xref: /optee_os/core/arch/arm/arm.mk (revision 9f34db38245c9b3a4e6e7e63eb78a75e23ab2da3) 
1# Setup compiler for the core module
2ifeq ($(CFG_ARM64_core),y)
3arch-bits-core := 64
4else
5arch-bits-core := 32
6endif
7CROSS_COMPILE_core := $(CROSS_COMPILE$(arch-bits-core))
8COMPILER_core := $(COMPILER)
9include mk/$(COMPILER_core).mk
10
11# Defines the cc-option macro using the compiler set for the core module
12include mk/cc-option.mk
13
14# Size of emulated TrustZone protected SRAM, 448 kB.
15# Only applicable when paging is enabled.
16CFG_CORE_TZSRAM_EMUL_SIZE ?= 458752
17
18ifneq ($(CFG_LPAE_ADDR_SPACE_SIZE),)
19$(warning Error: CFG_LPAE_ADDR_SPACE_SIZE is not supported any longer)
20$(error Error: Please use CFG_LPAE_ADDR_SPACE_BITS instead)
21endif
22
23CFG_LPAE_ADDR_SPACE_BITS ?= 32
24ifeq ($(CFG_ARM32_core),y)
25$(call force,CFG_LPAE_ADDR_SPACE_BITS,32)
26endif
27
28CFG_MMAP_REGIONS ?= 13
29CFG_RESERVED_VASPACE_SIZE ?= (1024 * 1024 * 10)
30
31ifeq ($(CFG_ARM64_core),y)
32ifeq ($(CFG_ARM32_core),y)
33$(error CFG_ARM64_core and CFG_ARM32_core cannot be both 'y')
34endif
35CFG_KERN_LINKER_FORMAT ?= elf64-littleaarch64
36CFG_KERN_LINKER_ARCH ?= aarch64
37# TCR_EL1.IPS needs to be initialized according to the largest physical
38# address that we need to map.
39# Physical address size
40# 32 bits, 4GB.
41# 36 bits, 64GB.
42# (etc.)
43CFG_CORE_ARM64_PA_BITS ?= 32
44$(call force,CFG_WITH_LPAE,y)
45else
46$(call force,CFG_ARM32_core,y)
47CFG_KERN_LINKER_FORMAT ?= elf32-littlearm
48CFG_KERN_LINKER_ARCH ?= arm
49endif
50
51ifeq ($(CFG_TA_FLOAT_SUPPORT),y)
52# Use hard-float for floating point support in user TAs instead of
53# soft-float
54CFG_WITH_VFP ?= y
55ifeq ($(CFG_ARM64_core),y)
56# AArch64 has no fallback to soft-float
57$(call force,CFG_WITH_VFP,y)
58endif
59ifeq ($(CFG_WITH_VFP),y)
60arm64-platform-hard-float-enabled := y
61ifneq ($(CFG_TA_ARM32_NO_HARD_FLOAT_SUPPORT),y)
62arm32-platform-hard-float-enabled := y
63endif
64endif
65endif
66
67# Adds protection against CVE-2017-5715 also know as Spectre
68# (https://spectreattack.com)
69# See also https://developer.arm.com/-/media/Files/pdf/Cache_Speculation_Side-channels.pdf
70# Variant 2
71CFG_CORE_WORKAROUND_SPECTRE_BP ?= y
72# Same as CFG_CORE_WORKAROUND_SPECTRE_BP but targeting exceptions from
73# secure EL0 instead of non-secure world, including mitigation for
74# CVE-2022-23960.
75CFG_CORE_WORKAROUND_SPECTRE_BP_SEC ?= $(CFG_CORE_WORKAROUND_SPECTRE_BP)
76
77# Adds protection against a tool like Cachegrab
78# (https://github.com/nccgroup/cachegrab), which uses non-secure interrupts
79# to prime and later analyze the L1D, L1I and BTB caches to gain
80# information from secure world execution.
81CFG_CORE_WORKAROUND_NSITR_CACHE_PRIME ?= y
82ifeq ($(CFG_CORE_WORKAROUND_NSITR_CACHE_PRIME),y)
83$(call force,CFG_CORE_WORKAROUND_SPECTRE_BP,y,Required by CFG_CORE_WORKAROUND_NSITR_CACHE_PRIME)
84endif
85
86# Adds workarounds against if ARM core is configured with Non-maskable FIQ
87# (NMFI) support. This is indicated by SCTLR.NMFI being true. NMFI cannot be
88# disabled by software and as it affects atomic context end result will be
89# prohibiting FIQ signal usage in OP-TEE and applying some tweaks to make sure
90# FIQ is enabled in critical places.
91CFG_CORE_WORKAROUND_ARM_NMFI ?= n
92
93CFG_CORE_RWDATA_NOEXEC ?= y
94CFG_CORE_RODATA_NOEXEC ?= n
95ifeq ($(CFG_CORE_RODATA_NOEXEC),y)
96$(call force,CFG_CORE_RWDATA_NOEXEC,y)
97endif
98# 'y' to set the Alignment Check Enable bit in SCTLR/SCTLR_EL1, 'n' to clear it
99CFG_SCTLR_ALIGNMENT_CHECK ?= n
100
101ifeq ($(CFG_CORE_LARGE_PHYS_ADDR),y)
102$(call force,CFG_WITH_LPAE,y)
103endif
104
105# SPMC configuration "S-EL1 SPMC" where SPM Core is implemented at S-EL1,
106# that is, OP-TEE.
107ifeq ($(CFG_CORE_SEL1_SPMC),y)
108$(call force,CFG_CORE_FFA,y)
109$(call force,CFG_CORE_SEL2_SPMC,n)
110$(call force,CFG_CORE_EL3_SPMC,n)
111endif
112# SPMC configuration "S-EL2 SPMC" where SPM Core is implemented at S-EL2,
113# that is, the hypervisor sandboxing OP-TEE
114ifeq ($(CFG_CORE_SEL2_SPMC),y)
115$(call force,CFG_CORE_FFA,y)
116$(call force,CFG_CORE_SEL1_SPMC,n)
117$(call force,CFG_CORE_EL3_SPMC,n)
118CFG_CORE_HAFNIUM_INTC ?= y
119# Enable support in OP-TEE to relocate itself to allow it to run from a
120# physical address that differs from the link address
121CFG_CORE_PHYS_RELOCATABLE ?= y
122endif
123# SPMC configuration "EL3 SPMC" where SPM Core is implemented at EL3, that
124# is, in TF-A
125ifeq ($(CFG_CORE_EL3_SPMC),y)
126$(call force,CFG_CORE_FFA,y)
127$(call force,CFG_CORE_SEL2_SPMC,n)
128$(call force,CFG_CORE_SEL1_SPMC,n)
129endif
130
131ifeq ($(CFG_CORE_FFA),y)
132ifneq ($(CFG_DT),y)
133$(error CFG_CORE_FFA depends on CFG_DT)
134endif
135ifneq ($(CFG_ARM64_core),y)
136$(error CFG_CORE_FFA depends on CFG_ARM64_core)
137endif
138endif
139
140ifeq ($(CFG_CORE_PHYS_RELOCATABLE)-$(CFG_WITH_PAGER),y-y)
141$(error CFG_CORE_PHYS_RELOCATABLE and CFG_WITH_PAGER are not compatible)
142endif
143ifeq ($(CFG_CORE_PHYS_RELOCATABLE),y)
144ifneq ($(CFG_CORE_SEL2_SPMC),y)
145$(error CFG_CORE_PHYS_RELOCATABLE depends on CFG_CORE_SEL2_SPMC)
146endif
147endif
148
149ifeq ($(CFG_CORE_FFA)-$(CFG_WITH_PAGER),y-y)
150$(error CFG_CORE_FFA and CFG_WITH_PAGER are not compatible)
151endif
152ifeq ($(CFG_GIC),y)
153ifeq ($(CFG_ARM_GICV3),y)
154$(call force,CFG_CORE_IRQ_IS_NATIVE_INTR,y)
155else
156$(call force,CFG_CORE_IRQ_IS_NATIVE_INTR,n)
157endif
158endif
159
160CFG_CORE_HAFNIUM_INTC ?= n
161ifeq ($(CFG_CORE_HAFNIUM_INTC),y)
162$(call force,CFG_CORE_IRQ_IS_NATIVE_INTR,y)
163endif
164
165# Selects if IRQ is used to signal native interrupt
166# if CFG_CORE_IRQ_IS_NATIVE_INTR == y:
167#   IRQ signals a native interrupt pending
168#   FIQ signals a foreign non-secure interrupt or a managed exit pending
169# else: (vice versa)
170#   IRQ signals a foreign non-secure interrupt or a managed exit pending
171#   FIQ signals a native interrupt pending
172CFG_CORE_IRQ_IS_NATIVE_INTR ?= n
173
174# Unmaps all kernel mode code except the code needed to take exceptions
175# from user space and restore kernel mode mapping again. This gives more
176# strict control over what is accessible while in user mode.
177# Addresses CVE-2017-5715 (aka Meltdown) known to affect Arm Cortex-A75
178CFG_CORE_UNMAP_CORE_AT_EL0 ?= y
179
180# Initialize PMCR.DP to 1 to prohibit cycle counting in secure state, and
181# save/restore PMCR during world switch.
182CFG_SM_NO_CYCLE_COUNTING ?= y
183
184
185# CFG_CORE_ASYNC_NOTIF_GIC_INTID is defined by the platform to some free
186# interrupt. Setting it to a non-zero number enables support for using an
187# Arm-GIC to notify normal world. This config variable should use a value
188# larger or equal to 24 to make it of the type SPI or PPI (secure PPI
189# only).
190# Note that asynchronous notifactions must be enabled with
191# CFG_CORE_ASYNC_NOTIF=y for this variable to be used.
192CFG_CORE_ASYNC_NOTIF_GIC_INTID ?= 0
193
194ifeq ($(CFG_ARM32_core),y)
195# Configration directive related to ARMv7 optee boot arguments.
196# CFG_PAGEABLE_ADDR: if defined, forces pageable data physical address.
197# CFG_NS_ENTRY_ADDR: if defined, forces NS World physical entry address.
198# CFG_DT_ADDR:       if defined, forces Device Tree data physical address.
199endif
200
201# CFG_MAX_CACHE_LINE_SHIFT is used to define platform specific maximum cache
202# line size in address lines. This must cover all inner and outer cache levels.
203# When data is aligned with this and cache operations are performed then those
204# only affect correct data.
205#
206# Default value (6 lines or 64 bytes) should cover most architectures, override
207# this in platform config if different.
208CFG_MAX_CACHE_LINE_SHIFT ?= 6
209
210core-platform-cppflags	+= -I$(arch-dir)/include
211core-platform-subdirs += \
212	$(addprefix $(arch-dir)/, kernel crypto mm tee) $(platform-dir)
213
214ifneq ($(CFG_WITH_ARM_TRUSTED_FW),y)
215core-platform-subdirs += $(arch-dir)/sm
216endif
217
218arm64-platform-cppflags += -DARM64=1 -D__LP64__=1
219arm32-platform-cppflags += -DARM32=1 -D__ILP32__=1
220
221platform-cflags-generic ?= -ffunction-sections -fdata-sections -pipe
222platform-aflags-generic ?= -pipe
223
224arm32-platform-aflags += -marm
225
226arm32-platform-cflags-no-hard-float ?= -mfloat-abi=soft
227arm32-platform-cflags-hard-float ?= -mfloat-abi=hard -funsafe-math-optimizations
228arm32-platform-cflags-generic-thumb ?= -mthumb \
229			-fno-short-enums -fno-common -mno-unaligned-access
230arm32-platform-cflags-generic-arm ?= -marm -fno-omit-frame-pointer -mapcs \
231			-fno-short-enums -fno-common -mno-unaligned-access
232arm32-platform-aflags-no-hard-float ?=
233
234arm64-platform-cflags-no-hard-float ?= -mgeneral-regs-only
235arm64-platform-cflags-hard-float ?=
236arm64-platform-cflags-generic := -mstrict-align $(call cc-option,-mno-outline-atomics,)
237
238ifeq ($(CFG_MEMTAG),y)
239arm64-platform-cflags += -march=armv8.5-a+memtag
240arm64-platform-aflags += -march=armv8.5-a+memtag
241endif
242
243platform-cflags-optimization ?= -O$(CFG_CC_OPT_LEVEL)
244
245ifeq ($(CFG_DEBUG_INFO),y)
246platform-cflags-debug-info ?= -g3
247platform-aflags-debug-info ?= -g
248endif
249
250core-platform-cflags += $(platform-cflags-optimization)
251core-platform-cflags += $(platform-cflags-generic)
252core-platform-cflags += $(platform-cflags-debug-info)
253
254core-platform-aflags += $(platform-aflags-generic)
255core-platform-aflags += $(platform-aflags-debug-info)
256
257ifeq ($(call cfg-one-enabled, CFG_CORE_ASLR CFG_CORE_PHYS_RELOCATABLE),y)
258core-platform-cflags += -fpie
259endif
260
261ifeq ($(CFG_CORE_PAUTH),y)
262bp-core-opt := $(call cc-option,-mbranch-protection=pac-ret+leaf)
263endif
264
265ifeq ($(CFG_CORE_BTI),y)
266bp-core-opt := $(call cc-option,-mbranch-protection=bti)
267endif
268
269ifeq (y-y,$(CFG_CORE_PAUTH)-$(CFG_CORE_BTI))
270bp-core-opt := $(call cc-option,-mbranch-protection=pac-ret+leaf+bti)
271endif
272
273ifeq (y,$(filter $(CFG_CORE_BTI) $(CFG_CORE_PAUTH),y))
274ifeq (,$(bp-core-opt))
275$(error -mbranch-protection not supported)
276endif
277core-platform-cflags += $(bp-core-opt)
278endif
279
280ifeq ($(CFG_ARM64_core),y)
281core-platform-cppflags += $(arm64-platform-cppflags)
282core-platform-cflags += $(arm64-platform-cflags)
283core-platform-cflags += $(arm64-platform-cflags-generic)
284core-platform-cflags += $(arm64-platform-cflags-no-hard-float)
285core-platform-aflags += $(arm64-platform-aflags)
286else
287core-platform-cppflags += $(arm32-platform-cppflags)
288core-platform-cflags += $(arm32-platform-cflags)
289core-platform-cflags += $(arm32-platform-cflags-no-hard-float)
290ifeq ($(CFG_UNWIND),y)
291core-platform-cflags += -funwind-tables
292endif
293ifeq ($(CFG_SYSCALL_FTRACE),y)
294core-platform-cflags += $(arm32-platform-cflags-generic-arm)
295else
296core-platform-cflags += $(arm32-platform-cflags-generic-thumb)
297endif
298core-platform-aflags += $(core_arm32-platform-aflags)
299core-platform-aflags += $(arm32-platform-aflags)
300endif
301
302# Provide default supported-ta-targets if not set by the platform config
303ifeq (,$(supported-ta-targets))
304supported-ta-targets = ta_arm32
305ifeq ($(CFG_ARM64_core),y)
306supported-ta-targets += ta_arm64
307endif
308endif
309
310ta-targets := $(if $(CFG_USER_TA_TARGETS),$(filter $(supported-ta-targets),$(CFG_USER_TA_TARGETS)),$(supported-ta-targets))
311unsup-targets := $(filter-out $(ta-targets),$(CFG_USER_TA_TARGETS))
312ifneq (,$(unsup-targets))
313$(error CFG_USER_TA_TARGETS contains unsupported value(s): $(unsup-targets). Valid values: $(supported-ta-targets))
314endif
315
316ifneq ($(filter ta_arm32,$(ta-targets)),)
317# Variables for ta-target/sm "ta_arm32"
318CFG_ARM32_ta_arm32 := y
319arch-bits-ta_arm32 := 32
320ta_arm32-platform-cppflags += $(arm32-platform-cppflags)
321ta_arm32-platform-cflags += $(arm32-platform-cflags)
322ta_arm32-platform-cflags += $(platform-cflags-optimization)
323ta_arm32-platform-cflags += $(platform-cflags-debug-info)
324ta_arm32-platform-cflags += -fpic
325
326# Thumb mode doesn't support function graph tracing due to missing
327# frame pointer support required to trace function call chain. So
328# rather compile in ARM mode if function tracing is enabled.
329ifeq ($(CFG_FTRACE_SUPPORT),y)
330ta_arm32-platform-cflags += $(arm32-platform-cflags-generic-arm)
331else
332ta_arm32-platform-cflags += $(arm32-platform-cflags-generic-thumb)
333endif
334
335ifeq ($(arm32-platform-hard-float-enabled),y)
336ta_arm32-platform-cflags += $(arm32-platform-cflags-hard-float)
337else
338ta_arm32-platform-cflags += $(arm32-platform-cflags-no-hard-float)
339endif
340ifeq ($(CFG_UNWIND),y)
341ta_arm32-platform-cflags += -funwind-tables
342endif
343ta_arm32-platform-aflags += $(platform-aflags-generic)
344ta_arm32-platform-aflags += $(platform-aflags-debug-info)
345ta_arm32-platform-aflags += $(arm32-platform-aflags)
346
347ta_arm32-platform-cxxflags += -fpic
348ta_arm32-platform-cxxflags += $(arm32-platform-cxxflags)
349ta_arm32-platform-cxxflags += $(platform-cflags-optimization)
350ta_arm32-platform-cxxflags += $(platform-cflags-debug-info)
351
352ifeq ($(arm32-platform-hard-float-enabled),y)
353ta_arm32-platform-cxxflags += $(arm32-platform-cflags-hard-float)
354else
355ta_arm32-platform-cxxflags += $(arm32-platform-cflags-no-hard-float)
356endif
357
358ta-mk-file-export-vars-ta_arm32 += CFG_ARM32_ta_arm32
359ta-mk-file-export-vars-ta_arm32 += ta_arm32-platform-cppflags
360ta-mk-file-export-vars-ta_arm32 += ta_arm32-platform-cflags
361ta-mk-file-export-vars-ta_arm32 += ta_arm32-platform-aflags
362ta-mk-file-export-vars-ta_arm32 += ta_arm32-platform-cxxflags
363
364ta-mk-file-export-add-ta_arm32 += CROSS_COMPILE ?= arm-linux-gnueabihf-_nl_
365ta-mk-file-export-add-ta_arm32 += CROSS_COMPILE32 ?= $$(CROSS_COMPILE)_nl_
366ta-mk-file-export-add-ta_arm32 += CROSS_COMPILE_ta_arm32 ?= $$(CROSS_COMPILE32)_nl_
367ta-mk-file-export-add-ta_arm32 += COMPILER ?= gcc_nl_
368ta-mk-file-export-add-ta_arm32 += COMPILER_ta_arm32 ?= $$(COMPILER)_nl_
369ta-mk-file-export-add-ta_arm32 += PYTHON3 ?= python3_nl_
370endif
371
372ifneq ($(filter ta_arm64,$(ta-targets)),)
373# Variables for ta-target/sm "ta_arm64"
374CFG_ARM64_ta_arm64 := y
375arch-bits-ta_arm64 := 64
376ta_arm64-platform-cppflags += $(arm64-platform-cppflags)
377ta_arm64-platform-cflags += $(arm64-platform-cflags)
378ta_arm64-platform-cflags += $(platform-cflags-optimization)
379ta_arm64-platform-cflags += $(platform-cflags-debug-info)
380ta_arm64-platform-cflags += -fpic
381ta_arm64-platform-cflags += $(arm64-platform-cflags-generic)
382ifeq ($(arm64-platform-hard-float-enabled),y)
383ta_arm64-platform-cflags += $(arm64-platform-cflags-hard-float)
384else
385ta_arm64-platform-cflags += $(arm64-platform-cflags-no-hard-float)
386endif
387ta_arm64-platform-aflags += $(platform-aflags-generic)
388ta_arm64-platform-aflags += $(platform-aflags-debug-info)
389ta_arm64-platform-aflags += $(arm64-platform-aflags)
390
391ta_arm64-platform-cxxflags += -fpic
392ta_arm64-platform-cxxflags += $(platform-cflags-optimization)
393ta_arm64-platform-cxxflags += $(platform-cflags-debug-info)
394
395ifeq ($(CFG_TA_PAUTH),y)
396bp-ta-opt := $(call cc-option,-mbranch-protection=pac-ret+leaf)
397endif
398
399ifeq ($(CFG_TA_BTI),y)
400bp-ta-opt := $(call cc-option,-mbranch-protection=bti)
401endif
402
403ifeq (y-y,$(CFG_TA_PAUTH)-$(CFG_TA_BTI))
404bp-ta-opt := $(call cc-option,-mbranch-protection=pac-ret+leaf+bti)
405endif
406
407ifeq (y,$(filter $(CFG_TA_BTI) $(CFG_TA_PAUTH),y))
408ifeq (,$(bp-ta-opt))
409$(error -mbranch-protection not supported)
410endif
411ta_arm64-platform-cflags += $(bp-ta-opt)
412endif
413
414ta-mk-file-export-vars-ta_arm64 += CFG_ARM64_ta_arm64
415ta-mk-file-export-vars-ta_arm64 += ta_arm64-platform-cppflags
416ta-mk-file-export-vars-ta_arm64 += ta_arm64-platform-cflags
417ta-mk-file-export-vars-ta_arm64 += ta_arm64-platform-aflags
418ta-mk-file-export-vars-ta_arm64 += ta_arm64-platform-cxxflags
419
420ta-mk-file-export-add-ta_arm64 += CROSS_COMPILE64 ?= $$(CROSS_COMPILE)_nl_
421ta-mk-file-export-add-ta_arm64 += CROSS_COMPILE_ta_arm64 ?= $$(CROSS_COMPILE64)_nl_
422ta-mk-file-export-add-ta_arm64 += COMPILER ?= gcc_nl_
423ta-mk-file-export-add-ta_arm64 += COMPILER_ta_arm64 ?= $$(COMPILER)_nl_
424ta-mk-file-export-add-ta_arm64 += PYTHON3 ?= python3_nl_
425endif
426
427# Set cross compiler prefix for each TA target
428$(foreach sm, $(ta-targets), $(eval CROSS_COMPILE_$(sm) ?= $(CROSS_COMPILE$(arch-bits-$(sm)))))
429
430arm32-sysreg-txt = core/arch/arm/kernel/arm32_sysreg.txt
431arm32-sysregs-$(arm32-sysreg-txt)-h := arm32_sysreg.h
432arm32-sysregs-$(arm32-sysreg-txt)-s := arm32_sysreg.S
433arm32-sysregs += $(arm32-sysreg-txt)
434
435ifeq ($(CFG_ARM_GICV3),y)
436arm32-gicv3-sysreg-txt = core/arch/arm/kernel/arm32_gicv3_sysreg.txt
437arm32-sysregs-$(arm32-gicv3-sysreg-txt)-h := arm32_gicv3_sysreg.h
438arm32-sysregs-$(arm32-gicv3-sysreg-txt)-s := arm32_gicv3_sysreg.S
439arm32-sysregs += $(arm32-gicv3-sysreg-txt)
440endif
441
442arm32-sysregs-out := $(out-dir)/$(sm)/include/generated
443
444define process-arm32-sysreg
445FORCE-GENSRC$(sm): $$(arm32-sysregs-out)/$$(arm32-sysregs-$(1)-h)
446cleanfiles := $$(cleanfiles) $$(arm32-sysregs-out)/$$(arm32-sysregs-$(1)-h)
447
448$$(arm32-sysregs-out)/$$(arm32-sysregs-$(1)-h): $(1) scripts/arm32_sysreg.py
449	@$(cmd-echo-silent) '  GEN     $$@'
450	$(q)mkdir -p $$(dir $$@)
451	$(q)scripts/arm32_sysreg.py --guard __$$(arm32-sysregs-$(1)-h) \
452		< $$< > $$@
453
454FORCE-GENSRC$(sm): $$(arm32-sysregs-out)/$$(arm32-sysregs-$(1)-s)
455cleanfiles := $$(cleanfiles) $$(arm32-sysregs-out)/$$(arm32-sysregs-$(1)-s)
456
457$$(arm32-sysregs-out)/$$(arm32-sysregs-$(1)-s): $(1) scripts/arm32_sysreg.py
458	@$(cmd-echo-silent) '  GEN     $$@'
459	$(q)mkdir -p $$(dir $$@)
460	$(q)scripts/arm32_sysreg.py --s_file < $$< > $$@
461endef #process-arm32-sysreg
462
463$(foreach sr, $(arm32-sysregs), $(eval $(call process-arm32-sysreg,$(sr))))
464