diff --git a/.dockerignore b/.dockerignore index 395d457b..987626ca 100644 --- a/.dockerignore +++ b/.dockerignore @@ -4,6 +4,7 @@ Readme.md Makefile .github/ .git/ +.git* dist dist.zip out/ diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml new file mode 100644 index 00000000..5e31e7a3 --- /dev/null +++ b/.github/workflows/build.yaml @@ -0,0 +1,31 @@ +name: Build and Release + +on: + push: + tags: + - '*' + + +jobs: + release: + permissions: + id-token: write + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v4 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Build + run: make dist + - uses: sigstore/gh-action-sigstore-python@v2.1.1 + with: + inputs: dist.zip + - name: Upload binaries to release + uses: svenstaro/upload-release-action@v2 + with: + repo_token: ${{ secrets.GITHUB_TOKEN }} + file: dist.zip* + file_glob: true + tag: ${{ github.ref }} + overwrite: true diff --git a/.github/workflows/linux_edk2.yml b/.github/workflows/linux_edk2.yml deleted file mode 100644 index dfa5c795..00000000 --- a/.github/workflows/linux_edk2.yml +++ /dev/null @@ -1,107 +0,0 @@ -# Copyright (c) 2021-2022, Pete Batard -# SPDX-License-Identifier: BSD-3-Clause - -name: UEFI firmware - EDK2 build - -on: - push: - tags: - - '*' - -env: - PROJECT_URL: https://github.com/pftf/RPi4 - RPI_FIRMWARE_URL: https://github.com/raspberrypi/firmware/ - ARCH: AARCH64 - COMPILER: GCC5 - GCC5_AARCH64_PREFIX: aarch64-linux-gnu- - # The following should usually be set to 'master' but, in case - # of a regression, a specific SHA-1 can be specified. - START_ELF_VERSION: master - DTB_VERSION: master - DTBO_VERSION: master - -jobs: - UEFI-Build: - runs-on: ubuntu-latest - - steps: - - name: Set version - id: set_version - run: echo "version=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_OUTPUT - - - name: Set up Linux environment - run: | - sudo apt-get update - sudo apt-get install acpica-tools gcc-aarch64-linux-gnu - - - name: Check out EDK2 repositories - uses: actions/checkout@v3 - with: - submodules: recursive - - - name: Patch EDK2 repositories - run: | - patch --binary -d edk2 -p1 -i ../0001-MdeModulePkg-UefiBootManagerLib-Signal-ReadyToBoot-o.patch - patch --binary -d edk2-platforms -p1 -i ../0002-Check-for-Boot-Discovery-Policy-change.patch - - - name: Set up EDK2 - run: make -C edk2/BaseTools - - - name: Set up Secure Boot default keys - run: | - mkdir keys - # We don't really need a usable PK, so just generate a public key for it and discard the private key - openssl req -new -x509 -newkey rsa:2048 -subj "/CN=Raspberry Pi Platform Key/" -keyout /dev/null -outform DER -out keys/pk.cer -days 7300 -nodes -sha256 - curl -L https://go.microsoft.com/fwlink/?LinkId=321185 -o keys/ms_kek.cer - curl -L https://go.microsoft.com/fwlink/?linkid=321192 -o keys/ms_db1.cer - curl -L https://go.microsoft.com/fwlink/?linkid=321194 -o keys/ms_db2.cer - curl -L https://uefi.org/sites/default/files/resources/dbxupdate_arm64.bin -o keys/arm64_dbx.bin - - - name: Build UEFI firmware - run: | - export WORKSPACE=$PWD - export PACKAGES_PATH=$WORKSPACE/edk2:$WORKSPACE/edk2-platforms:$WORKSPACE/edk2-non-osi - export BUILD_FLAGS="-D SECURE_BOOT_ENABLE=TRUE -D INCLUDE_TFTP_COMMAND=TRUE -D NETWORK_ISCSI_ENABLE=TRUE -D SMC_PCI_SUPPORT=1" - export DEFAULT_KEYS="-D DEFAULT_KEYS=TRUE -D PK_DEFAULT_FILE=$WORKSPACE/keys/pk.cer -D KEK_DEFAULT_FILE1=$WORKSPACE/keys/ms_kek.cer -D DB_DEFAULT_FILE1=$WORKSPACE/keys/ms_db1.cer -D DB_DEFAULT_FILE2=$WORKSPACE/keys/ms_db2.cer -D DBX_DEFAULT_FILE1=$WORKSPACE/keys/arm64_dbx.bin" - # EDK2's 'build' command doesn't play nice with spaces in environmnent variables, so we can't move the PCDs there... - source edk2/edksetup.sh - for BUILD_TYPE in DEBUG RELEASE; do - build -a ${{ env.ARCH }} -t ${{ env.COMPILER }} -b $BUILD_TYPE -p edk2-platforms/Platform/RaspberryPi/RPi4/RPi4.dsc --pcd gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVendor=L"${{ env.PROJECT_URL }}" --pcd gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVersionString=L"UEFI Firmware ${{steps.set_version.outputs.version}}" ${BUILD_FLAGS} ${DEFAULT_KEYS} - done - cp Build/RPi4/RELEASE_${{ env.COMPILER }}/FV/RPI_EFI.fd . - - - name: Upload UEFI firmware artifacts - uses: actions/upload-artifact@v3 - with: - name: RPi4 UEFI Firmware ${{ steps.set_version.outputs.version }} Artifacts - path: | - Build/RPi4/**/FV/RPI_EFI.fd - - - name: Download Raspberry Pi support files - run: | - curl -O -L ${{ env.RPI_FIRMWARE_URL }}/raw/${{ env.START_ELF_VERSION }}/boot/fixup4.dat - curl -O -L ${{ env.RPI_FIRMWARE_URL }}/raw/${{ env.START_ELF_VERSION }}/boot/start4.elf - curl -O -L ${{ env.RPI_FIRMWARE_URL }}/raw/${{ env.DTB_VERSION }}/boot/bcm2711-rpi-4-b.dtb - curl -O -L ${{ env.RPI_FIRMWARE_URL }}/raw/${{ env.DTB_VERSION }}/boot/bcm2711-rpi-cm4.dtb - curl -O -L ${{ env.RPI_FIRMWARE_URL }}/raw/${{ env.DTB_VERSION }}/boot/bcm2711-rpi-400.dtb - curl -O -L ${{ env.RPI_FIRMWARE_URL }}/raw/${{ env.DTBO_VERSION }}/boot/overlays/miniuart-bt.dtbo - curl -O -L ${{ env.RPI_FIRMWARE_URL }}/raw/${{ env.DTBO_VERSION }}/boot/overlays/upstream-pi4.dtbo - mkdir overlays - mv *.dtbo overlays - - - name: Create UEFI firmware archive - run: zip -r RPi4_UEFI_Firmware_${{ steps.set_version.outputs.version }}.zip RPI_EFI.fd *.dtb config.txt fixup4.dat start4.elf overlays Readme.md firmware - - - name: Display SHA-256 - run: sha256sum Build/RPi4/*/FV/RPI_EFI.fd RPi4_UEFI_Firmware_${{ steps.set_version.outputs.version }}.zip - - - name: Create release - id: create_release - uses: softprops/action-gh-release@v1 - with: - draft: false - prerelease: false - token: ${{ secrets.GITHUB_TOKEN }} - body: Raspberry Pi 4 UEFI Firmware ${{ steps.set_version.outputs.version }} - tag_name: ${{ steps.set_version.outputs.version }} - files: RPi4_UEFI_Firmware_${{ steps.set_version.outputs.version }}.zip diff --git a/0003-No3GbMemLimit.patch b/0003-No3GbMemLimit.patch new file mode 100644 index 00000000..455821bb --- /dev/null +++ b/0003-No3GbMemLimit.patch @@ -0,0 +1,15 @@ +diff --git a/Platform/RaspberryPi/RPi4/RPi4.dsc b/Platform/RaspberryPi/RPi4/RPi4.dsc +index e04c764..63b400c 100644 +--- a/Platform/RaspberryPi/RPi4/RPi4.dsc ++++ b/Platform/RaspberryPi/RPi4/RPi4.dsc +@@ -511,8 +511,8 @@ + # + # Supporting > 3GB of memory. + # +- gRaspberryPiTokenSpaceGuid.PcdRamMoreThan3GB|L"RamMoreThan3GB"|gConfigDxeFormSetGuid|0x0|0 +- gRaspberryPiTokenSpaceGuid.PcdRamLimitTo3GB|L"RamLimitTo3GB"|gConfigDxeFormSetGuid|0x0|1 ++ gRaspberryPiTokenSpaceGuid.PcdRamMoreThan3GB|L"RamMoreThan3GB"|gConfigDxeFormSetGuid|0x0|1 ++ gRaspberryPiTokenSpaceGuid.PcdRamLimitTo3GB|L"RamLimitTo3GB"|gConfigDxeFormSetGuid|0x0|0 + + # + # Device Tree and ACPI selection. diff --git a/0004-systemtable-devicetree.patch b/0004-systemtable-devicetree.patch new file mode 100644 index 00000000..4c7d968c --- /dev/null +++ b/0004-systemtable-devicetree.patch @@ -0,0 +1,13 @@ +diff --git a/Platform/RaspberryPi/RPi4/RPi4.dsc b/Platform/RaspberryPi/RPi4/RPi4.dsc +index e04c764..6b64c7a 100644 +--- a/Platform/RaspberryPi/RPi4/RPi4.dsc ++++ b/Platform/RaspberryPi/RPi4/RPi4.dsc +@@ -521,7 +521,7 @@ + # 1 - SYSTEM_TABLE_MODE_BOTH + # 2 - SYSTEM_TABLE_MODE_DT + # +- gRaspberryPiTokenSpaceGuid.PcdSystemTableMode|L"SystemTableMode"|gConfigDxeFormSetGuid|0x0|0 ++ gRaspberryPiTokenSpaceGuid.PcdSystemTableMode|L"SystemTableMode"|gConfigDxeFormSetGuid|0x0|2 + + # + # Enable a fan in the ACPI thermal zone on GPIO pin # diff --git a/Dockerfile b/Dockerfile index cda6d806..53ad70fc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,5 @@ FROM ubuntu:22.04 AS builder -ARG VERSION=dev -ENV VERSION=${VERSION} RUN apt-get update && apt-get install -y \ build-essential \ @@ -19,7 +17,11 @@ COPY . . RUN patch --binary -d edk2 -p1 -i ../0001-MdeModulePkg-UefiBootManagerLib-Signal-ReadyToBoot-o.patch RUN patch --binary -d edk2-platforms -p1 -i ../0002-Check-for-Boot-Discovery-Policy-change.patch +RUN patch --binary -d edk2-platforms -p1 -i ../0003-No3GbMemLimit.patch +RUN patch --binary -d edk2-platforms -p1 -i ../0004-systemtable-devicetree.patch +ARG VERSION=dev +ENV VERSION=${VERSION} ENV WORKSPACE=/build ENV PACKAGES_PATH=$WORKSPACE/edk2:$WORKSPACE/edk2-platforms:$WORKSPACE/edk2-non-osi ENV GCC5_AARCH64_PREFIX=aarch64-linux-gnu- diff --git a/Readme.md b/Readme.md index beb30371..ffbe3b55 100644 --- a/Readme.md +++ b/Readme.md @@ -1,102 +1,20 @@ -Raspberry Pi 4 UEFI Firmware Images -=================================== +# ComputeBlade/CM4 optimized UEFI Firmware Images +> [!CAUTION] +> ** THE CONFIGURATION IS PROBABLY NOT SANE FOR ALL USERS ** -[![Build status](https://img.shields.io/github/actions/workflow/status/pftf/RPi4/linux_edk2.yml?style=flat-square)](https://github.com/pftf/RPi4/actions) -[![Github stats](https://img.shields.io/github/downloads/pftf/RPi4/total.svg?style=flat-square)](https://github.com/pftf/RPi4/releases) -[![Release](https://img.shields.io/github/release-pre/pftf/RPi4?style=flat-square)](https://github.com/pftf/RPi4/releases) +This is a fork of the amazing [pftf/RPi4](https://github.com/pftf/RPi4) project, which brings a UEFI images for the RaspberryPi 4 Model B. -# Summary +# Adaptations compared to the pftf/RPi4 proejct -This repository contains installable builds of the official -[EDK2 Raspberry Pi 4 UEFI firmware](https://github.com/tianocore/edk2-platforms/tree/master/Platform/RaspberryPi/RPi4). +## Ease of use improvements +- Allow easy local builds using `make dist` -# Initial Notice +## Firmware specific configuration +- Configure features for the [ComputeBlade](http://computeblade.com) +- **Disable SD Card** (avoids modifying the UEFI image from the operating system) +- Additional device-tree overlays -__PLEASE READ THE FOLLOWING:__ -πŸ”»πŸ”»πŸ”»πŸ”»πŸ”»πŸ”»πŸ”»πŸ”»πŸ”» -* Ethernet networking support in Linux requires a recent enough kernel (version 5.7 or - later) - -* SD or wireless support in Linux also requires a recent enough kernel (version 5.12 or - later). - Still, your mileage may vary as to whether these peripherals will actually be usable. - -* Many drivers (GPIO, VPU, etc) are still likely to be missing from your OS, and will - have to be provided by a third party. Please do not ask for them here, as they fall - outside of the scope of this project. - -* A 3 GB RAM limit is enforced __by default__, even if you are using a Raspberry Pi 4 - model that has 4 GB or 8 GB of RAM, on account that the OS **must** patch DMA access, - to work around a hardware bug that is present in the Broadcom SoC. - For Linux this usually translates to using a recent kernel (version 5.8 or later) and - for Windows this requires the installation of a filter driver. - If you are running an OS that has been adequately patched, you can disable the 3 GB - limit by going to `Device Manager` β†’ `Raspberry Pi Configuration` β†’ `Advanced Settings` - in the UEFI settings. - -* This firmware is built from the - [official EDK2 repository](https://github.com/tianocore/edk2-platforms/tree/master/Platform/RaspberryPi/RPi4), - with the following extra patch applied: - * `0001-MdeModulePkg-UefiBootManagerLib-Signal-ReadyToBoot-o.patch`, so that the - Graphical console is set as default. - -πŸ”ΊπŸ”ΊπŸ”ΊπŸ”ΊπŸ”ΊπŸ”ΊπŸ”ΊπŸ”ΊπŸ”Ί - -# Installation - -* Download the latest archive from the [Releases](https://github.com/pftf/RPi4/releases) - repository. - -* Create an SD card or a USB drive, with at least one partition (it can be a regular - partition or an [ESP](https://en.wikipedia.org/wiki/EFI_system_partition)) and format - it to FAT16 or FAT32. - - __Note:__ Booting from USB or from ESP requires a recent-enough version of the Pi - EEPROM (as well as a recent version of the UEFI firmware). If you are using the latest - UEFI firmware and find that booting from USB or from ESP doesn't work, please visit - https://github.com/raspberrypi/rpi-eeprom/releases to update your EEPROM. - -* Extract all the files from the archive onto the partition you created above. - Note that outside of this `Readme.md`, which you can safely remove, you should not - change the names of the extracted files and directories. - -# Usage - -Insert the SD card/plug the USB drive and power up your Raspberry Pi. You should see a -multicoloured screen (which indicates that the CPU-embedded bootloader is reading the -data from the SD/USB partition) and then the Raspberry Pi black and white logo once the -UEFI firmware is ready. - -At this stage, you can press Esc to enter the firmware setup, F1 -to launch the UEFI Shell, or, provided you also have an UEFI bootloader on the SD -card or on a USB drive in `efi/boot/bootaa64.efi`, you can let the UEFI system run that -(which will be the default if no action is taken). - -# Additional Notes - -The firmware provided in the zip archive is the `RELEASE` version but you can also find -a `DEBUG` build of the firmware in the -[GitHub CI artifacts](https://github.com/pftf/RPi4/actions). - -The provided firmwares should be able to auto-detect the UART being used (PL011 or mini -UART) according to whether `config.txt` contains the relevant overlay or not. The default -baudrate for serial I/O is `115200` and the console device to use under Linux is either -`/dev/ttyAMA0` when using PL011 or `/dev/ttyS0` when using miniUART. - -At the moment, the published firmwares default to enforcing ACPI as well as a 3 GB RAM -limit, which is done to ensure Linux boot. These settings can be changed by going to -`Device Manager` → `Raspberry Pi Configuration` → `Advanced Configuration`. - -Please visit https://rpi4-uefi.dev/ for more information. - -# License - -The firmware (`RPI_EFI.fd`) is licensed under the current EDK2 license, which is -[BSD-2-Clause-Patent](https://github.com/tianocore/edk2/blob/master/License.txt). - -The other files from the zip archives are licensed under the terms described in the -[Raspberry Pi boot files README](https://github.com/raspberrypi/firmware/blob/master/README.md). - -The binary blobs in the `firmware/` directory are licensed under the Cypress wireless driver -license that is found there. +## EDK2/UEFI specific changes +- Remove the default 3GB memory limit (**WARNING: this reduces compatibility**) +- Use device tree as system table by default (Required for exposing the PCIe bus to Linux) diff --git a/config.txt b/config.txt index 0adc68ec..12489f44 100644 --- a/config.txt +++ b/config.txt @@ -14,6 +14,7 @@ dtoverlay=uart5 dtoverlay=dwc2,dr_mode=host dtoverlay=vc4-kms-v3d-pi4 dtparam=spi=on -dtparam=i2c_arm=on dtoverlay=tpm-slb9670 +dtparam=i2c_arm=on dtoverlay=i2c-rtc,ds3231 +dtparam=sd=off