2/* +#edk2-non-osi/* +#edk2-platforms/* +#ipxe/* + +outs/* +sdcard_rpi*.img +sdcard_rpi*.zip diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 1be0cf2..f431eb4 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -6,38 +6,80 @@ jobs: build: name: Build - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 steps: - name: Check out code uses: actions/checkout@v2 + - name: "mtools hack (for ubuntu 22.04): set apt default-release to DISTRIB_CODENAME from lsb-release" + run: | + echo "Distrib Codename: $(sed -r -n 's/DISTRIB_CODENAME=(.*)/\1/p' /etc/lsb-release)" + FILE=$(printf 'APT\n{\n Default-Release "%s";\n}\n' "$(sed -r -n 's/DISTRIB_CODENAME=(.*)/\1/p' /etc/lsb-release)" ) + echo "$FILE" | sudo dd of=/etc/apt/apt.conf.d/01-default-release + + - name: "mtools hack (for ubuntu 22.04): add apt source for noble" + run: | + FILE=$(printf '%s\ndeb http://security.ubuntu.com/ubuntu noble main\n' "$(cat /etc/apt/sources.list)" ) + echo "$FILE" | sudo dd of=/etc/apt/sources.list + + - name: "mtools hack (for ubuntu 22.04): mtools package-pin to noble" + run: | + FILE=$(printf 'Package: mtools\nPin: release n=noble\nPin-Priority: 995\n') + echo "$FILE" | sudo dd of=/etc/apt/preferences.d/01-mtools + + + #- name: python hack (for ubuntu 22.04): ensure python exists in PATH as symlink to python3 + # run: sudo ln -sf $(which python3) $(which python3 | sed 's/3//g') + + - name: Install packages run: | sudo apt update sudo apt install -y -o Acquire::Retries=50 \ - gcc-aarch64-linux-gnu iasl mtools subversion \ - lzma-dev uuid-dev + gcc-aarch64-linux-gnu iasl mtools \ + lzma-dev uuid-dev zip - name: Sources (git) run: | make submodules - - name: Sources (subversion) + - name: Sources (git sparce-checkout) run: | make firmware - - name: Build (EFI) + + - name: Build (EFI) (rpi3) + run: | + make efi -e RPI_MAJ_VER=3 + + - name: Build (iPXE) (rpi3) run: | - make efi + make ipxe -j 4 -e RPI_MAJ_VER=3 - - name: Build (iPXE) + - name: SD card (rpi3) run: | - make ipxe -j 4 + make -e RPI_MAJ_VER=3 - - name: SD card + + + - name: Build (EFI) (rpi4) + run: | + make efi -e RPI_MAJ_VER=4 + + - name: Build (iPXE) (rpi4) + run: | + make ipxe -j 4 -e RPI_MAJ_VER=4 + + - name: SD card (rpi4) run: | - make + make -e RPI_MAJ_VER=4 + + + + + + - name: Create release id: create_release @@ -49,24 +91,54 @@ jobs: tag_name: ${{ github.ref }} release_name: ${{ github.ref }} - - name: Upload (sdcard.img) + + + + - name: Upload (sdcard_rpi3.img) + if: startsWith(github.event.ref, 'refs/tags/v') + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ steps.create_release.outputs.upload_url }} + asset_name: sdcard_rpi3.img + asset_path: sdcard_rpi3.img + asset_content_type: application/octet-stream + + + - name: Upload (sdcard_rpi3.zip) if: startsWith(github.event.ref, 'refs/tags/v') uses: actions/upload-release-asset@v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: upload_url: ${{ steps.create_release.outputs.upload_url }} - asset_name: sdcard.img - asset_path: sdcard.img + asset_name: sdcard_rpi3.zip + asset_path: sdcard_rpi3.zip + asset_content_type: application/zip + + + + + - name: Upload (sdcard_rpi4.img) + if: startsWith(github.event.ref, 'refs/tags/v') + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ steps.create_release.outputs.upload_url }} + asset_name: sdcard_rpi4.img + asset_path: sdcard_rpi4.img asset_content_type: application/octet-stream - - name: Upload (sdcard.zip) + + - name: Upload (sdcard_rpi4.zip) if: startsWith(github.event.ref, 'refs/tags/v') uses: actions/upload-release-asset@v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: upload_url: ${{ steps.create_release.outputs.upload_url }} - asset_name: sdcard.zip - asset_path: sdcard.zip + asset_name: sdcard_rpi4.zip + asset_path: sdcard_rpi4.zip asset_content_type: application/zip diff --git a/.gitignore b/.gitignore index 51ea291..357011c 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,4 @@ Build/ firmware/ sdcard/ -sdcard.img -sdcard.zip +outs/* diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..c5744d2 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,132 @@ + + +## docker build -f Dockerfile . -t ipxe_pipxe_localbuild --output "./" --target copytohost + +## docker via podman +## docker --cgroup-manager cgroupfs build -f Dockerfile . -t ipxe_pipxe_localbuild --output "./" --target copytohost + + +## todo use volume map for build and output +## (untested) docker build -f Dockerfile . -v $(pwd):/opt/thisrepo -t ipxe_pipxe_localbuild + + + +FROM ubuntu:22.04 as runner + +RUN \ + apt update && \ + DEBIAN_FRONTEND=noninteractive apt install -y --no-install-recommends \ + binutils \ + ca-certificates \ + gcc \ + g++ \ + git \ + make \ + python-is-python3 \ + python3 + +RUN \ + apt clean + + + + +## jammy's mtools (ver 4.0.32) has breaking bug; noble's (ver 4.0.43) works + +## mtools hack (for ubuntu 22.04); set default apt release +ENV MTOOLS_UBUNTU_RELEASE_NAME=noble +RUN \ + cat < /etc/apt/apt.conf.d/01-default-release +APT +{ + Default-Release "jammy"; +}; +EOFF +RUN \ + cat <> /etc/apt/sources.list + +## hack for mtools; add different source repo +deb http://security.ubuntu.com/ubuntu ${MTOOLS_UBUNTU_RELEASE_NAME} main +EOFF + +## package pin for mtools to use different source repo +RUN \ + cat <> /etc/apt/preferences.d/01-mtools +Package: mtools +Pin: release n=${MTOOLS_UBUNTU_RELEASE_NAME} +Pin-Priority: 995 +EOFF + + + + +## install packages +RUN apt update +RUN apt install -y -o Acquire::Retries=50 \ + gcc-aarch64-linux-gnu iasl mtools \ + lzma-dev uuid-dev zip + + + + +FROM runner as builder + + + + +## copy in repo +## improve? with mounting $(pwd):/opt/thisrepo +COPY . /opt/thisrepo + + + + +WORKDIR /opt/thisrepo + + + + +## run make: Sources (git) +RUN \ + make submodules + +## run make: Sources (git sparce-checkout) +RUN \ + make firmware + + + + +FROM builder as build + + + + +## run make: Build (EFI) +RUN \ + make efi -e RPI_MAJ_VER=3 + +## run make: Build (iPXE) +RUN \ + make ipxe -j 4 -e RPI_MAJ_VER=3 + +## run make: SD card (rpi3) +RUN \ + make -e RPI_MAJ_VER=3 + +## run make: SD card (rpi4) +RUN \ + make -e RPI_MAJ_VER=4 + +RUN \ + chmod 666 sdcard_rpi*.* + + +FROM scratch as copytohost + + +COPY --link --from=build /opt/thisrepo/sdcard_rpi3.zip /outs/sdcard_rpi3.img +COPY --link --from=build /opt/thisrepo/sdcard_rpi3.zip /outs/sdcard_rpi3.zip + +COPY --link --from=build /opt/thisrepo/sdcard_rpi4.zip /outs/sdcard_rpi4.img +COPY --link --from=build /opt/thisrepo/sdcard_rpi4.zip /outs/sdcard_rpi4.zip diff --git a/Makefile b/Makefile index 344abcc..6ac7420 100644 --- a/Makefile +++ b/Makefile @@ -1,16 +1,32 @@ -FW_URL := https://github.com/raspberrypi/firmware/branches/stable/boot + +## make -e RPI_MAJ_VER=3 -e BOOTLOADER_FILENAME=embeded_bootloader.ipxe -e TRUST_FILES=example1.crt,example2.crt +## make -e RPI_MAJ_VER=4 -e BOOTLOADER_FILENAME=embeded_bootloader.ipxe -e TRUST_FILES=example1.crt,example2.crt + + +FW_REPO_URL := https://github.com/raspberrypi/firmware +FW_BRANCH := stable +FW_SUBDIR := boot + +RPI_MAJ_VER ?= 4 # values: 3, 4 # influences IPXE_TGT and output img/zip names EFI_BUILD := RELEASE EFI_ARCH := AARCH64 EFI_TOOLCHAIN := GCC5 EFI_TIMEOUT := 3 EFI_FLAGS := --pcd=PcdPlatformBootTimeOut=$(EFI_TIMEOUT) -EFI_DSC := edk2-platforms/Platform/RaspberryPi/RPi3/RPi3.dsc -EFI_FD := Build/RPi3/$(EFI_BUILD)_$(EFI_TOOLCHAIN)/FV/RPI_EFI.fd + +EFI_DSC := edk2-platforms/Platform/RaspberryPi/RPi$(RPI_MAJ_VER)/RPi$(RPI_MAJ_VER).dsc +EFI_FD := Build/RPi$(RPI_MAJ_VER)/$(EFI_BUILD)_$(EFI_TOOLCHAIN)/FV/RPI_EFI.fd IPXE_CROSS := aarch64-linux-gnu- IPXE_SRC := ipxe/src -IPXE_TGT := bin-arm64-efi/rpi.efi + +ifeq ( $(RPI_MAJ_VER), 3 ) + IPXE_TGT := bin-arm64-efi/rpi.efi +else + IPXE_TGT := bin-arm64-efi/snp.efi +endif + IPXE_EFI := $(IPXE_SRC)/$(IPXE_TGT) SDCARD_MB := 32 @@ -18,32 +34,68 @@ export MTOOLSRC := mtoolsrc SHELL := /bin/bash -all : sdcard sdcard.img sdcard.zip + +## -e BOOTLOADER_FILENAME: example.ipxe # ipxe file to embed +ifdef BOOTLOADER_FILENAME + arg_Bootloader_Filename := "EMBED=$(BOOTLOADER_FILENAME)" +endif + +## -e TRUST_FILES: example1.crt,example2.crt # adds cert data +ifdef TRUST_FILES + arg_Trust_Files := "TRUST=$(TRUST_FILES)" +endif + + + + +all : sdcard sdcard_rpi$(RPI_MAJ_VER).img sdcard_rpi$(RPI_MAJ_VER).zip + + + submodules : - git submodule update --init --recursive + git submodule update --init --recursive -- #--force +# git submodule update --remote --recursive -- + +## attempted sed to fix warnings when building older submodule commits +#_ sed -i -r 's@(-nostdlib)( -g)@\1 -Wno-vla-parameter -Wno-stringop-overflow -Wno-use-after-free -Wno-dangling-pointer\2@g' edk2/BaseTools/Source/C/Makefiles/header.makefile ## compile time ignore more warnings + + + firmware : if [ ! -e firmware ] ; then \ - $(RM) -rf firmware-tmp ; \ - svn export $(FW_URL) firmware-tmp && \ - mv firmware-tmp firmware ; \ + $(RM) -rf rpi_firmware ; \ + git clone --depth 1 --no-checkout --branch $(FW_BRANCH) '$(FW_REPO_URL)' rpi_firmware ; \ + cd rpi_firmware ; \ + git config core.sparseCheckout true ; \ + git sparse-checkout set $(FW_SUBDIR) ; \ + git checkout ; \ + cd - ; \ + mv rpi_firmware/$(FW_SUBDIR) firmware ; \ + $(RM) -rf rpi_firmware ; \ fi + efi : $(EFI_FD) + efi-basetools : submodules $(MAKE) -C edk2/BaseTools + $(EFI_FD) : submodules efi-basetools . ./edksetup.sh && \ build -b $(EFI_BUILD) -a $(EFI_ARCH) -t $(EFI_TOOLCHAIN) \ -p $(EFI_DSC) $(EFI_FLAGS) + ipxe : $(IPXE_EFI) + $(IPXE_EFI) : submodules - $(MAKE) -C $(IPXE_SRC) CROSS=$(IPXE_CROSS) CONFIG=rpi $(IPXE_TGT) + $(MAKE) -C $(IPXE_SRC) CROSS=$(IPXE_CROSS) CONFIG=rpi $(arg_Bootloader_Filename) $(arg_Trust_Files) $(IPXE_TGT) + sdcard : firmware efi ipxe $(RM) -rf sdcard @@ -55,25 +107,33 @@ sdcard : firmware efi ipxe cp $(IPXE_EFI) sdcard/efi/boot/bootaa64.efi cp ipxe/COPYING* sdcard/ -sdcard.img : sdcard + +sdcard_rpi$(RPI_MAJ_VER).img : sdcard + sed -r -i 's/(sdcard)(\.img)/\1_rpi'"$(RPI_MAJ_VER)"'\2/g' "$(MTOOLSRC)" truncate -s $(SDCARD_MB)M $@ mpartition -I -c -b 32 -s 32 -h 64 -t $(SDCARD_MB) -a "z:" mformat -v "piPXE" "z:" mcopy -s sdcard/* "z:" -sdcard.zip : sdcard + + +sdcard_rpi$(RPI_MAJ_VER).zip : sdcard $(RM) -f $@ ( pushd $< ; zip -q -r ../$@ * ; popd ) + update: git submodule foreach git pull origin master + tag : git tag v`git show -s --format='%ad' --date=short | tr -d -` + .PHONY : submodules firmware efi efi-basetools $(EFI_FD) ipxe $(IPXE_EFI) \ - sdcard sdcard.img + sdcard sdcard_rpi$(RPI_MAJ_VER).img tag update + clean : - $(RM) -rf firmware Build sdcard sdcard.img sdcard.zip + $(RM) -rf firmware rpi_firmware Build sdcard sdcard_rpi$(RPI_MAJ_VER).img sdcard_rpi$(RPI_MAJ_VER).zip if [ -d $(IPXE_SRC) ] ; then $(MAKE) -C $(IPXE_SRC) clean ; fi diff --git a/edk2 b/edk2 index b156464..4d1f0ba 160000 --- a/edk2 +++ b/edk2 @@ -1 +1 @@ -Subproject commit b15646484eaffcf7cc464fdea0214498f26addc2 +Subproject commit 4d1f0babe20cf757897fa43c399fd79bb6aa8a30 diff --git a/edk2-non-osi b/edk2-non-osi index 243e55f..61b65fc 160000 --- a/edk2-non-osi +++ b/edk2-non-osi @@ -1 +1 @@ -Subproject commit 243e55f622eaa09a2df5621cce139f9ce5de1638 +Subproject commit 61b65fccfe4c75bc9ecb7b542412a436e3db5de6 diff --git a/edk2-platforms b/edk2-platforms index b8b17bc..98abaca 160000 --- a/edk2-platforms +++ b/edk2-platforms @@ -1 +1 @@ -Subproject commit b8b17bc918d94b9fa6c50e1ce2b2240bb9f8ac65 +Subproject commit 98abaca059d0eac8c91ef653b2741f0bcaea7821 diff --git a/ipxe b/ipxe index 3fe683e..e7ae51b 160000 --- a/ipxe +++ b/ipxe @@ -1 +1 @@ -Subproject commit 3fe683ebab29afacf224e6b0921f6329bebcdca7 +Subproject commit e7ae51b0d75d9b9925748743b91405c99e5c7fec