xref: /optee_os/core/arch/arm/arm.mk (revision 08a5c4f9ae421384e52b87107283181e3fddf056) 
1# Setup compiler for the core module
2ifeq ($(CFG_ARM64_core),y)
3arch-bits-core := 64
4else
5arch-bits-core := 32
6endif
7CROSS_COMPILE_core := $(CROSS_COMPILE$(arch-bits-core))
8COMPILER_core := $(COMPILER)
9include mk/$(COMPILER_core).mk
10
11# Defines the cc-option macro using the compiler set for the core module
12include mk/cc-option.mk
13
14# Size of emulated TrustZone protected SRAM, 448 kB.
15# Only applicable when paging is enabled.
16CFG_CORE_TZSRAM_EMUL_SIZE ?= 458752
17
18ifneq ($(CFG_LPAE_ADDR_SPACE_SIZE),)
19$(warning Error: CFG_LPAE_ADDR_SPACE_SIZE is not supported any longer)
20$(error Error: Please use CFG_LPAE_ADDR_SPACE_BITS instead)
21endif
22
23CFG_LPAE_ADDR_SPACE_BITS ?= 32
24
25CFG_MMAP_REGIONS ?= 13
26CFG_RESERVED_VASPACE_SIZE ?= (1024 * 1024 * 10)
27
28ifeq ($(CFG_ARM64_core),y)
29CFG_KERN_LINKER_FORMAT ?= elf64-littleaarch64
30CFG_KERN_LINKER_ARCH ?= aarch64
31# TCR_EL1.IPS needs to be initialized according to the largest physical
32# address that we need to map.
33# Physical address size
34# 32 bits, 4GB.
35# 36 bits, 64GB.
36# (etc.)
37CFG_CORE_ARM64_PA_BITS ?= 32
38else
39ifeq ($(CFG_ARM32_core),y)
40CFG_KERN_LINKER_FORMAT ?= elf32-littlearm
41CFG_KERN_LINKER_ARCH ?= arm
42else
43$(error Error: CFG_ARM64_core or CFG_ARM32_core should be defined)
44endif
45endif
46
47ifeq ($(CFG_TA_FLOAT_SUPPORT),y)
48# Use hard-float for floating point support in user TAs instead of
49# soft-float
50CFG_WITH_VFP ?= y
51ifeq ($(CFG_ARM64_core),y)
52# AArch64 has no fallback to soft-float
53$(call force,CFG_WITH_VFP,y)
54endif
55ifeq ($(CFG_WITH_VFP),y)
56arm64-platform-hard-float-enabled := y
57ifneq ($(CFG_TA_ARM32_NO_HARD_FLOAT_SUPPORT),y)
58arm32-platform-hard-float-enabled := y
59endif
60endif
61endif
62
63# Adds protection against CVE-2017-5715 also know as Spectre
64# (https://spectreattack.com)
65# See also https://developer.arm.com/-/media/Files/pdf/Cache_Speculation_Side-channels.pdf
66# Variant 2
67CFG_CORE_WORKAROUND_SPECTRE_BP ?= y
68# Same as CFG_CORE_WORKAROUND_SPECTRE_BP but targeting exceptions from
69# secure EL0 instead of non-secure world, including mitigation for
70# CVE-2022-23960.
71CFG_CORE_WORKAROUND_SPECTRE_BP_SEC ?= $(CFG_CORE_WORKAROUND_SPECTRE_BP)
72
73# Adds protection against a tool like Cachegrab
74# (https://github.com/nccgroup/cachegrab), which uses non-secure interrupts
75# to prime and later analyze the L1D, L1I and BTB caches to gain
76# information from secure world execution.
77CFG_CORE_WORKAROUND_NSITR_CACHE_PRIME ?= y
78ifeq ($(CFG_CORE_WORKAROUND_NSITR_CACHE_PRIME),y)
79$(call force,CFG_CORE_WORKAROUND_SPECTRE_BP,y,Required by CFG_CORE_WORKAROUND_NSITR_CACHE_PRIME)
80endif
81
82CFG_CORE_RWDATA_NOEXEC ?= y
83CFG_CORE_RODATA_NOEXEC ?= n
84ifeq ($(CFG_CORE_RODATA_NOEXEC),y)
85$(call force,CFG_CORE_RWDATA_NOEXEC,y)
86endif
87# 'y' to set the Alignment Check Enable bit in SCTLR/SCTLR_EL1, 'n' to clear it
88CFG_SCTLR_ALIGNMENT_CHECK ?= n
89
90ifeq ($(CFG_CORE_LARGE_PHYS_ADDR),y)
91$(call force,CFG_WITH_LPAE,y)
92endif
93
94# SPMC configuration "S-EL1 SPMC" where SPM Core is implemented at S-EL1,
95# that is, OP-TEE.
96ifeq ($(CFG_CORE_SEL1_SPMC),y)
97$(call force,CFG_CORE_FFA,y)
98$(call force,CFG_CORE_SEL2_SPMC,n)
99$(call force,CFG_CORE_EL3_SPMC,n)
100endif
101# SPMC configuration "S-EL2 SPMC" where SPM Core is implemented at S-EL2,
102# that is, the hypervisor sandboxing OP-TEE
103ifeq ($(CFG_CORE_SEL2_SPMC),y)
104$(call force,CFG_CORE_FFA,y)
105$(call force,CFG_CORE_SEL1_SPMC,n)
106$(call force,CFG_CORE_EL3_SPMC,n)
107endif
108# SPMC configuration "EL3 SPMC" where SPM Core is implemented at EL3, that
109# is, in TF-A
110ifeq ($(CFG_CORE_EL3_SPMC),y)
111$(call force,CFG_CORE_FFA,y)
112$(call force,CFG_CORE_SEL2_SPMC,n)
113$(call force,CFG_CORE_SEL1_SPMC,n)
114endif
115
116# Unmaps all kernel mode code except the code needed to take exceptions
117# from user space and restore kernel mode mapping again. This gives more
118# strict control over what is accessible while in user mode.
119# Addresses CVE-2017-5715 (aka Meltdown) known to affect Arm Cortex-A75
120CFG_CORE_UNMAP_CORE_AT_EL0 ?= y
121
122# Initialize PMCR.DP to 1 to prohibit cycle counting in secure state, and
123# save/restore PMCR during world switch.
124CFG_SM_NO_CYCLE_COUNTING ?= y
125
126
127# CFG_CORE_ASYNC_NOTIF_GIC_INTID is defined by the platform to some free
128# interrupt. Setting it to a non-zero number enables support for using an
129# Arm-GIC to notify normal world. This config variable should use a value
130# larger the 32 to make it of the type SPI.
131# Note that asynchronous notifactions must be enabled with
132# CFG_CORE_ASYNC_NOTIF=y for this variable to be used.
133CFG_CORE_ASYNC_NOTIF_GIC_INTID ?= 0
134
135ifeq ($(CFG_ARM32_core),y)
136# Configration directive related to ARMv7 optee boot arguments.
137# CFG_PAGEABLE_ADDR: if defined, forces pageable data physical address.
138# CFG_NS_ENTRY_ADDR: if defined, forces NS World physical entry address.
139# CFG_DT_ADDR:       if defined, forces Device Tree data physical address.
140endif
141
142core-platform-cppflags	+= -I$(arch-dir)/include
143core-platform-subdirs += \
144	$(addprefix $(arch-dir)/, kernel crypto mm tee) $(platform-dir)
145
146ifneq ($(CFG_WITH_ARM_TRUSTED_FW),y)
147core-platform-subdirs += $(arch-dir)/sm
148endif
149
150arm64-platform-cppflags += -DARM64=1 -D__LP64__=1
151arm32-platform-cppflags += -DARM32=1 -D__ILP32__=1
152
153platform-cflags-generic ?= -ffunction-sections -fdata-sections -pipe
154platform-aflags-generic ?= -pipe
155
156arm32-platform-aflags += -marm
157
158arm32-platform-cflags-no-hard-float ?= -mfloat-abi=soft
159arm32-platform-cflags-hard-float ?= -mfloat-abi=hard -funsafe-math-optimizations
160arm32-platform-cflags-generic-thumb ?= -mthumb \
161			-fno-short-enums -fno-common -mno-unaligned-access
162arm32-platform-cflags-generic-arm ?= -marm -fno-omit-frame-pointer -mapcs \
163			-fno-short-enums -fno-common -mno-unaligned-access
164arm32-platform-aflags-no-hard-float ?=
165
166arm64-platform-cflags-no-hard-float ?= -mgeneral-regs-only
167arm64-platform-cflags-hard-float ?=
168arm64-platform-cflags-generic := -mstrict-align $(call cc-option,-mno-outline-atomics,)
169
170ifeq ($(CFG_MEMTAG),y)
171arm64-platform-cflags += -march=armv8.5-a+memtag
172arm64-platform-aflags += -march=armv8.5-a+memtag
173endif
174
175platform-cflags-optimization ?= -O$(CFG_CC_OPT_LEVEL)
176
177ifeq ($(CFG_DEBUG_INFO),y)
178platform-cflags-debug-info ?= -g3
179platform-aflags-debug-info ?= -g
180endif
181
182core-platform-cflags += $(platform-cflags-optimization)
183core-platform-cflags += $(platform-cflags-generic)
184core-platform-cflags += $(platform-cflags-debug-info)
185
186core-platform-aflags += $(platform-aflags-generic)
187core-platform-aflags += $(platform-aflags-debug-info)
188
189ifeq ($(CFG_CORE_ASLR),y)
190core-platform-cflags += -fpie
191endif
192
193ifeq ($(CFG_CORE_BTI),y)
194bti-opt := $(call cc-option,-mbranch-protection=bti)
195ifeq (,$(bti-opt))
196$(error -mbranch-protection=bti not supported)
197endif
198core-platform-cflags += $(bti-opt)
199endif
200
201ifeq ($(CFG_ARM64_core),y)
202core-platform-cppflags += $(arm64-platform-cppflags)
203core-platform-cflags += $(arm64-platform-cflags)
204core-platform-cflags += $(arm64-platform-cflags-generic)
205core-platform-cflags += $(arm64-platform-cflags-no-hard-float)
206core-platform-aflags += $(arm64-platform-aflags)
207else
208core-platform-cppflags += $(arm32-platform-cppflags)
209core-platform-cflags += $(arm32-platform-cflags)
210core-platform-cflags += $(arm32-platform-cflags-no-hard-float)
211ifeq ($(CFG_UNWIND),y)
212core-platform-cflags += -funwind-tables
213endif
214ifeq ($(CFG_SYSCALL_FTRACE),y)
215core-platform-cflags += $(arm32-platform-cflags-generic-arm)
216else
217core-platform-cflags += $(arm32-platform-cflags-generic-thumb)
218endif
219core-platform-aflags += $(core_arm32-platform-aflags)
220core-platform-aflags += $(arm32-platform-aflags)
221endif
222
223# Provide default supported-ta-targets if not set by the platform config
224ifeq (,$(supported-ta-targets))
225supported-ta-targets = ta_arm32
226ifeq ($(CFG_ARM64_core),y)
227supported-ta-targets += ta_arm64
228endif
229endif
230
231ta-targets := $(if $(CFG_USER_TA_TARGETS),$(filter $(supported-ta-targets),$(CFG_USER_TA_TARGETS)),$(supported-ta-targets))
232unsup-targets := $(filter-out $(ta-targets),$(CFG_USER_TA_TARGETS))
233ifneq (,$(unsup-targets))
234$(error CFG_USER_TA_TARGETS contains unsupported value(s): $(unsup-targets). Valid values: $(supported-ta-targets))
235endif
236
237ifneq ($(filter ta_arm32,$(ta-targets)),)
238# Variables for ta-target/sm "ta_arm32"
239CFG_ARM32_ta_arm32 := y
240arch-bits-ta_arm32 := 32
241ta_arm32-platform-cppflags += $(arm32-platform-cppflags)
242ta_arm32-platform-cflags += $(arm32-platform-cflags)
243ta_arm32-platform-cflags += $(platform-cflags-optimization)
244ta_arm32-platform-cflags += $(platform-cflags-debug-info)
245ta_arm32-platform-cflags += -fpic
246
247# Thumb mode doesn't support function graph tracing due to missing
248# frame pointer support required to trace function call chain. So
249# rather compile in ARM mode if function tracing is enabled.
250ifeq ($(CFG_FTRACE_SUPPORT),y)
251ta_arm32-platform-cflags += $(arm32-platform-cflags-generic-arm)
252else
253ta_arm32-platform-cflags += $(arm32-platform-cflags-generic-thumb)
254endif
255
256ifeq ($(arm32-platform-hard-float-enabled),y)
257ta_arm32-platform-cflags += $(arm32-platform-cflags-hard-float)
258else
259ta_arm32-platform-cflags += $(arm32-platform-cflags-no-hard-float)
260endif
261ifeq ($(CFG_UNWIND),y)
262ta_arm32-platform-cflags += -funwind-tables
263endif
264ta_arm32-platform-aflags += $(platform-aflags-generic)
265ta_arm32-platform-aflags += $(platform-aflags-debug-info)
266ta_arm32-platform-aflags += $(arm32-platform-aflags)
267
268ta_arm32-platform-cxxflags += -fpic
269ta_arm32-platform-cxxflags += $(arm32-platform-cxxflags)
270ta_arm32-platform-cxxflags += $(platform-cflags-optimization)
271ta_arm32-platform-cxxflags += $(platform-cflags-debug-info)
272
273ifeq ($(arm32-platform-hard-float-enabled),y)
274ta_arm32-platform-cxxflags += $(arm32-platform-cflags-hard-float)
275else
276ta_arm32-platform-cxxflags += $(arm32-platform-cflags-no-hard-float)
277endif
278
279ta-mk-file-export-vars-ta_arm32 += CFG_ARM32_ta_arm32
280ta-mk-file-export-vars-ta_arm32 += ta_arm32-platform-cppflags
281ta-mk-file-export-vars-ta_arm32 += ta_arm32-platform-cflags
282ta-mk-file-export-vars-ta_arm32 += ta_arm32-platform-aflags
283ta-mk-file-export-vars-ta_arm32 += ta_arm32-platform-cxxflags
284
285ta-mk-file-export-add-ta_arm32 += CROSS_COMPILE ?= arm-linux-gnueabihf-_nl_
286ta-mk-file-export-add-ta_arm32 += CROSS_COMPILE32 ?= $$(CROSS_COMPILE)_nl_
287ta-mk-file-export-add-ta_arm32 += CROSS_COMPILE_ta_arm32 ?= $$(CROSS_COMPILE32)_nl_
288ta-mk-file-export-add-ta_arm32 += COMPILER ?= gcc_nl_
289ta-mk-file-export-add-ta_arm32 += COMPILER_ta_arm32 ?= $$(COMPILER)_nl_
290ta-mk-file-export-add-ta_arm32 += PYTHON3 ?= python3_nl_
291endif
292
293ifneq ($(filter ta_arm64,$(ta-targets)),)
294# Variables for ta-target/sm "ta_arm64"
295CFG_ARM64_ta_arm64 := y
296arch-bits-ta_arm64 := 64
297ta_arm64-platform-cppflags += $(arm64-platform-cppflags)
298ta_arm64-platform-cflags += $(arm64-platform-cflags)
299ta_arm64-platform-cflags += $(platform-cflags-optimization)
300ta_arm64-platform-cflags += $(platform-cflags-debug-info)
301ta_arm64-platform-cflags += -fpic
302ta_arm64-platform-cflags += $(arm64-platform-cflags-generic)
303ifeq ($(arm64-platform-hard-float-enabled),y)
304ta_arm64-platform-cflags += $(arm64-platform-cflags-hard-float)
305else
306ta_arm64-platform-cflags += $(arm64-platform-cflags-no-hard-float)
307endif
308ta_arm64-platform-aflags += $(platform-aflags-generic)
309ta_arm64-platform-aflags += $(platform-aflags-debug-info)
310ta_arm64-platform-aflags += $(arm64-platform-aflags)
311
312ta_arm64-platform-cxxflags += -fpic
313ta_arm64-platform-cxxflags += $(platform-cflags-optimization)
314ta_arm64-platform-cxxflags += $(platform-cflags-debug-info)
315
316ifeq ($(CFG_TA_PAUTH),y)
317bp-ta-opt := $(call cc-option,-mbranch-protection=pac-ret+leaf)
318endif
319
320ifeq ($(CFG_TA_BTI),y)
321bp-ta-opt := $(call cc-option,-mbranch-protection=bti)
322endif
323
324ifeq (y-y,$(CFG_TA_PAUTH)-$(CFG_TA_BTI))
325bp-ta-opt := $(call cc-option,-mbranch-protection=pac-ret+leaf+bti)
326endif
327
328ifeq (y,$(filter $(CFG_TA_BTI) $(CFG_TA_PAUTH),y))
329ifeq (,$(bp-ta-opt))
330$(error -mbranch-protection not supported)
331endif
332ta_arm64-platform-cflags += $(bp-ta-opt)
333endif
334
335ta-mk-file-export-vars-ta_arm64 += CFG_ARM64_ta_arm64
336ta-mk-file-export-vars-ta_arm64 += ta_arm64-platform-cppflags
337ta-mk-file-export-vars-ta_arm64 += ta_arm64-platform-cflags
338ta-mk-file-export-vars-ta_arm64 += ta_arm64-platform-aflags
339ta-mk-file-export-vars-ta_arm64 += ta_arm64-platform-cxxflags
340
341ta-mk-file-export-add-ta_arm64 += CROSS_COMPILE64 ?= $$(CROSS_COMPILE)_nl_
342ta-mk-file-export-add-ta_arm64 += CROSS_COMPILE_ta_arm64 ?= $$(CROSS_COMPILE64)_nl_
343ta-mk-file-export-add-ta_arm64 += COMPILER ?= gcc_nl_
344ta-mk-file-export-add-ta_arm64 += COMPILER_ta_arm64 ?= $$(COMPILER)_nl_
345ta-mk-file-export-add-ta_arm64 += PYTHON3 ?= python3_nl_
346endif
347
348# Set cross compiler prefix for each TA target
349$(foreach sm, $(ta-targets), $(eval CROSS_COMPILE_$(sm) ?= $(CROSS_COMPILE$(arch-bits-$(sm)))))
350
351arm32-sysreg-txt = core/arch/arm/kernel/arm32_sysreg.txt
352arm32-sysregs-$(arm32-sysreg-txt)-h := arm32_sysreg.h
353arm32-sysregs-$(arm32-sysreg-txt)-s := arm32_sysreg.S
354arm32-sysregs += $(arm32-sysreg-txt)
355
356ifeq ($(CFG_ARM_GICV3),y)
357arm32-gicv3-sysreg-txt = core/arch/arm/kernel/arm32_gicv3_sysreg.txt
358arm32-sysregs-$(arm32-gicv3-sysreg-txt)-h := arm32_gicv3_sysreg.h
359arm32-sysregs-$(arm32-gicv3-sysreg-txt)-s := arm32_gicv3_sysreg.S
360arm32-sysregs += $(arm32-gicv3-sysreg-txt)
361endif
362
363arm32-sysregs-out := $(out-dir)/$(sm)/include/generated
364
365define process-arm32-sysreg
366FORCE-GENSRC$(sm): $$(arm32-sysregs-out)/$$(arm32-sysregs-$(1)-h)
367cleanfiles := $$(cleanfiles) $$(arm32-sysregs-out)/$$(arm32-sysregs-$(1)-h)
368
369$$(arm32-sysregs-out)/$$(arm32-sysregs-$(1)-h): $(1) scripts/arm32_sysreg.py
370	@$(cmd-echo-silent) '  GEN     $$@'
371	$(q)mkdir -p $$(dir $$@)
372	$(q)scripts/arm32_sysreg.py --guard __$$(arm32-sysregs-$(1)-h) \
373		< $$< > $$@
374
375FORCE-GENSRC$(sm): $$(arm32-sysregs-out)/$$(arm32-sysregs-$(1)-s)
376cleanfiles := $$(cleanfiles) $$(arm32-sysregs-out)/$$(arm32-sysregs-$(1)-s)
377
378$$(arm32-sysregs-out)/$$(arm32-sysregs-$(1)-s): $(1) scripts/arm32_sysreg.py
379	@$(cmd-echo-silent) '  GEN     $$@'
380	$(q)mkdir -p $$(dir $$@)
381	$(q)scripts/arm32_sysreg.py --s_file < $$< > $$@
382endef #process-arm32-sysreg
383
384$(foreach sr, $(arm32-sysregs), $(eval $(call process-arm32-sysreg,$(sr))))
385