Merge pull request #158310 from a-m-joseph/close-148890-by-removing-blob

pyrox.dev / nixpkgs

fork atom

lol

fork atom

remove unfree HDCP blob from arm-trusted-firmware, closes #148890

authored by

Luke Granger-Brown and committed by

GitHub 4 years ago d5f23787 66f35ca0

+59 -2

2 changed files

expand all

unified split

pkgs

misc

arm-trusted-firmware

default.nix

remove-hdcp-blob.patch

+12 -2

pkgs/misc/arm-trusted-firmware/default.nix

··· 1 - { lib, stdenv, fetchFromGitHub, openssl, pkgsCross, buildPackages }: 1 + { lib, stdenv, fetchFromGitHub, openssl, pkgsCross, buildPackages 2 + 3 + # Warning: this blob runs on the main CPU (not the GPU) at privilege 4 + # level EL3, which is above both the kernel and the hypervisor. 5 + , unfreeIncludeHDCPBlob ? true 6 + }: 2 7 3 8 let 4 9 buildArmTrustedFirmware = { filesToInstall ··· 20 25 sha256 = "sha256-qT9DdTvMcUrvRzgmVf2qmKB+Rb1WOB4p1rM+fsewGcg="; 21 26 }; 22 27 28 + patches = lib.optionals (!unfreeIncludeHDCPBlob) [ 29 + # this is a rebased version of https://gitlab.com/vicencb/kevinboot/-/blob/master/atf.patch 30 + ./remove-hdcp-blob.patch 31 + ]; 32 + 23 33 depsBuildBuild = [ buildPackages.stdenv.cc ]; 24 34 25 35 # For Cortex-M0 firmware in RK3399 ··· 50 60 meta = with lib; { 51 61 homepage = "https://github.com/ARM-software/arm-trusted-firmware"; 52 62 description = "A reference implementation of secure world software for ARMv8-A"; 53 - license = licenses.bsd3; 63 + license = (if unfreeIncludeHDCPBlob then [ licenses.unfreeRedistributable ] else []) ++ [ licenses.bsd3 ]; 54 64 maintainers = with maintainers; [ lopsided98 ]; 55 65 } // extraMeta; 56 66 } // builtins.removeAttrs args [ "extraMeta" ]);

+47

pkgs/misc/arm-trusted-firmware/remove-hdcp-blob.patch

··· 1 + diff --git a/plat/rockchip/rk3399/drivers/dp/cdn_dp.c b/plat/rockchip/rk3399/drivers/dp/cdn_dp.c 2 + index a8773f4f6..8e28c4830 100644 3 + --- a/plat/rockchip/rk3399/drivers/dp/cdn_dp.c 4 + +++ b/plat/rockchip/rk3399/drivers/dp/cdn_dp.c 5 + @@ -13,17 +13,6 @@ 6 + 7 + #include <cdn_dp.h> 8 + 9 + -__asm__( 10 + - ".pushsection .text.hdcp_handler, \"ax\", %progbits\n" 11 + - ".global hdcp_handler\n" 12 + - ".balign 4\n" 13 + - "hdcp_handler:\n" 14 + - ".incbin \"" HDCPFW "\"\n" 15 + - ".type hdcp_handler, %function\n" 16 + - ".size hdcp_handler, .- hdcp_handler\n" 17 + - ".popsection\n" 18 + -); 19 + - 20 + static uint64_t *hdcp_key_pdata; 21 + static struct cdn_dp_hdcp_key_1x key; 22 + 23 + @@ -38,7 +27,7 @@ uint64_t dp_hdcp_ctrl(uint64_t type) 24 + return 0; 25 + case HDCP_KEY_DATA_START_DECRYPT: 26 + if (hdcp_key_pdata == (uint64_t *)(&key + 1)) 27 + - return hdcp_handler(&key); 28 + + return PSCI_E_DISABLED; 29 + else 30 + return PSCI_E_INVALID_PARAMS; 31 + assert(0); /* Unreachable */ 32 + diff --git a/plat/rockchip/rk3399/platform.mk b/plat/rockchip/rk3399/platform.mk 33 + index a658fb286..5edb6a25b 100644 34 + --- a/plat/rockchip/rk3399/platform.mk 35 + +++ b/plat/rockchip/rk3399/platform.mk 36 + @@ -88,11 +88,6 @@ $(eval $(call add_define_val,RK3399M0PMUFW,\"$(RK3399M0PMUFW)\")) 37 + ifdef PLAT_RK_DP_HDCP 38 + BL31_SOURCES += ${RK_PLAT_SOC}/drivers/dp/cdn_dp.c 39 + 40 + -HDCPFW=${RK_PLAT_SOC}/drivers/dp/hdcp.bin 41 + -$(eval $(call add_define_val,HDCPFW,\"$(HDCPFW)\")) 42 + - 43 + -${BUILD_PLAT}/bl31/cdn_dp.o: CCACHE_EXTRAFILES=$(HDCPFW) 44 + -${RK_PLAT_SOC}/drivers/dp/cdn_dp.c: $(HDCPFW) 45 + endif 46 + 47 + # CCACHE_EXTRAFILES is needed because ccache doesn't handle .incbin