-
Notifications
You must be signed in to change notification settings - Fork 97
106 lines (98 loc) · 3.21 KB
/
build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
name: Build
on:
push:
paths-ignore:
- '**.md'
branches:
- master
pull_request:
paths-ignore:
- '**.md'
branches:
- master
workflow_call:
inputs:
build-configs:
type: string
required: true
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-latest
strategy:
matrix:
PLATFORM:
- rock-5b
- rock-5a
- rock-5-itx
- orangepi-5
- orangepi-5plus
- indiedroid-nova
- fydetab-duo
- roc-rk3588s-pc
- itx-3588j
- aio-3588q
- station-m3
- r58x
- r58-mini
- edge2
- nanopi-r6c
- nanopi-r6s
- nanopc-t6
- blade3
- h88k
CONFIGURATION: ${{ fromJSON(format('[{0}]', inputs.build-configs || '"Debug"')) }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
submodules: recursive
- name: Install dependencies
shell: bash
run: |
sudo apt-get update && \
sudo apt-get install -y \
acpica-tools \
binutils-aarch64-linux-gnu \
build-essential \
device-tree-compiler \
gettext \
git \
gcc-aarch64-linux-gnu \
libc6-dev-arm64-cross \
python3 \
python3-pyelftools
- name: Get version tag
id: get_version_tag
shell: bash
run: echo "version=$(git describe --tags --always)" >> $GITHUB_OUTPUT
- name: Set up Secure Boot default keys
run: |
mkdir keys
# We don't really need a usable PK, so just generate a public key for it and discard the private key
openssl req -new -x509 -newkey rsa:2048 -subj "/CN=Rockchip Platform Key/" -keyout /dev/null -outform DER -out keys/pk.cer -days 7300 -nodes -sha256
curl -L https://go.microsoft.com/fwlink/?LinkId=321185 -o keys/ms_kek.cer
curl -L https://go.microsoft.com/fwlink/?linkid=321192 -o keys/ms_db1.cer
curl -L https://go.microsoft.com/fwlink/?linkid=321194 -o keys/ms_db2.cer
curl -L https://uefi.org/sites/default/files/resources/dbxupdate_arm64.bin -o keys/arm64_dbx.bin
- name: Build platform
shell: bash
run: |
export EDK2_SECUREBOOT_FLAGS=" \
-D DEFAULT_KEYS=TRUE \
-D PK_DEFAULT_FILE=keys/pk.cer \
-D KEK_DEFAULT_FILE1=keys/ms_kek.cer \
-D DB_DEFAULT_FILE1=keys/ms_db1.cer \
-D DB_DEFAULT_FILE2=keys/ms_db2.cer \
-D DBX_DEFAULT_FILE1=keys/arm64_dbx.bin \
-D SECURE_BOOT_ENABLE=TRUE"
export EDK2_BUILD_FLAGS=" \
${EDK2_SECUREBOOT_FLAGS}"
./build.sh --device ${{matrix.PLATFORM}} --release ${{matrix.CONFIGURATION}} --edk2-flags "${EDK2_BUILD_FLAGS}"
mv RK3588_NOR_FLASH.img ${{matrix.PLATFORM}}_UEFI_${{matrix.CONFIGURATION}}_${{steps.get_version_tag.outputs.version}}.img
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: ${{matrix.PLATFORM}} UEFI ${{matrix.CONFIGURATION}} image
path: ./*.img
if-no-files-found: error