diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 879ca4893c1..cc589cb05c6 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -78,9 +78,6 @@ jobs: retention-days: 30 build_optiplex: runs-on: ubuntu-22.04 - container: - image: coreboot/coreboot-sdk:2023-11-24_2731fa619b - options: --user 1001 strategy: matrix: vendor: [ dell ] @@ -98,9 +95,7 @@ jobs: run: git submodule update --init --recursive --checkout - name: Build Dasharo run: | - cp configs/config.${{ matrix.vendor }}_${{ matrix.model }}_txt .config - make olddefconfig - make + ./build.sh ${{ matrix.model }} - name: Save artifacts uses: actions/upload-artifact@v4 with: @@ -110,9 +105,6 @@ jobs: retention-days: 30 build_msi: runs-on: ubuntu-22.04 - container: - image: coreboot/coreboot-sdk:2023-11-24_2731fa619b - options: --user 1001 strategy: matrix: vendor: [ msi ] @@ -130,9 +122,7 @@ jobs: run: git submodule update --init --recursive --checkout - name: Build Dasharo run: | - cp configs/config.${{ matrix.vendor }}_${{ matrix.model }} .config - make olddefconfig - make + ./build.sh ${{ matrix.model }} pkcs7sign=payloads/external/edk2/workspace/Dasharo/BaseTools/Source/Python/Pkcs7Sign ./capsule.sh make -t "$pkcs7sign"/TestRoot.pub.pem \ -o "$pkcs7sign"/TestSub.pub.pem \ @@ -175,9 +165,6 @@ jobs: retention-days: 30 build_pcengines: runs-on: ubuntu-22.04 - container: - image: coreboot/coreboot-sdk:2023-11-24_2731fa619b - options: --user 1001 strategy: matrix: vendor: [ pcengines ] @@ -196,9 +183,7 @@ jobs: run: git submodule update --init --recursive --checkout - name: Build Dasharo run: | - cp configs/config.${{ matrix.vendor }}_${{ matrix.payload }}_${{ matrix.model }} .config - make olddefconfig - make + ./build.sh ${{ matrix.model }} - name: Save artifacts uses: actions/upload-artifact@v4 with: @@ -208,9 +193,6 @@ jobs: retention-days: 30 build_q35: runs-on: ubuntu-22.04 - container: - image: coreboot/coreboot-sdk:2023-11-24_2731fa619b - options: --user 1001 strategy: matrix: vendor: [ emulation_qemu ] @@ -227,9 +209,7 @@ jobs: fetch-depth: 0 - name: Build Dasharo run: | - cp configs/config.${{ matrix.vendor }}_${{ matrix.model }}_${{ matrix.payload }} .config - make olddefconfig - make + ./build.sh ${{ matrix.model }}_${{ matrix.payload }} - name: Save artifacts uses: actions/upload-artifact@v4 with: @@ -239,9 +219,6 @@ jobs: retention-days: 30 build_hardkernel_odroid_h4: runs-on: ubuntu-22.04 - container: - image: coreboot/coreboot-sdk:2024-02-18_732134932b - options: --user 1001 strategy: matrix: vendor: [ hardkernel ] @@ -259,9 +236,7 @@ jobs: run: git submodule update --init --recursive --checkout - name: Build Dasharo run: | - cp configs/config.${{ matrix.vendor }}_${{ matrix.model }} .config - make olddefconfig - make + ./build.sh ${{ matrix.model }} - name: Save artifacts uses: actions/upload-artifact@v4 with: diff --git a/build.sh b/build.sh index a57fafb03a6..0d12cf5aba7 100755 --- a/build.sh +++ b/build.sh @@ -38,7 +38,55 @@ usage() { } SDKVER="2024-02-18_732134932b" +DASHARO_SDK=${DASHARO_SDK:-"ghcr.io/dasharo/dasharo-sdk:v1.6.0"} +BUILD_TIMELESS=${BUILD_TIMELESS:-0} +AIRGAP=${AIRGAP:-0} +function sdk_run { + docker run --rm -t -u $UID -v $PWD:/home/coreboot/coreboot \ + -v $HOME/.ssh:/home/coreboot/.ssh \ + -e BUILD_TIMELESS=${BUILD_TIMELESS} \ + -w /home/coreboot/coreboot ${DASHARO_SDK} \ + "$@" +} + +function build_prep { + if [ "${AIRGAP}" -eq 1 ]; then + sdk_run /bin/bash -c "make clean" + else + sdk_run /bin/bash -c "make distclean" + fi + + cp "${DEFCONFIG}" .config + + git submodule update --init --checkout $@ +} + +function build_start { + if [ "${AIRGAP}" -eq 1 ]; then + + # In this situation we assume that provided repository is ready to be used + # and nothing should be downloaded during build process. + + if [ -d "${EDK2_REPO_PATH}" ]; then + # Without following sequence workspce would be created by docker with root + # privilidges and build will fail. + # Target directory + TARGET_DIR="payloads/external/edk2/workspace/Dasharo" + mkdir -p "$TARGET_DIR" + chown -R $(id -u):$(id -g) "$TARGET_DIR" + chmod -R 755 "$TARGET_DIR" + sdk_run --network none \ + ${EDK2_REPO_PATH:+-v $EDK2_REPO_PATH:/home/coreboot/coreboot/${TARGET_DIR}} \ + /bin/bash -c "make olddefconfig && make -j$(nproc)" + else + echo "EDK2_REPO_PATH is not defined in AIRGAP!" + exit 1 + fi + else + sdk_run /bin/bash -c "make olddefconfig && make -j$(nproc)" + fi +} function build_optiplex_9010 { DEFCONFIG=$1 @@ -55,21 +103,11 @@ function build_optiplex_9010 { # Combine FW flavor with version FW_VERSION="${FW_FLAVOR}_${FW_VERSION}" - docker run --rm -t -u $UID -v $PWD:/home/coreboot/coreboot \ - -v $HOME/.ssh:/home/coreboot/.ssh \ - -w /home/coreboot/coreboot coreboot/coreboot-sdk:$SDKVER \ - /bin/bash -c "make distclean" - - cp "${DEFCONFIG}" .config - - git submodule update --init --checkout + build_prep echo "Building Dasharo compatible with Dell OptiPlex 7010/9010 (version $FW_VERSION)" - docker run --rm -t -u $UID -v $PWD:/home/coreboot/coreboot \ - -v $HOME/.ssh:/home/coreboot/.ssh \ - -w /home/coreboot/coreboot coreboot/coreboot-sdk:$SDKVER \ - /bin/bash -c "make olddefconfig && make -j$(nproc)" + build_start cp build/coreboot.rom ${BOARD}_${FW_VERSION}.rom if [ $? -eq 0 ]; then @@ -85,21 +123,11 @@ function build_msi { DEFCONFIG="configs/config.${BOARD}_$1" FW_VERSION=$(cat ${DEFCONFIG} | grep CONFIG_LOCALVERSION | cut -d '=' -f 2 | tr -d '"') - docker run --rm -t -u $UID -v $PWD:/home/coreboot/coreboot \ - -v $HOME/.ssh:/home/coreboot/.ssh \ - -w /home/coreboot/coreboot coreboot/coreboot-sdk:$SDKVER \ - /bin/bash -c "make distclean" - - cp "${DEFCONFIG}" .config - - git submodule update --init --checkout + build_prep echo "Building Dasharo compatible with MSI PRO $2(WIFI) (version $FW_VERSION)" - docker run --rm -t -u $UID -v $PWD:/home/coreboot/coreboot \ - -v $HOME/.ssh:/home/coreboot/.ssh \ - -w /home/coreboot/coreboot coreboot/coreboot-sdk:$SDKVER \ - /bin/bash -c "make olddefconfig && make -j$(nproc)" + build_start cp build/coreboot.rom ${BOARD}_${FW_VERSION}_$1.rom if [ $? -eq 0 ]; then @@ -116,23 +144,11 @@ function build_protectli_vault { FW_VERSION=$(cat ${DEFCONFIG} | grep CONFIG_LOCALVERSION | cut -d '=' -f 2 | tr -d '"') LOGO="3rdparty/dasharo-blobs/protectli/bootsplash.bmp" - if [ ! -d 3rdparty/dasharo-blobs/protectli ]; then - git submodule update --init --checkout - fi - - docker run --rm -t -u $UID -v $PWD:/home/coreboot/coreboot \ - -v $HOME/.ssh:/home/coreboot/.ssh \ - -w /home/coreboot/coreboot coreboot/coreboot-sdk:2021-09-23_b0d87f753c \ - /bin/bash -c "make distclean" - - cp $DEFCONFIG .config + build_prep echo "Building Dasharo for Protectli $BOARD (version $FW_VERSION)" - docker run --rm -t -u $UID -v $PWD:/home/coreboot/coreboot \ - -v $HOME/.ssh:/home/coreboot/.ssh \ - -w /home/coreboot/coreboot coreboot/coreboot-sdk:$SDKVER \ - /bin/bash -c "make olddefconfig && make -j$(nproc)" + build_start docker run --rm -t -u $UID -v $PWD:/home/coreboot/coreboot \ -v $HOME/.ssh:/home/coreboot/.ssh \ @@ -161,23 +177,11 @@ function build_v1x10 { FW_VERSION=$(cat ${DEFCONFIG} | grep CONFIG_LOCALVERSION | cut -d '=' -f 2 | tr -d '"') LOGO="3rdparty/dasharo-blobs/protectli/bootsplash.bmp" - if [ ! -d 3rdparty/dasharo-blobs/protectli ]; then - git submodule update --init --checkout - fi - - docker run --rm -t -u $UID -v $PWD:/home/coreboot/coreboot \ - -v $HOME/.ssh:/home/coreboot/.ssh \ - -w /home/coreboot/coreboot coreboot/coreboot-sdk:$SDKVER \ - /bin/bash -c "make distclean" - - cp $DEFCONFIG .config + build_prep echo "Building Dasharo for Protectli $1 (version $FW_VERSION)" - docker run --rm -t -u $UID -v $PWD:/home/coreboot/coreboot \ - -v $HOME/.ssh:/home/coreboot/.ssh \ - -w /home/coreboot/coreboot coreboot/coreboot-sdk:$SDKVER \ - /bin/bash -c "make olddefconfig && make -j$(nproc)" + build_start docker run --rm -t -u $UID -v $PWD:/home/coreboot/coreboot \ -v $HOME/.ssh:/home/coreboot/.ssh \ @@ -289,23 +293,11 @@ function build_pcengines { # checkout several submodules needed by these boards (some others are checked # out by coreboot's Makefile) - git submodule update --init --force --checkout \ - 3rdparty/dasharo-blobs \ - 3rdparty/vboot - - docker run --rm -t -u $UID -v $PWD:/home/coreboot/coreboot \ - -v $HOME/.ssh:/home/coreboot/.ssh \ - -w /home/coreboot/coreboot coreboot/coreboot-sdk:$SDKVER \ - /bin/bash -c "make distclean" - - cp $DEFCONFIG .config + build_prep 3rdparty/dasharo-blobs 3rdparty/vboot echo "Building Dasharo for PC Engines ${VARIANT^^*} (version $FW_VERSION)" - docker run --rm -t -u $UID -v $PWD:/home/coreboot/coreboot \ - -v $HOME/.ssh:/home/coreboot/.ssh \ - -w /home/coreboot/coreboot coreboot/coreboot-sdk:$SDKVER \ - /bin/bash -c "make olddefconfig && make -j$(nproc)" + build_start cp build/coreboot.rom pcengines_${VARIANT}_${FW_VERSION}.rom if [ $? -eq 0 ]; then @@ -323,22 +315,11 @@ function build_qemu { # checkout several submodules needed by these boards (some others are checked # out by coreboot's Makefile) - git submodule update --init --force --checkout \ - 3rdparty/dasharo-blobs - - docker run --rm -t -u $UID -v $PWD:/home/coreboot/coreboot \ - -v $HOME/.ssh:/home/coreboot/.ssh \ - -w /home/coreboot/coreboot coreboot/coreboot-sdk:$SDKVER \ - /bin/bash -c "make distclean" - - cp $DEFCONFIG .config + build_prep 3rdparty/dasharo-blobs echo "Building Dasharo for QEMU Q35 (version $FW_VERSION)" - docker run --rm -t -u $UID -v $PWD:/home/coreboot/coreboot \ - -v $HOME/.ssh:/home/coreboot/.ssh \ - -w /home/coreboot/coreboot coreboot/coreboot-sdk:$SDKVER \ - /bin/bash -c "make olddefconfig && make -j$(nproc)" + build_start cp build/coreboot.rom qemu_q35_${FW_VERSION}.rom if [ $? -eq 0 ]; then @@ -351,27 +332,16 @@ function build_qemu { } function build_odroid_h4 { - DEFCONFIG="configs/config.hardkernel_odroid_h4" + DEFCONFIG=$1 FW_VERSION=$(cat ${DEFCONFIG} | grep CONFIG_LOCALVERSION | cut -d '=' -f 2 | tr -d '"') # checkout several submodules needed by these boards (some others are checked # out by coreboot's Makefile) - git submodule update --init --force --checkout \ - 3rdparty/dasharo-blobs - - docker run --rm -t -u $UID -v $PWD:/home/coreboot/coreboot \ - -v $HOME/.ssh:/home/coreboot/.ssh \ - -w /home/coreboot/coreboot coreboot/coreboot-sdk:$SDKVER \ - /bin/bash -c "make distclean" - - cp $DEFCONFIG .config + build_prep 3rdparty/dasharo-blobs echo "Building Dasharo compatbile with Hardkernel ODROID H4 (version $FW_VERSION)" - docker run --rm -t -u $UID -v $PWD:/home/coreboot/coreboot \ - -v $HOME/.ssh:/home/coreboot/.ssh \ - -w /home/coreboot/coreboot coreboot/coreboot-sdk:$SDKVER \ - /bin/bash -c "make olddefconfig && make -j$(nproc)" + build_start cp build/coreboot.rom hardkernel_odroid_h4_${FW_VERSION}.rom if [ $? -eq 0 ]; then @@ -391,19 +361,19 @@ fi CMD="$1" case "$CMD" in - "ddr4" | "z690a_ddr4") + "ddr4" | "z690a_ddr4" | "ms7d25_ddr4") BOARD="msi_ms7d25" build_msi ddr4 "Z690-A DDR4 " ;; - "ddr5" | "z690a_ddr5") + "ddr5" | "z690a_ddr5" | "ms7d25_ddr5") BOARD="msi_ms7d25" build_msi ddr5 "Z690-A DDR5 " ;; - "z790p_ddr4") + "z790p_ddr4" | "ms7e06_ddr4") BOARD="msi_ms7e06" build_msi ddr4 "Z790-P DDR4 " ;; - "z790p_ddr5") + "z790p_ddr5" | "ms7e06_ddr5") BOARD="msi_ms7e06" build_msi ddr5 "Z790-P DDR5 " ;; @@ -487,22 +457,27 @@ case "$CMD" in "apu6" | "APU6" ) build_pcengines "apu6" ;; - "optiplex_9010_uefi") + "optiplex_9010_uefi" | "optiplex_9010_sff_uefi") BOARD="optiplex_9010" build_optiplex_9010 "configs/config.dell_optiplex_9010_sff_uefi_txt" ;; - "optiplex_9010_seabios") + "optiplex_9010_seabios" | "optiplex_9010_sff") BOARD="optiplex_9010" build_optiplex_9010 "configs/config.dell_optiplex_9010_sff_txt" ;; - "qemu" | "QEMU" | "q35" | "Q35" ) + "qemu" | "QEMU" | "q35" | "Q35" | "x86_q35_uefi" ) build_qemu ;; - "qemu_full" | "QEMU_full" | "q35_full" | "Q35_full" ) + "qemu_full" | "QEMU_full" | "q35_full" | "Q35_full" | "x86_q35_uefi_all_menus" ) build_qemu "_all_menus" ;; "odroid_h4" | "odroid_H4" | "ODROID_H4" ) - build_odroid_h4 + BOARD="odroid_h4" + build_odroid_h4 "configs/config.hardkernel_odroid_h4" + ;; + "odroid_h4_btg" ) + BOARD="odroid_h4" + build_odroid_h4 "configs/config.hardkernel_odroid_h4_btg" ;; *) echo "Invalid command: \"$CMD\"" diff --git a/configs/config.hardkernel_odroid_h4_btg b/configs/config.hardkernel_odroid_h4_btg new file mode 100644 index 00000000000..d7104caa66e --- /dev/null +++ b/configs/config.hardkernel_odroid_h4_btg @@ -0,0 +1,68 @@ +CONFIG_LOCALVERSION="v0.9.0" +CONFIG_OPTION_BACKEND_NONE=y +CONFIG_VENDOR_HARDKERNEL=y +CONFIG_VBOOT=y +CONFIG_EDK2_CPU_THROTTLING_THRESHOLD_DEFAULT=10 +CONFIG_IFD_BIN_PATH="3rdparty/dasharo-blobs/$(MAINBOARDDIR)/descriptor.bin" +CONFIG_ME_BIN_PATH="3rdparty/dasharo-blobs/$(MAINBOARDDIR)/me.bin" +CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x100000 +CONFIG_PCIEXP_DEFAULT_MAX_RESIZABLE_BAR_BITS=37 +CONFIG_HAVE_IFD_BIN=y +CONFIG_EDK2_BOOTSPLASH_FILE="3rdparty/dasharo-blobs/dasharo/bootsplash.bmp" +CONFIG_TPM_MEASURED_BOOT=y +CONFIG_POWER_STATE_OFF_AFTER_FAILURE=y +CONFIG_HAVE_ME_BIN=y +CONFIG_DASHARO_PREFER_S3_SLEEP=y +CONFIG_PCIEXP_SUPPORT_RESIZABLE_BARS=y +CONFIG_DRIVERS_EFI_VARIABLE_STORE=y +CONFIG_DRIVERS_GENERIC_CBFS_SERIAL=y +CONFIG_DRIVERS_GENERIC_CBFS_UUID=y +# CONFIG_DRIVERS_MTK_WIFI is not set +CONFIG_CBFS_VERIFICATION=y +CONFIG_VBOOT_CBFS_INTEGRATION=y +CONFIG_TPM2=y +CONFIG_INTEL_TXT_BIOSACM_FILE="ADL_BIOSAC_v1_18_16_20230427_REL_NT_O1.PW_signed_256K.bin" +CONFIG_INTEL_CBNT_SUPPORT=y +CONFIG_INTEL_CBNT_LOGGING=y +# CONFIG_INTEL_CBNT_GENERATE_KM is not set +# CONFIG_INTEL_CBNT_GENERATE_BPM is not set +CONFIG_INTEL_CBNT_KEY_MANIFEST_BINARY="key_manifest.bin" +CONFIG_INTEL_CBNT_BOOT_POLICY_MANIFEST_BINARY="bpm_manifest.bin" +CONFIG_BOOTMEDIA_LOCK_CONTROLLER=y +CONFIG_BOOTMEDIA_LOCK_WPRO_VBOOT_RO=y +CONFIG_BOOTMEDIA_LOCK_IN_VERSTAGE=y +CONFIG_BOOTMEDIA_SMM_BWP=y +CONFIG_DEFAULT_CONSOLE_LOGLEVEL_0=y +CONFIG_PAYLOAD_EDK2=y +CONFIG_EDK2_REPOSITORY="https://github.com/Dasharo/edk2" +CONFIG_EDK2_TAG_OR_REV="7dbfe58ba5dc08e07c253e53b5c1bfed7758ddf6" +CONFIG_EDK2_CBMEM_LOGGING=y +CONFIG_EDK2_FOLLOW_BGRT_SPEC=y +CONFIG_EDK2_SERIAL_SUPPORT=y +CONFIG_BUILD_IPXE=y +CONFIG_IPXE_NO_PROMPT=y +CONFIG_IPXE_ADD_SCRIPT=y +CONFIG_IPXE_SCRIPT="3rdparty/dasharo-blobs/dasharo/dasharo.ipxe" +CONFIG_IPXE_CUSTOM_BUILD_ID="0123456789" +CONFIG_EDK2_SKIP_PS2_DETECT=y +CONFIG_EDK2_ENABLE_IPXE=y +# CONFIG_EDK2_SECURE_BOOT_DEFAULT_ENABLE is not set +CONFIG_EDK2_SATA_PASSWORD=y +CONFIG_EDK2_OPAL_PASSWORD=y +CONFIG_EDK2_SETUP_PASSWORD=y +CONFIG_EDK2_DASHARO_SYSTEM_FEATURES=y +CONFIG_EDK2_DASHARO_SECURITY_OPTIONS=y +CONFIG_EDK2_DASHARO_USB_CONFIG=y +CONFIG_EDK2_DASHARO_NETWORK_CONFIG=y +CONFIG_EDK2_DASHARO_POWER_CONFIG=y +CONFIG_EDK2_CPU_THROTTLING_THRESHOLD_OPTION=y +CONFIG_EDK2_DASHARO_PCI_CONFIG=y +CONFIG_EDK2_DASHARO_SERIAL_REDIRECTION_DEFAULT_ENABLE=y +CONFIG_EDK2_DASHARO_CPU_CONFIG=y +CONFIG_EDK2_CORE_DISABLE_OPTION=y +CONFIG_EDK2_HYPERTHREADING_OPTION=y +CONFIG_EDK2_BOOT_MENU_KEY=0x0015 +CONFIG_EDK2_SETUP_MENU_KEY=0x0008 +CONFIG_EDK2_CREATE_PREINSTALLED_BOOT_OPTIONS=y +CONFIG_DISPLAY_FSP_CALLS_AND_STATUS=y +CONFIG_DISPLAY_FSP_HEADER=y