1# Setup compiler for the core module 2ifeq ($(CFG_ARM64_core),y) 3arch-bits-core := 64 4else 5arch-bits-core := 32 6endif 7CROSS_COMPILE_core := $(CROSS_COMPILE$(arch-bits-core)) 8COMPILER_core := $(COMPILER) 9include mk/$(COMPILER_core).mk 10 11# Defines the cc-option macro using the compiler set for the core module 12include mk/cc-option.mk 13 14# Size of emulated TrustZone protected SRAM, 448 kB. 15# Only applicable when paging is enabled. 16CFG_CORE_TZSRAM_EMUL_SIZE ?= 458752 17 18ifneq ($(CFG_LPAE_ADDR_SPACE_SIZE),) 19$(warning Error: CFG_LPAE_ADDR_SPACE_SIZE is not supported any longer) 20$(error Error: Please use CFG_LPAE_ADDR_SPACE_BITS instead) 21endif 22 23CFG_LPAE_ADDR_SPACE_BITS ?= 32 24 25CFG_MMAP_REGIONS ?= 13 26CFG_RESERVED_VASPACE_SIZE ?= (1024 * 1024 * 10) 27 28ifeq ($(CFG_ARM64_core),y) 29CFG_KERN_LINKER_FORMAT ?= elf64-littleaarch64 30CFG_KERN_LINKER_ARCH ?= aarch64 31# TCR_EL1.IPS needs to be initialized according to the largest physical 32# address that we need to map. 33# Physical address size 34# 32 bits, 4GB. 35# 36 bits, 64GB. 36# (etc.) 37CFG_CORE_ARM64_PA_BITS ?= 32 38else 39ifeq ($(CFG_ARM32_core),y) 40CFG_KERN_LINKER_FORMAT ?= elf32-littlearm 41CFG_KERN_LINKER_ARCH ?= arm 42else 43$(error Error: CFG_ARM64_core or CFG_ARM32_core should be defined) 44endif 45endif 46 47ifeq ($(CFG_TA_FLOAT_SUPPORT),y) 48# Use hard-float for floating point support in user TAs instead of 49# soft-float 50CFG_WITH_VFP ?= y 51ifeq ($(CFG_ARM64_core),y) 52# AArch64 has no fallback to soft-float 53$(call force,CFG_WITH_VFP,y) 54endif 55ifeq ($(CFG_WITH_VFP),y) 56arm64-platform-hard-float-enabled := y 57ifneq ($(CFG_TA_ARM32_NO_HARD_FLOAT_SUPPORT),y) 58arm32-platform-hard-float-enabled := y 59endif 60endif 61endif 62 63# Adds protection against CVE-2017-5715 also know as Spectre 64# (https://spectreattack.com) 65# See also https://developer.arm.com/-/media/Files/pdf/Cache_Speculation_Side-channels.pdf 66# Variant 2 67CFG_CORE_WORKAROUND_SPECTRE_BP ?= y 68# Same as CFG_CORE_WORKAROUND_SPECTRE_BP but targeting exceptions from 69# secure EL0 instead of non-secure world. 70CFG_CORE_WORKAROUND_SPECTRE_BP_SEC ?= $(CFG_CORE_WORKAROUND_SPECTRE_BP) 71 72# Adds protection against a tool like Cachegrab 73# (https://github.com/nccgroup/cachegrab), which uses non-secure interrupts 74# to prime and later analyze the L1D, L1I and BTB caches to gain 75# information from secure world execution. 76CFG_CORE_WORKAROUND_NSITR_CACHE_PRIME ?= y 77ifeq ($(CFG_CORE_WORKAROUND_NSITR_CACHE_PRIME),y) 78$(call force,CFG_CORE_WORKAROUND_SPECTRE_BP,y,Required by CFG_CORE_WORKAROUND_NSITR_CACHE_PRIME) 79endif 80 81CFG_CORE_RWDATA_NOEXEC ?= y 82CFG_CORE_RODATA_NOEXEC ?= n 83ifeq ($(CFG_CORE_RODATA_NOEXEC),y) 84$(call force,CFG_CORE_RWDATA_NOEXEC,y) 85endif 86# 'y' to set the Alignment Check Enable bit in SCTLR/SCTLR_EL1, 'n' to clear it 87CFG_SCTLR_ALIGNMENT_CHECK ?= n 88 89ifeq ($(CFG_CORE_LARGE_PHYS_ADDR),y) 90$(call force,CFG_WITH_LPAE,y) 91endif 92 93# SPMC configuration "S-EL1 SPMC" where SPM Core is implemented at S-EL1, 94# that is, OP-TEE. 95ifeq ($(CFG_CORE_SEL1_SPMC),y) 96$(call force,CFG_CORE_FFA,y) 97$(call force,CFG_CORE_SEL2_SPMC,n) 98endif 99# SPMC configuration "S-EL2 SPMC" where SPM Core is implemented at S-EL2, 100# that is, the hypervisor sandboxing OP-TEE 101ifeq ($(CFG_CORE_SEL2_SPMC),y) 102$(call force,CFG_CORE_FFA,y) 103endif 104 105# Unmaps all kernel mode code except the code needed to take exceptions 106# from user space and restore kernel mode mapping again. This gives more 107# strict control over what is accessible while in user mode. 108# Addresses CVE-2017-5715 (aka Meltdown) known to affect Arm Cortex-A75 109CFG_CORE_UNMAP_CORE_AT_EL0 ?= y 110 111# Initialize PMCR.DP to 1 to prohibit cycle counting in secure state, and 112# save/restore PMCR during world switch. 113CFG_SM_NO_CYCLE_COUNTING ?= y 114 115 116# CFG_CORE_ASYNC_NOTIF_GIC_INTID is defined by the platform to some free 117# interrupt. Setting it to a non-zero number enables support for using an 118# Arm-GIC to notify normal world. This config variable should use a value 119# larger the 32 to make it of the type SPI. 120# Note that asynchronous notifactions must be enabled with 121# CFG_CORE_ASYNC_NOTIF=y for this variable to be used. 122CFG_CORE_ASYNC_NOTIF_GIC_INTID ?= 0 123 124ifeq ($(CFG_ARM32_core),y) 125# Configration directive related to ARMv7 optee boot arguments. 126# CFG_PAGEABLE_ADDR: if defined, forces pageable data physical address. 127# CFG_NS_ENTRY_ADDR: if defined, forces NS World physical entry address. 128# CFG_DT_ADDR: if defined, forces Device Tree data physical address. 129endif 130 131core-platform-cppflags += -I$(arch-dir)/include 132core-platform-subdirs += \ 133 $(addprefix $(arch-dir)/, kernel crypto mm tee) $(platform-dir) 134 135ifneq ($(CFG_WITH_ARM_TRUSTED_FW),y) 136core-platform-subdirs += $(arch-dir)/sm 137endif 138 139arm64-platform-cppflags += -DARM64=1 -D__LP64__=1 140arm32-platform-cppflags += -DARM32=1 -D__ILP32__=1 141 142platform-cflags-generic ?= -ffunction-sections -fdata-sections -pipe 143platform-aflags-generic ?= -pipe 144 145arm32-platform-aflags += -marm 146 147arm32-platform-cflags-no-hard-float ?= -mfloat-abi=soft 148arm32-platform-cflags-hard-float ?= -mfloat-abi=hard -funsafe-math-optimizations 149arm32-platform-cflags-generic-thumb ?= -mthumb \ 150 -fno-short-enums -fno-common -mno-unaligned-access 151arm32-platform-cflags-generic-arm ?= -marm -fno-omit-frame-pointer -mapcs \ 152 -fno-short-enums -fno-common -mno-unaligned-access 153arm32-platform-aflags-no-hard-float ?= 154 155arm64-platform-cflags-no-hard-float ?= -mgeneral-regs-only 156arm64-platform-cflags-hard-float ?= 157arm64-platform-cflags-generic := -mstrict-align $(call cc-option,-mno-outline-atomics,) 158 159platform-cflags-optimization ?= -O$(CFG_CC_OPT_LEVEL) 160 161ifeq ($(CFG_DEBUG_INFO),y) 162platform-cflags-debug-info ?= -g3 163platform-aflags-debug-info ?= -g 164endif 165 166core-platform-cflags += $(platform-cflags-optimization) 167core-platform-cflags += $(platform-cflags-generic) 168core-platform-cflags += $(platform-cflags-debug-info) 169 170core-platform-aflags += $(platform-aflags-generic) 171core-platform-aflags += $(platform-aflags-debug-info) 172 173ifeq ($(CFG_CORE_ASLR),y) 174core-platform-cflags += -fpie 175endif 176 177ifeq ($(CFG_CORE_BTI),y) 178bti-opt := $(call cc-option,-mbranch-protection=bti) 179ifeq (,$(bti-opt)) 180$(error -mbranch-protection=bti not supported) 181endif 182core-platform-cflags += $(bti-opt) 183endif 184 185ifeq ($(CFG_ARM64_core),y) 186core-platform-cppflags += $(arm64-platform-cppflags) 187core-platform-cflags += $(arm64-platform-cflags) 188core-platform-cflags += $(arm64-platform-cflags-generic) 189core-platform-cflags += $(arm64-platform-cflags-no-hard-float) 190core-platform-aflags += $(arm64-platform-aflags) 191else 192core-platform-cppflags += $(arm32-platform-cppflags) 193core-platform-cflags += $(arm32-platform-cflags) 194core-platform-cflags += $(arm32-platform-cflags-no-hard-float) 195ifeq ($(CFG_UNWIND),y) 196core-platform-cflags += -funwind-tables 197endif 198ifeq ($(CFG_SYSCALL_FTRACE),y) 199core-platform-cflags += $(arm32-platform-cflags-generic-arm) 200else 201core-platform-cflags += $(arm32-platform-cflags-generic-thumb) 202endif 203core-platform-aflags += $(core_arm32-platform-aflags) 204core-platform-aflags += $(arm32-platform-aflags) 205endif 206 207# Provide default supported-ta-targets if not set by the platform config 208ifeq (,$(supported-ta-targets)) 209supported-ta-targets = ta_arm32 210ifeq ($(CFG_ARM64_core),y) 211supported-ta-targets += ta_arm64 212endif 213endif 214 215ta-targets := $(if $(CFG_USER_TA_TARGETS),$(filter $(supported-ta-targets),$(CFG_USER_TA_TARGETS)),$(supported-ta-targets)) 216unsup-targets := $(filter-out $(ta-targets),$(CFG_USER_TA_TARGETS)) 217ifneq (,$(unsup-targets)) 218$(error CFG_USER_TA_TARGETS contains unsupported value(s): $(unsup-targets). Valid values: $(supported-ta-targets)) 219endif 220 221ifneq ($(filter ta_arm32,$(ta-targets)),) 222# Variables for ta-target/sm "ta_arm32" 223CFG_ARM32_ta_arm32 := y 224arch-bits-ta_arm32 := 32 225ta_arm32-platform-cppflags += $(arm32-platform-cppflags) 226ta_arm32-platform-cflags += $(arm32-platform-cflags) 227ta_arm32-platform-cflags += $(platform-cflags-optimization) 228ta_arm32-platform-cflags += $(platform-cflags-debug-info) 229ta_arm32-platform-cflags += -fpic 230 231# Thumb mode doesn't support function graph tracing due to missing 232# frame pointer support required to trace function call chain. So 233# rather compile in ARM mode if function tracing is enabled. 234ifeq ($(CFG_FTRACE_SUPPORT),y) 235ta_arm32-platform-cflags += $(arm32-platform-cflags-generic-arm) 236else 237ta_arm32-platform-cflags += $(arm32-platform-cflags-generic-thumb) 238endif 239 240ifeq ($(arm32-platform-hard-float-enabled),y) 241ta_arm32-platform-cflags += $(arm32-platform-cflags-hard-float) 242else 243ta_arm32-platform-cflags += $(arm32-platform-cflags-no-hard-float) 244endif 245ifeq ($(CFG_UNWIND),y) 246ta_arm32-platform-cflags += -funwind-tables 247endif 248ta_arm32-platform-aflags += $(platform-aflags-generic) 249ta_arm32-platform-aflags += $(platform-aflags-debug-info) 250ta_arm32-platform-aflags += $(arm32-platform-aflags) 251 252ta_arm32-platform-cxxflags += -fpic 253ta_arm32-platform-cxxflags += $(arm32-platform-cxxflags) 254ta_arm32-platform-cxxflags += $(platform-cflags-optimization) 255ta_arm32-platform-cxxflags += $(platform-cflags-debug-info) 256 257ifeq ($(arm32-platform-hard-float-enabled),y) 258ta_arm32-platform-cxxflags += $(arm32-platform-cflags-hard-float) 259else 260ta_arm32-platform-cxxflags += $(arm32-platform-cflags-no-hard-float) 261endif 262 263ta-mk-file-export-vars-ta_arm32 += CFG_ARM32_ta_arm32 264ta-mk-file-export-vars-ta_arm32 += ta_arm32-platform-cppflags 265ta-mk-file-export-vars-ta_arm32 += ta_arm32-platform-cflags 266ta-mk-file-export-vars-ta_arm32 += ta_arm32-platform-aflags 267ta-mk-file-export-vars-ta_arm32 += ta_arm32-platform-cxxflags 268 269ta-mk-file-export-add-ta_arm32 += CROSS_COMPILE ?= arm-linux-gnueabihf-_nl_ 270ta-mk-file-export-add-ta_arm32 += CROSS_COMPILE32 ?= $$(CROSS_COMPILE)_nl_ 271ta-mk-file-export-add-ta_arm32 += CROSS_COMPILE_ta_arm32 ?= $$(CROSS_COMPILE32)_nl_ 272ta-mk-file-export-add-ta_arm32 += COMPILER ?= gcc_nl_ 273ta-mk-file-export-add-ta_arm32 += COMPILER_ta_arm32 ?= $$(COMPILER)_nl_ 274ta-mk-file-export-add-ta_arm32 += PYTHON3 ?= python3_nl_ 275endif 276 277ifneq ($(filter ta_arm64,$(ta-targets)),) 278# Variables for ta-target/sm "ta_arm64" 279CFG_ARM64_ta_arm64 := y 280arch-bits-ta_arm64 := 64 281ta_arm64-platform-cppflags += $(arm64-platform-cppflags) 282ta_arm64-platform-cflags += $(arm64-platform-cflags) 283ta_arm64-platform-cflags += $(platform-cflags-optimization) 284ta_arm64-platform-cflags += $(platform-cflags-debug-info) 285ta_arm64-platform-cflags += -fpic 286ta_arm64-platform-cflags += $(arm64-platform-cflags-generic) 287ifeq ($(arm64-platform-hard-float-enabled),y) 288ta_arm64-platform-cflags += $(arm64-platform-cflags-hard-float) 289else 290ta_arm64-platform-cflags += $(arm64-platform-cflags-no-hard-float) 291endif 292ta_arm64-platform-aflags += $(platform-aflags-generic) 293ta_arm64-platform-aflags += $(platform-aflags-debug-info) 294ta_arm64-platform-aflags += $(arm64-platform-aflags) 295 296ta_arm64-platform-cxxflags += -fpic 297ta_arm64-platform-cxxflags += $(platform-cflags-optimization) 298ta_arm64-platform-cxxflags += $(platform-cflags-debug-info) 299 300ifeq ($(CFG_TA_PAUTH),y) 301bp-ta-opt := $(call cc-option,-mbranch-protection=pac-ret+leaf) 302endif 303 304ifeq ($(CFG_TA_BTI),y) 305bp-ta-opt := $(call cc-option,-mbranch-protection=bti) 306endif 307 308ifeq (y-y,$(CFG_TA_PAUTH)-$(CFG_TA_BTI)) 309bp-ta-opt := $(call cc-option,-mbranch-protection=pac-ret+leaf+bti) 310endif 311 312ifeq (y,$(filter $(CFG_TA_BTI) $(CFG_TA_PAUTH),y)) 313ifeq (,$(bp-ta-opt)) 314$(error -mbranch-protection not supported) 315endif 316ta_arm64-platform-cflags += $(bp-ta-opt) 317endif 318 319ta-mk-file-export-vars-ta_arm64 += CFG_ARM64_ta_arm64 320ta-mk-file-export-vars-ta_arm64 += ta_arm64-platform-cppflags 321ta-mk-file-export-vars-ta_arm64 += ta_arm64-platform-cflags 322ta-mk-file-export-vars-ta_arm64 += ta_arm64-platform-aflags 323ta-mk-file-export-vars-ta_arm64 += ta_arm64-platform-cxxflags 324 325ta-mk-file-export-add-ta_arm64 += CROSS_COMPILE64 ?= $$(CROSS_COMPILE)_nl_ 326ta-mk-file-export-add-ta_arm64 += CROSS_COMPILE_ta_arm64 ?= $$(CROSS_COMPILE64)_nl_ 327ta-mk-file-export-add-ta_arm64 += COMPILER ?= gcc_nl_ 328ta-mk-file-export-add-ta_arm64 += COMPILER_ta_arm64 ?= $$(COMPILER)_nl_ 329ta-mk-file-export-add-ta_arm64 += PYTHON3 ?= python3_nl_ 330endif 331 332# Set cross compiler prefix for each TA target 333$(foreach sm, $(ta-targets), $(eval CROSS_COMPILE_$(sm) ?= $(CROSS_COMPILE$(arch-bits-$(sm))))) 334 335arm32-sysreg-txt = core/arch/arm/kernel/arm32_sysreg.txt 336arm32-sysregs-$(arm32-sysreg-txt)-h := arm32_sysreg.h 337arm32-sysregs-$(arm32-sysreg-txt)-s := arm32_sysreg.S 338arm32-sysregs += $(arm32-sysreg-txt) 339 340ifeq ($(CFG_ARM_GICV3),y) 341arm32-gicv3-sysreg-txt = core/arch/arm/kernel/arm32_gicv3_sysreg.txt 342arm32-sysregs-$(arm32-gicv3-sysreg-txt)-h := arm32_gicv3_sysreg.h 343arm32-sysregs-$(arm32-gicv3-sysreg-txt)-s := arm32_gicv3_sysreg.S 344arm32-sysregs += $(arm32-gicv3-sysreg-txt) 345endif 346 347arm32-sysregs-out := $(out-dir)/$(sm)/include/generated 348 349define process-arm32-sysreg 350FORCE-GENSRC$(sm): $$(arm32-sysregs-out)/$$(arm32-sysregs-$(1)-h) 351cleanfiles := $$(cleanfiles) $$(arm32-sysregs-out)/$$(arm32-sysregs-$(1)-h) 352 353$$(arm32-sysregs-out)/$$(arm32-sysregs-$(1)-h): $(1) scripts/arm32_sysreg.py 354 @$(cmd-echo-silent) ' GEN $$@' 355 $(q)mkdir -p $$(dir $$@) 356 $(q)scripts/arm32_sysreg.py --guard __$$(arm32-sysregs-$(1)-h) \ 357 < $$< > $$@ 358 359FORCE-GENSRC$(sm): $$(arm32-sysregs-out)/$$(arm32-sysregs-$(1)-s) 360cleanfiles := $$(cleanfiles) $$(arm32-sysregs-out)/$$(arm32-sysregs-$(1)-s) 361 362$$(arm32-sysregs-out)/$$(arm32-sysregs-$(1)-s): $(1) scripts/arm32_sysreg.py 363 @$(cmd-echo-silent) ' GEN $$@' 364 $(q)mkdir -p $$(dir $$@) 365 $(q)scripts/arm32_sysreg.py --s_file < $$< > $$@ 366endef #process-arm32-sysreg 367 368$(foreach sr, $(arm32-sysregs), $(eval $(call process-arm32-sysreg,$(sr)))) 369