summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDenis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>2021-10-04 21:48:35 +0200
committerDenis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>2021-12-16 03:18:23 +0100
commit0686a6668de333eb7f1cfc1279edbeb51bdf9e1f (patch)
tree2fd6c339111922f3f2021424b7e0c1c90e8eb8a8
parenta72bf7784e55dd74b17ba30ddfa5d9e8bcf7bb39 (diff)
downloadabslibre-0686a6668de333eb7f1cfc1279edbeb51bdf9e1f.tar.gz
abslibre-0686a6668de333eb7f1cfc1279edbeb51bdf9e1f.tar.bz2
abslibre-0686a6668de333eb7f1cfc1279edbeb51bdf9e1f.zip
uboot4extlinux-sunxi: Fix u-boot FSDG compliance
U-boot contains some nonfree software, for instance nonfree microcode in arch/x86/dts/microcode/, so this commit removes that. This commit also removes instructions to install nonfree software. While these instructions were not shipped in any of the binary pakcages generated by this PKGBUILD, it's still a good idea to also clean that up in the long run: - Parabola has also PKGBUILDs for other SOCs, and ideally we could expand to cover as many computers as possible if the computers are supported in upstream projects (like u-boot) and that they don't require too much extra maintenance. Having already a cleaned up u-boot to base the PKGBUILDs on could help factorizing the code and sharing the work on the u-boot code review process. - Other FSDG compliant distributions already have u-boot (like Guix) or might be interested in shipping u-boot (like Replicant), so it would be a good idea not to duplicate the work again and again. In the future the code that removes the nonfree software and the problematic documentation should be moved in a reusable script (that could still be run in mksource), possibly in its own package, in order to be reusable accross different distributions and u-boot PKGBUILDs. Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
-rw-r--r--libre/uboot4extlinux-sunxi/PKGBUILD206
1 files changed, 201 insertions, 5 deletions
diff --git a/libre/uboot4extlinux-sunxi/PKGBUILD b/libre/uboot4extlinux-sunxi/PKGBUILD
index 78c9ead9e..22cd02aa2 100644
--- a/libre/uboot4extlinux-sunxi/PKGBUILD
+++ b/libre/uboot4extlinux-sunxi/PKGBUILD
@@ -56,7 +56,7 @@ pkgname=("${pkgbase}"
'uboot4extlinux-orangepi_plus')
pkgver=2021.07
-pkgrel=2
+pkgrel=3
arch=('armv7h' 'i686' 'x86_64')
url="http://git.denx.de/u-boot.git/"
license=('GPL')
@@ -64,13 +64,15 @@ makedepends=('bc' 'dtc' 'python' 'python-setuptools' 'python2' 'swig')
makedepends_i686+=('arm-none-eabi-gcc')
makedepends_ppc64le+=('arm-none-eabi-gcc')
makedepends_x86_64+=('arm-none-eabi-gcc')
-source=("ftp://ftp.denx.de/pub/u-boot/u-boot-${pkgver}.tar.bz2"
- 'extlinux.conf'
+mksource=("ftp://ftp.denx.de/pub/u-boot/u-boot-${pkgver}.tar.bz2")
+noextract=("u-boot-${pkgver}.tar.bz2")
+mksha256sums=('312b7eeae44581d1362c3a3f02c28d806647756c82ba8c72241c7cdbe68ba77e')
+
+source=('extlinux.conf'
"${pkgbase}.hook.in"
'install-uboot4extlinux.sh.in'
"generate-${pkgbase}-install-text.sh")
-sha256sums=('312b7eeae44581d1362c3a3f02c28d806647756c82ba8c72241c7cdbe68ba77e'
- 'SKIP'
+sha256sums=('SKIP'
'SKIP'
'SKIP'
'SKIP')
@@ -155,6 +157,200 @@ _build_uboot_target()
}
+mksource()
+{
+ cd u-boot-${pkgver}
+
+ # The licenses of some microcodes are nonfree because the header contains the
+ # following: ".No reverse engineering, decompilation, or disassembly of this
+ # software is permitted."
+ rm -rf arch/x86/dts/microcode/
+
+ # The license is nonfree because it contains the following: "Reverse
+ # engineering, decompilation, or disassembly of this software is not
+ # permitted."
+ rm -f Licenses/r8a779x_usb3.txt
+ rm -f drivers/usb/host/xhci-rcar-r8a779x_usb3_v3.h
+
+ # The documentation contains instructions to download and install nonfree
+ # software. Note that if a board doesn't have such instructions it doesn't
+ # necessarily means that it can boot with only free software and viceversa.
+
+ ###########
+ # Amlogic #
+ ###########
+ # Amlogic SOCs Usually have various nonfree components, like the first stages
+ # of the bootloaders and code that runs in TrustZone. They are most likely
+ # not signed.
+ # ---------
+ # TODO: List the nonfree software of specific documentation
+ rm -f doc/board/amlogic/beelink-gtkingpro.rst
+ rm -f doc/board/amlogic/beelink-gtking.rst
+ rm -f doc/board/amlogic/index.rst
+ rm -f doc/board/amlogic/khadas-vim2.rst
+ rm -f doc/board/amlogic/khadas-vim3l.rst
+ rm -f doc/board/amlogic/khadas-vim3.rst
+ rm -f doc/board/amlogic/khadas-vim.rst
+ rm -f doc/board/amlogic/libretech-ac.rst
+ rm -f doc/board/amlogic/libretech-cc.rst
+ rm -f doc/board/amlogic/nanopi-k2.rst
+ rm -f doc/board/amlogic/odroid-c2.rst
+ rm -f doc/board/amlogic/odroid-c4.rst
+ rm -f doc/board/amlogic/odroid-n2.rst
+ rm -f doc/board/amlogic/p200.rst
+ rm -f doc/board/amlogic/p201.rst
+ rm -f doc/board/amlogic/p212.rst
+ rm -f doc/board/amlogic/q200.rst
+ rm -f doc/board/amlogic/s400.rst
+ rm -f doc/board/amlogic/sei510.rst
+ rm -f doc/board/amlogic/sei610.rst
+ rm -f doc/board/amlogic/u200.rst
+ rm -f doc/board/amlogic/w400.rst
+ rm -f doc/board/amlogic/wetek-core2.rst
+
+ #########
+ # Linux #
+ #########
+ # Has intructions to build Linux which is not FSDG compliant.
+ # TODO: Use linux-libre instead, especially because documentation about vboot
+ # could be interesting to have. Vboot is a chain of trust that can work with
+ # only free software. The hardware root of trust can be created by booting on
+ # a flash chip whose security registers are configured to set the first
+ # bootloader component read-only.
+ rm -f doc/uImage.FIT/beaglebone_vboot.txt
+ # Steers very strongly users into using Linux as it shows that the only tested
+ # kernels are Broadcom forks of Linux. We would need to have linux-libre
+ # versions of these or test it with stock linux-libre instead.
+ rm -f doc/README.bcm7xxx
+
+ ############
+ # Mediatek #
+ ############
+ # The instructions uses binaries that lack any corresponding source code.
+ rm -f doc/README.mediatek
+
+ #############
+ # NXP I.MX8 #
+ #############
+ # I.MX8 SOCs require a nonfree firmware for the DDR4 controller. In some
+ # documentation, I didn't find that requirement mentioned, but instead
+ # there are still nonfree files mentioned. So I assume that they might
+ # somehow contain code for that nonfree DDR4 controller, but it might be
+ # worth checking if it's the case or not. The DDR4 controller firmware is not
+ # signed. In addition the I.MX8 HDMI controller requires a signed firmware.
+ # -----------
+ # nonfree DDR4 controller firmware
+ rm -f doc/board/freescale/imx8mp_evk.rst
+ # nonfree DDR4 controller and HDMI firmwares
+ rm -f doc/board/freescale/imx8mq_evk.rst
+ # nonfree DDR4 controller firmware
+ rm -f doc/board/freescale/imx8mn_evk.rst
+ # nonfree imx-sc-firmware-1.2.7.1.bin and imx-seco-2.3.1.bin firmwares
+ rm -f doc/board/freescale/imx8qxp_mek.rst
+ # nonfree DDR4 controller firmware
+ rm -f doc/board/freescale/imx8mm_evk.rst
+ # nonfree imx-sc-firmware-1.1.bin and firmware-imx-8.0.bin firmwares
+ rm -f doc/board/advantech/imx8qm-rom7720-a1.rst
+ # TODO
+ rm -f doc/board/verdin-imx8mm.rst
+ rm -f doc/board/toradex/colibri-imx8x.rst
+ rm -f doc/board/toradex/apalix-imx8x.rst
+ rm -f doc/board/toradex/apalix-imx8.rst
+
+ #######################
+ # NXP nonfree srktool #
+ #######################
+ # The SRK tool is a tool that is involved in one way or another with
+ # authenticated or encrypted boot. I'm unsure if free software replacements
+ # exists or if could easily be replaced with a free software implementation.
+ # In any case the I.MX6 and I.MX5 can proabably be setup for encrypted or
+ # authenticated boot with free software tools. The first and second versions
+ # of the USB Armory has documentation on how to do that.
+ # ---------------------
+ rm -f doc/imx/board/toradex/colibri_imx7.rst
+ rm -f doc/imx/habv4/introduction_habv4.txt
+
+ ##################
+ # Samsung Exynos #
+ ##################
+ # The instructions makes users nonfree components like a nonfree first stage
+ # bootloaders, and nonfree code that runs in TrustZone.
+ rm -f doc/README.odroid
+ # The instructions makes its users download an image and update u-boot in that
+ # image. Because of that, it's extremely likely that the images contains
+ # nonfree components that cannot even be redistributed in another form, and
+ # that the instructions uses that images because of that.
+ rm -f doc/README.s5p4418
+
+ #####################
+ # Texas Instruments #
+ #####################
+ # Users are expected to use nonfree tools and even sign an NDA to get access
+ # to them.
+ rm -f doc/README.ti-secure
+
+ ###########
+ # Unknown #
+ ###########
+ # Everything looks free software, but the code still needs to be reviewed.
+ rm -f doc/board/microchip/mpfs_icicle.rst
+ # OP-TEE is under a free software license but its code needs to be reviewed.
+ rm -f doc/README.tee
+ # The tutorial has instructions to download a downstream u-boot, so it might
+ # have the same issues than u-boot itself if the u-boot is recent enough.
+ rm -f doc/chromium/run_vboot.rst
+
+ #######
+ # x86 #
+ #######
+ # Unless the computer is supported by Libreboot, or that u-boot runs after
+ # some other nonfree boot software like a BIOS or UEFI, it's unlikely to be
+ # able to run with only free software. Though I'm pretty sure that some
+ # exceptions do exists, but they are probably not supported by u-boot.
+ # -----
+ # nonfree Management Engine firmware, RAM intialization code, and video BIOS
+ rm -f doc/board/google/chromebook_link.rst
+ # nonfree SDRAM and hardware intialization code
+ rm -f doc/board/google/chromebook_coral.rst
+
+ # nonfree FSP, video BIOS, Management Engine firmware
+ rm -f doc/board/intel/minnowmax.rst
+ # nonfree FSP, Chipset Micro Code (CMC), microcode
+ rm -f doc/board/intel/crownbay.rst
+
+ # TODO: check
+ # board/intel/edison.rst
+ # Steers userstoward using nonfree FSP
+ rm -f board/intel/slimbootloader.rst
+
+ # Steers users and developers toward using nonfree FSP
+ rm -f doc/device-tree-bindings/fsp/fsp2/apollolake/fsp-m.txt
+
+ # Steers users and developers toward using nonfree FSP
+ rm -f doc/device-tree-bindings/fsp/fsp2/apollolake/fsp-s.txt
+
+ ############
+ # Rockchip #
+ ############
+ # rkbin binaries without license nor source code
+ rm -f doc/board/rockchip/rockchip.rst
+
+ # TODO: check the following files
+ # imx/common/mxs.txt
+ # README.armada-secureboot
+ # README.fdt-control
+ # README.fsl-ddr
+ # README.m54418twr
+ # README.marvell
+ # README.mpc85xxcds
+ # README.mpc85xx-sd-spi-boot
+ # README.OFT
+ # README.rmobile
+ # README.rockchip
+ # README.rockusb
+ # README.socfpga
+}
+
build()
{
cd u-boot-${pkgver}