Skip to content

Build

Build #8

Workflow file for this run

name: Build
on:
push:
paths-ignore:
- '**.md'
branches:
- master
pull_request:
paths-ignore:
- '**.md'
branches:
- master
workflow_call:
workflow_dispatch:
env:
RPI_FIRMWARE_URL: https://github.com/raspberrypi/firmware/
DTB_VERSION: 1e403e23baab5673f0494a200f57cd01287d5b1a
jobs:
build:
runs-on: ubuntu-latest
strategy:
matrix:
MODEL:
- 5
CONFIGURATION: [Debug, Release]
steps:
- name: Checkout
uses: actions/checkout@v4
with:
submodules: recursive
- name: Install dependencies
shell: bash
run: |
sudo apt-get update && \
sudo apt-get install -y \
acpica-tools \
binutils-aarch64-linux-gnu \
build-essential \
device-tree-compiler \
gettext \
git \
gcc-aarch64-linux-gnu \
libc6-dev-arm64-cross \
python3 \
python3-pyelftools
- name: Get version tag
id: get_version_tag
shell: bash
run: echo "version=$(git describe --tags --always)" >> $GITHUB_OUTPUT
- name: Set up Secure Boot default keys
if: ${{ false }} # Disable for now, too large for debug builds.
run: |
mkdir keys
# We don't really need a usable PK, so just generate a public key for it and discard the private key
openssl req -new -x509 -newkey rsa:2048 -subj "/CN=Rockchip Platform Key/" -keyout /dev/null -outform DER -out keys/pk.cer -days 7300 -nodes -sha256
curl -L https://go.microsoft.com/fwlink/?LinkId=321185 -o keys/ms_kek.cer
curl -L https://go.microsoft.com/fwlink/?linkid=321192 -o keys/ms_db1.cer
curl -L https://go.microsoft.com/fwlink/?linkid=321194 -o keys/ms_db2.cer
curl -L https://uefi.org/sites/default/files/resources/dbxupdate_arm64.bin -o keys/arm64_dbx.bin
- name: Build platform
shell: bash
run: |
export EDK2_SECUREBOOT_FLAGS=""
if [ -d keys ]; then
export EDK2_SECUREBOOT_FLAGS=" \
-D DEFAULT_KEYS=TRUE \
-D PK_DEFAULT_FILE=keys/pk.cer \
-D KEK_DEFAULT_FILE1=keys/ms_kek.cer \
-D DB_DEFAULT_FILE1=keys/ms_db1.cer \
-D DB_DEFAULT_FILE2=keys/ms_db2.cer \
-D DBX_DEFAULT_FILE1=keys/arm64_dbx.bin \
-D SECURE_BOOT_ENABLE=TRUE"
fi
export EDK2_BUILD_FLAGS=" \
--pcd gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVendor=L"${{ github.repository_owner }}" \
${EDK2_SECUREBOOT_FLAGS}"
./build.sh \
--model ${{ matrix.MODEL }} \
--debug ${{ matrix.CONFIGURATION == 'Debug' && 1 || 0 }} \
--edk2-flags "${EDK2_BUILD_FLAGS}"
- name: Download Raspberry Pi support files
run: |
curl -O -L ${{ env.RPI_FIRMWARE_URL }}/raw/${{ env.DTB_VERSION }}/boot/bcm2712-rpi-5-b.dtb
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: RPi${{ matrix.MODEL }}_UEFI_${{ matrix.CONFIGURATION }}_${{ steps.get_version_tag.outputs.version }}
path: |
RPI_EFI.fd
config.txt
*.dtb
if-no-files-found: error