xref: /optee_os/ta/link.mk (revision f03a2acaa72afa1b8d32a933f0093390cd1106d8) 
1link-script$(sm) = $(ta-dev-kit-dir$(sm))/src/ta.ld.S
2link-script-pp$(sm) = $(link-out-dir$(sm))/ta.lds
3link-script-dep$(sm) = $(link-out-dir$(sm))/.ta.ld.d
4
5SIGN_ENC ?= $(PYTHON3) $(ta-dev-kit-dir$(sm))/scripts/sign_encrypt.py
6TA_SIGN_KEY ?= $(ta-dev-kit-dir$(sm))/keys/default_ta.pem
7
8ifeq ($(CFG_ENCRYPT_TA),y)
9# Default TA encryption key is a dummy key derived from default
10# hardware unique key (an array of 16 zero bytes) to demonstrate
11# usage of REE-FS TAs encryption feature. It should match the key
12# returned by tee_otp_get_ta_enc_key().
13#
14# Note that a user of this TA encryption feature needs to provide
15# encryption key and its handling corresponding to their security
16# requirements.
17TA_ENC_KEY ?= 'e3ff381eb7859bb961c52f9b78b693f725c261e75eb488ef5893d6de5d097e6a'
18endif
19
20all: $(link-out-dir$(sm))/$(user-ta-uuid).dmp \
21	$(link-out-dir$(sm))/$(user-ta-uuid).stripped.elf \
22	$(link-out-dir$(sm))/$(user-ta-uuid).ta
23cleanfiles += $(link-out-dir$(sm))/$(user-ta-uuid).elf
24cleanfiles += $(link-out-dir$(sm))/$(user-ta-uuid).dmp
25cleanfiles += $(link-out-dir$(sm))/$(user-ta-uuid).map
26cleanfiles += $(link-out-dir$(sm))/$(user-ta-uuid).stripped.elf
27cleanfiles += $(link-out-dir$(sm))/$(user-ta-uuid).ta
28cleanfiles += $(link-script-pp$(sm)) $(link-script-dep$(sm))
29
30link-ldflags  = -e__ta_entry -pie
31link-ldflags += -T $(link-script-pp$(sm))
32link-ldflags += -Map=$(link-out-dir$(sm))/$(user-ta-uuid).map
33link-ldflags += --sort-section=alignment
34link-ldflags += -z max-page-size=4096 # OP-TEE always uses 4K alignment
35ifeq ($(sm)-$(CFG_TA_BTI),ta_arm64-y)
36link-ldflags += $(call ld-option,-z force-bti) --fatal-warnings
37endif
38link-ldflags += --as-needed # Do not add dependency on unused shlib
39link-ldflags += $(link-ldflags$(sm))
40
41$(link-out-dir$(sm))/dyn_list: FORCE
42	@$(cmd-echo-silent) '  GEN     $@'
43	$(q)mkdir -p $(dir $@)
44	$(q)echo "{" >$@.tmp
45	$(q)echo "__elf_phdr_info;" >>$@.tmp
46ifeq ($(CFG_FTRACE_SUPPORT),y)
47	$(q)echo "__ftrace_info;" >>$@.tmp
48endif
49	$(q)echo "trace_ext_prefix;" >>$@.tmp
50	$(q)echo "trace_level;" >>$@.tmp
51	$(q)echo "ta_head;" >>$@.tmp
52	$(q)echo "};" >>$@.tmp
53	$(q)$(call mv-if-changed,$@.tmp,$@)
54link-ldflags += --dynamic-list $(link-out-dir$(sm))/dyn_list
55dynlistdep = $(link-out-dir$(sm))/dyn_list
56cleanfiles += $(link-out-dir$(sm))/dyn_list
57
58link-ldadd  = $(user-ta-ldadd) $(addprefix -L,$(libdirs))
59link-ldadd += --start-group
60link-ldadd += $(addprefix -l,$(libnames))
61ifneq (,$(filter %.cpp,$(srcs)))
62ifneq ($(CFG_TA_LIBGCC),y)
63$(error C++ code depends on CFG_TA_LIBGCC=y)
64endif
65link-ldflags += --eh-frame-hdr
66link-ldadd += $(libstdc++$(sm)) $(libgcc_eh$(sm))
67endif
68link-ldadd += --end-group
69ifeq ($(CFG_TA_LIBGCC),y)
70link-ldadd += $(libgcc$(sm))
71endif
72
73link-ldadd-after-libgcc += $(addprefix -l,$(libnames-after-libgcc))
74
75ldargs-$(user-ta-uuid).elf := $(link-ldflags) $(objs) $(link-ldadd) \
76				$(link-ldadd-after-libgcc)
77
78link-script-cppflags-$(sm) := \
79	$(filter-out $(CPPFLAGS_REMOVE) $(cppflags-remove), \
80		$(nostdinc$(sm)) $(CPPFLAGS) \
81		$(addprefix -I,$(incdirs$(sm)) $(link-out-dir$(sm))) \
82		$(cppflags$(sm)))
83
84-include $(link-script-dep$(sm))
85
86link-script-pp-makefiles$(sm) = $(filter-out %.d %.cmd,$(MAKEFILE_LIST))
87
88define gen-link-t
89$(link-script-pp$(sm)): $(link-script$(sm)) $(conf-file) $(link-script-pp-makefiles$(sm))
90	@$(cmd-echo-silent) '  CPP     $$@'
91	$(q)mkdir -p $$(dir $$@)
92	$(q)$(CPP$(sm)) -P -MT $$@ -MD -MP -MF $(link-script-dep$(sm)) \
93		$(link-script-cppflags-$(sm)) $$< -o $$@
94
95$(link-out-dir$(sm))/$(user-ta-uuid).elf: $(objs) $(libdeps) \
96					  $(libdeps-after-libgcc) \
97					  $(link-script-pp$(sm)) \
98					  $(dynlistdep) \
99					  $(additional-link-deps)
100	@$(cmd-echo-silent) '  LD      $$@'
101	$(q)$(LD$(sm)) $(ldargs-$(user-ta-uuid).elf) -o $$@
102
103$(link-out-dir$(sm))/$(user-ta-uuid).dmp: \
104			$(link-out-dir$(sm))/$(user-ta-uuid).elf
105	@$(cmd-echo-silent) '  OBJDUMP $$@'
106	$(q)$(OBJDUMP$(sm)) -l -x -d $$< > $$@
107
108$(link-out-dir$(sm))/$(user-ta-uuid).stripped.elf: \
109			$(link-out-dir$(sm))/$(user-ta-uuid).elf
110	@$(cmd-echo-silent) '  OBJCOPY $$@'
111	$(q)$(OBJCOPY$(sm)) --strip-unneeded $$< $$@
112
113cmd-echo$(user-ta-uuid) := SIGN   #
114ifeq ($(CFG_ENCRYPT_TA),y)
115crypt-args$(user-ta-uuid) := --enc-key $(TA_ENC_KEY)
116cmd-echo$(user-ta-uuid) := SIGNENC
117endif
118$(link-out-dir$(sm))/$(user-ta-uuid).ta: \
119			$(link-out-dir$(sm))/$(user-ta-uuid).stripped.elf \
120			$(TA_SIGN_KEY) $(TA_SUBKEY_DEPS) \
121			$(lastword $(SIGN_ENC))
122	@$(cmd-echo-silent) '  $$(cmd-echo$(user-ta-uuid)) $$@'
123	$(q)$(SIGN_ENC) --key $(TA_SIGN_KEY) $(TA_SUBKEY_ARGS) \
124		$$(crypt-args$(user-ta-uuid)) \
125		--uuid $(user-ta-uuid) --ta-version $(user-ta-version) \
126		--in $$< --out $$@
127endef
128
129$(eval $(call gen-link-t))
130
131additional-link-deps :=
132