#
# Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
include common/fdt_wrappers.mk
ifeq (${ARCH},aarch32)
ifeq (${AARCH32_SP},none)
$(error Variable AARCH32_SP has to be set for AArch32)
endif
endif
ifeq (${ARCH}, aarch64)
# On ARM standard platorms, the TSP can execute from Trusted SRAM, Trusted
# DRAM (if available) or the TZC secured area of DRAM.
# TZC secured DRAM is the default.
ARM_TSP_RAM_LOCATION ?= dram
ifeq (${ARM_TSP_RAM_LOCATION}, tsram)
ARM_TSP_RAM_LOCATION_ID = ARM_TRUSTED_SRAM_ID
else ifeq (${ARM_TSP_RAM_LOCATION}, tdram)
ARM_TSP_RAM_LOCATION_ID = ARM_TRUSTED_DRAM_ID
else ifeq (${ARM_TSP_RAM_LOCATION}, dram)
ARM_TSP_RAM_LOCATION_ID = ARM_DRAM_ID
else
$(error Unsupported ARM_TSP_RAM_LOCATION value)
endif
# Process flags
# Process ARM_BL31_IN_DRAM flag
ARM_BL31_IN_DRAM := 0
$(eval $(call assert_boolean,ARM_BL31_IN_DRAM))
$(eval $(call add_define,ARM_BL31_IN_DRAM))
else
ARM_TSP_RAM_LOCATION_ID = ARM_TRUSTED_SRAM_ID
endif
$(eval $(call add_define,ARM_TSP_RAM_LOCATION_ID))
# For the original power-state parameter format, the State-ID can be encoded
# according to the recommended encoding or zero. This flag determines which
# State-ID encoding to be parsed.
ARM_RECOM_STATE_ID_ENC := 0
# If the PSCI_EXTENDED_STATE_ID is set, then ARM_RECOM_STATE_ID_ENC need to
# be set. Else throw a build error.
ifeq (${PSCI_EXTENDED_STATE_ID}, 1)
ifeq (${ARM_RECOM_STATE_ID_ENC}, 0)
$(error Build option ARM_RECOM_STATE_ID_ENC needs to be set if \
PSCI_EXTENDED_STATE_ID is set for ARM platforms)
endif
endif
# Process ARM_RECOM_STATE_ID_ENC flag
$(eval $(call assert_boolean,ARM_RECOM_STATE_ID_ENC))
$(eval $(call add_define,ARM_RECOM_STATE_ID_ENC))
# Process ARM_DISABLE_TRUSTED_WDOG flag
# By default, Trusted Watchdog is always enabled unless
# SPIN_ON_BL1_EXIT or ENABLE_RME is set
ARM_DISABLE_TRUSTED_WDOG := 0
ifneq ($(filter 1,${SPIN_ON_BL1_EXIT} ${ENABLE_RME}),)
ARM_DISABLE_TRUSTED_WDOG := 1
endif
$(eval $(call assert_boolean,ARM_DISABLE_TRUSTED_WDOG))
$(eval $(call add_define,ARM_DISABLE_TRUSTED_WDOG))
# Process ARM_CONFIG_CNTACR
ARM_CONFIG_CNTACR := 1
$(eval $(call assert_boolean,ARM_CONFIG_CNTACR))
$(eval $(call add_define,ARM_CONFIG_CNTACR))
# Process ARM_BL31_IN_DRAM flag
ARM_BL31_IN_DRAM := 0
$(eval $(call assert_boolean,ARM_BL31_IN_DRAM))
$(eval $(call add_define,ARM_BL31_IN_DRAM))
# As per CCA security model, all root firmware must execute from on-chip secure
# memory. This means we must not run BL31 from TZC-protected DRAM.
ifeq (${ARM_BL31_IN_DRAM},1)
ifeq (${ENABLE_RME},1)
$(error BL31 must not run from DRAM on RME-systems. Please set ARM_BL31_IN_DRAM to 0)
endif
endif
# Process ARM_PLAT_MT flag
ARM_PLAT_MT := 0
$(eval $(call assert_boolean,ARM_PLAT_MT))
$(eval $(call add_define,ARM_PLAT_MT))
# Use translation tables library v2 by default
ARM_XLAT_TABLES_LIB_V1 := 0
$(eval $(call assert_boolean,ARM_XLAT_TABLES_LIB_V1))
$(eval $(call add_define,ARM_XLAT_TABLES_LIB_V1))
# Don't have the Linux kernel as a BL33 image by default
ARM_LINUX_KERNEL_AS_BL33 := 0
$(eval $(call assert_boolean,ARM_LINUX_KERNEL_AS_BL33))
$(eval $(call add_define,ARM_LINUX_KERNEL_AS_BL33))
ifeq (${ARM_LINUX_KERNEL_AS_BL33},1)
ifneq (${ARCH},aarch64)
ifneq (${RESET_TO_SP_MIN},1)
$(error ARM_LINUX_KERNEL_AS_BL33 is only available if RESET_TO_SP_MIN=1.)
endif
endif
ifeq (${RESET_TO_BL31},1)
ifndef ARM_PRELOADED_DTB_BASE
$(error ARM_PRELOADED_DTB_BASE must be set if ARM_LINUX_KERNEL_AS_BL33 is used with RESET_TO_BL31.)
endif
$(eval $(call add_define,ARM_PRELOADED_DTB_BASE))
endif
endif
# Add the build options to pack Trusted OS Extra1 and Trusted OS Extra2 images
# in the FIP if the platform requires.
ifneq ($(BL32_EXTRA1),)
$(eval $(call TOOL_ADD_IMG,bl32_extra1,--tos-fw-extra1))
endif
ifneq ($(BL32_EXTRA2),)
$(eval $(call TOOL_ADD_IMG,bl32_extra2,--tos-fw-extra2))
endif
# Enable PSCI_STAT_COUNT/RESIDENCY APIs on ARM platforms
ENABLE_PSCI_STAT := 1
ENABLE_PMF := 1
# Override the standard libc with optimised libc_asm
OVERRIDE_LIBC := 1
ifeq (${OVERRIDE_LIBC},1)
include lib/libc/libc_asm.mk
endif
# On ARM platforms, separate the code and read-only data sections to allow
# mapping the former as executable and the latter as execute-never.
SEPARATE_CODE_AND_RODATA := 1
# On ARM platforms, disable SEPARATE_NOBITS_REGION by default. Both PROGBITS
# and NOBITS sections of BL31 image are adjacent to each other and loaded
# into Trusted SRAM.
SEPARATE_NOBITS_REGION := 0
# In order to support SEPARATE_NOBITS_REGION for Arm platforms, we need to load
# BL31 PROGBITS into secure DRAM space and BL31 NOBITS into SRAM. Hence mandate
# the build to require that ARM_BL31_IN_DRAM is enabled as well.
ifeq ($(SEPARATE_NOBITS_REGION),1)
ifneq ($(ARM_BL31_IN_DRAM),1)
$(error For SEPARATE_NOBITS_REGION, ARM_BL31_IN_DRAM must be enabled)
endif
ifneq ($(RECLAIM_INIT_CODE),0)
$(error For SEPARATE_NOBITS_REGION, RECLAIM_INIT_CODE cannot be supported)
endif
endif
# Enable PIE support for RESET_TO_BL31/RESET_TO_SP_MIN case
ifneq ($(filter 1,${RESET_TO_BL31} ${RESET_TO_SP_MIN}),)
ENABLE_PIE := 1
endif
# On Arm platform, disable ARM_FW_CONFIG_LOAD_ENABLE by default.
ARM_FW_CONFIG_LOAD_ENABLE := 0
$(eval $(call assert_boolean,ARM_FW_CONFIG_LOAD_ENABLE))
$(eval $(call add_define,ARM_FW_CONFIG_LOAD_ENABLE))
# In order to enable ARM_FW_CONFIG_LOAD_ENABLE for the Arm platform, the
# platform should be reset to BL2 (RESET_TO_BL2=1), and FW_CONFIG must be
# specified.
ifeq (${ARM_FW_CONFIG_LOAD_ENABLE},1)
ifneq (${RESET_TO_BL2},1)
$(error RESET_TO_BL2 must be enabled when ARM_FW_CONFIG_LOAD_ENABLE \
is enabled)
endif
ifeq (${FW_CONFIG},)
$(error FW_CONFIG must be specified when ARM_FW_CONFIG_LOAD_ENABLE \
is enabled)
endif
endif
# Disable GPT parser support, use FIP image by default
ARM_GPT_SUPPORT := 0
$(eval $(call assert_boolean,ARM_GPT_SUPPORT))
$(eval $(call add_define,ARM_GPT_SUPPORT))
# Include necessary sources to parse GPT image
ifeq (${ARM_GPT_SUPPORT}, 1)
BL2_SOURCES += drivers/partition/gpt.c \
drivers/partition/partition.c
endif
# Enable CRC instructions via extension for ARMv8-A CPUs.
# For ARMv8.1-A, and onwards CRC instructions are default enabled.
# Enable HW computed CRC support unconditionally in BL2 component.
ifeq (${ARM_ARCH_MAJOR},8)
ifeq (${ARM_ARCH_MINOR},0)
BL2_CPPFLAGS += -march=armv8-a+crc
endif
endif
ifeq ($(PSA_FWU_SUPPORT),1)
# GPT support is recommended as per PSA FWU specification hence
# PSA FWU implementation is tightly coupled with GPT support,
# and it does not support other formats.
ifneq ($(ARM_GPT_SUPPORT),1)
$(error For PSA_FWU_SUPPORT, ARM_GPT_SUPPORT must be enabled)
endif
FWU_MK := drivers/fwu/fwu.mk
$(info Including ${FWU_MK})
include ${FWU_MK}
endif
ifeq (${ARCH}, aarch64)
PLAT_INCLUDES += -Iinclude/plat/arm/common/aarch64
endif
PLAT_BL_COMMON_SOURCES += plat/arm/common/${ARCH}/arm_helpers.S \
plat/arm/common/arm_common.c \
plat/arm/common/arm_console.c
ifeq (${ARM_XLAT_TABLES_LIB_V1}, 1)
PLAT_BL_COMMON_SOURCES += lib/xlat_tables/xlat_tables_common.c \
lib/xlat_tables/${ARCH}/xlat_tables.c
else
ifeq (${XLAT_MPU_LIB_V1}, 1)
include lib/xlat_mpu/xlat_mpu.mk
PLAT_BL_COMMON_SOURCES += ${XLAT_MPU_LIB_V1_SRCS}
else
include lib/xlat_tables_v2/xlat_tables.mk
PLAT_BL_COMMON_SOURCES += ${XLAT_TABLES_LIB_SRCS}
endif
endif
ARM_IO_SOURCES += plat/arm/common/arm_io_storage.c \
plat/arm/common/fconf/arm_fconf_io.c
ifeq (${SPD},spmd)
ifeq (${BL2_ENABLE_SP_LOAD},1)
ARM_IO_SOURCES += plat/arm/common/fconf/arm_fconf_sp.c
endif
endif
BL1_SOURCES += drivers/io/io_fip.c \
drivers/io/io_memmap.c \
drivers/io/io_storage.c \
plat/arm/common/arm_bl1_setup.c \
plat/arm/common/arm_err.c \
${ARM_IO_SOURCES}
ifdef EL3_PAYLOAD_BASE
# Need the plat_arm_program_trusted_mailbox() function to release secondary CPUs from
# their holding pen
BL1_SOURCES += plat/arm/common/arm_pm.c
endif
BL2_SOURCES += drivers/delay_timer/delay_timer.c \
drivers/delay_timer/generic_delay_timer.c \
drivers/io/io_fip.c \
drivers/io/io_memmap.c \
drivers/io/io_storage.c \
plat/arm/common/arm_bl2_setup.c \
plat/arm/common/arm_err.c \
common/tf_crc32.c \
${ARM_IO_SOURCES}
# Firmware Configuration Framework sources
include lib/fconf/fconf.mk
BL1_SOURCES += ${FCONF_SOURCES} ${FCONF_DYN_SOURCES}
BL2_SOURCES += ${FCONF_SOURCES} ${FCONF_DYN_SOURCES}
# Add `libfdt` and Arm common helpers required for Dynamic Config
include lib/libfdt/libfdt.mk
DYN_CFG_SOURCES += plat/arm/common/arm_dyn_cfg.c \
plat/arm/common/arm_dyn_cfg_helpers.c \
common/uuid.c
DYN_CFG_SOURCES += ${FDT_WRAPPERS_SOURCES}
BL1_SOURCES += ${DYN_CFG_SOURCES}
BL2_SOURCES += ${DYN_CFG_SOURCES}
ifeq (${RESET_TO_BL2},1)
BL2_SOURCES += plat/arm/common/arm_bl2_el3_setup.c
endif
# Because BL1/BL2 execute in AArch64 mode but BL32 in AArch32 we need to use
# the AArch32 descriptors.
ifeq (${JUNO_AARCH32_EL3_RUNTIME},1)
BL2_SOURCES += plat/arm/common/aarch32/arm_bl2_mem_params_desc.c
else
ifeq ($(filter $(PLAT), corstone1000 rd1ae),)
BL2_SOURCES += plat/arm/common/${ARCH}/arm_bl2_mem_params_desc.c
endif
endif
BL2_SOURCES += plat/arm/common/arm_image_load.c \
common/desc_image_load.c
ifeq (${SPD},opteed)
BL2_SOURCES += lib/optee/optee_utils.c
endif
BL2U_SOURCES += drivers/delay_timer/delay_timer.c \
drivers/delay_timer/generic_delay_timer.c \
plat/arm/common/arm_bl2u_setup.c
BL31_SOURCES += plat/arm/common/arm_bl31_setup.c \
plat/arm/common/arm_pm.c \
plat/arm/common/arm_topology.c \
plat/common/plat_psci_common.c
ifeq (${TRANSFER_LIST}, 1)
TRANSFER_LIST_SOURCES += plat/arm/common/arm_transfer_list.c
endif
ifneq ($(filter 1,${ENABLE_PMF} ${ETHOSN_NPU_DRIVER}),)
ARM_SVC_HANDLER_SRCS :=
ifeq (${ENABLE_PMF},1)
ARM_SVC_HANDLER_SRCS += lib/pmf/pmf_smc.c
endif
ifeq (${ETHOSN_NPU_DRIVER},1)
ARM_SVC_HANDLER_SRCS += plat/arm/common/fconf/fconf_ethosn_getter.c \
drivers/delay_timer/delay_timer.c \
drivers/arm/ethosn/ethosn_smc.c
ifeq (${ETHOSN_NPU_TZMP1},1)
ARM_SVC_HANDLER_SRCS += drivers/arm/ethosn/ethosn_big_fw.c
endif
endif
ifeq (${ARCH}, aarch64)
BL31_SOURCES += plat/arm/common/aarch64/execution_state_switch.c\
plat/arm/common/arm_sip_svc.c \
plat/arm/common/plat_arm_sip_svc.c \
${ARM_SVC_HANDLER_SRCS}
else
BL32_SOURCES += plat/arm/common/arm_sip_svc.c \
plat/arm/common/plat_arm_sip_svc.c \
${ARM_SVC_HANDLER_SRCS}
endif
endif
ifeq (${EL3_EXCEPTION_HANDLING},1)
BL31_SOURCES += plat/common/aarch64/plat_ehf.c
endif
ifeq (${SDEI_SUPPORT},1)
BL31_SOURCES += plat/arm/common/aarch64/arm_sdei.c
ifeq (${SDEI_IN_FCONF},1)
BL31_SOURCES += plat/arm/common/fconf/fconf_sdei_getter.c
endif
endif
# RAS sources
ifeq (${ENABLE_FEAT_RAS}-${HANDLE_EA_EL3_FIRST_NS},1-1)
BL31_SOURCES += lib/extensions/ras/std_err_record.c \
lib/extensions/ras/ras_common.c
endif
# Pointer Authentication sources
ifeq ($(BRANCH_PROTECTION),$(filter $(BRANCH_PROTECTION),1 2 3))
PLAT_BL_COMMON_SOURCES += plat/arm/common/aarch64/arm_pauth.c
endif
ifeq (${SPD},spmd)
BL31_SOURCES += plat/common/plat_spmd_manifest.c \
common/uuid.c \
${LIBFDT_SRCS}
BL31_SOURCES += ${FDT_WRAPPERS_SOURCES}
endif
ifeq (${DRTM_SUPPORT},1)
BL31_SOURCES += plat/arm/common/arm_err.c
endif
ifneq ($(filter 1,${MEASURED_BOOT} ${TRUSTED_BOARD_BOOT} ${DRTM_SUPPORT}),)
PLAT_INCLUDES += -Iplat/arm/common \
-Iinclude/drivers/auth/mbedtls
ifeq (${HASH_ALG}, sha512)
ARM_ROTPK_HASH_LEN := 64
else ifeq (${HASH_ALG}, sha384)
ARM_ROTPK_HASH_LEN := 48
else
ARM_ROTPK_HASH_LEN := 32
endif
$(eval $(call add_define,ARM_ROTPK_HASH_LEN))
endif
ifneq (${TRUSTED_BOARD_BOOT},0)
# Include common TBB sources
AUTH_SOURCES := drivers/auth/auth_mod.c \
drivers/auth/img_parser_mod.c
# Include the selected chain of trust sources.
ifeq (${COT},tbbr)
BL1_SOURCES += drivers/auth/tbbr/tbbr_cot_common.c \
drivers/auth/tbbr/tbbr_cot_bl1.c
ifneq (${COT_DESC_IN_DTB},0)
BL2_SOURCES += lib/fconf/fconf_cot_getter.c
else
# Juno has its own TBBR CoT file for BL2
ifeq (${PLAT},juno)
BL2_SOURCES += drivers/auth/tbbr/tbbr_cot_common.c
endif
endif
else ifeq (${COT},dualroot)
BL1_SOURCES += drivers/auth/dualroot/bl1_cot.c
ifneq (${COT_DESC_IN_DTB},0)
BL2_SOURCES += lib/fconf/fconf_cot_getter.c
endif
else ifeq (${COT},cca)
BL1_SOURCES += drivers/auth/cca/bl1_cot.c
ifneq (${COT_DESC_IN_DTB},0)
BL2_SOURCES += lib/fconf/fconf_cot_getter.c
endif
else
$(error Unknown chain of trust ${COT})
endif
ifeq (${COT_DESC_IN_DTB},0)
ifeq (${COT},dualroot)
COTDTPATH := fdts/dualroot_cot_descriptors.dtsi
else ifeq (${COT},cca)
COTDTPATH := fdts/cca_cot_descriptors.dtsi
else ifeq (${COT},tbbr)
ifneq (${PLAT},juno)
COTDTPATH := fdts/tbbr_cot_descriptors.dtsi
endif
endif
endif
BL1_SOURCES += ${AUTH_SOURCES} \
bl1/tbbr/tbbr_img_desc.c \
plat/arm/common/arm_bl1_fwu.c \
plat/common/tbbr/plat_tbbr.c
BL2_SOURCES += ${AUTH_SOURCES} \
plat/common/tbbr/plat_tbbr.c
$(eval $(call TOOL_ADD_IMG,ns_bl2u,--fwu,FWU_))
IMG_PARSER_LIB_MK := drivers/auth/mbedtls/mbedtls_x509.mk
$(info Including ${IMG_PARSER_LIB_MK})
include ${IMG_PARSER_LIB_MK}
endif
# Include Measured Boot makefile before any Crypto library makefile.
# Crypto library makefile may need default definitions of Measured Boot build
# flags present in Measured Boot makefile.
ifneq ($(filter 1,${MEASURED_BOOT} ${DRTM_SUPPORT}),)
MEASURED_BOOT_MK := drivers/measured_boot/event_log/event_log.mk
$(info Including ${MEASURED_BOOT_MK})
include ${MEASURED_BOOT_MK}
ifeq (${MEASURED_BOOT},1)
BL1_SOURCES += ${EVENT_LOG_SOURCES}
BL2_SOURCES += ${EVENT_LOG_SOURCES}
endif
ifeq (${DRTM_SUPPORT},1)
BL31_SOURCES += ${EVENT_LOG_SOURCES}
endif
endif
ifneq ($(filter 1,${MEASURED_BOOT} ${TRUSTED_BOARD_BOOT} ${DRTM_SUPPORT}),)
CRYPTO_SOURCES := drivers/auth/crypto_mod.c \
lib/fconf/fconf_tbbr_getter.c
BL1_SOURCES += ${CRYPTO_SOURCES}
BL2_SOURCES += ${CRYPTO_SOURCES}
BL31_SOURCES += drivers/auth/crypto_mod.c
# We expect to locate the *.mk files under the directories specified below
CRYPTO_LIB_MK := drivers/auth/mbedtls/mbedtls_crypto.mk
$(info Including ${CRYPTO_LIB_MK})
include ${CRYPTO_LIB_MK}
endif
ifeq (${RECLAIM_INIT_CODE}, 1)
ifeq (${ARM_XLAT_TABLES_LIB_V1}, 1)
$(error To reclaim init code xlat tables v2 must be used)
endif
endif
ifneq ($(COTDTPATH),)
cot-dt-defines = IMAGE_BL2 $(BL2_DEFINES) $(PLAT_BL_COMMON_DEFINES)
cot-dt-include-dirs = $(BL2_INCLUDE_DIRS) $(PLAT_BL_COMMON_INCLUDE_DIRS)
cot-dt-cpp-flags = $(cot-dt-defines:%=-D%)
cot-dt-cpp-flags += $(cot-dt-include-dirs:%=-I%)
cot-dt-cpp-flags += $(BL2_CPPFLAGS) $(PLAT_BL_COMMON_CPPFLAGS)
cot-dt-cpp-flags += $(CPPFLAGS) $(BL_CPPFLAGS) $(TF_CFLAGS_$(ARCH))
cot-dt-cpp-flags += -c -x assembler-with-cpp -E -P -o $@ $<
$(BUILD_PLAT)/$(COTDTPATH:.dtsi=.dts): $(COTDTPATH) | $$(@D)/
$(q)$($(ARCH)-cpp) $(cot-dt-cpp-flags)
$(BUILD_PLAT)/$(COTDTPATH:.dtsi=.c): $(BUILD_PLAT)/$(COTDTPATH:.dtsi=.dts) | $$(@D)/
$(if $(host-poetry),$(q)poetry -q install)
$(q)$(if $(host-poetry),poetry run )cot-dt2c convert-to-c $< $@
BL2_SOURCES += $(BUILD_PLAT)/$(COTDTPATH:.dtsi=.c)
endif