xref: /optee_os/core/arch/arm/arm.mk (revision 4592d1a4c73acde3144dce28c7870e4148c381ca) 
1# Setup compiler for the core module
2ifeq ($(CFG_ARM64_core),y)
3arch-bits-core := 64
4else
5arch-bits-core := 32
6endif
7CROSS_COMPILE_core := $(CROSS_COMPILE$(arch-bits-core))
8COMPILER_core := $(COMPILER)
9include mk/$(COMPILER_core).mk
10
11# Defines the cc-option macro using the compiler set for the core module
12include mk/cc-option.mk
13
14# Size of emulated TrustZone protected SRAM, 448 kB.
15# Only applicable when paging is enabled.
16CFG_CORE_TZSRAM_EMUL_SIZE ?= 458752
17
18ifneq ($(CFG_LPAE_ADDR_SPACE_SIZE),)
19$(warning Error: CFG_LPAE_ADDR_SPACE_SIZE is not supported any longer)
20$(error Error: Please use CFG_LPAE_ADDR_SPACE_BITS instead)
21endif
22
23CFG_LPAE_ADDR_SPACE_BITS ?= 32
24ifeq ($(CFG_ARM32_core),y)
25$(call force,CFG_LPAE_ADDR_SPACE_BITS,32)
26endif
27
28CFG_MMAP_REGIONS ?= 13
29CFG_RESERVED_VASPACE_SIZE ?= (1024 * 1024 * 10)
30CFG_NEX_DYN_VASPACE_SIZE ?= (1024 * 1024)
31CFG_TEE_DYN_VASPACE_SIZE ?= (1024 * 1024)
32
33ifeq ($(CFG_ARM64_core),y)
34ifeq ($(CFG_ARM32_core),y)
35$(error CFG_ARM64_core and CFG_ARM32_core cannot be both 'y')
36endif
37CFG_KERN_LINKER_FORMAT ?= elf64-littleaarch64
38CFG_KERN_LINKER_ARCH ?= aarch64
39# TCR_EL1.IPS needs to be initialized according to the largest physical
40# address that we need to map.
41# Physical address size
42# 32 bits, 4GB.
43# 36 bits, 64GB.
44# (etc.)
45CFG_CORE_ARM64_PA_BITS ?= 32
46$(call force,CFG_WITH_LPAE,y)
47else
48$(call force,CFG_ARM32_core,y)
49CFG_KERN_LINKER_FORMAT ?= elf32-littlearm
50CFG_KERN_LINKER_ARCH ?= arm
51endif
52
53ifeq ($(CFG_TA_FLOAT_SUPPORT),y)
54# Use hard-float for floating point support in user TAs instead of
55# soft-float
56CFG_WITH_VFP ?= y
57ifeq ($(CFG_ARM64_core),y)
58# AArch64 has no fallback to soft-float
59$(call force,CFG_WITH_VFP,y)
60endif
61ifeq ($(CFG_WITH_VFP),y)
62arm64-platform-hard-float-enabled := y
63ifneq ($(CFG_TA_ARM32_NO_HARD_FLOAT_SUPPORT),y)
64arm32-platform-hard-float-enabled := y
65endif
66endif
67endif
68
69# Adds protection against CVE-2017-5715 also know as Spectre
70# (https://spectreattack.com)
71# See also https://developer.arm.com/-/media/Files/pdf/Cache_Speculation_Side-channels.pdf
72# Variant 2
73CFG_CORE_WORKAROUND_SPECTRE_BP ?= y
74# Same as CFG_CORE_WORKAROUND_SPECTRE_BP but targeting exceptions from
75# secure EL0 instead of non-secure world, including mitigation for
76# CVE-2022-23960.
77CFG_CORE_WORKAROUND_SPECTRE_BP_SEC ?= $(CFG_CORE_WORKAROUND_SPECTRE_BP)
78
79# Adds protection against a tool like Cachegrab
80# (https://github.com/nccgroup/cachegrab), which uses non-secure interrupts
81# to prime and later analyze the L1D, L1I and BTB caches to gain
82# information from secure world execution.
83CFG_CORE_WORKAROUND_NSITR_CACHE_PRIME ?= y
84ifeq ($(CFG_CORE_WORKAROUND_NSITR_CACHE_PRIME),y)
85$(call force,CFG_CORE_WORKAROUND_SPECTRE_BP,y,Required by CFG_CORE_WORKAROUND_NSITR_CACHE_PRIME)
86endif
87
88# Adds workarounds against if ARM core is configured with Non-maskable FIQ
89# (NMFI) support. This is indicated by SCTLR.NMFI being true. NMFI cannot be
90# disabled by software and as it affects atomic context end result will be
91# prohibiting FIQ signal usage in OP-TEE and applying some tweaks to make sure
92# FIQ is enabled in critical places.
93CFG_CORE_WORKAROUND_ARM_NMFI ?= n
94
95CFG_CORE_RWDATA_NOEXEC ?= y
96CFG_CORE_RODATA_NOEXEC ?= n
97ifeq ($(CFG_CORE_RODATA_NOEXEC),y)
98$(call force,CFG_CORE_RWDATA_NOEXEC,y)
99endif
100# 'y' to set the Alignment Check Enable bit in SCTLR/SCTLR_EL1, 'n' to clear it
101CFG_SCTLR_ALIGNMENT_CHECK ?= n
102
103ifeq ($(CFG_CORE_LARGE_PHYS_ADDR),y)
104$(call force,CFG_WITH_LPAE,y)
105endif
106
107# SPMC configuration "S-EL1 SPMC" where SPM Core is implemented at S-EL1,
108# that is, OP-TEE.
109ifeq ($(CFG_CORE_SEL1_SPMC),y)
110$(call force,CFG_CORE_FFA,y)
111$(call force,CFG_CORE_SEL2_SPMC,n)
112$(call force,CFG_CORE_EL3_SPMC,n)
113endif
114# SPMC configuration "S-EL2 SPMC" where SPM Core is implemented at S-EL2,
115# that is, the hypervisor sandboxing OP-TEE
116ifeq ($(CFG_CORE_SEL2_SPMC),y)
117$(call force,CFG_CORE_FFA,y)
118$(call force,CFG_CORE_SEL1_SPMC,n)
119$(call force,CFG_CORE_EL3_SPMC,n)
120CFG_CORE_HAFNIUM_INTC ?= y
121# Enable support in OP-TEE to relocate itself to allow it to run from a
122# physical address that differs from the link address
123CFG_CORE_PHYS_RELOCATABLE ?= y
124endif
125# SPMC configuration "EL3 SPMC" where SPM Core is implemented at EL3, that
126# is, in TF-A
127ifeq ($(CFG_CORE_EL3_SPMC),y)
128$(call force,CFG_CORE_FFA,y)
129$(call force,CFG_CORE_SEL2_SPMC,n)
130$(call force,CFG_CORE_SEL1_SPMC,n)
131endif
132
133ifeq ($(CFG_CORE_FFA),y)
134ifneq ($(CFG_DT),y)
135$(error CFG_CORE_FFA depends on CFG_DT)
136endif
137ifneq ($(CFG_ARM64_core),y)
138$(error CFG_CORE_FFA depends on CFG_ARM64_core)
139endif
140endif
141
142ifeq ($(CFG_CORE_PHYS_RELOCATABLE)-$(CFG_WITH_PAGER),y-y)
143$(error CFG_CORE_PHYS_RELOCATABLE and CFG_WITH_PAGER are not compatible)
144endif
145ifeq ($(CFG_CORE_PHYS_RELOCATABLE),y)
146ifneq ($(CFG_CORE_SEL2_SPMC),y)
147$(error CFG_CORE_PHYS_RELOCATABLE depends on CFG_CORE_SEL2_SPMC)
148endif
149endif
150
151ifeq ($(CFG_CORE_FFA)-$(CFG_WITH_PAGER),y-y)
152$(error CFG_CORE_FFA and CFG_WITH_PAGER are not compatible)
153endif
154ifeq ($(CFG_GIC),y)
155ifeq ($(CFG_ARM_GICV3),y)
156$(call force,CFG_CORE_IRQ_IS_NATIVE_INTR,y)
157else
158$(call force,CFG_CORE_IRQ_IS_NATIVE_INTR,n)
159endif
160endif
161
162CFG_CORE_HAFNIUM_INTC ?= n
163ifeq ($(CFG_CORE_HAFNIUM_INTC),y)
164$(call force,CFG_CORE_IRQ_IS_NATIVE_INTR,y)
165endif
166
167# Selects if IRQ is used to signal native interrupt
168# if CFG_CORE_IRQ_IS_NATIVE_INTR == y:
169#   IRQ signals a native interrupt pending
170#   FIQ signals a foreign non-secure interrupt or a managed exit pending
171# else: (vice versa)
172#   IRQ signals a foreign non-secure interrupt or a managed exit pending
173#   FIQ signals a native interrupt pending
174CFG_CORE_IRQ_IS_NATIVE_INTR ?= n
175
176# Unmaps all kernel mode code except the code needed to take exceptions
177# from user space and restore kernel mode mapping again. This gives more
178# strict control over what is accessible while in user mode.
179# Addresses CVE-2017-5715 (aka Meltdown) known to affect Arm Cortex-A75
180CFG_CORE_UNMAP_CORE_AT_EL0 ?= y
181
182# Initialize PMCR.DP to 1 to prohibit cycle counting in secure state, and
183# save/restore PMCR during world switch.
184CFG_SM_NO_CYCLE_COUNTING ?= y
185
186
187# CFG_CORE_ASYNC_NOTIF_GIC_INTID is defined by the platform to some free
188# interrupt. Setting it to a non-zero number enables support for using an
189# Arm-GIC to notify normal world. This config variable should use a value
190# larger or equal to 24 to make it of the type SPI or PPI (secure PPI
191# only).
192# Note that asynchronous notifactions must be enabled with
193# CFG_CORE_ASYNC_NOTIF=y for this variable to be used.
194CFG_CORE_ASYNC_NOTIF_GIC_INTID ?= 0
195
196ifeq ($(CFG_ARM32_core),y)
197# Configration directive related to ARMv7 optee boot arguments.
198# CFG_PAGEABLE_ADDR: if defined, forces pageable data physical address.
199# CFG_NS_ENTRY_ADDR: if defined, forces NS World physical entry address.
200# CFG_DT_ADDR:       if defined, forces Device Tree data physical address.
201endif
202
203# CFG_MAX_CACHE_LINE_SHIFT is used to define platform specific maximum cache
204# line size in address lines. This must cover all inner and outer cache levels.
205# When data is aligned with this and cache operations are performed then those
206# only affect correct data.
207#
208# Default value (6 lines or 64 bytes) should cover most architectures, override
209# this in platform config if different.
210CFG_MAX_CACHE_LINE_SHIFT ?= 6
211
212core-platform-cppflags	+= -I$(arch-dir)/include
213core-platform-subdirs += \
214	$(addprefix $(arch-dir)/, kernel crypto mm tee) $(platform-dir)
215
216ifneq ($(CFG_WITH_ARM_TRUSTED_FW),y)
217core-platform-subdirs += $(arch-dir)/sm
218endif
219
220ifneq ($(CFG_TEE_CORE_EMBED_INTERNAL_TESTS),y)
221core-platform-subdirs += $(arch-dir)/tests
222endif
223
224arm64-platform-cppflags += -DARM64=1 -D__LP64__=1
225arm32-platform-cppflags += -DARM32=1 -D__ILP32__=1
226
227platform-cflags-generic ?= -ffunction-sections -fdata-sections -pipe
228platform-aflags-generic ?= -pipe
229
230arm32-platform-aflags += -marm
231
232arm32-platform-cflags-no-hard-float ?= -mfloat-abi=soft
233arm32-platform-cflags-hard-float ?= -mfloat-abi=hard -funsafe-math-optimizations
234arm32-platform-cflags-generic-thumb ?= -mthumb \
235			-fno-short-enums -fno-common -mno-unaligned-access
236arm32-platform-cflags-generic-arm ?= -marm -fno-omit-frame-pointer -mapcs \
237			-fno-short-enums -fno-common -mno-unaligned-access
238arm32-platform-aflags-no-hard-float ?=
239
240arm64-platform-cflags-no-hard-float ?= -mgeneral-regs-only
241arm64-platform-cflags-hard-float ?=
242arm64-platform-cflags-generic := -mstrict-align $(call cc-option,-mno-outline-atomics,)
243
244ifeq ($(CFG_MEMTAG),y)
245arm64-platform-cflags += -march=armv8.5-a+memtag
246arm64-platform-aflags += -march=armv8.5-a+memtag
247endif
248
249platform-cflags-optimization ?= -O$(CFG_CC_OPT_LEVEL)
250
251ifeq ($(CFG_DEBUG_INFO),y)
252platform-cflags-debug-info ?= -g3
253platform-aflags-debug-info ?= -g
254endif
255
256core-platform-cflags += $(platform-cflags-optimization)
257core-platform-cflags += $(platform-cflags-generic)
258core-platform-cflags += $(platform-cflags-debug-info)
259
260core-platform-aflags += $(platform-aflags-generic)
261core-platform-aflags += $(platform-aflags-debug-info)
262
263ifeq ($(call cfg-one-enabled, CFG_CORE_ASLR CFG_CORE_PHYS_RELOCATABLE),y)
264core-platform-cflags += -fpie
265endif
266
267ifeq ($(CFG_CORE_PAUTH),y)
268bp-core-opt := $(call cc-option,-mbranch-protection=pac-ret+leaf)
269endif
270
271ifeq ($(CFG_CORE_BTI),y)
272bp-core-opt := $(call cc-option,-mbranch-protection=bti)
273endif
274
275ifeq (y-y,$(CFG_CORE_PAUTH)-$(CFG_CORE_BTI))
276bp-core-opt := $(call cc-option,-mbranch-protection=pac-ret+leaf+bti)
277endif
278
279ifeq (y,$(filter $(CFG_CORE_BTI) $(CFG_CORE_PAUTH),y))
280ifeq (,$(bp-core-opt))
281$(error -mbranch-protection not supported)
282endif
283core-platform-cflags += $(bp-core-opt)
284endif
285
286ifeq ($(CFG_ARM64_core),y)
287core-platform-cppflags += $(arm64-platform-cppflags)
288core-platform-cflags += $(arm64-platform-cflags)
289core-platform-cflags += $(arm64-platform-cflags-generic)
290core-platform-cflags += $(arm64-platform-cflags-no-hard-float)
291core-platform-aflags += $(arm64-platform-aflags)
292else
293core-platform-cppflags += $(arm32-platform-cppflags)
294core-platform-cflags += $(arm32-platform-cflags)
295core-platform-cflags += $(arm32-platform-cflags-no-hard-float)
296ifeq ($(CFG_UNWIND),y)
297core-platform-cflags += -funwind-tables
298endif
299ifeq ($(CFG_SYSCALL_FTRACE),y)
300core-platform-cflags += $(arm32-platform-cflags-generic-arm)
301else
302core-platform-cflags += $(arm32-platform-cflags-generic-thumb)
303endif
304core-platform-aflags += $(core_arm32-platform-aflags)
305core-platform-aflags += $(arm32-platform-aflags)
306endif
307
308# Provide default supported-ta-targets if not set by the platform config
309ifeq (,$(supported-ta-targets))
310supported-ta-targets = ta_arm32
311ifeq ($(CFG_ARM64_core),y)
312supported-ta-targets += ta_arm64
313endif
314endif
315
316ta-targets := $(if $(CFG_USER_TA_TARGETS),$(filter $(supported-ta-targets),$(CFG_USER_TA_TARGETS)),$(supported-ta-targets))
317unsup-targets := $(filter-out $(ta-targets),$(CFG_USER_TA_TARGETS))
318ifneq (,$(unsup-targets))
319$(error CFG_USER_TA_TARGETS contains unsupported value(s): $(unsup-targets). Valid values: $(supported-ta-targets))
320endif
321
322ifneq ($(filter ta_arm32,$(ta-targets)),)
323# Variables for ta-target/sm "ta_arm32"
324CFG_ARM32_ta_arm32 := y
325arch-bits-ta_arm32 := 32
326ta_arm32-platform-cppflags += $(arm32-platform-cppflags)
327ta_arm32-platform-cflags += $(arm32-platform-cflags)
328ta_arm32-platform-cflags += $(platform-cflags-optimization)
329ta_arm32-platform-cflags += $(platform-cflags-debug-info)
330ta_arm32-platform-cflags += -fpic
331
332# Thumb mode doesn't support function graph tracing due to missing
333# frame pointer support required to trace function call chain. So
334# rather compile in ARM mode if function tracing is enabled.
335ifeq ($(CFG_FTRACE_SUPPORT),y)
336ta_arm32-platform-cflags += $(arm32-platform-cflags-generic-arm)
337else
338ta_arm32-platform-cflags += $(arm32-platform-cflags-generic-thumb)
339endif
340
341ifeq ($(arm32-platform-hard-float-enabled),y)
342ta_arm32-platform-cflags += $(arm32-platform-cflags-hard-float)
343else
344ta_arm32-platform-cflags += $(arm32-platform-cflags-no-hard-float)
345endif
346ifeq ($(CFG_UNWIND),y)
347ta_arm32-platform-cflags += -funwind-tables
348endif
349ta_arm32-platform-aflags += $(platform-aflags-generic)
350ta_arm32-platform-aflags += $(platform-aflags-debug-info)
351ta_arm32-platform-aflags += $(arm32-platform-aflags)
352
353ta_arm32-platform-cxxflags += -fpic
354ta_arm32-platform-cxxflags += $(arm32-platform-cxxflags)
355ta_arm32-platform-cxxflags += $(platform-cflags-optimization)
356ta_arm32-platform-cxxflags += $(platform-cflags-debug-info)
357
358ifeq ($(arm32-platform-hard-float-enabled),y)
359ta_arm32-platform-cxxflags += $(arm32-platform-cflags-hard-float)
360else
361ta_arm32-platform-cxxflags += $(arm32-platform-cflags-no-hard-float)
362endif
363
364ta-mk-file-export-vars-ta_arm32 += CFG_ARM32_ta_arm32
365ta-mk-file-export-vars-ta_arm32 += ta_arm32-platform-cppflags
366ta-mk-file-export-vars-ta_arm32 += ta_arm32-platform-cflags
367ta-mk-file-export-vars-ta_arm32 += ta_arm32-platform-aflags
368ta-mk-file-export-vars-ta_arm32 += ta_arm32-platform-cxxflags
369
370ta-mk-file-export-add-ta_arm32 += CROSS_COMPILE ?= arm-linux-gnueabihf-_nl_
371ta-mk-file-export-add-ta_arm32 += CROSS_COMPILE32 ?= $$(CROSS_COMPILE)_nl_
372ta-mk-file-export-add-ta_arm32 += CROSS_COMPILE_ta_arm32 ?= $$(CROSS_COMPILE32)_nl_
373ta-mk-file-export-add-ta_arm32 += COMPILER ?= gcc_nl_
374ta-mk-file-export-add-ta_arm32 += COMPILER_ta_arm32 ?= $$(COMPILER)_nl_
375ta-mk-file-export-add-ta_arm32 += PYTHON3 ?= python3_nl_
376endif
377
378ifneq ($(filter ta_arm64,$(ta-targets)),)
379# Variables for ta-target/sm "ta_arm64"
380CFG_ARM64_ta_arm64 := y
381arch-bits-ta_arm64 := 64
382ta_arm64-platform-cppflags += $(arm64-platform-cppflags)
383ta_arm64-platform-cflags += $(arm64-platform-cflags)
384ta_arm64-platform-cflags += $(platform-cflags-optimization)
385ta_arm64-platform-cflags += $(platform-cflags-debug-info)
386ta_arm64-platform-cflags += -fpic
387ta_arm64-platform-cflags += $(arm64-platform-cflags-generic)
388ifeq ($(arm64-platform-hard-float-enabled),y)
389ta_arm64-platform-cflags += $(arm64-platform-cflags-hard-float)
390else
391ta_arm64-platform-cflags += $(arm64-platform-cflags-no-hard-float)
392endif
393ta_arm64-platform-aflags += $(platform-aflags-generic)
394ta_arm64-platform-aflags += $(platform-aflags-debug-info)
395ta_arm64-platform-aflags += $(arm64-platform-aflags)
396
397ta_arm64-platform-cxxflags += -fpic
398ta_arm64-platform-cxxflags += $(platform-cflags-optimization)
399ta_arm64-platform-cxxflags += $(platform-cflags-debug-info)
400
401ifeq ($(CFG_TA_PAUTH),y)
402bp-ta-opt := $(call cc-option,-mbranch-protection=pac-ret+leaf)
403endif
404
405ifeq ($(CFG_TA_BTI),y)
406bp-ta-opt := $(call cc-option,-mbranch-protection=bti)
407endif
408
409ifeq (y-y,$(CFG_TA_PAUTH)-$(CFG_TA_BTI))
410bp-ta-opt := $(call cc-option,-mbranch-protection=pac-ret+leaf+bti)
411endif
412
413ifeq (y,$(filter $(CFG_TA_BTI) $(CFG_TA_PAUTH),y))
414ifeq (,$(bp-ta-opt))
415$(error -mbranch-protection not supported)
416endif
417ta_arm64-platform-cflags += $(bp-ta-opt)
418endif
419
420ta-mk-file-export-vars-ta_arm64 += CFG_ARM64_ta_arm64
421ta-mk-file-export-vars-ta_arm64 += ta_arm64-platform-cppflags
422ta-mk-file-export-vars-ta_arm64 += ta_arm64-platform-cflags
423ta-mk-file-export-vars-ta_arm64 += ta_arm64-platform-aflags
424ta-mk-file-export-vars-ta_arm64 += ta_arm64-platform-cxxflags
425
426ta-mk-file-export-add-ta_arm64 += CROSS_COMPILE64 ?= $$(CROSS_COMPILE)_nl_
427ta-mk-file-export-add-ta_arm64 += CROSS_COMPILE_ta_arm64 ?= $$(CROSS_COMPILE64)_nl_
428ta-mk-file-export-add-ta_arm64 += COMPILER ?= gcc_nl_
429ta-mk-file-export-add-ta_arm64 += COMPILER_ta_arm64 ?= $$(COMPILER)_nl_
430ta-mk-file-export-add-ta_arm64 += PYTHON3 ?= python3_nl_
431endif
432
433# Set cross compiler prefix for each TA target
434$(foreach sm, $(ta-targets), $(eval CROSS_COMPILE_$(sm) ?= $(CROSS_COMPILE$(arch-bits-$(sm)))))
435
436arm32-sysreg-txt = core/arch/arm/kernel/arm32_sysreg.txt
437arm32-sysregs-$(arm32-sysreg-txt)-h := arm32_sysreg.h
438arm32-sysregs-$(arm32-sysreg-txt)-s := arm32_sysreg.S
439arm32-sysregs += $(arm32-sysreg-txt)
440
441ifeq ($(CFG_ARM_GICV3),y)
442arm32-gicv3-sysreg-txt = core/arch/arm/kernel/arm32_gicv3_sysreg.txt
443arm32-sysregs-$(arm32-gicv3-sysreg-txt)-h := arm32_gicv3_sysreg.h
444arm32-sysregs-$(arm32-gicv3-sysreg-txt)-s := arm32_gicv3_sysreg.S
445arm32-sysregs += $(arm32-gicv3-sysreg-txt)
446endif
447
448arm32-sysregs-out := $(out-dir)/$(sm)/include/generated
449
450define process-arm32-sysreg
451FORCE-GENSRC$(sm): $$(arm32-sysregs-out)/$$(arm32-sysregs-$(1)-h)
452cleanfiles := $$(cleanfiles) $$(arm32-sysregs-out)/$$(arm32-sysregs-$(1)-h)
453
454$$(arm32-sysregs-out)/$$(arm32-sysregs-$(1)-h): $(1) scripts/arm32_sysreg.py
455	@$(cmd-echo-silent) '  GEN     $$@'
456	$(q)mkdir -p $$(dir $$@)
457	$(q)scripts/arm32_sysreg.py --guard __$$(arm32-sysregs-$(1)-h) \
458		< $$< > $$@
459
460FORCE-GENSRC$(sm): $$(arm32-sysregs-out)/$$(arm32-sysregs-$(1)-s)
461cleanfiles := $$(cleanfiles) $$(arm32-sysregs-out)/$$(arm32-sysregs-$(1)-s)
462
463$$(arm32-sysregs-out)/$$(arm32-sysregs-$(1)-s): $(1) scripts/arm32_sysreg.py
464	@$(cmd-echo-silent) '  GEN     $$@'
465	$(q)mkdir -p $$(dir $$@)
466	$(q)scripts/arm32_sysreg.py --s_file < $$< > $$@
467endef #process-arm32-sysreg
468
469$(foreach sr, $(arm32-sysregs), $(eval $(call process-arm32-sysreg,$(sr))))
470