首頁 探索 說明
登入
OWEALs
/
arm-trusted-firmware
镜像来自 https://github.com/ARM-software/arm-trusted-firmware
2
0
複刻 0
Files 問題管理 1 Wiki
目錄樹: 4ec2948fe3
分支列表 標籤列表
arm-trusted-fir...
/
plat
/
nxp
/
soc-lx2160a
/
ddr_tbbr.mk

ddr_tbbr.mk 3.8 KB
文件歷史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293 
  1. #
    2. 

  2. # Copyright 2021 NXP
    3. 

  3. #
    4. 

  4. # SPDX-License-Identifier: BSD-3-Clause
    5. 

  5. #
    6. 

  6. 

  7. # This file defines the keys and certificates that must be created to establish
    8. 

  8. # a Chain of Trust for the DDR FW. These definitions include the
    9. 

  9. # command line options passed to the cert_create and fiptool commands for DDR FW.
    10. 

  10. # A DDR FW key is used for signing the DDR Firmware. The DDR key is authenticated
    11. 

  11. # by the Trusted World Key. Two content certificates are created:
    12. 

  12. # For DDR RDIMM Images [ signed by DDR FW Key]
    13. 

  13. # For DDR UDIMM Images [ signed by DDR FW Key]
    14. 

  14. #
    15. 

  15. # Expected environment:
    16. 

  16. #
    17. 

  17. #   BUILD_PLAT: output directory
    18. 

  18. #
    19. 

  19. # Build options added by this file:
    20. 

  20. #
    21. 

  21. #   KEY_ALG
    22. 

  22. #   KEY_SIZE
    23. 

  23. #   TRUSTED_WORLD_KEY
    24. 

  24. #   NON_TRUSTED_WORLD_KEY
    25. 

  25. #
    26. 

  26. 

  27. # Copy the tbbr.mk from PLAT_TOOL_PATH/cert_create_helper
    28. 

  28. # to the ${PLAT_DIR}. So that cert_create is enabled
    29. 

  29. # to create certificates for DDR
    30. 

  30. $(shell cp ${PLAT_TOOL_PATH}/cert_create_helper/cert_create_tbbr.mk ${PLAT_DIR})
    31. 

  31. 

  32. # Certificate generation tool default parameters
    33. 

  33. DDR_FW_CERT		:=	${BUILD_PLAT}/ddr_fw_key_cert.crt
    34. 

  34. 

  35. # Default non-volatile counter values (overridable by the platform)
    36. 

  36. TFW_NVCTR_VAL		?=	0
    37. 

  37. NTFW_NVCTR_VAL		?=	0
    38. 

  38. 

  39. # Pass the non-volatile counters to the cert_create tool
    40. 

  40. $(eval $(call CERT_ADD_CMD_OPT,${TFW_NVCTR_VAL},--tfw-nvctr,DDR_))
    41. 

  41. 

  42. ifeq (${DDR_KEY},)
    43. 

  43. DDR_KEY=${BUILD_PLAT}/ddr.pem
    44. 

  44. endif
    45. 

  45. 

  46. ifeq (${TRUSTED_KEY_CERT},)
    47. 

  47. $(info Generating: Trusted key certificate as part of DDR cert creation)
    48. 

  48. TRUSTED_KEY_CERT	:=	${BUILD_PLAT}/trusted_key.crt
    49. 

  49. $(eval $(call TOOL_ADD_PAYLOAD,${TRUSTED_KEY_CERT},--trusted-key-cert,))
    50. 

  50. $(eval $(call TOOL_ADD_PAYLOAD,${TRUSTED_KEY_CERT},--trusted-key-cert,,DDR_))
    51. 

  51. else
    52. 

  52. $(info Using: Trusted key certificate as part of DDR cert creation)
    53. 

  53. DDR_FIP_ARGS += --trusted-key-cert ${TRUSTED_KEY_CERT}
    54. 

  54. endif
    55. 

  55. 

  56. # Add the keys to the cert_create command line options (private keys are NOT
    57. 

  57. # packed in the FIP). Developers can use their own keys by specifying the proper
    58. 

  58. # build option in the command line when building the Trusted Firmware
    59. 

  59. $(if ${KEY_ALG},$(eval $(call CERT_ADD_CMD_OPT,${KEY_ALG},--key-alg,DDR_)))
    60. 

  60. $(if ${KEY_SIZE},$(eval $(call CERT_ADD_CMD_OPT,${KEY_SIZE},--key-size,DDR_)))
    61. 

  61. $(if ${HASH_ALG},$(eval $(call CERT_ADD_CMD_OPT,${HASH_ALG},--hash-alg,DDR_)))
    62. 

  62. $(if ${ROT_KEY},$(eval $(call CERT_ADD_CMD_OPT,${ROT_KEY},--rot-key,DDR_)))
    63. 

  63. $(if ${TRUSTED_WORLD_KEY},$(eval $(call CERT_ADD_CMD_OPT,${TRUSTED_WORLD_KEY},--trusted-world-key,DDR_)))
    64. 

  64. $(if ${NON_TRUSTED_WORLD_KEY},$(eval $(call CERT_ADD_CMD_OPT,${NON_TRUSTED_WORLD_KEY},--non-trusted-world-key, DDR_)))
    65. 

  65. 

  66. # Add the DDR CoT (key cert + img cert)
    67. 

  67. $(if ${DDR_KEY},$(eval $(call CERT_ADD_CMD_OPT,${DDR_KEY},--ddr-fw-key,DDR_)))
    68. 

  68. $(eval $(call TOOL_ADD_PAYLOAD,${BUILD_PLAT}/ddr_fw_key.crt,--ddr-fw-key-cert,,DDR_))
    69. 

  69. $(eval $(call TOOL_ADD_PAYLOAD,${BUILD_PLAT}/ddr_udimm_fw_content.crt,--ddr-udimm-fw-cert,,DDR_))
    70. 

  70. $(eval $(call TOOL_ADD_PAYLOAD,${BUILD_PLAT}/ddr_rdimm_fw_content.crt,--ddr-rdimm-fw-cert,,DDR_))
    71. 

  71. 

  72. $(eval $(call TOOL_ADD_IMG,DDR_IMEM_UDIMM_1D,--ddr-immem-udimm-1d,DDR_))
    73. 

  73. $(eval $(call TOOL_ADD_IMG,DDR_IMEM_UDIMM_2D,--ddr-immem-udimm-2d,DDR_))
    74. 

  74. $(eval $(call TOOL_ADD_IMG,DDR_DMEM_UDIMM_1D,--ddr-dmmem-udimm-1d,DDR_))
    75. 

  75. $(eval $(call TOOL_ADD_IMG,DDR_DMEM_UDIMM_2D,--ddr-dmmem-udimm-2d,DDR_))
    76. 

  76. 

  77. $(eval $(call TOOL_ADD_IMG,DDR_IMEM_RDIMM_1D,--ddr-immem-rdimm-1d,DDR_))
    78. 

  78. $(eval $(call TOOL_ADD_IMG,DDR_IMEM_RDIMM_2D,--ddr-immem-rdimm-2d,DDR_))
    79. 

  79. $(eval $(call TOOL_ADD_IMG,DDR_DMEM_RDIMM_1D,--ddr-dmmem-rdimm-1d,DDR_))
    80. 

  80. $(eval $(call TOOL_ADD_IMG,DDR_DMEM_RDIMM_2D,--ddr-dmmem-rdimm-2d,DDR_))
    81. 

  81. 

  82. DDR_FIP_DEPS += ddr_certificates
    83. 

  83. 

  84. # Process TBB related flags
    85. 

  85. ifneq (${GENERATE_COT},0)
    86. 

  86.         # Common cert_create options
    87. 

  87.         ifneq (${CREATE_KEYS},0)
    88. 

  88.                 $(eval DDR_CRT_ARGS += -n)
    89. 

  89.                 ifneq (${SAVE_KEYS},0)
    90. 

  90.                        $(eval DDR_CRT_ARGS += -k)
    91. 

  91.                 endif
    92. 

  92.         endif
    93. 

  93. endif
    94.