summary refs log tree commit diff
path: root/pkgs
diff options
context:
space:
mode:
authorLuke Granger-Brown <git@lukegb.com>2022-02-20 05:27:41 +0000
committerGitHub <noreply@github.com>2022-02-20 05:27:41 +0000
commitd5f237872975e6fb6f76eef1368b5634ffcd266f (patch)
treef8ccc86c8251d72307a9330d46d59ba3a5ec33a6 /pkgs
parent66f35ca026dcef10cdfda9df7eea3c9450ace463 (diff)
parentd94759023d9d15a0844c138fc16df1a314a3e4dd (diff)
downloadnixpkgs-d5f237872975e6fb6f76eef1368b5634ffcd266f.tar
nixpkgs-d5f237872975e6fb6f76eef1368b5634ffcd266f.tar.gz
nixpkgs-d5f237872975e6fb6f76eef1368b5634ffcd266f.tar.bz2
nixpkgs-d5f237872975e6fb6f76eef1368b5634ffcd266f.tar.lz
nixpkgs-d5f237872975e6fb6f76eef1368b5634ffcd266f.tar.xz
nixpkgs-d5f237872975e6fb6f76eef1368b5634ffcd266f.tar.zst
nixpkgs-d5f237872975e6fb6f76eef1368b5634ffcd266f.zip
Merge pull request #158310 from a-m-joseph/close-148890-by-removing-blob
remove unfree HDCP blob from arm-trusted-firmware, closes #148890
Diffstat (limited to 'pkgs')
-rw-r--r--pkgs/misc/arm-trusted-firmware/default.nix14
-rw-r--r--pkgs/misc/arm-trusted-firmware/remove-hdcp-blob.patch47
2 files changed, 59 insertions, 2 deletions
diff --git a/pkgs/misc/arm-trusted-firmware/default.nix b/pkgs/misc/arm-trusted-firmware/default.nix
index d0b0ae11844..49fdc7a829c 100644
--- a/pkgs/misc/arm-trusted-firmware/default.nix
+++ b/pkgs/misc/arm-trusted-firmware/default.nix
@@ -1,4 +1,9 @@
-{ lib, stdenv, fetchFromGitHub, openssl, pkgsCross, buildPackages }:
+{ lib, stdenv, fetchFromGitHub, openssl, pkgsCross, buildPackages
+
+# Warning: this blob runs on the main CPU (not the GPU) at privilege
+# level EL3, which is above both the kernel and the hypervisor.
+, unfreeIncludeHDCPBlob ? true
+}:
 
 let
   buildArmTrustedFirmware = { filesToInstall
@@ -20,6 +25,11 @@ let
       sha256 = "sha256-qT9DdTvMcUrvRzgmVf2qmKB+Rb1WOB4p1rM+fsewGcg=";
     };
 
+    patches = lib.optionals (!unfreeIncludeHDCPBlob) [
+      # this is a rebased version of https://gitlab.com/vicencb/kevinboot/-/blob/master/atf.patch
+      ./remove-hdcp-blob.patch
+    ];
+
     depsBuildBuild = [ buildPackages.stdenv.cc ];
 
     # For Cortex-M0 firmware in RK3399
@@ -50,7 +60,7 @@ let
     meta = with lib; {
       homepage = "https://github.com/ARM-software/arm-trusted-firmware";
       description = "A reference implementation of secure world software for ARMv8-A";
-      license = licenses.bsd3;
+      license = (if unfreeIncludeHDCPBlob then [ licenses.unfreeRedistributable ] else []) ++ [ licenses.bsd3 ];
       maintainers = with maintainers; [ lopsided98 ];
     } // extraMeta;
   } // builtins.removeAttrs args [ "extraMeta" ]);
diff --git a/pkgs/misc/arm-trusted-firmware/remove-hdcp-blob.patch b/pkgs/misc/arm-trusted-firmware/remove-hdcp-blob.patch
new file mode 100644
index 00000000000..7f99fbdcabf
--- /dev/null
+++ b/pkgs/misc/arm-trusted-firmware/remove-hdcp-blob.patch
@@ -0,0 +1,47 @@
+diff --git a/plat/rockchip/rk3399/drivers/dp/cdn_dp.c b/plat/rockchip/rk3399/drivers/dp/cdn_dp.c
+index a8773f4f6..8e28c4830 100644
+--- a/plat/rockchip/rk3399/drivers/dp/cdn_dp.c
++++ b/plat/rockchip/rk3399/drivers/dp/cdn_dp.c
+@@ -13,17 +13,6 @@
+ 
+ #include <cdn_dp.h>
+ 
+-__asm__(
+-	".pushsection .text.hdcp_handler, \"ax\", %progbits\n"
+-	".global hdcp_handler\n"
+-	".balign 4\n"
+-	"hdcp_handler:\n"
+-	".incbin \"" HDCPFW "\"\n"
+-	".type hdcp_handler, %function\n"
+-	".size hdcp_handler, .- hdcp_handler\n"
+-	".popsection\n"
+-);
+-
+ static uint64_t *hdcp_key_pdata;
+ static struct cdn_dp_hdcp_key_1x key;
+ 
+@@ -38,7 +27,7 @@ uint64_t dp_hdcp_ctrl(uint64_t type)
+ 		return 0;
+ 	case HDCP_KEY_DATA_START_DECRYPT:
+ 		if (hdcp_key_pdata == (uint64_t *)(&key + 1))
+-			return hdcp_handler(&key);
++			return PSCI_E_DISABLED;
+ 		else
+ 			return PSCI_E_INVALID_PARAMS;
+ 		assert(0); /* Unreachable */
+diff --git a/plat/rockchip/rk3399/platform.mk b/plat/rockchip/rk3399/platform.mk
+index a658fb286..5edb6a25b 100644
+--- a/plat/rockchip/rk3399/platform.mk
++++ b/plat/rockchip/rk3399/platform.mk
+@@ -88,11 +88,6 @@ $(eval $(call add_define_val,RK3399M0PMUFW,\"$(RK3399M0PMUFW)\"))
+ ifdef PLAT_RK_DP_HDCP
+ BL31_SOURCES	+= ${RK_PLAT_SOC}/drivers/dp/cdn_dp.c
+ 
+-HDCPFW=${RK_PLAT_SOC}/drivers/dp/hdcp.bin
+-$(eval $(call add_define_val,HDCPFW,\"$(HDCPFW)\"))
+-
+-${BUILD_PLAT}/bl31/cdn_dp.o: CCACHE_EXTRAFILES=$(HDCPFW)
+-${RK_PLAT_SOC}/drivers/dp/cdn_dp.c: $(HDCPFW)
+ endif
+ 
+ # CCACHE_EXTRAFILES is needed because ccache doesn't handle .incbin
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-25 11:18:51 +0000