From: "Pete Batard" <pete@akeo.ie>
To: devel@edk2.groups.io
Cc: ard.biesheuvel@linaro.org, leif.lindholm@linaro.org
Subject: [edk2-non-osi: PATCH 0/1] Platform/RaspberryPi/RPi3: Update ATF
Date: Mon, 10 Jun 2019 13:45:03 +0100 [thread overview]
Message-ID: <20190610124504.6536-1-pete@akeo.ie> (raw)
Following up on a discussion that we had during the initial Raspberry Pi 3
platform integration, the following patch updates the ATF for the platform to
the official 2.1 release (which also avoids a notice about ATF not being
a release version that is currentlly being issued during early boot).
Now, as opposed to an idea that was floated at the time, that proposed that we
remove the RPI3 ATF from non-osi and instead simply provide a link to pre-built
binaries (which could still be done if there is a majority pushing for it), I
would still suggest, as per this patch, that we do keep the provisioning of the
ATF binaries as part of the EDK2.
The reason for that is that the binaries are small enough not to increase
cloning times even if we update them on a semi regular basis, and I believe the
inconvenience of having to hunt and go through a download to be able to compile
the RPi3 firmware outweighs the push for trying to remove as many non-osi
components as we can from the EDK2.
With regards to how these binaries were built, I will point out that this was
achieved through a process that is designed to provide confidence that the files
can not have been altered in any way from the ones one would expect to be built
from vanilla source. As such, the build was enacted on build servers that we
don't have the possibility to alter in a concealed manner (AppVeyor) and where
every single step can be publicly validated not to have added unwarranted
elements. For instance, the log for the build that produced the attached files
can be found at: https://ci.appveyor.com/project/pbatard/pitf/builds/24506898
Also, as part of this public build process, we made sure to issue the SHA-256
sums of the binary, so they can easily be compared to the ones from the files
provided here.
For more details on these builds, you can check https://github.com/pbatard/pitf
which also hosts the resulting AppVeyor binary artefacts. One thing that should
be pointed out however is that the ATF builds are currently not reproducible as
the current build date is inserted into the binary, which means that, if you
clone the script above and issue your own AppVeyor builds, you will end up with
a different SHA-256. However, binary comparison can easily demonstrate that the
only difference between the binaries has to do with the build date.
Regards,
/Pete
Pete Batard (1):
Platform/RaspberryPi/RPi3: Update ATF binaries to v2.1
Platform/RaspberryPi/RPi3/TrustedFirmware/License.txt | 2 +-
Platform/RaspberryPi/RPi3/TrustedFirmware/Readme.md | 18 +++++++++++-------
Platform/RaspberryPi/RPi3/TrustedFirmware/bl1.bin | Bin 18801 -> 18776 bytes
Platform/RaspberryPi/RPi3/TrustedFirmware/fip.bin | Bin 41714 -> 45792 bytes
4 files changed, 12 insertions(+), 8 deletions(-)
--
2.21.0.windows.1
next reply other threads:[~2019-06-10 12:45 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-10 12:45 Pete Batard [this message]
2019-06-10 12:45 ` [edk2-non-osi: PATCH 1/1] Platform/RaspberryPi/RPi3: Update ATF binaries to v2.1 Pete Batard
2019-06-10 14:59 ` Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190610124504.6536-1-pete@akeo.ie \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox