# # Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved. # # SPDX-License-Identifier: BSD-3-Clause # include common/fdt_wrappers.mk ifeq (${ARCH},aarch32) ifeq (${AARCH32_SP},none) $(error Variable AARCH32_SP has to be set for AArch32) endif endif ifeq (${ARCH}, aarch64) # On ARM standard platorms, the TSP can execute from Trusted SRAM, Trusted # DRAM (if available) or the TZC secured area of DRAM. # TZC secured DRAM is the default. ARM_TSP_RAM_LOCATION ?= dram ifeq (${ARM_TSP_RAM_LOCATION}, tsram) ARM_TSP_RAM_LOCATION_ID = ARM_TRUSTED_SRAM_ID else ifeq (${ARM_TSP_RAM_LOCATION}, tdram) ARM_TSP_RAM_LOCATION_ID = ARM_TRUSTED_DRAM_ID else ifeq (${ARM_TSP_RAM_LOCATION}, dram) ARM_TSP_RAM_LOCATION_ID = ARM_DRAM_ID else $(error Unsupported ARM_TSP_RAM_LOCATION value) endif # Process flags # Process ARM_BL31_IN_DRAM flag ARM_BL31_IN_DRAM := 0 $(eval $(call assert_boolean,ARM_BL31_IN_DRAM)) $(eval $(call add_define,ARM_BL31_IN_DRAM)) else ARM_TSP_RAM_LOCATION_ID = ARM_TRUSTED_SRAM_ID endif $(eval $(call add_define,ARM_TSP_RAM_LOCATION_ID)) # For the original power-state parameter format, the State-ID can be encoded # according to the recommended encoding or zero. This flag determines which # State-ID encoding to be parsed. ARM_RECOM_STATE_ID_ENC := 0 # If the PSCI_EXTENDED_STATE_ID is set, then ARM_RECOM_STATE_ID_ENC need to # be set. Else throw a build error. ifeq (${PSCI_EXTENDED_STATE_ID}, 1) ifeq (${ARM_RECOM_STATE_ID_ENC}, 0) $(error Build option ARM_RECOM_STATE_ID_ENC needs to be set if \ PSCI_EXTENDED_STATE_ID is set for ARM platforms) endif endif # Process ARM_RECOM_STATE_ID_ENC flag $(eval $(call assert_boolean,ARM_RECOM_STATE_ID_ENC)) $(eval $(call add_define,ARM_RECOM_STATE_ID_ENC)) # Process ARM_DISABLE_TRUSTED_WDOG flag # By default, Trusted Watchdog is always enabled unless # SPIN_ON_BL1_EXIT or ENABLE_RME is set ARM_DISABLE_TRUSTED_WDOG := 0 ifneq ($(filter 1,${SPIN_ON_BL1_EXIT} ${ENABLE_RME}),) ARM_DISABLE_TRUSTED_WDOG := 1 endif $(eval $(call assert_boolean,ARM_DISABLE_TRUSTED_WDOG)) $(eval $(call add_define,ARM_DISABLE_TRUSTED_WDOG)) # Process ARM_CONFIG_CNTACR ARM_CONFIG_CNTACR := 1 $(eval $(call assert_boolean,ARM_CONFIG_CNTACR)) $(eval $(call add_define,ARM_CONFIG_CNTACR)) # Process ARM_BL31_IN_DRAM flag ARM_BL31_IN_DRAM := 0 $(eval $(call assert_boolean,ARM_BL31_IN_DRAM)) $(eval $(call add_define,ARM_BL31_IN_DRAM)) # As per CCA security model, all root firmware must execute from on-chip secure # memory. This means we must not run BL31 from TZC-protected DRAM. ifeq (${ARM_BL31_IN_DRAM},1) ifeq (${ENABLE_RME},1) $(error BL31 must not run from DRAM on RME-systems. Please set ARM_BL31_IN_DRAM to 0) endif endif # Process ARM_PLAT_MT flag ARM_PLAT_MT := 0 $(eval $(call assert_boolean,ARM_PLAT_MT)) $(eval $(call add_define,ARM_PLAT_MT)) # Use translation tables library v2 by default ARM_XLAT_TABLES_LIB_V1 := 0 $(eval $(call assert_boolean,ARM_XLAT_TABLES_LIB_V1)) $(eval $(call add_define,ARM_XLAT_TABLES_LIB_V1)) # Don't have the Linux kernel as a BL33 image by default ARM_LINUX_KERNEL_AS_BL33 := 0 $(eval $(call assert_boolean,ARM_LINUX_KERNEL_AS_BL33)) $(eval $(call add_define,ARM_LINUX_KERNEL_AS_BL33)) ifeq (${ARM_LINUX_KERNEL_AS_BL33},1) ifneq (${ARCH},aarch64) ifneq (${RESET_TO_SP_MIN},1) $(error ARM_LINUX_KERNEL_AS_BL33 is only available if RESET_TO_SP_MIN=1.) endif endif ifndef PRELOADED_BL33_BASE $(error PRELOADED_BL33_BASE must be set if ARM_LINUX_KERNEL_AS_BL33 is used.) endif ifeq (${RESET_TO_BL31},1) ifndef ARM_PRELOADED_DTB_BASE $(error ARM_PRELOADED_DTB_BASE must be set if ARM_LINUX_KERNEL_AS_BL33 is used with RESET_TO_BL31.) endif $(eval $(call add_define,ARM_PRELOADED_DTB_BASE)) endif endif # Add the build options to pack Trusted OS Extra1 and Trusted OS Extra2 images # in the FIP if the platform requires. ifneq ($(BL32_EXTRA1),) $(eval $(call TOOL_ADD_IMG,bl32_extra1,--tos-fw-extra1)) endif ifneq ($(BL32_EXTRA2),) $(eval $(call TOOL_ADD_IMG,bl32_extra2,--tos-fw-extra2)) endif # Enable PSCI_STAT_COUNT/RESIDENCY APIs on ARM platforms ENABLE_PSCI_STAT := 1 ENABLE_PMF := 1 # Override the standard libc with optimised libc_asm OVERRIDE_LIBC := 1 ifeq (${OVERRIDE_LIBC},1) include lib/libc/libc_asm.mk endif # On ARM platforms, separate the code and read-only data sections to allow # mapping the former as executable and the latter as execute-never. SEPARATE_CODE_AND_RODATA := 1 # On ARM platforms, disable SEPARATE_NOBITS_REGION by default. Both PROGBITS # and NOBITS sections of BL31 image are adjacent to each other and loaded # into Trusted SRAM. SEPARATE_NOBITS_REGION := 0 # In order to support SEPARATE_NOBITS_REGION for Arm platforms, we need to load # BL31 PROGBITS into secure DRAM space and BL31 NOBITS into SRAM. Hence mandate # the build to require that ARM_BL31_IN_DRAM is enabled as well. ifeq ($(SEPARATE_NOBITS_REGION),1) ifneq ($(ARM_BL31_IN_DRAM),1) $(error For SEPARATE_NOBITS_REGION, ARM_BL31_IN_DRAM must be enabled) endif ifneq ($(RECLAIM_INIT_CODE),0) $(error For SEPARATE_NOBITS_REGION, RECLAIM_INIT_CODE cannot be supported) endif endif # Enable PIE support for RESET_TO_BL31/RESET_TO_SP_MIN case ifneq ($(filter 1,${RESET_TO_BL31} ${RESET_TO_SP_MIN}),) ENABLE_PIE := 1 endif # On Arm platform, disable ARM_FW_CONFIG_LOAD_ENABLE by default. ARM_FW_CONFIG_LOAD_ENABLE := 0 $(eval $(call assert_boolean,ARM_FW_CONFIG_LOAD_ENABLE)) $(eval $(call add_define,ARM_FW_CONFIG_LOAD_ENABLE)) # In order to enable ARM_FW_CONFIG_LOAD_ENABLE for the Arm platform, the # platform should be reset to BL2 (RESET_TO_BL2=1), and FW_CONFIG must be # specified. ifeq (${ARM_FW_CONFIG_LOAD_ENABLE},1) ifneq (${RESET_TO_BL2},1) $(error RESET_TO_BL2 must be enabled when ARM_FW_CONFIG_LOAD_ENABLE \ is enabled) endif ifeq (${FW_CONFIG},) $(error FW_CONFIG must be specified when ARM_FW_CONFIG_LOAD_ENABLE \ is enabled) endif endif # Disable GPT parser support, use FIP image by default ARM_GPT_SUPPORT := 0 $(eval $(call assert_boolean,ARM_GPT_SUPPORT)) $(eval $(call add_define,ARM_GPT_SUPPORT)) # Include necessary sources to parse GPT image ifeq (${ARM_GPT_SUPPORT}, 1) BL2_SOURCES += drivers/partition/gpt.c \ drivers/partition/partition.c endif # Enable CRC instructions via extension for ARMv8-A CPUs. # For ARMv8.1-A, and onwards CRC instructions are default enabled. # Enable HW computed CRC support unconditionally in BL2 component. ifeq (${ARM_ARCH_MAJOR},8) ifeq (${ARM_ARCH_MINOR},0) BL2_CPPFLAGS += -march=armv8-a+crc endif endif ifeq ($(PSA_FWU_SUPPORT),1) # GPT support is recommended as per PSA FWU specification hence # PSA FWU implementation is tightly coupled with GPT support, # and it does not support other formats. ifneq ($(ARM_GPT_SUPPORT),1) $(error For PSA_FWU_SUPPORT, ARM_GPT_SUPPORT must be enabled) endif FWU_MK := drivers/fwu/fwu.mk $(info Including ${FWU_MK}) include ${FWU_MK} endif ifeq (${ARCH}, aarch64) PLAT_INCLUDES += -Iinclude/plat/arm/common/aarch64 endif PLAT_BL_COMMON_SOURCES += plat/arm/common/${ARCH}/arm_helpers.S \ plat/arm/common/arm_common.c \ plat/arm/common/arm_console.c ifeq (${ARM_XLAT_TABLES_LIB_V1}, 1) PLAT_BL_COMMON_SOURCES += lib/xlat_tables/xlat_tables_common.c \ lib/xlat_tables/${ARCH}/xlat_tables.c else ifeq (${XLAT_MPU_LIB_V1}, 1) include lib/xlat_mpu/xlat_mpu.mk PLAT_BL_COMMON_SOURCES += ${XLAT_MPU_LIB_V1_SRCS} else include lib/xlat_tables_v2/xlat_tables.mk PLAT_BL_COMMON_SOURCES += ${XLAT_TABLES_LIB_SRCS} endif endif ARM_IO_SOURCES += plat/arm/common/arm_io_storage.c \ plat/arm/common/fconf/arm_fconf_io.c ifeq (${SPD},spmd) ifeq (${BL2_ENABLE_SP_LOAD},1) ARM_IO_SOURCES += plat/arm/common/fconf/arm_fconf_sp.c endif endif BL1_SOURCES += drivers/io/io_fip.c \ drivers/io/io_memmap.c \ drivers/io/io_storage.c \ plat/arm/common/arm_bl1_setup.c \ plat/arm/common/arm_err.c \ ${ARM_IO_SOURCES} ifdef EL3_PAYLOAD_BASE # Need the plat_arm_program_trusted_mailbox() function to release secondary CPUs from # their holding pen BL1_SOURCES += plat/arm/common/arm_pm.c endif BL2_SOURCES += drivers/delay_timer/delay_timer.c \ drivers/delay_timer/generic_delay_timer.c \ drivers/io/io_fip.c \ drivers/io/io_memmap.c \ drivers/io/io_storage.c \ plat/arm/common/arm_bl2_setup.c \ plat/arm/common/arm_err.c \ common/tf_crc32.c \ ${ARM_IO_SOURCES} # Firmware Configuration Framework sources include lib/fconf/fconf.mk BL1_SOURCES += ${FCONF_SOURCES} ${FCONF_DYN_SOURCES} BL2_SOURCES += ${FCONF_SOURCES} ${FCONF_DYN_SOURCES} # Add `libfdt` and Arm common helpers required for Dynamic Config include lib/libfdt/libfdt.mk DYN_CFG_SOURCES += plat/arm/common/arm_dyn_cfg.c \ plat/arm/common/arm_dyn_cfg_helpers.c \ common/uuid.c DYN_CFG_SOURCES += ${FDT_WRAPPERS_SOURCES} BL1_SOURCES += ${DYN_CFG_SOURCES} BL2_SOURCES += ${DYN_CFG_SOURCES} ifeq (${RESET_TO_BL2},1) BL2_SOURCES += plat/arm/common/arm_bl2_el3_setup.c endif # Because BL1/BL2 execute in AArch64 mode but BL32 in AArch32 we need to use # the AArch32 descriptors. ifeq (${JUNO_AARCH32_EL3_RUNTIME},1) BL2_SOURCES += plat/arm/common/aarch32/arm_bl2_mem_params_desc.c else ifeq ($(filter $(PLAT), corstone1000 rd1ae),) BL2_SOURCES += plat/arm/common/${ARCH}/arm_bl2_mem_params_desc.c endif endif BL2_SOURCES += plat/arm/common/arm_image_load.c \ common/desc_image_load.c ifeq (${SPD},opteed) BL2_SOURCES += lib/optee/optee_utils.c endif BL2U_SOURCES += drivers/delay_timer/delay_timer.c \ drivers/delay_timer/generic_delay_timer.c \ plat/arm/common/arm_bl2u_setup.c BL31_SOURCES += plat/arm/common/arm_bl31_setup.c \ plat/arm/common/arm_pm.c \ plat/arm/common/arm_topology.c \ plat/common/plat_psci_common.c ifeq (${TRANSFER_LIST}, 1) TRANSFER_LIST_SOURCES += plat/arm/common/arm_transfer_list.c endif ifneq ($(filter 1,${ENABLE_PMF} ${ETHOSN_NPU_DRIVER}),) ARM_SVC_HANDLER_SRCS := ifeq (${ENABLE_PMF},1) ARM_SVC_HANDLER_SRCS += lib/pmf/pmf_smc.c endif ifeq (${ETHOSN_NPU_DRIVER},1) ARM_SVC_HANDLER_SRCS += plat/arm/common/fconf/fconf_ethosn_getter.c \ drivers/delay_timer/delay_timer.c \ drivers/arm/ethosn/ethosn_smc.c ifeq (${ETHOSN_NPU_TZMP1},1) ARM_SVC_HANDLER_SRCS += drivers/arm/ethosn/ethosn_big_fw.c endif endif ifeq (${ARCH}, aarch64) BL31_SOURCES += plat/arm/common/aarch64/execution_state_switch.c\ plat/arm/common/arm_sip_svc.c \ plat/arm/common/plat_arm_sip_svc.c \ ${ARM_SVC_HANDLER_SRCS} else BL32_SOURCES += plat/arm/common/arm_sip_svc.c \ plat/arm/common/plat_arm_sip_svc.c \ ${ARM_SVC_HANDLER_SRCS} endif endif ifeq (${EL3_EXCEPTION_HANDLING},1) BL31_SOURCES += plat/common/aarch64/plat_ehf.c endif ifeq (${SDEI_SUPPORT},1) BL31_SOURCES += plat/arm/common/aarch64/arm_sdei.c ifeq (${SDEI_IN_FCONF},1) BL31_SOURCES += plat/arm/common/fconf/fconf_sdei_getter.c endif endif # RAS sources ifeq (${ENABLE_FEAT_RAS}-${HANDLE_EA_EL3_FIRST_NS},1-1) BL31_SOURCES += lib/extensions/ras/std_err_record.c \ lib/extensions/ras/ras_common.c endif # Pointer Authentication sources ifeq (${ENABLE_PAUTH}, 1) PLAT_BL_COMMON_SOURCES += plat/arm/common/aarch64/arm_pauth.c endif ifeq (${SPD},spmd) BL31_SOURCES += plat/common/plat_spmd_manifest.c \ common/uuid.c \ ${LIBFDT_SRCS} BL31_SOURCES += ${FDT_WRAPPERS_SOURCES} endif ifeq (${DRTM_SUPPORT},1) BL31_SOURCES += plat/arm/common/arm_err.c endif ifneq ($(filter 1,${MEASURED_BOOT} ${TRUSTED_BOARD_BOOT} ${DRTM_SUPPORT}),) PLAT_INCLUDES += -Iplat/arm/common \ -Iinclude/drivers/auth/mbedtls # Specify mbed TLS configuration file ifeq (${PSA_CRYPTO},1) MBEDTLS_CONFIG_FILE ?= "" else MBEDTLS_CONFIG_FILE ?= "" endif endif ifneq (${TRUSTED_BOARD_BOOT},0) # Include common TBB sources AUTH_SOURCES := drivers/auth/auth_mod.c \ drivers/auth/img_parser_mod.c # Include the selected chain of trust sources. ifeq (${COT},tbbr) BL1_SOURCES += drivers/auth/tbbr/tbbr_cot_common.c \ drivers/auth/tbbr/tbbr_cot_bl1.c ifneq (${COT_DESC_IN_DTB},0) BL2_SOURCES += lib/fconf/fconf_cot_getter.c else # Juno has its own TBBR CoT file for BL2 ifeq (${PLAT},juno) BL2_SOURCES += drivers/auth/tbbr/tbbr_cot_common.c endif endif else ifeq (${COT},dualroot) BL1_SOURCES += drivers/auth/dualroot/bl1_cot.c ifneq (${COT_DESC_IN_DTB},0) BL2_SOURCES += lib/fconf/fconf_cot_getter.c endif else ifeq (${COT},cca) BL1_SOURCES += drivers/auth/cca/bl1_cot.c ifneq (${COT_DESC_IN_DTB},0) BL2_SOURCES += lib/fconf/fconf_cot_getter.c endif else $(error Unknown chain of trust ${COT}) endif ifeq (${COT_DESC_IN_DTB},0) ifeq (${COT},dualroot) COTDTPATH := fdts/dualroot_cot_descriptors.dtsi else ifeq (${COT},cca) COTDTPATH := fdts/cca_cot_descriptors.dtsi else ifeq (${COT},tbbr) ifneq (${PLAT},juno) COTDTPATH := fdts/tbbr_cot_descriptors.dtsi endif endif endif BL1_SOURCES += ${AUTH_SOURCES} \ bl1/tbbr/tbbr_img_desc.c \ plat/arm/common/arm_bl1_fwu.c \ plat/common/tbbr/plat_tbbr.c BL2_SOURCES += ${AUTH_SOURCES} \ plat/common/tbbr/plat_tbbr.c $(eval $(call TOOL_ADD_IMG,ns_bl2u,--fwu,FWU_)) IMG_PARSER_LIB_MK := drivers/auth/mbedtls/mbedtls_x509.mk $(info Including ${IMG_PARSER_LIB_MK}) include ${IMG_PARSER_LIB_MK} endif # Include Measured Boot makefile before any Crypto library makefile. # Crypto library makefile may need default definitions of Measured Boot build # flags present in Measured Boot makefile. ifneq ($(filter 1,${MEASURED_BOOT} ${DRTM_SUPPORT}),) MEASURED_BOOT_MK := drivers/measured_boot/event_log/event_log.mk $(info Including ${MEASURED_BOOT_MK}) include ${MEASURED_BOOT_MK} ifeq (${MEASURED_BOOT},1) BL1_SOURCES += ${EVENT_LOG_SOURCES} BL2_SOURCES += ${EVENT_LOG_SOURCES} endif ifeq (${DRTM_SUPPORT},1) BL31_SOURCES += ${EVENT_LOG_SOURCES} endif endif ifneq ($(filter 1,${MEASURED_BOOT} ${TRUSTED_BOARD_BOOT} ${DRTM_SUPPORT}),) CRYPTO_SOURCES := drivers/auth/crypto_mod.c \ lib/fconf/fconf_tbbr_getter.c BL1_SOURCES += ${CRYPTO_SOURCES} BL2_SOURCES += ${CRYPTO_SOURCES} BL31_SOURCES += drivers/auth/crypto_mod.c # We expect to locate the *.mk files under the directories specified below CRYPTO_LIB_MK := drivers/auth/mbedtls/mbedtls_crypto.mk $(info Including ${CRYPTO_LIB_MK}) include ${CRYPTO_LIB_MK} endif ifeq (${RECLAIM_INIT_CODE}, 1) ifeq (${ARM_XLAT_TABLES_LIB_V1}, 1) $(error To reclaim init code xlat tables v2 must be used) endif endif ifneq ($(COTDTPATH),) cot-dt-defines = IMAGE_BL2 $(BL2_DEFINES) $(PLAT_BL_COMMON_DEFINES) cot-dt-include-dirs = $(BL2_INCLUDE_DIRS) $(PLAT_BL_COMMON_INCLUDE_DIRS) cot-dt-cpp-flags = $(cot-dt-defines:%=-D%) cot-dt-cpp-flags += $(cot-dt-include-dirs:%=-I%) cot-dt-cpp-flags += $(BL2_CPPFLAGS) $(PLAT_BL_COMMON_CPPFLAGS) cot-dt-cpp-flags += $(CPPFLAGS) $(BL_CPPFLAGS) $(TF_CFLAGS_$(ARCH)) cot-dt-cpp-flags += -c -x assembler-with-cpp -E -P -o $@ $< $(BUILD_PLAT)/$(COTDTPATH:.dtsi=.dts): $(COTDTPATH) | $$(@D)/ $(q)$($(ARCH)-cpp) $(cot-dt-cpp-flags) $(BUILD_PLAT)/$(COTDTPATH:.dtsi=.c): $(BUILD_PLAT)/$(COTDTPATH:.dtsi=.dts) | $$(@D)/ $(if $(host-poetry),$(q)poetry -q install) $(q)$(if $(host-poetry),poetry run )cot-dt2c convert-to-c $< $@ BL2_SOURCES += $(BUILD_PLAT)/$(COTDTPATH:.dtsi=.c) endif