-
-
Notifications
You must be signed in to change notification settings - Fork 13.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sd-image: remove populateFirmwareCommands in favor of firmwarePartitionContents #261857
base: master
Are you sure you want to change the base?
Conversation
Cool, looks promising. I also tried it with If I understand it correctly, the 'manual' update process would now be to build this derivation and copy everything to the boot/firmware partition? |
Somewhat of a side note: if you are going to move towards a proper update mechanism, would it make sense to add an equivalent to |
Exactly. We can try adding a (semi-)automated update mechanism that would do that for us - i.e. something like mkdir -p /boot/firmware
mount /boot/firmware
... copy (if newer / diffferent hashes or so) ...
umount /boot/firmware |
Possibly, I'm not a fan of these RPi specific mechanisms but sometimes it seems necessary to adjust This looks a bit weird tho - why would you have We sure can get there but ideally in backwards compatible manner. |
Yeah, these things would make more sense to me if they're not referencing anything SD card related at all. I don't know too much about (the implementation of) modules - would it otherwise be possible to use an overlay (nix overlay, not device tree overlay) to use Alternatively, just updating the documentation/NixOS on RPi wiki would help (I can probably do something with that). But it would be good to settle on the desired way forward first. |
Long infodump, sorry... Don't hesitate to ask for more precisions. About the SD card build APIThe SD card building API should be considered semi-private and fine enough to break (with proper So this change here is generally acceptable, as long as it's not plumbed for any automatic updating, nor recommended to automatically plumb by end-users. Having better semantics for the different bits involved here is a general win, I guess. About automatically updating firmwareI've had the discussion a couple of times about automatically updating the firmware, and the situation is kinda hard. This is something that lives outside of the lifecycle of generations; in other words, you cannot use the generations menu to go back to a previously working generation, when things break. “But the bootloader has that problem too!” might be your first instinct. It's true. But it's also the boundary at which NixOS operates. Anything that runs prior to or the bootloader depends on outside of the lifecycle of generations is a no-go zone. And the bootloader is managed only because of the implicit requirements of it existing for the lifecycle of generations to even be a thing. Now, all of that is thinking generally, this includes your boring standard Laptop UEFI firmware, and other spicier options. The overall way we should support such things is by supporting standard (enough) methods to update firmware. The example here is fwupd/LVFS. About board-specific hacks and workaroundsIt would be undesirable to add again specific patterns for a given board. Here the Raspberry Pi. Like alluded to previously, we should aim to support "standard" methods to manage those bits. So no, we shouldn't add any at this point in time. The aim should be to, at some point, drop this, but it's not planned for the near future. As hinted previously (if you read between the lines) we should aim to support composing the "base" NixOS system on top of external projects (any one of them!) rather than pre-bake device-specific images. This holds for all ecosystems, not specific to Raspberry Pi, nor for ARM. About this particular example and the futureThings are in motion with Tow-Boot to make it well-supported generally with fwupd/LVFS. This would include the Raspberry Pi family of devices, in the future. So, one way to have this all work will be a future where NixOS has no knowledge of the Raspberry Pi firmware or that it needs to be updated, but instead relies on an external Platform Firmware provider, and then fwupd/LVFS to update the platform firmware, irrespective of the board. (But not limited to a specific one!) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some notes
I would like to see this communicated more clearly to the user at the very least. I assume this information is buried in the documentation somewhere, but I generally expected that if something is an option in a NixOS module, that a change will actually get applied. As it is, I get a warning that |
Thanks for the pointers, updated to deprecate the old option. I'm not sure if it warrants a changelog entry since the deprecation message you get is pretty good I think.
Good point, I've stripped the commit message of hints about automated firmware updates as we can figure that out later. It is probably better to not try to have a fully automated solution and instead opt for semi-automated one - i.e. having a script in path that can be called manually to perform the update. Not quite sure where should this live for now (getting back to this it surely is
I'm currently trying to do something similar for old Lenovo X200 running coreboot where the update mechanism is using
Completely agree although it seems hard to draw a line of what should be in It is pretty weird that our multiplatform/generic images are at the same time RPi specific. I wouldn't go as far as removing SD card images and the tooling since it is very useful (and widely used I think) but removing RPi specifics from generic images is a good idea. We can do this in discrete steps
👍 The situation with RPi is quite unfortunate and it shouldn't have a special treatment because of its popularity. The RPi foundation reinvented a lot stuff to make things seemingly more user friendly at the expanse of creating a massive confusion about how the things should be done (were done previously) in a standard manner (dtparams, GPIO, booting..).
Quite interesting and I certainly support your efforts and can possibly help with some stuff despite the fact I'm not really into UEFI - I don't have single computer running UEFI at the moment as I don't see any advantage in doing so (no need for secure boot, only reason I found it interesting was that it would allow me running systemd-boot which would allow for bootcounting and automated rollbacks but even that seems possible with just uboot nowadays). I'll soon get my hands on Pi5 and more Pi4s so I can try UEFI/Tow-Boot! |
That is more than welcome @SFrijters and I want to do the same after we figure out the way forward. |
There is one main reason for this: it's because it is otherwise really inconvenient to add the Platform Firmware for the Raspberry Pi after the fact. Most other platforms, at worse, "just" look at specific offsets on the same storage device, so you can "just" splat the platform firmware there if you don't have better options... But the Raspberry Pi requires a "real" partition. So adding it after the fact requires steps that are way harder to get right. But you're right, and this is where I want to go: Have it all be agnostic. Though you might be thinking about it thinking that "we want a generic SD card image"... We might not (but still provide useful tooling for end-users). The ideal solution here is to always rely on a "manual" install method to the target storage, rather than pre-baked filesystems, as those have various issues down the line. So the actual goal is to "stop providing generic SD images" altogether, and instead rely solely on generic standards-based boot methods, e.g. UEFI. So the "ideal" (realistic) future for Raspberry Pi (and other platforms without dedicated storage for the platform firmware) would be:
Now, that doesn't help for "large scale deployment of images", but this is the kind of problem that is not ARM-specific nor Raspberry Pi specific, and require better semantics around producing disk images within NixOS :). |
[looks fine, but I haven't ran or tested personally]
If the partition stays there (even if it's empty, which currently there's no way to disable it) than it is pretty easy to grab firmware (the mechanism provided in this PR makes it less troublesome) and add it to the image manually (mounting it after dding, losetup, guestfish..). This only affects Shouldn't be a blocker but the failure mode is not ideal a la it was working before why it suddenly doesn't. So yes, I see why you would want to get rid of the image(s) entirely.
There's another reason which is more important for me (I always build my own images anyway as I have many I agree about better semantics and was wondering about that as well - the I think we can use NixOS containers as an inspiration and have a similar mechanism - Now the interesting thing is - what about having all the things - I wonder if there were prior efforts in this direction. After further consideration I also don't think removing/moving any of the RPi packages from
The device specific SD profiles seem easier to migrate. I thought I should state this here so it doesn't look like some conspiracy discussed in unrelated PR. Finally related to this PR
man:
I have not tested on a real device (only with Outstanding questions:
|
Realized that this can be probably already done by passing EDIT: not quite! |
Just FYI, I have now actually deployed the result of this derivation to my Pi and I'm now succesfully booting with U-Boot (and the device overlays that started the whole journey for me indeed work). One more question though: Sorry if this is a stupid question, but I'd rather not mess up my migration/cleanup at the last hurdle. |
Cool!
Yes those are exactly the artifacts of the previous builder nixpkgs/nixos/modules/system/boot/loader/raspberrypi/raspberrypi-builder.sh Lines 79 to 99 in 03ed4ab
extlinux.conf
|
…onContents This converts `sdImage.populateFirmwareCommands` into a derivation that can be used to obtain firmware partition contents. For example for `sd-image-armv7l-multiplatform`, given a `test_firmware.nix` file containing ``` { imports = [ <nixpkgs/nixos/modules/installer/sd-card/sd-image-armv7l-multiplatform.nix> ]; nixpkgs = { crossSystem.system = "armv7l-linux"; overlays = [ ]; }; } ``` we can now do ``` nix-build '<nixpkgs/nixos>' \ -A config.sdImage.firmwarePartitionContents \ -I nixos-config=./test_firmware.nix ```
Rebased due to |
This converts
sdImage.populateFirmwareCommands
into aderivation that can be used to obtain firmware partition contents.
For example for
sd-image-armv7l-multiplatform
,given a
test_firmware.nix
file containingwe can now do
nix-build '<nixpkgs/nixos>' \ -A config.sdImage.firmwarePartitionContents \ -I nixos-config=./test_firmware.nix
Description of changes
See above. Prior discussion at #241534 (comment)
Resolves #108048
CC @samueldr @SFrijters
Things done
sandbox = true
set innix.conf
? (See Nix manual)nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"
. Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/
)