build: clarify linker script generation

The following build system variables have been renamed:

- `LINKERFILE` -> `DEFAULT_LINKER_SCRIPT`
- `BL_LINKERFILE` -> `DEFAULT_LINKER_SCRIPT_SOURCE`
- `<IMA

build: clarify linker script generation

The following build system variables have been renamed:

- `LINKERFILE` -> `DEFAULT_LINKER_SCRIPT`
- `BL_LINKERFILE` -> `DEFAULT_LINKER_SCRIPT_SOURCE`
- `<IMAGE>_LINKERFILE` -> `<IMAGE>_DEFAULT_LINKER_SCRIPT_SOURCE`

These new names better reflect how each variable is used:

1. the default linker script is passed via `-dT` instead of `-T`
2. linker script source files are first preprocessed

Additionally, linker scripts are now placed in the build directory
relative to where they exist in the source directory. For example,
the `bl32/sp_min/sp_min.ld.S` would now preprocess to
`sp_min/sp_min.ld` instead of just `bl32.ld`

BREAKING-CHANGE: The `LINKERFILE`, `BL_LINKERFILE` and
`<IMAGE_LINKERFILE>` build system variables have been renamed. See the
commit message for more information.

Change-Id: If8cef65dcb8820e8993736702c8741e97a66e6cc
Signed-off-by: Chris Kay <chris.kay@arm.com>

show more ...

Merge "refactor(security): add OpenSSL 1.x compatibility" into integration

refactor(security): add OpenSSL 1.x compatibility

When updated to work with OpenSSL 3.0, the host tools lost their
compatibility with previous versions (1.x) of OpenSSL. This is
mainly due to the fa

refactor(security): add OpenSSL 1.x compatibility

When updated to work with OpenSSL 3.0, the host tools lost their
compatibility with previous versions (1.x) of OpenSSL. This is
mainly due to the fact that 1.x APIs became deprecated in 3.0 and
therefore their use cause compiling errors. In addition, updating
for a newer version of OpenSSL meant improving the stability
against security threats. However, although version 1.1.1 is
now deprecated, it still receives security updates, so it would
not imply major security issues to keep compatibility with it too.

This patch adds backwards compatibility with OpenSSL 1.x versions
by adding back 1.x API code. It defines a macro USING_OPENSSL3,
which will select the appropriate OpenSSL API version depending on
the OpenSSL library path chosen (which is determined by the
already-existing OPENSSL_DIR variable).

In addition, cleanup items were packed in functions and moved to
the proper modules in order to make the code more maintainable and
legible.

Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: I8deceb5e419edc73277792861882404790ccd33c

show more ...

Merge "feat(bl): add interface to query TF-A semantic ver" into integration

feat(bl): add interface to query TF-A semantic ver

Adding interface for stand-alone semantic version of TF-A
for exporting to RSS attestation, and potentially other areas
as well.

Signed-off-by: La

feat(bl): add interface to query TF-A semantic ver

Adding interface for stand-alone semantic version of TF-A
for exporting to RSS attestation, and potentially other areas
as well.

Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: Ib4a2c47aa1e42a3b850185e674c90708a05cda53

show more ...

Merge changes from topic "vendor_makefile_extension" into integration

* changes:
feat(plat/mediatek/build_helpers): introduce mtk makefile
build(makefile): add extra makefile variable for extens

Merge changes from topic "vendor_makefile_extension" into integration

* changes:
feat(plat/mediatek/build_helpers): introduce mtk makefile
build(makefile): add extra makefile variable for extension

show more ...

build(makefile): add extra makefile variable for extension

Introduce EXTRA_LINKERFILE for GCC linker options. GCC linker
can realize multiple linker scripts, and vendors can extend ro or
text sectio

build(makefile): add extra makefile variable for extension

Introduce EXTRA_LINKERFILE for GCC linker options. GCC linker
can realize multiple linker scripts, and vendors can extend ro or
text sections by inserting sections among the original sections
specified by blx.ld.S.

Vendors can assign compiled object files by assigning MODULE_OBJS
with their own built path.

Signed-off-by: Leon Chen <leon.chen@mediatek.com>
Change-Id: I1bd2e0383a52204723816131da4b7948def4c4e9

show more ...

Merge changes from topic "za/feat_rme" into integration

* changes:
refactor(gpt): productize and refactor GPT library
feat(rme): disable Watchdog for Arm platforms if FEAT_RME enabled
docs(rme

Merge changes from topic "za/feat_rme" into integration

* changes:
refactor(gpt): productize and refactor GPT library
feat(rme): disable Watchdog for Arm platforms if FEAT_RME enabled
docs(rme): add build and run instructions for FEAT_RME
fix(plat/fvp): bump BL2 stack size
fix(plat/fvp): allow changing the kernel DTB load address
refactor(plat/arm): rename ARM_DTB_DRAM_NS region macros
refactor(plat/fvp): update FVP platform DTS for FEAT_RME
feat(plat/arm): add GPT initialization code for Arm platforms
feat(plat/fvp): add memory map for FVP platform for FEAT_RME
refactor(plat/arm): modify memory region attributes to account for FEAT_RME
feat(plat/fvp): add RMM image support for FVP platform
feat(rme): add GPT Library
feat(rme): add ENABLE_RME build option and support for RMM image
refactor(makefile): remove BL prefixes in build macros
feat(rme): add context management changes for FEAT_RME
feat(rme): add Test Realm Payload (TRP)
feat(rme): add RMM dispatcher (RMMD)
feat(rme): run BL2 in root world when FEAT_RME is enabled
feat(rme): add xlat table library changes for FEAT_RME
feat(rme): add Realm security state definition
feat(rme): add register definitions and helper functions for FEAT_RME

show more ...

refactor(makefile): remove BL prefixes in build macros

The current Makefile assumes all TF-A binaries
have BL prefixes (BL1, BL2, etc). Now that we
have other binary names with FEAT_RME feature, rem

refactor(makefile): remove BL prefixes in build macros

The current Makefile assumes all TF-A binaries
have BL prefixes (BL1, BL2, etc). Now that we
have other binary names with FEAT_RME feature, remove
this assumption. With this change, we need to pass
the full name of a binary when using build macros.

Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I44e094b2366aa526f807d92dffa709390d14d145

show more ...

Merge changes I635cf82e,Iee3b4e0d into integration

* changes:
Makefile: Fix ${FIP_NAME} to be rebuilt only when needed
Makefile: Do not mark file targets as .PHONY target

Makefile: Fix ${FIP_NAME} to be rebuilt only when needed

Currently ${FIP_DEPS} as prerequisite for ${BUILD_PLAT}/${FIP_NAME}
contains .PHONY targets check_$(1) and therefore ${BUILD_PLAT}/${FIP_NAME

Makefile: Fix ${FIP_NAME} to be rebuilt only when needed

Currently ${FIP_DEPS} as prerequisite for ${BUILD_PLAT}/${FIP_NAME}
contains .PHONY targets check_$(1) and therefore ${BUILD_PLAT}/${FIP_NAME}
is always rebuilt even when other file target prerequisites are not
changed.

These changes fix above issue and ${BUILD_PLAT}/${FIP_NAME} target is
rebuilt only when its prerequisites are changed.

There are 3 changes:

Content of check_$(1) target is moved into check_$(1)_cmd variable so it
can be easily reused.

.PHONY check_$(1) targets are not put into ${FIP_DEPS} and ${FWU_FIP_DEPS}
dependencies anymore and required checks which are in ${CHECK_FIP_CMD} and
${CHECK_FWU_FIP_CMD} variables are executed as part of targets
${BUILD_PLAT}/${FIP_NAME} and ${BUILD_PLAT}/${FWU_FIP_NAME} itself.

To ensure that ${BUILD_PLAT}/${FIP_NAME} and ${BUILD_PLAT}/${FWU_FIP_NAME}
are rebuilt even when additional dependency file image added by
TOOL_ADD_IMG is changed, this file image (if exists) is added as file
dependency to ${FIP_DEPS} and ${FWU_FIP_DEPS}. If it does not exist then
FORCE target is added to ensure that FIP/FWU_FIP is rebuilt. Command
${CHECK_FIP_CMD}/${CHECK_FWU_FIP_CMD} will then thrown an error message if
the file is required but not present.

So this change ensures that if BL33 image is updated then final FIP image
is updated too. And if BL33 image is not specified or does not exist and is
required to be present then check_$(1)_cmd call from ${CHECK_FIP_CMD} would
ensure that error message is thrown during build.

Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I635cf82e2b667ff57e2af83500d4aca71d235e3e

show more ...

Merge "build_macros.mk: include assert and define loop macros" into integration

build_macros.mk: include assert and define loop macros

Loop macros make it easier for developers to include new variables to
assert or define and also help code code readability on makefiles.

Chang

build_macros.mk: include assert and define loop macros

Loop macros make it easier for developers to include new variables to
assert or define and also help code code readability on makefiles.

Change-Id: I0d21d6e67b3eca8976c4d856ac8ccc02c8bb5ffa
Signed-off-by: Leonardo Sandoval <leonardo.sandoval@linaro.org>

show more ...

Merge "Build: introduce per-BL CPPFLAGS and ASFLAGS" into integration

Build: introduce per-BL CPPFLAGS and ASFLAGS

Currently, BL*_CFLAGS and BL*_LDFLAGS are supported.

For completion, this adds BL*_CPPFLAGS and BL*_ASFLAGS.

My main motivation is to pass -D<macro> to

Build: introduce per-BL CPPFLAGS and ASFLAGS

Currently, BL*_CFLAGS and BL*_LDFLAGS are supported.

For completion, this adds BL*_CPPFLAGS and BL*_ASFLAGS.

My main motivation is to pass -D<macro> to BL*_CPPFLAGS so that
the macro can be used from all source files.

Change-Id: I0ca1e4e26386bef7fed999af140ee7cce7c2f8ef
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

show more ...

Merge changes from topic "tbbr/fw_enc" into integration

* changes:
docs: qemu: Add instructions to boot using FIP image
docs: Update docs with firmware encryption feature
qemu: Support optiona

Merge changes from topic "tbbr/fw_enc" into integration

* changes:
docs: qemu: Add instructions to boot using FIP image
docs: Update docs with firmware encryption feature
qemu: Support optional encryption of BL31 and BL32 images
qemu: Update flash address map to keep FIP in secure FLASH0
Makefile: Add support to optionally encrypt BL31 and BL32
tools: Add firmware authenticated encryption tool
TBB: Add an IO abstraction layer to load encrypted firmwares
drivers: crypto: Add authenticated decryption framework

show more ...

Makefile: Add support to optionally encrypt BL31 and BL32

Following build flags have been added to support optional firmware
encryption:

- FW_ENC_STATUS: Top level firmware's encryption numeric fla

Makefile: Add support to optionally encrypt BL31 and BL32

Following build flags have been added to support optional firmware
encryption:

- FW_ENC_STATUS: Top level firmware's encryption numeric flag, values:
0: Encryption is done with Secret Symmetric Key (SSK) which is
common for a class of devices.
1: Encryption is done with Binding Secret Symmetric Key (BSSK) which
is unique per device.

- ENC_KEY: A 32-byte (256-bit) symmetric key in hex string format. It
could be SSK or BSSK depending on FW_ENC_STATUS flag.

- ENC_NONCE: A 12-byte (96-bit) encryption nonce or Initialization Vector
(IV) in hex string format.

- ENCRYPT_BL31: Binary flag to enable encryption of BL31 firmware.

- ENCRYPT_BL32: Binary flag to enable encryption of Secure BL32 payload.

Similar flags can be added to encrypt other firmwares as well depending
on use-cases.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Change-Id: I94374d6830ad5908df557f63823e58383d8ad670

show more ...

Merge "Build: fix 'BL stage' comment for build macros" into integration

Build: fix 'BL stage' comment for build macros

The MAKE_BL macro is invoked for 1, 2, 2u, 31, 32.

Fix the comments.

Change-Id: I35dd25cc2ea13885c184fb9c8229a322b33f7e71
Signed-off-by: Masahiro Yam

Build: fix 'BL stage' comment for build macros

The MAKE_BL macro is invoked for 1, 2, 2u, 31, 32.

Fix the comments.

Change-Id: I35dd25cc2ea13885c184fb9c8229a322b33f7e71
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

show more ...

Merge changes I5ca7a004,Ibcb336a2 into integration

* changes:
board/rdn1edge: use CREATE_SEQ helper macro to compare chip count
build_macros: add create sequence helper function

build_macros: add create sequence helper function

Add `CREATE_SEQ` function to generate sequence of numbers starting from
1 to allow easy comparison of a user defined macro with non-zero
positive nu

build_macros: add create sequence helper function

Add `CREATE_SEQ` function to generate sequence of numbers starting from
1 to allow easy comparison of a user defined macro with non-zero
positive numbers.

Change-Id: Ibcb336a223d958154b1007d08c428fbaf1e48664
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>

show more ...

Merge changes from topic "pie" into integration

* changes:
uniphier: make all BL images completely position-independent
uniphier: make uniphier_mmap_setup() work with PIE
uniphier: pass SCP ba

Merge changes from topic "pie" into integration

* changes:
uniphier: make all BL images completely position-independent
uniphier: make uniphier_mmap_setup() work with PIE
uniphier: pass SCP base address as a function parameter
uniphier: set buffer offset and length for io_block dynamically
uniphier: use more mmap_add_dynamic_region() for loading images
bl_common: add BL_END macro
uniphier: turn on ENABLE_PIE
TSP: add PIE support
BL2_AT_EL3: add PIE support
BL31: discard .dynsym .dynstr .hash sections to make ENABLE_PIE work
PIE: pass PIE options only to BL31
Build: support per-BL LDFLAGS

show more ...

Build: support per-BL LDFLAGS

make_helpers/build_macros.mk supports per-BL CFLAGS. For example,
you can pass compiler flags only to BL31 by using BL31_CFLAGS.

This commit adds per-BL LDFLAGS suppor

Build: support per-BL LDFLAGS

make_helpers/build_macros.mk supports per-BL CFLAGS. For example,
you can pass compiler flags only to BL31 by using BL31_CFLAGS.

This commit adds per-BL LDFLAGS support, which is useful as well.

My main motivation of this addition is to use it for ENABLE_PIE.
When ENABLE_PIE is enabled, some linker flags are added to TF_LDFLAGS,
which affects all the TF images. It will make more sense to pass the
relevant options only to BL images that support it.

Change-Id: I203acaab0091db5ae0ea6e66460ee7dc8d9c4d75
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

show more ...

Merge "Replace dts includes with C preprocessor syntax" into integration

Replace dts includes with C preprocessor syntax

Using the /include/ syntax, the include was evaluated by dtc, only after running
the preprocessor, therefore the .dtsi files were not preprocessed. Th

Replace dts includes with C preprocessor syntax

Using the /include/ syntax, the include was evaluated by dtc, only after running
the preprocessor, therefore the .dtsi files were not preprocessed. This patch
adds the #include syntax instead. Evaluating this and preprocessing the files
now happens in a single step, done by the C preprocessor.

Change-Id: I6d0104b6274316fc736e84973502a4d6c2c9d6e0
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>

show more ...