1# 2# Copyright (c) 2013-2025, Arm Limited and Contributors. All rights reserved. 3# 4# SPDX-License-Identifier: BSD-3-Clause 5# 6 7# 8# Trusted Firmware Version 9# 10VERSION_MAJOR := 2 11VERSION_MINOR := 12 12# VERSION_PATCH is only used for LTS releases 13VERSION_PATCH := 0 14VERSION := ${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH} 15 16# Default goal is build all images 17.DEFAULT_GOAL := all 18 19# Avoid any implicit propagation of command line variable definitions to 20# sub-Makefiles, like CFLAGS that we reserved for the firmware images' 21# usage. Other command line options like "-s" are still propagated as usual. 22MAKEOVERRIDES = 23 24MAKE_HELPERS_DIRECTORY := make_helpers/ 25include ${MAKE_HELPERS_DIRECTORY}build_macros.mk 26include ${MAKE_HELPERS_DIRECTORY}build-rules.mk 27include ${MAKE_HELPERS_DIRECTORY}common.mk 28 29################################################################################ 30# Default values for build configurations, and their dependencies 31################################################################################ 32 33include ${MAKE_HELPERS_DIRECTORY}defaults.mk 34PLAT := ${DEFAULT_PLAT} 35include ${MAKE_HELPERS_DIRECTORY}plat_helpers.mk 36 37# To be able to set platform specific defaults 38ifneq ($(PLAT_DEFAULTS_MAKEFILE_FULL),) 39include ${PLAT_DEFAULTS_MAKEFILE_FULL} 40endif 41 42################################################################################ 43# Configure the toolchains used to build TF-A and its tools 44################################################################################ 45 46include ${MAKE_HELPERS_DIRECTORY}toolchain.mk 47 48# Assertions enabled for DEBUG builds by default 49ENABLE_ASSERTIONS := ${DEBUG} 50ENABLE_PMF := ${ENABLE_RUNTIME_INSTRUMENTATION} 51 52################################################################################ 53# Checkpatch script options 54################################################################################ 55 56CHECKCODE_ARGS := --no-patch 57# Do not check the coding style on imported library files or documentation files 58INC_DRV_DIRS_TO_CHECK := $(sort $(filter-out \ 59 include/drivers/arm, \ 60 $(wildcard include/drivers/*))) 61INC_LIB_DIRS_TO_CHECK := $(sort $(filter-out \ 62 include/lib/libfdt \ 63 include/lib/libc, \ 64 $(wildcard include/lib/*))) 65INC_DIRS_TO_CHECK := $(sort $(filter-out \ 66 include/lib \ 67 include/drivers, \ 68 $(wildcard include/*))) 69LIB_DIRS_TO_CHECK := $(sort $(filter-out \ 70 lib/compiler-rt \ 71 lib/libfdt% \ 72 lib/libc, \ 73 lib/zlib \ 74 $(wildcard lib/*))) 75ROOT_DIRS_TO_CHECK := $(sort $(filter-out \ 76 lib \ 77 include \ 78 docs \ 79 %.rst, \ 80 $(wildcard *))) 81CHECK_PATHS := ${ROOT_DIRS_TO_CHECK} \ 82 ${INC_DIRS_TO_CHECK} \ 83 ${INC_LIB_DIRS_TO_CHECK} \ 84 ${LIB_DIRS_TO_CHECK} \ 85 ${INC_DRV_DIRS_TO_CHECK} \ 86 ${INC_ARM_DIRS_TO_CHECK} 87 88################################################################################ 89# Process build options 90################################################################################ 91 92ifeq ($(verbose),) 93 CHECKCODE_ARGS += --no-summary --terse 94endif 95 96################################################################################ 97# Auxiliary tools (fiptool, cert_create, etc) 98################################################################################ 99 100# Variables for use with Certificate Generation Tool 101CRTTOOLPATH ?= tools/cert_create 102CRTTOOL ?= ${CRTTOOLPATH}/cert_create$(.exe) 103 104# Variables for use with Firmware Encryption Tool 105ENCTOOLPATH ?= tools/encrypt_fw 106ENCTOOL ?= ${ENCTOOLPATH}/encrypt_fw$(.exe) 107 108# Variables for use with Firmware Image Package 109FIPTOOLPATH ?= tools/fiptool 110FIPTOOL ?= ${FIPTOOLPATH}/fiptool$(.exe) 111 112# Variables for use with sptool 113SPTOOLPATH ?= tools/sptool 114SPTOOL ?= ${SPTOOLPATH}/sptool.py 115SP_MK_GEN ?= ${SPTOOLPATH}/sp_mk_generator.py 116SP_DTS_LIST_FRAGMENT ?= ${BUILD_PLAT}/sp_list_fragment.dts 117 118# Variables for use with sptool 119TLCTOOL ?= poetry run tlc 120 121# Variables for use with ROMLIB 122ROMLIBPATH ?= lib/romlib 123 124# Variable for use with Python 125PYTHON ?= python3 126 127# Variables for use with documentation build using Sphinx tool 128DOCS_PATH ?= docs 129 130################################################################################ 131# Compiler Configuration based on ARCH_MAJOR and ARCH_MINOR flags 132################################################################################ 133ifeq (${ARM_ARCH_MAJOR},7) 134 target32-directive = -target arm-none-eabi 135# Will set march-directive from platform configuration 136else 137 target32-directive = -target armv8a-none-eabi 138endif #(ARM_ARCH_MAJOR) 139 140################################################################################ 141# Get Architecture Feature Modifiers 142################################################################################ 143arch-features = ${ARM_ARCH_FEATURE} 144 145ifneq ($(filter %-clang,$($(ARCH)-cc-id)),) 146 ifeq ($($(ARCH)-cc-id),arm-clang) 147 TF_CFLAGS_aarch32 := -target arm-arm-none-eabi 148 TF_CFLAGS_aarch64 := -target aarch64-arm-none-eabi 149 else 150 TF_CFLAGS_aarch32 = $(target32-directive) 151 TF_CFLAGS_aarch64 := -target aarch64-unknown-none-elf 152 endif 153 154else ifeq ($($(ARCH)-cc-id),gnu-gcc) 155 # Enable LTO only for aarch64 156 ifeq (${ARCH},aarch64) 157 LTO_CFLAGS = $(if $(filter-out 0,$(ENABLE_LTO)),-flto) 158 endif 159endif #(clang) 160 161# Process Debug flag 162$(eval $(call add_define,DEBUG)) 163ifneq (${DEBUG}, 0) 164 BUILD_TYPE := debug 165 TF_CFLAGS += -g -gdwarf-4 166 ASFLAGS += -g -Wa,-gdwarf-4 167 168 # Use LOG_LEVEL_INFO by default for debug builds 169 LOG_LEVEL := 40 170else 171 BUILD_TYPE := release 172 # Use LOG_LEVEL_NOTICE by default for release builds 173 LOG_LEVEL := 20 174endif #(Debug) 175 176# Default build string (git branch and commit) 177ifeq (${BUILD_STRING},) 178 BUILD_STRING := $(shell git describe --always --dirty --tags 2> /dev/null) 179endif 180VERSION_STRING := v${VERSION}(${BUILD_TYPE}):${BUILD_STRING} 181 182ifeq (${AARCH32_INSTRUCTION_SET},A32) 183 TF_CFLAGS_aarch32 += -marm 184else ifeq (${AARCH32_INSTRUCTION_SET},T32) 185 TF_CFLAGS_aarch32 += -mthumb 186else 187 $(error Error: Unknown AArch32 instruction set ${AARCH32_INSTRUCTION_SET}) 188endif #(AARCH32_INSTRUCTION_SET) 189 190TF_CFLAGS_aarch32 += -mno-unaligned-access 191TF_CFLAGS_aarch64 += -mgeneral-regs-only -mstrict-align 192 193############################################################################## 194# WARNINGS Configuration 195############################################################################### 196# General warnings 197WARNINGS := -Wall -Wmissing-include-dirs -Wunused \ 198 -Wdisabled-optimization -Wvla -Wshadow \ 199 -Wredundant-decls 200# stricter warnings 201WARNINGS += -Wextra -Wno-trigraphs 202# too verbose for generic build 203WARNINGS += -Wno-missing-field-initializers \ 204 -Wno-type-limits -Wno-sign-compare \ 205# on clang this flag gets reset if -Wextra is set after it. No difference on gcc 206WARNINGS += -Wno-unused-parameter 207 208# Additional warnings 209# Level 1 - infrequent warnings we should have none of 210# full -Wextra 211WARNING1 += -Wsign-compare 212WARNING1 += -Wtype-limits 213WARNING1 += -Wmissing-field-initializers 214 215# Level 2 - problematic warnings that we want 216# zlib, compiler-rt, coreboot, and mbdedtls blow up with these 217# TODO: disable just for them and move into default build 218WARNING2 += -Wold-style-definition 219WARNING2 += -Wmissing-prototypes 220WARNING2 += -Wmissing-format-attribute 221# TF-A aims to comply with this eventually. Effort too large at present 222WARNING2 += -Wundef 223# currently very involved and many platforms set this off 224WARNING2 += -Wunused-const-variable=2 225 226# Level 3 - very pedantic, frequently ignored 227WARNING3 := -Wbad-function-cast 228WARNING3 += -Waggregate-return 229WARNING3 += -Wnested-externs 230WARNING3 += -Wcast-align 231WARNING3 += -Wcast-qual 232WARNING3 += -Wconversion 233WARNING3 += -Wpacked 234WARNING3 += -Wpointer-arith 235WARNING3 += -Wswitch-default 236 237# Setting W is quite verbose and most warnings will be pre-existing issues 238# outside of the contributor's control. Don't fail the build on them so warnings 239# can be seen and hopefully addressed 240ifdef W 241 ifneq (${W},0) 242 E ?= 0 243 endif 244endif 245 246ifeq (${W},1) 247 WARNINGS += $(WARNING1) 248else ifeq (${W},2) 249 WARNINGS += $(WARNING1) $(WARNING2) 250else ifeq (${W},3) 251 WARNINGS += $(WARNING1) $(WARNING2) $(WARNING3) 252endif #(W) 253 254# Compiler specific warnings 255ifeq ($(filter %-clang,$($(ARCH)-cc-id)),) 256# not using clang 257WARNINGS += -Wunused-but-set-variable -Wmaybe-uninitialized \ 258 -Wpacked-bitfield-compat -Wshift-overflow=2 \ 259 -Wlogical-op 260 261# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105523 262TF_CFLAGS_MIN_PAGE_SIZE := $(call cc_option, --param=min-pagesize=0) 263TF_CFLAGS += $(TF_CFLAGS_MIN_PAGE_SIZE) 264 265ifeq ($(HARDEN_SLS), 1) 266 TF_CFLAGS_MHARDEN_SLS := $(call cc_option, -mharden-sls=all) 267 TF_CFLAGS_aarch64 += $(TF_CFLAGS_MHARDEN_SLS) 268endif 269 270else 271# using clang 272WARNINGS += -Wshift-overflow -Wshift-sign-overflow \ 273 -Wlogical-op-parentheses 274endif #(Clang Warning) 275 276ifneq (${E},0) 277 ERRORS := -Werror 278endif #(E) 279 280################################################################################ 281# Compiler and Linker Directives 282################################################################################ 283CPPFLAGS = ${DEFINES} ${INCLUDES} ${MBEDTLS_INC} -nostdinc \ 284 $(ERRORS) $(WARNINGS) 285ASFLAGS += $(CPPFLAGS) \ 286 -ffreestanding -Wa,--fatal-warnings 287TF_CFLAGS += $(CPPFLAGS) $(TF_CFLAGS_$(ARCH)) \ 288 -ffunction-sections -fdata-sections \ 289 -ffreestanding -fno-common \ 290 -Os -std=gnu99 291 292ifeq (${SANITIZE_UB},on) 293 TF_CFLAGS += -fsanitize=undefined -fno-sanitize-recover 294endif #(${SANITIZE_UB},on) 295 296ifeq (${SANITIZE_UB},trap) 297 TF_CFLAGS += -fsanitize=undefined -fno-sanitize-recover \ 298 -fsanitize-undefined-trap-on-error 299endif #(${SANITIZE_UB},trap) 300 301GCC_V_OUTPUT := $(if $($(ARCH)-cc),$(shell $($(ARCH)-cc) -v 2>&1)) 302 303TF_LDFLAGS += -z noexecstack 304 305# LD = armlink 306ifeq ($($(ARCH)-ld-id),arm-link) 307 TF_LDFLAGS += --diag_error=warning --lto_level=O1 308 TF_LDFLAGS += --remove --info=unused,unusedsymbols 309 TF_LDFLAGS += $(TF_LDFLAGS_$(ARCH)) 310 311# LD = gcc (used when GCC LTO is enabled) 312else ifeq ($($(ARCH)-ld-id),gnu-gcc) 313 # Pass ld options with Wl or Xlinker switches 314 TF_LDFLAGS += $(call ld_option,-Xlinker --no-warn-rwx-segments) 315 TF_LDFLAGS += -Wl,--fatal-warnings -O1 316 TF_LDFLAGS += -Wl,--gc-sections 317 318 TF_LDFLAGS += -Wl,-z,common-page-size=4096 #Configure page size constants 319 TF_LDFLAGS += -Wl,-z,max-page-size=4096 320 TF_LDFLAGS += -Wl,--build-id=none 321 322 ifeq ($(ENABLE_LTO),1) 323 ifeq (${ARCH},aarch64) 324 TF_LDFLAGS += -flto -fuse-linker-plugin 325 TF_LDFLAGS += -flto-partition=one 326 endif 327 endif #(ENABLE_LTO) 328 329# GCC automatically adds fix-cortex-a53-843419 flag when used to link 330# which breaks some builds, so disable if errata fix is not explicitly enabled 331 ifeq (${ARCH},aarch64) 332 ifneq (${ERRATA_A53_843419},1) 333 TF_LDFLAGS += -mno-fix-cortex-a53-843419 334 endif 335 endif 336 TF_LDFLAGS += -nostdlib 337 TF_LDFLAGS += $(subst --,-Xlinker --,$(TF_LDFLAGS_$(ARCH))) 338 339# LD = gcc-ld (ld) or llvm-ld (ld.lld) or other 340else 341# With ld.bfd version 2.39 and newer new warnings are added. Skip those since we 342# are not loaded by a elf loader. 343 TF_LDFLAGS += $(call ld_option, --no-warn-rwx-segments) 344 TF_LDFLAGS += -O1 345 TF_LDFLAGS += --gc-sections 346 347 TF_LDFLAGS += -z common-page-size=4096 # Configure page size constants 348 TF_LDFLAGS += -z max-page-size=4096 349 TF_LDFLAGS += --build-id=none 350 351# ld.lld doesn't recognize the errata flags, 352# therefore don't add those in that case. 353# ld.lld reports section type mismatch warnings, 354# therefore don't add --fatal-warnings to it. 355 ifneq ($($(ARCH)-ld-id),llvm-lld) 356 TF_LDFLAGS += $(TF_LDFLAGS_$(ARCH)) --fatal-warnings 357 endif 358 359endif #(LD = armlink) 360 361################################################################################ 362# Setup ARCH_MAJOR/MINOR before parsing arch_features. 363################################################################################ 364ifeq (${ENABLE_RME},1) 365 ARM_ARCH_MAJOR := 9 366 ARM_ARCH_MINOR := 2 367endif 368 369################################################################################ 370# Common sources and include directories 371################################################################################ 372include lib/compiler-rt/compiler-rt.mk 373 374# Allow overriding the timestamp, for example for reproducible builds, or to 375# synchronize timestamps across multiple projects. 376# This must be set to a C string (including quotes where applicable). 377BUILD_MESSAGE_TIMESTAMP ?= __TIME__", "__DATE__ 378 379DEFINES += -DBUILD_MESSAGE_TIMESTAMP='$(BUILD_MESSAGE_TIMESTAMP)' 380DEFINES += -DBUILD_MESSAGE_VERSION_STRING='"$(VERSION_STRING)"' 381DEFINES += -DBUILD_MESSAGE_VERSION='"$(VERSION)"' 382 383BL_COMMON_SOURCES += common/bl_common.c \ 384 common/tf_log.c \ 385 common/${ARCH}/debug.S \ 386 drivers/console/multi_console.c \ 387 lib/${ARCH}/cache_helpers.S \ 388 lib/${ARCH}/misc_helpers.S \ 389 lib/extensions/pmuv3/${ARCH}/pmuv3.c \ 390 plat/common/plat_bl_common.c \ 391 plat/common/plat_log_common.c \ 392 plat/common/${ARCH}/plat_common.c \ 393 plat/common/${ARCH}/platform_helpers.S \ 394 ${COMPILER_RT_SRCS} 395 396ifeq ($($(ARCH)-cc-id),arm-clang) 397 BL_COMMON_SOURCES += lib/${ARCH}/armclang_printf.S 398endif 399 400ifeq (${SANITIZE_UB},on) 401 BL_COMMON_SOURCES += plat/common/ubsan.c 402endif 403 404INCLUDES += -Iinclude \ 405 -Iinclude/arch/${ARCH} \ 406 -Iinclude/lib/cpus/${ARCH} \ 407 -Iinclude/lib/el3_runtime/${ARCH} \ 408 ${PLAT_INCLUDES} \ 409 ${SPD_INCLUDES} 410 411DTC_FLAGS += -I dts -O dtb 412DTC_CPPFLAGS += -P -nostdinc $(INCLUDES) -Ifdts -undef \ 413 -x assembler-with-cpp $(DEFINES) 414 415include common/backtrace/backtrace.mk 416 417################################################################################ 418# Generic definitions 419################################################################################ 420 421ifeq (${BUILD_BASE},) 422 BUILD_BASE := ./build 423endif 424BUILD_PLAT := $(abspath ${BUILD_BASE})/${PLAT}/${BUILD_TYPE} 425 426SPDS := $(sort $(filter-out none, $(patsubst services/spd/%,%,$(wildcard services/spd/*)))) 427 428# Platforms providing their own TBB makefile may override this value 429INCLUDE_TBBR_MK := 1 430 431################################################################################ 432# Include SPD Makefile if one has been specified 433################################################################################ 434 435ifneq (${SPD},none) 436 ifeq (${SPD},spmd) 437 # SPMD is located in std_svc directory 438 SPD_DIR := std_svc 439 440 ifeq ($(SPMD_SPM_AT_SEL2),1) 441 CTX_INCLUDE_EL2_REGS := 1 442 endif 443 444 ifeq ($(findstring optee_sp,$(ARM_SPMC_MANIFEST_DTS)),optee_sp) 445 DTC_CPPFLAGS += -DOPTEE_SP_FW_CONFIG 446 endif 447 448 ifeq ($(findstring trusty_sp,$(ARM_SPMC_MANIFEST_DTS)),trusty_sp) 449 DTC_CPPFLAGS += -DTRUSTY_SP_FW_CONFIG 450 endif 451 452 ifeq ($(TS_SP_FW_CONFIG),1) 453 DTC_CPPFLAGS += -DTS_SP_FW_CONFIG 454 endif 455 456 ifneq ($(ARM_BL2_SP_LIST_DTS),) 457 DTC_CPPFLAGS += -DARM_BL2_SP_LIST_DTS=$(ARM_BL2_SP_LIST_DTS) 458 endif 459 460 ifneq ($(SP_LAYOUT_FILE),) 461 BL2_ENABLE_SP_LOAD := 1 462 endif 463 else 464 # All other SPDs in spd directory 465 SPD_DIR := spd 466 endif #(SPD) 467 468 # We expect to locate an spd.mk under the specified SPD directory 469 SPD_MAKE := $(wildcard services/${SPD_DIR}/${SPD}/${SPD}.mk) 470 471 ifeq (${SPD_MAKE},) 472 $(error Error: No services/${SPD_DIR}/${SPD}/${SPD}.mk located) 473 endif 474 $(info Including ${SPD_MAKE}) 475 include ${SPD_MAKE} 476 477 # If there's BL32 companion for the chosen SPD, we expect that the SPD's 478 # Makefile would set NEED_BL32 to "yes". In this case, the build system 479 # supports two mutually exclusive options: 480 # * BL32 is built from source: then BL32_SOURCES must contain the list 481 # of source files to build BL32 482 # * BL32 is a prebuilt binary: then BL32 must point to the image file 483 # that will be included in the FIP 484 # If both BL32_SOURCES and BL32 are defined, the binary takes precedence 485 # over the sources. 486endif #(SPD=none) 487 488################################################################################ 489# Include the platform specific Makefile after the SPD Makefile (the platform 490# makefile may use all previous definitions in this file) 491################################################################################ 492include ${PLAT_MAKEFILE_FULL} 493 494################################################################################ 495# Setup arch_features based on ARM_ARCH_MAJOR, ARM_ARCH_MINOR provided from 496# platform. 497################################################################################ 498 499include ${MAKE_HELPERS_DIRECTORY}arch_features.mk 500################################################################################ 501# Process BRANCH_PROTECTION value and set 502# Pointer Authentication and Branch Target Identification flags 503################################################################################ 504ifeq (${BRANCH_PROTECTION},0) 505 # Default value turns off all types of branch protection 506 BP_OPTION := none 507else ifneq (${ARCH},aarch64) 508 $(error BRANCH_PROTECTION requires AArch64) 509else ifeq (${BRANCH_PROTECTION},1) 510 # Enables all types of branch protection features 511 BP_OPTION := standard 512 ENABLE_BTI := 1 513 ENABLE_PAUTH := 1 514else ifeq (${BRANCH_PROTECTION},2) 515 # Return address signing to its standard level 516 BP_OPTION := pac-ret 517 ENABLE_PAUTH := 1 518else ifeq (${BRANCH_PROTECTION},3) 519 # Extend the signing to include leaf functions 520 BP_OPTION := pac-ret+leaf 521 ENABLE_PAUTH := 1 522else ifeq (${BRANCH_PROTECTION},4) 523 # Turn on branch target identification mechanism 524 BP_OPTION := bti 525 ENABLE_BTI := 1 526else ifeq (${BRANCH_PROTECTION},5) 527 # Turn on branch target identification mechanism 528 BP_OPTION := standard 529 ENABLE_BTI := 2 530 ENABLE_PAUTH := 2 531else 532 $(error Unknown BRANCH_PROTECTION value ${BRANCH_PROTECTION}) 533endif #(BRANCH_PROTECTION) 534 535ifneq ($(ENABLE_PAUTH),0) 536 CTX_INCLUDE_PAUTH_REGS := ${ENABLE_PAUTH} 537endif 538ifneq (${BP_OPTION},none) 539 TF_CFLAGS_aarch64 += -mbranch-protection=${BP_OPTION} 540endif #(BP_OPTION) 541 542# Pointer Authentication sources 543ifneq (${ENABLE_PAUTH},0) 544# arm/common/aarch64/arm_pauth.c contains a sample platform hook to complete the 545# Pauth support. As it's not secure, it must be reimplemented for real platforms 546 BL_COMMON_SOURCES += lib/extensions/pauth/pauth.c 547endif 548 549#################################################### 550# Enable required options for Memory Stack Tagging. 551#################################################### 552 553# Currently, these options are enabled only for clang and armclang compiler. 554ifeq (${SUPPORT_STACK_MEMTAG},yes) 555 ifdef mem_tag_arch_support 556 # Check for armclang and clang compilers 557 ifneq ($(filter %-clang,$($(ARCH)-cc-id)),) 558 # Add "memtag" architecture feature modifier if not specified 559 ifeq ( ,$(findstring memtag,$(arch-features))) 560 arch-features := $(arch-features)+memtag 561 endif # memtag 562 ifeq ($($(ARCH)-cc-id),arm-clang) 563 TF_CFLAGS += -mmemtag-stack 564 else ifeq ($($(ARCH)-cc-id),llvm-clang) 565 TF_CFLAGS += -fsanitize=memtag 566 endif # armclang 567 endif 568 else 569 $(error "Error: stack memory tagging is not supported for \ 570 architecture ${ARCH},armv${ARM_ARCH_MAJOR}.${ARM_ARCH_MINOR}-a") 571 endif #(mem_tag_arch_support) 572endif #(SUPPORT_STACK_MEMTAG) 573 574################################################################################ 575# RME dependent flags configuration, Enable optional features for RME. 576################################################################################ 577# FEAT_RME 578ifeq (${ENABLE_RME},1) 579 # RME requires AARCH64 580 ifneq (${ARCH},aarch64) 581 $(error ENABLE_RME requires AArch64) 582 endif 583 584 # RME requires el2 context to be saved for now. 585 CTX_INCLUDE_EL2_REGS := 1 586 CTX_INCLUDE_AARCH32_REGS := 0 587 CTX_INCLUDE_PAUTH_REGS := 1 588 589 ifneq ($(ENABLE_FEAT_MPAM), 0) 590 CTX_INCLUDE_MPAM_REGS := 1 591 endif 592 593 # RME enables CSV2_2 extension by default. 594 ENABLE_FEAT_CSV2_2 = 1 595endif #(FEAT_RME) 596 597################################################################################ 598# Include rmmd Makefile if RME is enabled 599################################################################################ 600ifneq (${ENABLE_RME},0) 601 ifneq (${ARCH},aarch64) 602 $(error ENABLE_RME requires AArch64) 603 endif 604 ifeq ($(SPMC_AT_EL3),1) 605 $(error SPMC_AT_EL3 and ENABLE_RME cannot both be enabled.) 606 endif 607 608 ifneq (${SPD}, none) 609 ifneq (${SPD}, spmd) 610 $(error ENABLE_RME is incompatible with SPD=${SPD}. Use SPD=spmd) 611 endif 612 endif 613include services/std_svc/rmmd/rmmd.mk 614$(warning "RME is an experimental feature") 615endif 616 617ifeq (${CTX_INCLUDE_EL2_REGS}, 1) 618 ifeq (${SPD},none) 619 ifeq (${ENABLE_RME},0) 620 $(error CTX_INCLUDE_EL2_REGS is available only when SPD \ 621 or RME is enabled) 622 endif 623 endif 624endif 625 626################################################################################ 627# Verify FEAT_RME, FEAT_SCTLR2 and FEAT_TCR2 are enabled if FEAT_MEC is enabled. 628################################################################################ 629 630ifneq (${ENABLE_FEAT_MEC},0) 631 ifeq (${ENABLE_RME},0) 632 $(error FEAT_RME must be enabled when FEAT_MEC is enabled.) 633 endif 634 ifeq (${ENABLE_FEAT_TCR2},0) 635 $(error FEAT_TCR2 must be enabled when FEAT_MEC is enabled.) 636 endif 637 ifeq (${ENABLE_FEAT_SCTLR2},0) 638 $(error FEAT_SCTLR2 must be enabled when FEAT_MEC is enabled.) 639 endif 640endif 641 642################################################################################ 643# Make 128-Bit sysreg read/writes availabe when FEAT_D128 is enabled. 644################################################################################ 645ifneq (${ENABLE_FEAT_D128}, 0) 646 BL_COMMON_SOURCES += lib/extensions/sysreg128/sysreg128.S 647endif 648 649################################################################################ 650# Platform specific Makefile might provide us ARCH_MAJOR/MINOR use that to come 651# up with appropriate march values for compiler. 652################################################################################ 653include ${MAKE_HELPERS_DIRECTORY}march.mk 654 655TF_CFLAGS += $(march-directive) 656ASFLAGS += $(march-directive) 657 658# This internal flag is common option which is set to 1 for scenarios 659# when the BL2 is running in EL3 level. This occurs in two scenarios - 660# 4 world system running BL2 at EL3 and two world system without BL1 running 661# BL2 in EL3 662 663ifeq (${RESET_TO_BL2},1) 664 BL2_RUNS_AT_EL3 := 1 665 ifeq (${ENABLE_RME},1) 666 $(error RESET_TO_BL2=1 and ENABLE_RME=1 configuration is not \ 667 supported at the moment.) 668 endif 669else ifeq (${ENABLE_RME},1) 670 BL2_RUNS_AT_EL3 := 1 671else 672 BL2_RUNS_AT_EL3 := 0 673endif 674 675# This internal flag is set to 1 when Firmware First handling of External aborts 676# is required by lowe ELs. Currently only NS requires this support. 677ifeq ($(HANDLE_EA_EL3_FIRST_NS),1) 678 FFH_SUPPORT := 1 679else 680 FFH_SUPPORT := 0 681endif 682 683ifeq (${ARM_ARCH_MAJOR},7) 684include make_helpers/armv7-a-cpus.mk 685endif 686 687PIE_FOUND := $(findstring --enable-default-pie,${GCC_V_OUTPUT}) 688ifneq ($(PIE_FOUND),) 689 TF_CFLAGS += -fno-PIE 690ifeq ($($(ARCH)-ld-id),gnu-gcc) 691 TF_LDFLAGS += -no-pie 692endif 693endif #(PIE_FOUND) 694 695ifeq ($($(ARCH)-ld-id),gnu-gcc) 696 PIE_LDFLAGS += -Wl,-pie -Wl,--no-dynamic-linker 697else 698 PIE_LDFLAGS += -pie --no-dynamic-linker 699endif 700 701ifeq ($(ENABLE_PIE),1) 702 ifeq ($(RESET_TO_BL2),1) 703 ifneq ($(BL2_IN_XIP_MEM),1) 704 BL2_CPPFLAGS += -fpie 705 BL2_CFLAGS += -fpie 706 BL2_LDFLAGS += $(PIE_LDFLAGS) 707 endif #(BL2_IN_XIP_MEM) 708 endif #(RESET_TO_BL2) 709 BL31_CPPFLAGS += -fpie 710 BL31_CFLAGS += -fpie 711 BL31_LDFLAGS += $(PIE_LDFLAGS) 712 713 BL32_CPPFLAGS += -fpie 714 BL32_CFLAGS += -fpie 715 BL32_LDFLAGS += $(PIE_LDFLAGS) 716endif #(ENABLE_PIE) 717 718BL1_CPPFLAGS += -DREPORT_ERRATA=${DEBUG} 719BL31_CPPFLAGS += -DREPORT_ERRATA=${DEBUG} 720BL32_CPPFLAGS += -DREPORT_ERRATA=${DEBUG} 721 722BL1_CPPFLAGS += -DIMAGE_AT_EL3 723ifeq ($(RESET_TO_BL2),1) 724 BL2_CPPFLAGS += -DIMAGE_AT_EL3 725else 726 BL2_CPPFLAGS += -DIMAGE_AT_EL1 727endif #(RESET_TO_BL2) 728 729ifeq (${ARCH},aarch64) 730 BL2U_CPPFLAGS += -DIMAGE_AT_EL1 731 BL31_CPPFLAGS += -DIMAGE_AT_EL3 732 BL32_CPPFLAGS += -DIMAGE_AT_EL1 733else 734 BL32_CPPFLAGS += -DIMAGE_AT_EL3 735endif 736 737# Include the CPU specific operations makefile, which provides default 738# values for all CPU errata workarounds and CPU specific optimisations. 739# This can be overridden by the platform. 740include lib/cpus/cpu-ops.mk 741 742################################################################################ 743# Build `AARCH32_SP` as BL32 image for AArch32 744################################################################################ 745ifeq (${ARCH},aarch32) 746 NEED_BL32 := yes 747 748 ifneq (${AARCH32_SP},none) 749 # We expect to locate an sp.mk under the specified AARCH32_SP directory 750 AARCH32_SP_MAKE := $(wildcard bl32/${AARCH32_SP}/${AARCH32_SP}.mk) 751 752 ifeq (${AARCH32_SP_MAKE},) 753 $(error Error: No bl32/${AARCH32_SP}/${AARCH32_SP}.mk located) 754 endif 755 $(info Including ${AARCH32_SP_MAKE}) 756 include ${AARCH32_SP_MAKE} 757 endif 758endif #(ARCH=aarch32) 759 760################################################################################ 761# Include libc if not overridden 762################################################################################ 763ifeq (${OVERRIDE_LIBC},0) 764include lib/libc/libc.mk 765endif 766 767ifneq (${USE_GIC_DRIVER},0) 768include drivers/arm/gic/gic.mk 769endif 770 771################################################################################ 772# Check incompatible options and dependencies 773################################################################################ 774 775# Handle all invalid build configurations with SPMD usage. 776ifeq (${ENABLE_SPMD_LP}, 1) 777ifneq (${SPD},spmd) 778 $(error Error: ENABLE_SPMD_LP requires SPD=spmd.) 779endif 780ifeq ($(SPMC_AT_EL3),1) 781 $(error SPMC at EL3 not supported when enabling SPMD Logical partitions.) 782endif 783endif 784 785ifneq (${SPD},none) 786ifeq (${ARCH},aarch32) 787 $(error "Error: SPD is incompatible with AArch32.") 788endif 789ifdef EL3_PAYLOAD_BASE 790 $(warning "SPD and EL3_PAYLOAD_BASE are incompatible build options.") 791 $(warning "The SPD and its BL32 companion will be present but ignored.") 792endif 793ifeq (${SPD},spmd) 794ifeq ($(SPMD_SPM_AT_SEL2),1) 795 ifeq ($(SPMC_AT_EL3),1) 796 $(error SPM cannot be enabled in both S-EL2 and EL3.) 797 endif 798 ifeq ($(CTX_INCLUDE_SVE_REGS),1) 799 $(error SVE context management not needed with Hafnium SPMC.) 800 endif 801endif 802 803ifeq ($(SPMC_AT_EL3_SEL0_SP),1) 804 ifneq ($(SPMC_AT_EL3),1) 805 $(error SEL0 SP cannot be enabled without SPMC at EL3) 806 endif 807endif 808endif #(SPD=spmd) 809endif #(SPD!=none) 810 811# USE_DEBUGFS experimental feature recommended only in debug builds 812ifeq (${USE_DEBUGFS},1) 813 ifeq (${DEBUG},1) 814 $(warning DEBUGFS experimental feature is enabled.) 815 else 816 $(warning DEBUGFS experimental, recommended in DEBUG builds ONLY) 817 endif 818endif #(USE_DEBUGFS) 819 820# USE_SPINLOCK_CAS requires AArch64 build 821ifeq (${USE_SPINLOCK_CAS},1) 822 ifneq (${ARCH},aarch64) 823 $(error USE_SPINLOCK_CAS requires AArch64) 824 endif 825endif #(USE_SPINLOCK_CAS) 826 827# The cert_create tool cannot generate certificates individually, so we use the 828# target 'certificates' to create them all 829ifneq (${GENERATE_COT},0) 830 FIP_DEPS += certificates 831 FWU_FIP_DEPS += fwu_certificates 832endif 833 834ifneq (${DECRYPTION_SUPPORT},none) 835 ENC_ARGS += -f ${FW_ENC_STATUS} 836 ENC_ARGS += -k ${ENC_KEY} 837 ENC_ARGS += -n ${ENC_NONCE} 838 FIP_DEPS += enctool 839 FWU_FIP_DEPS += enctool 840endif #(DECRYPTION_SUPPORT) 841 842ifdef EL3_PAYLOAD_BASE 843 ifdef PRELOADED_BL33_BASE 844 $(warning "PRELOADED_BL33_BASE and EL3_PAYLOAD_BASE are \ 845 incompatible build options. EL3_PAYLOAD_BASE has priority.") 846 endif 847 ifneq (${GENERATE_COT},0) 848 $(error "GENERATE_COT and EL3_PAYLOAD_BASE are incompatible \ 849 build options.") 850 endif 851 ifneq (${TRUSTED_BOARD_BOOT},0) 852 $(error "TRUSTED_BOARD_BOOT and EL3_PAYLOAD_BASE are \ 853 incompatible \ build options.") 854 endif 855endif #(EL3_PAYLOAD_BASE) 856 857ifeq (${NEED_BL33},yes) 858 ifdef EL3_PAYLOAD_BASE 859 $(warning "BL33 image is not needed when option \ 860 BL33_PAYLOAD_BASE is used and won't be added to the FIP file.") 861 endif 862 ifdef PRELOADED_BL33_BASE 863 $(warning "BL33 image is not needed when option \ 864 PRELOADED_BL33_BASE is used and won't be added to the FIP file.") 865 endif 866endif #(NEED_BL33) 867 868# When building for systems with hardware-assisted coherency, there's no need to 869# use USE_COHERENT_MEM. Require that USE_COHERENT_MEM must be set to 0 too. 870ifeq ($(HW_ASSISTED_COHERENCY)-$(USE_COHERENT_MEM),1-1) 871 $(error USE_COHERENT_MEM cannot be enabled with HW_ASSISTED_COHERENCY) 872endif 873 874#For now, BL2_IN_XIP_MEM is only supported when RESET_TO_BL2 is 1. 875ifeq ($(RESET_TO_BL2)-$(BL2_IN_XIP_MEM),0-1) 876 $(error "BL2_IN_XIP_MEM is only supported when RESET_TO_BL2 is enabled") 877endif 878 879# RAS_EXTENSION is deprecated, provide alternate build options 880ifeq ($(RAS_EXTENSION),1) 881 $(error "RAS_EXTENSION is now deprecated, please use ENABLE_FEAT_RAS \ 882 and HANDLE_EA_EL3_FIRST_NS instead") 883endif 884 885 886# When FAULT_INJECTION_SUPPORT is used, require that FEAT_RAS is enabled 887ifeq ($(FAULT_INJECTION_SUPPORT),1) 888 ifeq ($(ENABLE_FEAT_RAS),0) 889 $(error For FAULT_INJECTION_SUPPORT, ENABLE_FEAT_RAS must not be 0) 890 endif 891endif #(FAULT_INJECTION_SUPPORT) 892 893# DYN_DISABLE_AUTH can be set only when TRUSTED_BOARD_BOOT=1 894ifeq ($(DYN_DISABLE_AUTH), 1) 895 ifeq (${TRUSTED_BOARD_BOOT}, 0) 896 $(error "TRUSTED_BOARD_BOOT must be enabled for DYN_DISABLE_AUTH \ 897 to be set.") 898 endif 899endif #(DYN_DISABLE_AUTH) 900 901ifeq ($(MEASURED_BOOT)-$(TRUSTED_BOARD_BOOT),1-1) 902# Support authentication verification and hash calculation 903 CRYPTO_SUPPORT := 3 904else ifeq ($(DRTM_SUPPORT)-$(TRUSTED_BOARD_BOOT),1-1) 905# Support authentication verification and hash calculation 906 CRYPTO_SUPPORT := 3 907else ifneq ($(filter 1,${MEASURED_BOOT} ${DRTM_SUPPORT}),) 908# Support hash calculation only 909 CRYPTO_SUPPORT := 2 910else ifeq (${TRUSTED_BOARD_BOOT},1) 911# Support authentication verification only 912 CRYPTO_SUPPORT := 1 913else 914 CRYPTO_SUPPORT := 0 915endif #($(MEASURED_BOOT)-$(TRUSTED_BOARD_BOOT)) 916 917ifneq ($(filter 1 2 3,$(CRYPTO_SUPPORT)),) 918CRYPTO_LIB := $(BUILD_PLAT)/lib/libmbedtls.a 919endif 920 921# SDEI_IN_FCONF is only supported when SDEI_SUPPORT is enabled. 922ifeq ($(SDEI_SUPPORT)-$(SDEI_IN_FCONF),0-1) 923 $(error "SDEI_IN_FCONF is only supported when SDEI_SUPPORT is enabled") 924endif 925 926# If pointer authentication is used in the firmware, make sure that all the 927# registers associated to it are also saved and restored. 928# Not doing it would leak the value of the keys used by EL3 to EL1 and S-EL1. 929ifneq ($(ENABLE_PAUTH),0) 930 ifeq ($(CTX_INCLUDE_PAUTH_REGS),0) 931 $(error Pointer Authentication requires CTX_INCLUDE_PAUTH_REGS to be enabled) 932 endif 933endif #(ENABLE_PAUTH) 934 935ifneq ($(CTX_INCLUDE_PAUTH_REGS),0) 936 ifneq (${ARCH},aarch64) 937 $(error CTX_INCLUDE_PAUTH_REGS requires AArch64) 938 endif 939endif #(CTX_INCLUDE_PAUTH_REGS) 940 941# Check ENABLE_FEAT_PAUTH_LR 942ifneq (${ENABLE_FEAT_PAUTH_LR},0) 943 944# Make sure PAUTH is enabled 945ifeq (${ENABLE_PAUTH},0) 946 $(error Error: PAUTH_LR cannot be used without PAUTH (see BRANCH_PROTECTION)) 947endif 948 949# Make sure SCTLR2 is enabled 950ifeq (${ENABLE_FEAT_SCTLR2},0) 951 $(error Error: PAUTH_LR cannot be used without ENABLE_FEAT_SCTLR2) 952endif 953 954# FEAT_PAUTH_LR is only supported in aarch64 state 955ifneq (${ARCH},aarch64) 956 $(error ENABLE_FEAT_PAUTH_LR requires AArch64) 957endif 958 959# Currently, FEAT_PAUTH_LR is only supported by arm/clang compilers 960# TODO implement for GCC when support is added 961ifeq ($($(ARCH)-cc-id),arm-clang) 962 arch-features := $(arch-features)+pauth-lr 963else 964 $(error Error: ENABLE_FEAT_PAUTH_LR not supported for GCC compiler) 965endif 966 967endif # ${ENABLE_FEAT_PAUTH_LR} 968 969ifeq ($(FEATURE_DETECTION),1) 970 $(info FEATURE_DETECTION is an experimental feature) 971endif #(FEATURE_DETECTION) 972 973ifneq ($(ENABLE_SME2_FOR_NS), 0) 974 ifeq (${ENABLE_SME_FOR_NS}, 0) 975 $(warning "ENABLE_SME2_FOR_NS requires ENABLE_SME_FOR_NS also \ 976 to be set") 977 $(warning "Forced ENABLE_SME_FOR_NS=1") 978 override ENABLE_SME_FOR_NS := 1 979 endif 980endif #(ENABLE_SME2_FOR_NS) 981 982ifeq (${ARM_XLAT_TABLES_LIB_V1}, 1) 983 ifeq (${ALLOW_RO_XLAT_TABLES}, 1) 984 $(error "ALLOW_RO_XLAT_TABLES requires translation tables \ 985 library v2") 986 endif 987endif #(ARM_XLAT_TABLES_LIB_V1) 988 989ifneq (${DECRYPTION_SUPPORT},none) 990 ifeq (${TRUSTED_BOARD_BOOT}, 0) 991 $(error TRUSTED_BOARD_BOOT must be enabled for DECRYPTION_SUPPORT \ 992 to be set) 993 endif 994endif #(DECRYPTION_SUPPORT) 995 996# Ensure that no Aarch64-only features are enabled in Aarch32 build 997ifeq (${ARCH},aarch32) 998 999 # SME/SVE only supported on AArch64 1000 ifneq (${ENABLE_SME_FOR_NS},0) 1001 $(error "ENABLE_SME_FOR_NS cannot be used with ARCH=aarch32") 1002 endif 1003 1004 ifeq (${ENABLE_SVE_FOR_NS},1) 1005 # Warning instead of error due to CI dependency on this 1006 $(error "ENABLE_SVE_FOR_NS cannot be used with ARCH=aarch32") 1007 endif 1008 1009 # BRBE is not supported in AArch32 1010 ifeq (${ENABLE_BRBE_FOR_NS},1) 1011 $(error "ENABLE_BRBE_FOR_NS cannot be used with ARCH=aarch32") 1012 endif 1013 1014 # FEAT_RNG_TRAP is not supported in AArch32 1015 ifneq (${ENABLE_FEAT_RNG_TRAP},0) 1016 $(error "ENABLE_FEAT_RNG_TRAP cannot be used with ARCH=aarch32") 1017 endif 1018 1019 ifneq (${ENABLE_FEAT_FPMR},0) 1020 $(error "ENABLE_FEAT_FPMR cannot be used with ARCH=aarch32") 1021 endif 1022 1023 ifeq (${ARCH_FEATURE_AVAILABILITY},1) 1024 $(error "ARCH_FEATURE_AVAILABILITY cannot be used with ARCH=aarch32") 1025 endif 1026 # FEAT_MOPS is only supported on AArch64 1027 ifneq (${ENABLE_FEAT_MOPS},0) 1028 $(error "ENABLE_FEAT_MOPS cannot be used with ARCH=aarch32") 1029 endif 1030endif #(ARCH=aarch32) 1031 1032ifneq (${ENABLE_FEAT_FPMR},0) 1033 ifeq (${ENABLE_FEAT_FGT},0) 1034 $(error "ENABLE_FEAT_FPMR requires ENABLE_FEAT_FGT") 1035 endif 1036 ifeq (${ENABLE_FEAT_HCX},0) 1037 $(error "ENABLE_FEAT_FPMR requires ENABLE_FEAT_HCX") 1038 endif 1039endif #(ENABLE_FEAT_FPMR) 1040 1041ifneq (${ENABLE_SME_FOR_NS},0) 1042 ifeq (${ENABLE_SVE_FOR_NS},0) 1043 $(error "ENABLE_SME_FOR_NS requires ENABLE_SVE_FOR_NS") 1044 endif 1045endif #(ENABLE_SME_FOR_NS) 1046 1047# Secure SME/SVE requires the non-secure component as well 1048ifeq (${ENABLE_SME_FOR_SWD},1) 1049 ifeq (${ENABLE_SME_FOR_NS},0) 1050 $(error "ENABLE_SME_FOR_SWD requires ENABLE_SME_FOR_NS") 1051 endif 1052 ifeq (${ENABLE_SVE_FOR_SWD},0) 1053 $(error "ENABLE_SME_FOR_SWD requires ENABLE_SVE_FOR_SWD") 1054 endif 1055endif #(ENABLE_SME_FOR_SWD) 1056 1057# Enabling SVE for SWD requires enabling SVE for NWD due to ENABLE_FEAT 1058# mechanism. 1059ifeq (${ENABLE_SVE_FOR_SWD},1) 1060 ifeq (${ENABLE_SVE_FOR_NS},0) 1061 $(error "ENABLE_SVE_FOR_SWD requires ENABLE_SVE_FOR_NS") 1062 endif 1063endif 1064 1065# Enabling FEAT_MOPS requires access to hcrx_el2 registers which is 1066# available only when FEAT_HCX is enabled. 1067ifneq (${ENABLE_FEAT_MOPS},0) 1068 ifeq (${ENABLE_FEAT_HCX},0) 1069 $(error "ENABLE_FEAT_MOPS requires ENABLE_FEAT_HCX") 1070 endif 1071endif 1072 1073# Enabling SVE for both the worlds typically requires the context 1074# management of SVE registers. The only exception being SPMC at S-EL2. 1075ifeq (${ENABLE_SVE_FOR_SWD}, 1) 1076 ifneq (${ENABLE_SVE_FOR_NS}, 0) 1077 ifeq (${CTX_INCLUDE_SVE_REGS}-$(SPMD_SPM_AT_SEL2),0-0) 1078 $(warning "ENABLE_SVE_FOR_SWD and ENABLE_SVE_FOR_NS together require CTX_INCLUDE_SVE_REGS") 1079 endif 1080 endif 1081endif 1082 1083# Enabling SVE in either world while enabling CTX_INCLUDE_FPREGS requires 1084# CTX_INCLUDE_SVE_REGS to be enabled due to architectural dependency between FP 1085# and SVE registers. 1086ifeq (${CTX_INCLUDE_FPREGS}, 1) 1087 ifneq (${ENABLE_SVE_FOR_NS},0) 1088 ifeq (${CTX_INCLUDE_SVE_REGS},0) 1089 # Warning instead of error due to CI dependency on this 1090 $(warning "CTX_INCLUDE_FPREGS and ENABLE_SVE_FOR_NS together require CTX_INCLUDE_SVE_REGS") 1091 $(warning "Forced ENABLE_SVE_FOR_NS=0") 1092 override ENABLE_SVE_FOR_NS := 0 1093 endif 1094 endif 1095endif #(CTX_INCLUDE_FPREGS) 1096 1097# SVE context management is only required if secure world has access to SVE/FP 1098# functionality. 1099ifeq (${CTX_INCLUDE_SVE_REGS},1) 1100 ifeq (${ENABLE_SVE_FOR_SWD},0) 1101 $(error "CTX_INCLUDE_SVE_REGS requires ENABLE_SVE_FOR_SWD to also be enabled") 1102 endif 1103endif 1104 1105# SME cannot be used with CTX_INCLUDE_FPREGS since SPM does its own context 1106# management including FPU registers. 1107ifeq (${CTX_INCLUDE_FPREGS},1) 1108 ifneq (${ENABLE_SME_FOR_NS},0) 1109 $(error "ENABLE_SME_FOR_NS cannot be used with CTX_INCLUDE_FPREGS") 1110 endif 1111endif #(CTX_INCLUDE_FPREGS) 1112 1113ifeq ($(DRTM_SUPPORT),1) 1114 $(info DRTM_SUPPORT is an experimental feature) 1115endif 1116 1117ifeq (${HOB_LIST},1) 1118 $(warning HOB_LIST is an experimental feature) 1119endif 1120 1121ifeq (${TRANSFER_LIST},1) 1122 $(info TRANSFER_LIST is an experimental feature) 1123endif 1124 1125ifeq (${ENABLE_RME},1) 1126 ifneq (${SEPARATE_CODE_AND_RODATA},1) 1127 $(error `ENABLE_RME=1` requires `SEPARATE_CODE_AND_RODATA=1`) 1128 endif 1129endif 1130 1131ifeq ($(PSA_CRYPTO),1) 1132 $(info PSA_CRYPTO is an experimental feature) 1133endif 1134 1135ifeq ($(DICE_PROTECTION_ENVIRONMENT),1) 1136 $(info DICE_PROTECTION_ENVIRONMENT is an experimental feature) 1137endif 1138 1139################################################################################ 1140# Process platform overrideable behaviour 1141################################################################################ 1142 1143ifdef BL1_SOURCES 1144 NEED_BL1 := yes 1145endif #(BL1_SOURCES) 1146 1147ifdef BL2_SOURCES 1148 NEED_BL2 := yes 1149 1150 # Using BL2 implies that a BL33 image also needs to be supplied for the FIP and 1151 # Certificate generation tools. This flag can be overridden by the platform. 1152 ifdef EL3_PAYLOAD_BASE 1153 # If booting an EL3 payload there is no need for a BL33 image 1154 # in the FIP file. 1155 NEED_BL33 := no 1156 else 1157 ifdef PRELOADED_BL33_BASE 1158 # If booting a BL33 preloaded image there is no need of 1159 # another one in the FIP file. 1160 NEED_BL33 := no 1161 else 1162 NEED_BL33 ?= yes 1163 endif 1164 endif 1165endif #(BL2_SOURCES) 1166 1167ifdef BL2U_SOURCES 1168 NEED_BL2U := yes 1169endif #(BL2U_SOURCES) 1170 1171# If SCP_BL2 is given, we always want FIP to include it. 1172ifdef SCP_BL2 1173 NEED_SCP_BL2 := yes 1174endif #(SCP_BL2) 1175 1176# For AArch32, BL31 is not currently supported. 1177ifneq (${ARCH},aarch32) 1178 ifdef BL31_SOURCES 1179 # When booting an EL3 payload, there is no need to compile the BL31 1180 # image nor put it in the FIP. 1181 ifndef EL3_PAYLOAD_BASE 1182 NEED_BL31 := yes 1183 endif 1184 endif 1185endif #(ARCH=aarch64) 1186 1187# Process TBB related flags 1188ifneq (${GENERATE_COT},0) 1189 # Common cert_create options 1190 ifneq (${CREATE_KEYS},0) 1191 $(eval CRT_ARGS += -n) 1192 $(eval FWU_CRT_ARGS += -n) 1193 ifneq (${SAVE_KEYS},0) 1194 $(eval CRT_ARGS += -k) 1195 $(eval FWU_CRT_ARGS += -k) 1196 endif 1197 endif 1198 # Include TBBR makefile (unless the platform indicates otherwise) 1199 ifeq (${INCLUDE_TBBR_MK},1) 1200 include make_helpers/tbbr/tbbr_tools.mk 1201 endif 1202endif #(GENERATE_COT) 1203 1204ifneq (${FIP_ALIGN},0) 1205 FIP_ARGS += --align ${FIP_ALIGN} 1206endif #(FIP_ALIGN) 1207 1208ifdef FDT_SOURCES 1209 NEED_FDT := yes 1210endif #(FDT_SOURCES) 1211 1212################################################################################ 1213# Include libraries' Makefile that are used in all BL 1214################################################################################ 1215 1216include lib/stack_protector/stack_protector.mk 1217 1218################################################################################ 1219# Include BL specific makefiles 1220################################################################################ 1221 1222ifeq (${NEED_BL1},yes) 1223include bl1/bl1.mk 1224endif 1225 1226ifeq (${NEED_BL2},yes) 1227include bl2/bl2.mk 1228endif 1229 1230ifeq (${NEED_BL2U},yes) 1231include bl2u/bl2u.mk 1232endif 1233 1234ifeq (${NEED_BL31},yes) 1235include bl31/bl31.mk 1236endif 1237 1238################################################################################ 1239# Build options checks 1240################################################################################ 1241 1242# Boolean_Flags 1243$(eval $(call assert_booleans,\ 1244 $(sort \ 1245 ALLOW_RO_XLAT_TABLES \ 1246 BL2_ENABLE_SP_LOAD \ 1247 COLD_BOOT_SINGLE_CPU \ 1248 CREATE_KEYS \ 1249 CTX_INCLUDE_AARCH32_REGS \ 1250 CTX_INCLUDE_FPREGS \ 1251 CTX_INCLUDE_SVE_REGS \ 1252 CTX_INCLUDE_EL2_REGS \ 1253 CTX_INCLUDE_MPAM_REGS \ 1254 DEBUG \ 1255 DYN_DISABLE_AUTH \ 1256 EL3_EXCEPTION_HANDLING \ 1257 ENABLE_AMU_AUXILIARY_COUNTERS \ 1258 AMU_RESTRICT_COUNTERS \ 1259 ENABLE_ASSERTIONS \ 1260 ENABLE_PIE \ 1261 ENABLE_PMF \ 1262 ENABLE_PSCI_STAT \ 1263 ENABLE_RUNTIME_INSTRUMENTATION \ 1264 ENABLE_SME_FOR_SWD \ 1265 ENABLE_SVE_FOR_SWD \ 1266 ENABLE_FEAT_RAS \ 1267 FFH_SUPPORT \ 1268 ERROR_DEPRECATED \ 1269 FAULT_INJECTION_SUPPORT \ 1270 GENERATE_COT \ 1271 GICV2_G0_FOR_EL3 \ 1272 HANDLE_EA_EL3_FIRST_NS \ 1273 HARDEN_SLS \ 1274 HW_ASSISTED_COHERENCY \ 1275 MEASURED_BOOT \ 1276 DISCRETE_TPM \ 1277 DICE_PROTECTION_ENVIRONMENT \ 1278 RMMD_ENABLE_EL3_TOKEN_SIGN \ 1279 RMMD_ENABLE_IDE_KEY_PROG \ 1280 DRTM_SUPPORT \ 1281 NS_TIMER_SWITCH \ 1282 OVERRIDE_LIBC \ 1283 PL011_GENERIC_UART \ 1284 PROGRAMMABLE_RESET_ADDRESS \ 1285 PSCI_EXTENDED_STATE_ID \ 1286 PSCI_OS_INIT_MODE \ 1287 ARCH_FEATURE_AVAILABILITY \ 1288 RESET_TO_BL31 \ 1289 SAVE_KEYS \ 1290 SEPARATE_CODE_AND_RODATA \ 1291 SEPARATE_BL2_NOLOAD_REGION \ 1292 SEPARATE_NOBITS_REGION \ 1293 SEPARATE_RWDATA_REGION \ 1294 SEPARATE_SIMD_SECTION \ 1295 SPIN_ON_BL1_EXIT \ 1296 SPM_MM \ 1297 SPMC_AT_EL3 \ 1298 SPMC_AT_EL3_SEL0_SP \ 1299 SPMD_SPM_AT_SEL2 \ 1300 ENABLE_SPMD_LP \ 1301 TRANSFER_LIST \ 1302 TRUSTED_BOARD_BOOT \ 1303 USE_COHERENT_MEM \ 1304 USE_DEBUGFS \ 1305 ARM_IO_IN_DTB \ 1306 SDEI_IN_FCONF \ 1307 SEC_INT_DESC_IN_FCONF \ 1308 USE_ROMLIB \ 1309 USE_TBBR_DEFS \ 1310 WARMBOOT_ENABLE_DCACHE_EARLY \ 1311 RESET_TO_BL2 \ 1312 BL2_IN_XIP_MEM \ 1313 BL2_INV_DCACHE \ 1314 USE_SPINLOCK_CAS \ 1315 ENCRYPT_BL31 \ 1316 ENCRYPT_BL32 \ 1317 ERRATA_SPECULATIVE_AT \ 1318 ERRATA_SME_POWER_DOWN \ 1319 RAS_TRAP_NS_ERR_REC_ACCESS \ 1320 COT_DESC_IN_DTB \ 1321 USE_SP804_TIMER \ 1322 PSA_FWU_SUPPORT \ 1323 PSA_FWU_METADATA_FW_STORE_DESC \ 1324 ENABLE_MPMM \ 1325 FEAT_PABANDON \ 1326 FEATURE_DETECTION \ 1327 TRNG_SUPPORT \ 1328 ENABLE_ERRATA_ALL \ 1329 ERRATA_ABI_SUPPORT \ 1330 ERRATA_NON_ARM_INTERCONNECT \ 1331 CONDITIONAL_CMO \ 1332 PSA_CRYPTO \ 1333 ENABLE_CONSOLE_GETC \ 1334 INIT_UNUSED_NS_EL2 \ 1335 PLATFORM_REPORT_CTX_MEM_USE \ 1336 EARLY_CONSOLE \ 1337 PRESERVE_DSU_PMU_REGS \ 1338 HOB_LIST \ 1339))) 1340 1341# Numeric_Flags 1342$(eval $(call assert_numerics,\ 1343 $(sort \ 1344 ARM_ARCH_MAJOR \ 1345 ARM_ARCH_MINOR \ 1346 BRANCH_PROTECTION \ 1347 CTX_INCLUDE_PAUTH_REGS \ 1348 CTX_INCLUDE_NEVE_REGS \ 1349 CRYPTO_SUPPORT \ 1350 DISABLE_MTPMU \ 1351 ENABLE_BRBE_FOR_NS \ 1352 ENABLE_TRBE_FOR_NS \ 1353 ENABLE_BTI \ 1354 ENABLE_PAUTH \ 1355 ENABLE_FEAT_PAUTH_LR \ 1356 ENABLE_FEAT_AMU \ 1357 ENABLE_FEAT_AMUv1p1 \ 1358 ENABLE_FEAT_CSV2_2 \ 1359 ENABLE_FEAT_CSV2_3 \ 1360 ENABLE_FEAT_DEBUGV8P9 \ 1361 ENABLE_FEAT_DIT \ 1362 ENABLE_FEAT_ECV \ 1363 ENABLE_FEAT_FGT \ 1364 ENABLE_FEAT_FGT2 \ 1365 ENABLE_FEAT_FPMR \ 1366 ENABLE_FEAT_HCX \ 1367 ENABLE_FEAT_LS64_ACCDATA \ 1368 ENABLE_FEAT_MEC \ 1369 ENABLE_FEAT_MOPS \ 1370 ENABLE_FEAT_MTE2 \ 1371 ENABLE_FEAT_PAN \ 1372 ENABLE_FEAT_RNG \ 1373 ENABLE_FEAT_RNG_TRAP \ 1374 ENABLE_FEAT_SEL2 \ 1375 ENABLE_FEAT_TCR2 \ 1376 ENABLE_FEAT_THE \ 1377 ENABLE_FEAT_SB \ 1378 ENABLE_FEAT_S2PIE \ 1379 ENABLE_FEAT_S1PIE \ 1380 ENABLE_FEAT_S2POE \ 1381 ENABLE_FEAT_S1POE \ 1382 ENABLE_FEAT_SCTLR2 \ 1383 ENABLE_FEAT_D128 \ 1384 ENABLE_FEAT_GCS \ 1385 ENABLE_FEAT_VHE \ 1386 ENABLE_FEAT_MPAM \ 1387 ENABLE_RME \ 1388 ENABLE_SPE_FOR_NS \ 1389 ENABLE_SYS_REG_TRACE_FOR_NS \ 1390 ENABLE_SME_FOR_NS \ 1391 ENABLE_SME2_FOR_NS \ 1392 ENABLE_SVE_FOR_NS \ 1393 ENABLE_TRF_FOR_NS \ 1394 FW_ENC_STATUS \ 1395 NR_OF_FW_BANKS \ 1396 NR_OF_IMAGES_IN_FW_BANK \ 1397 TWED_DELAY \ 1398 ENABLE_FEAT_TWED \ 1399 SVE_VECTOR_LEN \ 1400 IMPDEF_SYSREG_TRAP \ 1401))) 1402 1403ifdef KEY_SIZE 1404 $(eval $(call assert_numeric,KEY_SIZE)) 1405endif 1406 1407ifeq ($(filter $(SANITIZE_UB), on off trap),) 1408 $(error "Invalid value for SANITIZE_UB: can be one of on, off, trap") 1409endif 1410 1411################################################################################ 1412# Add definitions to the cpp preprocessor based on the current build options. 1413# This is done after including the platform specific makefile to allow the 1414# platform to overwrite the default options 1415################################################################################ 1416 1417$(eval $(call add_defines,\ 1418 $(sort \ 1419 ALLOW_RO_XLAT_TABLES \ 1420 ARM_ARCH_MAJOR \ 1421 ARM_ARCH_MINOR \ 1422 BL2_ENABLE_SP_LOAD \ 1423 COLD_BOOT_SINGLE_CPU \ 1424 CTX_INCLUDE_AARCH32_REGS \ 1425 CTX_INCLUDE_FPREGS \ 1426 CTX_INCLUDE_SVE_REGS \ 1427 CTX_INCLUDE_PAUTH_REGS \ 1428 CTX_INCLUDE_MPAM_REGS \ 1429 EL3_EXCEPTION_HANDLING \ 1430 CTX_INCLUDE_EL2_REGS \ 1431 CTX_INCLUDE_NEVE_REGS \ 1432 DECRYPTION_SUPPORT_${DECRYPTION_SUPPORT} \ 1433 DISABLE_MTPMU \ 1434 ENABLE_FEAT_AMU \ 1435 ENABLE_AMU_AUXILIARY_COUNTERS \ 1436 AMU_RESTRICT_COUNTERS \ 1437 ENABLE_ASSERTIONS \ 1438 ENABLE_BTI \ 1439 ENABLE_FEAT_DEBUGV8P9 \ 1440 ENABLE_FEAT_MPAM \ 1441 ENABLE_PAUTH \ 1442 ENABLE_FEAT_PAUTH_LR \ 1443 ENABLE_PIE \ 1444 ENABLE_PMF \ 1445 ENABLE_PSCI_STAT \ 1446 ENABLE_RME \ 1447 RMMD_ENABLE_EL3_TOKEN_SIGN \ 1448 RMMD_ENABLE_IDE_KEY_PROG \ 1449 ENABLE_RUNTIME_INSTRUMENTATION \ 1450 ENABLE_SME_FOR_NS \ 1451 ENABLE_SME2_FOR_NS \ 1452 ENABLE_SME_FOR_SWD \ 1453 ENABLE_SPE_FOR_NS \ 1454 ENABLE_SVE_FOR_NS \ 1455 ENABLE_SVE_FOR_SWD \ 1456 ENABLE_FEAT_RAS \ 1457 FFH_SUPPORT \ 1458 ENCRYPT_BL31 \ 1459 ENCRYPT_BL32 \ 1460 ERROR_DEPRECATED \ 1461 FAULT_INJECTION_SUPPORT \ 1462 GICV2_G0_FOR_EL3 \ 1463 HANDLE_EA_EL3_FIRST_NS \ 1464 HW_ASSISTED_COHERENCY \ 1465 LOG_LEVEL \ 1466 MEASURED_BOOT \ 1467 DISCRETE_TPM \ 1468 DICE_PROTECTION_ENVIRONMENT \ 1469 DRTM_SUPPORT \ 1470 NS_TIMER_SWITCH \ 1471 PL011_GENERIC_UART \ 1472 PLAT_${PLAT} \ 1473 PROGRAMMABLE_RESET_ADDRESS \ 1474 PSCI_EXTENDED_STATE_ID \ 1475 PSCI_OS_INIT_MODE \ 1476 ARCH_FEATURE_AVAILABILITY \ 1477 RESET_TO_BL31 \ 1478 RME_GPT_BITLOCK_BLOCK \ 1479 RME_GPT_MAX_BLOCK \ 1480 SEPARATE_CODE_AND_RODATA \ 1481 SEPARATE_BL2_NOLOAD_REGION \ 1482 SEPARATE_NOBITS_REGION \ 1483 SEPARATE_RWDATA_REGION \ 1484 SEPARATE_SIMD_SECTION \ 1485 RECLAIM_INIT_CODE \ 1486 SPD_${SPD} \ 1487 SPIN_ON_BL1_EXIT \ 1488 SPM_MM \ 1489 SPMC_AT_EL3 \ 1490 SPMC_AT_EL3_SEL0_SP \ 1491 SPMD_SPM_AT_SEL2 \ 1492 TRANSFER_LIST \ 1493 TRUSTED_BOARD_BOOT \ 1494 CRYPTO_SUPPORT \ 1495 TRNG_SUPPORT \ 1496 ERRATA_ABI_SUPPORT \ 1497 ERRATA_NON_ARM_INTERCONNECT \ 1498 USE_COHERENT_MEM \ 1499 USE_DEBUGFS \ 1500 ARM_IO_IN_DTB \ 1501 SDEI_IN_FCONF \ 1502 SEC_INT_DESC_IN_FCONF \ 1503 USE_ROMLIB \ 1504 USE_TBBR_DEFS \ 1505 WARMBOOT_ENABLE_DCACHE_EARLY \ 1506 RESET_TO_BL2 \ 1507 BL2_RUNS_AT_EL3 \ 1508 BL2_IN_XIP_MEM \ 1509 BL2_INV_DCACHE \ 1510 USE_SPINLOCK_CAS \ 1511 ERRATA_SPECULATIVE_AT \ 1512 ERRATA_SME_POWER_DOWN \ 1513 RAS_TRAP_NS_ERR_REC_ACCESS \ 1514 COT_DESC_IN_DTB \ 1515 USE_SP804_TIMER \ 1516 ENABLE_FEAT_RNG \ 1517 ENABLE_FEAT_RNG_TRAP \ 1518 ENABLE_FEAT_SB \ 1519 ENABLE_FEAT_DIT \ 1520 NR_OF_FW_BANKS \ 1521 NR_OF_IMAGES_IN_FW_BANK \ 1522 PSA_FWU_SUPPORT \ 1523 PSA_FWU_METADATA_FW_STORE_DESC \ 1524 ENABLE_BRBE_FOR_NS \ 1525 ENABLE_TRBE_FOR_NS \ 1526 ENABLE_SYS_REG_TRACE_FOR_NS \ 1527 ENABLE_TRF_FOR_NS \ 1528 ENABLE_FEAT_HCX \ 1529 ENABLE_MPMM \ 1530 FEAT_PABANDON \ 1531 ENABLE_FEAT_FGT \ 1532 ENABLE_FEAT_FGT2 \ 1533 ENABLE_FEAT_FPMR \ 1534 ENABLE_FEAT_ECV \ 1535 ENABLE_FEAT_AMUv1p1 \ 1536 ENABLE_FEAT_SEL2 \ 1537 ENABLE_FEAT_VHE \ 1538 ENABLE_FEAT_CSV2_2 \ 1539 ENABLE_FEAT_CSV2_3 \ 1540 ENABLE_FEAT_LS64_ACCDATA \ 1541 ENABLE_FEAT_MEC \ 1542 ENABLE_FEAT_PAN \ 1543 ENABLE_FEAT_TCR2 \ 1544 ENABLE_FEAT_THE \ 1545 ENABLE_FEAT_S2PIE \ 1546 ENABLE_FEAT_S1PIE \ 1547 ENABLE_FEAT_S2POE \ 1548 ENABLE_FEAT_S1POE \ 1549 ENABLE_FEAT_SCTLR2 \ 1550 ENABLE_FEAT_D128 \ 1551 ENABLE_FEAT_GCS \ 1552 ENABLE_FEAT_MOPS \ 1553 ENABLE_FEAT_MTE2 \ 1554 FEATURE_DETECTION \ 1555 TWED_DELAY \ 1556 ENABLE_FEAT_TWED \ 1557 CONDITIONAL_CMO \ 1558 IMPDEF_SYSREG_TRAP \ 1559 SVE_VECTOR_LEN \ 1560 ENABLE_SPMD_LP \ 1561 PSA_CRYPTO \ 1562 ENABLE_CONSOLE_GETC \ 1563 INIT_UNUSED_NS_EL2 \ 1564 PLATFORM_REPORT_CTX_MEM_USE \ 1565 EARLY_CONSOLE \ 1566 PRESERVE_DSU_PMU_REGS \ 1567 HOB_LIST \ 1568))) 1569 1570ifeq (${PLATFORM_REPORT_CTX_MEM_USE}, 1) 1571ifeq (${DEBUG}, 0) 1572 $(warning "PLATFORM_REPORT_CTX_MEM_USE can be applied when DEBUG=1 only") 1573 override PLATFORM_REPORT_CTX_MEM_USE := 0 1574endif 1575endif 1576 1577ifeq (${SANITIZE_UB},trap) 1578 $(eval $(call add_define,MONITOR_TRAPS)) 1579endif #(SANITIZE_UB) 1580 1581# Define the EL3_PAYLOAD_BASE flag only if it is provided. 1582ifdef EL3_PAYLOAD_BASE 1583 $(eval $(call add_define,EL3_PAYLOAD_BASE)) 1584else 1585# Define the PRELOADED_BL33_BASE flag only if it is provided and 1586# EL3_PAYLOAD_BASE is not defined, as it has priority. 1587 ifdef PRELOADED_BL33_BASE 1588 $(eval $(call add_define,PRELOADED_BL33_BASE)) 1589 endif 1590endif #(EL3_PAYLOAD_BASE) 1591 1592# Define the DYN_DISABLE_AUTH flag only if set. 1593ifeq (${DYN_DISABLE_AUTH},1) 1594 $(eval $(call add_define,DYN_DISABLE_AUTH)) 1595endif 1596 1597ifeq ($($(ARCH)-ld-id),arm-link) 1598 $(eval $(call add_define,USE_ARM_LINK)) 1599endif 1600 1601# Generate and include sp_gen.mk if SPD is spmd and SP_LAYOUT_FILE is defined 1602ifeq (${SPD},spmd) 1603ifdef SP_LAYOUT_FILE 1604 -include $(BUILD_PLAT)/sp_gen.mk 1605 FIP_DEPS += sp 1606 CRT_DEPS += sp 1607 NEED_SP_PKG := yes 1608else 1609 ifeq (${SPMD_SPM_AT_SEL2},1) 1610 $(error "SPMD with SPM at S-EL2 require SP_LAYOUT_FILE") 1611 endif 1612endif #(SP_LAYOUT_FILE) 1613endif #(SPD) 1614 1615################################################################################ 1616# Build targets 1617################################################################################ 1618 1619.PHONY: all msg_start clean realclean distclean cscope locate-checkpatch checkcodebase checkpatch fiptool sptool fip sp tl fwu_fip certtool dtbs memmap doc enctool 1620 1621all: msg_start 1622 1623msg_start: 1624 $(s)echo "Building ${PLAT}" 1625 1626ifeq (${ERROR_DEPRECATED},0) 1627# Check if deprecated declarations and cpp warnings should be treated as error or not. 1628ifneq ($(filter %-clang,$($(ARCH)-cc-id)),) 1629 CPPFLAGS += -Wno-error=deprecated-declarations 1630else 1631 CPPFLAGS += -Wno-error=deprecated-declarations -Wno-error=cpp 1632endif 1633endif #(!ERROR_DEPRECATED) 1634 1635$(eval $(call MAKE_LIB,c)) 1636 1637# Expand build macros for the different images 1638ifeq (${NEED_BL1},yes) 1639BL1_SOURCES := $(sort ${BL1_SOURCES}) 1640$(eval $(call MAKE_BL,bl1)) 1641endif #(NEED_BL1) 1642 1643ifeq (${NEED_BL2},yes) 1644 1645ifeq (${RESET_TO_BL2}, 0) 1646FIP_BL2_ARGS := tb-fw 1647endif 1648 1649BL2_SOURCES := $(sort ${BL2_SOURCES}) 1650 1651$(if ${BL2}, $(eval $(call TOOL_ADD_IMG,bl2,--${FIP_BL2_ARGS})),\ 1652 $(eval $(call MAKE_BL,bl2,${FIP_BL2_ARGS}))) 1653 1654endif #(NEED_BL2) 1655 1656ifeq (${NEED_SCP_BL2},yes) 1657$(eval $(call TOOL_ADD_IMG,scp_bl2,--scp-fw)) 1658endif #(NEED_SCP_BL2) 1659 1660ifeq (${NEED_BL31},yes) 1661BL31_SOURCES += ${SPD_SOURCES} 1662# Sort BL31 source files to remove duplicates 1663BL31_SOURCES := $(sort ${BL31_SOURCES}) 1664ifneq (${DECRYPTION_SUPPORT},none) 1665$(if ${BL31}, $(eval $(call TOOL_ADD_IMG,bl31,--soc-fw,,$(ENCRYPT_BL31))),\ 1666 $(eval $(call MAKE_BL,bl31,soc-fw,,$(ENCRYPT_BL31)))) 1667else 1668$(if ${BL31}, $(eval $(call TOOL_ADD_IMG,bl31,--soc-fw)),\ 1669 $(eval $(call MAKE_BL,bl31,soc-fw))) 1670endif #(DECRYPTION_SUPPORT) 1671endif #(NEED_BL31) 1672 1673# If a BL32 image is needed but neither BL32 nor BL32_SOURCES is defined, the 1674# build system will call TOOL_ADD_IMG to print a warning message and abort the 1675# process. Note that the dependency on BL32 applies to the FIP only. 1676ifeq (${NEED_BL32},yes) 1677# Sort BL32 source files to remove duplicates 1678BL32_SOURCES := $(sort ${BL32_SOURCES}) 1679BUILD_BL32 := $(if $(BL32),,$(if $(BL32_SOURCES),1)) 1680 1681ifneq (${DECRYPTION_SUPPORT},none) 1682$(if ${BUILD_BL32}, $(eval $(call MAKE_BL,bl32,tos-fw,,$(ENCRYPT_BL32))),\ 1683 $(eval $(call TOOL_ADD_IMG,bl32,--tos-fw,,$(ENCRYPT_BL32)))) 1684else 1685$(if ${BUILD_BL32}, $(eval $(call MAKE_BL,bl32,tos-fw)),\ 1686 $(eval $(call TOOL_ADD_IMG,bl32,--tos-fw))) 1687endif #(DECRYPTION_SUPPORT) 1688endif #(NEED_BL32) 1689 1690# If RMM image is needed but RMM is not defined, Test Realm Payload (TRP) 1691# needs to be built from RMM_SOURCES. 1692ifeq (${NEED_RMM},yes) 1693# Sort RMM source files to remove duplicates 1694RMM_SOURCES := $(sort ${RMM_SOURCES}) 1695BUILD_RMM := $(if $(RMM),,$(if $(RMM_SOURCES),1)) 1696 1697$(if ${BUILD_RMM}, $(eval $(call MAKE_BL,rmm,rmm-fw)),\ 1698 $(eval $(call TOOL_ADD_IMG,rmm,--rmm-fw))) 1699endif #(NEED_RMM) 1700 1701# Add the BL33 image if required by the platform 1702ifeq (${NEED_BL33},yes) 1703$(eval $(call TOOL_ADD_IMG,bl33,--nt-fw)) 1704endif #(NEED_BL33) 1705 1706ifeq (${NEED_BL2U},yes) 1707$(if ${BL2U}, $(eval $(call TOOL_ADD_IMG,bl2u,--ap-fwu-cfg,FWU_)),\ 1708 $(eval $(call MAKE_BL,bl2u,ap-fwu-cfg,FWU_))) 1709endif #(NEED_BL2U) 1710 1711# Expand build macros for the different images 1712ifeq (${NEED_FDT},yes) 1713 $(eval $(call MAKE_DTBS,$(BUILD_PLAT)/fdts,$(FDT_SOURCES))) 1714 1715 ifneq (${INITRD_SIZE}${INITRD_PATH},) 1716 ifndef INITRD_BASE 1717 $(error INITRD_BASE must be set when inserting initrd properties to the DTB.) 1718 endif 1719 1720 INITRD_SIZE ?= $(shell printf "0x%x\n" $$(stat -Lc %s $(INITRD_PATH))) 1721 initrd_end = $(shell printf "0x%x\n" $$(expr $$(($(INITRD_BASE) + $(INITRD_SIZE))))) 1722 1723 define $(HW_CONFIG)-after += 1724 $(s)echo " INITRD $(HW_CONFIG)" 1725 $(q)fdtput -t x $@ /chosen linux,initrd-start $(INITRD_BASE) 1726 $(q)fdtput -t x $@ /chosen linux,initrd-end $(initrd_end) 1727 endef 1728 endif 1729endif #(NEED_FDT) 1730 1731# Add Secure Partition packages 1732ifeq (${NEED_SP_PKG},yes) 1733$(BUILD_PLAT)/sp_gen.mk: ${SP_MK_GEN} ${SP_LAYOUT_FILE} | $$(@D)/ 1734 $(if $(host-poetry),$(q)poetry -q install --no-root) 1735 $(q)$(if $(host-poetry),poetry run )${PYTHON} "$<" "$@" $(filter-out $<,$^) $(BUILD_PLAT) ${COT} ${SP_DTS_LIST_FRAGMENT} 1736sp: $(DTBS) $(BUILD_PLAT)/sp_gen.mk $(SP_PKGS) 1737 $(s)echo 1738 $(s)echo "Built SP Images successfully" 1739 $(s)echo 1740endif #(NEED_SP_PKG) 1741 1742locate-checkpatch: 1743ifndef CHECKPATCH 1744 $(error "Please set CHECKPATCH to point to the Linux checkpatch.pl file, eg: CHECKPATCH=../linux/scripts/checkpatch.pl") 1745else 1746ifeq (,$(wildcard ${CHECKPATCH})) 1747 $(error "The file CHECKPATCH points to cannot be found, use eg: CHECKPATCH=../linux/scripts/checkpatch.pl") 1748endif 1749endif #(CHECKPATCH) 1750 1751clean: 1752 $(s)echo " CLEAN" 1753 $(q)rm -rf $(BUILD_PLAT) 1754 $(q)${MAKE} --no-print-directory -C ${FIPTOOLPATH} clean 1755 $(q)${MAKE} PLAT=${PLAT} --no-print-directory -C ${CRTTOOLPATH} clean 1756 $(q)${MAKE} PLAT=${PLAT} --no-print-directory -C ${ENCTOOLPATH} clean 1757 $(q)${MAKE} --no-print-directory -C ${ROMLIBPATH} clean 1758 1759realclean distclean: 1760 $(s)echo " REALCLEAN" 1761 $(q)rm -rf $(BUILD_BASE) 1762 $(q)rm -rf $(CURDIR)/cscope.* 1763 $(q)${MAKE} --no-print-directory -C ${FIPTOOLPATH} clean 1764 $(q)${MAKE} PLAT=${PLAT} --no-print-directory -C ${CRTTOOLPATH} realclean 1765 $(q)${MAKE} PLAT=${PLAT} --no-print-directory -C ${ENCTOOLPATH} realclean 1766 $(q)${MAKE} --no-print-directory -C ${ROMLIBPATH} clean 1767 1768checkcodebase: locate-checkpatch 1769 $(s)echo " CHECKING STYLE" 1770 $(q)if test -d .git ; then \ 1771 git ls-files | grep -E -v 'libfdt|libc|docs|\.rst' | \ 1772 while read GIT_FILE ; \ 1773 do ${CHECKPATCH} ${CHECKCODE_ARGS} -f $$GIT_FILE ; \ 1774 done ; \ 1775 else \ 1776 find . -type f -not -iwholename "*.git*" \ 1777 -not -iwholename "*build*" \ 1778 -not -iwholename "*libfdt*" \ 1779 -not -iwholename "*libc*" \ 1780 -not -iwholename "*docs*" \ 1781 -not -iwholename "*.rst" \ 1782 -exec ${CHECKPATCH} ${CHECKCODE_ARGS} -f {} \; ; \ 1783 fi 1784 1785checkpatch: locate-checkpatch 1786 $(s)echo " CHECKING STYLE" 1787 $(q)if test -n "${CHECKPATCH_OPTS}"; then \ 1788 echo " with ${CHECKPATCH_OPTS} option(s)"; \ 1789 fi 1790 $(q)COMMON_COMMIT=$$(git merge-base HEAD ${BASE_COMMIT}); \ 1791 for commit in `git rev-list --no-merges $$COMMON_COMMIT..HEAD`; \ 1792 do \ 1793 printf "\n[*] Checking style of '$$commit'\n\n"; \ 1794 ( git log --format=email "$$commit~..$$commit" \ 1795 -- ${CHECK_PATHS} ; \ 1796 git diff --format=email "$$commit~..$$commit" \ 1797 -- ${CHECK_PATHS}; ) | \ 1798 ${CHECKPATCH} ${CHECKPATCH_OPTS} - || true; \ 1799 done 1800 1801certtool: ${CRTTOOL} 1802 1803${CRTTOOL}: FORCE 1804 $(q)${MAKE} PLAT=${PLAT} USE_TBBR_DEFS=${USE_TBBR_DEFS} COT=${COT} OPENSSL_DIR=${OPENSSL_DIR} CRTTOOL=${CRTTOOL} DEBUG=${DEBUG} --no-print-directory -C ${CRTTOOLPATH} all 1805 $(s)echo 1806 $(s)echo "Built $@ successfully" 1807 $(s)echo 1808 1809ifneq (${GENERATE_COT},0) 1810certificates: ${CRT_DEPS} ${CRTTOOL} 1811 $(q)${CRTTOOL} ${CRT_ARGS} 1812 $(s)echo 1813 $(s)echo "Built $@ successfully" 1814 $(s)echo "Certificates can be found in ${BUILD_PLAT}" 1815 $(s)echo 1816endif #(GENERATE_COT) 1817 1818${BUILD_PLAT}/${FIP_NAME}: ${FIP_DEPS} ${FIPTOOL} 1819 $(eval ${CHECK_FIP_CMD}) 1820 $(q)${FIPTOOL} create ${FIP_ARGS} $@ 1821 $(q)${FIPTOOL} info $@ 1822 $(s)echo 1823 $(s)echo "Built $@ successfully" 1824 $(s)echo 1825 1826ifneq (${GENERATE_COT},0) 1827fwu_certificates: ${FWU_CRT_DEPS} ${CRTTOOL} 1828 $(q)${CRTTOOL} ${FWU_CRT_ARGS} 1829 $(s)echo 1830 $(s)echo "Built $@ successfully" 1831 $(s)echo "FWU certificates can be found in ${BUILD_PLAT}" 1832 $(s)echo 1833endif #(GENERATE_COT) 1834 1835${BUILD_PLAT}/${FWU_FIP_NAME}: ${FWU_FIP_DEPS} ${FIPTOOL} 1836 $(eval ${CHECK_FWU_FIP_CMD}) 1837 $(q)${FIPTOOL} create ${FWU_FIP_ARGS} $@ 1838 $(q)${FIPTOOL} info $@ 1839 $(s)echo 1840 $(s)echo "Built $@ successfully" 1841 $(s)echo 1842 1843fiptool: ${FIPTOOL} 1844fip: ${BUILD_PLAT}/${FIP_NAME} 1845fwu_fip: ${BUILD_PLAT}/${FWU_FIP_NAME} 1846 1847${FIPTOOL}: FORCE 1848 $(q)${MAKE} PLAT=${PLAT} CPPFLAGS="-DVERSION='\"${VERSION_STRING}\"'" FIPTOOL=${FIPTOOL} OPENSSL_DIR=${OPENSSL_DIR} DEBUG=${DEBUG} --no-print-directory -C ${FIPTOOLPATH} all 1849 1850$(BUILD_PLAT)/romlib/romlib.bin $(BUILD_PLAT)/lib/libwrappers.a $&: $(BUILD_PLAT)/lib/libfdt.a $(BUILD_PLAT)/lib/libc.a $(CRYPTO_LIB) 1851 $(q)${MAKE} PLAT_DIR=${PLAT_DIR} BUILD_PLAT=${BUILD_PLAT} ENABLE_BTI=${ENABLE_BTI} CRYPTO_SUPPORT=${CRYPTO_SUPPORT} ARM_ARCH_MINOR=${ARM_ARCH_MINOR} INCLUDES=$(call escape-shell,$(INCLUDES)) DEFINES=$(call escape-shell,$(DEFINES)) --no-print-directory -C ${ROMLIBPATH} all 1852 1853memmap: all 1854 $(if $(host-poetry),$(q)poetry -q install --no-root) 1855 $(q)$(if $(host-poetry),poetry run )memory -sr ${BUILD_PLAT} 1856 1857tl: ${BUILD_PLAT}/tl.bin 1858${BUILD_PLAT}/tl.bin: ${HW_CONFIG} 1859 $(if $(host-poetry),$(q)poetry -q install --no-root) 1860 $(q)$(if $(host-poetry),poetry run )tlc create --fdt $< -s ${FW_HANDOFF_SIZE} $@ 1861 1862doc: 1863 $(s)echo " BUILD DOCUMENTATION" 1864 $(q)${MAKE} --no-print-directory -C ${DOCS_PATH} html 1865 1866enctool: ${ENCTOOL} 1867 1868${ENCTOOL}: FORCE 1869 $(q)${MAKE} PLAT=${PLAT} BUILD_INFO=0 OPENSSL_DIR=${OPENSSL_DIR} ENCTOOL=${ENCTOOL} DEBUG=${DEBUG} --no-print-directory -C ${ENCTOOLPATH} all 1870 $(s)echo 1871 $(s)echo "Built $@ successfully" 1872 $(s)echo 1873 1874cscope: 1875 $(s)echo " CSCOPE" 1876 $(q)find ${CURDIR} -name "*.[chsS]" > cscope.files 1877 $(q)cscope -b -q -k 1878 1879help: 1880 $(s)echo "usage: ${MAKE} [PLAT=<platform>] [OPTIONS] [TARGET]" 1881 $(s)echo "" 1882 $(s)echo "PLAT is used to specify which platform you wish to build." 1883 $(s)echo "If no platform is specified, PLAT defaults to: ${DEFAULT_PLAT}" 1884 $(s)echo "" 1885 $(s)echo "platform = ${PLATFORM_LIST}" 1886 $(s)echo "" 1887 $(s)echo "Please refer to the User Guide for a list of all supported options." 1888 $(s)echo "Note that the build system doesn't track dependencies for build " 1889 $(s)echo "options. Therefore, if any of the build options are changed " 1890 $(s)echo "from a previous build, a clean build must be performed." 1891 $(s)echo "" 1892 $(s)echo "Supported Targets:" 1893 $(s)echo " all Build all individual bootloader binaries" 1894 $(s)echo " bl1 Build the BL1 binary" 1895 $(s)echo " bl2 Build the BL2 binary" 1896 $(s)echo " bl2u Build the BL2U binary" 1897 $(s)echo " bl31 Build the BL31 binary" 1898 $(s)echo " bl32 Build the BL32 binary. If ARCH=aarch32, then " 1899 $(s)echo " this builds secure payload specified by AARCH32_SP" 1900 $(s)echo " certificates Build the certificates (requires 'GENERATE_COT=1')" 1901 $(s)echo " fip Build the Firmware Image Package (FIP)" 1902 $(s)echo " fwu_fip Build the FWU Firmware Image Package (FIP)" 1903 $(s)echo " checkcodebase Check the coding style of the entire source tree" 1904 $(s)echo " checkpatch Check the coding style on changes in the current" 1905 $(s)echo " branch against BASE_COMMIT (default origin/master)" 1906 $(s)echo " clean Clean the build for the selected platform" 1907 $(s)echo " cscope Generate cscope index" 1908 $(s)echo " distclean Remove all build artifacts for all platforms" 1909 $(s)echo " certtool Build the Certificate generation tool" 1910 $(s)echo " enctool Build the Firmware encryption tool" 1911 $(s)echo " fiptool Build the Firmware Image Package (FIP) creation tool" 1912 $(s)echo " sp Build the Secure Partition Packages" 1913 $(s)echo " sptool Build the Secure Partition Package creation tool" 1914 $(s)echo " dtbs Build the Device Tree Blobs (if required for the platform)" 1915 $(s)echo " memmap Print the memory map of the built binaries" 1916 $(s)echo " doc Build html based documentation using Sphinx tool" 1917 $(s)echo "" 1918 $(s)echo "Note: most build targets require PLAT to be set to a specific platform." 1919 $(s)echo "" 1920 $(s)echo "example: build all targets for the FVP platform:" 1921 $(s)echo " CROSS_COMPILE=aarch64-none-elf- make PLAT=fvp all" 1922 1923.PHONY: FORCE 1924FORCE:; 1925