diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..cfeaca1 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,107 @@ +name: Build +on: + push: + paths-ignore: + - '**.md' + branches: + - master + pull_request: + paths-ignore: + - '**.md' + branches: + - master + workflow_call: + workflow_dispatch: + +env: + RPI_FIRMWARE_URL: https://github.com/raspberrypi/firmware/ + DTB_VERSION: 1e403e23baab5673f0494a200f57cd01287d5b1a + +jobs: + build: + runs-on: ubuntu-latest + strategy: + matrix: + MODEL: + - 5 + CONFIGURATION: [Debug, Release] + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + submodules: recursive + + - name: Install dependencies + shell: bash + run: | + sudo apt-get update && \ + sudo apt-get install -y \ + acpica-tools \ + binutils-aarch64-linux-gnu \ + build-essential \ + device-tree-compiler \ + gettext \ + git \ + gcc-aarch64-linux-gnu \ + libc6-dev-arm64-cross \ + python3 \ + python3-pyelftools + + - name: Get version tag + id: get_version_tag + shell: bash + run: echo "version=$(git describe --tags --always)" >> $GITHUB_OUTPUT + + - name: Set up Secure Boot default keys + if: ${{ false }} # Disable for now, too large for debug builds. + run: | + mkdir keys + # We don't really need a usable PK, so just generate a public key for it and discard the private key + openssl req -new -x509 -newkey rsa:2048 -subj "/CN=Rockchip Platform Key/" -keyout /dev/null -outform DER -out keys/pk.cer -days 7300 -nodes -sha256 + curl -L https://go.microsoft.com/fwlink/?LinkId=321185 -o keys/ms_kek.cer + curl -L https://go.microsoft.com/fwlink/?linkid=321192 -o keys/ms_db1.cer + curl -L https://go.microsoft.com/fwlink/?linkid=321194 -o keys/ms_db2.cer + curl -L https://uefi.org/sites/default/files/resources/dbxupdate_arm64.bin -o keys/arm64_dbx.bin + + - name: Build platform + shell: bash + run: | + export EDK2_SECUREBOOT_FLAGS="" + if [ -d keys ]; then + export EDK2_SECUREBOOT_FLAGS=" \ + -D DEFAULT_KEYS=TRUE \ + -D PK_DEFAULT_FILE=keys/pk.cer \ + -D KEK_DEFAULT_FILE1=keys/ms_kek.cer \ + -D DB_DEFAULT_FILE1=keys/ms_db1.cer \ + -D DB_DEFAULT_FILE2=keys/ms_db2.cer \ + -D DBX_DEFAULT_FILE1=keys/arm64_dbx.bin \ + -D SECURE_BOOT_ENABLE=TRUE" + fi + + export EDK2_BUILD_FLAGS=" \ + --pcd gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVendor=L"${{ github.repository_owner }}" \ + ${EDK2_SECUREBOOT_FLAGS}" + + ./build.sh \ + --model ${{ matrix.MODEL }} \ + --debug ${{ matrix.CONFIGURATION == 'Debug' && 1 || 0 }} \ + --edk2-flags "${EDK2_BUILD_FLAGS}" + + - name: Download Raspberry Pi support files + run: | + curl -O -L ${{ env.RPI_FIRMWARE_URL }}/raw/${{ env.DTB_VERSION }}/boot/bcm2712-rpi-5-b.dtb + + - name: Create firmware archive + run: | + zip -r \ + RPi${{ matrix.MODEL }}_UEFI_${{ matrix.CONFIGURATION }}_${{ steps.get_version_tag.outputs.version }}.zip \ + RPI_EFI.fd \ + config.txt \ + *.dtb + + - name: Upload artifact + uses: actions/upload-artifact@v3 + with: + name: RPi${{ matrix.MODEL }}_UEFI_${{ matrix.CONFIGURATION }}_${{ steps.get_version_tag.outputs.version }} + path: ./*.zip + if-no-files-found: error diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..356370a --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,26 @@ +name: Release +on: + push: + tags: + - '*' + +jobs: + build_for_release: + uses: ./.github/workflows/build.yml + + release: + runs-on: ubuntu-latest + needs: build_for_release + permissions: + contents: write + steps: + - name: Download all workflow run artifacts + uses: actions/download-artifact@v3 + + - name: Create release + uses: softprops/action-gh-release@v1 + with: + draft: true + prerelease: false + files: "*/*Release*.zip" + fail_on_unmatched_files: true diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..3c56d17 --- /dev/null +++ b/.gitignore @@ -0,0 +1,8 @@ +Build/ +.DS_Store +*_extdep/ +*.pyc +__pycache__/ +tags/ +.vscode/ +*.fd diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..be96fec --- /dev/null +++ b/.gitmodules @@ -0,0 +1,16 @@ +[submodule "arm-trusted-firmware"] + path = arm-trusted-firmware + url = https://github.com/worproject/arm-trusted-firmware.git + branch = rpi5 +[submodule "edk2"] + path = edk2 + url = https://github.com/worproject/edk2.git + branch = sdmmc-dev +[submodule "edk2-platforms"] + path = edk2-platforms + url = https://github.com/worproject/edk2-platforms.git + branch = rpi5-dev +[submodule "edk2-non-osi"] + path = edk2-non-osi + url = https://github.com/tianocore/edk2-non-osi.git + branch = master diff --git a/README.md b/README.md new file mode 100644 index 0000000..b562450 --- /dev/null +++ b/README.md @@ -0,0 +1,116 @@ +# Raspberry Pi 5 UEFI +This repository contains a TF-A + EDK2 UEFI firmware port for Raspberry Pi 5. + +![EDK2 Setup Screen](images/edk2_setup_screen.png) + +# Getting started +Check the [Supported peripherals](#supported-peripherals) and [Supported OSes](#supported-oses) sections to see what's currently possible with this firmware. + +## 1. Prerequisites +* #### SD card or USB drive to store the firmware and/or operating system on + + **Note:** For OS, it is highly suggested to use a quality drive with **good random I/O performance**. In SD terms this means an A1/A2-rated card. + +* #### Quality power supply and cable that can provide at least 5V 3A (15 W) + Depending on the peripherals you use, more power may be needed. The recommended official power supply provides 5.1V 5A (25 W). + + **Note:** Using an inadequate supply can cause all sorts of issues, from underclocking to random crashes. + +* #### HDMI display + +* #### Some form of cooling (fan, heatsink) + The device may thermal throttle otherwise. + +Optionally, if display is not available or for debugging purposes, an UART serial adapter compatible with the special connector. Configuration is `115200 8n1`. + +## 2. Download the firmware image +The latest version can be obtained from [Releases](https://github.com/worproject/rpi5-uefi/releases). + +## 3. Flash the firmware +Prepare an empty boot drive by formatting the first partition as FAT32, then extract the archive downloaded above to the root of this partition. + +**Note:** do not rename or delete any of the boot files. + +## 4. Connect peripherals and power on the device +You should first see a QR code screen, then shortly after, a centered Raspberry Pi logo with progress bar at the bottom. This indicates that the UEFI firmware has loaded. + +At this stage, you can press Esc to enter the firmware setup, F1 to launch the UEFI Shell, or, provided you also have an UEFI bootloader/app on a storage device, you can let the system automatically run that, which is the default behavior if no action is taken. + +Check the configuration options described below, some of which may need to be changed depending on the OS used. + +# Configuration settings +The UEFI provides options that can be viewed and changed using the UI configuration menu. + +Configuration through the user interface is fairly straightforward and help/navigation information is provided around the menus. + +## Linux +* For maximum SD card performance, go to `Device Manager`->`Raspberry Pi Configuration`->`ACPI / Device Tree` and set `Compatibility Mode` to `Full Bay Trail`, then untick `Limit UHS-I Modes`. + + **Warning:** this may affect other OSes! + +* If you're getting a Synchronous Exception when booting certain distros, go to `Device Manager`->`EFI Memory Attribute Protocol` and untick `Enable Protocol`. + +# Status +## Supported peripherals +Only devices relevant to the firmware are listed below. + +| Device | Status | Notes | +| --- | --- | --- | +| RP1 USB | 🟢 Working | | +| RP1 Ethernet | 🔴 Not working | | +| RP1 GPIO | 🔴 Not working | | +| RP1 PWM | 🔴 Not working | Fan control | +| PCIe | 🔴 Not working | RP1 is left configured by the VPU. | +| SD | 🟢 Working | SD cards up to SDR104. eMMC support is unknown. | +| Display | 🟢 Working | HDMI, driven by the VPU firmware. | +| UART | 🟢 Working | PL011 available on the dedicated connector at 115200 8n1. | +| GPIO | 🟢 Working | GIO/AON, pin function. | +| RTC | 🟢 Working | Get/set time, wake up alarm. | +| RNG | 🔴 Not working | | +| EEPROM | 🔴 Not working | Needed for proper NVRAM. | + +## Supported OSes +### In ACPI mode +ACPI support is currently under development and limited to a few devices that have existing driver bindings. + +| OS | Version | Tested/supported hardware | Notes | +| --- | --- | --- | --- | +| Windows | 11 (including insider) | Display, USB, SD, SDIO | * USB may corrupt data, especially when used for booting.
* SD is limited to DDR50. | +| Linux | tested Ubuntu 22.04, kernel 5.15.0-75-generic | Display, USB, SD, SDIO (incl. Wi-Fi) | * SD is limited to HS by default. See [Configuration settings - Linux](#Linux).
* Wi-Fi may require manual firmware installation. | +| FreeBSD | 13.2 | Display, USB, SD | * SD is limited to HS. | +| NetBSD | recent daily build | Display, USB | * SD fails to communicate with the card. | +| VMware ESXi Arm Fling | 1.15 | Display, USB | * Requires compatible USB network adapter. | + +## Building +This process assumes a Linux machine. On Windows, use WSL. + +1. Install required packages: + + For Ubuntu/Debian: + ```bash + sudo apt install git gcc g++ build-essential gcc-aarch64-linux-gnu iasl python3-pyelftools uuid-dev + ``` + For Arch Linux: + ```bash + sudo pacman -Syu + sudo pacman -S git base-devel gcc dtc aarch64-linux-gnu-binutils aarch64-linux-gnu-gcc aarch64-linux-gnu-glibc python python-pyelftools iasl --needed + ``` + +2. Clone the repository: + ```bash + git clone --recurse-submodules https://github.com/worproject/rpi5-uefi.git + cd rpi5-uefi + ``` + +3. Build the image: + ```bash + ./build.sh + ``` + Append `--help` for more details. + +If you get build errors, it is very likely that you're still missing some dependencies. The list of packages above is not complete and depending on the distro you may need to install additional ones. In most cases, looking up the error messages on the internet will point you at the right packages. + +## Licenses +Most files are licensed under the default EDK2 license, [BSD-2-Clause-Patent](https://github.com/tianocore/edk2/blob/master/License.txt). + +For TF-A, see: diff --git a/arm-trusted-firmware b/arm-trusted-firmware new file mode 160000 index 0000000..46fe10f --- /dev/null +++ b/arm-trusted-firmware @@ -0,0 +1 @@ +Subproject commit 46fe10f4ecd44164d42aa9830df5aa2816ae7166 diff --git a/build.sh b/build.sh new file mode 100755 index 0000000..d38bb11 --- /dev/null +++ b/build.sh @@ -0,0 +1,112 @@ +#!/bin/bash + +# +# Default variables +# +MODEL=5 +DEBUG=0 +TFA_FLAGS="" +EDK2_FLAGS="" + +print_usage() { + echo + echo "Build TF-A + EDK2 image for Raspberry Pi." + echo + echo "Usage: build.sh [options]" + echo + echo "Options: " + echo " --model MODEL Board family. Supported: 4, 5. Default: ${MODEL}." + echo " --debug DEBUG Build a debug version. Default: ${DEBUG}." + echo " --tfa-flags \"FLAGS\" Flags appended to TF-A build process." + echo " --edk2-flags \"FLAGS\" Flags appended to EDK2 build process." + echo " --help Show this help." + echo + exit "${1}" +} + +# +# Get options +# +OPTS=$(getopt -o '' -l 'model:,debug:,tfa-flags:,edk2-flags:,help' -- "${@}") || print_usage $? +eval set -- "${OPTS}" +while true; do + case "${1}" in + --model) MODEL="${2}"; shift 2 ;; + --debug) DEBUG="${2}"; shift 2 ;; + --tfa-flags) TFA_FLAGS="${2}"; shift 2 ;; + --edk2-flags) EDK2_FLAGS="${2}"; shift 2 ;; + --help) print_usage 0; shift ;; + --) shift; break ;; + *) break;; + esac +done +if [[ -n "${@}" ]]; then + echo "Invalid additional arguments '${@}'" + print_usage 1 +fi + +# +# Get machine architecture +# +MACHINE_TYPE=$(uname -m) + +# Fix-up possible differences in reported arch +if [ ${MACHINE_TYPE} == 'arm64' ]; then + MACHINE_TYPE='aarch64' +elif [ ${MACHINE_TYPE} == 'amd64' ]; then + MACHINE_TYPE='x86_64' +fi + +if [ ${MACHINE_TYPE} != 'aarch64' ]; then + export CROSS_COMPILE="${CROSS_COMPILE:-aarch64-linux-gnu-}" +fi + +# +# Build TF-A +# +pushd arm-trusted-firmware || exit + +make \ + PLAT=rpi${MODEL} \ + PRELOADED_BL33_BASE=0x20000 \ + RPI3_PRELOADED_DTB_BASE=0x1F0000 \ + SUPPORT_VFP=1 \ + DEBUG=${DEBUG} \ + all \ + ${TFA_FLAGS} \ + || exit + +popd || exit + +# +# Build EDK2 final image +# +GIT_COMMIT="$(git describe --tags --always)" || GIT_COMMIT="unknown" + +if [ ${DEBUG} == 1 ]; then + RELEASE_TYPE="DEBUG" +else + RELEASE_TYPE="RELEASE" +fi + +ATF_BUILD_DIR="${PWD}/arm-trusted-firmware/build/rpi${MODEL}/${RELEASE_TYPE,,}" + +export GCC_AARCH64_PREFIX="${CROSS_COMPILE}" +export WORKSPACE=${PWD} +export PACKAGES_PATH=${WORKSPACE}/edk2:${WORKSPACE}/edk2-platforms:${WORKSPACE}/edk2-non-osi + +make -C ${WORKSPACE}/edk2/BaseTools || exit + +source ${WORKSPACE}/edk2/edksetup.sh || exit + +build \ + -a AARCH64 \ + -t GCC \ + -b ${RELEASE_TYPE} \ + -p edk2-platforms/Platform/RaspberryPi/RPi${MODEL}/RPi${MODEL}.dsc \ + -D TFA_BUILD_ARTIFACTS=${ATF_BUILD_DIR} \ + --pcd gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVersionString=L"${GIT_COMMIT}" \ + ${EDK2_FLAGS} \ + || exit + +cp ${WORKSPACE}/Build/RPi${MODEL}/${RELEASE_TYPE}_GCC/FV/RPI_EFI.fd ${PWD} diff --git a/config.txt b/config.txt new file mode 100644 index 0000000..b65c732 --- /dev/null +++ b/config.txt @@ -0,0 +1,18 @@ +armstub=RPI_EFI.fd +device_tree_address=0x1f0000 +device_tree_end=0x210000 + +# Leave RP1 PCIe configured on hand-off. +pciex4_reset=0 + +# Force 32 bpp framebuffer allocation. +framebuffer_depth=32 + +# Disable compensation for displays with overscan. +disable_overscan=1 + +# Force maximum USB power regardless of the power supply. +usb_max_current_enable=1 + +# Force maximum CPU speed. +force_turbo=1 diff --git a/edk2 b/edk2 new file mode 160000 index 0000000..eca8aae --- /dev/null +++ b/edk2 @@ -0,0 +1 @@ +Subproject commit eca8aaebb3ec6e4707a8e5765dd372feb5bbee6e diff --git a/edk2-non-osi b/edk2-non-osi new file mode 160000 index 0000000..1f4d784 --- /dev/null +++ b/edk2-non-osi @@ -0,0 +1 @@ +Subproject commit 1f4d7849f2344aa770f4de5224188654ae5b0e50 diff --git a/edk2-platforms b/edk2-platforms new file mode 160000 index 0000000..9c610c9 --- /dev/null +++ b/edk2-platforms @@ -0,0 +1 @@ +Subproject commit 9c610c98ac7db7452c55876a66eeb7b1aaa90a89 diff --git a/images/edk2_setup_screen.png b/images/edk2_setup_screen.png new file mode 100644 index 0000000..45942e6 Binary files /dev/null and b/images/edk2_setup_screen.png differ