1# 2# Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved. 3# 4# SPDX-License-Identifier: BSD-3-Clause 5# 6 7# 8# Trusted Firmware Version 9# 10VERSION_MAJOR := 2 11VERSION_MINOR := 8 12VERSION := ${VERSION_MAJOR}.${VERSION_MINOR} 13 14# Default goal is build all images 15.DEFAULT_GOAL := all 16 17# Avoid any implicit propagation of command line variable definitions to 18# sub-Makefiles, like CFLAGS that we reserved for the firmware images' 19# usage. Other command line options like "-s" are still propagated as usual. 20MAKEOVERRIDES = 21 22MAKE_HELPERS_DIRECTORY := make_helpers/ 23include ${MAKE_HELPERS_DIRECTORY}build_macros.mk 24include ${MAKE_HELPERS_DIRECTORY}build_env.mk 25 26################################################################################ 27# Default values for build configurations, and their dependencies 28################################################################################ 29 30include ${MAKE_HELPERS_DIRECTORY}defaults.mk 31 32# Assertions enabled for DEBUG builds by default 33ENABLE_ASSERTIONS := ${DEBUG} 34ENABLE_PMF := ${ENABLE_RUNTIME_INSTRUMENTATION} 35PLAT := ${DEFAULT_PLAT} 36 37################################################################################ 38# Checkpatch script options 39################################################################################ 40 41CHECKCODE_ARGS := --no-patch 42# Do not check the coding style on imported library files or documentation files 43INC_ARM_DIRS_TO_CHECK := $(sort $(filter-out \ 44 include/drivers/arm/cryptocell, \ 45 $(wildcard include/drivers/arm/*))) 46INC_ARM_DIRS_TO_CHECK += include/drivers/arm/cryptocell/*.h 47INC_DRV_DIRS_TO_CHECK := $(sort $(filter-out \ 48 include/drivers/arm, \ 49 $(wildcard include/drivers/*))) 50INC_LIB_DIRS_TO_CHECK := $(sort $(filter-out \ 51 include/lib/libfdt \ 52 include/lib/libc, \ 53 $(wildcard include/lib/*))) 54INC_DIRS_TO_CHECK := $(sort $(filter-out \ 55 include/lib \ 56 include/drivers, \ 57 $(wildcard include/*))) 58LIB_DIRS_TO_CHECK := $(sort $(filter-out \ 59 lib/compiler-rt \ 60 lib/libfdt% \ 61 lib/libc, \ 62 lib/zlib \ 63 $(wildcard lib/*))) 64ROOT_DIRS_TO_CHECK := $(sort $(filter-out \ 65 lib \ 66 include \ 67 docs \ 68 %.rst, \ 69 $(wildcard *))) 70CHECK_PATHS := ${ROOT_DIRS_TO_CHECK} \ 71 ${INC_DIRS_TO_CHECK} \ 72 ${INC_LIB_DIRS_TO_CHECK} \ 73 ${LIB_DIRS_TO_CHECK} \ 74 ${INC_DRV_DIRS_TO_CHECK} \ 75 ${INC_ARM_DIRS_TO_CHECK} 76 77 78################################################################################ 79# Process build options 80################################################################################ 81 82# Verbose flag 83ifeq (${V},0) 84 Q:=@ 85 ECHO:=@echo 86 CHECKCODE_ARGS += --no-summary --terse 87else 88 Q:= 89 ECHO:=$(ECHO_QUIET) 90endif 91 92ifneq ($(findstring s,$(filter-out --%,$(MAKEFLAGS))),) 93 Q:=@ 94 ECHO:=$(ECHO_QUIET) 95endif 96 97export Q ECHO 98 99# The cert_create tool cannot generate certificates individually, so we use the 100# target 'certificates' to create them all 101ifneq (${GENERATE_COT},0) 102 FIP_DEPS += certificates 103 FWU_FIP_DEPS += fwu_certificates 104endif 105 106# Process BRANCH_PROTECTION value and set 107# Pointer Authentication and Branch Target Identification flags 108ifeq (${BRANCH_PROTECTION},0) 109 # Default value turns off all types of branch protection 110 BP_OPTION := none 111else ifneq (${ARCH},aarch64) 112 $(error BRANCH_PROTECTION requires AArch64) 113else ifeq (${BRANCH_PROTECTION},1) 114 # Enables all types of branch protection features 115 BP_OPTION := standard 116 ENABLE_BTI := 1 117 ENABLE_PAUTH := 1 118else ifeq (${BRANCH_PROTECTION},2) 119 # Return address signing to its standard level 120 BP_OPTION := pac-ret 121 ENABLE_PAUTH := 1 122else ifeq (${BRANCH_PROTECTION},3) 123 # Extend the signing to include leaf functions 124 BP_OPTION := pac-ret+leaf 125 ENABLE_PAUTH := 1 126else ifeq (${BRANCH_PROTECTION},4) 127 # Turn on branch target identification mechanism 128 BP_OPTION := bti 129 ENABLE_BTI := 1 130else 131 $(error Unknown BRANCH_PROTECTION value ${BRANCH_PROTECTION}) 132endif 133 134# FEAT_RME 135ifeq (${ENABLE_RME},1) 136# RME doesn't support PIE 137ifneq (${ENABLE_PIE},0) 138 $(error ENABLE_RME does not support PIE) 139endif 140# RME doesn't support BRBE 141ifneq (${ENABLE_BRBE_FOR_NS},0) 142 $(error ENABLE_RME does not support BRBE.) 143endif 144# RME requires AARCH64 145ifneq (${ARCH},aarch64) 146 $(error ENABLE_RME requires AArch64) 147endif 148# RME requires el2 context to be saved for now. 149CTX_INCLUDE_EL2_REGS := 1 150CTX_INCLUDE_AARCH32_REGS := 0 151ARM_ARCH_MAJOR := 8 152ARM_ARCH_MINOR := 5 153ENABLE_FEAT_ECV = 1 154ENABLE_FEAT_FGT = 1 155 156endif 157 158# USE_SPINLOCK_CAS requires AArch64 build 159ifeq (${USE_SPINLOCK_CAS},1) 160ifneq (${ARCH},aarch64) 161 $(error USE_SPINLOCK_CAS requires AArch64) 162endif 163endif 164 165# USE_DEBUGFS experimental feature recommended only in debug builds 166ifeq (${USE_DEBUGFS},1) 167ifeq (${DEBUG},1) 168 $(warning DEBUGFS experimental feature is enabled.) 169else 170 $(warning DEBUGFS experimental, recommended in DEBUG builds ONLY) 171endif 172endif 173 174ifneq (${DECRYPTION_SUPPORT},none) 175ENC_ARGS += -f ${FW_ENC_STATUS} 176ENC_ARGS += -k ${ENC_KEY} 177ENC_ARGS += -n ${ENC_NONCE} 178FIP_DEPS += enctool 179FWU_FIP_DEPS += enctool 180endif 181 182################################################################################ 183# Toolchain 184################################################################################ 185 186HOSTCC := gcc 187export HOSTCC 188 189CC := ${CROSS_COMPILE}gcc 190CPP := ${CROSS_COMPILE}cpp 191AS := ${CROSS_COMPILE}gcc 192AR := ${CROSS_COMPILE}ar 193LINKER := ${CROSS_COMPILE}ld 194OC := ${CROSS_COMPILE}objcopy 195OD := ${CROSS_COMPILE}objdump 196NM := ${CROSS_COMPILE}nm 197PP := ${CROSS_COMPILE}gcc -E 198DTC := dtc 199 200# Use ${LD}.bfd instead if it exists (as absolute path or together with $PATH). 201ifneq ($(strip $(wildcard ${LD}.bfd) \ 202 $(foreach dir,$(subst :, ,${PATH}),$(wildcard ${dir}/${LINKER}.bfd))),) 203LINKER := ${LINKER}.bfd 204endif 205 206ifeq (${ARM_ARCH_MAJOR},7) 207target32-directive = -target arm-none-eabi 208# Will set march32-directive from platform configuration 209else 210target32-directive = -target armv8a-none-eabi 211 212# Set the compiler's target architecture profile based on 213# ARM_ARCH_MAJOR ARM_ARCH_MINOR options 214ifeq (${ARM_ARCH_MINOR},0) 215march32-directive = -march=armv${ARM_ARCH_MAJOR}-a 216march64-directive = -march=armv${ARM_ARCH_MAJOR}-a 217else 218march32-directive = -march=armv${ARM_ARCH_MAJOR}.${ARM_ARCH_MINOR}-a 219march64-directive = -march=armv${ARM_ARCH_MAJOR}.${ARM_ARCH_MINOR}-a 220endif 221endif 222 223# Memory tagging is supported in architecture Armv8.5-A AArch64 and onwards 224ifeq ($(ARCH), aarch64) 225# Check if revision is greater than or equal to 8.5 226ifeq "8.5" "$(word 1, $(sort 8.5 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))" 227mem_tag_arch_support = yes 228endif 229endif 230 231# Get architecture feature modifiers 232arch-features = ${ARM_ARCH_FEATURE} 233 234# Enable required options for memory stack tagging. 235# Currently, these options are enabled only for clang and armclang compiler. 236ifeq (${SUPPORT_STACK_MEMTAG},yes) 237ifdef mem_tag_arch_support 238# Check for armclang and clang compilers 239ifneq ( ,$(filter $(notdir $(CC)),armclang clang)) 240# Add "memtag" architecture feature modifier if not specified 241ifeq ( ,$(findstring memtag,$(arch-features))) 242arch-features := $(arch-features)+memtag 243endif # memtag 244ifeq ($(notdir $(CC)),armclang) 245TF_CFLAGS += -mmemtag-stack 246else ifeq ($(notdir $(CC)),clang) 247TF_CFLAGS += -fsanitize=memtag 248endif # armclang 249endif # armclang clang 250else 251$(error "Error: stack memory tagging is not supported for architecture \ 252 ${ARCH},armv${ARM_ARCH_MAJOR}.${ARM_ARCH_MINOR}-a") 253endif # mem_tag_arch_support 254endif # SUPPORT_STACK_MEMTAG 255 256# Set the compiler's architecture feature modifiers 257ifneq ($(arch-features), none) 258# Strip "none+" from arch-features 259arch-features := $(subst none+,,$(arch-features)) 260ifeq ($(ARCH), aarch32) 261march32-directive := $(march32-directive)+$(arch-features) 262else 263march64-directive := $(march64-directive)+$(arch-features) 264endif 265# Print features 266$(info Arm Architecture Features specified: $(subst +, ,$(arch-features))) 267endif # arch-features 268 269# Determine if FEAT_RNG is supported 270ENABLE_FEAT_RNG = $(if $(findstring rng,${arch-features}),1,0) 271 272# Determine if FEAT_SB is supported 273ENABLE_FEAT_SB = $(if $(findstring sb,${arch-features}),1,0) 274 275ifneq ($(findstring clang,$(notdir $(CC))),) 276 ifneq ($(findstring armclang,$(notdir $(CC))),) 277 TF_CFLAGS_aarch32 := -target arm-arm-none-eabi $(march32-directive) 278 TF_CFLAGS_aarch64 := -target aarch64-arm-none-eabi $(march64-directive) 279 LD := $(LINKER) 280 else 281 TF_CFLAGS_aarch32 = $(target32-directive) $(march32-directive) 282 TF_CFLAGS_aarch64 := -target aarch64-elf $(march64-directive) 283 LD := $(shell $(CC) --print-prog-name ld.lld) 284 285 AR := $(shell $(CC) --print-prog-name llvm-ar) 286 OD := $(shell $(CC) --print-prog-name llvm-objdump) 287 OC := $(shell $(CC) --print-prog-name llvm-objcopy) 288 endif 289 290 CPP := $(CC) -E $(TF_CFLAGS_$(ARCH)) 291 PP := $(CC) -E $(TF_CFLAGS_$(ARCH)) 292 AS := $(CC) -c -x assembler-with-cpp $(TF_CFLAGS_$(ARCH)) 293else ifneq ($(findstring gcc,$(notdir $(CC))),) 294TF_CFLAGS_aarch32 = $(march32-directive) 295TF_CFLAGS_aarch64 = $(march64-directive) 296ifeq ($(ENABLE_LTO),1) 297 # Enable LTO only for aarch64 298 ifeq (${ARCH},aarch64) 299 LTO_CFLAGS = -flto 300 # Use gcc as a wrapper for the ld, recommended for LTO 301 LINKER := ${CROSS_COMPILE}gcc 302 endif 303endif 304LD = $(LINKER) 305else 306TF_CFLAGS_aarch32 = $(march32-directive) 307TF_CFLAGS_aarch64 = $(march64-directive) 308LD = $(LINKER) 309endif 310 311# Process Debug flag 312$(eval $(call add_define,DEBUG)) 313ifneq (${DEBUG}, 0) 314 BUILD_TYPE := debug 315 TF_CFLAGS += -g -gdwarf-4 316 ASFLAGS += -g -Wa,-gdwarf-4 317 318 # Use LOG_LEVEL_INFO by default for debug builds 319 LOG_LEVEL := 40 320else 321 BUILD_TYPE := release 322 # Use LOG_LEVEL_NOTICE by default for release builds 323 LOG_LEVEL := 20 324endif 325 326# Default build string (git branch and commit) 327ifeq (${BUILD_STRING},) 328 BUILD_STRING := $(shell git describe --always --dirty --tags 2> /dev/null) 329endif 330VERSION_STRING := v${VERSION}(${BUILD_TYPE}):${BUILD_STRING} 331 332ifeq (${AARCH32_INSTRUCTION_SET},A32) 333TF_CFLAGS_aarch32 += -marm 334else ifeq (${AARCH32_INSTRUCTION_SET},T32) 335TF_CFLAGS_aarch32 += -mthumb 336else 337$(error Error: Unknown AArch32 instruction set ${AARCH32_INSTRUCTION_SET}) 338endif 339 340TF_CFLAGS_aarch32 += -mno-unaligned-access 341TF_CFLAGS_aarch64 += -mgeneral-regs-only -mstrict-align 342 343ifneq (${BP_OPTION},none) 344TF_CFLAGS_aarch64 += -mbranch-protection=${BP_OPTION} 345endif 346 347ASFLAGS_aarch32 = $(march32-directive) 348ASFLAGS_aarch64 = $(march64-directive) 349 350# General warnings 351WARNINGS := -Wall -Wmissing-include-dirs -Wunused \ 352 -Wdisabled-optimization -Wvla -Wshadow \ 353 -Wredundant-decls 354# stricter warnings 355WARNINGS += -Wextra -Wno-trigraphs 356# too verbose for generic build 357WARNINGS += -Wno-missing-field-initializers \ 358 -Wno-type-limits -Wno-sign-compare \ 359# on clang this flag gets reset if -Wextra is set after it. No difference on gcc 360WARNINGS += -Wno-unused-parameter 361 362# Additional warnings 363# Level 1 - infrequent warnings we should have none of 364# full -Wextra 365WARNING1 += -Wsign-compare 366WARNING1 += -Wtype-limits 367WARNING1 += -Wmissing-field-initializers 368 369# Level 2 - problematic warnings that we want 370# zlib, compiler-rt, coreboot, and mbdedtls blow up with these 371# TODO: disable just for them and move into default build 372WARNING2 += -Wold-style-definition 373WARNING2 += -Wmissing-prototypes 374WARNING2 += -Wmissing-format-attribute 375# TF-A aims to comply with this eventually. Effort too large at present 376WARNING2 += -Wundef 377# currently very involved and many platforms set this off 378WARNING2 += -Wunused-const-variable=2 379 380# Level 3 - very pedantic, frequently ignored 381WARNING3 := -Wbad-function-cast 382WARNING3 += -Waggregate-return 383WARNING3 += -Wnested-externs 384WARNING3 += -Wcast-align 385WARNING3 += -Wcast-qual 386WARNING3 += -Wconversion 387WARNING3 += -Wpacked 388WARNING3 += -Wpointer-arith 389WARNING3 += -Wswitch-default 390 391# Setting W is quite verbose and most warnings will be pre-existing issues 392# outside of the contributor's control. Don't fail the build on them so warnings 393# can be seen and hopefully addressed 394ifdef W 395ifneq (${W},0) 396E ?= 0 397endif 398endif 399 400ifeq (${W},1) 401WARNINGS += $(WARNING1) 402else ifeq (${W},2) 403WARNINGS += $(WARNING1) $(WARNING2) 404else ifeq (${W},3) 405WARNINGS += $(WARNING1) $(WARNING2) $(WARNING3) 406endif 407 408# Compiler specific warnings 409ifeq ($(findstring clang,$(notdir $(CC))),) 410# not using clang 411WARNINGS += -Wunused-but-set-variable -Wmaybe-uninitialized \ 412 -Wpacked-bitfield-compat -Wshift-overflow=2 \ 413 -Wlogical-op 414else 415# using clang 416WARNINGS += -Wshift-overflow -Wshift-sign-overflow \ 417 -Wlogical-op-parentheses 418endif 419 420ifneq (${E},0) 421ERRORS := -Werror 422endif 423 424CPPFLAGS = ${DEFINES} ${INCLUDES} ${MBEDTLS_INC} -nostdinc \ 425 $(ERRORS) $(WARNINGS) 426ASFLAGS += $(CPPFLAGS) $(ASFLAGS_$(ARCH)) \ 427 -ffreestanding -Wa,--fatal-warnings 428TF_CFLAGS += $(CPPFLAGS) $(TF_CFLAGS_$(ARCH)) \ 429 -ffunction-sections -fdata-sections \ 430 -ffreestanding -fno-builtin -fno-common \ 431 -Os -std=gnu99 432 433$(eval $(call add_define,SVE_VECTOR_LEN)) 434 435ifeq (${SANITIZE_UB},on) 436TF_CFLAGS += -fsanitize=undefined -fno-sanitize-recover 437endif 438ifeq (${SANITIZE_UB},trap) 439TF_CFLAGS += -fsanitize=undefined -fno-sanitize-recover \ 440 -fsanitize-undefined-trap-on-error 441endif 442 443GCC_V_OUTPUT := $(shell $(CC) -v 2>&1) 444 445# LD = armlink 446ifneq ($(findstring armlink,$(notdir $(LD))),) 447TF_LDFLAGS += --diag_error=warning --lto_level=O1 448TF_LDFLAGS += --remove --info=unused,unusedsymbols 449TF_LDFLAGS += $(TF_LDFLAGS_$(ARCH)) 450 451# LD = gcc (used when GCC LTO is enabled) 452else ifneq ($(findstring gcc,$(notdir $(LD))),) 453# Pass ld options with Wl or Xlinker switches 454TF_LDFLAGS += -Wl,--fatal-warnings -O1 455TF_LDFLAGS += -Wl,--gc-sections 456ifeq ($(ENABLE_LTO),1) 457 ifeq (${ARCH},aarch64) 458 TF_LDFLAGS += -flto -fuse-linker-plugin 459 endif 460endif 461# GCC automatically adds fix-cortex-a53-843419 flag when used to link 462# which breaks some builds, so disable if errata fix is not explicitly enabled 463ifneq (${ERRATA_A53_843419},1) 464 TF_LDFLAGS += -mno-fix-cortex-a53-843419 465endif 466TF_LDFLAGS += -nostdlib 467TF_LDFLAGS += $(subst --,-Xlinker --,$(TF_LDFLAGS_$(ARCH))) 468 469# LD = gcc-ld (ld) or llvm-ld (ld.lld) or other 470else 471TF_LDFLAGS += --fatal-warnings -O1 472TF_LDFLAGS += --gc-sections 473# ld.lld doesn't recognize the errata flags, 474# therefore don't add those in that case 475ifeq ($(findstring ld.lld,$(notdir $(LD))),) 476TF_LDFLAGS += $(TF_LDFLAGS_$(ARCH)) 477endif 478endif 479 480DTC_FLAGS += -I dts -O dtb 481DTC_CPPFLAGS += -P -nostdinc -Iinclude -Ifdts -undef \ 482 -x assembler-with-cpp $(DEFINES) 483 484################################################################################ 485# Common sources and include directories 486################################################################################ 487include ${MAKE_HELPERS_DIRECTORY}arch_features.mk 488include lib/compiler-rt/compiler-rt.mk 489 490BL_COMMON_SOURCES += common/bl_common.c \ 491 common/tf_log.c \ 492 common/${ARCH}/debug.S \ 493 drivers/console/multi_console.c \ 494 lib/${ARCH}/cache_helpers.S \ 495 lib/${ARCH}/misc_helpers.S \ 496 plat/common/plat_bl_common.c \ 497 plat/common/plat_log_common.c \ 498 plat/common/${ARCH}/plat_common.c \ 499 plat/common/${ARCH}/platform_helpers.S \ 500 ${COMPILER_RT_SRCS} 501 502ifeq ($(notdir $(CC)),armclang) 503BL_COMMON_SOURCES += lib/${ARCH}/armclang_printf.S 504endif 505 506ifeq (${SANITIZE_UB},on) 507BL_COMMON_SOURCES += plat/common/ubsan.c 508endif 509 510INCLUDES += -Iinclude \ 511 -Iinclude/arch/${ARCH} \ 512 -Iinclude/lib/cpus/${ARCH} \ 513 -Iinclude/lib/el3_runtime/${ARCH} \ 514 ${PLAT_INCLUDES} \ 515 ${SPD_INCLUDES} 516 517include common/backtrace/backtrace.mk 518 519################################################################################ 520# Generic definitions 521################################################################################ 522 523include ${MAKE_HELPERS_DIRECTORY}plat_helpers.mk 524 525ifeq (${BUILD_BASE},) 526 BUILD_BASE := ./build 527endif 528BUILD_PLAT := $(abspath ${BUILD_BASE})/${PLAT}/${BUILD_TYPE} 529 530SPDS := $(sort $(filter-out none, $(patsubst services/spd/%,%,$(wildcard services/spd/*)))) 531 532# Platforms providing their own TBB makefile may override this value 533INCLUDE_TBBR_MK := 1 534 535 536################################################################################ 537# Include SPD Makefile if one has been specified 538################################################################################ 539 540ifneq (${SPD},none) 541 ifeq (${ARCH},aarch32) 542 $(error "Error: SPD is incompatible with AArch32.") 543 endif 544 545 ifdef EL3_PAYLOAD_BASE 546 $(warning "SPD and EL3_PAYLOAD_BASE are incompatible build options.") 547 $(warning "The SPD and its BL32 companion will be present but ignored.") 548 endif 549 550 ifeq (${SPD},spmd) 551 # SPMD is located in std_svc directory 552 SPD_DIR := std_svc 553 554 ifeq ($(SPMD_SPM_AT_SEL2),1) 555 CTX_INCLUDE_EL2_REGS := 1 556 ifeq ($(SPMC_AT_EL3),1) 557 $(error SPM cannot be enabled in both S-EL2 and EL3.) 558 endif 559 endif 560 561 ifeq ($(findstring optee_sp,$(ARM_SPMC_MANIFEST_DTS)),optee_sp) 562 DTC_CPPFLAGS += -DOPTEE_SP_FW_CONFIG 563 endif 564 565 ifeq ($(TS_SP_FW_CONFIG),1) 566 DTC_CPPFLAGS += -DTS_SP_FW_CONFIG 567 endif 568 569 ifneq ($(ARM_BL2_SP_LIST_DTS),) 570 DTC_CPPFLAGS += -DARM_BL2_SP_LIST_DTS=$(ARM_BL2_SP_LIST_DTS) 571 endif 572 573 ifneq ($(SP_LAYOUT_FILE),) 574 BL2_ENABLE_SP_LOAD := 1 575 endif 576 else 577 # All other SPDs in spd directory 578 SPD_DIR := spd 579 endif 580 581 # We expect to locate an spd.mk under the specified SPD directory 582 SPD_MAKE := $(wildcard services/${SPD_DIR}/${SPD}/${SPD}.mk) 583 584 ifeq (${SPD_MAKE},) 585 $(error Error: No services/${SPD_DIR}/${SPD}/${SPD}.mk located) 586 endif 587 $(info Including ${SPD_MAKE}) 588 include ${SPD_MAKE} 589 590 # If there's BL32 companion for the chosen SPD, we expect that the SPD's 591 # Makefile would set NEED_BL32 to "yes". In this case, the build system 592 # supports two mutually exclusive options: 593 # * BL32 is built from source: then BL32_SOURCES must contain the list 594 # of source files to build BL32 595 # * BL32 is a prebuilt binary: then BL32 must point to the image file 596 # that will be included in the FIP 597 # If both BL32_SOURCES and BL32 are defined, the binary takes precedence 598 # over the sources. 599endif 600 601ifeq (${CTX_INCLUDE_EL2_REGS}, 1) 602ifeq (${SPD},none) 603ifeq (${ENABLE_RME},0) 604 $(error CTX_INCLUDE_EL2_REGS is available only when SPD or RME is enabled) 605endif 606endif 607endif 608 609################################################################################ 610# Include rmmd Makefile if RME is enabled 611################################################################################ 612 613ifneq (${ENABLE_RME},0) 614ifneq (${ARCH},aarch64) 615 $(error ENABLE_RME requires AArch64) 616endif 617ifeq ($(SPMC_AT_EL3),1) 618 $(error SPMC_AT_EL3 and ENABLE_RME cannot both be enabled.) 619endif 620include services/std_svc/rmmd/rmmd.mk 621$(warning "RME is an experimental feature") 622endif 623 624################################################################################ 625# Include the platform specific Makefile after the SPD Makefile (the platform 626# makefile may use all previous definitions in this file) 627################################################################################ 628 629include ${PLAT_MAKEFILE_FULL} 630 631$(eval $(call MAKE_PREREQ_DIR,${BUILD_PLAT})) 632 633ifeq (${ARM_ARCH_MAJOR},7) 634include make_helpers/armv7-a-cpus.mk 635endif 636 637PIE_FOUND := $(findstring --enable-default-pie,${GCC_V_OUTPUT}) 638ifneq ($(PIE_FOUND),) 639 TF_CFLAGS += -fno-PIE 640ifneq ($(findstring gcc,$(notdir $(LD))),) 641 TF_LDFLAGS += -no-pie 642endif 643endif 644 645ifneq ($(findstring gcc,$(notdir $(LD))),) 646 PIE_LDFLAGS += -Wl,-pie -Wl,--no-dynamic-linker 647else 648 PIE_LDFLAGS += -pie --no-dynamic-linker 649endif 650 651ifeq ($(ENABLE_PIE),1) 652ifeq ($(BL2_AT_EL3),1) 653ifneq ($(BL2_IN_XIP_MEM),1) 654 BL2_CFLAGS += -fpie 655 BL2_LDFLAGS += $(PIE_LDFLAGS) 656endif 657endif 658 BL31_CFLAGS += -fpie 659 BL31_LDFLAGS += $(PIE_LDFLAGS) 660 BL32_CFLAGS += -fpie 661 BL32_LDFLAGS += $(PIE_LDFLAGS) 662endif 663 664ifeq (${ARCH},aarch64) 665BL1_CPPFLAGS += -DIMAGE_AT_EL3 666ifeq ($(BL2_AT_EL3),1) 667BL2_CPPFLAGS += -DIMAGE_AT_EL3 668else 669BL2_CPPFLAGS += -DIMAGE_AT_EL1 670endif 671BL2U_CPPFLAGS += -DIMAGE_AT_EL1 672BL31_CPPFLAGS += -DIMAGE_AT_EL3 673BL32_CPPFLAGS += -DIMAGE_AT_EL1 674endif 675 676# Include the CPU specific operations makefile, which provides default 677# values for all CPU errata workarounds and CPU specific optimisations. 678# This can be overridden by the platform. 679include lib/cpus/cpu-ops.mk 680 681ifeq (${ARCH},aarch32) 682NEED_BL32 := yes 683 684################################################################################ 685# Build `AARCH32_SP` as BL32 image for AArch32 686################################################################################ 687ifneq (${AARCH32_SP},none) 688# We expect to locate an sp.mk under the specified AARCH32_SP directory 689AARCH32_SP_MAKE := $(wildcard bl32/${AARCH32_SP}/${AARCH32_SP}.mk) 690 691ifeq (${AARCH32_SP_MAKE},) 692 $(error Error: No bl32/${AARCH32_SP}/${AARCH32_SP}.mk located) 693endif 694 695$(info Including ${AARCH32_SP_MAKE}) 696include ${AARCH32_SP_MAKE} 697endif 698 699endif 700 701################################################################################ 702# Include libc if not overridden 703################################################################################ 704ifeq (${OVERRIDE_LIBC},0) 705include lib/libc/libc.mk 706endif 707 708################################################################################ 709# Check incompatible options 710################################################################################ 711 712ifdef EL3_PAYLOAD_BASE 713 ifdef PRELOADED_BL33_BASE 714 $(warning "PRELOADED_BL33_BASE and EL3_PAYLOAD_BASE are \ 715 incompatible build options. EL3_PAYLOAD_BASE has priority.") 716 endif 717 ifneq (${GENERATE_COT},0) 718 $(error "GENERATE_COT and EL3_PAYLOAD_BASE are incompatible build options.") 719 endif 720 ifneq (${TRUSTED_BOARD_BOOT},0) 721 $(error "TRUSTED_BOARD_BOOT and EL3_PAYLOAD_BASE are incompatible build options.") 722 endif 723endif 724 725ifeq (${NEED_BL33},yes) 726 ifdef EL3_PAYLOAD_BASE 727 $(warning "BL33 image is not needed when option \ 728 BL33_PAYLOAD_BASE is used and won't be added to the FIP file.") 729 endif 730 ifdef PRELOADED_BL33_BASE 731 $(warning "BL33 image is not needed when option \ 732 PRELOADED_BL33_BASE is used and won't be added to the FIP \ 733 file.") 734 endif 735endif 736 737# When building for systems with hardware-assisted coherency, there's no need to 738# use USE_COHERENT_MEM. Require that USE_COHERENT_MEM must be set to 0 too. 739ifeq ($(HW_ASSISTED_COHERENCY)-$(USE_COHERENT_MEM),1-1) 740$(error USE_COHERENT_MEM cannot be enabled with HW_ASSISTED_COHERENCY) 741endif 742 743#For now, BL2_IN_XIP_MEM is only supported when BL2_AT_EL3 is 1. 744ifeq ($(BL2_AT_EL3)-$(BL2_IN_XIP_MEM),0-1) 745$(error "BL2_IN_XIP_MEM is only supported when BL2_AT_EL3 is enabled") 746endif 747 748# For RAS_EXTENSION, require that EAs are handled in EL3 first 749ifeq ($(RAS_EXTENSION),1) 750 ifneq ($(HANDLE_EA_EL3_FIRST_NS),1) 751 $(error For RAS_EXTENSION, HANDLE_EA_EL3_FIRST_NS must also be 1) 752 endif 753endif 754 755# When FAULT_INJECTION_SUPPORT is used, require that RAS_EXTENSION is enabled 756ifeq ($(FAULT_INJECTION_SUPPORT),1) 757 ifneq ($(RAS_EXTENSION),1) 758 $(error For FAULT_INJECTION_SUPPORT, RAS_EXTENSION must also be 1) 759 endif 760endif 761 762# DYN_DISABLE_AUTH can be set only when TRUSTED_BOARD_BOOT=1 763ifeq ($(DYN_DISABLE_AUTH), 1) 764 ifeq (${TRUSTED_BOARD_BOOT}, 0) 765 $(error "TRUSTED_BOARD_BOOT must be enabled for DYN_DISABLE_AUTH to be set.") 766 endif 767endif 768 769ifeq ($(MEASURED_BOOT)-$(TRUSTED_BOARD_BOOT),1-1) 770# Support authentication verification and hash calculation 771 CRYPTO_SUPPORT := 3 772else ifeq ($(DRTM_SUPPORT)-$(TRUSTED_BOARD_BOOT),1-1) 773# Support authentication verification and hash calculation 774 CRYPTO_SUPPORT := 3 775else ifneq ($(filter 1,${MEASURED_BOOT} ${DRTM_SUPPORT}),) 776# Support hash calculation only 777 CRYPTO_SUPPORT := 2 778else ifeq (${TRUSTED_BOARD_BOOT},1) 779# Support authentication verification only 780 CRYPTO_SUPPORT := 1 781else 782 CRYPTO_SUPPORT := 0 783endif 784 785# SDEI_IN_FCONF is only supported when SDEI_SUPPORT is enabled. 786ifeq ($(SDEI_SUPPORT)-$(SDEI_IN_FCONF),0-1) 787$(error "SDEI_IN_FCONF is only supported when SDEI_SUPPORT is enabled") 788endif 789 790# If pointer authentication is used in the firmware, make sure that all the 791# registers associated to it are also saved and restored. 792# Not doing it would leak the value of the keys used by EL3 to EL1 and S-EL1. 793ifeq ($(ENABLE_PAUTH),1) 794 ifeq ($(CTX_INCLUDE_PAUTH_REGS),0) 795 $(error Pointer Authentication requires CTX_INCLUDE_PAUTH_REGS=1) 796 endif 797endif 798 799ifeq ($(CTX_INCLUDE_PAUTH_REGS),1) 800 ifneq (${ARCH},aarch64) 801 $(error CTX_INCLUDE_PAUTH_REGS requires AArch64) 802 endif 803endif 804 805ifeq ($(CTX_INCLUDE_MTE_REGS),1) 806 ifneq (${ARCH},aarch64) 807 $(error CTX_INCLUDE_MTE_REGS requires AArch64) 808 endif 809endif 810 811ifeq ($(PSA_FWU_SUPPORT),1) 812 $(info PSA_FWU_SUPPORT is an experimental feature) 813endif 814 815ifeq ($(FEATURE_DETECTION),1) 816 $(info FEATURE_DETECTION is an experimental feature) 817endif 818 819ifeq (${ARM_XLAT_TABLES_LIB_V1}, 1) 820 ifeq (${ALLOW_RO_XLAT_TABLES}, 1) 821 $(error "ALLOW_RO_XLAT_TABLES requires translation tables library v2") 822 endif 823endif 824 825ifneq (${DECRYPTION_SUPPORT},none) 826 ifeq (${TRUSTED_BOARD_BOOT}, 0) 827 $(error TRUSTED_BOARD_BOOT must be enabled for DECRYPTION_SUPPORT to be set) 828 endif 829endif 830 831# Ensure that no Aarch64-only features are enabled in Aarch32 build 832ifeq (${ARCH},aarch32) 833 834 # SME/SVE only supported on AArch64 835 ifeq (${ENABLE_SME_FOR_NS},1) 836 $(error "ENABLE_SME_FOR_NS cannot be used with ARCH=aarch32") 837 endif 838 ifeq (${ENABLE_SVE_FOR_NS},1) 839 # Warning instead of error due to CI dependency on this 840 $(error "ENABLE_SVE_FOR_NS cannot be used with ARCH=aarch32") 841 endif 842 843 # BRBE is not supported in AArch32 844 ifeq (${ENABLE_BRBE_FOR_NS},1) 845 $(error "ENABLE_BRBE_FOR_NS cannot be used with ARCH=aarch32") 846 endif 847 848 # FEAT_RNG_TRAP is not supported in AArch32 849 ifeq (${ENABLE_FEAT_RNG_TRAP},1) 850 $(error "ENABLE_FEAT_RNG_TRAP cannot be used with ARCH=aarch32") 851 endif 852endif 853 854# Ensure ENABLE_RME is not used with SME 855ifeq (${ENABLE_RME},1) 856 ifeq (${ENABLE_SME_FOR_NS},1) 857 $(error "ENABLE_SME_FOR_NS cannot be used with ENABLE_RME") 858 endif 859endif 860 861# Secure SME/SVE requires the non-secure component as well 862ifeq (${ENABLE_SME_FOR_SWD},1) 863 ifeq (${ENABLE_SME_FOR_NS},0) 864 $(error "ENABLE_SME_FOR_SWD requires ENABLE_SME_FOR_NS") 865 endif 866endif 867ifeq (${ENABLE_SVE_FOR_SWD},1) 868 ifeq (${ENABLE_SVE_FOR_NS},0) 869 $(error "ENABLE_SVE_FOR_SWD requires ENABLE_SVE_FOR_NS") 870 endif 871endif 872 873# SVE and SME cannot be used with CTX_INCLUDE_FPREGS since secure manager does 874# its own context management including FPU registers. 875ifeq (${CTX_INCLUDE_FPREGS},1) 876 ifeq (${ENABLE_SME_FOR_NS},1) 877 $(error "ENABLE_SME_FOR_NS cannot be used with CTX_INCLUDE_FPREGS") 878 endif 879 ifeq (${ENABLE_SVE_FOR_NS},1) 880 # Warning instead of error due to CI dependency on this 881 $(warning "ENABLE_SVE_FOR_NS cannot be used with CTX_INCLUDE_FPREGS") 882 $(warning "Forced ENABLE_SVE_FOR_NS=0") 883 override ENABLE_SVE_FOR_NS := 0 884 endif 885endif 886 887ifeq ($(DRTM_SUPPORT),1) 888 $(info DRTM_SUPPORT is an experimental feature) 889endif 890 891ifeq (${ENABLE_RME},1) 892 ifneq (${SEPARATE_CODE_AND_RODATA},1) 893 $(error `ENABLE_RME=1` requires `SEPARATE_CODE_AND_RODATA=1`) 894 endif 895endif 896 897################################################################################ 898# Process platform overrideable behaviour 899################################################################################ 900 901ifdef BL1_SOURCES 902NEED_BL1 := yes 903endif 904 905ifdef BL2_SOURCES 906 NEED_BL2 := yes 907 908 # Using BL2 implies that a BL33 image also needs to be supplied for the FIP and 909 # Certificate generation tools. This flag can be overridden by the platform. 910 ifdef EL3_PAYLOAD_BASE 911 # If booting an EL3 payload there is no need for a BL33 image 912 # in the FIP file. 913 NEED_BL33 := no 914 else 915 ifdef PRELOADED_BL33_BASE 916 # If booting a BL33 preloaded image there is no need of 917 # another one in the FIP file. 918 NEED_BL33 := no 919 else 920 NEED_BL33 ?= yes 921 endif 922 endif 923endif 924 925ifdef BL2U_SOURCES 926NEED_BL2U := yes 927endif 928 929# If SCP_BL2 is given, we always want FIP to include it. 930ifdef SCP_BL2 931 NEED_SCP_BL2 := yes 932endif 933 934# For AArch32, BL31 is not currently supported. 935ifneq (${ARCH},aarch32) 936 ifdef BL31_SOURCES 937 # When booting an EL3 payload, there is no need to compile the BL31 image nor 938 # put it in the FIP. 939 ifndef EL3_PAYLOAD_BASE 940 NEED_BL31 := yes 941 endif 942 endif 943endif 944 945# Process TBB related flags 946ifneq (${GENERATE_COT},0) 947 # Common cert_create options 948 ifneq (${CREATE_KEYS},0) 949 $(eval CRT_ARGS += -n) 950 $(eval FWU_CRT_ARGS += -n) 951 ifneq (${SAVE_KEYS},0) 952 $(eval CRT_ARGS += -k) 953 $(eval FWU_CRT_ARGS += -k) 954 endif 955 endif 956 # Include TBBR makefile (unless the platform indicates otherwise) 957 ifeq (${INCLUDE_TBBR_MK},1) 958 include make_helpers/tbbr/tbbr_tools.mk 959 endif 960endif 961 962ifneq (${FIP_ALIGN},0) 963FIP_ARGS += --align ${FIP_ALIGN} 964endif 965 966ifdef FDT_SOURCES 967NEED_FDT := yes 968endif 969 970################################################################################ 971# Include libraries' Makefile that are used in all BL 972################################################################################ 973 974include lib/stack_protector/stack_protector.mk 975 976################################################################################ 977# Auxiliary tools (fiptool, cert_create, etc) 978################################################################################ 979 980# Variables for use with Certificate Generation Tool 981CRTTOOLPATH ?= tools/cert_create 982CRTTOOL ?= ${CRTTOOLPATH}/cert_create${BIN_EXT} 983 984# Variables for use with Firmware Encryption Tool 985ENCTOOLPATH ?= tools/encrypt_fw 986ENCTOOL ?= ${ENCTOOLPATH}/encrypt_fw${BIN_EXT} 987 988# Variables for use with Firmware Image Package 989FIPTOOLPATH ?= tools/fiptool 990FIPTOOL ?= ${FIPTOOLPATH}/fiptool${BIN_EXT} 991 992# Variables for use with sptool 993SPTOOLPATH ?= tools/sptool 994SPTOOL ?= ${SPTOOLPATH}/sptool.py 995SP_MK_GEN ?= ${SPTOOLPATH}/sp_mk_generator.py 996 997# Variables for use with ROMLIB 998ROMLIBPATH ?= lib/romlib 999 1000# Variable for use with Python 1001PYTHON ?= python3 1002 1003# Variables for use with PRINT_MEMORY_MAP 1004PRINT_MEMORY_MAP_PATH ?= tools/memory 1005PRINT_MEMORY_MAP ?= ${PRINT_MEMORY_MAP_PATH}/print_memory_map.py 1006 1007# Variables for use with documentation build using Sphinx tool 1008DOCS_PATH ?= docs 1009 1010# Defination of SIMICS flag 1011SIMICS_BUILD ?= 0 1012 1013################################################################################ 1014# Include BL specific makefiles 1015################################################################################ 1016 1017ifeq (${NEED_BL1},yes) 1018include bl1/bl1.mk 1019endif 1020 1021ifeq (${NEED_BL2},yes) 1022include bl2/bl2.mk 1023endif 1024 1025ifeq (${NEED_BL2U},yes) 1026include bl2u/bl2u.mk 1027endif 1028 1029ifeq (${NEED_BL31},yes) 1030include bl31/bl31.mk 1031endif 1032 1033################################################################################ 1034# Build options checks 1035################################################################################ 1036 1037$(eval $(call assert_booleans,\ 1038 $(sort \ 1039 ALLOW_RO_XLAT_TABLES \ 1040 BL2_ENABLE_SP_LOAD \ 1041 COLD_BOOT_SINGLE_CPU \ 1042 CREATE_KEYS \ 1043 CTX_INCLUDE_AARCH32_REGS \ 1044 CTX_INCLUDE_FPREGS \ 1045 CTX_INCLUDE_EL2_REGS \ 1046 DEBUG \ 1047 DISABLE_MTPMU \ 1048 DYN_DISABLE_AUTH \ 1049 EL3_EXCEPTION_HANDLING \ 1050 ENABLE_AMU \ 1051 ENABLE_AMU_AUXILIARY_COUNTERS \ 1052 ENABLE_AMU_FCONF \ 1053 AMU_RESTRICT_COUNTERS \ 1054 ENABLE_ASSERTIONS \ 1055 ENABLE_PIE \ 1056 ENABLE_PMF \ 1057 ENABLE_PSCI_STAT \ 1058 ENABLE_RUNTIME_INSTRUMENTATION \ 1059 ENABLE_SME_FOR_NS \ 1060 ENABLE_SME_FOR_SWD \ 1061 ENABLE_SPE_FOR_LOWER_ELS \ 1062 ENABLE_SVE_FOR_NS \ 1063 ENABLE_SVE_FOR_SWD \ 1064 ERROR_DEPRECATED \ 1065 FAULT_INJECTION_SUPPORT \ 1066 GENERATE_COT \ 1067 GICV2_G0_FOR_EL3 \ 1068 HANDLE_EA_EL3_FIRST_NS \ 1069 HW_ASSISTED_COHERENCY \ 1070 INVERTED_MEMMAP \ 1071 MEASURED_BOOT \ 1072 DRTM_SUPPORT \ 1073 NS_TIMER_SWITCH \ 1074 OVERRIDE_LIBC \ 1075 PL011_GENERIC_UART \ 1076 PLAT_RSS_NOT_SUPPORTED \ 1077 PROGRAMMABLE_RESET_ADDRESS \ 1078 PSCI_EXTENDED_STATE_ID \ 1079 RESET_TO_BL31 \ 1080 RESET_TO_BL31_WITH_PARAMS \ 1081 SAVE_KEYS \ 1082 SEPARATE_CODE_AND_RODATA \ 1083 SEPARATE_BL2_NOLOAD_REGION \ 1084 SEPARATE_NOBITS_REGION \ 1085 SPIN_ON_BL1_EXIT \ 1086 SPM_MM \ 1087 SPMC_AT_EL3 \ 1088 SPMD_SPM_AT_SEL2 \ 1089 TRUSTED_BOARD_BOOT \ 1090 USE_COHERENT_MEM \ 1091 USE_DEBUGFS \ 1092 ARM_IO_IN_DTB \ 1093 SDEI_IN_FCONF \ 1094 SEC_INT_DESC_IN_FCONF \ 1095 USE_ROMLIB \ 1096 USE_TBBR_DEFS \ 1097 WARMBOOT_ENABLE_DCACHE_EARLY \ 1098 BL2_AT_EL3 \ 1099 BL2_IN_XIP_MEM \ 1100 BL2_INV_DCACHE \ 1101 USE_SPINLOCK_CAS \ 1102 ENCRYPT_BL31 \ 1103 ENCRYPT_BL32 \ 1104 ERRATA_SPECULATIVE_AT \ 1105 RAS_TRAP_NS_ERR_REC_ACCESS \ 1106 COT_DESC_IN_DTB \ 1107 USE_SP804_TIMER \ 1108 PSA_FWU_SUPPORT \ 1109 ENABLE_SYS_REG_TRACE_FOR_NS \ 1110 ENABLE_MPMM \ 1111 ENABLE_MPMM_FCONF \ 1112 SIMICS_BUILD \ 1113 FEATURE_DETECTION \ 1114 TRNG_SUPPORT \ 1115 CONDITIONAL_CMO \ 1116))) 1117 1118$(eval $(call assert_numerics,\ 1119 $(sort \ 1120 ARM_ARCH_MAJOR \ 1121 ARM_ARCH_MINOR \ 1122 BRANCH_PROTECTION \ 1123 CTX_INCLUDE_PAUTH_REGS \ 1124 CTX_INCLUDE_MTE_REGS \ 1125 CTX_INCLUDE_NEVE_REGS \ 1126 CRYPTO_SUPPORT \ 1127 ENABLE_BRBE_FOR_NS \ 1128 ENABLE_TRBE_FOR_NS \ 1129 ENABLE_BTI \ 1130 ENABLE_PAUTH \ 1131 ENABLE_FEAT_AMUv1 \ 1132 ENABLE_FEAT_AMUv1p1 \ 1133 ENABLE_FEAT_CSV2_2 \ 1134 ENABLE_FEAT_DIT \ 1135 ENABLE_FEAT_ECV \ 1136 ENABLE_FEAT_FGT \ 1137 ENABLE_FEAT_HCX \ 1138 ENABLE_FEAT_PAN \ 1139 ENABLE_FEAT_RNG \ 1140 ENABLE_FEAT_RNG_TRAP \ 1141 ENABLE_FEAT_SB \ 1142 ENABLE_FEAT_SEL2 \ 1143 ENABLE_FEAT_VHE \ 1144 ENABLE_MPAM_FOR_LOWER_ELS \ 1145 ENABLE_RME \ 1146 ENABLE_TRF_FOR_NS \ 1147 FW_ENC_STATUS \ 1148 NR_OF_FW_BANKS \ 1149 NR_OF_IMAGES_IN_FW_BANK \ 1150 RAS_EXTENSION \ 1151 TWED_DELAY \ 1152 ENABLE_FEAT_TWED \ 1153 SVE_VECTOR_LEN \ 1154))) 1155 1156ifdef KEY_SIZE 1157 $(eval $(call assert_numeric,KEY_SIZE)) 1158endif 1159 1160ifeq ($(filter $(SANITIZE_UB), on off trap),) 1161 $(error "Invalid value for SANITIZE_UB: can be one of on, off, trap") 1162endif 1163 1164################################################################################ 1165# Add definitions to the cpp preprocessor based on the current build options. 1166# This is done after including the platform specific makefile to allow the 1167# platform to overwrite the default options 1168################################################################################ 1169 1170$(eval $(call add_defines,\ 1171 $(sort \ 1172 ALLOW_RO_XLAT_TABLES \ 1173 ARM_ARCH_MAJOR \ 1174 ARM_ARCH_MINOR \ 1175 BL2_ENABLE_SP_LOAD \ 1176 COLD_BOOT_SINGLE_CPU \ 1177 CTX_INCLUDE_AARCH32_REGS \ 1178 CTX_INCLUDE_FPREGS \ 1179 CTX_INCLUDE_PAUTH_REGS \ 1180 EL3_EXCEPTION_HANDLING \ 1181 CTX_INCLUDE_MTE_REGS \ 1182 CTX_INCLUDE_EL2_REGS \ 1183 CTX_INCLUDE_NEVE_REGS \ 1184 DECRYPTION_SUPPORT_${DECRYPTION_SUPPORT} \ 1185 DISABLE_MTPMU \ 1186 ENABLE_AMU \ 1187 ENABLE_AMU_AUXILIARY_COUNTERS \ 1188 ENABLE_AMU_FCONF \ 1189 AMU_RESTRICT_COUNTERS \ 1190 ENABLE_ASSERTIONS \ 1191 ENABLE_BTI \ 1192 ENABLE_MPAM_FOR_LOWER_ELS \ 1193 ENABLE_PAUTH \ 1194 ENABLE_PIE \ 1195 ENABLE_PMF \ 1196 ENABLE_PSCI_STAT \ 1197 ENABLE_RME \ 1198 ENABLE_RUNTIME_INSTRUMENTATION \ 1199 ENABLE_SME_FOR_NS \ 1200 ENABLE_SME_FOR_SWD \ 1201 ENABLE_SPE_FOR_LOWER_ELS \ 1202 ENABLE_SVE_FOR_NS \ 1203 ENABLE_SVE_FOR_SWD \ 1204 ENCRYPT_BL31 \ 1205 ENCRYPT_BL32 \ 1206 ERROR_DEPRECATED \ 1207 FAULT_INJECTION_SUPPORT \ 1208 GICV2_G0_FOR_EL3 \ 1209 HANDLE_EA_EL3_FIRST_NS \ 1210 HW_ASSISTED_COHERENCY \ 1211 LOG_LEVEL \ 1212 MEASURED_BOOT \ 1213 DRTM_SUPPORT \ 1214 NS_TIMER_SWITCH \ 1215 PL011_GENERIC_UART \ 1216 PLAT_${PLAT} \ 1217 PLAT_RSS_NOT_SUPPORTED \ 1218 PROGRAMMABLE_RESET_ADDRESS \ 1219 PSCI_EXTENDED_STATE_ID \ 1220 RAS_EXTENSION \ 1221 RESET_TO_BL31 \ 1222 RESET_TO_BL31_WITH_PARAMS \ 1223 SEPARATE_CODE_AND_RODATA \ 1224 SEPARATE_BL2_NOLOAD_REGION \ 1225 SEPARATE_NOBITS_REGION \ 1226 RECLAIM_INIT_CODE \ 1227 SPD_${SPD} \ 1228 SPIN_ON_BL1_EXIT \ 1229 SPM_MM \ 1230 SPMC_AT_EL3 \ 1231 SPMD_SPM_AT_SEL2 \ 1232 TRUSTED_BOARD_BOOT \ 1233 CRYPTO_SUPPORT \ 1234 TRNG_SUPPORT \ 1235 USE_COHERENT_MEM \ 1236 USE_DEBUGFS \ 1237 ARM_IO_IN_DTB \ 1238 SDEI_IN_FCONF \ 1239 SEC_INT_DESC_IN_FCONF \ 1240 USE_ROMLIB \ 1241 USE_TBBR_DEFS \ 1242 WARMBOOT_ENABLE_DCACHE_EARLY \ 1243 BL2_AT_EL3 \ 1244 BL2_IN_XIP_MEM \ 1245 BL2_INV_DCACHE \ 1246 USE_SPINLOCK_CAS \ 1247 ERRATA_SPECULATIVE_AT \ 1248 RAS_TRAP_NS_ERR_REC_ACCESS \ 1249 COT_DESC_IN_DTB \ 1250 USE_SP804_TIMER \ 1251 ENABLE_FEAT_RNG \ 1252 ENABLE_FEAT_RNG_TRAP \ 1253 ENABLE_FEAT_SB \ 1254 ENABLE_FEAT_DIT \ 1255 NR_OF_FW_BANKS \ 1256 NR_OF_IMAGES_IN_FW_BANK \ 1257 PSA_FWU_SUPPORT \ 1258 ENABLE_BRBE_FOR_NS \ 1259 ENABLE_TRBE_FOR_NS \ 1260 ENABLE_SYS_REG_TRACE_FOR_NS \ 1261 ENABLE_TRF_FOR_NS \ 1262 ENABLE_FEAT_HCX \ 1263 ENABLE_MPMM \ 1264 ENABLE_MPMM_FCONF \ 1265 ENABLE_FEAT_FGT \ 1266 ENABLE_FEAT_AMUv1 \ 1267 ENABLE_FEAT_ECV \ 1268 SIMICS_BUILD \ 1269 ENABLE_FEAT_AMUv1p1 \ 1270 ENABLE_FEAT_SEL2 \ 1271 ENABLE_FEAT_VHE \ 1272 ENABLE_FEAT_CSV2_2 \ 1273 ENABLE_FEAT_PAN \ 1274 FEATURE_DETECTION \ 1275 TWED_DELAY \ 1276 ENABLE_FEAT_TWED \ 1277 CONDITIONAL_CMO \ 1278))) 1279 1280ifeq (${SANITIZE_UB},trap) 1281 $(eval $(call add_define,MONITOR_TRAPS)) 1282endif 1283 1284# Define the EL3_PAYLOAD_BASE flag only if it is provided. 1285ifdef EL3_PAYLOAD_BASE 1286 $(eval $(call add_define,EL3_PAYLOAD_BASE)) 1287else 1288 # Define the PRELOADED_BL33_BASE flag only if it is provided and 1289 # EL3_PAYLOAD_BASE is not defined, as it has priority. 1290 ifdef PRELOADED_BL33_BASE 1291 $(eval $(call add_define,PRELOADED_BL33_BASE)) 1292 endif 1293endif 1294 1295# Define the DYN_DISABLE_AUTH flag only if set. 1296ifeq (${DYN_DISABLE_AUTH},1) 1297$(eval $(call add_define,DYN_DISABLE_AUTH)) 1298endif 1299 1300ifneq ($(findstring armlink,$(notdir $(LD))),) 1301$(eval $(call add_define,USE_ARM_LINK)) 1302endif 1303 1304# Generate and include sp_gen.mk if SPD is spmd and SP_LAYOUT_FILE is defined 1305ifeq (${SPD},spmd) 1306ifdef SP_LAYOUT_FILE 1307 -include $(BUILD_PLAT)/sp_gen.mk 1308 FIP_DEPS += sp 1309 CRT_DEPS += sp 1310 NEED_SP_PKG := yes 1311else 1312 ifeq (${SPMD_SPM_AT_SEL2},1) 1313 $(error "SPMD with SPM at S-EL2 require SP_LAYOUT_FILE") 1314 endif 1315endif 1316endif 1317 1318################################################################################ 1319# Build targets 1320################################################################################ 1321 1322.PHONY: all msg_start clean realclean distclean cscope locate-checkpatch checkcodebase checkpatch fiptool sptool fip sp fwu_fip certtool dtbs memmap doc enctool 1323.SUFFIXES: 1324 1325all: msg_start 1326 1327msg_start: 1328 @echo "Building ${PLAT}" 1329 1330ifeq (${ERROR_DEPRECATED},0) 1331# Check if deprecated declarations and cpp warnings should be treated as error or not. 1332ifneq ($(findstring clang,$(notdir $(CC))),) 1333 CPPFLAGS += -Wno-error=deprecated-declarations 1334else 1335 CPPFLAGS += -Wno-error=deprecated-declarations -Wno-error=cpp 1336endif 1337endif # !ERROR_DEPRECATED 1338 1339$(eval $(call MAKE_LIB_DIRS)) 1340$(eval $(call MAKE_LIB,c)) 1341 1342# Expand build macros for the different images 1343ifeq (${NEED_BL1},yes) 1344BL1_SOURCES := $(sort ${BL1_SOURCES}) 1345 1346$(eval $(call MAKE_BL,bl1)) 1347endif 1348 1349ifeq (${NEED_BL2},yes) 1350ifeq (${BL2_AT_EL3}, 0) 1351FIP_BL2_ARGS := tb-fw 1352endif 1353 1354BL2_SOURCES := $(sort ${BL2_SOURCES}) 1355 1356$(if ${BL2}, $(eval $(call TOOL_ADD_IMG,bl2,--${FIP_BL2_ARGS})),\ 1357 $(eval $(call MAKE_BL,bl2,${FIP_BL2_ARGS}))) 1358endif 1359 1360ifeq (${NEED_SCP_BL2},yes) 1361$(eval $(call TOOL_ADD_IMG,scp_bl2,--scp-fw)) 1362endif 1363 1364ifeq (${NEED_BL31},yes) 1365BL31_SOURCES += ${SPD_SOURCES} 1366# Sort BL31 source files to remove duplicates 1367BL31_SOURCES := $(sort ${BL31_SOURCES}) 1368ifneq (${DECRYPTION_SUPPORT},none) 1369$(if ${BL31}, $(eval $(call TOOL_ADD_IMG,bl31,--soc-fw,,$(ENCRYPT_BL31))),\ 1370 $(eval $(call MAKE_BL,bl31,soc-fw,,$(ENCRYPT_BL31)))) 1371else 1372$(if ${BL31}, $(eval $(call TOOL_ADD_IMG,bl31,--soc-fw)),\ 1373 $(eval $(call MAKE_BL,bl31,soc-fw))) 1374endif 1375endif 1376 1377# If a BL32 image is needed but neither BL32 nor BL32_SOURCES is defined, the 1378# build system will call TOOL_ADD_IMG to print a warning message and abort the 1379# process. Note that the dependency on BL32 applies to the FIP only. 1380ifeq (${NEED_BL32},yes) 1381# Sort BL32 source files to remove duplicates 1382BL32_SOURCES := $(sort ${BL32_SOURCES}) 1383BUILD_BL32 := $(if $(BL32),,$(if $(BL32_SOURCES),1)) 1384 1385ifneq (${DECRYPTION_SUPPORT},none) 1386$(if ${BUILD_BL32}, $(eval $(call MAKE_BL,bl32,tos-fw,,$(ENCRYPT_BL32))),\ 1387 $(eval $(call TOOL_ADD_IMG,bl32,--tos-fw,,$(ENCRYPT_BL32)))) 1388else 1389$(if ${BUILD_BL32}, $(eval $(call MAKE_BL,bl32,tos-fw)),\ 1390 $(eval $(call TOOL_ADD_IMG,bl32,--tos-fw))) 1391endif 1392endif 1393 1394# If RMM image is needed but RMM is not defined, Test Realm Payload (TRP) 1395# needs to be built from RMM_SOURCES. 1396ifeq (${NEED_RMM},yes) 1397# Sort RMM source files to remove duplicates 1398RMM_SOURCES := $(sort ${RMM_SOURCES}) 1399BUILD_RMM := $(if $(RMM),,$(if $(RMM_SOURCES),1)) 1400 1401$(if ${BUILD_RMM}, $(eval $(call MAKE_BL,rmm,rmm-fw)),\ 1402 $(eval $(call TOOL_ADD_IMG,rmm,--rmm-fw))) 1403endif 1404 1405# Add the BL33 image if required by the platform 1406ifeq (${NEED_BL33},yes) 1407$(eval $(call TOOL_ADD_IMG,bl33,--nt-fw)) 1408endif 1409 1410ifeq (${NEED_BL2U},yes) 1411$(if ${BL2U}, $(eval $(call TOOL_ADD_IMG,bl2u,--ap-fwu-cfg,FWU_)),\ 1412 $(eval $(call MAKE_BL,bl2u,ap-fwu-cfg,FWU_))) 1413endif 1414 1415# Expand build macros for the different images 1416ifeq (${NEED_FDT},yes) 1417 $(eval $(call MAKE_DTBS,$(BUILD_PLAT)/fdts,$(FDT_SOURCES))) 1418endif 1419 1420# Add Secure Partition packages 1421ifeq (${NEED_SP_PKG},yes) 1422$(BUILD_PLAT)/sp_gen.mk: ${SP_MK_GEN} ${SP_LAYOUT_FILE} | ${BUILD_PLAT} 1423 ${Q}${PYTHON} "$<" "$@" $(filter-out $<,$^) $(BUILD_PLAT) ${COT} 1424sp: $(DTBS) $(BUILD_PLAT)/sp_gen.mk $(SP_PKGS) 1425 @${ECHO_BLANK_LINE} 1426 @echo "Built SP Images successfully" 1427 @${ECHO_BLANK_LINE} 1428endif 1429 1430locate-checkpatch: 1431ifndef CHECKPATCH 1432 $(error "Please set CHECKPATCH to point to the Linux checkpatch.pl file, eg: CHECKPATCH=../linux/scripts/checkpatch.pl") 1433else 1434ifeq (,$(wildcard ${CHECKPATCH})) 1435 $(error "The file CHECKPATCH points to cannot be found, use eg: CHECKPATCH=../linux/scripts/checkpatch.pl") 1436endif 1437endif 1438 1439clean: 1440 @echo " CLEAN" 1441 $(call SHELL_REMOVE_DIR,${BUILD_PLAT}) 1442ifdef UNIX_MK 1443 ${Q}${MAKE} --no-print-directory -C ${FIPTOOLPATH} clean 1444else 1445# Clear the MAKEFLAGS as we do not want 1446# to pass the gnumake flags to nmake. 1447 ${Q}set MAKEFLAGS= && ${MSVC_NMAKE} /nologo /f ${FIPTOOLPATH}/Makefile.msvc FIPTOOLPATH=$(subst /,\,$(FIPTOOLPATH)) FIPTOOL=$(subst /,\,$(FIPTOOL)) clean 1448endif 1449 ${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${CRTTOOLPATH} clean 1450 ${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${ENCTOOLPATH} clean 1451 ${Q}${MAKE} --no-print-directory -C ${ROMLIBPATH} clean 1452 1453realclean distclean: 1454 @echo " REALCLEAN" 1455 $(call SHELL_REMOVE_DIR,${BUILD_BASE}) 1456 $(call SHELL_DELETE_ALL, ${CURDIR}/cscope.*) 1457ifdef UNIX_MK 1458 ${Q}${MAKE} --no-print-directory -C ${FIPTOOLPATH} clean 1459else 1460# Clear the MAKEFLAGS as we do not want 1461# to pass the gnumake flags to nmake. 1462 ${Q}set MAKEFLAGS= && ${MSVC_NMAKE} /nologo /f ${FIPTOOLPATH}/Makefile.msvc FIPTOOLPATH=$(subst /,\,$(FIPTOOLPATH)) FIPTOOL=$(subst /,\,$(FIPTOOL)) realclean 1463endif 1464 ${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${CRTTOOLPATH} realclean 1465 ${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${ENCTOOLPATH} realclean 1466 ${Q}${MAKE} --no-print-directory -C ${ROMLIBPATH} clean 1467 1468checkcodebase: locate-checkpatch 1469 @echo " CHECKING STYLE" 1470 @if test -d .git ; then \ 1471 git ls-files | grep -E -v 'libfdt|libc|docs|\.rst' | \ 1472 while read GIT_FILE ; \ 1473 do ${CHECKPATCH} ${CHECKCODE_ARGS} -f $$GIT_FILE ; \ 1474 done ; \ 1475 else \ 1476 find . -type f -not -iwholename "*.git*" \ 1477 -not -iwholename "*build*" \ 1478 -not -iwholename "*libfdt*" \ 1479 -not -iwholename "*libc*" \ 1480 -not -iwholename "*docs*" \ 1481 -not -iwholename "*.rst" \ 1482 -exec ${CHECKPATCH} ${CHECKCODE_ARGS} -f {} \; ; \ 1483 fi 1484 1485checkpatch: locate-checkpatch 1486 @echo " CHECKING STYLE" 1487 @if test -n "${CHECKPATCH_OPTS}"; then \ 1488 echo " with ${CHECKPATCH_OPTS} option(s)"; \ 1489 fi 1490 ${Q}COMMON_COMMIT=$$(git merge-base HEAD ${BASE_COMMIT}); \ 1491 for commit in `git rev-list --no-merges $$COMMON_COMMIT..HEAD`; \ 1492 do \ 1493 printf "\n[*] Checking style of '$$commit'\n\n"; \ 1494 git log --format=email "$$commit~..$$commit" \ 1495 -- ${CHECK_PATHS} | \ 1496 ${CHECKPATCH} ${CHECKPATCH_OPTS} - || true; \ 1497 git diff --format=email "$$commit~..$$commit" \ 1498 -- ${CHECK_PATHS} | \ 1499 ${CHECKPATCH} ${CHECKPATCH_OPTS} - || true; \ 1500 done 1501 1502certtool: ${CRTTOOL} 1503 1504${CRTTOOL}: FORCE 1505 ${Q}${MAKE} PLAT=${PLAT} USE_TBBR_DEFS=${USE_TBBR_DEFS} COT=${COT} OPENSSL_DIR=${OPENSSL_DIR} CRTTOOL=${CRTTOOL} DEBUG=${DEBUG} V=${V} --no-print-directory -C ${CRTTOOLPATH} all 1506 @${ECHO_BLANK_LINE} 1507 @echo "Built $@ successfully" 1508 @${ECHO_BLANK_LINE} 1509 1510ifneq (${GENERATE_COT},0) 1511certificates: ${CRT_DEPS} ${CRTTOOL} 1512 ${Q}${CRTTOOL} ${CRT_ARGS} 1513 @${ECHO_BLANK_LINE} 1514 @echo "Built $@ successfully" 1515 @echo "Certificates can be found in ${BUILD_PLAT}" 1516 @${ECHO_BLANK_LINE} 1517endif 1518 1519${BUILD_PLAT}/${FIP_NAME}: ${FIP_DEPS} ${FIPTOOL} 1520 $(eval ${CHECK_FIP_CMD}) 1521 ${Q}${FIPTOOL} create ${FIP_ARGS} $@ 1522 ${Q}${FIPTOOL} info $@ 1523 @${ECHO_BLANK_LINE} 1524 @echo "Built $@ successfully" 1525 @${ECHO_BLANK_LINE} 1526 1527ifneq (${GENERATE_COT},0) 1528fwu_certificates: ${FWU_CRT_DEPS} ${CRTTOOL} 1529 ${Q}${CRTTOOL} ${FWU_CRT_ARGS} 1530 @${ECHO_BLANK_LINE} 1531 @echo "Built $@ successfully" 1532 @echo "FWU certificates can be found in ${BUILD_PLAT}" 1533 @${ECHO_BLANK_LINE} 1534endif 1535 1536${BUILD_PLAT}/${FWU_FIP_NAME}: ${FWU_FIP_DEPS} ${FIPTOOL} 1537 $(eval ${CHECK_FWU_FIP_CMD}) 1538 ${Q}${FIPTOOL} create ${FWU_FIP_ARGS} $@ 1539 ${Q}${FIPTOOL} info $@ 1540 @${ECHO_BLANK_LINE} 1541 @echo "Built $@ successfully" 1542 @${ECHO_BLANK_LINE} 1543 1544fiptool: ${FIPTOOL} 1545fip: ${BUILD_PLAT}/${FIP_NAME} 1546fwu_fip: ${BUILD_PLAT}/${FWU_FIP_NAME} 1547 1548${FIPTOOL}: FORCE 1549ifdef UNIX_MK 1550 ${Q}${MAKE} CPPFLAGS="-DVERSION='\"${VERSION_STRING}\"'" FIPTOOL=${FIPTOOL} OPENSSL_DIR=${OPENSSL_DIR} DEBUG=${DEBUG} V=${V} --no-print-directory -C ${FIPTOOLPATH} all 1551else 1552# Clear the MAKEFLAGS as we do not want 1553# to pass the gnumake flags to nmake. 1554 ${Q}set MAKEFLAGS= && ${MSVC_NMAKE} /nologo /f ${FIPTOOLPATH}/Makefile.msvc FIPTOOLPATH=$(subst /,\,$(FIPTOOLPATH)) FIPTOOL=$(subst /,\,$(FIPTOOL)) 1555endif 1556 1557romlib.bin: libraries FORCE 1558 ${Q}${MAKE} PLAT_DIR=${PLAT_DIR} BUILD_PLAT=${BUILD_PLAT} ENABLE_BTI=${ENABLE_BTI} ARM_ARCH_MINOR=${ARM_ARCH_MINOR} INCLUDES='${INCLUDES}' DEFINES='${DEFINES}' --no-print-directory -C ${ROMLIBPATH} all 1559 1560# Call print_memory_map tool 1561memmap: all 1562 ${Q}${PYTHON} ${PRINT_MEMORY_MAP} ${BUILD_PLAT} ${INVERTED_MEMMAP} 1563 1564doc: 1565 @echo " BUILD DOCUMENTATION" 1566 ${Q}${MAKE} --no-print-directory -C ${DOCS_PATH} html 1567 1568enctool: ${ENCTOOL} 1569 1570${ENCTOOL}: FORCE 1571 ${Q}${MAKE} PLAT=${PLAT} BUILD_INFO=0 OPENSSL_DIR=${OPENSSL_DIR} ENCTOOL=${ENCTOOL} DEBUG=${DEBUG} V=${V} --no-print-directory -C ${ENCTOOLPATH} all 1572 @${ECHO_BLANK_LINE} 1573 @echo "Built $@ successfully" 1574 @${ECHO_BLANK_LINE} 1575 1576cscope: 1577 @echo " CSCOPE" 1578 ${Q}find ${CURDIR} -name "*.[chsS]" > cscope.files 1579 ${Q}cscope -b -q -k 1580 1581help: 1582 @echo "usage: ${MAKE} [PLAT=<platform>] [OPTIONS] [TARGET]" 1583 @echo "" 1584 @echo "PLAT is used to specify which platform you wish to build." 1585 @echo "If no platform is specified, PLAT defaults to: ${DEFAULT_PLAT}" 1586 @echo "" 1587 @echo "platform = ${PLATFORM_LIST}" 1588 @echo "" 1589 @echo "Please refer to the User Guide for a list of all supported options." 1590 @echo "Note that the build system doesn't track dependencies for build " 1591 @echo "options. Therefore, if any of the build options are changed " 1592 @echo "from a previous build, a clean build must be performed." 1593 @echo "" 1594 @echo "Supported Targets:" 1595 @echo " all Build all individual bootloader binaries" 1596 @echo " bl1 Build the BL1 binary" 1597 @echo " bl2 Build the BL2 binary" 1598 @echo " bl2u Build the BL2U binary" 1599 @echo " bl31 Build the BL31 binary" 1600 @echo " bl32 Build the BL32 binary. If ARCH=aarch32, then " 1601 @echo " this builds secure payload specified by AARCH32_SP" 1602 @echo " certificates Build the certificates (requires 'GENERATE_COT=1')" 1603 @echo " fip Build the Firmware Image Package (FIP)" 1604 @echo " fwu_fip Build the FWU Firmware Image Package (FIP)" 1605 @echo " checkcodebase Check the coding style of the entire source tree" 1606 @echo " checkpatch Check the coding style on changes in the current" 1607 @echo " branch against BASE_COMMIT (default origin/master)" 1608 @echo " clean Clean the build for the selected platform" 1609 @echo " cscope Generate cscope index" 1610 @echo " distclean Remove all build artifacts for all platforms" 1611 @echo " certtool Build the Certificate generation tool" 1612 @echo " enctool Build the Firmware encryption tool" 1613 @echo " fiptool Build the Firmware Image Package (FIP) creation tool" 1614 @echo " sp Build the Secure Partition Packages" 1615 @echo " sptool Build the Secure Partition Package creation tool" 1616 @echo " dtbs Build the Device Tree Blobs (if required for the platform)" 1617 @echo " memmap Print the memory map of the built binaries" 1618 @echo " doc Build html based documentation using Sphinx tool" 1619 @echo "" 1620 @echo "Note: most build targets require PLAT to be set to a specific platform." 1621 @echo "" 1622 @echo "example: build all targets for the FVP platform:" 1623 @echo " CROSS_COMPILE=aarch64-none-elf- make PLAT=fvp all" 1624 1625.PHONY: FORCE 1626FORCE:; 1627