diff options
| author | Adam Joseph <adam@westernsemico.com> | 2022-02-08 01:44:21 -0800 |
|---|---|---|
| committer | Adam Joseph <adam@westernsemico.com> | 2022-02-08 01:44:21 -0800 |
| commit | a5b8650f8dffe71b66b987da9f6200e776626e17 (patch) | |
| tree | 09814b1478c9d911f315af9b56a50fc536e2e064 /pkgs/misc/arm-trusted-firmware | |
| parent | bb0a925a767b247a473adcbf8ebcbf0262ccb5ee (diff) | |
arm-trusted-firmware: add unfreeIncludeHDCPBlob?true to control license and blob-removal patch
This change implements @lukegb's idea:
https://github.gitop.top/NixOS/nixpkgs/issues/148890#issuecomment-1032002903
Specifically, it introduces a new parameter unfreeIncludeHDCPBlob
(defaults to true):
* If unfreeIncludeHDCPBlob==true then the license is changed to
unfreeRedistributable, which will alert the user to the fact that
the blob is being included (unless they set NIXPKGS_ALLOW_UNFREE=1).
* If unfreeIncludeHDCPBlob==false then the license is kept as bsd3, but
a patch is applied to remove the HDCP blob from the build.
Diffstat (limited to 'pkgs/misc/arm-trusted-firmware')
| -rw-r--r-- | pkgs/misc/arm-trusted-firmware/default.nix | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/pkgs/misc/arm-trusted-firmware/default.nix b/pkgs/misc/arm-trusted-firmware/default.nix index 0c4ce33f4d80..8bf6d31937fe 100644 --- a/pkgs/misc/arm-trusted-firmware/default.nix +++ b/pkgs/misc/arm-trusted-firmware/default.nix @@ -1,4 +1,9 @@ -{ lib, stdenv, fetchFromGitHub, openssl, pkgsCross, buildPackages }: +{ lib, stdenv, fetchFromGitHub, openssl, pkgsCross, buildPackages + +# Warning: this blob runs on the main CPU (not the GPU) at privilege +# level EL3, which is above both the kernel and the hypervisor. +, unfreeIncludeHDCPBlob ? true +}: let buildArmTrustedFirmware = { filesToInstall @@ -20,7 +25,10 @@ let sha256 = "sha256-qT9DdTvMcUrvRzgmVf2qmKB+Rb1WOB4p1rM+fsewGcg="; }; - patches = [ ./remove-hdcp-blob.patch ]; + patches = lib.optionals (!unfreeIncludeHDCPBlob) [ + # this is a rebased version of https://gitlab.com/vicencb/kevinboot/-/blob/master/atf.patch + ./remove-hdcp-blob.patch + ]; depsBuildBuild = [ buildPackages.stdenv.cc ]; @@ -52,7 +60,7 @@ let meta = with lib; { homepage = "https://github.com/ARM-software/arm-trusted-firmware"; description = "A reference implementation of secure world software for ARMv8-A"; - license = licenses.bsd3; + license = if unfreeIncludeHDCPBlob then licenses.unfreeRedistributable else licenses.bsd3; maintainers = with maintainers; [ lopsided98 ]; } // extraMeta; } // builtins.removeAttrs args [ "extraMeta" ]); |