svrnty/talos-rpi5
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 23 Wiki Activity
51 Commits 2 Branches 26 Tags 402 KiB
Makefile 51.1%
Shell 48.9%
3cfbe794f7
Go to file
Mathias Beaulieu-Duncan 3cfbe794f7
All checks were successful
Build Talos CM5 Image / build (push) Successful in 3m20s
Details
Fix PCIe Gen 3 on CM5: custom DT overlay for missing pciex1 alias 
The CM5 DTB (bcm2712-rpi-cm5-cm5io.dtb) lacks the pciex1 alias that
the Pi 5 DTB provides, making dtparam=pciex1_gen=3 silently fail.

Add a custom device tree overlay (pcie-gen3.dtbo) that targets
/axi/pcie@1000110000 directly to set max-link-speed = <3>. The overlay
is embedded in the SBC installer and written to /boot/EFI/overlays/
during install/upgrade.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-16 19:08:26 -05:00
.gitea/workflows Fix CI PATH: prepend GNU sed via GITHUB_PATH instead of replacing PATH 2026-02-14 10:54:34 -05:00
config Fix PCIe Gen 3 on CM5: custom DT overlay for missing pciex1 alias 2026-02-16 19:08:26 -05:00
patches Fix PCIe Gen 3 on CM5: custom DT overlay for missing pciex1 alias 2026-02-16 19:08:26 -05:00
scripts Update arm64 modules patch for Talos v1.12.4 (add ip6_gre) 2026-02-14 10:50:45 -05:00
.gitignore Initial commit: Talos CM5 builder with Gitea CI/CD 2026-02-09 17:58:17 -05:00
cosign.pub Add SBOM attestations to installer/release images, remove Scout 2026-02-13 16:48:56 -05:00
LICENSE Add LICENSE, update README, upgrade provenance to max-mode 2026-02-13 15:57:11 -05:00
Makefile Fix PCIe Gen 3 on CM5: custom DT overlay for missing pciex1 alias 2026-02-16 19:08:26 -05:00
README.md Update README: bump example tag to v1.12.4-k6.12.47-4 2026-02-16 13:51:17 -05:00
TECHNICAL.md Add GRUB bootloader patches for talosctl upgrade on RPi5/CM5 2026-02-13 19:20:18 -05:00

README.md

Talos CM5 Builder

Custom Talos Linux images for Raspberry Pi 5 / CM5 on Compute Blade hardware.

Docker Hub Docker Pulls Docker Image Size

The official Talos Image Factory does not support CM5 — the mainline kernel lacks CM5 device trees and RP1 driver support. This builder uses the RPi downstream kernel (via talos-rpi5/talos-builder patches) to produce working CM5 images with our extensions and overclock config.

Current versions

Component Version
Talos Linux Talos version
RPi Kernel Kernel version
iscsi-tools iscsi-tools version
util-linux-tools util-linux-tools version

Image tags

Release images are published to docker.io/svrnty/talos-rpi5 with the format:

v<talos>-k<kernel>-<revision>

For example: v1.12.4-k6.12.47-4

Segment Meaning
v1.12.4 Upstream Talos Linux version
k6.12.47 RPi downstream kernel version
3 Build revision (bumped for config/patch changes on the same upstream versions)

Usage

Install from raw disk image

Download metal-arm64.raw.zst from the latest release and flash to eMMC:

zstd -d metal-arm64.raw.zst -o metal-arm64.raw
# Flash to eMMC/SD via your preferred tool (dd, balenaEtcher, etc.)

Upgrade an existing node

talosctl upgrade --image docker.io/svrnty/talos-rpi5:v1.12.4-k6.12.47-4 --nodes <node-ip>

In-place upgrades are fully supported. The image includes patches to force GRUB with --no-nvram on arm64 (working around the RPi5/CM5 SetVariableRT firmware limitation) and to handle the SBC EFI-only disk layout (no separate BOOT partition).

What's included

  • RPi downstream kernel with CM5/RP1 support (4K page size, aligned with upstream Talos)
  • GRUB bootloader with --no-nvram for reliable talosctl upgrade on RPi5/CM5
  • SBC EFI-only boot layout support (probe, install, revert all fall back to EFI partition when BOOT partition is absent)
  • Fallback to classic bind mounts on kernels without open_tree support (Linux <6.15)
  • Overclock: 2.6GHz (arm_freq=2600, over_voltage_delta=50000, arm_boost=1)
  • Extensions: iscsi-tools, util-linux-tools

Known issues

No serial console output after boot (Fixed)

The overlay was using console=ttyAMA0 (GPIO 14/15 UART) but the RPi5/CM5 debug UART is ttyAMA10. Fixed by switching to console=ttyAMA10,115200 and adding earlycon=pl011,0x107d001000,115200n8 for early boot output. Also added [pi5] enable_uart=0 to config.txt to match upstream and avoid U-Boot compatibility issues.

Upstream: talos-builder#4

Install disk config ignored on SBCs

Talos ignores the machine.install.disk config field on SBC platforms. You must flash the disk image directly to your target disk (eMMC, SD, NVMe). For NVMe boot, dd the metal image to the NVMe drive and configure the EEPROM boot order (BOOT_ORDER=0xf416, PCIE_PROBE=1).

Upstream: talos-builder#22

Patches

Patch Target Description
0001 (pkgs) Kernel RPi downstream kernel 6.12.x with CM5/RP1 device tree and driver support
0001 (talos) Modules arm64 kernel module list for RPi downstream kernel
0002 (talos) GRUB --no-nvram for grub-install on arm64 (U-Boot lacks EFI SetVariable)
0003 (talos) Bootloader Force GRUB over sd-boot on arm64 (sd-boot crashes without EFI runtime)
0004 (talos) Runtime Fallback to classic bind mounts on kernels without open_tree (Linux <6.15)
0005 (talos) GRUB Handle missing BOOT partition for SBC EFI-only disk layouts
0001 (overlay) Toolchain Bump Go to 1.24.13 (CVE fix)
0002 (overlay) Console Fix serial console for RPi5/CM5 debug UART (ttyAMA10)

Roadmap

This project targets production-ready Talos clusters on RPi5/CM5 hardware.

Status Milestone Description
Tested 4K page size Aligned with upstream Talos kernel config. Reduces memory overhead and improves workload compatibility (Longhorn, jemalloc, F2FS, etc.).
Tested Reliable in-place upgrades Force GRUB bootloader with --no-nvram on arm64, handle SBC EFI-only disk layout. Verified end-to-end with talosctl upgrade.
Tested Kernel <6.15 compatibility Unconditional open_tree capability check — falls back to classic bind mounts on RPi downstream kernel 6.12.x.
Untested Serial console fix Use correct debug UART (ttyAMA10) with earlycon for early boot output.
Tested NVMe boot support dd image to NVMe + set EEPROM BOOT_ORDER=0xf416 and PCIE_PROBE=1. Verified on 1TB Kingston NVMe on Compute Blade.

NVMe boot

The kernel has NVMe built-in (CONFIG_BLK_DEV_NVME=y), so booting from NVMe should work by flashing the disk image directly and configuring the RPi5/CM5 EEPROM.

1. Flash the image to NVMe

Connect the NVMe drive via a USB adapter and flash:

zstd -d metal-arm64.raw.zst | sudo dd of=/dev/<nvme-device> bs=4M status=progress
sync

2. Configure EEPROM boot order

Use rpiboot to update the CM5 EEPROM. Clone the usbboot repo and edit the boot config:

git clone --depth=1 https://github.com/raspberrypi/usbboot
cd usbboot && make
# Edit the EEPROM config for CM5
cp recovery/boot.conf recovery/boot.conf.bak

Add or update these values in recovery/boot.conf:

BOOT_ORDER=0xf416
PCIE_PROBE=1

Then flash via USB with the CM5 in USB boot mode (hold nRPIBOOT or disable eMMC boot on your carrier board):

sudo ./rpiboot -d recovery

BOOT_ORDER is read right-to-left: try NVMe (6) first, then SD (1), then USB (4), then restart (f). PCIE_PROBE=1 is required for non-HAT+ NVMe adapters (Compute Blade, most M.2 carrier boards).

3. Boot from NVMe

Power on. The RPi firmware should find the boot partition on NVMe, load U-Boot, and boot Talos.

Optional: enable PCIe Gen 3

Add to your configTxtAppend overlay option or directly to config.txt on the boot partition:

dtparam=pciex1_gen=3

This doubles throughput (~400 MB/s Gen 2 to ~800 MB/s Gen 3). Not officially certified by Raspberry Pi but works on most NVMe drives.

Building

For local builds, CI/CD setup, runner configuration, and project structure, see TECHNICAL.md.

License

This project is licensed under the Mozilla Public License 2.0.

It builds upon the following MPL 2.0 licensed upstream projects:

Our patches to these projects are in the patches/ directory and are distributed under the same MPL 2.0 terms.