nixboot/README.md
2020-12-31 12:42:03 +01:00

3.6 KiB

Nixboot

Simple declarative and reproducible coreboot images

This repository contains a minimal interface to build coreboot images using Nix. Coreboot is already near 100% binary reproducible and can be configured via Kconfig; however the process is somewhat involved: it requires maintaining a local checkout of the coreboot source, several config files and shell scripts. Nixboot automates this process and allows to control it declaratively from a single file.

Supported features

  • Changing target architecture
  • Building an Intel firmware
  • Running me_cleaner
  • Generating blobs using bincfg
  • SeaBios as payload

Other payloads (including secondaries) can be very easily added.

Build instructions

1. Fetching sources

Go to the board status page and find the latest tested revision for your mainboard, or pick one yourself. Next, to fetch all the source archives needed to build coreboot, run:

scripts/gen-sources.sh REV > sources.nix

where REV is the revision you chose.

This may take a while depending on your connection: consider coreboot will build its own compiler toolchain from source.

2. Configuring

Once the sources.nix has been generated, to configure coreboot and the payload, write a board.nix, like:

{ pkgs ? import <nixpkgs> { } }:

pkgs.callPackage ./coreboot.nix {
  # known good revision
  rev = "d8bc5c127ad13ed0475bbf7465f6ba56a5fa34ee";
  sources = pkgs.callPackage ./sources.nix { };

  conf = {
    # mainboard
    vendor.lenovo = true;
    board.lenovo-x230 = true;

    # drivers
    pciexp = {
      hotplug      = true;
      clk-pm       = true;
      l1-sub-state = true;
    };

    # display
    generic-linear-framebuffer = true;
    linear-framebuffer = {
      max-width  = 1024;
      max-height = 768;
    };

    # payload
    seabios = {
      revision    = true;
      revision-id = "ef88eeaf052c8a7d28c5f85e790c5e45bcffa45e";
    };
  };

}

The configuration options can be found on the coreboot website. The names are case-insensitive and options with the same prefix (for example PCIEXP_) can be conveniently grouped into a set.

Valid option values includes:

  • booleans
  • strings
  • integers
  • paths (will be copied into the Nix store)
  • derivations (will be converted to store paths)

3. Building

Simply run

nix build -f board.nix coreboot

This will build the toolchain, the full configuration and use them to build coreboot itself. The output consist of:

result/
├── config
├── coreboot.rom
└── defconfig

where config contains the full coreboot configuration, defconfig only the non-default ones and coreboot.rom is the final image, ready to be flashed.

It's also possible to only build the toolchain using the toolchain attribute and see the defconfig before building with defConfig.

License

Copyright (C) 2021 Michele Guerini Rocco

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.