1# 2# Copyright (c) 2013-2025, Arm Limited and Contributors. All rights reserved. 3# 4# SPDX-License-Identifier: BSD-3-Clause 5# 6 7# 8# Trusted Firmware Version 9# 10VERSION_MAJOR := 2 11VERSION_MINOR := 12 12# VERSION_PATCH is only used for LTS releases 13VERSION_PATCH := 0 14VERSION := ${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH} 15 16# Default goal is build all images 17.DEFAULT_GOAL := all 18 19# Avoid any implicit propagation of command line variable definitions to 20# sub-Makefiles, like CFLAGS that we reserved for the firmware images' 21# usage. Other command line options like "-s" are still propagated as usual. 22MAKEOVERRIDES = 23 24MAKE_HELPERS_DIRECTORY := make_helpers/ 25include ${MAKE_HELPERS_DIRECTORY}build_macros.mk 26include ${MAKE_HELPERS_DIRECTORY}build-rules.mk 27include ${MAKE_HELPERS_DIRECTORY}common.mk 28 29################################################################################ 30# Default values for build configurations, and their dependencies 31################################################################################ 32 33include ${MAKE_HELPERS_DIRECTORY}defaults.mk 34PLAT := ${DEFAULT_PLAT} 35include ${MAKE_HELPERS_DIRECTORY}plat_helpers.mk 36 37# To be able to set platform specific defaults 38ifneq ($(PLAT_DEFAULTS_MAKEFILE_FULL),) 39include ${PLAT_DEFAULTS_MAKEFILE_FULL} 40endif 41 42################################################################################ 43# Configure the toolchains used to build TF-A and its tools 44################################################################################ 45 46include ${MAKE_HELPERS_DIRECTORY}toolchain.mk 47 48# Assertions enabled for DEBUG builds by default 49ENABLE_ASSERTIONS := ${DEBUG} 50ENABLE_PMF := ${ENABLE_RUNTIME_INSTRUMENTATION} 51 52################################################################################ 53# Checkpatch script options 54################################################################################ 55 56CHECKCODE_ARGS := --no-patch 57# Do not check the coding style on imported library files or documentation files 58INC_DRV_DIRS_TO_CHECK := $(sort $(filter-out \ 59 include/drivers/arm, \ 60 $(wildcard include/drivers/*))) 61INC_LIB_DIRS_TO_CHECK := $(sort $(filter-out \ 62 include/lib/libfdt \ 63 include/lib/libc, \ 64 $(wildcard include/lib/*))) 65INC_DIRS_TO_CHECK := $(sort $(filter-out \ 66 include/lib \ 67 include/drivers, \ 68 $(wildcard include/*))) 69LIB_DIRS_TO_CHECK := $(sort $(filter-out \ 70 lib/compiler-rt \ 71 lib/libfdt% \ 72 lib/libc, \ 73 lib/zlib \ 74 $(wildcard lib/*))) 75ROOT_DIRS_TO_CHECK := $(sort $(filter-out \ 76 lib \ 77 include \ 78 docs \ 79 %.rst, \ 80 $(wildcard *))) 81CHECK_PATHS := ${ROOT_DIRS_TO_CHECK} \ 82 ${INC_DIRS_TO_CHECK} \ 83 ${INC_LIB_DIRS_TO_CHECK} \ 84 ${LIB_DIRS_TO_CHECK} \ 85 ${INC_DRV_DIRS_TO_CHECK} \ 86 ${INC_ARM_DIRS_TO_CHECK} 87 88################################################################################ 89# Process build options 90################################################################################ 91 92ifeq ($(verbose),) 93 CHECKCODE_ARGS += --no-summary --terse 94endif 95 96################################################################################ 97# Auxiliary tools (fiptool, cert_create, etc) 98################################################################################ 99 100# Variables for use with Certificate Generation Tool 101CRTTOOLPATH ?= tools/cert_create 102CRTTOOL ?= ${CRTTOOLPATH}/cert_create$(.exe) 103 104# Variables for use with Firmware Encryption Tool 105ENCTOOLPATH ?= tools/encrypt_fw 106ENCTOOL ?= ${ENCTOOLPATH}/encrypt_fw$(.exe) 107 108# Variables for use with Firmware Image Package 109FIPTOOLPATH ?= tools/fiptool 110FIPTOOL ?= ${FIPTOOLPATH}/fiptool$(.exe) 111 112# Variables for use with sptool 113SPTOOLPATH ?= tools/sptool 114SPTOOL ?= ${SPTOOLPATH}/sptool.py 115SP_MK_GEN ?= ${SPTOOLPATH}/sp_mk_generator.py 116SP_DTS_LIST_FRAGMENT ?= ${BUILD_PLAT}/sp_list_fragment.dts 117 118# Variables for use with sptool 119TLCTOOL ?= poetry run tlc 120 121# Variables for use with ROMLIB 122ROMLIBPATH ?= lib/romlib 123 124# Variable for use with Python 125PYTHON ?= python3 126 127# Variables for use with documentation build using Sphinx tool 128DOCS_PATH ?= docs 129 130################################################################################ 131# Compiler Configuration based on ARCH_MAJOR and ARCH_MINOR flags 132################################################################################ 133ifeq (${ARM_ARCH_MAJOR},7) 134 target32-directive = -target arm-none-eabi 135# Will set march-directive from platform configuration 136else 137 target32-directive = -target armv8a-none-eabi 138endif #(ARM_ARCH_MAJOR) 139 140################################################################################ 141# Get Architecture Feature Modifiers 142################################################################################ 143arch-features = ${ARM_ARCH_FEATURE} 144 145ifneq ($(filter %-clang,$($(ARCH)-cc-id)),) 146 ifeq ($($(ARCH)-cc-id),arm-clang) 147 TF_CFLAGS_aarch32 := -target arm-arm-none-eabi 148 TF_CFLAGS_aarch64 := -target aarch64-arm-none-eabi 149 else 150 TF_CFLAGS_aarch32 = $(target32-directive) 151 TF_CFLAGS_aarch64 := -target aarch64-elf 152 endif 153 154else ifeq ($($(ARCH)-cc-id),gnu-gcc) 155 # Enable LTO only for aarch64 156 ifeq (${ARCH},aarch64) 157 LTO_CFLAGS = $(if $(filter-out 0,$(ENABLE_LTO)),-flto) 158 endif 159endif #(clang) 160 161# Process Debug flag 162$(eval $(call add_define,DEBUG)) 163ifneq (${DEBUG}, 0) 164 BUILD_TYPE := debug 165 TF_CFLAGS += -g -gdwarf-4 166 ASFLAGS += -g -Wa,-gdwarf-4 167 168 # Use LOG_LEVEL_INFO by default for debug builds 169 LOG_LEVEL := 40 170else 171 BUILD_TYPE := release 172 # Use LOG_LEVEL_NOTICE by default for release builds 173 LOG_LEVEL := 20 174endif #(Debug) 175 176# Default build string (git branch and commit) 177ifeq (${BUILD_STRING},) 178 BUILD_STRING := $(shell git describe --always --dirty --tags 2> /dev/null) 179endif 180VERSION_STRING := v${VERSION}(${BUILD_TYPE}):${BUILD_STRING} 181 182ifeq (${AARCH32_INSTRUCTION_SET},A32) 183 TF_CFLAGS_aarch32 += -marm 184else ifeq (${AARCH32_INSTRUCTION_SET},T32) 185 TF_CFLAGS_aarch32 += -mthumb 186else 187 $(error Error: Unknown AArch32 instruction set ${AARCH32_INSTRUCTION_SET}) 188endif #(AARCH32_INSTRUCTION_SET) 189 190TF_CFLAGS_aarch32 += -mno-unaligned-access 191TF_CFLAGS_aarch64 += -mgeneral-regs-only -mstrict-align 192 193############################################################################## 194# WARNINGS Configuration 195############################################################################### 196# General warnings 197WARNINGS := -Wall -Wmissing-include-dirs -Wunused \ 198 -Wdisabled-optimization -Wvla -Wshadow \ 199 -Wredundant-decls 200# stricter warnings 201WARNINGS += -Wextra -Wno-trigraphs 202# too verbose for generic build 203WARNINGS += -Wno-missing-field-initializers \ 204 -Wno-type-limits -Wno-sign-compare \ 205# on clang this flag gets reset if -Wextra is set after it. No difference on gcc 206WARNINGS += -Wno-unused-parameter 207 208# Additional warnings 209# Level 1 - infrequent warnings we should have none of 210# full -Wextra 211WARNING1 += -Wsign-compare 212WARNING1 += -Wtype-limits 213WARNING1 += -Wmissing-field-initializers 214 215# Level 2 - problematic warnings that we want 216# zlib, compiler-rt, coreboot, and mbdedtls blow up with these 217# TODO: disable just for them and move into default build 218WARNING2 += -Wold-style-definition 219WARNING2 += -Wmissing-prototypes 220WARNING2 += -Wmissing-format-attribute 221# TF-A aims to comply with this eventually. Effort too large at present 222WARNING2 += -Wundef 223# currently very involved and many platforms set this off 224WARNING2 += -Wunused-const-variable=2 225 226# Level 3 - very pedantic, frequently ignored 227WARNING3 := -Wbad-function-cast 228WARNING3 += -Waggregate-return 229WARNING3 += -Wnested-externs 230WARNING3 += -Wcast-align 231WARNING3 += -Wcast-qual 232WARNING3 += -Wconversion 233WARNING3 += -Wpacked 234WARNING3 += -Wpointer-arith 235WARNING3 += -Wswitch-default 236 237# Setting W is quite verbose and most warnings will be pre-existing issues 238# outside of the contributor's control. Don't fail the build on them so warnings 239# can be seen and hopefully addressed 240ifdef W 241 ifneq (${W},0) 242 E ?= 0 243 endif 244endif 245 246ifeq (${W},1) 247 WARNINGS += $(WARNING1) 248else ifeq (${W},2) 249 WARNINGS += $(WARNING1) $(WARNING2) 250else ifeq (${W},3) 251 WARNINGS += $(WARNING1) $(WARNING2) $(WARNING3) 252endif #(W) 253 254# Compiler specific warnings 255ifeq ($(filter %-clang,$($(ARCH)-cc-id)),) 256# not using clang 257WARNINGS += -Wunused-but-set-variable -Wmaybe-uninitialized \ 258 -Wpacked-bitfield-compat -Wshift-overflow=2 \ 259 -Wlogical-op 260 261# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105523 262TF_CFLAGS_MIN_PAGE_SIZE := $(call cc_option, --param=min-pagesize=0) 263TF_CFLAGS += $(TF_CFLAGS_MIN_PAGE_SIZE) 264 265ifeq ($(HARDEN_SLS), 1) 266 TF_CFLAGS_MHARDEN_SLS := $(call cc_option, -mharden-sls=all) 267 TF_CFLAGS_aarch64 += $(TF_CFLAGS_MHARDEN_SLS) 268endif 269 270else 271# using clang 272WARNINGS += -Wshift-overflow -Wshift-sign-overflow \ 273 -Wlogical-op-parentheses 274endif #(Clang Warning) 275 276ifneq (${E},0) 277 ERRORS := -Werror 278endif #(E) 279 280################################################################################ 281# Compiler and Linker Directives 282################################################################################ 283CPPFLAGS = ${DEFINES} ${INCLUDES} ${MBEDTLS_INC} -nostdinc \ 284 $(ERRORS) $(WARNINGS) 285ASFLAGS += $(CPPFLAGS) \ 286 -ffreestanding -Wa,--fatal-warnings 287TF_CFLAGS += $(CPPFLAGS) $(TF_CFLAGS_$(ARCH)) \ 288 -ffunction-sections -fdata-sections \ 289 -ffreestanding -fno-common \ 290 -Os -std=gnu99 291 292ifeq (${SANITIZE_UB},on) 293 TF_CFLAGS += -fsanitize=undefined -fno-sanitize-recover 294endif #(${SANITIZE_UB},on) 295 296ifeq (${SANITIZE_UB},trap) 297 TF_CFLAGS += -fsanitize=undefined -fno-sanitize-recover \ 298 -fsanitize-undefined-trap-on-error 299endif #(${SANITIZE_UB},trap) 300 301GCC_V_OUTPUT := $(if $($(ARCH)-cc),$(shell $($(ARCH)-cc) -v 2>&1)) 302 303TF_LDFLAGS += -z noexecstack 304 305# LD = armlink 306ifeq ($($(ARCH)-ld-id),arm-link) 307 TF_LDFLAGS += --diag_error=warning --lto_level=O1 308 TF_LDFLAGS += --remove --info=unused,unusedsymbols 309 TF_LDFLAGS += $(TF_LDFLAGS_$(ARCH)) 310 311# LD = gcc (used when GCC LTO is enabled) 312else ifeq ($($(ARCH)-ld-id),gnu-gcc) 313 # Pass ld options with Wl or Xlinker switches 314 TF_LDFLAGS += $(call ld_option,-Xlinker --no-warn-rwx-segments) 315 TF_LDFLAGS += -Wl,--fatal-warnings -O1 316 TF_LDFLAGS += -Wl,--gc-sections 317 318 TF_LDFLAGS += -Wl,-z,common-page-size=4096 #Configure page size constants 319 TF_LDFLAGS += -Wl,-z,max-page-size=4096 320 TF_LDFLAGS += -Wl,--build-id=none 321 322 ifeq ($(ENABLE_LTO),1) 323 ifeq (${ARCH},aarch64) 324 TF_LDFLAGS += -flto -fuse-linker-plugin 325 TF_LDFLAGS += -flto-partition=one 326 endif 327 endif #(ENABLE_LTO) 328 329# GCC automatically adds fix-cortex-a53-843419 flag when used to link 330# which breaks some builds, so disable if errata fix is not explicitly enabled 331 ifeq (${ARCH},aarch64) 332 ifneq (${ERRATA_A53_843419},1) 333 TF_LDFLAGS += -mno-fix-cortex-a53-843419 334 endif 335 endif 336 TF_LDFLAGS += -nostdlib 337 TF_LDFLAGS += $(subst --,-Xlinker --,$(TF_LDFLAGS_$(ARCH))) 338 339# LD = gcc-ld (ld) or llvm-ld (ld.lld) or other 340else 341# With ld.bfd version 2.39 and newer new warnings are added. Skip those since we 342# are not loaded by a elf loader. 343 TF_LDFLAGS += $(call ld_option, --no-warn-rwx-segments) 344 TF_LDFLAGS += -O1 345 TF_LDFLAGS += --gc-sections 346 347 TF_LDFLAGS += -z common-page-size=4096 # Configure page size constants 348 TF_LDFLAGS += -z max-page-size=4096 349 TF_LDFLAGS += --build-id=none 350 351# ld.lld doesn't recognize the errata flags, 352# therefore don't add those in that case. 353# ld.lld reports section type mismatch warnings, 354# therefore don't add --fatal-warnings to it. 355 ifneq ($($(ARCH)-ld-id),llvm-lld) 356 TF_LDFLAGS += $(TF_LDFLAGS_$(ARCH)) --fatal-warnings 357 endif 358 359endif #(LD = armlink) 360 361################################################################################ 362# Setup ARCH_MAJOR/MINOR before parsing arch_features. 363################################################################################ 364ifeq (${ENABLE_RME},1) 365 ARM_ARCH_MAJOR := 9 366 ARM_ARCH_MINOR := 2 367endif 368 369################################################################################ 370# Common sources and include directories 371################################################################################ 372include lib/compiler-rt/compiler-rt.mk 373 374# Allow overriding the timestamp, for example for reproducible builds, or to 375# synchronize timestamps across multiple projects. 376# This must be set to a C string (including quotes where applicable). 377BUILD_MESSAGE_TIMESTAMP ?= __TIME__", "__DATE__ 378 379DEFINES += -DBUILD_MESSAGE_TIMESTAMP='$(BUILD_MESSAGE_TIMESTAMP)' 380DEFINES += -DBUILD_MESSAGE_VERSION_STRING='"$(VERSION_STRING)"' 381DEFINES += -DBUILD_MESSAGE_VERSION='"$(VERSION)"' 382 383BL_COMMON_SOURCES += common/bl_common.c \ 384 common/tf_log.c \ 385 common/${ARCH}/debug.S \ 386 drivers/console/multi_console.c \ 387 lib/${ARCH}/cache_helpers.S \ 388 lib/${ARCH}/misc_helpers.S \ 389 lib/extensions/pmuv3/${ARCH}/pmuv3.c \ 390 plat/common/plat_bl_common.c \ 391 plat/common/plat_log_common.c \ 392 plat/common/${ARCH}/plat_common.c \ 393 plat/common/${ARCH}/platform_helpers.S \ 394 ${COMPILER_RT_SRCS} 395 396ifeq ($($(ARCH)-cc-id),arm-clang) 397 BL_COMMON_SOURCES += lib/${ARCH}/armclang_printf.S 398endif 399 400ifeq (${SANITIZE_UB},on) 401 BL_COMMON_SOURCES += plat/common/ubsan.c 402endif 403 404INCLUDES += -Iinclude \ 405 -Iinclude/arch/${ARCH} \ 406 -Iinclude/lib/cpus/${ARCH} \ 407 -Iinclude/lib/el3_runtime/${ARCH} \ 408 ${PLAT_INCLUDES} \ 409 ${SPD_INCLUDES} 410 411DTC_FLAGS += -I dts -O dtb 412DTC_CPPFLAGS += -P -nostdinc $(INCLUDES) -Ifdts -undef \ 413 -x assembler-with-cpp $(DEFINES) 414 415include common/backtrace/backtrace.mk 416 417################################################################################ 418# Generic definitions 419################################################################################ 420 421ifeq (${BUILD_BASE},) 422 BUILD_BASE := ./build 423endif 424BUILD_PLAT := $(abspath ${BUILD_BASE})/${PLAT}/${BUILD_TYPE} 425 426SPDS := $(sort $(filter-out none, $(patsubst services/spd/%,%,$(wildcard services/spd/*)))) 427 428# Platforms providing their own TBB makefile may override this value 429INCLUDE_TBBR_MK := 1 430 431################################################################################ 432# Include SPD Makefile if one has been specified 433################################################################################ 434 435ifneq (${SPD},none) 436 ifeq (${SPD},spmd) 437 # SPMD is located in std_svc directory 438 SPD_DIR := std_svc 439 440 ifeq ($(SPMD_SPM_AT_SEL2),1) 441 CTX_INCLUDE_EL2_REGS := 1 442 endif 443 444 ifeq ($(findstring optee_sp,$(ARM_SPMC_MANIFEST_DTS)),optee_sp) 445 DTC_CPPFLAGS += -DOPTEE_SP_FW_CONFIG 446 endif 447 448 ifeq ($(findstring trusty_sp,$(ARM_SPMC_MANIFEST_DTS)),trusty_sp) 449 DTC_CPPFLAGS += -DTRUSTY_SP_FW_CONFIG 450 endif 451 452 ifeq ($(TS_SP_FW_CONFIG),1) 453 DTC_CPPFLAGS += -DTS_SP_FW_CONFIG 454 endif 455 456 ifneq ($(ARM_BL2_SP_LIST_DTS),) 457 DTC_CPPFLAGS += -DARM_BL2_SP_LIST_DTS=$(ARM_BL2_SP_LIST_DTS) 458 endif 459 460 ifneq ($(SP_LAYOUT_FILE),) 461 BL2_ENABLE_SP_LOAD := 1 462 endif 463 else 464 # All other SPDs in spd directory 465 SPD_DIR := spd 466 endif #(SPD) 467 468 # We expect to locate an spd.mk under the specified SPD directory 469 SPD_MAKE := $(wildcard services/${SPD_DIR}/${SPD}/${SPD}.mk) 470 471 ifeq (${SPD_MAKE},) 472 $(error Error: No services/${SPD_DIR}/${SPD}/${SPD}.mk located) 473 endif 474 $(info Including ${SPD_MAKE}) 475 include ${SPD_MAKE} 476 477 # If there's BL32 companion for the chosen SPD, we expect that the SPD's 478 # Makefile would set NEED_BL32 to "yes". In this case, the build system 479 # supports two mutually exclusive options: 480 # * BL32 is built from source: then BL32_SOURCES must contain the list 481 # of source files to build BL32 482 # * BL32 is a prebuilt binary: then BL32 must point to the image file 483 # that will be included in the FIP 484 # If both BL32_SOURCES and BL32 are defined, the binary takes precedence 485 # over the sources. 486endif #(SPD=none) 487 488################################################################################ 489# Include the platform specific Makefile after the SPD Makefile (the platform 490# makefile may use all previous definitions in this file) 491################################################################################ 492include ${PLAT_MAKEFILE_FULL} 493 494################################################################################ 495# Process BRANCH_PROTECTION value and set 496# Pointer Authentication and Branch Target Identification flags 497################################################################################ 498ifeq (${BRANCH_PROTECTION},0) 499 # Default value turns off all types of branch protection 500 BP_OPTION := none 501else ifneq (${ARCH},aarch64) 502 $(error BRANCH_PROTECTION requires AArch64) 503else ifeq (${BRANCH_PROTECTION},1) 504 # Enables all types of branch protection features 505 BP_OPTION := standard 506 ENABLE_BTI := 1 507 ENABLE_PAUTH := 1 508else ifeq (${BRANCH_PROTECTION},2) 509 # Return address signing to its standard level 510 BP_OPTION := pac-ret 511 ENABLE_PAUTH := 1 512else ifeq (${BRANCH_PROTECTION},3) 513 # Extend the signing to include leaf functions 514 BP_OPTION := pac-ret+leaf 515 ENABLE_PAUTH := 1 516else ifeq (${BRANCH_PROTECTION},4) 517 # Turn on branch target identification mechanism 518 BP_OPTION := bti 519 ENABLE_BTI := 1 520else 521 $(error Unknown BRANCH_PROTECTION value ${BRANCH_PROTECTION}) 522endif #(BRANCH_PROTECTION) 523 524ifeq ($(ENABLE_PAUTH),1) 525 CTX_INCLUDE_PAUTH_REGS := 1 526endif 527ifneq (${BP_OPTION},none) 528 TF_CFLAGS_aarch64 += -mbranch-protection=${BP_OPTION} 529endif #(BP_OPTION) 530 531# Pointer Authentication sources 532ifeq (${ENABLE_PAUTH}, 1) 533# arm/common/aarch64/arm_pauth.c contains a sample platform hook to complete the 534# Pauth support. As it's not secure, it must be reimplemented for real platforms 535 BL_COMMON_SOURCES += lib/extensions/pauth/pauth_helpers.S 536endif 537 538################################################################################ 539# Setup arch_features based on ARM_ARCH_MAJOR, ARM_ARCH_MINOR provided from 540# platform. 541################################################################################ 542include ${MAKE_HELPERS_DIRECTORY}arch_features.mk 543 544#################################################### 545# Enable required options for Memory Stack Tagging. 546#################################################### 547 548# Currently, these options are enabled only for clang and armclang compiler. 549ifeq (${SUPPORT_STACK_MEMTAG},yes) 550 ifdef mem_tag_arch_support 551 # Check for armclang and clang compilers 552 ifneq ($(filter %-clang,$($(ARCH)-cc-id)),) 553 # Add "memtag" architecture feature modifier if not specified 554 ifeq ( ,$(findstring memtag,$(arch-features))) 555 arch-features := $(arch-features)+memtag 556 endif # memtag 557 ifeq ($($(ARCH)-cc-id),arm-clang) 558 TF_CFLAGS += -mmemtag-stack 559 else ifeq ($($(ARCH)-cc-id),llvm-clang) 560 TF_CFLAGS += -fsanitize=memtag 561 endif # armclang 562 endif 563 else 564 $(error "Error: stack memory tagging is not supported for \ 565 architecture ${ARCH},armv${ARM_ARCH_MAJOR}.${ARM_ARCH_MINOR}-a") 566 endif #(mem_tag_arch_support) 567endif #(SUPPORT_STACK_MEMTAG) 568 569################################################################################ 570# RME dependent flags configuration, Enable optional features for RME. 571################################################################################ 572# FEAT_RME 573ifeq (${ENABLE_RME},1) 574 # RME requires AARCH64 575 ifneq (${ARCH},aarch64) 576 $(error ENABLE_RME requires AArch64) 577 endif 578 579 # RME requires el2 context to be saved for now. 580 CTX_INCLUDE_EL2_REGS := 1 581 CTX_INCLUDE_AARCH32_REGS := 0 582 CTX_INCLUDE_PAUTH_REGS := 1 583 584 ifneq ($(ENABLE_FEAT_MPAM), 0) 585 CTX_INCLUDE_MPAM_REGS := 1 586 endif 587 588 # RME enables CSV2_2 extension by default. 589 ENABLE_FEAT_CSV2_2 = 1 590endif #(FEAT_RME) 591 592################################################################################ 593# Include rmmd Makefile if RME is enabled 594################################################################################ 595ifneq (${ENABLE_RME},0) 596 ifneq (${ARCH},aarch64) 597 $(error ENABLE_RME requires AArch64) 598 endif 599 ifeq ($(SPMC_AT_EL3),1) 600 $(error SPMC_AT_EL3 and ENABLE_RME cannot both be enabled.) 601 endif 602 603 ifneq (${SPD}, none) 604 ifneq (${SPD}, spmd) 605 $(error ENABLE_RME is incompatible with SPD=${SPD}. Use SPD=spmd) 606 endif 607 endif 608include services/std_svc/rmmd/rmmd.mk 609$(warning "RME is an experimental feature") 610endif 611 612ifeq (${CTX_INCLUDE_EL2_REGS}, 1) 613 ifeq (${SPD},none) 614 ifeq (${ENABLE_RME},0) 615 $(error CTX_INCLUDE_EL2_REGS is available only when SPD \ 616 or RME is enabled) 617 endif 618 endif 619endif 620 621################################################################################ 622# Verify FEAT_RME, FEAT_SCTLR2 and FEAT_TCR2 are enabled if FEAT_MEC is enabled. 623################################################################################ 624 625ifneq (${ENABLE_FEAT_MEC},0) 626 ifeq (${ENABLE_RME},0) 627 $(error FEAT_RME must be enabled when FEAT_MEC is enabled.) 628 endif 629 ifeq (${ENABLE_FEAT_TCR2},0) 630 $(error FEAT_TCR2 must be enabled when FEAT_MEC is enabled.) 631 endif 632 ifeq (${ENABLE_FEAT_SCTLR2},0) 633 $(error FEAT_SCTLR2 must be enabled when FEAT_MEC is enabled.) 634 endif 635endif 636 637################################################################################ 638# Make 128-Bit sysreg read/writes availabe when FEAT_D128 is enabled. 639################################################################################ 640ifneq (${ENABLE_FEAT_D128}, 0) 641 BL_COMMON_SOURCES += lib/extensions/sysreg128/sysreg128.S 642endif 643 644################################################################################ 645# Platform specific Makefile might provide us ARCH_MAJOR/MINOR use that to come 646# up with appropriate march values for compiler. 647################################################################################ 648include ${MAKE_HELPERS_DIRECTORY}march.mk 649 650TF_CFLAGS += $(march-directive) 651ASFLAGS += $(march-directive) 652 653# This internal flag is common option which is set to 1 for scenarios 654# when the BL2 is running in EL3 level. This occurs in two scenarios - 655# 4 world system running BL2 at EL3 and two world system without BL1 running 656# BL2 in EL3 657 658ifeq (${RESET_TO_BL2},1) 659 BL2_RUNS_AT_EL3 := 1 660 ifeq (${ENABLE_RME},1) 661 $(error RESET_TO_BL2=1 and ENABLE_RME=1 configuration is not \ 662 supported at the moment.) 663 endif 664else ifeq (${ENABLE_RME},1) 665 BL2_RUNS_AT_EL3 := 1 666else 667 BL2_RUNS_AT_EL3 := 0 668endif 669 670# This internal flag is set to 1 when Firmware First handling of External aborts 671# is required by lowe ELs. Currently only NS requires this support. 672ifeq ($(HANDLE_EA_EL3_FIRST_NS),1) 673 FFH_SUPPORT := 1 674else 675 FFH_SUPPORT := 0 676endif 677 678ifeq (${ARM_ARCH_MAJOR},7) 679include make_helpers/armv7-a-cpus.mk 680endif 681 682PIE_FOUND := $(findstring --enable-default-pie,${GCC_V_OUTPUT}) 683ifneq ($(PIE_FOUND),) 684 TF_CFLAGS += -fno-PIE 685ifeq ($($(ARCH)-ld-id),gnu-gcc) 686 TF_LDFLAGS += -no-pie 687endif 688endif #(PIE_FOUND) 689 690ifeq ($($(ARCH)-ld-id),gnu-gcc) 691 PIE_LDFLAGS += -Wl,-pie -Wl,--no-dynamic-linker 692else 693 PIE_LDFLAGS += -pie --no-dynamic-linker 694endif 695 696ifeq ($(ENABLE_PIE),1) 697 ifeq ($(RESET_TO_BL2),1) 698 ifneq ($(BL2_IN_XIP_MEM),1) 699 BL2_CPPFLAGS += -fpie 700 BL2_CFLAGS += -fpie 701 BL2_LDFLAGS += $(PIE_LDFLAGS) 702 endif #(BL2_IN_XIP_MEM) 703 endif #(RESET_TO_BL2) 704 BL31_CPPFLAGS += -fpie 705 BL31_CFLAGS += -fpie 706 BL31_LDFLAGS += $(PIE_LDFLAGS) 707 708 BL32_CPPFLAGS += -fpie 709 BL32_CFLAGS += -fpie 710 BL32_LDFLAGS += $(PIE_LDFLAGS) 711endif #(ENABLE_PIE) 712 713BL1_CPPFLAGS += -DREPORT_ERRATA=${DEBUG} 714BL31_CPPFLAGS += -DREPORT_ERRATA=${DEBUG} 715BL32_CPPFLAGS += -DREPORT_ERRATA=${DEBUG} 716 717BL1_CPPFLAGS += -DIMAGE_AT_EL3 718ifeq ($(RESET_TO_BL2),1) 719 BL2_CPPFLAGS += -DIMAGE_AT_EL3 720else 721 BL2_CPPFLAGS += -DIMAGE_AT_EL1 722endif #(RESET_TO_BL2) 723 724ifeq (${ARCH},aarch64) 725 BL2U_CPPFLAGS += -DIMAGE_AT_EL1 726 BL31_CPPFLAGS += -DIMAGE_AT_EL3 727 BL32_CPPFLAGS += -DIMAGE_AT_EL1 728else 729 BL32_CPPFLAGS += -DIMAGE_AT_EL3 730endif 731 732# Include the CPU specific operations makefile, which provides default 733# values for all CPU errata workarounds and CPU specific optimisations. 734# This can be overridden by the platform. 735include lib/cpus/cpu-ops.mk 736 737################################################################################ 738# Build `AARCH32_SP` as BL32 image for AArch32 739################################################################################ 740ifeq (${ARCH},aarch32) 741 NEED_BL32 := yes 742 743 ifneq (${AARCH32_SP},none) 744 # We expect to locate an sp.mk under the specified AARCH32_SP directory 745 AARCH32_SP_MAKE := $(wildcard bl32/${AARCH32_SP}/${AARCH32_SP}.mk) 746 747 ifeq (${AARCH32_SP_MAKE},) 748 $(error Error: No bl32/${AARCH32_SP}/${AARCH32_SP}.mk located) 749 endif 750 $(info Including ${AARCH32_SP_MAKE}) 751 include ${AARCH32_SP_MAKE} 752 endif 753endif #(ARCH=aarch32) 754 755################################################################################ 756# Include libc if not overridden 757################################################################################ 758ifeq (${OVERRIDE_LIBC},0) 759include lib/libc/libc.mk 760endif 761 762################################################################################ 763# Check incompatible options and dependencies 764################################################################################ 765 766# Handle all invalid build configurations with SPMD usage. 767ifeq (${ENABLE_SPMD_LP}, 1) 768ifneq (${SPD},spmd) 769 $(error Error: ENABLE_SPMD_LP requires SPD=spmd.) 770endif 771ifeq ($(SPMC_AT_EL3),1) 772 $(error SPMC at EL3 not supported when enabling SPMD Logical partitions.) 773endif 774endif 775 776ifneq (${SPD},none) 777ifeq (${ARCH},aarch32) 778 $(error "Error: SPD is incompatible with AArch32.") 779endif 780ifdef EL3_PAYLOAD_BASE 781 $(warning "SPD and EL3_PAYLOAD_BASE are incompatible build options.") 782 $(warning "The SPD and its BL32 companion will be present but ignored.") 783endif 784ifeq (${SPD},spmd) 785ifeq ($(SPMD_SPM_AT_SEL2),1) 786 ifeq ($(SPMC_AT_EL3),1) 787 $(error SPM cannot be enabled in both S-EL2 and EL3.) 788 endif 789 ifeq ($(CTX_INCLUDE_SVE_REGS),1) 790 $(error SVE context management not needed with Hafnium SPMC.) 791 endif 792endif 793 794ifeq ($(SPMC_AT_EL3_SEL0_SP),1) 795 ifneq ($(SPMC_AT_EL3),1) 796 $(error SEL0 SP cannot be enabled without SPMC at EL3) 797 endif 798endif 799endif #(SPD=spmd) 800endif #(SPD!=none) 801 802# USE_DEBUGFS experimental feature recommended only in debug builds 803ifeq (${USE_DEBUGFS},1) 804 ifeq (${DEBUG},1) 805 $(warning DEBUGFS experimental feature is enabled.) 806 else 807 $(warning DEBUGFS experimental, recommended in DEBUG builds ONLY) 808 endif 809endif #(USE_DEBUGFS) 810 811# USE_SPINLOCK_CAS requires AArch64 build 812ifeq (${USE_SPINLOCK_CAS},1) 813 ifneq (${ARCH},aarch64) 814 $(error USE_SPINLOCK_CAS requires AArch64) 815 endif 816endif #(USE_SPINLOCK_CAS) 817 818# The cert_create tool cannot generate certificates individually, so we use the 819# target 'certificates' to create them all 820ifneq (${GENERATE_COT},0) 821 FIP_DEPS += certificates 822 FWU_FIP_DEPS += fwu_certificates 823endif 824 825ifneq (${DECRYPTION_SUPPORT},none) 826 ENC_ARGS += -f ${FW_ENC_STATUS} 827 ENC_ARGS += -k ${ENC_KEY} 828 ENC_ARGS += -n ${ENC_NONCE} 829 FIP_DEPS += enctool 830 FWU_FIP_DEPS += enctool 831endif #(DECRYPTION_SUPPORT) 832 833ifdef EL3_PAYLOAD_BASE 834 ifdef PRELOADED_BL33_BASE 835 $(warning "PRELOADED_BL33_BASE and EL3_PAYLOAD_BASE are \ 836 incompatible build options. EL3_PAYLOAD_BASE has priority.") 837 endif 838 ifneq (${GENERATE_COT},0) 839 $(error "GENERATE_COT and EL3_PAYLOAD_BASE are incompatible \ 840 build options.") 841 endif 842 ifneq (${TRUSTED_BOARD_BOOT},0) 843 $(error "TRUSTED_BOARD_BOOT and EL3_PAYLOAD_BASE are \ 844 incompatible \ build options.") 845 endif 846endif #(EL3_PAYLOAD_BASE) 847 848ifeq (${NEED_BL33},yes) 849 ifdef EL3_PAYLOAD_BASE 850 $(warning "BL33 image is not needed when option \ 851 BL33_PAYLOAD_BASE is used and won't be added to the FIP file.") 852 endif 853 ifdef PRELOADED_BL33_BASE 854 $(warning "BL33 image is not needed when option \ 855 PRELOADED_BL33_BASE is used and won't be added to the FIP file.") 856 endif 857endif #(NEED_BL33) 858 859# When building for systems with hardware-assisted coherency, there's no need to 860# use USE_COHERENT_MEM. Require that USE_COHERENT_MEM must be set to 0 too. 861ifeq ($(HW_ASSISTED_COHERENCY)-$(USE_COHERENT_MEM),1-1) 862 $(error USE_COHERENT_MEM cannot be enabled with HW_ASSISTED_COHERENCY) 863endif 864 865#For now, BL2_IN_XIP_MEM is only supported when RESET_TO_BL2 is 1. 866ifeq ($(RESET_TO_BL2)-$(BL2_IN_XIP_MEM),0-1) 867 $(error "BL2_IN_XIP_MEM is only supported when RESET_TO_BL2 is enabled") 868endif 869 870# RAS_EXTENSION is deprecated, provide alternate build options 871ifeq ($(RAS_EXTENSION),1) 872 $(error "RAS_EXTENSION is now deprecated, please use ENABLE_FEAT_RAS \ 873 and HANDLE_EA_EL3_FIRST_NS instead") 874endif 875 876 877# When FAULT_INJECTION_SUPPORT is used, require that FEAT_RAS is enabled 878ifeq ($(FAULT_INJECTION_SUPPORT),1) 879 ifeq ($(ENABLE_FEAT_RAS),0) 880 $(error For FAULT_INJECTION_SUPPORT, ENABLE_FEAT_RAS must not be 0) 881 endif 882endif #(FAULT_INJECTION_SUPPORT) 883 884# DYN_DISABLE_AUTH can be set only when TRUSTED_BOARD_BOOT=1 885ifeq ($(DYN_DISABLE_AUTH), 1) 886 ifeq (${TRUSTED_BOARD_BOOT}, 0) 887 $(error "TRUSTED_BOARD_BOOT must be enabled for DYN_DISABLE_AUTH \ 888 to be set.") 889 endif 890endif #(DYN_DISABLE_AUTH) 891 892ifeq ($(MEASURED_BOOT)-$(TRUSTED_BOARD_BOOT),1-1) 893# Support authentication verification and hash calculation 894 CRYPTO_SUPPORT := 3 895else ifeq ($(DRTM_SUPPORT)-$(TRUSTED_BOARD_BOOT),1-1) 896# Support authentication verification and hash calculation 897 CRYPTO_SUPPORT := 3 898else ifneq ($(filter 1,${MEASURED_BOOT} ${DRTM_SUPPORT}),) 899# Support hash calculation only 900 CRYPTO_SUPPORT := 2 901else ifeq (${TRUSTED_BOARD_BOOT},1) 902# Support authentication verification only 903 CRYPTO_SUPPORT := 1 904else 905 CRYPTO_SUPPORT := 0 906endif #($(MEASURED_BOOT)-$(TRUSTED_BOARD_BOOT)) 907 908ifneq ($(filter 1 2 3,$(CRYPTO_SUPPORT)),) 909CRYPTO_LIB := $(BUILD_PLAT)/lib/libmbedtls.a 910endif 911 912# SDEI_IN_FCONF is only supported when SDEI_SUPPORT is enabled. 913ifeq ($(SDEI_SUPPORT)-$(SDEI_IN_FCONF),0-1) 914 $(error "SDEI_IN_FCONF is only supported when SDEI_SUPPORT is enabled") 915endif 916 917# If pointer authentication is used in the firmware, make sure that all the 918# registers associated to it are also saved and restored. 919# Not doing it would leak the value of the keys used by EL3 to EL1 and S-EL1. 920ifeq ($(ENABLE_PAUTH),1) 921 ifeq ($(CTX_INCLUDE_PAUTH_REGS),0) 922 $(error Pointer Authentication requires CTX_INCLUDE_PAUTH_REGS=1) 923 endif 924endif #(ENABLE_PAUTH) 925 926ifeq ($(CTX_INCLUDE_PAUTH_REGS),1) 927 ifneq (${ARCH},aarch64) 928 $(error CTX_INCLUDE_PAUTH_REGS requires AArch64) 929 endif 930endif #(CTX_INCLUDE_PAUTH_REGS) 931 932ifeq ($(FEATURE_DETECTION),1) 933 $(info FEATURE_DETECTION is an experimental feature) 934endif #(FEATURE_DETECTION) 935 936ifneq ($(ENABLE_SME2_FOR_NS), 0) 937 ifeq (${ENABLE_SME_FOR_NS}, 0) 938 $(warning "ENABLE_SME2_FOR_NS requires ENABLE_SME_FOR_NS also \ 939 to be set") 940 $(warning "Forced ENABLE_SME_FOR_NS=1") 941 override ENABLE_SME_FOR_NS := 1 942 endif 943endif #(ENABLE_SME2_FOR_NS) 944 945ifeq (${ARM_XLAT_TABLES_LIB_V1}, 1) 946 ifeq (${ALLOW_RO_XLAT_TABLES}, 1) 947 $(error "ALLOW_RO_XLAT_TABLES requires translation tables \ 948 library v2") 949 endif 950endif #(ARM_XLAT_TABLES_LIB_V1) 951 952ifneq (${DECRYPTION_SUPPORT},none) 953 ifeq (${TRUSTED_BOARD_BOOT}, 0) 954 $(error TRUSTED_BOARD_BOOT must be enabled for DECRYPTION_SUPPORT \ 955 to be set) 956 endif 957endif #(DECRYPTION_SUPPORT) 958 959# Ensure that no Aarch64-only features are enabled in Aarch32 build 960ifeq (${ARCH},aarch32) 961 962 # SME/SVE only supported on AArch64 963 ifneq (${ENABLE_SME_FOR_NS},0) 964 $(error "ENABLE_SME_FOR_NS cannot be used with ARCH=aarch32") 965 endif 966 967 ifeq (${ENABLE_SVE_FOR_NS},1) 968 # Warning instead of error due to CI dependency on this 969 $(error "ENABLE_SVE_FOR_NS cannot be used with ARCH=aarch32") 970 endif 971 972 # BRBE is not supported in AArch32 973 ifeq (${ENABLE_BRBE_FOR_NS},1) 974 $(error "ENABLE_BRBE_FOR_NS cannot be used with ARCH=aarch32") 975 endif 976 977 # FEAT_RNG_TRAP is not supported in AArch32 978 ifeq (${ENABLE_FEAT_RNG_TRAP},1) 979 $(error "ENABLE_FEAT_RNG_TRAP cannot be used with ARCH=aarch32") 980 endif 981 982 ifneq (${ENABLE_FEAT_FPMR},0) 983 $(error "ENABLE_FEAT_FPMR cannot be used with ARCH=aarch32") 984 endif 985 986 ifeq (${ARCH_FEATURE_AVAILABILITY},1) 987 $(error "ARCH_FEATURE_AVAILABILITY cannot be used with ARCH=aarch32") 988 endif 989 # FEAT_MOPS is only supported on AArch64 990 ifneq (${ENABLE_FEAT_MOPS},0) 991 $(error "ENABLE_FEAT_MOPS cannot be used with ARCH=aarch32") 992 endif 993endif #(ARCH=aarch32) 994 995ifneq (${ENABLE_FEAT_FPMR},0) 996 ifeq (${ENABLE_FEAT_FGT},0) 997 $(error "ENABLE_FEAT_FPMR requires ENABLE_FEAT_FGT") 998 endif 999 ifeq (${ENABLE_FEAT_HCX},0) 1000 $(error "ENABLE_FEAT_FPMR requires ENABLE_FEAT_HCX") 1001 endif 1002endif #(ENABLE_FEAT_FPMR) 1003 1004ifneq (${ENABLE_SME_FOR_NS},0) 1005 ifeq (${ENABLE_SVE_FOR_NS},0) 1006 $(error "ENABLE_SME_FOR_NS requires ENABLE_SVE_FOR_NS") 1007 endif 1008endif #(ENABLE_SME_FOR_NS) 1009 1010# Secure SME/SVE requires the non-secure component as well 1011ifeq (${ENABLE_SME_FOR_SWD},1) 1012 ifeq (${ENABLE_SME_FOR_NS},0) 1013 $(error "ENABLE_SME_FOR_SWD requires ENABLE_SME_FOR_NS") 1014 endif 1015 ifeq (${ENABLE_SVE_FOR_SWD},0) 1016 $(error "ENABLE_SME_FOR_SWD requires ENABLE_SVE_FOR_SWD") 1017 endif 1018endif #(ENABLE_SME_FOR_SWD) 1019 1020# Enabling SVE for SWD requires enabling SVE for NWD due to ENABLE_FEAT 1021# mechanism. 1022ifeq (${ENABLE_SVE_FOR_SWD},1) 1023 ifeq (${ENABLE_SVE_FOR_NS},0) 1024 $(error "ENABLE_SVE_FOR_SWD requires ENABLE_SVE_FOR_NS") 1025 endif 1026endif 1027 1028# Enabling FEAT_MOPS requires access to hcrx_el2 registers which is 1029# available only when FEAT_HCX is enabled. 1030ifneq (${ENABLE_FEAT_MOPS},0) 1031 ifeq (${ENABLE_FEAT_HCX},0) 1032 $(error "ENABLE_FEAT_MOPS requires ENABLE_FEAT_HCX") 1033 endif 1034endif 1035 1036# Enabling SVE for both the worlds typically requires the context 1037# management of SVE registers. The only exception being SPMC at S-EL2. 1038ifeq (${ENABLE_SVE_FOR_SWD}, 1) 1039 ifneq (${ENABLE_SVE_FOR_NS}, 0) 1040 ifeq (${CTX_INCLUDE_SVE_REGS}-$(SPMD_SPM_AT_SEL2),0-0) 1041 $(warning "ENABLE_SVE_FOR_SWD and ENABLE_SVE_FOR_NS together require CTX_INCLUDE_SVE_REGS") 1042 endif 1043 endif 1044endif 1045 1046# Enabling SVE in either world while enabling CTX_INCLUDE_FPREGS requires 1047# CTX_INCLUDE_SVE_REGS to be enabled due to architectural dependency between FP 1048# and SVE registers. 1049ifeq (${CTX_INCLUDE_FPREGS}, 1) 1050 ifneq (${ENABLE_SVE_FOR_NS},0) 1051 ifeq (${CTX_INCLUDE_SVE_REGS},0) 1052 # Warning instead of error due to CI dependency on this 1053 $(warning "CTX_INCLUDE_FPREGS and ENABLE_SVE_FOR_NS together require CTX_INCLUDE_SVE_REGS") 1054 $(warning "Forced ENABLE_SVE_FOR_NS=0") 1055 override ENABLE_SVE_FOR_NS := 0 1056 endif 1057 endif 1058endif #(CTX_INCLUDE_FPREGS) 1059 1060# SVE context management is only required if secure world has access to SVE/FP 1061# functionality. 1062ifeq (${CTX_INCLUDE_SVE_REGS},1) 1063 ifeq (${ENABLE_SVE_FOR_SWD},0) 1064 $(error "CTX_INCLUDE_SVE_REGS requires ENABLE_SVE_FOR_SWD to also be enabled") 1065 endif 1066endif 1067 1068# SME cannot be used with CTX_INCLUDE_FPREGS since SPM does its own context 1069# management including FPU registers. 1070ifeq (${CTX_INCLUDE_FPREGS},1) 1071 ifneq (${ENABLE_SME_FOR_NS},0) 1072 $(error "ENABLE_SME_FOR_NS cannot be used with CTX_INCLUDE_FPREGS") 1073 endif 1074endif #(CTX_INCLUDE_FPREGS) 1075 1076ifeq ($(DRTM_SUPPORT),1) 1077 $(info DRTM_SUPPORT is an experimental feature) 1078endif 1079 1080ifeq (${HOB_LIST},1) 1081 $(warning HOB_LIST is an experimental feature) 1082endif 1083 1084ifeq (${TRANSFER_LIST},1) 1085 $(info TRANSFER_LIST is an experimental feature) 1086endif 1087 1088ifeq (${ENABLE_RME},1) 1089 ifneq (${SEPARATE_CODE_AND_RODATA},1) 1090 $(error `ENABLE_RME=1` requires `SEPARATE_CODE_AND_RODATA=1`) 1091 endif 1092endif 1093 1094ifeq ($(PSA_CRYPTO),1) 1095 $(info PSA_CRYPTO is an experimental feature) 1096endif 1097 1098ifeq ($(DICE_PROTECTION_ENVIRONMENT),1) 1099 $(info DICE_PROTECTION_ENVIRONMENT is an experimental feature) 1100endif 1101 1102################################################################################ 1103# Process platform overrideable behaviour 1104################################################################################ 1105 1106ifdef BL1_SOURCES 1107 NEED_BL1 := yes 1108endif #(BL1_SOURCES) 1109 1110ifdef BL2_SOURCES 1111 NEED_BL2 := yes 1112 1113 # Using BL2 implies that a BL33 image also needs to be supplied for the FIP and 1114 # Certificate generation tools. This flag can be overridden by the platform. 1115 ifdef EL3_PAYLOAD_BASE 1116 # If booting an EL3 payload there is no need for a BL33 image 1117 # in the FIP file. 1118 NEED_BL33 := no 1119 else 1120 ifdef PRELOADED_BL33_BASE 1121 # If booting a BL33 preloaded image there is no need of 1122 # another one in the FIP file. 1123 NEED_BL33 := no 1124 else 1125 NEED_BL33 ?= yes 1126 endif 1127 endif 1128endif #(BL2_SOURCES) 1129 1130ifdef BL2U_SOURCES 1131 NEED_BL2U := yes 1132endif #(BL2U_SOURCES) 1133 1134# If SCP_BL2 is given, we always want FIP to include it. 1135ifdef SCP_BL2 1136 NEED_SCP_BL2 := yes 1137endif #(SCP_BL2) 1138 1139# For AArch32, BL31 is not currently supported. 1140ifneq (${ARCH},aarch32) 1141 ifdef BL31_SOURCES 1142 # When booting an EL3 payload, there is no need to compile the BL31 1143 # image nor put it in the FIP. 1144 ifndef EL3_PAYLOAD_BASE 1145 NEED_BL31 := yes 1146 endif 1147 endif 1148endif #(ARCH=aarch64) 1149 1150# Process TBB related flags 1151ifneq (${GENERATE_COT},0) 1152 # Common cert_create options 1153 ifneq (${CREATE_KEYS},0) 1154 $(eval CRT_ARGS += -n) 1155 $(eval FWU_CRT_ARGS += -n) 1156 ifneq (${SAVE_KEYS},0) 1157 $(eval CRT_ARGS += -k) 1158 $(eval FWU_CRT_ARGS += -k) 1159 endif 1160 endif 1161 # Include TBBR makefile (unless the platform indicates otherwise) 1162 ifeq (${INCLUDE_TBBR_MK},1) 1163 include make_helpers/tbbr/tbbr_tools.mk 1164 endif 1165endif #(GENERATE_COT) 1166 1167ifneq (${FIP_ALIGN},0) 1168 FIP_ARGS += --align ${FIP_ALIGN} 1169endif #(FIP_ALIGN) 1170 1171ifdef FDT_SOURCES 1172 NEED_FDT := yes 1173endif #(FDT_SOURCES) 1174 1175################################################################################ 1176# Include libraries' Makefile that are used in all BL 1177################################################################################ 1178 1179include lib/stack_protector/stack_protector.mk 1180 1181################################################################################ 1182# Include BL specific makefiles 1183################################################################################ 1184 1185ifeq (${NEED_BL1},yes) 1186include bl1/bl1.mk 1187endif 1188 1189ifeq (${NEED_BL2},yes) 1190include bl2/bl2.mk 1191endif 1192 1193ifeq (${NEED_BL2U},yes) 1194include bl2u/bl2u.mk 1195endif 1196 1197ifeq (${NEED_BL31},yes) 1198include bl31/bl31.mk 1199endif 1200 1201################################################################################ 1202# Build options checks 1203################################################################################ 1204 1205# Boolean_Flags 1206$(eval $(call assert_booleans,\ 1207 $(sort \ 1208 ALLOW_RO_XLAT_TABLES \ 1209 BL2_ENABLE_SP_LOAD \ 1210 COLD_BOOT_SINGLE_CPU \ 1211 CREATE_KEYS \ 1212 CTX_INCLUDE_AARCH32_REGS \ 1213 CTX_INCLUDE_FPREGS \ 1214 CTX_INCLUDE_SVE_REGS \ 1215 CTX_INCLUDE_EL2_REGS \ 1216 CTX_INCLUDE_MPAM_REGS \ 1217 DEBUG \ 1218 DYN_DISABLE_AUTH \ 1219 EL3_EXCEPTION_HANDLING \ 1220 ENABLE_AMU_AUXILIARY_COUNTERS \ 1221 AMU_RESTRICT_COUNTERS \ 1222 ENABLE_ASSERTIONS \ 1223 ENABLE_PIE \ 1224 ENABLE_PMF \ 1225 ENABLE_PSCI_STAT \ 1226 ENABLE_RUNTIME_INSTRUMENTATION \ 1227 ENABLE_SME_FOR_SWD \ 1228 ENABLE_SVE_FOR_SWD \ 1229 ENABLE_FEAT_RAS \ 1230 FFH_SUPPORT \ 1231 ERROR_DEPRECATED \ 1232 FAULT_INJECTION_SUPPORT \ 1233 GENERATE_COT \ 1234 GICV2_G0_FOR_EL3 \ 1235 HANDLE_EA_EL3_FIRST_NS \ 1236 HARDEN_SLS \ 1237 HW_ASSISTED_COHERENCY \ 1238 MEASURED_BOOT \ 1239 DISCRETE_TPM \ 1240 DICE_PROTECTION_ENVIRONMENT \ 1241 RMMD_ENABLE_EL3_TOKEN_SIGN \ 1242 DRTM_SUPPORT \ 1243 NS_TIMER_SWITCH \ 1244 OVERRIDE_LIBC \ 1245 PL011_GENERIC_UART \ 1246 PROGRAMMABLE_RESET_ADDRESS \ 1247 PSCI_EXTENDED_STATE_ID \ 1248 PSCI_OS_INIT_MODE \ 1249 ARCH_FEATURE_AVAILABILITY \ 1250 RESET_TO_BL31 \ 1251 SAVE_KEYS \ 1252 SEPARATE_CODE_AND_RODATA \ 1253 SEPARATE_BL2_NOLOAD_REGION \ 1254 SEPARATE_NOBITS_REGION \ 1255 SEPARATE_RWDATA_REGION \ 1256 SEPARATE_SIMD_SECTION \ 1257 SPIN_ON_BL1_EXIT \ 1258 SPM_MM \ 1259 SPMC_AT_EL3 \ 1260 SPMC_AT_EL3_SEL0_SP \ 1261 SPMD_SPM_AT_SEL2 \ 1262 ENABLE_SPMD_LP \ 1263 TRANSFER_LIST \ 1264 TRUSTED_BOARD_BOOT \ 1265 USE_COHERENT_MEM \ 1266 USE_DEBUGFS \ 1267 ARM_IO_IN_DTB \ 1268 SDEI_IN_FCONF \ 1269 SEC_INT_DESC_IN_FCONF \ 1270 USE_ROMLIB \ 1271 USE_TBBR_DEFS \ 1272 WARMBOOT_ENABLE_DCACHE_EARLY \ 1273 RESET_TO_BL2 \ 1274 BL2_IN_XIP_MEM \ 1275 BL2_INV_DCACHE \ 1276 USE_SPINLOCK_CAS \ 1277 ENCRYPT_BL31 \ 1278 ENCRYPT_BL32 \ 1279 ERRATA_SPECULATIVE_AT \ 1280 ERRATA_SME_POWER_DOWN \ 1281 RAS_TRAP_NS_ERR_REC_ACCESS \ 1282 COT_DESC_IN_DTB \ 1283 USE_SP804_TIMER \ 1284 PSA_FWU_SUPPORT \ 1285 PSA_FWU_METADATA_FW_STORE_DESC \ 1286 ENABLE_MPMM \ 1287 FEAT_PABANDON \ 1288 FEATURE_DETECTION \ 1289 TRNG_SUPPORT \ 1290 ENABLE_ERRATA_ALL \ 1291 ERRATA_ABI_SUPPORT \ 1292 ERRATA_NON_ARM_INTERCONNECT \ 1293 CONDITIONAL_CMO \ 1294 PSA_CRYPTO \ 1295 ENABLE_CONSOLE_GETC \ 1296 INIT_UNUSED_NS_EL2 \ 1297 PLATFORM_REPORT_CTX_MEM_USE \ 1298 EARLY_CONSOLE \ 1299 PRESERVE_DSU_PMU_REGS \ 1300 HOB_LIST \ 1301))) 1302 1303# Numeric_Flags 1304$(eval $(call assert_numerics,\ 1305 $(sort \ 1306 ARM_ARCH_MAJOR \ 1307 ARM_ARCH_MINOR \ 1308 BRANCH_PROTECTION \ 1309 CTX_INCLUDE_PAUTH_REGS \ 1310 CTX_INCLUDE_NEVE_REGS \ 1311 CRYPTO_SUPPORT \ 1312 DISABLE_MTPMU \ 1313 ENABLE_BRBE_FOR_NS \ 1314 ENABLE_TRBE_FOR_NS \ 1315 ENABLE_BTI \ 1316 ENABLE_PAUTH \ 1317 ENABLE_FEAT_AMU \ 1318 ENABLE_FEAT_AMUv1p1 \ 1319 ENABLE_FEAT_CSV2_2 \ 1320 ENABLE_FEAT_CSV2_3 \ 1321 ENABLE_FEAT_DEBUGV8P9 \ 1322 ENABLE_FEAT_DIT \ 1323 ENABLE_FEAT_ECV \ 1324 ENABLE_FEAT_FGT \ 1325 ENABLE_FEAT_FGT2 \ 1326 ENABLE_FEAT_FPMR \ 1327 ENABLE_FEAT_HCX \ 1328 ENABLE_FEAT_LS64_ACCDATA \ 1329 ENABLE_FEAT_MEC \ 1330 ENABLE_FEAT_MOPS \ 1331 ENABLE_FEAT_MTE2 \ 1332 ENABLE_FEAT_PAN \ 1333 ENABLE_FEAT_RNG \ 1334 ENABLE_FEAT_RNG_TRAP \ 1335 ENABLE_FEAT_SEL2 \ 1336 ENABLE_FEAT_TCR2 \ 1337 ENABLE_FEAT_THE \ 1338 ENABLE_FEAT_SB \ 1339 ENABLE_FEAT_S2PIE \ 1340 ENABLE_FEAT_S1PIE \ 1341 ENABLE_FEAT_S2POE \ 1342 ENABLE_FEAT_S1POE \ 1343 ENABLE_FEAT_SCTLR2 \ 1344 ENABLE_FEAT_D128 \ 1345 ENABLE_FEAT_GCS \ 1346 ENABLE_FEAT_VHE \ 1347 ENABLE_FEAT_MPAM \ 1348 ENABLE_RME \ 1349 ENABLE_SPE_FOR_NS \ 1350 ENABLE_SYS_REG_TRACE_FOR_NS \ 1351 ENABLE_SME_FOR_NS \ 1352 ENABLE_SME2_FOR_NS \ 1353 ENABLE_SVE_FOR_NS \ 1354 ENABLE_TRF_FOR_NS \ 1355 FW_ENC_STATUS \ 1356 NR_OF_FW_BANKS \ 1357 NR_OF_IMAGES_IN_FW_BANK \ 1358 TWED_DELAY \ 1359 ENABLE_FEAT_TWED \ 1360 SVE_VECTOR_LEN \ 1361 IMPDEF_SYSREG_TRAP \ 1362))) 1363 1364ifdef KEY_SIZE 1365 $(eval $(call assert_numeric,KEY_SIZE)) 1366endif 1367 1368ifeq ($(filter $(SANITIZE_UB), on off trap),) 1369 $(error "Invalid value for SANITIZE_UB: can be one of on, off, trap") 1370endif 1371 1372################################################################################ 1373# Add definitions to the cpp preprocessor based on the current build options. 1374# This is done after including the platform specific makefile to allow the 1375# platform to overwrite the default options 1376################################################################################ 1377 1378$(eval $(call add_defines,\ 1379 $(sort \ 1380 ALLOW_RO_XLAT_TABLES \ 1381 ARM_ARCH_MAJOR \ 1382 ARM_ARCH_MINOR \ 1383 BL2_ENABLE_SP_LOAD \ 1384 COLD_BOOT_SINGLE_CPU \ 1385 CTX_INCLUDE_AARCH32_REGS \ 1386 CTX_INCLUDE_FPREGS \ 1387 CTX_INCLUDE_SVE_REGS \ 1388 CTX_INCLUDE_PAUTH_REGS \ 1389 CTX_INCLUDE_MPAM_REGS \ 1390 EL3_EXCEPTION_HANDLING \ 1391 CTX_INCLUDE_EL2_REGS \ 1392 CTX_INCLUDE_NEVE_REGS \ 1393 DECRYPTION_SUPPORT_${DECRYPTION_SUPPORT} \ 1394 DISABLE_MTPMU \ 1395 ENABLE_FEAT_AMU \ 1396 ENABLE_AMU_AUXILIARY_COUNTERS \ 1397 AMU_RESTRICT_COUNTERS \ 1398 ENABLE_ASSERTIONS \ 1399 ENABLE_BTI \ 1400 ENABLE_FEAT_DEBUGV8P9 \ 1401 ENABLE_FEAT_MPAM \ 1402 ENABLE_PAUTH \ 1403 ENABLE_PIE \ 1404 ENABLE_PMF \ 1405 ENABLE_PSCI_STAT \ 1406 ENABLE_RME \ 1407 RMMD_ENABLE_EL3_TOKEN_SIGN \ 1408 ENABLE_RUNTIME_INSTRUMENTATION \ 1409 ENABLE_SME_FOR_NS \ 1410 ENABLE_SME2_FOR_NS \ 1411 ENABLE_SME_FOR_SWD \ 1412 ENABLE_SPE_FOR_NS \ 1413 ENABLE_SVE_FOR_NS \ 1414 ENABLE_SVE_FOR_SWD \ 1415 ENABLE_FEAT_RAS \ 1416 FFH_SUPPORT \ 1417 ENCRYPT_BL31 \ 1418 ENCRYPT_BL32 \ 1419 ERROR_DEPRECATED \ 1420 FAULT_INJECTION_SUPPORT \ 1421 GICV2_G0_FOR_EL3 \ 1422 HANDLE_EA_EL3_FIRST_NS \ 1423 HW_ASSISTED_COHERENCY \ 1424 LOG_LEVEL \ 1425 MEASURED_BOOT \ 1426 DISCRETE_TPM \ 1427 DICE_PROTECTION_ENVIRONMENT \ 1428 DRTM_SUPPORT \ 1429 NS_TIMER_SWITCH \ 1430 PL011_GENERIC_UART \ 1431 PLAT_${PLAT} \ 1432 PROGRAMMABLE_RESET_ADDRESS \ 1433 PSCI_EXTENDED_STATE_ID \ 1434 PSCI_OS_INIT_MODE \ 1435 ARCH_FEATURE_AVAILABILITY \ 1436 RESET_TO_BL31 \ 1437 RME_GPT_BITLOCK_BLOCK \ 1438 RME_GPT_MAX_BLOCK \ 1439 SEPARATE_CODE_AND_RODATA \ 1440 SEPARATE_BL2_NOLOAD_REGION \ 1441 SEPARATE_NOBITS_REGION \ 1442 SEPARATE_RWDATA_REGION \ 1443 SEPARATE_SIMD_SECTION \ 1444 RECLAIM_INIT_CODE \ 1445 SPD_${SPD} \ 1446 SPIN_ON_BL1_EXIT \ 1447 SPM_MM \ 1448 SPMC_AT_EL3 \ 1449 SPMC_AT_EL3_SEL0_SP \ 1450 SPMD_SPM_AT_SEL2 \ 1451 TRANSFER_LIST \ 1452 TRUSTED_BOARD_BOOT \ 1453 CRYPTO_SUPPORT \ 1454 TRNG_SUPPORT \ 1455 ERRATA_ABI_SUPPORT \ 1456 ERRATA_NON_ARM_INTERCONNECT \ 1457 USE_COHERENT_MEM \ 1458 USE_DEBUGFS \ 1459 ARM_IO_IN_DTB \ 1460 SDEI_IN_FCONF \ 1461 SEC_INT_DESC_IN_FCONF \ 1462 USE_ROMLIB \ 1463 USE_TBBR_DEFS \ 1464 WARMBOOT_ENABLE_DCACHE_EARLY \ 1465 RESET_TO_BL2 \ 1466 BL2_RUNS_AT_EL3 \ 1467 BL2_IN_XIP_MEM \ 1468 BL2_INV_DCACHE \ 1469 USE_SPINLOCK_CAS \ 1470 ERRATA_SPECULATIVE_AT \ 1471 ERRATA_SME_POWER_DOWN \ 1472 RAS_TRAP_NS_ERR_REC_ACCESS \ 1473 COT_DESC_IN_DTB \ 1474 USE_SP804_TIMER \ 1475 ENABLE_FEAT_RNG \ 1476 ENABLE_FEAT_RNG_TRAP \ 1477 ENABLE_FEAT_SB \ 1478 ENABLE_FEAT_DIT \ 1479 NR_OF_FW_BANKS \ 1480 NR_OF_IMAGES_IN_FW_BANK \ 1481 PSA_FWU_SUPPORT \ 1482 PSA_FWU_METADATA_FW_STORE_DESC \ 1483 ENABLE_BRBE_FOR_NS \ 1484 ENABLE_TRBE_FOR_NS \ 1485 ENABLE_SYS_REG_TRACE_FOR_NS \ 1486 ENABLE_TRF_FOR_NS \ 1487 ENABLE_FEAT_HCX \ 1488 ENABLE_MPMM \ 1489 FEAT_PABANDON \ 1490 ENABLE_FEAT_FGT \ 1491 ENABLE_FEAT_FGT2 \ 1492 ENABLE_FEAT_FPMR \ 1493 ENABLE_FEAT_ECV \ 1494 ENABLE_FEAT_AMUv1p1 \ 1495 ENABLE_FEAT_SEL2 \ 1496 ENABLE_FEAT_VHE \ 1497 ENABLE_FEAT_CSV2_2 \ 1498 ENABLE_FEAT_CSV2_3 \ 1499 ENABLE_FEAT_LS64_ACCDATA \ 1500 ENABLE_FEAT_MEC \ 1501 ENABLE_FEAT_PAN \ 1502 ENABLE_FEAT_TCR2 \ 1503 ENABLE_FEAT_THE \ 1504 ENABLE_FEAT_S2PIE \ 1505 ENABLE_FEAT_S1PIE \ 1506 ENABLE_FEAT_S2POE \ 1507 ENABLE_FEAT_S1POE \ 1508 ENABLE_FEAT_SCTLR2 \ 1509 ENABLE_FEAT_D128 \ 1510 ENABLE_FEAT_GCS \ 1511 ENABLE_FEAT_MOPS \ 1512 ENABLE_FEAT_MTE2 \ 1513 FEATURE_DETECTION \ 1514 TWED_DELAY \ 1515 ENABLE_FEAT_TWED \ 1516 CONDITIONAL_CMO \ 1517 IMPDEF_SYSREG_TRAP \ 1518 SVE_VECTOR_LEN \ 1519 ENABLE_SPMD_LP \ 1520 PSA_CRYPTO \ 1521 ENABLE_CONSOLE_GETC \ 1522 INIT_UNUSED_NS_EL2 \ 1523 PLATFORM_REPORT_CTX_MEM_USE \ 1524 EARLY_CONSOLE \ 1525 PRESERVE_DSU_PMU_REGS \ 1526 HOB_LIST \ 1527))) 1528 1529ifeq (${PLATFORM_REPORT_CTX_MEM_USE}, 1) 1530ifeq (${DEBUG}, 0) 1531 $(warning "PLATFORM_REPORT_CTX_MEM_USE can be applied when DEBUG=1 only") 1532 override PLATFORM_REPORT_CTX_MEM_USE := 0 1533endif 1534endif 1535 1536ifeq (${SANITIZE_UB},trap) 1537 $(eval $(call add_define,MONITOR_TRAPS)) 1538endif #(SANITIZE_UB) 1539 1540# Define the EL3_PAYLOAD_BASE flag only if it is provided. 1541ifdef EL3_PAYLOAD_BASE 1542 $(eval $(call add_define,EL3_PAYLOAD_BASE)) 1543else 1544# Define the PRELOADED_BL33_BASE flag only if it is provided and 1545# EL3_PAYLOAD_BASE is not defined, as it has priority. 1546 ifdef PRELOADED_BL33_BASE 1547 $(eval $(call add_define,PRELOADED_BL33_BASE)) 1548 endif 1549endif #(EL3_PAYLOAD_BASE) 1550 1551# Define the DYN_DISABLE_AUTH flag only if set. 1552ifeq (${DYN_DISABLE_AUTH},1) 1553 $(eval $(call add_define,DYN_DISABLE_AUTH)) 1554endif 1555 1556ifeq ($($(ARCH)-ld-id),arm-link) 1557 $(eval $(call add_define,USE_ARM_LINK)) 1558endif 1559 1560# Generate and include sp_gen.mk if SPD is spmd and SP_LAYOUT_FILE is defined 1561ifeq (${SPD},spmd) 1562ifdef SP_LAYOUT_FILE 1563 -include $(BUILD_PLAT)/sp_gen.mk 1564 FIP_DEPS += sp 1565 CRT_DEPS += sp 1566 NEED_SP_PKG := yes 1567else 1568 ifeq (${SPMD_SPM_AT_SEL2},1) 1569 $(error "SPMD with SPM at S-EL2 require SP_LAYOUT_FILE") 1570 endif 1571endif #(SP_LAYOUT_FILE) 1572endif #(SPD) 1573 1574################################################################################ 1575# Build targets 1576################################################################################ 1577 1578.PHONY: all msg_start clean realclean distclean cscope locate-checkpatch checkcodebase checkpatch fiptool sptool fip sp tl fwu_fip certtool dtbs memmap doc enctool 1579 1580all: msg_start 1581 1582msg_start: 1583 $(s)echo "Building ${PLAT}" 1584 1585ifeq (${ERROR_DEPRECATED},0) 1586# Check if deprecated declarations and cpp warnings should be treated as error or not. 1587ifneq ($(filter %-clang,$($(ARCH)-cc-id)),) 1588 CPPFLAGS += -Wno-error=deprecated-declarations 1589else 1590 CPPFLAGS += -Wno-error=deprecated-declarations -Wno-error=cpp 1591endif 1592endif #(!ERROR_DEPRECATED) 1593 1594$(eval $(call MAKE_LIB,c)) 1595 1596# Expand build macros for the different images 1597ifeq (${NEED_BL1},yes) 1598BL1_SOURCES := $(sort ${BL1_SOURCES}) 1599$(eval $(call MAKE_BL,bl1)) 1600endif #(NEED_BL1) 1601 1602ifeq (${NEED_BL2},yes) 1603 1604ifeq (${RESET_TO_BL2}, 0) 1605FIP_BL2_ARGS := tb-fw 1606endif 1607 1608BL2_SOURCES := $(sort ${BL2_SOURCES}) 1609 1610$(if ${BL2}, $(eval $(call TOOL_ADD_IMG,bl2,--${FIP_BL2_ARGS})),\ 1611 $(eval $(call MAKE_BL,bl2,${FIP_BL2_ARGS}))) 1612 1613endif #(NEED_BL2) 1614 1615ifeq (${NEED_SCP_BL2},yes) 1616$(eval $(call TOOL_ADD_IMG,scp_bl2,--scp-fw)) 1617endif #(NEED_SCP_BL2) 1618 1619ifeq (${NEED_BL31},yes) 1620BL31_SOURCES += ${SPD_SOURCES} 1621# Sort BL31 source files to remove duplicates 1622BL31_SOURCES := $(sort ${BL31_SOURCES}) 1623ifneq (${DECRYPTION_SUPPORT},none) 1624$(if ${BL31}, $(eval $(call TOOL_ADD_IMG,bl31,--soc-fw,,$(ENCRYPT_BL31))),\ 1625 $(eval $(call MAKE_BL,bl31,soc-fw,,$(ENCRYPT_BL31)))) 1626else 1627$(if ${BL31}, $(eval $(call TOOL_ADD_IMG,bl31,--soc-fw)),\ 1628 $(eval $(call MAKE_BL,bl31,soc-fw))) 1629endif #(DECRYPTION_SUPPORT) 1630endif #(NEED_BL31) 1631 1632# If a BL32 image is needed but neither BL32 nor BL32_SOURCES is defined, the 1633# build system will call TOOL_ADD_IMG to print a warning message and abort the 1634# process. Note that the dependency on BL32 applies to the FIP only. 1635ifeq (${NEED_BL32},yes) 1636# Sort BL32 source files to remove duplicates 1637BL32_SOURCES := $(sort ${BL32_SOURCES}) 1638BUILD_BL32 := $(if $(BL32),,$(if $(BL32_SOURCES),1)) 1639 1640ifneq (${DECRYPTION_SUPPORT},none) 1641$(if ${BUILD_BL32}, $(eval $(call MAKE_BL,bl32,tos-fw,,$(ENCRYPT_BL32))),\ 1642 $(eval $(call TOOL_ADD_IMG,bl32,--tos-fw,,$(ENCRYPT_BL32)))) 1643else 1644$(if ${BUILD_BL32}, $(eval $(call MAKE_BL,bl32,tos-fw)),\ 1645 $(eval $(call TOOL_ADD_IMG,bl32,--tos-fw))) 1646endif #(DECRYPTION_SUPPORT) 1647endif #(NEED_BL32) 1648 1649# If RMM image is needed but RMM is not defined, Test Realm Payload (TRP) 1650# needs to be built from RMM_SOURCES. 1651ifeq (${NEED_RMM},yes) 1652# Sort RMM source files to remove duplicates 1653RMM_SOURCES := $(sort ${RMM_SOURCES}) 1654BUILD_RMM := $(if $(RMM),,$(if $(RMM_SOURCES),1)) 1655 1656$(if ${BUILD_RMM}, $(eval $(call MAKE_BL,rmm,rmm-fw)),\ 1657 $(eval $(call TOOL_ADD_IMG,rmm,--rmm-fw))) 1658endif #(NEED_RMM) 1659 1660# Add the BL33 image if required by the platform 1661ifeq (${NEED_BL33},yes) 1662$(eval $(call TOOL_ADD_IMG,bl33,--nt-fw)) 1663endif #(NEED_BL33) 1664 1665ifeq (${NEED_BL2U},yes) 1666$(if ${BL2U}, $(eval $(call TOOL_ADD_IMG,bl2u,--ap-fwu-cfg,FWU_)),\ 1667 $(eval $(call MAKE_BL,bl2u,ap-fwu-cfg,FWU_))) 1668endif #(NEED_BL2U) 1669 1670# Expand build macros for the different images 1671ifeq (${NEED_FDT},yes) 1672 $(eval $(call MAKE_DTBS,$(BUILD_PLAT)/fdts,$(FDT_SOURCES))) 1673 1674 ifneq (${INITRD_SIZE}${INITRD_PATH},) 1675 ifndef INITRD_BASE 1676 $(error INITRD_BASE must be set when inserting initrd properties to the DTB.) 1677 endif 1678 1679 INITRD_SIZE ?= $(shell printf "0x%x\n" $$(stat -Lc %s $(INITRD_PATH))) 1680 initrd_end = $(shell printf "0x%x\n" $$(expr $$(($(INITRD_BASE) + $(INITRD_SIZE))))) 1681 1682 define $(HW_CONFIG)-after += 1683 $(s)echo " INITRD $(HW_CONFIG)" 1684 $(q)fdtput -t x $@ /chosen linux,initrd-start $(INITRD_BASE) 1685 $(q)fdtput -t x $@ /chosen linux,initrd-end $(initrd_end) 1686 endef 1687 endif 1688endif #(NEED_FDT) 1689 1690# Add Secure Partition packages 1691ifeq (${NEED_SP_PKG},yes) 1692$(BUILD_PLAT)/sp_gen.mk: ${SP_MK_GEN} ${SP_LAYOUT_FILE} | $$(@D)/ 1693 $(if $(host-poetry),$(q)poetry -q install --no-root) 1694 $(q)$(if $(host-poetry),poetry run )${PYTHON} "$<" "$@" $(filter-out $<,$^) $(BUILD_PLAT) ${COT} ${SP_DTS_LIST_FRAGMENT} 1695sp: $(DTBS) $(BUILD_PLAT)/sp_gen.mk $(SP_PKGS) 1696 $(s)echo 1697 $(s)echo "Built SP Images successfully" 1698 $(s)echo 1699endif #(NEED_SP_PKG) 1700 1701locate-checkpatch: 1702ifndef CHECKPATCH 1703 $(error "Please set CHECKPATCH to point to the Linux checkpatch.pl file, eg: CHECKPATCH=../linux/scripts/checkpatch.pl") 1704else 1705ifeq (,$(wildcard ${CHECKPATCH})) 1706 $(error "The file CHECKPATCH points to cannot be found, use eg: CHECKPATCH=../linux/scripts/checkpatch.pl") 1707endif 1708endif #(CHECKPATCH) 1709 1710clean: 1711 $(s)echo " CLEAN" 1712 $(q)rm -rf $(BUILD_PLAT) 1713 $(q)${MAKE} --no-print-directory -C ${FIPTOOLPATH} clean 1714 $(q)${MAKE} PLAT=${PLAT} --no-print-directory -C ${CRTTOOLPATH} clean 1715 $(q)${MAKE} PLAT=${PLAT} --no-print-directory -C ${ENCTOOLPATH} clean 1716 $(q)${MAKE} --no-print-directory -C ${ROMLIBPATH} clean 1717 1718realclean distclean: 1719 $(s)echo " REALCLEAN" 1720 $(q)rm -rf $(BUILD_BASE) 1721 $(q)rm -rf $(CURDIR)/cscope.* 1722 $(q)${MAKE} --no-print-directory -C ${FIPTOOLPATH} clean 1723 $(q)${MAKE} PLAT=${PLAT} --no-print-directory -C ${CRTTOOLPATH} realclean 1724 $(q)${MAKE} PLAT=${PLAT} --no-print-directory -C ${ENCTOOLPATH} realclean 1725 $(q)${MAKE} --no-print-directory -C ${ROMLIBPATH} clean 1726 1727checkcodebase: locate-checkpatch 1728 $(s)echo " CHECKING STYLE" 1729 $(q)if test -d .git ; then \ 1730 git ls-files | grep -E -v 'libfdt|libc|docs|\.rst' | \ 1731 while read GIT_FILE ; \ 1732 do ${CHECKPATCH} ${CHECKCODE_ARGS} -f $$GIT_FILE ; \ 1733 done ; \ 1734 else \ 1735 find . -type f -not -iwholename "*.git*" \ 1736 -not -iwholename "*build*" \ 1737 -not -iwholename "*libfdt*" \ 1738 -not -iwholename "*libc*" \ 1739 -not -iwholename "*docs*" \ 1740 -not -iwholename "*.rst" \ 1741 -exec ${CHECKPATCH} ${CHECKCODE_ARGS} -f {} \; ; \ 1742 fi 1743 1744checkpatch: locate-checkpatch 1745 $(s)echo " CHECKING STYLE" 1746 $(q)if test -n "${CHECKPATCH_OPTS}"; then \ 1747 echo " with ${CHECKPATCH_OPTS} option(s)"; \ 1748 fi 1749 $(q)COMMON_COMMIT=$$(git merge-base HEAD ${BASE_COMMIT}); \ 1750 for commit in `git rev-list --no-merges $$COMMON_COMMIT..HEAD`; \ 1751 do \ 1752 printf "\n[*] Checking style of '$$commit'\n\n"; \ 1753 ( git log --format=email "$$commit~..$$commit" \ 1754 -- ${CHECK_PATHS} ; \ 1755 git diff --format=email "$$commit~..$$commit" \ 1756 -- ${CHECK_PATHS}; ) | \ 1757 ${CHECKPATCH} ${CHECKPATCH_OPTS} - || true; \ 1758 done 1759 1760certtool: ${CRTTOOL} 1761 1762${CRTTOOL}: FORCE 1763 $(q)${MAKE} PLAT=${PLAT} USE_TBBR_DEFS=${USE_TBBR_DEFS} COT=${COT} OPENSSL_DIR=${OPENSSL_DIR} CRTTOOL=${CRTTOOL} DEBUG=${DEBUG} --no-print-directory -C ${CRTTOOLPATH} all 1764 $(s)echo 1765 $(s)echo "Built $@ successfully" 1766 $(s)echo 1767 1768ifneq (${GENERATE_COT},0) 1769certificates: ${CRT_DEPS} ${CRTTOOL} 1770 $(q)${CRTTOOL} ${CRT_ARGS} 1771 $(s)echo 1772 $(s)echo "Built $@ successfully" 1773 $(s)echo "Certificates can be found in ${BUILD_PLAT}" 1774 $(s)echo 1775endif #(GENERATE_COT) 1776 1777${BUILD_PLAT}/${FIP_NAME}: ${FIP_DEPS} ${FIPTOOL} 1778 $(eval ${CHECK_FIP_CMD}) 1779 $(q)${FIPTOOL} create ${FIP_ARGS} $@ 1780 $(q)${FIPTOOL} info $@ 1781 $(s)echo 1782 $(s)echo "Built $@ successfully" 1783 $(s)echo 1784 1785ifneq (${GENERATE_COT},0) 1786fwu_certificates: ${FWU_CRT_DEPS} ${CRTTOOL} 1787 $(q)${CRTTOOL} ${FWU_CRT_ARGS} 1788 $(s)echo 1789 $(s)echo "Built $@ successfully" 1790 $(s)echo "FWU certificates can be found in ${BUILD_PLAT}" 1791 $(s)echo 1792endif #(GENERATE_COT) 1793 1794${BUILD_PLAT}/${FWU_FIP_NAME}: ${FWU_FIP_DEPS} ${FIPTOOL} 1795 $(eval ${CHECK_FWU_FIP_CMD}) 1796 $(q)${FIPTOOL} create ${FWU_FIP_ARGS} $@ 1797 $(q)${FIPTOOL} info $@ 1798 $(s)echo 1799 $(s)echo "Built $@ successfully" 1800 $(s)echo 1801 1802fiptool: ${FIPTOOL} 1803fip: ${BUILD_PLAT}/${FIP_NAME} 1804fwu_fip: ${BUILD_PLAT}/${FWU_FIP_NAME} 1805 1806${FIPTOOL}: FORCE 1807 $(q)${MAKE} PLAT=${PLAT} CPPFLAGS="-DVERSION='\"${VERSION_STRING}\"'" FIPTOOL=${FIPTOOL} OPENSSL_DIR=${OPENSSL_DIR} DEBUG=${DEBUG} --no-print-directory -C ${FIPTOOLPATH} all 1808 1809$(BUILD_PLAT)/romlib/romlib.bin $(BUILD_PLAT)/lib/libwrappers.a $&: $(BUILD_PLAT)/lib/libfdt.a $(BUILD_PLAT)/lib/libc.a $(CRYPTO_LIB) 1810 $(q)${MAKE} PLAT_DIR=${PLAT_DIR} BUILD_PLAT=${BUILD_PLAT} ENABLE_BTI=${ENABLE_BTI} CRYPTO_SUPPORT=${CRYPTO_SUPPORT} ARM_ARCH_MINOR=${ARM_ARCH_MINOR} INCLUDES=$(call escape-shell,$(INCLUDES)) DEFINES=$(call escape-shell,$(DEFINES)) --no-print-directory -C ${ROMLIBPATH} all 1811 1812memmap: all 1813 $(if $(host-poetry),$(q)poetry -q install --no-root) 1814 $(q)$(if $(host-poetry),poetry run )memory -sr ${BUILD_PLAT} 1815 1816tl: ${BUILD_PLAT}/tl.bin 1817${BUILD_PLAT}/tl.bin: ${HW_CONFIG} 1818 $(if $(host-poetry),$(q)poetry -q install --no-root) 1819 $(q)$(if $(host-poetry),poetry run )tlc create --fdt $< -s ${FW_HANDOFF_SIZE} $@ 1820 1821doc: 1822 $(s)echo " BUILD DOCUMENTATION" 1823 $(q)${MAKE} --no-print-directory -C ${DOCS_PATH} html 1824 1825enctool: ${ENCTOOL} 1826 1827${ENCTOOL}: FORCE 1828 $(q)${MAKE} PLAT=${PLAT} BUILD_INFO=0 OPENSSL_DIR=${OPENSSL_DIR} ENCTOOL=${ENCTOOL} DEBUG=${DEBUG} --no-print-directory -C ${ENCTOOLPATH} all 1829 $(s)echo 1830 $(s)echo "Built $@ successfully" 1831 $(s)echo 1832 1833cscope: 1834 $(s)echo " CSCOPE" 1835 $(q)find ${CURDIR} -name "*.[chsS]" > cscope.files 1836 $(q)cscope -b -q -k 1837 1838help: 1839 $(s)echo "usage: ${MAKE} [PLAT=<platform>] [OPTIONS] [TARGET]" 1840 $(s)echo "" 1841 $(s)echo "PLAT is used to specify which platform you wish to build." 1842 $(s)echo "If no platform is specified, PLAT defaults to: ${DEFAULT_PLAT}" 1843 $(s)echo "" 1844 $(s)echo "platform = ${PLATFORM_LIST}" 1845 $(s)echo "" 1846 $(s)echo "Please refer to the User Guide for a list of all supported options." 1847 $(s)echo "Note that the build system doesn't track dependencies for build " 1848 $(s)echo "options. Therefore, if any of the build options are changed " 1849 $(s)echo "from a previous build, a clean build must be performed." 1850 $(s)echo "" 1851 $(s)echo "Supported Targets:" 1852 $(s)echo " all Build all individual bootloader binaries" 1853 $(s)echo " bl1 Build the BL1 binary" 1854 $(s)echo " bl2 Build the BL2 binary" 1855 $(s)echo " bl2u Build the BL2U binary" 1856 $(s)echo " bl31 Build the BL31 binary" 1857 $(s)echo " bl32 Build the BL32 binary. If ARCH=aarch32, then " 1858 $(s)echo " this builds secure payload specified by AARCH32_SP" 1859 $(s)echo " certificates Build the certificates (requires 'GENERATE_COT=1')" 1860 $(s)echo " fip Build the Firmware Image Package (FIP)" 1861 $(s)echo " fwu_fip Build the FWU Firmware Image Package (FIP)" 1862 $(s)echo " checkcodebase Check the coding style of the entire source tree" 1863 $(s)echo " checkpatch Check the coding style on changes in the current" 1864 $(s)echo " branch against BASE_COMMIT (default origin/master)" 1865 $(s)echo " clean Clean the build for the selected platform" 1866 $(s)echo " cscope Generate cscope index" 1867 $(s)echo " distclean Remove all build artifacts for all platforms" 1868 $(s)echo " certtool Build the Certificate generation tool" 1869 $(s)echo " enctool Build the Firmware encryption tool" 1870 $(s)echo " fiptool Build the Firmware Image Package (FIP) creation tool" 1871 $(s)echo " sp Build the Secure Partition Packages" 1872 $(s)echo " sptool Build the Secure Partition Package creation tool" 1873 $(s)echo " dtbs Build the Device Tree Blobs (if required for the platform)" 1874 $(s)echo " memmap Print the memory map of the built binaries" 1875 $(s)echo " doc Build html based documentation using Sphinx tool" 1876 $(s)echo "" 1877 $(s)echo "Note: most build targets require PLAT to be set to a specific platform." 1878 $(s)echo "" 1879 $(s)echo "example: build all targets for the FVP platform:" 1880 $(s)echo " CROSS_COMPILE=aarch64-none-elf- make PLAT=fvp all" 1881 1882.PHONY: FORCE 1883FORCE:; 1884