xref: /optee_os/core/arch/arm/arm.mk (revision 5f7f88c6b9d618d1e068166bbf2b07757350791d) 
1# Setup compiler for the core module
2ifeq ($(CFG_ARM64_core),y)
3arch-bits-core := 64
4else
5arch-bits-core := 32
6endif
7CROSS_COMPILE_core := $(CROSS_COMPILE$(arch-bits-core))
8COMPILER_core := $(COMPILER)
9include mk/$(COMPILER_core).mk
10
11# Defines the cc-option macro using the compiler set for the core module
12include mk/cc-option.mk
13
14# Size of emulated TrustZone protected SRAM, 448 kB.
15# Only applicable when paging is enabled.
16CFG_CORE_TZSRAM_EMUL_SIZE ?= 458752
17
18ifneq ($(CFG_LPAE_ADDR_SPACE_SIZE),)
19$(warning Error: CFG_LPAE_ADDR_SPACE_SIZE is not supported any longer)
20$(error Error: Please use CFG_LPAE_ADDR_SPACE_BITS instead)
21endif
22
23CFG_LPAE_ADDR_SPACE_BITS ?= 32
24
25CFG_MMAP_REGIONS ?= 13
26CFG_RESERVED_VASPACE_SIZE ?= (1024 * 1024 * 10)
27
28ifeq ($(CFG_ARM64_core),y)
29ifeq ($(CFG_ARM32_core),y)
30$(error CFG_ARM64_core and CFG_ARM32_core cannot be both 'y')
31endif
32CFG_KERN_LINKER_FORMAT ?= elf64-littleaarch64
33CFG_KERN_LINKER_ARCH ?= aarch64
34# TCR_EL1.IPS needs to be initialized according to the largest physical
35# address that we need to map.
36# Physical address size
37# 32 bits, 4GB.
38# 36 bits, 64GB.
39# (etc.)
40CFG_CORE_ARM64_PA_BITS ?= 32
41$(call force,CFG_WITH_LPAE,y)
42else
43$(call force,CFG_ARM32_core,y)
44CFG_KERN_LINKER_FORMAT ?= elf32-littlearm
45CFG_KERN_LINKER_ARCH ?= arm
46endif
47
48ifeq ($(CFG_TA_FLOAT_SUPPORT),y)
49# Use hard-float for floating point support in user TAs instead of
50# soft-float
51CFG_WITH_VFP ?= y
52ifeq ($(CFG_ARM64_core),y)
53# AArch64 has no fallback to soft-float
54$(call force,CFG_WITH_VFP,y)
55endif
56ifeq ($(CFG_WITH_VFP),y)
57arm64-platform-hard-float-enabled := y
58ifneq ($(CFG_TA_ARM32_NO_HARD_FLOAT_SUPPORT),y)
59arm32-platform-hard-float-enabled := y
60endif
61endif
62endif
63
64# Adds protection against CVE-2017-5715 also know as Spectre
65# (https://spectreattack.com)
66# See also https://developer.arm.com/-/media/Files/pdf/Cache_Speculation_Side-channels.pdf
67# Variant 2
68CFG_CORE_WORKAROUND_SPECTRE_BP ?= y
69# Same as CFG_CORE_WORKAROUND_SPECTRE_BP but targeting exceptions from
70# secure EL0 instead of non-secure world, including mitigation for
71# CVE-2022-23960.
72CFG_CORE_WORKAROUND_SPECTRE_BP_SEC ?= $(CFG_CORE_WORKAROUND_SPECTRE_BP)
73
74# Adds protection against a tool like Cachegrab
75# (https://github.com/nccgroup/cachegrab), which uses non-secure interrupts
76# to prime and later analyze the L1D, L1I and BTB caches to gain
77# information from secure world execution.
78CFG_CORE_WORKAROUND_NSITR_CACHE_PRIME ?= y
79ifeq ($(CFG_CORE_WORKAROUND_NSITR_CACHE_PRIME),y)
80$(call force,CFG_CORE_WORKAROUND_SPECTRE_BP,y,Required by CFG_CORE_WORKAROUND_NSITR_CACHE_PRIME)
81endif
82
83# Adds workarounds against if ARM core is configured with Non-maskable FIQ
84# (NMFI) support. This is indicated by SCTLR.NMFI being true. NMFI cannot be
85# disabled by software and as it affects atomic context end result will be
86# prohibiting FIQ signal usage in OP-TEE and applying some tweaks to make sure
87# FIQ is enabled in critical places.
88CFG_CORE_WORKAROUND_ARM_NMFI ?= n
89
90CFG_CORE_RWDATA_NOEXEC ?= y
91CFG_CORE_RODATA_NOEXEC ?= n
92ifeq ($(CFG_CORE_RODATA_NOEXEC),y)
93$(call force,CFG_CORE_RWDATA_NOEXEC,y)
94endif
95# 'y' to set the Alignment Check Enable bit in SCTLR/SCTLR_EL1, 'n' to clear it
96CFG_SCTLR_ALIGNMENT_CHECK ?= n
97
98ifeq ($(CFG_CORE_LARGE_PHYS_ADDR),y)
99$(call force,CFG_WITH_LPAE,y)
100endif
101
102# SPMC configuration "S-EL1 SPMC" where SPM Core is implemented at S-EL1,
103# that is, OP-TEE.
104ifeq ($(CFG_CORE_SEL1_SPMC),y)
105$(call force,CFG_CORE_FFA,y)
106$(call force,CFG_CORE_SEL2_SPMC,n)
107$(call force,CFG_CORE_EL3_SPMC,n)
108endif
109# SPMC configuration "S-EL2 SPMC" where SPM Core is implemented at S-EL2,
110# that is, the hypervisor sandboxing OP-TEE
111ifeq ($(CFG_CORE_SEL2_SPMC),y)
112$(call force,CFG_CORE_FFA,y)
113$(call force,CFG_CORE_SEL1_SPMC,n)
114$(call force,CFG_CORE_EL3_SPMC,n)
115CFG_CORE_HAFNIUM_INTC ?= y
116# Enable support in OP-TEE to relocate itself to allow it to run from a
117# physical address that differs from the link address
118CFG_CORE_PHYS_RELOCATABLE ?= y
119endif
120# SPMC configuration "EL3 SPMC" where SPM Core is implemented at EL3, that
121# is, in TF-A
122ifeq ($(CFG_CORE_EL3_SPMC),y)
123$(call force,CFG_CORE_FFA,y)
124$(call force,CFG_CORE_SEL2_SPMC,n)
125$(call force,CFG_CORE_SEL1_SPMC,n)
126endif
127
128ifeq ($(CFG_CORE_FFA),y)
129ifneq ($(CFG_DT),y)
130$(error CFG_CORE_FFA depends on CFG_DT)
131endif
132ifneq ($(CFG_ARM64_core),y)
133$(error CFG_CORE_FFA depends on CFG_ARM64_core)
134endif
135endif
136
137ifeq ($(CFG_CORE_PHYS_RELOCATABLE)-$(CFG_WITH_PAGER),y-y)
138$(error CFG_CORE_PHYS_RELOCATABLE and CFG_WITH_PAGER are not compatible)
139endif
140ifeq ($(CFG_CORE_PHYS_RELOCATABLE),y)
141ifneq ($(CFG_CORE_SEL2_SPMC),y)
142$(error CFG_CORE_PHYS_RELOCATABLE depends on CFG_CORE_SEL2_SPMC)
143endif
144endif
145
146ifeq ($(CFG_CORE_FFA)-$(CFG_WITH_PAGER),y-y)
147$(error CFG_CORE_FFA and CFG_WITH_PAGER are not compatible)
148endif
149ifeq ($(CFG_GIC),y)
150ifeq ($(CFG_ARM_GICV3),y)
151$(call force,CFG_CORE_IRQ_IS_NATIVE_INTR,y)
152else
153$(call force,CFG_CORE_IRQ_IS_NATIVE_INTR,n)
154endif
155endif
156
157CFG_CORE_HAFNIUM_INTC ?= n
158ifeq ($(CFG_CORE_HAFNIUM_INTC),y)
159$(call force,CFG_CORE_IRQ_IS_NATIVE_INTR,y)
160endif
161
162# Selects if IRQ is used to signal native interrupt
163# if CFG_CORE_IRQ_IS_NATIVE_INTR == y:
164#   IRQ signals a native interrupt pending
165#   FIQ signals a foreign non-secure interrupt or a managed exit pending
166# else: (vice versa)
167#   IRQ signals a foreign non-secure interrupt or a managed exit pending
168#   FIQ signals a native interrupt pending
169CFG_CORE_IRQ_IS_NATIVE_INTR ?= n
170
171# Unmaps all kernel mode code except the code needed to take exceptions
172# from user space and restore kernel mode mapping again. This gives more
173# strict control over what is accessible while in user mode.
174# Addresses CVE-2017-5715 (aka Meltdown) known to affect Arm Cortex-A75
175CFG_CORE_UNMAP_CORE_AT_EL0 ?= y
176
177# Initialize PMCR.DP to 1 to prohibit cycle counting in secure state, and
178# save/restore PMCR during world switch.
179CFG_SM_NO_CYCLE_COUNTING ?= y
180
181
182# CFG_CORE_ASYNC_NOTIF_GIC_INTID is defined by the platform to some free
183# interrupt. Setting it to a non-zero number enables support for using an
184# Arm-GIC to notify normal world. This config variable should use a value
185# larger or equal to 24 to make it of the type SPI or PPI (secure PPI
186# only).
187# Note that asynchronous notifactions must be enabled with
188# CFG_CORE_ASYNC_NOTIF=y for this variable to be used.
189CFG_CORE_ASYNC_NOTIF_GIC_INTID ?= 0
190
191ifeq ($(CFG_ARM32_core),y)
192# Configration directive related to ARMv7 optee boot arguments.
193# CFG_PAGEABLE_ADDR: if defined, forces pageable data physical address.
194# CFG_NS_ENTRY_ADDR: if defined, forces NS World physical entry address.
195# CFG_DT_ADDR:       if defined, forces Device Tree data physical address.
196endif
197
198# CFG_MAX_CACHE_LINE_SHIFT is used to define platform specific maximum cache
199# line size in address lines. This must cover all inner and outer cache levels.
200# When data is aligned with this and cache operations are performed then those
201# only affect correct data.
202#
203# Default value (6 lines or 64 bytes) should cover most architectures, override
204# this in platform config if different.
205CFG_MAX_CACHE_LINE_SHIFT ?= 6
206
207core-platform-cppflags	+= -I$(arch-dir)/include
208core-platform-subdirs += \
209	$(addprefix $(arch-dir)/, kernel crypto mm tee) $(platform-dir)
210
211ifneq ($(CFG_WITH_ARM_TRUSTED_FW),y)
212core-platform-subdirs += $(arch-dir)/sm
213endif
214
215arm64-platform-cppflags += -DARM64=1 -D__LP64__=1
216arm32-platform-cppflags += -DARM32=1 -D__ILP32__=1
217
218platform-cflags-generic ?= -ffunction-sections -fdata-sections -pipe
219platform-aflags-generic ?= -pipe
220
221arm32-platform-aflags += -marm
222
223arm32-platform-cflags-no-hard-float ?= -mfloat-abi=soft
224arm32-platform-cflags-hard-float ?= -mfloat-abi=hard -funsafe-math-optimizations
225arm32-platform-cflags-generic-thumb ?= -mthumb \
226			-fno-short-enums -fno-common -mno-unaligned-access
227arm32-platform-cflags-generic-arm ?= -marm -fno-omit-frame-pointer -mapcs \
228			-fno-short-enums -fno-common -mno-unaligned-access
229arm32-platform-aflags-no-hard-float ?=
230
231arm64-platform-cflags-no-hard-float ?= -mgeneral-regs-only
232arm64-platform-cflags-hard-float ?=
233arm64-platform-cflags-generic := -mstrict-align $(call cc-option,-mno-outline-atomics,)
234
235ifeq ($(CFG_MEMTAG),y)
236arm64-platform-cflags += -march=armv8.5-a+memtag
237arm64-platform-aflags += -march=armv8.5-a+memtag
238endif
239
240platform-cflags-optimization ?= -O$(CFG_CC_OPT_LEVEL)
241
242ifeq ($(CFG_DEBUG_INFO),y)
243platform-cflags-debug-info ?= -g3
244platform-aflags-debug-info ?= -g
245endif
246
247core-platform-cflags += $(platform-cflags-optimization)
248core-platform-cflags += $(platform-cflags-generic)
249core-platform-cflags += $(platform-cflags-debug-info)
250
251core-platform-aflags += $(platform-aflags-generic)
252core-platform-aflags += $(platform-aflags-debug-info)
253
254ifeq ($(call cfg-one-enabled, CFG_CORE_ASLR CFG_CORE_PHYS_RELOCATABLE),y)
255core-platform-cflags += -fpie
256endif
257
258ifeq ($(CFG_CORE_PAUTH),y)
259bp-core-opt := $(call cc-option,-mbranch-protection=pac-ret+leaf)
260endif
261
262ifeq ($(CFG_CORE_BTI),y)
263bp-core-opt := $(call cc-option,-mbranch-protection=bti)
264endif
265
266ifeq (y-y,$(CFG_CORE_PAUTH)-$(CFG_CORE_BTI))
267bp-core-opt := $(call cc-option,-mbranch-protection=pac-ret+leaf+bti)
268endif
269
270ifeq (y,$(filter $(CFG_CORE_BTI) $(CFG_CORE_PAUTH),y))
271ifeq (,$(bp-core-opt))
272$(error -mbranch-protection not supported)
273endif
274core-platform-cflags += $(bp-core-opt)
275endif
276
277ifeq ($(CFG_ARM64_core),y)
278core-platform-cppflags += $(arm64-platform-cppflags)
279core-platform-cflags += $(arm64-platform-cflags)
280core-platform-cflags += $(arm64-platform-cflags-generic)
281core-platform-cflags += $(arm64-platform-cflags-no-hard-float)
282core-platform-aflags += $(arm64-platform-aflags)
283else
284core-platform-cppflags += $(arm32-platform-cppflags)
285core-platform-cflags += $(arm32-platform-cflags)
286core-platform-cflags += $(arm32-platform-cflags-no-hard-float)
287ifeq ($(CFG_UNWIND),y)
288core-platform-cflags += -funwind-tables
289endif
290ifeq ($(CFG_SYSCALL_FTRACE),y)
291core-platform-cflags += $(arm32-platform-cflags-generic-arm)
292else
293core-platform-cflags += $(arm32-platform-cflags-generic-thumb)
294endif
295core-platform-aflags += $(core_arm32-platform-aflags)
296core-platform-aflags += $(arm32-platform-aflags)
297endif
298
299# Provide default supported-ta-targets if not set by the platform config
300ifeq (,$(supported-ta-targets))
301supported-ta-targets = ta_arm32
302ifeq ($(CFG_ARM64_core),y)
303supported-ta-targets += ta_arm64
304endif
305endif
306
307ta-targets := $(if $(CFG_USER_TA_TARGETS),$(filter $(supported-ta-targets),$(CFG_USER_TA_TARGETS)),$(supported-ta-targets))
308unsup-targets := $(filter-out $(ta-targets),$(CFG_USER_TA_TARGETS))
309ifneq (,$(unsup-targets))
310$(error CFG_USER_TA_TARGETS contains unsupported value(s): $(unsup-targets). Valid values: $(supported-ta-targets))
311endif
312
313ifneq ($(filter ta_arm32,$(ta-targets)),)
314# Variables for ta-target/sm "ta_arm32"
315CFG_ARM32_ta_arm32 := y
316arch-bits-ta_arm32 := 32
317ta_arm32-platform-cppflags += $(arm32-platform-cppflags)
318ta_arm32-platform-cflags += $(arm32-platform-cflags)
319ta_arm32-platform-cflags += $(platform-cflags-optimization)
320ta_arm32-platform-cflags += $(platform-cflags-debug-info)
321ta_arm32-platform-cflags += -fpic
322
323# Thumb mode doesn't support function graph tracing due to missing
324# frame pointer support required to trace function call chain. So
325# rather compile in ARM mode if function tracing is enabled.
326ifeq ($(CFG_FTRACE_SUPPORT),y)
327ta_arm32-platform-cflags += $(arm32-platform-cflags-generic-arm)
328else
329ta_arm32-platform-cflags += $(arm32-platform-cflags-generic-thumb)
330endif
331
332ifeq ($(arm32-platform-hard-float-enabled),y)
333ta_arm32-platform-cflags += $(arm32-platform-cflags-hard-float)
334else
335ta_arm32-platform-cflags += $(arm32-platform-cflags-no-hard-float)
336endif
337ifeq ($(CFG_UNWIND),y)
338ta_arm32-platform-cflags += -funwind-tables
339endif
340ta_arm32-platform-aflags += $(platform-aflags-generic)
341ta_arm32-platform-aflags += $(platform-aflags-debug-info)
342ta_arm32-platform-aflags += $(arm32-platform-aflags)
343
344ta_arm32-platform-cxxflags += -fpic
345ta_arm32-platform-cxxflags += $(arm32-platform-cxxflags)
346ta_arm32-platform-cxxflags += $(platform-cflags-optimization)
347ta_arm32-platform-cxxflags += $(platform-cflags-debug-info)
348
349ifeq ($(arm32-platform-hard-float-enabled),y)
350ta_arm32-platform-cxxflags += $(arm32-platform-cflags-hard-float)
351else
352ta_arm32-platform-cxxflags += $(arm32-platform-cflags-no-hard-float)
353endif
354
355ta-mk-file-export-vars-ta_arm32 += CFG_ARM32_ta_arm32
356ta-mk-file-export-vars-ta_arm32 += ta_arm32-platform-cppflags
357ta-mk-file-export-vars-ta_arm32 += ta_arm32-platform-cflags
358ta-mk-file-export-vars-ta_arm32 += ta_arm32-platform-aflags
359ta-mk-file-export-vars-ta_arm32 += ta_arm32-platform-cxxflags
360
361ta-mk-file-export-add-ta_arm32 += CROSS_COMPILE ?= arm-linux-gnueabihf-_nl_
362ta-mk-file-export-add-ta_arm32 += CROSS_COMPILE32 ?= $$(CROSS_COMPILE)_nl_
363ta-mk-file-export-add-ta_arm32 += CROSS_COMPILE_ta_arm32 ?= $$(CROSS_COMPILE32)_nl_
364ta-mk-file-export-add-ta_arm32 += COMPILER ?= gcc_nl_
365ta-mk-file-export-add-ta_arm32 += COMPILER_ta_arm32 ?= $$(COMPILER)_nl_
366ta-mk-file-export-add-ta_arm32 += PYTHON3 ?= python3_nl_
367endif
368
369ifneq ($(filter ta_arm64,$(ta-targets)),)
370# Variables for ta-target/sm "ta_arm64"
371CFG_ARM64_ta_arm64 := y
372arch-bits-ta_arm64 := 64
373ta_arm64-platform-cppflags += $(arm64-platform-cppflags)
374ta_arm64-platform-cflags += $(arm64-platform-cflags)
375ta_arm64-platform-cflags += $(platform-cflags-optimization)
376ta_arm64-platform-cflags += $(platform-cflags-debug-info)
377ta_arm64-platform-cflags += -fpic
378ta_arm64-platform-cflags += $(arm64-platform-cflags-generic)
379ifeq ($(arm64-platform-hard-float-enabled),y)
380ta_arm64-platform-cflags += $(arm64-platform-cflags-hard-float)
381else
382ta_arm64-platform-cflags += $(arm64-platform-cflags-no-hard-float)
383endif
384ta_arm64-platform-aflags += $(platform-aflags-generic)
385ta_arm64-platform-aflags += $(platform-aflags-debug-info)
386ta_arm64-platform-aflags += $(arm64-platform-aflags)
387
388ta_arm64-platform-cxxflags += -fpic
389ta_arm64-platform-cxxflags += $(platform-cflags-optimization)
390ta_arm64-platform-cxxflags += $(platform-cflags-debug-info)
391
392ifeq ($(CFG_TA_PAUTH),y)
393bp-ta-opt := $(call cc-option,-mbranch-protection=pac-ret+leaf)
394endif
395
396ifeq ($(CFG_TA_BTI),y)
397bp-ta-opt := $(call cc-option,-mbranch-protection=bti)
398endif
399
400ifeq (y-y,$(CFG_TA_PAUTH)-$(CFG_TA_BTI))
401bp-ta-opt := $(call cc-option,-mbranch-protection=pac-ret+leaf+bti)
402endif
403
404ifeq (y,$(filter $(CFG_TA_BTI) $(CFG_TA_PAUTH),y))
405ifeq (,$(bp-ta-opt))
406$(error -mbranch-protection not supported)
407endif
408ta_arm64-platform-cflags += $(bp-ta-opt)
409endif
410
411ta-mk-file-export-vars-ta_arm64 += CFG_ARM64_ta_arm64
412ta-mk-file-export-vars-ta_arm64 += ta_arm64-platform-cppflags
413ta-mk-file-export-vars-ta_arm64 += ta_arm64-platform-cflags
414ta-mk-file-export-vars-ta_arm64 += ta_arm64-platform-aflags
415ta-mk-file-export-vars-ta_arm64 += ta_arm64-platform-cxxflags
416
417ta-mk-file-export-add-ta_arm64 += CROSS_COMPILE64 ?= $$(CROSS_COMPILE)_nl_
418ta-mk-file-export-add-ta_arm64 += CROSS_COMPILE_ta_arm64 ?= $$(CROSS_COMPILE64)_nl_
419ta-mk-file-export-add-ta_arm64 += COMPILER ?= gcc_nl_
420ta-mk-file-export-add-ta_arm64 += COMPILER_ta_arm64 ?= $$(COMPILER)_nl_
421ta-mk-file-export-add-ta_arm64 += PYTHON3 ?= python3_nl_
422endif
423
424# Set cross compiler prefix for each TA target
425$(foreach sm, $(ta-targets), $(eval CROSS_COMPILE_$(sm) ?= $(CROSS_COMPILE$(arch-bits-$(sm)))))
426
427arm32-sysreg-txt = core/arch/arm/kernel/arm32_sysreg.txt
428arm32-sysregs-$(arm32-sysreg-txt)-h := arm32_sysreg.h
429arm32-sysregs-$(arm32-sysreg-txt)-s := arm32_sysreg.S
430arm32-sysregs += $(arm32-sysreg-txt)
431
432ifeq ($(CFG_ARM_GICV3),y)
433arm32-gicv3-sysreg-txt = core/arch/arm/kernel/arm32_gicv3_sysreg.txt
434arm32-sysregs-$(arm32-gicv3-sysreg-txt)-h := arm32_gicv3_sysreg.h
435arm32-sysregs-$(arm32-gicv3-sysreg-txt)-s := arm32_gicv3_sysreg.S
436arm32-sysregs += $(arm32-gicv3-sysreg-txt)
437endif
438
439arm32-sysregs-out := $(out-dir)/$(sm)/include/generated
440
441define process-arm32-sysreg
442FORCE-GENSRC$(sm): $$(arm32-sysregs-out)/$$(arm32-sysregs-$(1)-h)
443cleanfiles := $$(cleanfiles) $$(arm32-sysregs-out)/$$(arm32-sysregs-$(1)-h)
444
445$$(arm32-sysregs-out)/$$(arm32-sysregs-$(1)-h): $(1) scripts/arm32_sysreg.py
446	@$(cmd-echo-silent) '  GEN     $$@'
447	$(q)mkdir -p $$(dir $$@)
448	$(q)scripts/arm32_sysreg.py --guard __$$(arm32-sysregs-$(1)-h) \
449		< $$< > $$@
450
451FORCE-GENSRC$(sm): $$(arm32-sysregs-out)/$$(arm32-sysregs-$(1)-s)
452cleanfiles := $$(cleanfiles) $$(arm32-sysregs-out)/$$(arm32-sysregs-$(1)-s)
453
454$$(arm32-sysregs-out)/$$(arm32-sysregs-$(1)-s): $(1) scripts/arm32_sysreg.py
455	@$(cmd-echo-silent) '  GEN     $$@'
456	$(q)mkdir -p $$(dir $$@)
457	$(q)scripts/arm32_sysreg.py --s_file < $$< > $$@
458endef #process-arm32-sysreg
459
460$(foreach sr, $(arm32-sysregs), $(eval $(call process-arm32-sysreg,$(sr))))
461