nixboot/coreboot.nix

159 lines
4.2 KiB
Nix
Raw Normal View History

2020-12-29 19:39:25 +01:00
{ stdenv, fetchurl, fetchgit
, linkFarm, overrideCC
, writeText, writeShellScriptBin
, gnat, bison, flex, zlib, python3
, libfaketime, gnumake
# options
, rev # coreboot git revision
, sources # coreboot sources attrset
, arch ? "i386" # target architecture
, conf ? { } # coreboot configuration
}:
let
lib = stdenv.lib;
adaStdenv = overrideCC stdenv gnat;
version = lib.substring 0 6 rev;
in rec {
## Sources
# coreboot source
src = fetchgit {
url = "https://review.coreboot.org/coreboot.git";
fetchSubmodules = true;
inherit (sources) rev sha256;
};
# seabios source
seabios = builtins.fetchGit {
url = "https://review.coreboot.org/seabios.git";
rev = conf.seabios.revision_id;
};
# tarballs needed to build the toolchain
tarballs = linkFarm "toolchain-tarballs"
(map (file: { name = file.name; path = toString file; })
sources.toolchain);
## Helpers
# converts Nix attrs to Kconfig format
toConf = top: n: v: with builtins;
let
prefix = lib.optionalString top "CONFIG_";
nconv = n: replaceStrings ["-"] ["_"] (lib.toUpper n);
vconv = v: if isBool v then (if v then "y" else "n")
else if (isString v) || (isPath v) || (lib.isDerivation v) then "\"${v}\""
else toString v;
in
if (lib.isAttrs v && ! lib.isDerivation v)
then (lib.concatMapStringsSep "\n"
(line: "${prefix}${nconv n}_${line}")
(lib.mapAttrsToList (toConf false) v))
else "${prefix}${nconv n}=${vconv v}";
# the coreboot Kconfig file
defConfig = with lib;
writeText "defconfig"
(concatStringsSep "\n"
(mapAttrsToList (toConf true) conf));
# returns the current revision
fakegit = writeShellScriptBin "git" "echo ${version}";
# does nothing, just to trick buildgcc
fakecurl = writeShellScriptBin "curl" "echo curl 1.2.3";
# runs make with faketime for determinism
faketime = writeShellScriptBin "make" ''
exec ${libfaketime}/bin/faketime -f '1970-01-01 00:00:01' \
${gnumake}/bin/make "$@"
'';
## Packages
# the coreboot compilers toolchain
toolchain = adaStdenv.mkDerivation {
pname = "coreboot-toolchain";
inherit version src;
nativeBuildInputs = [
fakecurl fakegit
bison flex zlib
];
# link source tarballs
preBuild = "ln -s ${tarballs} util/crossgcc/tarballs";
# https://github.com/NixOS/nixpkgs/pull/107435
hardeningDisable = [ "format" ];
makeFlags =
[ "CPUS=$(NIX_BUILD_CORES)"
"DEST=$(out)"
"crossgcc-${arch}"
];
dontInstall = true;
meta = with stdenv.lib; {
description = "Coreboot compilers toolchain";
homepage = "https://www.coreboot.org";
license = licenses.gpl2Only;
platforms = platforms.all;
};
};
# the final coreboot rom
coreboot = stdenv.mkDerivation {
pname = "coreboot";
inherit src version;
nativeBuildInputs = [ faketime fakegit ]
++ lib.optional (conf ? "use-me-cleaner") python3;
postPatch = "patchShebangs .";
preBuild = ''
# write default configuration
cp ${defConfig} .config
make olddefconfig
# copy payload
${lib.optionalString (conf ? "seabios") ''
cp -r ${seabios} payloads/external/SeaBIOS/seabios
chmod -R +w payloads/external/SeaBIOS/seabios
''}
'';
makeFlags =
[ "ARCH=${arch}"
# https://review.coreboot.org/c/coreboot/+/48937
"XGCCPATH=${toolchain}/bin/"
];
installPhase = ''
install -Dm644 build/coreboot.rom $out/coreboot.rom
install -Dm644 .config $out/config
make savedefconfig DEFCONFIG=$out/defconfig
'';
meta = with stdenv.lib; {
description = "Fast, secure and flexible OpenSource firmware";
longDescription = ''
coreboot is an extended firmware platform that delivers a lightning
fast and secure boot experience on modern computers and embedded
systems. As an Open Source project it provides auditability and maximum
control over technology.
'';
homepage = "https://www.coreboot.org";
license = licenses.gpl2Only;
platforms = platforms.all;
};
};
}