1# 2# Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved. 3# 4# SPDX-License-Identifier: BSD-3-Clause 5# 6 7# 8# Trusted Firmware Version 9# 10VERSION_MAJOR := 2 11VERSION_MINOR := 7 12VERSION := ${VERSION_MAJOR}.${VERSION_MINOR} 13 14# Default goal is build all images 15.DEFAULT_GOAL := all 16 17# Avoid any implicit propagation of command line variable definitions to 18# sub-Makefiles, like CFLAGS that we reserved for the firmware images' 19# usage. Other command line options like "-s" are still propagated as usual. 20MAKEOVERRIDES = 21 22MAKE_HELPERS_DIRECTORY := make_helpers/ 23include ${MAKE_HELPERS_DIRECTORY}build_macros.mk 24include ${MAKE_HELPERS_DIRECTORY}build_env.mk 25 26################################################################################ 27# Default values for build configurations, and their dependencies 28################################################################################ 29 30include ${MAKE_HELPERS_DIRECTORY}defaults.mk 31 32# Assertions enabled for DEBUG builds by default 33ENABLE_ASSERTIONS := ${DEBUG} 34ENABLE_PMF := ${ENABLE_RUNTIME_INSTRUMENTATION} 35PLAT := ${DEFAULT_PLAT} 36 37################################################################################ 38# Checkpatch script options 39################################################################################ 40 41CHECKCODE_ARGS := --no-patch 42# Do not check the coding style on imported library files or documentation files 43INC_ARM_DIRS_TO_CHECK := $(sort $(filter-out \ 44 include/drivers/arm/cryptocell, \ 45 $(wildcard include/drivers/arm/*))) 46INC_ARM_DIRS_TO_CHECK += include/drivers/arm/cryptocell/*.h 47INC_DRV_DIRS_TO_CHECK := $(sort $(filter-out \ 48 include/drivers/arm, \ 49 $(wildcard include/drivers/*))) 50INC_LIB_DIRS_TO_CHECK := $(sort $(filter-out \ 51 include/lib/libfdt \ 52 include/lib/libc, \ 53 $(wildcard include/lib/*))) 54INC_DIRS_TO_CHECK := $(sort $(filter-out \ 55 include/lib \ 56 include/drivers, \ 57 $(wildcard include/*))) 58LIB_DIRS_TO_CHECK := $(sort $(filter-out \ 59 lib/compiler-rt \ 60 lib/libfdt% \ 61 lib/libc, \ 62 $(wildcard lib/*))) 63ROOT_DIRS_TO_CHECK := $(sort $(filter-out \ 64 lib \ 65 include \ 66 docs \ 67 %.rst, \ 68 $(wildcard *))) 69CHECK_PATHS := ${ROOT_DIRS_TO_CHECK} \ 70 ${INC_DIRS_TO_CHECK} \ 71 ${INC_LIB_DIRS_TO_CHECK} \ 72 ${LIB_DIRS_TO_CHECK} \ 73 ${INC_DRV_DIRS_TO_CHECK} \ 74 ${INC_ARM_DIRS_TO_CHECK} 75 76 77################################################################################ 78# Process build options 79################################################################################ 80 81# Verbose flag 82ifeq (${V},0) 83 Q:=@ 84 ECHO:=@echo 85 CHECKCODE_ARGS += --no-summary --terse 86else 87 Q:= 88 ECHO:=$(ECHO_QUIET) 89endif 90 91ifneq ($(findstring s,$(filter-out --%,$(MAKEFLAGS))),) 92 Q:=@ 93 ECHO:=$(ECHO_QUIET) 94endif 95 96export Q ECHO 97 98# The cert_create tool cannot generate certificates individually, so we use the 99# target 'certificates' to create them all 100ifneq (${GENERATE_COT},0) 101 FIP_DEPS += certificates 102 FWU_FIP_DEPS += fwu_certificates 103endif 104 105# Process BRANCH_PROTECTION value and set 106# Pointer Authentication and Branch Target Identification flags 107ifeq (${BRANCH_PROTECTION},0) 108 # Default value turns off all types of branch protection 109 BP_OPTION := none 110else ifneq (${ARCH},aarch64) 111 $(error BRANCH_PROTECTION requires AArch64) 112else ifeq (${BRANCH_PROTECTION},1) 113 # Enables all types of branch protection features 114 BP_OPTION := standard 115 ENABLE_BTI := 1 116 ENABLE_PAUTH := 1 117else ifeq (${BRANCH_PROTECTION},2) 118 # Return address signing to its standard level 119 BP_OPTION := pac-ret 120 ENABLE_PAUTH := 1 121else ifeq (${BRANCH_PROTECTION},3) 122 # Extend the signing to include leaf functions 123 BP_OPTION := pac-ret+leaf 124 ENABLE_PAUTH := 1 125else ifeq (${BRANCH_PROTECTION},4) 126 # Turn on branch target identification mechanism 127 BP_OPTION := bti 128 ENABLE_BTI := 1 129else 130 $(error Unknown BRANCH_PROTECTION value ${BRANCH_PROTECTION}) 131endif 132 133# FEAT_RME 134ifeq (${ENABLE_RME},1) 135# RME doesn't support PIE 136ifneq (${ENABLE_PIE},0) 137 $(error ENABLE_RME does not support PIE) 138endif 139# RME doesn't support BRBE 140ifneq (${ENABLE_BRBE_FOR_NS},0) 141 $(error ENABLE_RME does not support BRBE.) 142endif 143# RME requires AARCH64 144ifneq (${ARCH},aarch64) 145 $(error ENABLE_RME requires AArch64) 146endif 147# RME requires el2 context to be saved for now. 148CTX_INCLUDE_EL2_REGS := 1 149CTX_INCLUDE_AARCH32_REGS := 0 150ARM_ARCH_MAJOR := 8 151ARM_ARCH_MINOR := 5 152ENABLE_FEAT_ECV = 1 153ENABLE_FEAT_FGT = 1 154 155endif 156 157# USE_SPINLOCK_CAS requires AArch64 build 158ifeq (${USE_SPINLOCK_CAS},1) 159ifneq (${ARCH},aarch64) 160 $(error USE_SPINLOCK_CAS requires AArch64) 161endif 162endif 163 164# USE_DEBUGFS experimental feature recommended only in debug builds 165ifeq (${USE_DEBUGFS},1) 166ifeq (${DEBUG},1) 167 $(warning DEBUGFS experimental feature is enabled.) 168else 169 $(warning DEBUGFS experimental, recommended in DEBUG builds ONLY) 170endif 171endif 172 173ifneq (${DECRYPTION_SUPPORT},none) 174ENC_ARGS += -f ${FW_ENC_STATUS} 175ENC_ARGS += -k ${ENC_KEY} 176ENC_ARGS += -n ${ENC_NONCE} 177FIP_DEPS += enctool 178FWU_FIP_DEPS += enctool 179endif 180 181################################################################################ 182# Toolchain 183################################################################################ 184 185HOSTCC := gcc 186export HOSTCC 187 188CC := ${CROSS_COMPILE}gcc 189CPP := ${CROSS_COMPILE}cpp 190AS := ${CROSS_COMPILE}gcc 191AR := ${CROSS_COMPILE}ar 192LINKER := ${CROSS_COMPILE}ld 193OC := ${CROSS_COMPILE}objcopy 194OD := ${CROSS_COMPILE}objdump 195NM := ${CROSS_COMPILE}nm 196PP := ${CROSS_COMPILE}gcc -E 197DTC := dtc 198 199# Use ${LD}.bfd instead if it exists (as absolute path or together with $PATH). 200ifneq ($(strip $(wildcard ${LD}.bfd) \ 201 $(foreach dir,$(subst :, ,${PATH}),$(wildcard ${dir}/${LINKER}.bfd))),) 202LINKER := ${LINKER}.bfd 203endif 204 205ifeq (${ARM_ARCH_MAJOR},7) 206target32-directive = -target arm-none-eabi 207# Will set march32-directive from platform configuration 208else 209target32-directive = -target armv8a-none-eabi 210 211# Set the compiler's target architecture profile based on 212# ARM_ARCH_MAJOR ARM_ARCH_MINOR options 213ifeq (${ARM_ARCH_MINOR},0) 214march32-directive = -march=armv${ARM_ARCH_MAJOR}-a 215march64-directive = -march=armv${ARM_ARCH_MAJOR}-a 216else 217march32-directive = -march=armv${ARM_ARCH_MAJOR}.${ARM_ARCH_MINOR}-a 218march64-directive = -march=armv${ARM_ARCH_MAJOR}.${ARM_ARCH_MINOR}-a 219endif 220endif 221 222# Memory tagging is supported in architecture Armv8.5-A AArch64 and onwards 223ifeq ($(ARCH), aarch64) 224# Check if revision is greater than or equal to 8.5 225ifeq "8.5" "$(word 1, $(sort 8.5 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))" 226mem_tag_arch_support = yes 227endif 228endif 229 230# Get architecture feature modifiers 231arch-features = ${ARM_ARCH_FEATURE} 232 233# Enable required options for memory stack tagging. 234# Currently, these options are enabled only for clang and armclang compiler. 235ifeq (${SUPPORT_STACK_MEMTAG},yes) 236ifdef mem_tag_arch_support 237# Check for armclang and clang compilers 238ifneq ( ,$(filter $(notdir $(CC)),armclang clang)) 239# Add "memtag" architecture feature modifier if not specified 240ifeq ( ,$(findstring memtag,$(arch-features))) 241arch-features := $(arch-features)+memtag 242endif # memtag 243ifeq ($(notdir $(CC)),armclang) 244TF_CFLAGS += -mmemtag-stack 245else ifeq ($(notdir $(CC)),clang) 246TF_CFLAGS += -fsanitize=memtag 247endif # armclang 248endif # armclang clang 249else 250$(error "Error: stack memory tagging is not supported for architecture \ 251 ${ARCH},armv${ARM_ARCH_MAJOR}.${ARM_ARCH_MINOR}-a") 252endif # mem_tag_arch_support 253endif # SUPPORT_STACK_MEMTAG 254 255# Set the compiler's architecture feature modifiers 256ifneq ($(arch-features), none) 257# Strip "none+" from arch-features 258arch-features := $(subst none+,,$(arch-features)) 259ifeq ($(ARCH), aarch32) 260march32-directive := $(march32-directive)+$(arch-features) 261else 262march64-directive := $(march64-directive)+$(arch-features) 263endif 264# Print features 265$(info Arm Architecture Features specified: $(subst +, ,$(arch-features))) 266endif # arch-features 267 268# Determine if FEAT_RNG is supported 269ENABLE_FEAT_RNG = $(if $(findstring rng,${arch-features}),1,0) 270 271# Determine if FEAT_SB is supported 272ENABLE_FEAT_SB = $(if $(findstring sb,${arch-features}),1,0) 273 274ifneq ($(findstring clang,$(notdir $(CC))),) 275 ifneq ($(findstring armclang,$(notdir $(CC))),) 276 TF_CFLAGS_aarch32 := -target arm-arm-none-eabi $(march32-directive) 277 TF_CFLAGS_aarch64 := -target aarch64-arm-none-eabi $(march64-directive) 278 LD := $(LINKER) 279 else 280 TF_CFLAGS_aarch32 := $(target32-directive) $(march32-directive) 281 TF_CFLAGS_aarch64 := -target aarch64-elf $(march64-directive) 282 LD := $(shell $(CC) --print-prog-name ld.lld) 283 284 AR := $(shell $(CC) --print-prog-name llvm-ar) 285 OD := $(shell $(CC) --print-prog-name llvm-objdump) 286 OC := $(shell $(CC) --print-prog-name llvm-objcopy) 287 endif 288 289 CPP := $(CC) -E $(TF_CFLAGS_$(ARCH)) 290 PP := $(CC) -E $(TF_CFLAGS_$(ARCH)) 291 AS := $(CC) -c -x assembler-with-cpp $(TF_CFLAGS_$(ARCH)) 292else ifneq ($(findstring gcc,$(notdir $(CC))),) 293TF_CFLAGS_aarch32 = $(march32-directive) 294TF_CFLAGS_aarch64 = $(march64-directive) 295ifeq ($(ENABLE_LTO),1) 296 # Enable LTO only for aarch64 297 ifeq (${ARCH},aarch64) 298 LTO_CFLAGS = -flto 299 # Use gcc as a wrapper for the ld, recommended for LTO 300 LINKER := ${CROSS_COMPILE}gcc 301 endif 302endif 303LD = $(LINKER) 304else 305TF_CFLAGS_aarch32 = $(march32-directive) 306TF_CFLAGS_aarch64 = $(march64-directive) 307LD = $(LINKER) 308endif 309 310# Process Debug flag 311$(eval $(call add_define,DEBUG)) 312ifneq (${DEBUG}, 0) 313 BUILD_TYPE := debug 314 TF_CFLAGS += -g -gdwarf-4 315 ASFLAGS += -g -Wa,-gdwarf-4 316 317 # Use LOG_LEVEL_INFO by default for debug builds 318 LOG_LEVEL := 40 319else 320 BUILD_TYPE := release 321 # Use LOG_LEVEL_NOTICE by default for release builds 322 LOG_LEVEL := 20 323endif 324 325# Default build string (git branch and commit) 326ifeq (${BUILD_STRING},) 327 BUILD_STRING := $(shell git describe --always --dirty --tags 2> /dev/null) 328endif 329VERSION_STRING := v${VERSION}(${BUILD_TYPE}):${BUILD_STRING} 330 331ifeq (${AARCH32_INSTRUCTION_SET},A32) 332TF_CFLAGS_aarch32 += -marm 333else ifeq (${AARCH32_INSTRUCTION_SET},T32) 334TF_CFLAGS_aarch32 += -mthumb 335else 336$(error Error: Unknown AArch32 instruction set ${AARCH32_INSTRUCTION_SET}) 337endif 338 339TF_CFLAGS_aarch32 += -mno-unaligned-access 340TF_CFLAGS_aarch64 += -mgeneral-regs-only -mstrict-align 341 342ifneq (${BP_OPTION},none) 343TF_CFLAGS_aarch64 += -mbranch-protection=${BP_OPTION} 344endif 345 346ASFLAGS_aarch32 = $(march32-directive) 347ASFLAGS_aarch64 = $(march64-directive) 348 349# General warnings 350WARNINGS := -Wall -Wmissing-include-dirs -Wunused \ 351 -Wdisabled-optimization -Wvla -Wshadow \ 352 -Wno-unused-parameter -Wredundant-decls 353 354# Additional warnings 355# Level 1 356WARNING1 := -Wextra 357WARNING1 += -Wmissing-format-attribute 358WARNING1 += -Wmissing-prototypes 359WARNING1 += -Wold-style-definition 360 361# Level 2 362WARNING2 := -Waggregate-return 363WARNING2 += -Wcast-align 364WARNING2 += -Wnested-externs 365 366WARNING3 := -Wbad-function-cast 367WARNING3 += -Wcast-qual 368WARNING3 += -Wconversion 369WARNING3 += -Wpacked 370WARNING3 += -Wpointer-arith 371WARNING3 += -Wswitch-default 372 373ifeq (${W},1) 374WARNINGS += $(WARNING1) 375else ifeq (${W},2) 376WARNINGS += $(WARNING1) $(WARNING2) 377else ifeq (${W},3) 378WARNINGS += $(WARNING1) $(WARNING2) $(WARNING3) 379endif 380 381# Compiler specific warnings 382ifeq ($(findstring clang,$(notdir $(CC))),) 383# not using clang 384WARNINGS += -Wunused-but-set-variable -Wmaybe-uninitialized \ 385 -Wpacked-bitfield-compat -Wshift-overflow=2 \ 386 -Wlogical-op 387else 388# using clang 389WARNINGS += -Wshift-overflow -Wshift-sign-overflow \ 390 -Wlogical-op-parentheses 391endif 392 393ifneq (${E},0) 394ERRORS := -Werror 395endif 396 397CPPFLAGS = ${DEFINES} ${INCLUDES} ${MBEDTLS_INC} -nostdinc \ 398 $(ERRORS) $(WARNINGS) 399ASFLAGS += $(CPPFLAGS) $(ASFLAGS_$(ARCH)) \ 400 -ffreestanding -Wa,--fatal-warnings 401TF_CFLAGS += $(CPPFLAGS) $(TF_CFLAGS_$(ARCH)) \ 402 -ffunction-sections -fdata-sections \ 403 -ffreestanding -fno-builtin -fno-common \ 404 -Os -std=gnu99 405 406$(eval $(call add_define,SVE_VECTOR_LEN)) 407 408ifeq (${SANITIZE_UB},on) 409TF_CFLAGS += -fsanitize=undefined -fno-sanitize-recover 410endif 411ifeq (${SANITIZE_UB},trap) 412TF_CFLAGS += -fsanitize=undefined -fno-sanitize-recover \ 413 -fsanitize-undefined-trap-on-error 414endif 415 416GCC_V_OUTPUT := $(shell $(CC) -v 2>&1) 417 418# LD = armlink 419ifneq ($(findstring armlink,$(notdir $(LD))),) 420TF_LDFLAGS += --diag_error=warning --lto_level=O1 421TF_LDFLAGS += --remove --info=unused,unusedsymbols 422TF_LDFLAGS += $(TF_LDFLAGS_$(ARCH)) 423 424# LD = gcc (used when GCC LTO is enabled) 425else ifneq ($(findstring gcc,$(notdir $(LD))),) 426# Pass ld options with Wl or Xlinker switches 427TF_LDFLAGS += -Wl,--fatal-warnings -O1 428TF_LDFLAGS += -Wl,--gc-sections 429ifeq ($(ENABLE_LTO),1) 430 ifeq (${ARCH},aarch64) 431 TF_LDFLAGS += -flto -fuse-linker-plugin 432 endif 433endif 434# GCC automatically adds fix-cortex-a53-843419 flag when used to link 435# which breaks some builds, so disable if errata fix is not explicitly enabled 436ifneq (${ERRATA_A53_843419},1) 437 TF_LDFLAGS += -mno-fix-cortex-a53-843419 438endif 439TF_LDFLAGS += -nostdlib 440TF_LDFLAGS += $(subst --,-Xlinker --,$(TF_LDFLAGS_$(ARCH))) 441 442# LD = gcc-ld (ld) or llvm-ld (ld.lld) or other 443else 444TF_LDFLAGS += --fatal-warnings -O1 445TF_LDFLAGS += --gc-sections 446# ld.lld doesn't recognize the errata flags, 447# therefore don't add those in that case 448ifeq ($(findstring ld.lld,$(notdir $(LD))),) 449TF_LDFLAGS += $(TF_LDFLAGS_$(ARCH)) 450endif 451endif 452 453DTC_FLAGS += -I dts -O dtb 454DTC_CPPFLAGS += -P -nostdinc -Iinclude -Ifdts -undef \ 455 -x assembler-with-cpp $(DEFINES) 456 457################################################################################ 458# Common sources and include directories 459################################################################################ 460include ${MAKE_HELPERS_DIRECTORY}arch_features.mk 461include lib/compiler-rt/compiler-rt.mk 462 463BL_COMMON_SOURCES += common/bl_common.c \ 464 common/tf_log.c \ 465 common/${ARCH}/debug.S \ 466 drivers/console/multi_console.c \ 467 lib/${ARCH}/cache_helpers.S \ 468 lib/${ARCH}/misc_helpers.S \ 469 plat/common/plat_bl_common.c \ 470 plat/common/plat_log_common.c \ 471 plat/common/${ARCH}/plat_common.c \ 472 plat/common/${ARCH}/platform_helpers.S \ 473 ${COMPILER_RT_SRCS} 474 475ifeq ($(notdir $(CC)),armclang) 476BL_COMMON_SOURCES += lib/${ARCH}/armclang_printf.S 477endif 478 479ifeq (${SANITIZE_UB},on) 480BL_COMMON_SOURCES += plat/common/ubsan.c 481endif 482 483INCLUDES += -Iinclude \ 484 -Iinclude/arch/${ARCH} \ 485 -Iinclude/lib/cpus/${ARCH} \ 486 -Iinclude/lib/el3_runtime/${ARCH} \ 487 ${PLAT_INCLUDES} \ 488 ${SPD_INCLUDES} 489 490include common/backtrace/backtrace.mk 491 492################################################################################ 493# Generic definitions 494################################################################################ 495 496include ${MAKE_HELPERS_DIRECTORY}plat_helpers.mk 497 498ifeq (${BUILD_BASE},) 499 BUILD_BASE := ./build 500endif 501BUILD_PLAT := $(abspath ${BUILD_BASE})/${PLAT}/${BUILD_TYPE} 502 503SPDS := $(sort $(filter-out none, $(patsubst services/spd/%,%,$(wildcard services/spd/*)))) 504 505# Platforms providing their own TBB makefile may override this value 506INCLUDE_TBBR_MK := 1 507 508 509################################################################################ 510# Include SPD Makefile if one has been specified 511################################################################################ 512 513ifneq (${SPD},none) 514 ifeq (${ARCH},aarch32) 515 $(error "Error: SPD is incompatible with AArch32.") 516 endif 517 518 ifdef EL3_PAYLOAD_BASE 519 $(warning "SPD and EL3_PAYLOAD_BASE are incompatible build options.") 520 $(warning "The SPD and its BL32 companion will be present but ignored.") 521 endif 522 523 ifeq (${SPD},spmd) 524 # SPMD is located in std_svc directory 525 SPD_DIR := std_svc 526 527 ifeq ($(SPMD_SPM_AT_SEL2),1) 528 ifeq ($(CTX_INCLUDE_EL2_REGS),0) 529 $(error SPMD with SPM at S-EL2 requires CTX_INCLUDE_EL2_REGS option) 530 endif 531 ifeq ($(SPMC_AT_EL3),1) 532 $(error SPM cannot be enabled in both S-EL2 and EL3.) 533 endif 534 endif 535 536 ifeq ($(findstring optee_sp,$(ARM_SPMC_MANIFEST_DTS)),optee_sp) 537 DTC_CPPFLAGS += -DOPTEE_SP_FW_CONFIG 538 endif 539 540 ifeq ($(TS_SP_FW_CONFIG),1) 541 DTC_CPPFLAGS += -DTS_SP_FW_CONFIG 542 endif 543 544 ifneq ($(ARM_BL2_SP_LIST_DTS),) 545 DTC_CPPFLAGS += -DARM_BL2_SP_LIST_DTS=$(ARM_BL2_SP_LIST_DTS) 546 endif 547 548 ifneq ($(SP_LAYOUT_FILE),) 549 BL2_ENABLE_SP_LOAD := 1 550 endif 551 else 552 # All other SPDs in spd directory 553 SPD_DIR := spd 554 endif 555 556 # We expect to locate an spd.mk under the specified SPD directory 557 SPD_MAKE := $(wildcard services/${SPD_DIR}/${SPD}/${SPD}.mk) 558 559 ifeq (${SPD_MAKE},) 560 $(error Error: No services/${SPD_DIR}/${SPD}/${SPD}.mk located) 561 endif 562 $(info Including ${SPD_MAKE}) 563 include ${SPD_MAKE} 564 565 # If there's BL32 companion for the chosen SPD, we expect that the SPD's 566 # Makefile would set NEED_BL32 to "yes". In this case, the build system 567 # supports two mutually exclusive options: 568 # * BL32 is built from source: then BL32_SOURCES must contain the list 569 # of source files to build BL32 570 # * BL32 is a prebuilt binary: then BL32 must point to the image file 571 # that will be included in the FIP 572 # If both BL32_SOURCES and BL32 are defined, the binary takes precedence 573 # over the sources. 574endif 575 576################################################################################ 577# Include rmmd Makefile if RME is enabled 578################################################################################ 579 580ifneq (${ENABLE_RME},0) 581ifneq (${ARCH},aarch64) 582 $(error ENABLE_RME requires AArch64) 583endif 584ifeq ($(SPMC_AT_EL3),1) 585 $(error SPMC_AT_EL3 and ENABLE_RME cannot both be enabled.) 586endif 587include services/std_svc/rmmd/rmmd.mk 588$(warning "RME is an experimental feature") 589endif 590 591################################################################################ 592# Include the platform specific Makefile after the SPD Makefile (the platform 593# makefile may use all previous definitions in this file) 594################################################################################ 595 596include ${PLAT_MAKEFILE_FULL} 597 598$(eval $(call MAKE_PREREQ_DIR,${BUILD_PLAT})) 599 600ifeq (${ARM_ARCH_MAJOR},7) 601include make_helpers/armv7-a-cpus.mk 602endif 603 604PIE_FOUND := $(findstring --enable-default-pie,${GCC_V_OUTPUT}) 605ifneq ($(PIE_FOUND),) 606 TF_CFLAGS += -fno-PIE 607ifneq ($(findstring gcc,$(notdir $(LD))),) 608 TF_LDFLAGS += -no-pie 609endif 610endif 611 612ifneq ($(findstring gcc,$(notdir $(LD))),) 613 PIE_LDFLAGS += -Wl,-pie -Wl,--no-dynamic-linker 614else 615 PIE_LDFLAGS += -pie --no-dynamic-linker 616endif 617 618ifeq ($(ENABLE_PIE),1) 619ifeq ($(BL2_AT_EL3),1) 620ifneq ($(BL2_IN_XIP_MEM),1) 621 BL2_CFLAGS += -fpie 622 BL2_LDFLAGS += $(PIE_LDFLAGS) 623endif 624endif 625 BL31_CFLAGS += -fpie 626 BL31_LDFLAGS += $(PIE_LDFLAGS) 627 BL32_CFLAGS += -fpie 628 BL32_LDFLAGS += $(PIE_LDFLAGS) 629endif 630 631ifeq (${ARCH},aarch64) 632BL1_CPPFLAGS += -DIMAGE_AT_EL3 633ifeq ($(BL2_AT_EL3),1) 634BL2_CPPFLAGS += -DIMAGE_AT_EL3 635else 636BL2_CPPFLAGS += -DIMAGE_AT_EL1 637endif 638BL2U_CPPFLAGS += -DIMAGE_AT_EL1 639BL31_CPPFLAGS += -DIMAGE_AT_EL3 640BL32_CPPFLAGS += -DIMAGE_AT_EL1 641endif 642 643# Include the CPU specific operations makefile, which provides default 644# values for all CPU errata workarounds and CPU specific optimisations. 645# This can be overridden by the platform. 646include lib/cpus/cpu-ops.mk 647 648ifeq (${ARCH},aarch32) 649NEED_BL32 := yes 650 651################################################################################ 652# Build `AARCH32_SP` as BL32 image for AArch32 653################################################################################ 654ifneq (${AARCH32_SP},none) 655# We expect to locate an sp.mk under the specified AARCH32_SP directory 656AARCH32_SP_MAKE := $(wildcard bl32/${AARCH32_SP}/${AARCH32_SP}.mk) 657 658ifeq (${AARCH32_SP_MAKE},) 659 $(error Error: No bl32/${AARCH32_SP}/${AARCH32_SP}.mk located) 660endif 661 662$(info Including ${AARCH32_SP_MAKE}) 663include ${AARCH32_SP_MAKE} 664endif 665 666endif 667 668################################################################################ 669# Include libc if not overridden 670################################################################################ 671ifeq (${OVERRIDE_LIBC},0) 672include lib/libc/libc.mk 673endif 674 675################################################################################ 676# Check incompatible options 677################################################################################ 678 679ifdef EL3_PAYLOAD_BASE 680 ifdef PRELOADED_BL33_BASE 681 $(warning "PRELOADED_BL33_BASE and EL3_PAYLOAD_BASE are \ 682 incompatible build options. EL3_PAYLOAD_BASE has priority.") 683 endif 684 ifneq (${GENERATE_COT},0) 685 $(error "GENERATE_COT and EL3_PAYLOAD_BASE are incompatible build options.") 686 endif 687 ifneq (${TRUSTED_BOARD_BOOT},0) 688 $(error "TRUSTED_BOARD_BOOT and EL3_PAYLOAD_BASE are incompatible build options.") 689 endif 690endif 691 692ifeq (${NEED_BL33},yes) 693 ifdef EL3_PAYLOAD_BASE 694 $(warning "BL33 image is not needed when option \ 695 BL33_PAYLOAD_BASE is used and won't be added to the FIP file.") 696 endif 697 ifdef PRELOADED_BL33_BASE 698 $(warning "BL33 image is not needed when option \ 699 PRELOADED_BL33_BASE is used and won't be added to the FIP \ 700 file.") 701 endif 702endif 703 704# When building for systems with hardware-assisted coherency, there's no need to 705# use USE_COHERENT_MEM. Require that USE_COHERENT_MEM must be set to 0 too. 706ifeq ($(HW_ASSISTED_COHERENCY)-$(USE_COHERENT_MEM),1-1) 707$(error USE_COHERENT_MEM cannot be enabled with HW_ASSISTED_COHERENCY) 708endif 709 710#For now, BL2_IN_XIP_MEM is only supported when BL2_AT_EL3 is 1. 711ifeq ($(BL2_AT_EL3)-$(BL2_IN_XIP_MEM),0-1) 712$(error "BL2_IN_XIP_MEM is only supported when BL2_AT_EL3 is enabled") 713endif 714 715# For RAS_EXTENSION, require that EAs are handled in EL3 first 716ifeq ($(RAS_EXTENSION),1) 717 ifneq ($(HANDLE_EA_EL3_FIRST),1) 718 $(error For RAS_EXTENSION, HANDLE_EA_EL3_FIRST must also be 1) 719 endif 720endif 721 722# When FAULT_INJECTION_SUPPORT is used, require that RAS_EXTENSION is enabled 723ifeq ($(FAULT_INJECTION_SUPPORT),1) 724 ifneq ($(RAS_EXTENSION),1) 725 $(error For FAULT_INJECTION_SUPPORT, RAS_EXTENSION must also be 1) 726 endif 727endif 728 729# DYN_DISABLE_AUTH can be set only when TRUSTED_BOARD_BOOT=1 730ifeq ($(DYN_DISABLE_AUTH), 1) 731 ifeq (${TRUSTED_BOARD_BOOT}, 0) 732 $(error "TRUSTED_BOARD_BOOT must be enabled for DYN_DISABLE_AUTH to be set.") 733 endif 734endif 735 736ifeq ($(MEASURED_BOOT)-$(TRUSTED_BOARD_BOOT),1-1) 737# Support authentication verification and hash calculation 738 CRYPTO_SUPPORT := 3 739else ifeq ($(DRTM_SUPPORT)-$(TRUSTED_BOARD_BOOT),1-1) 740# Support authentication verification and hash calculation 741 CRYPTO_SUPPORT := 3 742else ifneq ($(filter 1,${MEASURED_BOOT} ${DRTM_SUPPORT}),) 743# Support hash calculation only 744 CRYPTO_SUPPORT := 2 745else ifeq (${TRUSTED_BOARD_BOOT},1) 746# Support authentication verification only 747 CRYPTO_SUPPORT := 1 748else 749 CRYPTO_SUPPORT := 0 750endif 751 752# SDEI_IN_FCONF is only supported when SDEI_SUPPORT is enabled. 753ifeq ($(SDEI_SUPPORT)-$(SDEI_IN_FCONF),0-1) 754$(error "SDEI_IN_FCONF is only supported when SDEI_SUPPORT is enabled") 755endif 756 757# If pointer authentication is used in the firmware, make sure that all the 758# registers associated to it are also saved and restored. 759# Not doing it would leak the value of the keys used by EL3 to EL1 and S-EL1. 760ifeq ($(ENABLE_PAUTH),1) 761 ifeq ($(CTX_INCLUDE_PAUTH_REGS),0) 762 $(error Pointer Authentication requires CTX_INCLUDE_PAUTH_REGS=1) 763 endif 764endif 765 766ifeq ($(CTX_INCLUDE_PAUTH_REGS),1) 767 ifneq (${ARCH},aarch64) 768 $(error CTX_INCLUDE_PAUTH_REGS requires AArch64) 769 endif 770endif 771 772ifeq ($(CTX_INCLUDE_MTE_REGS),1) 773 ifneq (${ARCH},aarch64) 774 $(error CTX_INCLUDE_MTE_REGS requires AArch64) 775 endif 776endif 777 778ifeq ($(PSA_FWU_SUPPORT),1) 779 $(info PSA_FWU_SUPPORT is an experimental feature) 780endif 781 782ifeq ($(FEATURE_DETECTION),1) 783 $(info FEATURE_DETECTION is an experimental feature) 784endif 785 786ifeq (${ARM_XLAT_TABLES_LIB_V1}, 1) 787 ifeq (${ALLOW_RO_XLAT_TABLES}, 1) 788 $(error "ALLOW_RO_XLAT_TABLES requires translation tables library v2") 789 endif 790endif 791 792ifneq (${DECRYPTION_SUPPORT},none) 793 ifeq (${TRUSTED_BOARD_BOOT}, 0) 794 $(error TRUSTED_BOARD_BOOT must be enabled for DECRYPTION_SUPPORT to be set) 795 endif 796endif 797 798# Ensure that no Aarch64-only features are enabled in Aarch32 build 799ifeq (${ARCH},aarch32) 800 801 # SME/SVE only supported on AArch64 802 ifeq (${ENABLE_SME_FOR_NS},1) 803 $(error "ENABLE_SME_FOR_NS cannot be used with ARCH=aarch32") 804 endif 805 ifeq (${ENABLE_SVE_FOR_NS},1) 806 # Warning instead of error due to CI dependency on this 807 $(error "ENABLE_SVE_FOR_NS cannot be used with ARCH=aarch32") 808 endif 809 810 # BRBE is not supported in AArch32 811 ifeq (${ENABLE_BRBE_FOR_NS},1) 812 $(error "ENABLE_BRBE_FOR_NS cannot be used with ARCH=aarch32") 813 endif 814 815 # FEAT_RNG_TRAP is not supported in AArch32 816 ifeq (${ENABLE_FEAT_RNG_TRAP},1) 817 $(error "ENABLE_FEAT_RNG_TRAP cannot be used with ARCH=aarch32") 818 endif 819endif 820 821# Ensure ENABLE_RME is not used with SME 822ifeq (${ENABLE_RME},1) 823 ifeq (${ENABLE_SME_FOR_NS},1) 824 $(error "ENABLE_SME_FOR_NS cannot be used with ENABLE_RME") 825 endif 826endif 827 828# Secure SME/SVE requires the non-secure component as well 829ifeq (${ENABLE_SME_FOR_SWD},1) 830 ifeq (${ENABLE_SME_FOR_NS},0) 831 $(error "ENABLE_SME_FOR_SWD requires ENABLE_SME_FOR_NS") 832 endif 833endif 834ifeq (${ENABLE_SVE_FOR_SWD},1) 835 ifeq (${ENABLE_SVE_FOR_NS},0) 836 $(error "ENABLE_SVE_FOR_SWD requires ENABLE_SVE_FOR_NS") 837 endif 838endif 839 840# SVE and SME cannot be used with CTX_INCLUDE_FPREGS since secure manager does 841# its own context management including FPU registers. 842ifeq (${CTX_INCLUDE_FPREGS},1) 843 ifeq (${ENABLE_SME_FOR_NS},1) 844 $(error "ENABLE_SME_FOR_NS cannot be used with CTX_INCLUDE_FPREGS") 845 endif 846 ifeq (${ENABLE_SVE_FOR_NS},1) 847 # Warning instead of error due to CI dependency on this 848 $(warning "ENABLE_SVE_FOR_NS cannot be used with CTX_INCLUDE_FPREGS") 849 $(warning "Forced ENABLE_SVE_FOR_NS=0") 850 override ENABLE_SVE_FOR_NS := 0 851 endif 852endif 853 854ifeq ($(DRTM_SUPPORT),1) 855 $(info DRTM_SUPPORT is an experimental feature) 856endif 857 858ifeq (${ENABLE_RME},1) 859 ifneq (${SEPARATE_CODE_AND_RODATA},1) 860 $(error `ENABLE_RME=1` requires `SEPARATE_CODE_AND_RODATA=1`) 861 endif 862endif 863 864################################################################################ 865# Process platform overrideable behaviour 866################################################################################ 867 868ifdef BL1_SOURCES 869NEED_BL1 := yes 870endif 871 872ifdef BL2_SOURCES 873 NEED_BL2 := yes 874 875 # Using BL2 implies that a BL33 image also needs to be supplied for the FIP and 876 # Certificate generation tools. This flag can be overridden by the platform. 877 ifdef EL3_PAYLOAD_BASE 878 # If booting an EL3 payload there is no need for a BL33 image 879 # in the FIP file. 880 NEED_BL33 := no 881 else 882 ifdef PRELOADED_BL33_BASE 883 # If booting a BL33 preloaded image there is no need of 884 # another one in the FIP file. 885 NEED_BL33 := no 886 else 887 NEED_BL33 ?= yes 888 endif 889 endif 890endif 891 892ifdef BL2U_SOURCES 893NEED_BL2U := yes 894endif 895 896# If SCP_BL2 is given, we always want FIP to include it. 897ifdef SCP_BL2 898 NEED_SCP_BL2 := yes 899endif 900 901# For AArch32, BL31 is not currently supported. 902ifneq (${ARCH},aarch32) 903 ifdef BL31_SOURCES 904 # When booting an EL3 payload, there is no need to compile the BL31 image nor 905 # put it in the FIP. 906 ifndef EL3_PAYLOAD_BASE 907 NEED_BL31 := yes 908 endif 909 endif 910endif 911 912# Process TBB related flags 913ifneq (${GENERATE_COT},0) 914 # Common cert_create options 915 ifneq (${CREATE_KEYS},0) 916 $(eval CRT_ARGS += -n) 917 $(eval FWU_CRT_ARGS += -n) 918 ifneq (${SAVE_KEYS},0) 919 $(eval CRT_ARGS += -k) 920 $(eval FWU_CRT_ARGS += -k) 921 endif 922 endif 923 # Include TBBR makefile (unless the platform indicates otherwise) 924 ifeq (${INCLUDE_TBBR_MK},1) 925 include make_helpers/tbbr/tbbr_tools.mk 926 endif 927endif 928 929ifneq (${FIP_ALIGN},0) 930FIP_ARGS += --align ${FIP_ALIGN} 931endif 932 933ifdef FDT_SOURCES 934NEED_FDT := yes 935endif 936 937################################################################################ 938# Include libraries' Makefile that are used in all BL 939################################################################################ 940 941include lib/stack_protector/stack_protector.mk 942 943################################################################################ 944# Auxiliary tools (fiptool, cert_create, etc) 945################################################################################ 946 947# Variables for use with Certificate Generation Tool 948CRTTOOLPATH ?= tools/cert_create 949CRTTOOL ?= ${CRTTOOLPATH}/cert_create${BIN_EXT} 950 951# Variables for use with Firmware Encryption Tool 952ENCTOOLPATH ?= tools/encrypt_fw 953ENCTOOL ?= ${ENCTOOLPATH}/encrypt_fw${BIN_EXT} 954 955# Variables for use with Firmware Image Package 956FIPTOOLPATH ?= tools/fiptool 957FIPTOOL ?= ${FIPTOOLPATH}/fiptool${BIN_EXT} 958 959# Variables for use with sptool 960SPTOOLPATH ?= tools/sptool 961SPTOOL ?= ${SPTOOLPATH}/sptool.py 962SP_MK_GEN ?= ${SPTOOLPATH}/sp_mk_generator.py 963 964# Variables for use with ROMLIB 965ROMLIBPATH ?= lib/romlib 966 967# Variable for use with Python 968PYTHON ?= python3 969 970# Variables for use with PRINT_MEMORY_MAP 971PRINT_MEMORY_MAP_PATH ?= tools/memory 972PRINT_MEMORY_MAP ?= ${PRINT_MEMORY_MAP_PATH}/print_memory_map.py 973 974# Variables for use with documentation build using Sphinx tool 975DOCS_PATH ?= docs 976 977# Defination of SIMICS flag 978SIMICS_BUILD ?= 0 979 980################################################################################ 981# Include BL specific makefiles 982################################################################################ 983 984ifeq (${NEED_BL1},yes) 985include bl1/bl1.mk 986endif 987 988ifeq (${NEED_BL2},yes) 989include bl2/bl2.mk 990endif 991 992ifeq (${NEED_BL2U},yes) 993include bl2u/bl2u.mk 994endif 995 996ifeq (${NEED_BL31},yes) 997include bl31/bl31.mk 998endif 999 1000################################################################################ 1001# Build options checks 1002################################################################################ 1003 1004$(eval $(call assert_booleans,\ 1005 $(sort \ 1006 ALLOW_RO_XLAT_TABLES \ 1007 BL2_ENABLE_SP_LOAD \ 1008 COLD_BOOT_SINGLE_CPU \ 1009 CREATE_KEYS \ 1010 CTX_INCLUDE_AARCH32_REGS \ 1011 CTX_INCLUDE_FPREGS \ 1012 CTX_INCLUDE_EL2_REGS \ 1013 DEBUG \ 1014 DISABLE_MTPMU \ 1015 DYN_DISABLE_AUTH \ 1016 EL3_EXCEPTION_HANDLING \ 1017 ENABLE_AMU \ 1018 ENABLE_AMU_AUXILIARY_COUNTERS \ 1019 ENABLE_AMU_FCONF \ 1020 AMU_RESTRICT_COUNTERS \ 1021 ENABLE_ASSERTIONS \ 1022 ENABLE_PIE \ 1023 ENABLE_PMF \ 1024 ENABLE_PSCI_STAT \ 1025 ENABLE_RUNTIME_INSTRUMENTATION \ 1026 ENABLE_SME_FOR_NS \ 1027 ENABLE_SME_FOR_SWD \ 1028 ENABLE_SPE_FOR_LOWER_ELS \ 1029 ENABLE_SVE_FOR_NS \ 1030 ENABLE_SVE_FOR_SWD \ 1031 ERROR_DEPRECATED \ 1032 FAULT_INJECTION_SUPPORT \ 1033 GENERATE_COT \ 1034 GICV2_G0_FOR_EL3 \ 1035 HANDLE_EA_EL3_FIRST \ 1036 HW_ASSISTED_COHERENCY \ 1037 INVERTED_MEMMAP \ 1038 MEASURED_BOOT \ 1039 DRTM_SUPPORT \ 1040 NS_TIMER_SWITCH \ 1041 OVERRIDE_LIBC \ 1042 PL011_GENERIC_UART \ 1043 PLAT_RSS_NOT_SUPPORTED \ 1044 PROGRAMMABLE_RESET_ADDRESS \ 1045 PSCI_EXTENDED_STATE_ID \ 1046 RESET_TO_BL31 \ 1047 RESET_TO_BL31_WITH_PARAMS \ 1048 SAVE_KEYS \ 1049 SEPARATE_CODE_AND_RODATA \ 1050 SEPARATE_BL2_NOLOAD_REGION \ 1051 SEPARATE_NOBITS_REGION \ 1052 SPIN_ON_BL1_EXIT \ 1053 SPM_MM \ 1054 SPMC_AT_EL3 \ 1055 SPMD_SPM_AT_SEL2 \ 1056 TRUSTED_BOARD_BOOT \ 1057 USE_COHERENT_MEM \ 1058 USE_DEBUGFS \ 1059 ARM_IO_IN_DTB \ 1060 SDEI_IN_FCONF \ 1061 SEC_INT_DESC_IN_FCONF \ 1062 USE_ROMLIB \ 1063 USE_TBBR_DEFS \ 1064 WARMBOOT_ENABLE_DCACHE_EARLY \ 1065 BL2_AT_EL3 \ 1066 BL2_IN_XIP_MEM \ 1067 BL2_INV_DCACHE \ 1068 USE_SPINLOCK_CAS \ 1069 ENCRYPT_BL31 \ 1070 ENCRYPT_BL32 \ 1071 ERRATA_SPECULATIVE_AT \ 1072 RAS_TRAP_NS_ERR_REC_ACCESS \ 1073 COT_DESC_IN_DTB \ 1074 USE_SP804_TIMER \ 1075 PSA_FWU_SUPPORT \ 1076 ENABLE_SYS_REG_TRACE_FOR_NS \ 1077 ENABLE_MPMM \ 1078 ENABLE_MPMM_FCONF \ 1079 SIMICS_BUILD \ 1080 FEATURE_DETECTION \ 1081))) 1082 1083$(eval $(call assert_numerics,\ 1084 $(sort \ 1085 ARM_ARCH_MAJOR \ 1086 ARM_ARCH_MINOR \ 1087 BRANCH_PROTECTION \ 1088 CTX_INCLUDE_PAUTH_REGS \ 1089 CTX_INCLUDE_MTE_REGS \ 1090 CTX_INCLUDE_NEVE_REGS \ 1091 CRYPTO_SUPPORT \ 1092 ENABLE_BRBE_FOR_NS \ 1093 ENABLE_TRBE_FOR_NS \ 1094 ENABLE_BTI \ 1095 ENABLE_PAUTH \ 1096 ENABLE_FEAT_AMUv1 \ 1097 ENABLE_FEAT_AMUv1p1 \ 1098 ENABLE_FEAT_CSV2_2 \ 1099 ENABLE_FEAT_DIT \ 1100 ENABLE_FEAT_ECV \ 1101 ENABLE_FEAT_FGT \ 1102 ENABLE_FEAT_HCX \ 1103 ENABLE_FEAT_PAN \ 1104 ENABLE_FEAT_RNG \ 1105 ENABLE_FEAT_RNG_TRAP \ 1106 ENABLE_FEAT_SB \ 1107 ENABLE_FEAT_SEL2 \ 1108 ENABLE_FEAT_VHE \ 1109 ENABLE_MPAM_FOR_LOWER_ELS \ 1110 ENABLE_RME \ 1111 ENABLE_TRF_FOR_NS \ 1112 FW_ENC_STATUS \ 1113 NR_OF_FW_BANKS \ 1114 NR_OF_IMAGES_IN_FW_BANK \ 1115 RAS_EXTENSION \ 1116 TWED_DELAY \ 1117 ENABLE_FEAT_TWED \ 1118 SVE_VECTOR_LEN \ 1119))) 1120 1121ifdef KEY_SIZE 1122 $(eval $(call assert_numeric,KEY_SIZE)) 1123endif 1124 1125ifeq ($(filter $(SANITIZE_UB), on off trap),) 1126 $(error "Invalid value for SANITIZE_UB: can be one of on, off, trap") 1127endif 1128 1129################################################################################ 1130# Add definitions to the cpp preprocessor based on the current build options. 1131# This is done after including the platform specific makefile to allow the 1132# platform to overwrite the default options 1133################################################################################ 1134 1135$(eval $(call add_defines,\ 1136 $(sort \ 1137 ALLOW_RO_XLAT_TABLES \ 1138 ARM_ARCH_MAJOR \ 1139 ARM_ARCH_MINOR \ 1140 BL2_ENABLE_SP_LOAD \ 1141 COLD_BOOT_SINGLE_CPU \ 1142 CTX_INCLUDE_AARCH32_REGS \ 1143 CTX_INCLUDE_FPREGS \ 1144 CTX_INCLUDE_PAUTH_REGS \ 1145 EL3_EXCEPTION_HANDLING \ 1146 CTX_INCLUDE_MTE_REGS \ 1147 CTX_INCLUDE_EL2_REGS \ 1148 CTX_INCLUDE_NEVE_REGS \ 1149 DECRYPTION_SUPPORT_${DECRYPTION_SUPPORT} \ 1150 DISABLE_MTPMU \ 1151 ENABLE_AMU \ 1152 ENABLE_AMU_AUXILIARY_COUNTERS \ 1153 ENABLE_AMU_FCONF \ 1154 AMU_RESTRICT_COUNTERS \ 1155 ENABLE_ASSERTIONS \ 1156 ENABLE_BTI \ 1157 ENABLE_MPAM_FOR_LOWER_ELS \ 1158 ENABLE_PAUTH \ 1159 ENABLE_PIE \ 1160 ENABLE_PMF \ 1161 ENABLE_PSCI_STAT \ 1162 ENABLE_RME \ 1163 ENABLE_RUNTIME_INSTRUMENTATION \ 1164 ENABLE_SME_FOR_NS \ 1165 ENABLE_SME_FOR_SWD \ 1166 ENABLE_SPE_FOR_LOWER_ELS \ 1167 ENABLE_SVE_FOR_NS \ 1168 ENABLE_SVE_FOR_SWD \ 1169 ENCRYPT_BL31 \ 1170 ENCRYPT_BL32 \ 1171 ERROR_DEPRECATED \ 1172 FAULT_INJECTION_SUPPORT \ 1173 GICV2_G0_FOR_EL3 \ 1174 HANDLE_EA_EL3_FIRST \ 1175 HW_ASSISTED_COHERENCY \ 1176 LOG_LEVEL \ 1177 MEASURED_BOOT \ 1178 DRTM_SUPPORT \ 1179 NS_TIMER_SWITCH \ 1180 PL011_GENERIC_UART \ 1181 PLAT_${PLAT} \ 1182 PLAT_RSS_NOT_SUPPORTED \ 1183 PROGRAMMABLE_RESET_ADDRESS \ 1184 PSCI_EXTENDED_STATE_ID \ 1185 RAS_EXTENSION \ 1186 RESET_TO_BL31 \ 1187 RESET_TO_BL31_WITH_PARAMS \ 1188 SEPARATE_CODE_AND_RODATA \ 1189 SEPARATE_BL2_NOLOAD_REGION \ 1190 SEPARATE_NOBITS_REGION \ 1191 RECLAIM_INIT_CODE \ 1192 SPD_${SPD} \ 1193 SPIN_ON_BL1_EXIT \ 1194 SPM_MM \ 1195 SPMC_AT_EL3 \ 1196 SPMD_SPM_AT_SEL2 \ 1197 TRUSTED_BOARD_BOOT \ 1198 CRYPTO_SUPPORT \ 1199 TRNG_SUPPORT \ 1200 USE_COHERENT_MEM \ 1201 USE_DEBUGFS \ 1202 ARM_IO_IN_DTB \ 1203 SDEI_IN_FCONF \ 1204 SEC_INT_DESC_IN_FCONF \ 1205 USE_ROMLIB \ 1206 USE_TBBR_DEFS \ 1207 WARMBOOT_ENABLE_DCACHE_EARLY \ 1208 BL2_AT_EL3 \ 1209 BL2_IN_XIP_MEM \ 1210 BL2_INV_DCACHE \ 1211 USE_SPINLOCK_CAS \ 1212 ERRATA_SPECULATIVE_AT \ 1213 RAS_TRAP_NS_ERR_REC_ACCESS \ 1214 COT_DESC_IN_DTB \ 1215 USE_SP804_TIMER \ 1216 ENABLE_FEAT_RNG \ 1217 ENABLE_FEAT_RNG_TRAP \ 1218 ENABLE_FEAT_SB \ 1219 ENABLE_FEAT_DIT \ 1220 NR_OF_FW_BANKS \ 1221 NR_OF_IMAGES_IN_FW_BANK \ 1222 PSA_FWU_SUPPORT \ 1223 ENABLE_BRBE_FOR_NS \ 1224 ENABLE_TRBE_FOR_NS \ 1225 ENABLE_SYS_REG_TRACE_FOR_NS \ 1226 ENABLE_TRF_FOR_NS \ 1227 ENABLE_FEAT_HCX \ 1228 ENABLE_MPMM \ 1229 ENABLE_MPMM_FCONF \ 1230 ENABLE_FEAT_FGT \ 1231 ENABLE_FEAT_AMUv1 \ 1232 ENABLE_FEAT_ECV \ 1233 SIMICS_BUILD \ 1234 ENABLE_FEAT_AMUv1p1 \ 1235 ENABLE_FEAT_SEL2 \ 1236 ENABLE_FEAT_VHE \ 1237 ENABLE_FEAT_CSV2_2 \ 1238 ENABLE_FEAT_PAN \ 1239 FEATURE_DETECTION \ 1240 TWED_DELAY \ 1241 ENABLE_FEAT_TWED \ 1242))) 1243 1244ifeq (${SANITIZE_UB},trap) 1245 $(eval $(call add_define,MONITOR_TRAPS)) 1246endif 1247 1248# Define the EL3_PAYLOAD_BASE flag only if it is provided. 1249ifdef EL3_PAYLOAD_BASE 1250 $(eval $(call add_define,EL3_PAYLOAD_BASE)) 1251else 1252 # Define the PRELOADED_BL33_BASE flag only if it is provided and 1253 # EL3_PAYLOAD_BASE is not defined, as it has priority. 1254 ifdef PRELOADED_BL33_BASE 1255 $(eval $(call add_define,PRELOADED_BL33_BASE)) 1256 endif 1257endif 1258 1259# Define the DYN_DISABLE_AUTH flag only if set. 1260ifeq (${DYN_DISABLE_AUTH},1) 1261$(eval $(call add_define,DYN_DISABLE_AUTH)) 1262endif 1263 1264ifneq ($(findstring armlink,$(notdir $(LD))),) 1265$(eval $(call add_define,USE_ARM_LINK)) 1266endif 1267 1268# Generate and include sp_gen.mk if SPD is spmd and SP_LAYOUT_FILE is defined 1269ifeq (${SPD},spmd) 1270ifdef SP_LAYOUT_FILE 1271 -include $(BUILD_PLAT)/sp_gen.mk 1272 FIP_DEPS += sp 1273 CRT_DEPS += sp 1274 NEED_SP_PKG := yes 1275else 1276 ifeq (${SPMD_SPM_AT_SEL2},1) 1277 $(error "SPMD with SPM at S-EL2 require SP_LAYOUT_FILE") 1278 endif 1279endif 1280endif 1281 1282################################################################################ 1283# Build targets 1284################################################################################ 1285 1286.PHONY: all msg_start clean realclean distclean cscope locate-checkpatch checkcodebase checkpatch fiptool sptool fip sp fwu_fip certtool dtbs memmap doc enctool 1287.SUFFIXES: 1288 1289all: msg_start 1290 1291msg_start: 1292 @echo "Building ${PLAT}" 1293 1294ifeq (${ERROR_DEPRECATED},0) 1295# Check if deprecated declarations and cpp warnings should be treated as error or not. 1296ifneq ($(findstring clang,$(notdir $(CC))),) 1297 CPPFLAGS += -Wno-error=deprecated-declarations 1298else 1299 CPPFLAGS += -Wno-error=deprecated-declarations -Wno-error=cpp 1300endif 1301endif # !ERROR_DEPRECATED 1302 1303$(eval $(call MAKE_LIB_DIRS)) 1304$(eval $(call MAKE_LIB,c)) 1305 1306# Expand build macros for the different images 1307ifeq (${NEED_BL1},yes) 1308BL1_SOURCES := $(sort ${BL1_SOURCES}) 1309 1310$(eval $(call MAKE_BL,bl1)) 1311endif 1312 1313ifeq (${NEED_BL2},yes) 1314ifeq (${BL2_AT_EL3}, 0) 1315FIP_BL2_ARGS := tb-fw 1316endif 1317 1318BL2_SOURCES := $(sort ${BL2_SOURCES}) 1319 1320$(if ${BL2}, $(eval $(call TOOL_ADD_IMG,bl2,--${FIP_BL2_ARGS})),\ 1321 $(eval $(call MAKE_BL,bl2,${FIP_BL2_ARGS}))) 1322endif 1323 1324ifeq (${NEED_SCP_BL2},yes) 1325$(eval $(call TOOL_ADD_IMG,scp_bl2,--scp-fw)) 1326endif 1327 1328ifeq (${NEED_BL31},yes) 1329BL31_SOURCES += ${SPD_SOURCES} 1330# Sort BL31 source files to remove duplicates 1331BL31_SOURCES := $(sort ${BL31_SOURCES}) 1332ifneq (${DECRYPTION_SUPPORT},none) 1333$(if ${BL31}, $(eval $(call TOOL_ADD_IMG,bl31,--soc-fw,,$(ENCRYPT_BL31))),\ 1334 $(eval $(call MAKE_BL,bl31,soc-fw,,$(ENCRYPT_BL31)))) 1335else 1336$(if ${BL31}, $(eval $(call TOOL_ADD_IMG,bl31,--soc-fw)),\ 1337 $(eval $(call MAKE_BL,bl31,soc-fw))) 1338endif 1339endif 1340 1341# If a BL32 image is needed but neither BL32 nor BL32_SOURCES is defined, the 1342# build system will call TOOL_ADD_IMG to print a warning message and abort the 1343# process. Note that the dependency on BL32 applies to the FIP only. 1344ifeq (${NEED_BL32},yes) 1345# Sort BL32 source files to remove duplicates 1346BL32_SOURCES := $(sort ${BL32_SOURCES}) 1347BUILD_BL32 := $(if $(BL32),,$(if $(BL32_SOURCES),1)) 1348 1349ifneq (${DECRYPTION_SUPPORT},none) 1350$(if ${BUILD_BL32}, $(eval $(call MAKE_BL,bl32,tos-fw,,$(ENCRYPT_BL32))),\ 1351 $(eval $(call TOOL_ADD_IMG,bl32,--tos-fw,,$(ENCRYPT_BL32)))) 1352else 1353$(if ${BUILD_BL32}, $(eval $(call MAKE_BL,bl32,tos-fw)),\ 1354 $(eval $(call TOOL_ADD_IMG,bl32,--tos-fw))) 1355endif 1356endif 1357 1358# If RMM image is needed but RMM is not defined, Test Realm Payload (TRP) 1359# needs to be built from RMM_SOURCES. 1360ifeq (${NEED_RMM},yes) 1361# Sort RMM source files to remove duplicates 1362RMM_SOURCES := $(sort ${RMM_SOURCES}) 1363BUILD_RMM := $(if $(RMM),,$(if $(RMM_SOURCES),1)) 1364 1365$(if ${BUILD_RMM}, $(eval $(call MAKE_BL,rmm,rmm-fw)),\ 1366 $(eval $(call TOOL_ADD_IMG,rmm,--rmm-fw))) 1367endif 1368 1369# Add the BL33 image if required by the platform 1370ifeq (${NEED_BL33},yes) 1371$(eval $(call TOOL_ADD_IMG,bl33,--nt-fw)) 1372endif 1373 1374ifeq (${NEED_BL2U},yes) 1375$(if ${BL2U}, $(eval $(call TOOL_ADD_IMG,bl2u,--ap-fwu-cfg,FWU_)),\ 1376 $(eval $(call MAKE_BL,bl2u,ap-fwu-cfg,FWU_))) 1377endif 1378 1379# Expand build macros for the different images 1380ifeq (${NEED_FDT},yes) 1381 $(eval $(call MAKE_DTBS,$(BUILD_PLAT)/fdts,$(FDT_SOURCES))) 1382endif 1383 1384# Add Secure Partition packages 1385ifeq (${NEED_SP_PKG},yes) 1386$(BUILD_PLAT)/sp_gen.mk: ${SP_MK_GEN} ${SP_LAYOUT_FILE} | ${BUILD_PLAT} 1387 ${Q}${PYTHON} "$<" "$@" $(filter-out $<,$^) $(BUILD_PLAT) ${COT} 1388sp: $(DTBS) $(BUILD_PLAT)/sp_gen.mk $(SP_PKGS) 1389 @${ECHO_BLANK_LINE} 1390 @echo "Built SP Images successfully" 1391 @${ECHO_BLANK_LINE} 1392endif 1393 1394locate-checkpatch: 1395ifndef CHECKPATCH 1396 $(error "Please set CHECKPATCH to point to the Linux checkpatch.pl file, eg: CHECKPATCH=../linux/scripts/checkpatch.pl") 1397else 1398ifeq (,$(wildcard ${CHECKPATCH})) 1399 $(error "The file CHECKPATCH points to cannot be found, use eg: CHECKPATCH=../linux/scripts/checkpatch.pl") 1400endif 1401endif 1402 1403clean: 1404 @echo " CLEAN" 1405 $(call SHELL_REMOVE_DIR,${BUILD_PLAT}) 1406ifdef UNIX_MK 1407 ${Q}${MAKE} --no-print-directory -C ${FIPTOOLPATH} clean 1408else 1409# Clear the MAKEFLAGS as we do not want 1410# to pass the gnumake flags to nmake. 1411 ${Q}set MAKEFLAGS= && ${MSVC_NMAKE} /nologo /f ${FIPTOOLPATH}/Makefile.msvc FIPTOOLPATH=$(subst /,\,$(FIPTOOLPATH)) FIPTOOL=$(subst /,\,$(FIPTOOL)) clean 1412endif 1413 ${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${CRTTOOLPATH} clean 1414 ${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${ENCTOOLPATH} clean 1415 ${Q}${MAKE} --no-print-directory -C ${ROMLIBPATH} clean 1416 1417realclean distclean: 1418 @echo " REALCLEAN" 1419 $(call SHELL_REMOVE_DIR,${BUILD_BASE}) 1420 $(call SHELL_DELETE_ALL, ${CURDIR}/cscope.*) 1421ifdef UNIX_MK 1422 ${Q}${MAKE} --no-print-directory -C ${FIPTOOLPATH} clean 1423else 1424# Clear the MAKEFLAGS as we do not want 1425# to pass the gnumake flags to nmake. 1426 ${Q}set MAKEFLAGS= && ${MSVC_NMAKE} /nologo /f ${FIPTOOLPATH}/Makefile.msvc FIPTOOLPATH=$(subst /,\,$(FIPTOOLPATH)) FIPTOOL=$(subst /,\,$(FIPTOOL)) realclean 1427endif 1428 ${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${CRTTOOLPATH} realclean 1429 ${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${ENCTOOLPATH} realclean 1430 ${Q}${MAKE} --no-print-directory -C ${ROMLIBPATH} clean 1431 1432checkcodebase: locate-checkpatch 1433 @echo " CHECKING STYLE" 1434 @if test -d .git ; then \ 1435 git ls-files | grep -E -v 'libfdt|libc|docs|\.rst' | \ 1436 while read GIT_FILE ; \ 1437 do ${CHECKPATCH} ${CHECKCODE_ARGS} -f $$GIT_FILE ; \ 1438 done ; \ 1439 else \ 1440 find . -type f -not -iwholename "*.git*" \ 1441 -not -iwholename "*build*" \ 1442 -not -iwholename "*libfdt*" \ 1443 -not -iwholename "*libc*" \ 1444 -not -iwholename "*docs*" \ 1445 -not -iwholename "*.rst" \ 1446 -exec ${CHECKPATCH} ${CHECKCODE_ARGS} -f {} \; ; \ 1447 fi 1448 1449checkpatch: locate-checkpatch 1450 @echo " CHECKING STYLE" 1451 @if test -n "${CHECKPATCH_OPTS}"; then \ 1452 echo " with ${CHECKPATCH_OPTS} option(s)"; \ 1453 fi 1454 ${Q}COMMON_COMMIT=$$(git merge-base HEAD ${BASE_COMMIT}); \ 1455 for commit in `git rev-list --no-merges $$COMMON_COMMIT..HEAD`; \ 1456 do \ 1457 printf "\n[*] Checking style of '$$commit'\n\n"; \ 1458 git log --format=email "$$commit~..$$commit" \ 1459 -- ${CHECK_PATHS} | \ 1460 ${CHECKPATCH} ${CHECKPATCH_OPTS} - || true; \ 1461 git diff --format=email "$$commit~..$$commit" \ 1462 -- ${CHECK_PATHS} | \ 1463 ${CHECKPATCH} ${CHECKPATCH_OPTS} - || true; \ 1464 done 1465 1466certtool: ${CRTTOOL} 1467 1468${CRTTOOL}: FORCE 1469 ${Q}${MAKE} PLAT=${PLAT} USE_TBBR_DEFS=${USE_TBBR_DEFS} COT=${COT} OPENSSL_DIR=${OPENSSL_DIR} CRTTOOL=${CRTTOOL} --no-print-directory -C ${CRTTOOLPATH} 1470 @${ECHO_BLANK_LINE} 1471 @echo "Built $@ successfully" 1472 @${ECHO_BLANK_LINE} 1473 1474ifneq (${GENERATE_COT},0) 1475certificates: ${CRT_DEPS} ${CRTTOOL} 1476 ${Q}${CRTTOOL} ${CRT_ARGS} 1477 @${ECHO_BLANK_LINE} 1478 @echo "Built $@ successfully" 1479 @echo "Certificates can be found in ${BUILD_PLAT}" 1480 @${ECHO_BLANK_LINE} 1481endif 1482 1483${BUILD_PLAT}/${FIP_NAME}: ${FIP_DEPS} ${FIPTOOL} 1484 $(eval ${CHECK_FIP_CMD}) 1485 ${Q}${FIPTOOL} create ${FIP_ARGS} $@ 1486 ${Q}${FIPTOOL} info $@ 1487 @${ECHO_BLANK_LINE} 1488 @echo "Built $@ successfully" 1489 @${ECHO_BLANK_LINE} 1490 1491ifneq (${GENERATE_COT},0) 1492fwu_certificates: ${FWU_CRT_DEPS} ${CRTTOOL} 1493 ${Q}${CRTTOOL} ${FWU_CRT_ARGS} 1494 @${ECHO_BLANK_LINE} 1495 @echo "Built $@ successfully" 1496 @echo "FWU certificates can be found in ${BUILD_PLAT}" 1497 @${ECHO_BLANK_LINE} 1498endif 1499 1500${BUILD_PLAT}/${FWU_FIP_NAME}: ${FWU_FIP_DEPS} ${FIPTOOL} 1501 $(eval ${CHECK_FWU_FIP_CMD}) 1502 ${Q}${FIPTOOL} create ${FWU_FIP_ARGS} $@ 1503 ${Q}${FIPTOOL} info $@ 1504 @${ECHO_BLANK_LINE} 1505 @echo "Built $@ successfully" 1506 @${ECHO_BLANK_LINE} 1507 1508fiptool: ${FIPTOOL} 1509fip: ${BUILD_PLAT}/${FIP_NAME} 1510fwu_fip: ${BUILD_PLAT}/${FWU_FIP_NAME} 1511 1512${FIPTOOL}: FORCE 1513ifdef UNIX_MK 1514 ${Q}${MAKE} CPPFLAGS="-DVERSION='\"${VERSION_STRING}\"'" FIPTOOL=${FIPTOOL} OPENSSL_DIR=${OPENSSL_DIR} --no-print-directory -C ${FIPTOOLPATH} 1515else 1516# Clear the MAKEFLAGS as we do not want 1517# to pass the gnumake flags to nmake. 1518 ${Q}set MAKEFLAGS= && ${MSVC_NMAKE} /nologo /f ${FIPTOOLPATH}/Makefile.msvc FIPTOOLPATH=$(subst /,\,$(FIPTOOLPATH)) FIPTOOL=$(subst /,\,$(FIPTOOL)) 1519endif 1520 1521romlib.bin: libraries FORCE 1522 ${Q}${MAKE} PLAT_DIR=${PLAT_DIR} BUILD_PLAT=${BUILD_PLAT} ENABLE_BTI=${ENABLE_BTI} ARM_ARCH_MINOR=${ARM_ARCH_MINOR} INCLUDES='${INCLUDES}' DEFINES='${DEFINES}' --no-print-directory -C ${ROMLIBPATH} all 1523 1524# Call print_memory_map tool 1525memmap: all 1526 ${Q}${PYTHON} ${PRINT_MEMORY_MAP} ${BUILD_PLAT} ${INVERTED_MEMMAP} 1527 1528doc: 1529 @echo " BUILD DOCUMENTATION" 1530 ${Q}${MAKE} --no-print-directory -C ${DOCS_PATH} html 1531 1532enctool: ${ENCTOOL} 1533 1534${ENCTOOL}: FORCE 1535 ${Q}${MAKE} PLAT=${PLAT} BUILD_INFO=0 OPENSSL_DIR=${OPENSSL_DIR} ENCTOOL=${ENCTOOL} --no-print-directory -C ${ENCTOOLPATH} 1536 @${ECHO_BLANK_LINE} 1537 @echo "Built $@ successfully" 1538 @${ECHO_BLANK_LINE} 1539 1540cscope: 1541 @echo " CSCOPE" 1542 ${Q}find ${CURDIR} -name "*.[chsS]" > cscope.files 1543 ${Q}cscope -b -q -k 1544 1545help: 1546 @echo "usage: ${MAKE} [PLAT=<platform>] [OPTIONS] [TARGET]" 1547 @echo "" 1548 @echo "PLAT is used to specify which platform you wish to build." 1549 @echo "If no platform is specified, PLAT defaults to: ${DEFAULT_PLAT}" 1550 @echo "" 1551 @echo "platform = ${PLATFORM_LIST}" 1552 @echo "" 1553 @echo "Please refer to the User Guide for a list of all supported options." 1554 @echo "Note that the build system doesn't track dependencies for build " 1555 @echo "options. Therefore, if any of the build options are changed " 1556 @echo "from a previous build, a clean build must be performed." 1557 @echo "" 1558 @echo "Supported Targets:" 1559 @echo " all Build all individual bootloader binaries" 1560 @echo " bl1 Build the BL1 binary" 1561 @echo " bl2 Build the BL2 binary" 1562 @echo " bl2u Build the BL2U binary" 1563 @echo " bl31 Build the BL31 binary" 1564 @echo " bl32 Build the BL32 binary. If ARCH=aarch32, then " 1565 @echo " this builds secure payload specified by AARCH32_SP" 1566 @echo " certificates Build the certificates (requires 'GENERATE_COT=1')" 1567 @echo " fip Build the Firmware Image Package (FIP)" 1568 @echo " fwu_fip Build the FWU Firmware Image Package (FIP)" 1569 @echo " checkcodebase Check the coding style of the entire source tree" 1570 @echo " checkpatch Check the coding style on changes in the current" 1571 @echo " branch against BASE_COMMIT (default origin/master)" 1572 @echo " clean Clean the build for the selected platform" 1573 @echo " cscope Generate cscope index" 1574 @echo " distclean Remove all build artifacts for all platforms" 1575 @echo " certtool Build the Certificate generation tool" 1576 @echo " enctool Build the Firmware encryption tool" 1577 @echo " fiptool Build the Firmware Image Package (FIP) creation tool" 1578 @echo " sp Build the Secure Partition Packages" 1579 @echo " sptool Build the Secure Partition Package creation tool" 1580 @echo " dtbs Build the Device Tree Blobs (if required for the platform)" 1581 @echo " memmap Print the memory map of the built binaries" 1582 @echo " doc Build html based documentation using Sphinx tool" 1583 @echo "" 1584 @echo "Note: most build targets require PLAT to be set to a specific platform." 1585 @echo "" 1586 @echo "example: build all targets for the FVP platform:" 1587 @echo " CROSS_COMPILE=aarch64-none-elf- make PLAT=fvp all" 1588 1589.PHONY: FORCE 1590FORCE:; 1591