Integration of mainline kernel to jetpack-nixos

README.md

@@ -2,7 +2,7 @@
 
 This repository packages components from NVIDIA's [Jetpack SDK](https://developer.nvidia.com/embedded/jetpack) for use with NixOS, including:
  * Platform firmware flashing scripts
- * A 5.10 Linux kernel from NVIDIA, which includes some open-source drivers like nvgpu
+ * A MAINLINE Linux kernel with out-of-tree drivers from NVIDIA
  * An [EDK2-based UEFI firmware](https://github.com/NVIDIA/edk2-nvidia)
  * ARM Trusted Firmware / OP-TEE
  * Additional packages for:
@@ -11,7 +11,7 @@ This repository packages components from NVIDIA's [Jetpack SDK](https://develope
    - Graphics: Wayland, GBM, EGL, Vulkan
    - Power/fan control: nvpmodel, nvfancontrol
 
-This package is based on the Jetpack 5 release, and will only work with devices supported by Jetpack 5.1:
+This package is based on the Jetpack 6 release, and will only work with devices supported by Jetpack 6.3:
  * Jetson Orin AGX
  * Jetson Orin NX
  * Jetson Xavier AGX
@@ -135,8 +135,8 @@ Otherwise, the instructions to apply the update manually are below.
 To determine if the currently running firmware matches the software, run, `ota-check-firmware`:
 ```
 $ ota-check-firmware
-Current firmware version is: 35.2.1
-Current software version is: 35.2.1
+Current firmware version is: 35.5.0
+Current software version is: 35.5.0
 ```
 
 If these versions do not match, you can update your firmware using the UEFI Capsule update mechanism. The procedure to do so is below:

UPGRADE_CHECKLIST.md

@@ -4,9 +4,10 @@
     - [ ] `overlay.nix`
     - [ ] `kernel/default.nix`
     - [ ] `uefi-firmware.nix`
-    - [ ] Grep for "sha256 = ", see if there is anything else not covered
+    - [ ] Grep for "sha256 = " and "hash = ", see if there is anything else not covered
+- [ ] Update gitrepos.json using sourceinfo/gitrepos-update.py  and result/source_sync.sh from bspSrc.
 - [ ] Update the kernel version in `kernel/default.nix` if it chaged.
-- [ ] Grep for the previous version strings e.g. "35.4.1"
+- [ ] Grep for the previous version strings e.g. "35.5.0"
 - [ ] Compare files from `unpackedDebs` before and after
 - [ ] Grep for NvOsLibraryLoad in libraries from debs to see if any new packages not already handled in l4t use the function
 - [ ] Ensure the soc variants in `modules/flash-script.nix` match those in `jetson_board_spec.cfg` from BSP

device-pkgs/default.nix

@@ -1,10 +1,5 @@
-# These come from the device's nixos module arguments, so `pkgs` is actually an
-# aarch64 hostPlatform packaget-set.
-{ config, pkgs, ... }:
+{ config, pkgs, kernel, ... }:
 
-# These must be filled in by a `callPackage` from an x86_64 hostPlatform
-# package-set to satisfy being able to run nvidia's prebuilt binaries on an
-# x86-compatible platform.
 { lib
 , dtc
 , gcc
@@ -16,185 +11,175 @@
 , writeScript
 , writeShellApplication
 , buildPackages
+, makeModulesClosure
 }:
 
 let
   cfg = config.hardware.nvidia-jetpack;
-  inherit (config.networking) hostName;
+  hostName = config.networking.hostName;
 
-  # We need to grab some packages from the device's aarch64 package set.
+  # Packages from the device's aarch64 package set
   inherit (pkgs.nvidia-jetpack)
     chipId
     flashInitrd
     l4tVersion
-    mkFlashScript
-    ;
-
-  inherit (cfg.flashScriptOverrides) flashArgs fuseArgs partitionTemplate;
-
-  # This produces a script where we have already called the ./flash.sh script
-  # with `--no-flash` and produced a file under bootloader/flashcmd.txt.
-  # This requires setting various BOARD* environment variables to the exact
-  # board being flashed. These are set by the firmware.variants option.
-  #
-  # The output of this should be something we can take anywhere and doesn't
-  # require any additional signing or other dynamic behavior
-  mkFlashCmdScript = args:
-    let
-      variant =
-        if builtins.length cfg.firmware.variants != 1
-        then throw "mkFlashCmdScript requires exactly one Jetson variant set in hardware.nvidia-jetson.firmware.variants"
-        else builtins.elemAt cfg.firmware.variants 0;
-
-      # Use the flash-tools produced by mkFlashScript, we need whatever changes
-      # the script made, as well as the flashcmd.txt from it
-      flash-tools-flashcmd = runCommand "flash-tools-flashcmd"
-        {
-          # Needed for signing
-          inherit (cfg.firmware.secureBoot) requiredSystemFeatures;
-        } ''
-        export BOARDID=${variant.boardid}
-        export BOARDSKU=${variant.boardsku}
-        export FAB=${variant.fab}
-        export BOARDREV=${variant.boardrev}
-        ${lib.optionalString (variant.chipsku != null) ''
+    mkFlashScript;
+
+  inherit (cfg.flashScriptOverrides)
+    flashArgs
+    fuseArgs
+    partitionTemplate;
+
+  # Function to create flash command script for a single variant
+  mkFlashCmdScript = args: let
+    variant = if builtins.length cfg.firmware.variants != 1
+      then throw "mkFlashCmdScript requires exactly one Jetson variant set in hardware.nvidia-jetpack.firmware.variants"
+      else builtins.elemAt cfg.firmware.variants 0;
+
+    flash-tools-flashcmd = runCommand "flash-tools-flashcmd" {
+      inherit (cfg.firmware.secureBoot) requiredSystemFeatures;
+    } ''
+      export BOARDID=${variant.boardid}
+      export BOARDSKU=${variant.boardsku}
+      export FAB=${variant.fab}
+      export BOARDREV=${variant.boardrev}
+      ${lib.optionalString (variant.chipsku != null) ''
         export CHIP_SKU=${variant.chipsku}
-        ''}
-        export CHIPREV=${variant.chiprev}
-        ${lib.optionalString (variant.ramcode != null) ''
+      ''}
+      export CHIPREV=${variant.chiprev}
+      ${lib.optionalString (variant.ramcode != null) ''
         export RAMCODE=${variant.ramcode}
-        ''}
+      ''}
 
-        ${cfg.firmware.secureBoot.preSignCommands buildPackages}
+      ${cfg.firmware.secureBoot.preSignCommands buildPackages}
 
-        ${mkFlashScript nvidia-jetpack.flash-tools (args // { flashArgs = [ "--no-root-check" "--no-flash" ] ++ (args.flashArgs or flashArgs); }) }
+      ${mkFlashScript nvidia-jetpack.flash-tools (args // {
+        # kernel = kernel;
+        flashArgs = [ "--no-root-check" "--no-flash" ] ++ (args.flashArgs or flashArgs);
+      })}
 
-        cp -r ./ $out
-      '';
-    in
-    import ./flashcmd-script.nix {
-      inherit lib;
-      inherit gcc dtc;
+      cp -r ./ $out
+    '';
+  in
+    (import ./flashcmd-script.nix) {
+      inherit lib gcc dtc;
       flash-tools = flash-tools-flashcmd;
     };
 
-  # With either produce a standard flash script, which does variant detection,
-  # or if there is only a single variant, will produce a script specialized to
-  # that particular variant.
-  mkFlashScriptAuto = if builtins.length cfg.firmware.variants == 1 then mkFlashCmdScript else (mkFlashScript nvidia-jetpack.flash-tools);
+  # Function to automatically choose the appropriate flash script
+  mkFlashScriptAuto = args:
+    if builtins.length cfg.firmware.variants == 1
+    then mkFlashCmdScript args
+    else mkFlashScript nvidia-jetpack.flash-tools args;
 
-  # Generate a flash script using the built configuration options set in a NixOS configuration
-  flashScript = writeShellApplication {
-    name = "flash-${hostName}";
-    text = (mkFlashScriptAuto { });
-    meta.platforms = [ "x86_64-linux" ];
-  };
-
-  # Produces a script that boots a given kernel, initrd, and cmdline using the RCM boot method
+  # Function to create RCM boot script
   mkRcmBootScript = { kernelPath, initrdPath, kernelCmdline }: mkFlashScriptAuto {
+    # kernel = kernel;
     preFlashCommands = ''
-      cp ${kernelPath} kernel/Image
-      cp ${initrdPath} bootloader/l4t_initrd.img
+      cp ${kernel}/Image kernel/Image
+      cp ${initrdPath}/initrd bootloader/l4t_initrd.img
+
+      echo "Kernel: ${kernel}"
+      echo "Initrd Path: ${initrdPath}"
 
       export CMDLINE="${builtins.toString kernelCmdline}"
       export INITRD_IN_BOOTIMG="yes"
     '';
     flashArgs = [ "--rcm-boot" ] ++ cfg.flashScriptOverrides.flashArgs;
   };
 
-  # Produces a script which boots into this NixOS system via RCM mode
-  # TODO: This doesn't work currently because `rcmBoot` would need to be built
-  # on x86_64, and the machine in `config` should be aarch64-linux
+  # Generate the main flash script
+  flashScript = writeShellApplication {
+    name = "flash-${hostName}";
+    text = mkFlashScriptAuto { };
+    meta.platforms = [ "x86_64-linux" ];
+  };
+
+  # Generate RCM boot script
   rcmBoot = writeShellApplication {
     name = "rcmboot-nixos";
     text = mkRcmBootScript {
-      # See nixpkgs nixos/modules/system/activatation/top-level.nix for standard usage of these paths
       kernelPath = "${config.system.build.kernel}/${config.system.boot.loader.kernelFile}";
       initrdPath = "${config.system.build.initialRamdisk}/${config.system.boot.loader.initrdFile}";
       kernelCmdline = "init=${config.system.build.toplevel}/init initrd=initrd ${toString config.boot.kernelParams}";
     };
     meta.platforms = [ "x86_64-linux" ];
   };
 
-  # TODO: The flash script should not have the kernel output in its runtime closure
-  initrdFlashScript =
-    writeShellApplication {
-      name = "initrd-flash-${hostName}";
-      text = ''
-        ${mkRcmBootScript {
-          kernelPath = "${config.system.build.kernel}/${config.system.boot.loader.kernelFile}";
-          initrdPath =
-            let
-              signedFirmwareInitrd = makeInitrd {
-                contents = [{ object = signedFirmware; symlink = "/signed-firmware"; }];
-              };
-            in
-            # The linux kernel supports concatenated initrds where each initrd
-            # can be optionally compressed with any compression algorithm
-            # supported by the kernel (initrds don't need to match in
-            # compression algorithm).
-            runCommand "combined-initrd" { } ''
-              cat ${flashInitrd}/initrd ${signedFirmwareInitrd}/initrd > $out
-            '';
-          kernelCmdline = "initrd=initrd console=ttyTCU0,115200";
-        }}
-        echo
-        echo "Jetson device should now be flashing and will reboot when complete."
-        echo "You may watch the progress of this on the device's serial port"
-      '';
-      meta.platforms = [ "x86_64-linux" ];
-    };
-
-  signedFirmware = runCommand "signed-${hostName}-${l4tVersion}"
-    {
-      inherit (cfg.firmware.secureBoot) requiredSystemFeatures;
-    }
-    (mkFlashScript nvidia-jetpack.flash-tools {
-      flashCommands = ''
-        ${cfg.firmware.secureBoot.preSignCommands buildPackages}
-      '' + lib.concatMapStringsSep "\n"
-        (v: with v; ''
-          BOARDID=${boardid} BOARDSKU=${boardsku} FAB=${fab} BOARDREV=${boardrev} FUSELEVEL=${fuselevel} CHIPREV=${chiprev} ${lib.optionalString (chipsku != null) "CHIP_SKU=${chipsku}"} ${lib.optionalString (ramcode != null) "RAMCODE=${ramcode}"} ./flash.sh ${lib.optionalString (partitionTemplate != null) "-c flash.xml"} --no-root-check --no-flash --sign ${builtins.toString flashArgs}
-
-          outdir=$out/${boardid}-${fab}-${boardsku}-${boardrev}-${if fuselevel == "fuselevel_production" then "1" else "0"}-${chiprev}--
-          mkdir -p $outdir
-
-          cp -v bootloader/signed/flash.idx $outdir/
-
-          # Copy files referenced by flash.idx
-          while IFS=", " read -r partnumber partloc start_location partsize partfile partattrs partsha; do
-            if [[ "$partfile" != "" ]]; then
-              if [[ -f "bootloader/signed/$partfile" ]]; then
-                cp -v "bootloader/signed/$partfile" $outdir/
-              elif [[ -f "bootloader/$partfile" ]]; then
-                cp -v "bootloader/$partfile" $outdir/
-              else
-                echo "Unable to find $partfile"
-                exit 1
-              fi
-            fi
-          done < bootloader/signed/flash.idx
-
-          rm -rf bootloader/signed
-        '')
-        cfg.firmware.variants;
-    });
+  # Generate signed firmware
+  signedFirmware = runCommand "signed-${hostName}-${l4tVersion}" {
+    inherit (cfg.firmware.secureBoot) requiredSystemFeatures;
+  } (mkFlashScript nvidia-jetpack.flash-tools {
+    # kernel = kernel;
+    flashCommands = ''
+      ${cfg.firmware.secureBoot.preSignCommands buildPackages}
+    '' + lib.concatMapStringsSep "\n" (v: with v; ''
+      BOARDID=${boardid} BOARDSKU=${boardsku} FAB=${fab} BOARDREV=${boardrev} FUSELEVEL=${fuselevel} CHIPREV=${chiprev} ${lib.optionalString (chipsku != null) "CHIP_SKU=${chipsku}"} ${lib.optionalString (ramcode != null) "RAMCODE=${ramcode}"} ./flash.sh ${lib.optionalString (partitionTemplate != null) "-c flash.xml"} --no-root-check --no-flash --sign ${builtins.toString flashArgs}
+
+      outdir=$out/${boardid}-${fab}-${boardsku}-${boardrev}-${if fuselevel == "fuselevel_production" then "1" else "0"}-${chiprev}
+      mkdir -p $outdir
+
+      cp -v bootloader/signed/flash.idx $outdir/
+
+      # Copy files referenced by flash.idx
+      while IFS=", " read -r _ _ _ _ partfile _ _; do
+        if [[ "$partfile" != "" ]]; then
+          if [[ -f "bootloader/signed/$partfile" ]]; then
+            cp -v "bootloader/signed/$partfile" $outdir/
+          elif [[ -f "bootloader/$partfile" ]]; then
+            cp -v "bootloader/$partfile" $outdir/
+          else
+            echo "Unable to find $partfile"
+            exit 1
+          fi
+        fi
+      done < bootloader/signed/flash.idx
+
+      rm -rf bootloader/signed
+    '') cfg.firmware.variants;
+  });
+
+  # Generate initrd flash script
+  initrdFlashScript = writeShellApplication {
+    name = "initrd-flash-${hostName}";
+    text = ''
+      ${mkRcmBootScript {
+        # kernel = kernel;
+        kernelPath = "${config.system.build.kernel}/${config.system.boot.loader.kernelFile}";
+        initrdPath = let
+          signedFirmwareInitrd = makeInitrd {
+            contents = [{ object = signedFirmware; symlink = "/signed-firmware"; }];
+          };
+        in
+          runCommand "combined-initrd" { } ''
+            cat ${flashInitrd}/initrd ${signedFirmwareInitrd}/initrd > $out
+          '';
+        kernelCmdline = "initrd=initrd console=ttyTCU0,115200";
+      }}
+      echo
+      echo "Jetson device should now be flashing and will reboot when complete."
+      echo "You may watch the progress of this on the device's serial port"
+      echo "#######################################################################"
+      echo "Kernel: ${config.boot.kernelPackages.kernel}"
+      echo "#######################################################################"
+    '';
+    meta.platforms = [ "x86_64-linux" ];
+  };
 
+  # Generate fuse script
   fuseScript = writeShellApplication {
     name = "fuse-${hostName}";
-    text = import ./flash-script.nix {
+    text = (import ./flash-script.nix) {
       inherit lib;
       inherit (nvidia-jetpack) flash-tools;
       flashCommands = ''
         ./odmfuse.sh -i ${chipId} "$@" ${builtins.toString fuseArgs}
       '';
-
-      # Fuse script needs device tree files, which aren't already present for
-      # non-devkit boards, so we need to get our built version of them
       dtbsDir = config.hardware.deviceTree.package;
     };
     meta.platforms = [ "x86_64-linux" ];
   };
+
 in
 {
   inherit
@@ -205,6 +190,5 @@ in
     mkFlashScriptAuto
     mkRcmBootScript
     rcmBoot
-    signedFirmware
-    ;
+    signedFirmware;
 }

device-pkgs/flash-script.nix

@@ -16,8 +16,11 @@
   eksFile ? null
 , # Additional DTB overlays to use during device flashing
   additionalDtbOverlays ? [ ]
+, kernel
 , flash-tools
-}:
+}@ args:
+
+# builtins.trace "flash-script args: ${builtins.toJSON (builtins.removeAttrs args ["lib" "flash-tools"])}" null
 (''
   set -euo pipefail
 
@@ -61,9 +64,15 @@
   cp ${eksFile} bootloader/eks_${socType}.img
   ''}
 
+  echo THE KERNEL IS ${kernel}
+  cp ${kernel}/Image  bootloader/Image
+  cp ${kernel}/Image  kernel/Image
+
   ${preFlashCommands}
 
   chmod -R u+w .
+  chmod a-w bootloader/Image
+  chmod a-w kernel/Image
 
 '' + (if (flashCommands != "") then ''
   ${flashCommands}