From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=pass header.i=@akeo-ie.20150623.gappssmtp.com header.s=20150623 header.b=pzuqV5iR; spf=none, err=permanent DNS error (domain: akeo.ie, ip: 209.85.208.65, mailfrom: pete@akeo.ie) Received: from mail-ed1-f65.google.com (mail-ed1-f65.google.com [209.85.208.65]) by groups.io with SMTP; Mon, 10 Jun 2019 05:45:18 -0700 Received: by mail-ed1-f65.google.com with SMTP id a14so12470909edv.12 for ; Mon, 10 Jun 2019 05:45:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akeo-ie.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=x4nmuDBYn28xXtDhzV1NT8RvxmKB1OU62sr28Yj5W1U=; b=pzuqV5iR+xVFgLinEWyggkHF+sg80d8LdxpWjCkHmPLM6mZluyiUl1yHhcQMkLrVj2 QabLQrpXCQ/+ySJNjD0iRuT8hlFgpnPvb4PrV7heafBfJMI/v9+Ef04yNpXZPuQbtByI O63Ux5C8qqoTDcqs70am9NtBGlsopumTHQBlUXanA5w8xsi+SEH6UChWBt8LNDWhzDHM OqlCDxSTwbM2lPe0W7vJYAc1Kcd9I+RS36HOyZp0AbKnyLAitb27O42OqKx3Tw6HTxUH Z+xtdGRK2HmgT67FdKbIpn1hwD4VM1hQcA+yWGdi+DBikkuGsJdhyAuculQH/0rOVVq0 qJ5g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=x4nmuDBYn28xXtDhzV1NT8RvxmKB1OU62sr28Yj5W1U=; b=NV8LxG5O9oErpy1crFVgLnXjCUHYg9feSfKxKozkdrFjc3W+o76KC7OSLzeqxiFD1z TEuikM3lkY2bowvkwi/7vod5hr1hRyxInYwQGXlxf+RCCl9IxYlsL9edsfeuyfpvnf9H zprfAXgFiUuvfm1mbyCof2UgJ8dyd48vAMDfLh+u62Z9mnOqZgfbSvwHKjhnBKG24hG6 2f97W7gkZnUsLCuA6PbSFxPVHBRMXYNdmKvAkQNU/2uU/izjUCtuqYooS7UbA7lNVsYq Hd7wqMefoa39TgvJCxv9HAG/MnWXv7k2r0TVLAHdJje/euVCwbWf3ExTLn8r25ukEWxf xhYw== X-Gm-Message-State: APjAAAX5JClw+kUk+RX9+ouYQod2pkj+HpX6C51fHa+Z3v/ugmruN5Kd yPGiec/M4+S4KWWSn0sIOOh1fbGONFXaow== X-Google-Smtp-Source: APXvYqxmcaAozIMHlazTP3lqFppQPJZf6m4ynb9gFrbLo0JFcGczH6GERYnt0UAUfCUYJOibJ9W3rg== X-Received: by 2002:a17:906:8053:: with SMTP id x19mr41834874ejw.306.1560170716234; Mon, 10 Jun 2019 05:45:16 -0700 (PDT) Return-Path: Received: from localhost.localdomain ([84.203.66.209]) by smtp.gmail.com with ESMTPSA id a3sm340463edr.48.2019.06.10.05.45.14 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 10 Jun 2019 05:45:15 -0700 (PDT) From: "Pete Batard" To: devel@edk2.groups.io Cc: ard.biesheuvel@linaro.org, leif.lindholm@linaro.org Subject: [edk2-non-osi: PATCH 0/1] Platform/RaspberryPi/RPi3: Update ATF Date: Mon, 10 Jun 2019 13:45:03 +0100 Message-Id: <20190610124504.6536-1-pete@akeo.ie> X-Mailer: git-send-email 2.21.0.windows.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Following up on a discussion that we had during the initial Raspberry Pi 3 platform integration, the following patch updates the ATF for the platform to the official 2.1 release (which also avoids a notice about ATF not being a release version that is currentlly being issued during early boot). Now, as opposed to an idea that was floated at the time, that proposed that we remove the RPI3 ATF from non-osi and instead simply provide a link to pre-built binaries (which could still be done if there is a majority pushing for it), I would still suggest, as per this patch, that we do keep the provisioning of the ATF binaries as part of the EDK2. The reason for that is that the binaries are small enough not to increase cloning times even if we update them on a semi regular basis, and I believe the inconvenience of having to hunt and go through a download to be able to compile the RPi3 firmware outweighs the push for trying to remove as many non-osi components as we can from the EDK2. With regards to how these binaries were built, I will point out that this was achieved through a process that is designed to provide confidence that the files can not have been altered in any way from the ones one would expect to be built from vanilla source. As such, the build was enacted on build servers that we don't have the possibility to alter in a concealed manner (AppVeyor) and where every single step can be publicly validated not to have added unwarranted elements. For instance, the log for the build that produced the attached files can be found at: https://ci.appveyor.com/project/pbatard/pitf/builds/24506898 Also, as part of this public build process, we made sure to issue the SHA-256 sums of the binary, so they can easily be compared to the ones from the files provided here. For more details on these builds, you can check https://github.com/pbatard/pitf which also hosts the resulting AppVeyor binary artefacts. One thing that should be pointed out however is that the ATF builds are currently not reproducible as the current build date is inserted into the binary, which means that, if you clone the script above and issue your own AppVeyor builds, you will end up with a different SHA-256. However, binary comparison can easily demonstrate that the only difference between the binaries has to do with the build date. Regards, /Pete Pete Batard (1): Platform/RaspberryPi/RPi3: Update ATF binaries to v2.1 Platform/RaspberryPi/RPi3/TrustedFirmware/License.txt | 2 +- Platform/RaspberryPi/RPi3/TrustedFirmware/Readme.md | 18 +++++++++++------- Platform/RaspberryPi/RPi3/TrustedFirmware/bl1.bin | Bin 18801 -> 18776 bytes Platform/RaspberryPi/RPi3/TrustedFirmware/fip.bin | Bin 41714 -> 45792 bytes 4 files changed, 12 insertions(+), 8 deletions(-) -- 2.21.0.windows.1