diff --git a/pkgs/misc/arm-trusted-firmware/default.nix b/pkgs/misc/arm-trusted-firmware/default.nix index 0c4ce33f4d80..8bf6d31937fe 100644 --- a/pkgs/misc/arm-trusted-firmware/default.nix +++ b/pkgs/misc/arm-trusted-firmware/default.nix @@ -1,4 +1,9 @@ -{ lib, stdenv, fetchFromGitHub, openssl, pkgsCross, buildPackages }: +{ lib, stdenv, fetchFromGitHub, openssl, pkgsCross, buildPackages + +# Warning: this blob runs on the main CPU (not the GPU) at privilege +# level EL3, which is above both the kernel and the hypervisor. +, unfreeIncludeHDCPBlob ? true +}: let buildArmTrustedFirmware = { filesToInstall @@ -20,7 +25,10 @@ let sha256 = "sha256-qT9DdTvMcUrvRzgmVf2qmKB+Rb1WOB4p1rM+fsewGcg="; }; - patches = [ ./remove-hdcp-blob.patch ]; + patches = lib.optionals (!unfreeIncludeHDCPBlob) [ + # this is a rebased version of https://gitlab.com/vicencb/kevinboot/-/blob/master/atf.patch + ./remove-hdcp-blob.patch + ]; depsBuildBuild = [ buildPackages.stdenv.cc ]; @@ -52,7 +60,7 @@ let meta = with lib; { homepage = "https://github.com/ARM-software/arm-trusted-firmware"; description = "A reference implementation of secure world software for ARMv8-A"; - license = licenses.bsd3; + license = if unfreeIncludeHDCPBlob then licenses.unfreeRedistributable else licenses.bsd3; maintainers = with maintainers; [ lopsided98 ]; } // extraMeta; } // builtins.removeAttrs args [ "extraMeta" ]);