CI: build prodrive hermes board coreboot

Signed-off-by: Fabian Wienand <[email protected]>
BlindspotSoftware · Oct 8, 2024 · f06430a · f06430a
1 parent f63af91
commit f06430a
Show file tree

Hide file tree

Showing 6 changed files with 158 additions and 19 deletions.
diff --git a/.github/actions/buildx86-toolchain/action.yml b/.github/actions/buildx86-toolchain/action.yml
@@ -0,0 +1,19 @@
+name: 'Build x86 coreboot Toolchain'
+description: 'Build the tools needed to build coreboot on x86'
+runs:
+  using: 'composite'
+  steps:
+    - uses: actions/checkout@v4
+      with:
+        submodules: recursive
+    - name: Cache Toolchain
+      id: cache-toolchain
+      uses: actions/cache@v3
+      with:
+          path: ./util/crossgcc/xgcc/*
+          key: X86-crossgcc
+
+    - name: Build Toolchain
+      shell: bash
+      if: steps.cache-toolchain.outputs.cache-hit != 'true'
+      run: make crossgcc-i386 CPUS=$(nproc)
diff --git a/.github/actions/buildx86/action.yml b/.github/actions/buildx86/action.yml
@@ -0,0 +1,62 @@
+# action.yml
+name: 'Build coreboot'
+description: 'Build coreboot for x86'
+inputs:
+
+  config: 
+    description: 'Config to use for building'
+    required: true
+  artifact-path: 
+    description: 'The key used to retrieve the uploaded artifact. The binary will be called coreboot.rom'
+    required: false
+  upload-artifacts: 
+    description: 'Whether or not to upload the artifacts'
+    required: false
+    default: false
+  token:
+    description: 'The token used to authenticate with the blobs repository'
+    required: false
+runs:
+  using: 'composite'
+  steps:
+    - name: Restore cached toolchain
+      id: cache-toolchain
+      uses: actions/cache@v3
+      with:
+          path: ./util/crossgcc/xgcc/*
+          key: X86-crossgcc
+    - name: Install Tools
+      shell: bash
+      run: sudo apt-get install -y bison build-essential curl flex git gnat libncurses5-dev m4 zlib1g-dev libelf-dev nasm
+    - name: Build Toolchain Action
+      if: steps.cache-toolchain.outputs.cache-hit != 'true'
+      uses: ./.github/actions/buildx86-toolchain
+
+    - name: Install Tools
+      shell: bash
+      run: sudo apt-get install -y bison build-essential curl flex git gnat libncurses5-dev m4 zlib1g-dev libelf-dev
+
+    - name: Copy .config file
+      shell: bash
+      run: cp configs/${{ inputs.config }} ./.config
+
+    - name: Set default options
+      shell: bash
+      run: make olddefconfig
+
+    - name: Remove old blods folder
+      uses: JesseTG/[email protected]
+      with:
+        path: ./3rdparty/blobs
+
+    - name: Clone new blobs folder
+      uses: actions/checkout@v4
+      with:
+        repository: BlindspotSoftware/blobs
+        path: ./3rdparty/blobs
+        ref: main
+        token: ${{ inputs.token }}
+
+    - name: Build coreboot
+      shell: bash
+      run: make -j$(nproc)
diff --git a/.github/workflows/build-prodrive-hermes.yml b/.github/workflows/build-prodrive-hermes.yml
@@ -0,0 +1,34 @@
+name: Build Prodrive Hermes
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  build-hermes:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        token: ${{ secrets.ACCESS_TOKEN }}
+        submodules: recursive
+    - name: Build Prodrive Hermes Board
+      uses: ./.github/actions/buildx86
+      with:
+        config: firmwareci/config.prodrive_hermes.edk2
+        token: ${{ secrets.ACCESS_TOKEN }}
+    - name: Upload artifact
+      uses: actions/upload-artifact@v4
+      with:
+        name: coreboot.rom
+        path: ./build/coreboot.rom
+    - uses: docker://firmwareci/uploader:v2.0
+      with:
+        EMAIL: ${{ secrets.EMAIL }}
+        PASSWORD: ${{ secrets.PASSWORD }}
+        PROJECT_ID:   01J0MXWP8B1NQVMATY60JSWW4B
+        COMMIT_HASH: ${{ github.sha }}
+        BINARY_PATH: ./build/coreboot.rom
+        PROTOCOL: local
+        API: https://api.firmwareci.9esec.dev:8443  
diff --git a/.gitmodules b/.gitmodules
@@ -1,66 +1,68 @@
 [submodule "3rdparty/blobs"]
 	path = 3rdparty/blobs
-	url = https://review.coreboot.org/blobs.git
-	update = none
-	ignore = dirty
+	url = ../blobs.git
+	branch = main
 [submodule "util/nvidia-cbootimage"]
 	path = util/nvidia/cbootimage
-	url = https://review.coreboot.org/nvidia-cbootimage.git
+	url = ../../coreboot/nvidia-cbootimage.git
 [submodule "vboot"]
 	path = 3rdparty/vboot
-	url = https://review.coreboot.org/vboot.git
+	url = ../../coreboot/vboot.git
 	branch = main
 [submodule "arm-trusted-firmware"]
 	path = 3rdparty/arm-trusted-firmware
-	url = https://review.coreboot.org/arm-trusted-firmware.git
+	url = ../../coreboot/arm-trusted-firmware.git
+[submodule "3rdparty/chromeec"]
+	path = 3rdparty/chromeec
+	url = ../../coreboot/chrome-ec.git
 [submodule "libhwbase"]
 	path = 3rdparty/libhwbase
-	url = https://review.coreboot.org/libhwbase.git
+	url = ../../coreboot/libhwbase.git
 [submodule "libgfxinit"]
 	path = 3rdparty/libgfxinit
-	url = https://review.coreboot.org/libgfxinit.git
+	url = ../../coreboot/libgfxinit.git
 [submodule "3rdparty/fsp"]
 	path = 3rdparty/fsp
-	url = https://review.coreboot.org/fsp.git
+	url = ../../coreboot/fsp.git
 	update = none
 	ignore = dirty
 [submodule "opensbi"]
 	path = 3rdparty/opensbi
-	url = https://review.coreboot.org/opensbi.git
+	url = ../../coreboot/opensbi.git
 [submodule "intel-microcode"]
 	path = 3rdparty/intel-microcode
-	url = https://review.coreboot.org/intel-microcode.git
+	url = ../../coreboot/intel-microcode.git
 	update = none
 	ignore = dirty
 	branch = main
 [submodule "3rdparty/ffs"]
 	path = 3rdparty/ffs
-	url = https://review.coreboot.org/ffs.git
+	url = ../../coreboot/ffs.git
 [submodule "3rdparty/amd_blobs"]
 	path = 3rdparty/amd_blobs
-	url = https://review.coreboot.org/amd_blobs
+	url = ../../coreboot/amd_blobs
 	update = none
 	ignore = dirty
 [submodule "3rdparty/cmocka"]
 	path = 3rdparty/cmocka
-	url = https://review.coreboot.org/cmocka.git
+	url = ../../coreboot/cmocka.git
 	update = none
 	branch = stable-1.1
 [submodule "3rdparty/qc_blobs"]
 	path = 3rdparty/qc_blobs
-	url = https://review.coreboot.org/qc_blobs.git
+	url = ../../coreboot/qc_blobs.git
 	update = none
 	ignore = dirty
 [submodule "3rdparty/intel-sec-tools"]
 	path = 3rdparty/intel-sec-tools
-	url = https://review.coreboot.org/9esec-security-tooling.git
+	url = ../../coreboot/9esec-security-tooling.git
 [submodule "3rdparty/stm"]
 	path = 3rdparty/stm
-	url = https://review.coreboot.org/STM
+	url = ../../coreboot/STM
 	branch = stmpe
 [submodule "util/goswid"]
 	path = util/goswid
-	url = https://review.coreboot.org/goswid
+	url = ../../coreboot/goswid
 	branch = trunk
 [submodule "src/vendorcode/amd/opensil/genoa_poc/opensil"]
 	path = src/vendorcode/amd/opensil/genoa_poc/opensil

diff --git a/3rdparty/blobs b/3rdparty/blobs
diff --git a/configs/firmwareci/config.prodrive_hermes.edk2 b/configs/firmwareci/config.prodrive_hermes.edk2
@@ -0,0 +1,22 @@
+CONFIG_ANY_TOOLCHAIN=y
+CONFIG_VENDOR_PRODRIVE=y
+CONFIG_POST_IO=y
+CONFIG_MAINBOARD_SMBIOS_MANUFACTURER="Prodrive Technologies B.V."
+CONFIG_PCIEXP_DEFAULT_MAX_RESIZABLE_BAR_BITS=36
+CONFIG_USE_LEGACY_8254_TIMER=y
+CONFIG_HAVE_IFD_BIN=y
+CONFIG_BOARD_PRODRIVE_HERMES=y
+CONFIG_HAVE_ME_BIN=y
+CONFIG_DO_NOT_TOUCH_DESCRIPTOR_REGION=y
+CONFIG_RUN_FSP_GOP=y
+CONFIG_PCIEXP_SUPPORT_RESIZABLE_BARS=y
+CONFIG_DEFAULT_CONSOLE_LOGLEVEL_3=y
+CONFIG_POST_DEVICE_LPC=y
+CONFIG_MAINBOARD_SERIAL_NUMBER="N/A"
+CONFIG_PAYLOAD_EDK2=y
+CONFIG_EDK2_REPO_CUSTOM=y
+CONFIG_EDK2_REPOSITORY="https://github.com/9elements/edk2"
+CONFIG_EDK2_TAG_OR_REV="origin/prodrive_hermes"
+CONFIG_EDK2_DEBUG=y
+# CONFIG_EDK2_SERIAL_SUPPORT is not set
+CONFIG_EDK2_CUSTOM_BUILD_PARAMS="-D VARIABLE_SUPPORT=SMMSTORE -D TPM_ENABLE=TRUE -D NETWORK_IPXE=TRUE"