-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathflake.nix
149 lines (127 loc) · 4.42 KB
/
flake.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
{
description = "ThinkPad T440P coreboot";
outputs = { self, nixpkgs }:
let
pkgs = nixpkgs.legacyPackages.x86_64-linux;
libreboot-pins = builtins.fromJSON (builtins.readFile ./libreboot.json);
in
with pkgs;
{
packages.x86_64-linux = rec {
# script from coreboot that extracts mrc.bin from chromeos recovery images
crosfirmware = callPackage ./crosfirmware {};
# mrc.bin blob
mrc = callPackage ./mrc.nix { inherit crosfirmware; };
# grub compiled with coreboot support
grub-coreboot = callPackage ./grub.nix {
inherit libreboot;
gnulib-src = fetchgit libreboot-pins.gnulib;
src = fetchgit libreboot-pins.grub;
};
# grub coreboot payload
grub-payload = callPackage ./grub-payload { inherit grub-coreboot; };
# libreboot's pinned rev of me_cleaner
me_cleaner = pkgs.me_cleaner.overrideAttrs (old: {
src = fetchFromGitHub libreboot-pins.me_cleaner;
});
# lbmk source code
libreboot = fetchgit libreboot-pins.libreboot;
# cleaned intel me rom
me = callPackage ./me.nix {};
# function to build a payload-free coreboot image
mkCoreboot = callPackage ./coreboot/mkCoreboot.nix {};
# coreboot image for the t440p device
coreboot-t440p = callPackage ./coreboot/t440p.nix {
inherit libreboot me mkCoreboot mrc;
};
# the final rom with an embedded grub payload. can be flashed directly to the device.
rom = callPackage ./rom.nix {
elfPayload = grub-payload;
cbfs-files = {
"grub.cfg" = ./grub-payload/grub.cfg;
"grub-test.cfg" = ./grub-payload/grub-test.cfg;
};
coreboot = coreboot-t440p;
};
# a rom with grub-enforced signature checking. a public key must be embedded after the build.
# example: cbfstool coreboot.bin add -n boot.key -f mypubkey.pub -t raw
rom-securegrub = callPackage ./rom.nix {
elfPayload = grub-payload;
cbfs-files = {
"grub.cfg" = ./grub-payload/grub-secureboot.cfg;
};
coreboot = coreboot-t440p;
};
seabios = callPackage ./seabios.nix {
src = fetchgit libreboot-pins.seabios;
inherit libreboot;
};
rom-seabios = callPackage ./rom.nix {
coreboot = coreboot-t440p;
elfPayload = "${seabios}/seabios_libgfxinit.elf";
cbfs-files = {
"vgaroms/seavgabios.bin" = "${seabios}/seavgabios.bin";
};
cbfs-ints = {
"etc/pci-optionrom-exec" = 2;
"etc/ps2-keyboard-spinup" = 3000;
"etc/optionroms-checksum" = 0;
"etc/only-load-option-roms" = 0;
};
};
# a tinyconfig linux kernel for t440p
tinylinux = callPackage ./tinylinux {};
# small initramfs that include busybox
busybox-initramfs = callPackage ./busybox-initramfs {
inherit (pkgsCross.gnu32.pkgsStatic) busybox;
};
# qemu runner script for the tinylinux kernel
tinylinux-qemu-runner = writeScriptBin "tinylinux-qemu-runner" ''
#!${runtimeShell}
${qemu}/bin/qemu-system-x86_64 -enable-kvm -kernel ${tinylinux} -initrd ${busybox-initramfs} -serial stdio
'';
# rom that boots to a linux/busybox environment
rom-tinylinux-busybox = callPackage ./rom.nix {
coreboot = coreboot-t440p;
linuxKernelPayload = tinylinux;
linuxInitrd = busybox-initramfs;
linuxCmdline = "earlyprintk=vga,keep ignore_loglevel init=/init";
};
# bootable disk image for the stock firmware. this is the only way to update the embedded controller firmware.
lenovo-fw = callPackage ./lenovo-fw {};
# all roms for ci
default = stdenv.mkDerivation {
name = "t440p-all-fw";
dontBuild = true;
dontUnpack = true;
installPhase = ''
mkdir $out
cp -r ${rom} $out/rom-grub-basic
cp -r ${rom-securegrub} $out/rom-grub-secure
cp -r ${rom-seabios} $out/rom-seabios
'';
};
};
devShells.x86_64-linux.default =
mkShell {
name = "shell";
nativeBuildInputs = [
pkg-config
ncurses5
m4
bison
flex
zlib
coreboot-toolchain.i386
autoconf
automake
gettext
gnulib
coreboot-utils
innoextract
freetype
gnupg
];
};
};
}