{ stdenv, fetchurl, fetchgit , linkFarm, overrideCC , writeText, writeShellScriptBin , gnat, bison, flex, zlib, python3 , libfaketime, gnumake # options , rev # coreboot git revision , sources # coreboot sources attrset , arch ? "i386" # target architecture , conf ? { } # coreboot configuration }: let lib = stdenv.lib; adaStdenv = overrideCC stdenv gnat; version = lib.substring 0 6 rev; in rec { ## Sources # coreboot source src = fetchgit { url = "https://review.coreboot.org/coreboot.git"; fetchSubmodules = true; inherit (sources) rev sha256; }; # seabios source seabios = builtins.fetchGit { url = "https://review.coreboot.org/seabios.git"; rev = conf.seabios.revision_id; }; # tarballs needed to build the toolchain tarballs = linkFarm "toolchain-tarballs" (map (file: { name = file.name; path = toString file; }) sources.toolchain); ## Helpers # converts Nix attrs to Kconfig format toConf = top: n: v: with builtins; let prefix = lib.optionalString top "CONFIG_"; nconv = n: replaceStrings ["-"] ["_"] (lib.toUpper n); vconv = v: if isBool v then (if v then "y" else "n") else if (isString v) || (isPath v) || (lib.isDerivation v) then "\"${v}\"" else toString v; in if (lib.isAttrs v && ! lib.isDerivation v) then (lib.concatMapStringsSep "\n" (line: "${prefix}${nconv n}_${line}") (lib.mapAttrsToList (toConf false) v)) else "${prefix}${nconv n}=${vconv v}"; # the coreboot Kconfig file defConfig = with lib; writeText "defconfig" (concatStringsSep "\n" (mapAttrsToList (toConf true) conf)); # returns the current revision fakegit = writeShellScriptBin "git" "echo ${version}"; # does nothing, just to trick buildgcc fakecurl = writeShellScriptBin "curl" "echo curl 1.2.3"; # runs make with faketime for determinism faketime = writeShellScriptBin "make" '' exec ${libfaketime}/bin/faketime -f '1970-01-01 00:00:01' \ ${gnumake}/bin/make "$@" ''; ## Packages # the coreboot compilers toolchain toolchain = adaStdenv.mkDerivation { pname = "coreboot-toolchain"; inherit version src; nativeBuildInputs = [ fakecurl fakegit bison flex zlib ]; # link source tarballs preBuild = "ln -s ${tarballs} util/crossgcc/tarballs"; # https://github.com/NixOS/nixpkgs/pull/107435 hardeningDisable = [ "format" ]; makeFlags = [ "CPUS=$(NIX_BUILD_CORES)" "DEST=$(out)" "crossgcc-${arch}" ]; dontInstall = true; meta = with stdenv.lib; { description = "Coreboot compilers toolchain"; homepage = "https://www.coreboot.org"; license = licenses.gpl2Only; platforms = platforms.all; }; }; # the final coreboot rom coreboot = stdenv.mkDerivation { pname = "coreboot"; inherit src version; nativeBuildInputs = [ faketime fakegit ] ++ lib.optional ( conf ? "use-me-cleaner" || conf ? "seabios") python3; postPatch = "patchShebangs ."; preBuild = '' # write default configuration cp ${defConfig} .config make olddefconfig # copy payload ${lib.optionalString (conf ? "seabios") '' cp -r ${seabios} payloads/external/SeaBIOS/seabios chmod -R +w payloads/external/SeaBIOS/seabios ''} ''; makeFlags = [ "ARCH=${arch}" # https://review.coreboot.org/c/coreboot/+/48937 "XGCCPATH=${toolchain}/bin/" ]; installPhase = '' install -Dm644 build/coreboot.rom $out/coreboot.rom install -Dm644 .config $out/config make savedefconfig DEFCONFIG=$out/defconfig ''; meta = with stdenv.lib; { description = "Fast, secure and flexible OpenSource firmware"; longDescription = '' coreboot is an extended firmware platform that delivers a lightning fast and secure boot experience on modern computers and embedded systems. As an Open Source project it provides auditability and maximum control over technology. ''; homepage = "https://www.coreboot.org"; license = licenses.gpl2Only; platforms = platforms.all; }; }; }