From a5b8650f8dffe71b66b987da9f6200e776626e17 Mon Sep 17 00:00:00 2001 From: Adam Joseph Date: Tue, 8 Feb 2022 01:44:21 -0800 Subject: [PATCH] arm-trusted-firmware: add unfreeIncludeHDCPBlob?true to control license and blob-removal patch This change implements @lukegb's idea: https://github.gitop.top/NixOS/nixpkgs/issues/148890#issuecomment-1032002903 Specifically, it introduces a new parameter unfreeIncludeHDCPBlob (defaults to true): * If unfreeIncludeHDCPBlob==true then the license is changed to unfreeRedistributable, which will alert the user to the fact that the blob is being included (unless they set NIXPKGS_ALLOW_UNFREE=1). * If unfreeIncludeHDCPBlob==false then the license is kept as bsd3, but a patch is applied to remove the HDCP blob from the build. --- pkgs/misc/arm-trusted-firmware/default.nix | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/pkgs/misc/arm-trusted-firmware/default.nix b/pkgs/misc/arm-trusted-firmware/default.nix index 0c4ce33f4d80..8bf6d31937fe 100644 --- a/pkgs/misc/arm-trusted-firmware/default.nix +++ b/pkgs/misc/arm-trusted-firmware/default.nix @@ -1,4 +1,9 @@ -{ lib, stdenv, fetchFromGitHub, openssl, pkgsCross, buildPackages }: +{ lib, stdenv, fetchFromGitHub, openssl, pkgsCross, buildPackages + +# Warning: this blob runs on the main CPU (not the GPU) at privilege +# level EL3, which is above both the kernel and the hypervisor. +, unfreeIncludeHDCPBlob ? true +}: let buildArmTrustedFirmware = { filesToInstall @@ -20,7 +25,10 @@ let sha256 = "sha256-qT9DdTvMcUrvRzgmVf2qmKB+Rb1WOB4p1rM+fsewGcg="; }; - patches = [ ./remove-hdcp-blob.patch ]; + patches = lib.optionals (!unfreeIncludeHDCPBlob) [ + # this is a rebased version of https://gitlab.com/vicencb/kevinboot/-/blob/master/atf.patch + ./remove-hdcp-blob.patch + ]; depsBuildBuild = [ buildPackages.stdenv.cc ]; @@ -52,7 +60,7 @@ let meta = with lib; { homepage = "https://github.com/ARM-software/arm-trusted-firmware"; description = "A reference implementation of secure world software for ARMv8-A"; - license = licenses.bsd3; + license = if unfreeIncludeHDCPBlob then licenses.unfreeRedistributable else licenses.bsd3; maintainers = with maintainers; [ lopsided98 ]; } // extraMeta; } // builtins.removeAttrs args [ "extraMeta" ]);