~amjoseph/ownerboot

e440cbcbf545da0a97d6d40e027febc30451d5f7 — Adam Joseph 2 months ago 453d11d
kgpe, am1i: deduplicate code

The fmap generator for kgpe and am1i is now identical (previously, it was
not), so this commit lifts that routine into `common/amd64.nix`, so fixes
won't need to be applied in two places.
3 files changed, 48 insertions(+), 75 deletions(-)

M src/platform/am1i/default.nix
M src/platform/common/amd64.nix
M src/platform/kgpe/default.nix
M src/platform/am1i/default.nix => src/platform/am1i/default.nix +4 -35
@@ 3,16 3,7 @@
}:

{
  overlays = common_amd64.overlays ++ [(final: prev:
    let
      fmap-size-in-bytes = 1024;
      flash-chip-bytes-per-image = final.flash-chip-size-in-bytes / final.images-per-flash-chip;
      cbfs-size-in-bytes = flash-chip-bytes-per-image - fmap-size-in-bytes;
      fallback-image-address-in-bytes =
        if final.images-per-flash-chip <= 1
        then 0
        else flash-chip-bytes-per-image;
    in {
  overlays = common_amd64.overlays ++ [(final: prev: {

    platform_name = "am1i";



@@ 37,33 28,11 @@
        });

    console-device = "ttyS1";
    payload = "${final.kernel}/bzImage";
    fmap = final.nixpkgsOnBuildForBuild.writeText "custom.fmap" (''
      #
      # Note: on x86 platforms the SPI flash is copied into the topmost X
      # bytes of memory, and the very topmost word of memory is the "reset
      # vector" which points to the BIOS entry point.  Because of this we
      # must protect the TOPMOST half of memory; if an attacker controls the
      # reset vector and any other chunk of the flash, the game is over.
      #
      FLASH@0 0x${lib.toHexString final.flash-chip-size-in-bytes} {
        BIOS@0 0x${lib.toHexString final.flash-chip-size-in-bytes} {
    '' + lib.optionalString (final.images-per-flash-chip > 1) ''
          # read-write zone
          NORMAL(CBFS)   @    0x${lib.toHexString fmap-size-in-bytes} 0x${lib.toHexString cbfs-size-in-bytes}
    '' + ''

          # read-only zone
          FMAP           @ 0x${lib.toHexString fallback-image-address-in-bytes}    0x${lib.toHexString fmap-size-in-bytes}
          FALLBACK(CBFS) @ 0x${lib.toHexString (fallback-image-address-in-bytes + fmap-size-in-bytes)} 0x${lib.toHexString cbfs-size-in-bytes}
        }
      }
    '');

    coreboot = (prev.coreboot.override {
    coreboot = (prev.coreboot.override (previousAttrs: {
      iasl = final.iasl_20180531;
      coreboot-toolchain = with final.coreboot-toolchain; [ x64 i386 ];
      config = with lib.kernel; {
      config = with lib.kernel; (previousAttrs.config or {}) // {
        CBFS_PREFIX = lib.mkForce (freeform "prefix");

        VENDOR_ASUS = lib.mkForce yes;


@@ 87,7 56,7 @@
        else if final.console-device == "ttyS1" then 1 # DB9 connector on rear I/O panel; omitted from some board variants
        else if final.console-device == null then null
        else throw "am1i currently supports only `null` and `ttyS{0,1}` for `console-device`";
    }).overrideAttrs (a: {
    })).overrideAttrs (a: {
      postInstall = (a.postInstall or "") + ''
        cp src/mainboard/asus/am1i-a/cmos.layout $out/
      '';

M src/platform/common/amd64.nix => src/platform/common/amd64.nix +40 -1
@@ 2,7 2,16 @@
}:

{
  overlays = [( final: prev: {
  overlays = [( final: prev:
    let
      fmap-size-in-bytes = 1024;
      flash-chip-bytes-per-image = final.flash-chip-size-in-bytes / final.images-per-flash-chip;
      cbfs-size-in-bytes = flash-chip-bytes-per-image - fmap-size-in-bytes;
      fallback-image-address-in-bytes =
        if final.images-per-flash-chip <= 1
        then 0
        else flash-chip-bytes-per-image;
    in {
    hostPlatform =
      if prev.hostPlatform != null
      then prev.hostPlatform


@@ 15,6 24,36 @@
      overlappingFmapRegionSupport = true;
    };

    payload = "${final.kernel}/bzImage";
    fmap =
        final.nixpkgsOnBuildForBuild.writeText "custom.fmap" (''
          #
          # Note: on x86 platforms the SPI flash is copied into the topmost X
          # bytes of memory, and the very topmost word of memory is the "reset
          # vector" which points to the BIOS entry point.  Because of this we
          # must protect the TOPMOST half of memory; if an attacker controls the
          # reset vector and any other chunk of the flash, the game is over.
          #
          FLASH@0 0x${lib.toHexString final.flash-chip-size-in-bytes} {
            BIOS@0 0x${lib.toHexString final.flash-chip-size-in-bytes} {
        '' + lib.optionalString (final.images-per-flash-chip > 1) ''
              # read-write zone
              NORMAL(CBFS)   @    0x${lib.toHexString fmap-size-in-bytes} 0x${lib.toHexString cbfs-size-in-bytes}
        '' + ''

              # read-only zone
              FMAP           @ 0x${lib.toHexString fallback-image-address-in-bytes}    0x${lib.toHexString fmap-size-in-bytes}
              FALLBACK(CBFS) @ 0x${lib.toHexString (fallback-image-address-in-bytes + fmap-size-in-bytes)} 0x${lib.toHexString cbfs-size-in-bytes}
            }
          }
        '');

    coreboot = prev.coreboot.override (previousAttrs: {
      config = with lib.kernel; (previousAttrs.config or {}) // {
        CBFS_SIZE = lib.mkForce (freeform "0x${lib.toHexString cbfs-size-in-bytes}");
      };
    });

    scripts = let
      layoutFlags =
        # Using `flashrom --fmap-file` is undesirable because

M src/platform/kgpe/default.nix => src/platform/kgpe/default.nix +4 -39
@@ 3,17 3,7 @@
}:

{
  overlays = common_amd64.overlays ++ [(final: prev:
    let
      fmap-size-in-bytes = 1024;
      flash-chip-bytes-per-image = final.flash-chip-size-in-bytes / final.images-per-flash-chip;
      cbfs-size-in-bytes = flash-chip-bytes-per-image - fmap-size-in-bytes;
      fallback-image-address-in-bytes =
        if final.images-per-flash-chip <= 1
        then 0
        else flash-chip-bytes-per-image;
    in {

  overlays = common_amd64.overlays ++ [(final: prev: {
    platform_name = "kgpe";

    kernel =


@@ 51,32 41,9 @@
    # TODO: use a NixOS-style structuredConfig for this.
    cmos-default = null;

    payload = "${final.kernel}/bzImage";
    fmap = final.nixpkgsOnBuildForBuild.writeText "custom.fmap" (''
      #
      # Note: on x86 platforms the SPI flash is copied into the topmost X
      # bytes of memory, and the very topmost word of memory is the "reset
      # vector" which points to the BIOS entry point.  Because of this we
      # must protect the TOPMOST half of memory; if an attacker controls the
      # reset vector and any other chunk of the flash, the game is over.
      #
      FLASH@0 0x${lib.toHexString final.flash-chip-size-in-bytes} {
        BIOS@0 0x${lib.toHexString final.flash-chip-size-in-bytes} {
    '' + lib.optionalString (final.images-per-flash-chip > 1) ''
          # read-write zone
          NORMAL(CBFS)   @    0x${lib.toHexString fmap-size-in-bytes} 0x${lib.toHexString cbfs-size-in-bytes}
    '' + ''

          # read-only zone
          FMAP           @ 0x${lib.toHexString fallback-image-address-in-bytes}    0x${lib.toHexString fmap-size-in-bytes}
          FALLBACK(CBFS) @ 0x${lib.toHexString (fallback-image-address-in-bytes + fmap-size-in-bytes)} 0x${lib.toHexString cbfs-size-in-bytes}
        }
      }
    '');

    coreboot = (prev.coreboot.override {
    coreboot = (prev.coreboot.override (previousAttrs: {
      iasl = final.iasl_20180531;
      config = with lib.kernel; {
      config = with lib.kernel; (previousAttrs.config or {}) // {
        CBFS_PREFIX = lib.mkForce (freeform "prefix");

        # Upstream describes this option as "Enable this option if


@@ 108,8 75,6 @@
        MAINBOARD_SMBIOS_PRODUCT_NAME = lib.mkForce (freeform "KGPE-D16");
        MAINBOARD_SMBIOS_MANUFACTURER = lib.mkForce (freeform "ASUS");

        CBFS_SIZE = lib.mkForce (freeform "0x${lib.toHexString cbfs-size-in-bytes}");

        NO_POST = lib.mkForce yes;

        COLLECT_TIMESTAMPS = lib.mkForce no;


@@ 139,7 104,7 @@
        else if final.console-device == "ttyS1" then 1 # the IDC header on the motherboard
        else if final.console-device == null then null
        else throw "kgpe currently supports only `null` and `ttyS{0,1}` for `console-device`";
    }).overrideAttrs (a: {
    })).overrideAttrs (a: {
      preBuild = final.lib.optionalString (final.microcode-blob != null) ''
        mkdir -p 3rdparty/blobs/cpu/amd/family_15h/
        ln -sfT ${final.microcode-blob} \