The following build system variables have been renamed:
- `LINKERFILE` -> `DEFAULT_LINKER_SCRIPT`
- `BL_LINKERFILE` -> `DEFAULT_LINKER_SCRIPT_SOURCE`
- `<IMAGE>_LINKERFILE` -> `<IMAGE>_DEFAULT_LINKER_SCRIPT_SOURCE`
These new names better reflect how each variable is used:
1. the default linker script is passed via `-dT` instead of `-T`
2. linker script source files are first preprocessed
Additionally, linker scripts are now placed in the build directory
relative to where they exist in the source directory. For example,
the `bl32/sp_min/sp_min.ld.S` would now preprocess to
`sp_min/sp_min.ld` instead of just `bl32.ld`
BREAKING-CHANGE: The `LINKERFILE`, `BL_LINKERFILE` and
`<IMAGE_LINKERFILE>` build system variables have been renamed. See the
commit message for more information.
Change-Id: If8cef65dcb8820e8993736702c8741e97a66e6cc
Signed-off-by: Chris Kay <chris.kay@arm.com>
When updated to work with OpenSSL 3.0, the host tools lost their
compatibility with previous versions (1.x) of OpenSSL. This is
mainly due to the fact that 1.x APIs became deprecated in 3.0 and
therefore their use cause compiling errors. In addition, updating
for a newer version of OpenSSL meant improving the stability
against security threats. However, although version 1.1.1 is
now deprecated, it still receives security updates, so it would
not imply major security issues to keep compatibility with it too.
This patch adds backwards compatibility with OpenSSL 1.x versions
by adding back 1.x API code. It defines a macro USING_OPENSSL3,
which will select the appropriate OpenSSL API version depending on
the OpenSSL library path chosen (which is determined by the
already-existing OPENSSL_DIR variable).
In addition, cleanup items were packed in functions and moved to
the proper modules in order to make the code more maintainable and
legible.
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: I8deceb5e419edc73277792861882404790ccd33c
Adding interface for stand-alone semantic version of TF-A
for exporting to RSS attestation, and potentially other areas
as well.
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: Ib4a2c47aa1e42a3b850185e674c90708a05cda53
Introduce EXTRA_LINKERFILE for GCC linker options. GCC linker
can realize multiple linker scripts, and vendors can extend ro or
text sections by inserting sections among the original sections
specified by blx.ld.S.
Vendors can assign compiled object files by assigning MODULE_OBJS
with their own built path.
Signed-off-by: Leon Chen <leon.chen@mediatek.com>
Change-Id: I1bd2e0383a52204723816131da4b7948def4c4e9
The current Makefile assumes all TF-A binaries
have BL prefixes (BL1, BL2, etc). Now that we
have other binary names with FEAT_RME feature, remove
this assumption. With this change, we need to pass
the full name of a binary when using build macros.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I44e094b2366aa526f807d92dffa709390d14d145
Currently ${FIP_DEPS} as prerequisite for ${BUILD_PLAT}/${FIP_NAME}
contains .PHONY targets check_$(1) and therefore ${BUILD_PLAT}/${FIP_NAME}
is always rebuilt even when other file target prerequisites are not
changed.
These changes fix above issue and ${BUILD_PLAT}/${FIP_NAME} target is
rebuilt only when its prerequisites are changed.
There are 3 changes:
Content of check_$(1) target is moved into check_$(1)_cmd variable so it
can be easily reused.
.PHONY check_$(1) targets are not put into ${FIP_DEPS} and ${FWU_FIP_DEPS}
dependencies anymore and required checks which are in ${CHECK_FIP_CMD} and
${CHECK_FWU_FIP_CMD} variables are executed as part of targets
${BUILD_PLAT}/${FIP_NAME} and ${BUILD_PLAT}/${FWU_FIP_NAME} itself.
To ensure that ${BUILD_PLAT}/${FIP_NAME} and ${BUILD_PLAT}/${FWU_FIP_NAME}
are rebuilt even when additional dependency file image added by
TOOL_ADD_IMG is changed, this file image (if exists) is added as file
dependency to ${FIP_DEPS} and ${FWU_FIP_DEPS}. If it does not exist then
FORCE target is added to ensure that FIP/FWU_FIP is rebuilt. Command
${CHECK_FIP_CMD}/${CHECK_FWU_FIP_CMD} will then thrown an error message if
the file is required but not present.
So this change ensures that if BL33 image is updated then final FIP image
is updated too. And if BL33 image is not specified or does not exist and is
required to be present then check_$(1)_cmd call from ${CHECK_FIP_CMD} would
ensure that error message is thrown during build.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I635cf82e2b667ff57e2af83500d4aca71d235e3e
Loop macros make it easier for developers to include new variables to
assert or define and also help code code readability on makefiles.
Change-Id: I0d21d6e67b3eca8976c4d856ac8ccc02c8bb5ffa
Signed-off-by: Leonardo Sandoval <leonardo.sandoval@linaro.org>
Currently, BL*_CFLAGS and BL*_LDFLAGS are supported.
For completion, this adds BL*_CPPFLAGS and BL*_ASFLAGS.
My main motivation is to pass -D<macro> to BL*_CPPFLAGS so that
the macro can be used from all source files.
Change-Id: I0ca1e4e26386bef7fed999af140ee7cce7c2f8ef
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Following build flags have been added to support optional firmware
encryption:
- FW_ENC_STATUS: Top level firmware's encryption numeric flag, values:
0: Encryption is done with Secret Symmetric Key (SSK) which is
common for a class of devices.
1: Encryption is done with Binding Secret Symmetric Key (BSSK) which
is unique per device.
- ENC_KEY: A 32-byte (256-bit) symmetric key in hex string format. It
could be SSK or BSSK depending on FW_ENC_STATUS flag.
- ENC_NONCE: A 12-byte (96-bit) encryption nonce or Initialization Vector
(IV) in hex string format.
- ENCRYPT_BL31: Binary flag to enable encryption of BL31 firmware.
- ENCRYPT_BL32: Binary flag to enable encryption of Secure BL32 payload.
Similar flags can be added to encrypt other firmwares as well depending
on use-cases.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Change-Id: I94374d6830ad5908df557f63823e58383d8ad670
The MAKE_BL macro is invoked for 1, 2, 2u, 31, 32.
Fix the comments.
Change-Id: I35dd25cc2ea13885c184fb9c8229a322b33f7e71
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Add `CREATE_SEQ` function to generate sequence of numbers starting from
1 to allow easy comparison of a user defined macro with non-zero
positive numbers.
Change-Id: Ibcb336a223d958154b1007d08c428fbaf1e48664
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
make_helpers/build_macros.mk supports per-BL CFLAGS. For example,
you can pass compiler flags only to BL31 by using BL31_CFLAGS.
This commit adds per-BL LDFLAGS support, which is useful as well.
My main motivation of this addition is to use it for ENABLE_PIE.
When ENABLE_PIE is enabled, some linker flags are added to TF_LDFLAGS,
which affects all the TF images. It will make more sense to pass the
relevant options only to BL images that support it.
Change-Id: I203acaab0091db5ae0ea6e66460ee7dc8d9c4d75
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Using the /include/ syntax, the include was evaluated by dtc, only after running
the preprocessor, therefore the .dtsi files were not preprocessed. This patch
adds the #include syntax instead. Evaluating this and preprocessing the files
now happens in a single step, done by the C preprocessor.
Change-Id: I6d0104b6274316fc736e84973502a4d6c2c9d6e0
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
This patch enables LTO for TF-A when compiled with GCC.
LTO is disabled by default and is enabled by
ENABLE_LTO=1 build option.
LTO is enabled only for aarch64 as there seem to be
a bug in the aarch32 compiler when LTO is enabled.
The changes in the makefiles include:
- Adding -flto and associated flags to enable LTO.
- Using gcc as a wrapper at link time instead of ld.
This is recommended when using LTO as gcc internally
takes care of invoking the necessary plugins for LTO.
- Adding switches to pass options to ld.
- Adding a flag to disable fix for erratum cortex-a53-843419
unless explicitly enabled. This is needed because GCC
seem to automatically add the erratum fix when used
as a wrapper for LD.
Additionally, this patch updates the TF-A user guide with
the new build option.
Signed-off-by: zelalem-aweke <zelalem.aweke@arm.com>
Change-Id: I1188c11974da98434b7dc9344e058cd1eacf5468
NOTE: AARCH32/AARCH64 macros are now deprecated in favor of __aarch64__.
All common C compilers pre-define the same macros to signal which
architecture the code is being compiled for: __arm__ for AArch32 (or
earlier versions) and __aarch64__ for AArch64. There's no need for TF-A
to define its own custom macros for this. In order to unify code with
the export headers (which use __aarch64__ to avoid another dependency),
let's deprecate the AARCH32 and AARCH64 macros and switch the code base
over to the pre-defined standard macro. (Since it is somewhat
unintuitive that __arm__ only means AArch32, let's standardize on only
using __aarch64__.)
Change-Id: Ic77de4b052297d77f38fc95f95f65a8ee70cf200
Signed-off-by: Julius Werner <jwerner@chromium.org>
NOTE: __ASSEMBLY__ macro is now deprecated in favor of __ASSEMBLER__.
All common C compilers predefine a macro called __ASSEMBLER__ when
preprocessing a .S file. There is no reason for TF-A to define it's own
__ASSEMBLY__ macro for this purpose instead. To unify code with the
export headers (which use __ASSEMBLER__ to avoid one extra dependency),
let's deprecate __ASSEMBLY__ and switch the code base over to the
predefined standard.
Change-Id: Id7d0ec8cf330195da80499c68562b65cb5ab7417
Signed-off-by: Julius Werner <jwerner@chromium.org>
On certain platforms it does not make sense to generate
TF-A binary images. For example a platform could make use of serveral
memory areas, which are non-continuous and the resulting binary
therefore would suffer from the padding-bytes.
Typically these platforms use the ELF image.
This patch introduces a variable DISABLE_BIN_GENERATION, which
can be set to '1' in the platform makefile to prevent the binary
generation.
Signed-off-by: Christoph Müllner <christophm30@gmail.com>
Change-Id: I62948e88bab685bb055fe6167d9660d14e604462
This patch provides support for using the scatterfile format as
the linker script with the 'armlink' linker for Tegra platforms.
In order to enable the scatterfile usage the following changes
have been made:
* provide mapping for ld.S symbols in bl_common.h
* include bl_common.h from all the affected files
* update the makefile rules to use the scatterfile and armlink
to compile BL31
* update pubsub.h to add sections to the scatterfile
NOTE: THIS CHANGE HAS BEEN VERIFIED WITH TEGRA PLATFORMS ONLY.
Change-Id: I7bb78b991c97d74a842e5635c74cb0b18e0fce67
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Now that setjmp() and longjmp() are compliant with the standard they can
be moved with the other libc files.
Change-Id: Iea3b91c34eb353ace5e171e72f331602d57774d5
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Following changes are done to make DT pre-processing similar to that of
U-boot/Linux kernel.
1. Creating seperate CPPFLAGS for DT preprocessing so that compiler
options specific to it can be accommodated.
e.g: "-undef" compiler option avoids replacing "linux" string(used in
device trees) with "1" as "linux" is a pre-defined macro in gnu99
standard.
2. Replace CPP with PP for DT pre-processing, as CPP in U-boot/Linux is
exported as "${CROSS_COMPILE}gcc -E" while in TF-A it is exported as
"${CROSS_COMPILE}cpp".
Change-Id: If4c61a249d51614d9f53ae30b602036d50c02349
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
With this patch, each BL image can have its own compiler flags.
Change-Id: Ic9075a20bc6f6dc8a277587b9bee5e062306c090
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
This change allows patching of functions in the
romlib. This can be done by adding "patch" at the
end of the jump table entry for the function that
needs to be patched in the file jmptbl.i.
Functions patched in the jump table list will be
built as part of the BL image and the romlib
version will not be used
Change-Id: Iefb200cb86e2a4b61ad3ee6180d3ecc39bad537f
Signed-off-by: Sathees Balya <sathees.balya@arm.com>
"-s" is a command line option to the make tool, to suppress normal output,
something to the effect of prepending every line with '@' in the Makefile.
However with our V={0|1} support, we now print the shortened command line
output in any case (even with V=1, in addition to the long line!).
Normally -s helps to not miss non-fatal warnings, which tend to scroll out
of the window easily.
Introduce a new Makefile variable ECHO, to control the shortened output.
We only set it in the (current default) V=0 case, and replace every
occurence of "@echo" with that variable.
When the user specifies "-s", we set ECHO to some magic string which
changes the output line into a comment, so the output is suppressed.
Beside suppressing every output for "-s", we also avoid the redundant
short output when compiling with V=1.
This changes the output to:
==========
$ make -s PLAT=.... bl31
Built build/.../release/bl31.bin
==========
$ make PLAT=.... bl31
...
CC lib/libc/strncmp.c
CC lib/libc/strnlen.c
...
==========
$ make V=1 PLAT=.... bl31
...
gcc -DDEBUG=0 .... -o build/.../release/libc/strncmp.o
gcc -DDEBUG=0 .... -o build/.../release/libc/strnlen.o
...
==========
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Fixes the dependencies issue for DTB image build.
Use -MT $(DTBS) -MMD -MF $(DTSDEP) to generate the precompilation
dependencies on DTS file(s).
"-MT $(DTBS)" builds a dependency for the target DTS file.
"-MMD" includes header file dependencies but not on system header files.
"-MF $(DTSDEP)" generates a Makefile script to define the dependencies
which is included afterward.
This change renames existing variable DEP into DTBDEP.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Romlib is a new image that is stored in ROM and contains the code of
several libraries that can be shared between different images. All
the functions within in the library are accessed using a jump table
which allows to update the romlib image whithout changing the binary
compatibility. This jump table can be also stored in RAM and it can
allow to patch a romlib with potential bugs fixes..
Change-Id: If980ccdaca24b7aaca900e32acc68baf6f94ab35
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
This patch adds all the make macros needed to create a library archive
and to use it in the link stage.
Change-Id: I26597bfd6543649d0b68a9b1e06aec1ba353e6de
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Add support for BLx stages to use libraries in MAKE_BL macro.
This change does not affect BL stages that do not have
BL_LIBS variable defined in their makefiles.
However in case that BL wants to use external library
(for instance vendor-specific DDR initialization code supplied
as a library), this patch will allow to build BL image linked
with such library.
Change-Id: Ife29069a72dc4aff833db6ef8b828736d6689b78
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
This is an add-on feature that allows processing
device tree with external includes.
"-Iinclude" is also added to INCLUDES.
It allows inclusion of dt-bindings files either in dts files or drivers,
as those files will be in include/dt-bindings/.
"-i fdts" is added to the DTC command line.
As the pre-processed files are in build directory, the DT source directory
has to be explicitely included, to manages /include/ directives.
fixesarm-software/tf-issues#595
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
This makes incremental builds work when the only change is to a definition
in a makefile. This version of the patch has been fixed to avoid depending
on the dependency makefiles that are generated at build time.
Fixesarm-software/tf-issues#551
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Seems to have unintended side-effects on the build system such as
rebuilding certain parts of TF even though nothing has changed.
This reverts commit c6f651f9a3.
Change-Id: I1472e6c630cb6371ec629b7d97a5748d9a6fd096
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
This patch makes some minor changes to `MAKE_DTBS` make macro
and adds `dtbs` target to the `all` make target.
Change-Id: I1c5b4a603ada31d2dac2ed73da9ff707b410dd11
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This makes incremental builds work when the only change is to a
definition in a makefile.
Fixesarm-software/tf-issues#551
Signed-off-by: Stephen Warren <swarren@nvidia.com>
One typical usage of the pre-tool image filter is data compression,
and GZIP is one of the most commonly used compression methods.
I guess this is generic enough to be put in the common script instead
of platform.mk.
If you want to use this, you can add something like follows to your
platform.mk:
BL32_PRE_TOOL_FILTER := GZIP
BL33_PRE_TOOL_FILTER := GZIP
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
There are cases where we want to process images before they are
passed to cert_create / fiptool.
My main motivation is data compression. By compressing images, we can
save data storage, and possibly speed up loading images. The image
verification will also get faster because certificates are generated
based on compressed images.
Other image transformation filters (for ex. encryption), and their
combinations would be possible. So, our build system should support
transformation filters in a generic manner.
The choice of applied filters is up to platforms (so specified in
platform.mk)
To define a new filter, <FILTER_NAME>_RULE and <FILTER_NAME>_SUFFIX
are needed.
For example, the GZIP compression filter can be implemented as follows:
------------------------>8------------------------
define GZIP_RULE
$(1): $(2)
@echo " GZIP $$@"
$(Q)gzip -n -f -9 $$< --stdout > $$@
endef
GZIP_SUFFIX := .gz
------------------------>8------------------------
The _RULE defines how to create the target $(1) from the source $(2).
The _SUFFIX defines the extension appended to the processed image path.
The suffix is not so important because the file name information is not
propagated to FIP, but adding a sensible suffix will be good to classify
the data file.
Platforms can specify which filter is applied to which BL image, like
this:
------------------------>8------------------------
BL32_PRE_TOOL_FILTER := GZIP
BL33_PRE_TOOL_FILTER := GZIP
------------------------>8------------------------
<IMAGE_NAME>_PRE_TOOL_FILTER specifies per-image filter. With this,
different images can be transformed differently. For the case above,
only BL32 and BL33 are GZIP-compressed. Nothing is done for other
images.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
In the next commit, I need the image name in lowercase because
output files are generally named in lowercase.
Unfortunately, TOOL_ADD_IMG takes the first argument in uppercase
since we generally use uppercase Make variables.
make_helpers/build_macros.mk provides 'uppercase' macro to convert
a string into uppercase, but 'lowercase' does not exist. We can
implement it if we like, but it would be more straightforward to
change the argument of TOOL_ADD_IMG.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
The PHONY target "bl*" generate $(BIN) and $(DUMP), but host tools
(fiptool, cert_create) only need $(BIN).
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
The third argument was given "true" by images, but it was moved
to TOOL_ADD_PAYLOAD. No more caller of CERT_ADD_CMD_OPT uses this.
So, the third argument is always empty. Remove it.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Now FIP_ADD_IMG takes care of both fiptool and cert_create
symmetrically. Rename it so that it matches the behavior.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Now FIP_ADD_PAYLOAD takes care of both fiptool and cert_create
symmetrically. Rename it so that it matches the behavior.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
The fiptool and cert_create use the same command options for images.
It is pretty easy to handle both in the same, symmetrical way.
Move CRT_ARGS and CRT_DEPS to FIP_ADD_PAYLOAD. This refactoring makes
sense because FIP_ADD_PAYLOAD is called from MAKE_BL (when building
images from source), and from FIP_ADD_IMG (when including external
images). (FIP_ADD_PAYLOAD will be renamed later on since it now
caters to both fiptool and cert_create).
We can delete CERT_ADD_CMD_OPT for images in tbbr.mk. It still
needs to call CERT_ADD_CMD_OPT directly for certificates.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
The callers of these macros are supposed to use $(eval $(call, ...)).
The $(eval ...) on the callee side is unneeded.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
The build system supports generating two FIP images, fip and fwu_fip.
Accordingly, we have similar build macros.
FIP_ADD_PAYLOAD <--> FWU_FIP_ADD_PAYLOAD
CERT_ADD_CMD_OPT <--> FWU_CERT_ADD_CMD_OPT
FIP_ADD_IMG <--> FWU_FIP_ADD_IMG
The duplicated code increases the maintenance burden. Also, the build
rule of BL2U looks clumsy - we want to call MAKE_BL to compile it from
source files, but we want to put it in fwu_fip. We can not do it in a
single macro call since the current MAKE_BL does not support fwu_fip.
To refactor those in a clean way is to support one more argument to
specify the FIP prefix. If it is empty, the images are targeted to
fip, whereas if the argument is "FWU_", targeted to fwu_fip.
The build macros prefixed with FWU_ go away.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
check_* targets check if the required option are given, but do not
check the validity of the argument. If the specified file does not
exist, let the build fail immediately instead of passing the invalid
file path to tools.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
check_* targets just check necessary command line argument, not
build any images. They should be specified as .PHONY.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Commit 8f0617ef9e ("Apply TBBR naming convention to the fip_create
options") changed fiptool command options. We often forget to update
documentation.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Some platforms (for ex. UniPhier) want to create files in the very
top of the build directory. Add ${BUILD_PLAT} so such files can
depend on it.
Make existing directory targets depend on ${BUILD_PLAT} because
they are sub-directories of ${BUILD_PLAT}.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
