1# 2# Copyright (c) 2013-2025, Arm Limited and Contributors. All rights reserved. 3# 4# SPDX-License-Identifier: BSD-3-Clause 5# 6 7# 8# Trusted Firmware Version 9# 10VERSION_MAJOR := 2 11VERSION_MINOR := 12 12# VERSION_PATCH is only used for LTS releases 13VERSION_PATCH := 0 14VERSION := ${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH} 15 16# Default goal is build all images 17.DEFAULT_GOAL := all 18 19# Avoid any implicit propagation of command line variable definitions to 20# sub-Makefiles, like CFLAGS that we reserved for the firmware images' 21# usage. Other command line options like "-s" are still propagated as usual. 22MAKEOVERRIDES = 23 24MAKE_HELPERS_DIRECTORY := make_helpers/ 25include ${MAKE_HELPERS_DIRECTORY}build_macros.mk 26include ${MAKE_HELPERS_DIRECTORY}build-rules.mk 27include ${MAKE_HELPERS_DIRECTORY}common.mk 28 29################################################################################ 30# Default values for build configurations, and their dependencies 31################################################################################ 32 33include ${MAKE_HELPERS_DIRECTORY}defaults.mk 34PLAT := ${DEFAULT_PLAT} 35include ${MAKE_HELPERS_DIRECTORY}plat_helpers.mk 36 37# To be able to set platform specific defaults 38ifneq ($(PLAT_DEFAULTS_MAKEFILE_FULL),) 39include ${PLAT_DEFAULTS_MAKEFILE_FULL} 40endif 41 42################################################################################ 43# Configure the toolchains used to build TF-A and its tools 44################################################################################ 45 46include ${MAKE_HELPERS_DIRECTORY}toolchain.mk 47 48# Assertions enabled for DEBUG builds by default 49ENABLE_ASSERTIONS := ${DEBUG} 50ENABLE_PMF := ${ENABLE_RUNTIME_INSTRUMENTATION} 51 52################################################################################ 53# Checkpatch script options 54################################################################################ 55 56CHECKCODE_ARGS := --no-patch 57# Do not check the coding style on imported library files or documentation files 58INC_DRV_DIRS_TO_CHECK := $(sort $(filter-out \ 59 include/drivers/arm, \ 60 $(wildcard include/drivers/*))) 61INC_LIB_DIRS_TO_CHECK := $(sort $(filter-out \ 62 include/lib/libfdt \ 63 include/lib/libc, \ 64 $(wildcard include/lib/*))) 65INC_DIRS_TO_CHECK := $(sort $(filter-out \ 66 include/lib \ 67 include/drivers, \ 68 $(wildcard include/*))) 69LIB_DIRS_TO_CHECK := $(sort $(filter-out \ 70 lib/compiler-rt \ 71 lib/libfdt% \ 72 lib/libc, \ 73 lib/zlib \ 74 $(wildcard lib/*))) 75ROOT_DIRS_TO_CHECK := $(sort $(filter-out \ 76 lib \ 77 include \ 78 docs \ 79 %.rst, \ 80 $(wildcard *))) 81CHECK_PATHS := ${ROOT_DIRS_TO_CHECK} \ 82 ${INC_DIRS_TO_CHECK} \ 83 ${INC_LIB_DIRS_TO_CHECK} \ 84 ${LIB_DIRS_TO_CHECK} \ 85 ${INC_DRV_DIRS_TO_CHECK} \ 86 ${INC_ARM_DIRS_TO_CHECK} 87 88################################################################################ 89# Process build options 90################################################################################ 91 92ifeq ($(verbose),) 93 CHECKCODE_ARGS += --no-summary --terse 94endif 95 96################################################################################ 97# Auxiliary tools (fiptool, cert_create, etc) 98################################################################################ 99 100# Variables for use with Certificate Generation Tool 101CRTTOOLPATH ?= tools/cert_create 102CRTTOOL ?= ${CRTTOOLPATH}/cert_create$(.exe) 103 104# Variables for use with Firmware Encryption Tool 105ENCTOOLPATH ?= tools/encrypt_fw 106ENCTOOL ?= ${ENCTOOLPATH}/encrypt_fw$(.exe) 107 108# Variables for use with Firmware Image Package 109FIPTOOLPATH ?= tools/fiptool 110FIPTOOL ?= ${FIPTOOLPATH}/fiptool$(.exe) 111 112# Variables for use with sptool 113SPTOOLPATH ?= tools/sptool 114SPTOOL ?= ${SPTOOLPATH}/sptool.py 115SP_MK_GEN ?= ${SPTOOLPATH}/sp_mk_generator.py 116SP_DTS_LIST_FRAGMENT ?= ${BUILD_PLAT}/sp_list_fragment.dts 117 118# Variables for use with sptool 119TLCTOOL ?= poetry run tlc 120 121# Variables for use with ROMLIB 122ROMLIBPATH ?= lib/romlib 123 124# Variable for use with Python 125PYTHON ?= python3 126 127# Variables for use with documentation build using Sphinx tool 128DOCS_PATH ?= docs 129 130################################################################################ 131# Compiler Configuration based on ARCH_MAJOR and ARCH_MINOR flags 132################################################################################ 133ifeq (${ARM_ARCH_MAJOR},7) 134 target32-directive = -target arm-none-eabi 135# Will set march-directive from platform configuration 136else 137 target32-directive = -target armv8a-none-eabi 138endif #(ARM_ARCH_MAJOR) 139 140################################################################################ 141# Get Architecture Feature Modifiers 142################################################################################ 143arch-features = ${ARM_ARCH_FEATURE} 144 145ifneq ($(filter %-clang,$($(ARCH)-cc-id)),) 146 ifeq ($($(ARCH)-cc-id),arm-clang) 147 TF_CFLAGS_aarch32 := -target arm-arm-none-eabi 148 TF_CFLAGS_aarch64 := -target aarch64-arm-none-eabi 149 else 150 TF_CFLAGS_aarch32 = $(target32-directive) 151 TF_CFLAGS_aarch64 := -target aarch64-unknown-none-elf 152 endif 153 154else ifeq ($($(ARCH)-cc-id),gnu-gcc) 155 # Enable LTO only for aarch64 156 ifeq (${ARCH},aarch64) 157 LTO_CFLAGS = $(if $(filter-out 0,$(ENABLE_LTO)),-flto) 158 endif 159endif #(clang) 160 161# Process Debug flag 162$(eval $(call add_define,DEBUG)) 163ifneq (${DEBUG}, 0) 164 BUILD_TYPE := debug 165 TF_CFLAGS += -g -gdwarf-4 166 ASFLAGS += -g -Wa,-gdwarf-4 167 168 # Use LOG_LEVEL_INFO by default for debug builds 169 LOG_LEVEL := 40 170else 171 BUILD_TYPE := release 172 # Use LOG_LEVEL_NOTICE by default for release builds 173 LOG_LEVEL := 20 174endif #(Debug) 175 176# Default build string (git branch and commit) 177ifeq (${BUILD_STRING},) 178 BUILD_STRING := $(shell git describe --always --dirty --tags 2> /dev/null) 179endif 180VERSION_STRING := v${VERSION}(${BUILD_TYPE}):${BUILD_STRING} 181 182ifeq (${AARCH32_INSTRUCTION_SET},A32) 183 TF_CFLAGS_aarch32 += -marm 184else ifeq (${AARCH32_INSTRUCTION_SET},T32) 185 TF_CFLAGS_aarch32 += -mthumb 186else 187 $(error Error: Unknown AArch32 instruction set ${AARCH32_INSTRUCTION_SET}) 188endif #(AARCH32_INSTRUCTION_SET) 189 190TF_CFLAGS_aarch32 += -mno-unaligned-access 191TF_CFLAGS_aarch64 += -mgeneral-regs-only -mstrict-align 192 193############################################################################## 194# WARNINGS Configuration 195############################################################################### 196# General warnings 197WARNINGS := -Wall -Wmissing-include-dirs -Wunused \ 198 -Wdisabled-optimization -Wvla -Wshadow \ 199 -Wredundant-decls 200# stricter warnings 201WARNINGS += -Wextra -Wno-trigraphs 202# too verbose for generic build 203WARNINGS += -Wno-missing-field-initializers \ 204 -Wno-type-limits -Wno-sign-compare \ 205# on clang this flag gets reset if -Wextra is set after it. No difference on gcc 206WARNINGS += -Wno-unused-parameter 207 208# Additional warnings 209# Level 1 - infrequent warnings we should have none of 210# full -Wextra 211WARNING1 += -Wsign-compare 212WARNING1 += -Wtype-limits 213WARNING1 += -Wmissing-field-initializers 214 215# Level 2 - problematic warnings that we want 216# zlib, compiler-rt, coreboot, and mbdedtls blow up with these 217# TODO: disable just for them and move into default build 218WARNING2 += -Wold-style-definition 219WARNING2 += -Wmissing-prototypes 220WARNING2 += -Wmissing-format-attribute 221# TF-A aims to comply with this eventually. Effort too large at present 222WARNING2 += -Wundef 223# currently very involved and many platforms set this off 224WARNING2 += -Wunused-const-variable=2 225 226# Level 3 - very pedantic, frequently ignored 227WARNING3 := -Wbad-function-cast 228WARNING3 += -Waggregate-return 229WARNING3 += -Wnested-externs 230WARNING3 += -Wcast-align 231WARNING3 += -Wcast-qual 232WARNING3 += -Wconversion 233WARNING3 += -Wpacked 234WARNING3 += -Wpointer-arith 235WARNING3 += -Wswitch-default 236 237# Setting W is quite verbose and most warnings will be pre-existing issues 238# outside of the contributor's control. Don't fail the build on them so warnings 239# can be seen and hopefully addressed 240ifdef W 241 ifneq (${W},0) 242 E ?= 0 243 endif 244endif 245 246ifeq (${W},1) 247 WARNINGS += $(WARNING1) 248else ifeq (${W},2) 249 WARNINGS += $(WARNING1) $(WARNING2) 250else ifeq (${W},3) 251 WARNINGS += $(WARNING1) $(WARNING2) $(WARNING3) 252endif #(W) 253 254# Compiler specific warnings 255ifeq ($(filter %-clang,$($(ARCH)-cc-id)),) 256# not using clang 257WARNINGS += -Wunused-but-set-variable -Wmaybe-uninitialized \ 258 -Wpacked-bitfield-compat -Wshift-overflow=2 \ 259 -Wlogical-op 260 261# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105523 262TF_CFLAGS_MIN_PAGE_SIZE := $(call cc_option, --param=min-pagesize=0) 263TF_CFLAGS += $(TF_CFLAGS_MIN_PAGE_SIZE) 264 265ifeq ($(HARDEN_SLS), 1) 266 TF_CFLAGS_MHARDEN_SLS := $(call cc_option, -mharden-sls=all) 267 TF_CFLAGS_aarch64 += $(TF_CFLAGS_MHARDEN_SLS) 268endif 269 270else 271# using clang 272WARNINGS += -Wshift-overflow -Wshift-sign-overflow \ 273 -Wlogical-op-parentheses 274endif #(Clang Warning) 275 276ifneq (${E},0) 277 ERRORS := -Werror 278endif #(E) 279 280################################################################################ 281# Compiler and Linker Directives 282################################################################################ 283CPPFLAGS = ${DEFINES} ${INCLUDES} ${MBEDTLS_INC} -nostdinc \ 284 $(ERRORS) $(WARNINGS) 285ASFLAGS += $(CPPFLAGS) \ 286 -ffreestanding -Wa,--fatal-warnings 287TF_CFLAGS += $(CPPFLAGS) $(TF_CFLAGS_$(ARCH)) \ 288 -ffunction-sections -fdata-sections \ 289 -ffreestanding -fno-common \ 290 -Os -std=gnu99 291 292ifeq (${SANITIZE_UB},on) 293 TF_CFLAGS += -fsanitize=undefined -fno-sanitize-recover 294endif #(${SANITIZE_UB},on) 295 296ifeq (${SANITIZE_UB},trap) 297 TF_CFLAGS += -fsanitize=undefined -fno-sanitize-recover \ 298 -fsanitize-undefined-trap-on-error 299endif #(${SANITIZE_UB},trap) 300 301GCC_V_OUTPUT := $(if $($(ARCH)-cc),$(shell $($(ARCH)-cc) -v 2>&1)) 302 303TF_LDFLAGS += -z noexecstack 304 305# LD = armlink 306ifeq ($($(ARCH)-ld-id),arm-link) 307 TF_LDFLAGS += --diag_error=warning --lto_level=O1 308 TF_LDFLAGS += --remove --info=unused,unusedsymbols 309 TF_LDFLAGS += $(TF_LDFLAGS_$(ARCH)) 310 311# LD = gcc (used when GCC LTO is enabled) 312else ifeq ($($(ARCH)-ld-id),gnu-gcc) 313 # Pass ld options with Wl or Xlinker switches 314 TF_LDFLAGS += $(call ld_option,-Xlinker --no-warn-rwx-segments) 315 TF_LDFLAGS += -Wl,--fatal-warnings -O1 316 TF_LDFLAGS += -Wl,--gc-sections 317 318 TF_LDFLAGS += -Wl,-z,common-page-size=4096 #Configure page size constants 319 TF_LDFLAGS += -Wl,-z,max-page-size=4096 320 TF_LDFLAGS += -Wl,--build-id=none 321 322 ifeq ($(ENABLE_LTO),1) 323 ifeq (${ARCH},aarch64) 324 TF_LDFLAGS += -flto -fuse-linker-plugin 325 TF_LDFLAGS += -flto-partition=one 326 endif 327 endif #(ENABLE_LTO) 328 329# GCC automatically adds fix-cortex-a53-843419 flag when used to link 330# which breaks some builds, so disable if errata fix is not explicitly enabled 331 ifeq (${ARCH},aarch64) 332 ifneq (${ERRATA_A53_843419},1) 333 TF_LDFLAGS += -mno-fix-cortex-a53-843419 334 endif 335 endif 336 TF_LDFLAGS += -nostdlib 337 TF_LDFLAGS += $(subst --,-Xlinker --,$(TF_LDFLAGS_$(ARCH))) 338 339# LD = gcc-ld (ld) or llvm-ld (ld.lld) or other 340else 341# With ld.bfd version 2.39 and newer new warnings are added. Skip those since we 342# are not loaded by a elf loader. 343 TF_LDFLAGS += $(call ld_option, --no-warn-rwx-segments) 344 TF_LDFLAGS += -O1 345 TF_LDFLAGS += --gc-sections 346 347 TF_LDFLAGS += -z common-page-size=4096 # Configure page size constants 348 TF_LDFLAGS += -z max-page-size=4096 349 TF_LDFLAGS += --build-id=none 350 351# ld.lld doesn't recognize the errata flags, 352# therefore don't add those in that case. 353# ld.lld reports section type mismatch warnings, 354# therefore don't add --fatal-warnings to it. 355 ifneq ($($(ARCH)-ld-id),llvm-lld) 356 TF_LDFLAGS += $(TF_LDFLAGS_$(ARCH)) --fatal-warnings 357 endif 358 359endif #(LD = armlink) 360 361################################################################################ 362# Setup ARCH_MAJOR/MINOR before parsing arch_features. 363################################################################################ 364ifeq (${ENABLE_RME},1) 365 ARM_ARCH_MAJOR := 9 366 ARM_ARCH_MINOR := 2 367endif 368 369################################################################################ 370# Common sources and include directories 371################################################################################ 372include lib/compiler-rt/compiler-rt.mk 373 374# Allow overriding the timestamp, for example for reproducible builds, or to 375# synchronize timestamps across multiple projects. 376# This must be set to a C string (including quotes where applicable). 377BUILD_MESSAGE_TIMESTAMP ?= __TIME__", "__DATE__ 378 379DEFINES += -DBUILD_MESSAGE_TIMESTAMP='$(BUILD_MESSAGE_TIMESTAMP)' 380DEFINES += -DBUILD_MESSAGE_VERSION_STRING='"$(VERSION_STRING)"' 381DEFINES += -DBUILD_MESSAGE_VERSION='"$(VERSION)"' 382 383BL_COMMON_SOURCES += common/bl_common.c \ 384 common/tf_log.c \ 385 common/${ARCH}/debug.S \ 386 drivers/console/multi_console.c \ 387 lib/${ARCH}/cache_helpers.S \ 388 lib/${ARCH}/misc_helpers.S \ 389 lib/extensions/pmuv3/${ARCH}/pmuv3.c \ 390 plat/common/plat_bl_common.c \ 391 plat/common/plat_log_common.c \ 392 plat/common/${ARCH}/plat_common.c \ 393 plat/common/${ARCH}/platform_helpers.S \ 394 ${COMPILER_RT_SRCS} 395 396ifeq ($($(ARCH)-cc-id),arm-clang) 397 BL_COMMON_SOURCES += lib/${ARCH}/armclang_printf.S 398endif 399 400ifeq (${SANITIZE_UB},on) 401 BL_COMMON_SOURCES += plat/common/ubsan.c 402endif 403 404INCLUDES += -Iinclude \ 405 -Iinclude/arch/${ARCH} \ 406 -Iinclude/lib/cpus/${ARCH} \ 407 -Iinclude/lib/el3_runtime/${ARCH} \ 408 ${PLAT_INCLUDES} \ 409 ${SPD_INCLUDES} 410 411DTC_FLAGS += -I dts -O dtb 412DTC_CPPFLAGS += -P -nostdinc $(INCLUDES) -Ifdts -undef \ 413 -x assembler-with-cpp $(DEFINES) 414 415include common/backtrace/backtrace.mk 416 417################################################################################ 418# Generic definitions 419################################################################################ 420 421ifeq (${BUILD_BASE},) 422 BUILD_BASE := ./build 423endif 424BUILD_PLAT := $(abspath ${BUILD_BASE})/${PLAT}/${BUILD_TYPE} 425 426SPDS := $(sort $(filter-out none, $(patsubst services/spd/%,%,$(wildcard services/spd/*)))) 427 428# Platforms providing their own TBB makefile may override this value 429INCLUDE_TBBR_MK := 1 430 431################################################################################ 432# Include SPD Makefile if one has been specified 433################################################################################ 434 435ifneq (${SPD},none) 436 ifeq (${SPD},spmd) 437 # SPMD is located in std_svc directory 438 SPD_DIR := std_svc 439 440 ifeq ($(SPMD_SPM_AT_SEL2),1) 441 CTX_INCLUDE_EL2_REGS := 1 442 endif 443 444 ifeq ($(findstring optee_sp,$(ARM_SPMC_MANIFEST_DTS)),optee_sp) 445 DTC_CPPFLAGS += -DOPTEE_SP_FW_CONFIG 446 endif 447 448 ifeq ($(findstring trusty_sp,$(ARM_SPMC_MANIFEST_DTS)),trusty_sp) 449 DTC_CPPFLAGS += -DTRUSTY_SP_FW_CONFIG 450 endif 451 452 ifeq ($(TS_SP_FW_CONFIG),1) 453 DTC_CPPFLAGS += -DTS_SP_FW_CONFIG 454 endif 455 456 ifneq ($(ARM_BL2_SP_LIST_DTS),) 457 DTC_CPPFLAGS += -DARM_BL2_SP_LIST_DTS=$(ARM_BL2_SP_LIST_DTS) 458 endif 459 460 ifneq ($(SP_LAYOUT_FILE),) 461 BL2_ENABLE_SP_LOAD := 1 462 endif 463 else 464 # All other SPDs in spd directory 465 SPD_DIR := spd 466 endif #(SPD) 467 468 # We expect to locate an spd.mk under the specified SPD directory 469 SPD_MAKE := $(wildcard services/${SPD_DIR}/${SPD}/${SPD}.mk) 470 471 ifeq (${SPD_MAKE},) 472 $(error Error: No services/${SPD_DIR}/${SPD}/${SPD}.mk located) 473 endif 474 $(info Including ${SPD_MAKE}) 475 include ${SPD_MAKE} 476 477 # If there's BL32 companion for the chosen SPD, we expect that the SPD's 478 # Makefile would set NEED_BL32 to "yes". In this case, the build system 479 # supports two mutually exclusive options: 480 # * BL32 is built from source: then BL32_SOURCES must contain the list 481 # of source files to build BL32 482 # * BL32 is a prebuilt binary: then BL32 must point to the image file 483 # that will be included in the FIP 484 # If both BL32_SOURCES and BL32 are defined, the binary takes precedence 485 # over the sources. 486endif #(SPD=none) 487 488################################################################################ 489# Include the platform specific Makefile after the SPD Makefile (the platform 490# makefile may use all previous definitions in this file) 491################################################################################ 492include ${PLAT_MAKEFILE_FULL} 493 494################################################################################ 495# Setup arch_features based on ARM_ARCH_MAJOR, ARM_ARCH_MINOR provided from 496# platform. 497################################################################################ 498 499include ${MAKE_HELPERS_DIRECTORY}arch_features.mk 500################################################################################ 501# Process BRANCH_PROTECTION value and set 502# Pointer Authentication and Branch Target Identification flags 503################################################################################ 504ifeq (${BRANCH_PROTECTION},0) 505 # Default value turns off all types of branch protection 506 BP_OPTION := none 507else ifneq (${ARCH},aarch64) 508 $(error BRANCH_PROTECTION requires AArch64) 509else ifeq (${BRANCH_PROTECTION},1) 510 # Enables all types of branch protection features 511 BP_OPTION := standard 512 ENABLE_BTI := 1 513 ENABLE_PAUTH := 1 514else ifeq (${BRANCH_PROTECTION},2) 515 # Return address signing to its standard level 516 BP_OPTION := pac-ret 517 ENABLE_PAUTH := 1 518else ifeq (${BRANCH_PROTECTION},3) 519 # Extend the signing to include leaf functions 520 BP_OPTION := pac-ret+leaf 521 ENABLE_PAUTH := 1 522else ifeq (${BRANCH_PROTECTION},4) 523 # Turn on branch target identification mechanism 524 BP_OPTION := bti 525 ENABLE_BTI := 1 526else ifeq (${BRANCH_PROTECTION},5) 527 # Turn on branch target identification mechanism 528 BP_OPTION := standard 529 ENABLE_BTI := 2 530 ENABLE_PAUTH := 2 531else 532 $(error Unknown BRANCH_PROTECTION value ${BRANCH_PROTECTION}) 533endif #(BRANCH_PROTECTION) 534 535ifneq ($(ENABLE_PAUTH),0) 536 CTX_INCLUDE_PAUTH_REGS := ${ENABLE_PAUTH} 537endif 538ifneq (${BP_OPTION},none) 539 TF_CFLAGS_aarch64 += -mbranch-protection=${BP_OPTION} 540endif #(BP_OPTION) 541 542# Pointer Authentication sources 543ifneq (${ENABLE_PAUTH},0) 544# arm/common/aarch64/arm_pauth.c contains a sample platform hook to complete the 545# Pauth support. As it's not secure, it must be reimplemented for real platforms 546 BL_COMMON_SOURCES += lib/extensions/pauth/pauth.c 547endif 548 549#################################################### 550# Enable required options for Memory Stack Tagging. 551#################################################### 552 553# Currently, these options are enabled only for clang and armclang compiler. 554ifeq (${SUPPORT_STACK_MEMTAG},yes) 555 ifdef mem_tag_arch_support 556 # Check for armclang and clang compilers 557 ifneq ($(filter %-clang,$($(ARCH)-cc-id)),) 558 # Add "memtag" architecture feature modifier if not specified 559 ifeq ( ,$(findstring memtag,$(arch-features))) 560 arch-features := $(arch-features)+memtag 561 endif # memtag 562 ifeq ($($(ARCH)-cc-id),arm-clang) 563 TF_CFLAGS += -mmemtag-stack 564 else ifeq ($($(ARCH)-cc-id),llvm-clang) 565 TF_CFLAGS += -fsanitize=memtag 566 endif # armclang 567 endif 568 else 569 $(error "Error: stack memory tagging is not supported for \ 570 architecture ${ARCH},armv${ARM_ARCH_MAJOR}.${ARM_ARCH_MINOR}-a") 571 endif #(mem_tag_arch_support) 572endif #(SUPPORT_STACK_MEMTAG) 573 574################################################################################ 575# RME dependent flags configuration, Enable optional features for RME. 576################################################################################ 577# FEAT_RME 578ifeq (${ENABLE_RME},1) 579 # RME requires AARCH64 580 ifneq (${ARCH},aarch64) 581 $(error ENABLE_RME requires AArch64) 582 endif 583 584 # RME requires el2 context to be saved for now. 585 CTX_INCLUDE_EL2_REGS := 1 586 CTX_INCLUDE_AARCH32_REGS := 0 587 CTX_INCLUDE_PAUTH_REGS := 1 588 589 ifneq ($(ENABLE_FEAT_MPAM), 0) 590 CTX_INCLUDE_MPAM_REGS := 1 591 endif 592 593 # RME enables CSV2_2 extension by default. 594 ENABLE_FEAT_CSV2_2 = 1 595endif #(FEAT_RME) 596 597################################################################################ 598# Include rmmd Makefile if RME is enabled 599################################################################################ 600ifneq (${ENABLE_RME},0) 601 ifneq (${ARCH},aarch64) 602 $(error ENABLE_RME requires AArch64) 603 endif 604 ifeq ($(SPMC_AT_EL3),1) 605 $(error SPMC_AT_EL3 and ENABLE_RME cannot both be enabled.) 606 endif 607 608 ifneq (${SPD}, none) 609 ifneq (${SPD}, spmd) 610 $(error ENABLE_RME is incompatible with SPD=${SPD}. Use SPD=spmd) 611 endif 612 endif 613include services/std_svc/rmmd/rmmd.mk 614$(warning "RME is an experimental feature") 615endif 616 617ifeq (${CTX_INCLUDE_EL2_REGS}, 1) 618 ifeq (${SPD},none) 619 ifeq (${ENABLE_RME},0) 620 $(error CTX_INCLUDE_EL2_REGS is available only when SPD \ 621 or RME is enabled) 622 endif 623 endif 624endif 625 626################################################################################ 627# Verify FEAT_RME, FEAT_SCTLR2 and FEAT_TCR2 are enabled if FEAT_MEC is enabled. 628################################################################################ 629 630ifneq (${ENABLE_FEAT_MEC},0) 631 ifeq (${ENABLE_RME},0) 632 $(error FEAT_RME must be enabled when FEAT_MEC is enabled.) 633 endif 634 ifeq (${ENABLE_FEAT_TCR2},0) 635 $(error FEAT_TCR2 must be enabled when FEAT_MEC is enabled.) 636 endif 637 ifeq (${ENABLE_FEAT_SCTLR2},0) 638 $(error FEAT_SCTLR2 must be enabled when FEAT_MEC is enabled.) 639 endif 640endif 641 642################################################################################ 643# Make 128-Bit sysreg read/writes availabe when FEAT_D128 is enabled. 644################################################################################ 645ifneq (${ENABLE_FEAT_D128}, 0) 646 BL_COMMON_SOURCES += lib/extensions/sysreg128/sysreg128.S 647endif 648 649################################################################################ 650# Platform specific Makefile might provide us ARCH_MAJOR/MINOR use that to come 651# up with appropriate march values for compiler. 652################################################################################ 653include ${MAKE_HELPERS_DIRECTORY}march.mk 654 655TF_CFLAGS += $(march-directive) 656ASFLAGS += $(march-directive) 657 658# This internal flag is common option which is set to 1 for scenarios 659# when the BL2 is running in EL3 level. This occurs in two scenarios - 660# 4 world system running BL2 at EL3 and two world system without BL1 running 661# BL2 in EL3 662 663ifeq (${RESET_TO_BL2},1) 664 BL2_RUNS_AT_EL3 := 1 665 ifeq (${ENABLE_RME},1) 666 $(error RESET_TO_BL2=1 and ENABLE_RME=1 configuration is not \ 667 supported at the moment.) 668 endif 669else ifeq (${ENABLE_RME},1) 670 BL2_RUNS_AT_EL3 := 1 671else 672 BL2_RUNS_AT_EL3 := 0 673endif 674 675# This internal flag is set to 1 when Firmware First handling of External aborts 676# is required by lowe ELs. Currently only NS requires this support. 677ifeq ($(HANDLE_EA_EL3_FIRST_NS),1) 678 FFH_SUPPORT := 1 679else 680 FFH_SUPPORT := 0 681endif 682 683ifeq (${ARM_ARCH_MAJOR},7) 684include make_helpers/armv7-a-cpus.mk 685endif 686 687PIE_FOUND := $(findstring --enable-default-pie,${GCC_V_OUTPUT}) 688ifneq ($(PIE_FOUND),) 689 TF_CFLAGS += -fno-PIE 690ifeq ($($(ARCH)-ld-id),gnu-gcc) 691 TF_LDFLAGS += -no-pie 692endif 693endif #(PIE_FOUND) 694 695ifeq ($($(ARCH)-ld-id),gnu-gcc) 696 PIE_LDFLAGS += -Wl,-pie -Wl,--no-dynamic-linker 697else 698 PIE_LDFLAGS += -pie --no-dynamic-linker 699endif 700 701ifeq ($(ENABLE_PIE),1) 702 ifeq ($(RESET_TO_BL2),1) 703 ifneq ($(BL2_IN_XIP_MEM),1) 704 BL2_CPPFLAGS += -fpie 705 BL2_CFLAGS += -fpie 706 BL2_LDFLAGS += $(PIE_LDFLAGS) 707 endif #(BL2_IN_XIP_MEM) 708 endif #(RESET_TO_BL2) 709 BL31_CPPFLAGS += -fpie 710 BL31_CFLAGS += -fpie 711 BL31_LDFLAGS += $(PIE_LDFLAGS) 712 713 BL32_CPPFLAGS += -fpie 714 BL32_CFLAGS += -fpie 715 BL32_LDFLAGS += $(PIE_LDFLAGS) 716endif #(ENABLE_PIE) 717 718BL1_CPPFLAGS += -DREPORT_ERRATA=${DEBUG} 719BL31_CPPFLAGS += -DREPORT_ERRATA=${DEBUG} 720BL32_CPPFLAGS += -DREPORT_ERRATA=${DEBUG} 721 722BL1_CPPFLAGS += -DIMAGE_AT_EL3 723ifeq ($(RESET_TO_BL2),1) 724 BL2_CPPFLAGS += -DIMAGE_AT_EL3 725else 726 BL2_CPPFLAGS += -DIMAGE_AT_EL1 727endif #(RESET_TO_BL2) 728 729ifeq (${ARCH},aarch64) 730 BL2U_CPPFLAGS += -DIMAGE_AT_EL1 731 BL31_CPPFLAGS += -DIMAGE_AT_EL3 732 BL32_CPPFLAGS += -DIMAGE_AT_EL1 733else 734 BL32_CPPFLAGS += -DIMAGE_AT_EL3 735endif 736 737# Include the CPU specific operations makefile, which provides default 738# values for all CPU errata workarounds and CPU specific optimisations. 739# This can be overridden by the platform. 740include lib/cpus/cpu-ops.mk 741 742################################################################################ 743# Build `AARCH32_SP` as BL32 image for AArch32 744################################################################################ 745ifeq (${ARCH},aarch32) 746 NEED_BL32 := yes 747 748 ifneq (${AARCH32_SP},none) 749 # We expect to locate an sp.mk under the specified AARCH32_SP directory 750 AARCH32_SP_MAKE := $(wildcard bl32/${AARCH32_SP}/${AARCH32_SP}.mk) 751 752 ifeq (${AARCH32_SP_MAKE},) 753 $(error Error: No bl32/${AARCH32_SP}/${AARCH32_SP}.mk located) 754 endif 755 $(info Including ${AARCH32_SP_MAKE}) 756 include ${AARCH32_SP_MAKE} 757 endif 758endif #(ARCH=aarch32) 759 760################################################################################ 761# Include libc if not overridden 762################################################################################ 763ifeq (${OVERRIDE_LIBC},0) 764include lib/libc/libc.mk 765endif 766 767################################################################################ 768# Check incompatible options and dependencies 769################################################################################ 770 771# Handle all invalid build configurations with SPMD usage. 772ifeq (${ENABLE_SPMD_LP}, 1) 773ifneq (${SPD},spmd) 774 $(error Error: ENABLE_SPMD_LP requires SPD=spmd.) 775endif 776ifeq ($(SPMC_AT_EL3),1) 777 $(error SPMC at EL3 not supported when enabling SPMD Logical partitions.) 778endif 779endif 780 781ifneq (${SPD},none) 782ifeq (${ARCH},aarch32) 783 $(error "Error: SPD is incompatible with AArch32.") 784endif 785ifdef EL3_PAYLOAD_BASE 786 $(warning "SPD and EL3_PAYLOAD_BASE are incompatible build options.") 787 $(warning "The SPD and its BL32 companion will be present but ignored.") 788endif 789ifeq (${SPD},spmd) 790ifeq ($(SPMD_SPM_AT_SEL2),1) 791 ifeq ($(SPMC_AT_EL3),1) 792 $(error SPM cannot be enabled in both S-EL2 and EL3.) 793 endif 794 ifeq ($(CTX_INCLUDE_SVE_REGS),1) 795 $(error SVE context management not needed with Hafnium SPMC.) 796 endif 797endif 798 799ifeq ($(SPMC_AT_EL3_SEL0_SP),1) 800 ifneq ($(SPMC_AT_EL3),1) 801 $(error SEL0 SP cannot be enabled without SPMC at EL3) 802 endif 803endif 804endif #(SPD=spmd) 805endif #(SPD!=none) 806 807# USE_DEBUGFS experimental feature recommended only in debug builds 808ifeq (${USE_DEBUGFS},1) 809 ifeq (${DEBUG},1) 810 $(warning DEBUGFS experimental feature is enabled.) 811 else 812 $(warning DEBUGFS experimental, recommended in DEBUG builds ONLY) 813 endif 814endif #(USE_DEBUGFS) 815 816# USE_SPINLOCK_CAS requires AArch64 build 817ifeq (${USE_SPINLOCK_CAS},1) 818 ifneq (${ARCH},aarch64) 819 $(error USE_SPINLOCK_CAS requires AArch64) 820 endif 821endif #(USE_SPINLOCK_CAS) 822 823# The cert_create tool cannot generate certificates individually, so we use the 824# target 'certificates' to create them all 825ifneq (${GENERATE_COT},0) 826 FIP_DEPS += certificates 827 FWU_FIP_DEPS += fwu_certificates 828endif 829 830ifneq (${DECRYPTION_SUPPORT},none) 831 ENC_ARGS += -f ${FW_ENC_STATUS} 832 ENC_ARGS += -k ${ENC_KEY} 833 ENC_ARGS += -n ${ENC_NONCE} 834 FIP_DEPS += enctool 835 FWU_FIP_DEPS += enctool 836endif #(DECRYPTION_SUPPORT) 837 838ifdef EL3_PAYLOAD_BASE 839 ifdef PRELOADED_BL33_BASE 840 $(warning "PRELOADED_BL33_BASE and EL3_PAYLOAD_BASE are \ 841 incompatible build options. EL3_PAYLOAD_BASE has priority.") 842 endif 843 ifneq (${GENERATE_COT},0) 844 $(error "GENERATE_COT and EL3_PAYLOAD_BASE are incompatible \ 845 build options.") 846 endif 847 ifneq (${TRUSTED_BOARD_BOOT},0) 848 $(error "TRUSTED_BOARD_BOOT and EL3_PAYLOAD_BASE are \ 849 incompatible \ build options.") 850 endif 851endif #(EL3_PAYLOAD_BASE) 852 853ifeq (${NEED_BL33},yes) 854 ifdef EL3_PAYLOAD_BASE 855 $(warning "BL33 image is not needed when option \ 856 BL33_PAYLOAD_BASE is used and won't be added to the FIP file.") 857 endif 858 ifdef PRELOADED_BL33_BASE 859 $(warning "BL33 image is not needed when option \ 860 PRELOADED_BL33_BASE is used and won't be added to the FIP file.") 861 endif 862endif #(NEED_BL33) 863 864# When building for systems with hardware-assisted coherency, there's no need to 865# use USE_COHERENT_MEM. Require that USE_COHERENT_MEM must be set to 0 too. 866ifeq ($(HW_ASSISTED_COHERENCY)-$(USE_COHERENT_MEM),1-1) 867 $(error USE_COHERENT_MEM cannot be enabled with HW_ASSISTED_COHERENCY) 868endif 869 870#For now, BL2_IN_XIP_MEM is only supported when RESET_TO_BL2 is 1. 871ifeq ($(RESET_TO_BL2)-$(BL2_IN_XIP_MEM),0-1) 872 $(error "BL2_IN_XIP_MEM is only supported when RESET_TO_BL2 is enabled") 873endif 874 875# RAS_EXTENSION is deprecated, provide alternate build options 876ifeq ($(RAS_EXTENSION),1) 877 $(error "RAS_EXTENSION is now deprecated, please use ENABLE_FEAT_RAS \ 878 and HANDLE_EA_EL3_FIRST_NS instead") 879endif 880 881 882# When FAULT_INJECTION_SUPPORT is used, require that FEAT_RAS is enabled 883ifeq ($(FAULT_INJECTION_SUPPORT),1) 884 ifeq ($(ENABLE_FEAT_RAS),0) 885 $(error For FAULT_INJECTION_SUPPORT, ENABLE_FEAT_RAS must not be 0) 886 endif 887endif #(FAULT_INJECTION_SUPPORT) 888 889# DYN_DISABLE_AUTH can be set only when TRUSTED_BOARD_BOOT=1 890ifeq ($(DYN_DISABLE_AUTH), 1) 891 ifeq (${TRUSTED_BOARD_BOOT}, 0) 892 $(error "TRUSTED_BOARD_BOOT must be enabled for DYN_DISABLE_AUTH \ 893 to be set.") 894 endif 895endif #(DYN_DISABLE_AUTH) 896 897ifeq ($(MEASURED_BOOT)-$(TRUSTED_BOARD_BOOT),1-1) 898# Support authentication verification and hash calculation 899 CRYPTO_SUPPORT := 3 900else ifeq ($(DRTM_SUPPORT)-$(TRUSTED_BOARD_BOOT),1-1) 901# Support authentication verification and hash calculation 902 CRYPTO_SUPPORT := 3 903else ifneq ($(filter 1,${MEASURED_BOOT} ${DRTM_SUPPORT}),) 904# Support hash calculation only 905 CRYPTO_SUPPORT := 2 906else ifeq (${TRUSTED_BOARD_BOOT},1) 907# Support authentication verification only 908 CRYPTO_SUPPORT := 1 909else 910 CRYPTO_SUPPORT := 0 911endif #($(MEASURED_BOOT)-$(TRUSTED_BOARD_BOOT)) 912 913ifneq ($(filter 1 2 3,$(CRYPTO_SUPPORT)),) 914CRYPTO_LIB := $(BUILD_PLAT)/lib/libmbedtls.a 915endif 916 917# SDEI_IN_FCONF is only supported when SDEI_SUPPORT is enabled. 918ifeq ($(SDEI_SUPPORT)-$(SDEI_IN_FCONF),0-1) 919 $(error "SDEI_IN_FCONF is only supported when SDEI_SUPPORT is enabled") 920endif 921 922# If pointer authentication is used in the firmware, make sure that all the 923# registers associated to it are also saved and restored. 924# Not doing it would leak the value of the keys used by EL3 to EL1 and S-EL1. 925ifneq ($(ENABLE_PAUTH),0) 926 ifeq ($(CTX_INCLUDE_PAUTH_REGS),0) 927 $(error Pointer Authentication requires CTX_INCLUDE_PAUTH_REGS to be enabled) 928 endif 929endif #(ENABLE_PAUTH) 930 931ifneq ($(CTX_INCLUDE_PAUTH_REGS),0) 932 ifneq (${ARCH},aarch64) 933 $(error CTX_INCLUDE_PAUTH_REGS requires AArch64) 934 endif 935endif #(CTX_INCLUDE_PAUTH_REGS) 936 937ifeq ($(FEATURE_DETECTION),1) 938 $(info FEATURE_DETECTION is an experimental feature) 939endif #(FEATURE_DETECTION) 940 941ifneq ($(ENABLE_SME2_FOR_NS), 0) 942 ifeq (${ENABLE_SME_FOR_NS}, 0) 943 $(warning "ENABLE_SME2_FOR_NS requires ENABLE_SME_FOR_NS also \ 944 to be set") 945 $(warning "Forced ENABLE_SME_FOR_NS=1") 946 override ENABLE_SME_FOR_NS := 1 947 endif 948endif #(ENABLE_SME2_FOR_NS) 949 950ifeq (${ARM_XLAT_TABLES_LIB_V1}, 1) 951 ifeq (${ALLOW_RO_XLAT_TABLES}, 1) 952 $(error "ALLOW_RO_XLAT_TABLES requires translation tables \ 953 library v2") 954 endif 955endif #(ARM_XLAT_TABLES_LIB_V1) 956 957ifneq (${DECRYPTION_SUPPORT},none) 958 ifeq (${TRUSTED_BOARD_BOOT}, 0) 959 $(error TRUSTED_BOARD_BOOT must be enabled for DECRYPTION_SUPPORT \ 960 to be set) 961 endif 962endif #(DECRYPTION_SUPPORT) 963 964# Ensure that no Aarch64-only features are enabled in Aarch32 build 965ifeq (${ARCH},aarch32) 966 967 # SME/SVE only supported on AArch64 968 ifneq (${ENABLE_SME_FOR_NS},0) 969 $(error "ENABLE_SME_FOR_NS cannot be used with ARCH=aarch32") 970 endif 971 972 ifeq (${ENABLE_SVE_FOR_NS},1) 973 # Warning instead of error due to CI dependency on this 974 $(error "ENABLE_SVE_FOR_NS cannot be used with ARCH=aarch32") 975 endif 976 977 # BRBE is not supported in AArch32 978 ifeq (${ENABLE_BRBE_FOR_NS},1) 979 $(error "ENABLE_BRBE_FOR_NS cannot be used with ARCH=aarch32") 980 endif 981 982 # FEAT_RNG_TRAP is not supported in AArch32 983 ifeq (${ENABLE_FEAT_RNG_TRAP},1) 984 $(error "ENABLE_FEAT_RNG_TRAP cannot be used with ARCH=aarch32") 985 endif 986 987 ifneq (${ENABLE_FEAT_FPMR},0) 988 $(error "ENABLE_FEAT_FPMR cannot be used with ARCH=aarch32") 989 endif 990 991 ifeq (${ARCH_FEATURE_AVAILABILITY},1) 992 $(error "ARCH_FEATURE_AVAILABILITY cannot be used with ARCH=aarch32") 993 endif 994 # FEAT_MOPS is only supported on AArch64 995 ifneq (${ENABLE_FEAT_MOPS},0) 996 $(error "ENABLE_FEAT_MOPS cannot be used with ARCH=aarch32") 997 endif 998endif #(ARCH=aarch32) 999 1000ifneq (${ENABLE_FEAT_FPMR},0) 1001 ifeq (${ENABLE_FEAT_FGT},0) 1002 $(error "ENABLE_FEAT_FPMR requires ENABLE_FEAT_FGT") 1003 endif 1004 ifeq (${ENABLE_FEAT_HCX},0) 1005 $(error "ENABLE_FEAT_FPMR requires ENABLE_FEAT_HCX") 1006 endif 1007endif #(ENABLE_FEAT_FPMR) 1008 1009ifneq (${ENABLE_SME_FOR_NS},0) 1010 ifeq (${ENABLE_SVE_FOR_NS},0) 1011 $(error "ENABLE_SME_FOR_NS requires ENABLE_SVE_FOR_NS") 1012 endif 1013endif #(ENABLE_SME_FOR_NS) 1014 1015# Secure SME/SVE requires the non-secure component as well 1016ifeq (${ENABLE_SME_FOR_SWD},1) 1017 ifeq (${ENABLE_SME_FOR_NS},0) 1018 $(error "ENABLE_SME_FOR_SWD requires ENABLE_SME_FOR_NS") 1019 endif 1020 ifeq (${ENABLE_SVE_FOR_SWD},0) 1021 $(error "ENABLE_SME_FOR_SWD requires ENABLE_SVE_FOR_SWD") 1022 endif 1023endif #(ENABLE_SME_FOR_SWD) 1024 1025# Enabling SVE for SWD requires enabling SVE for NWD due to ENABLE_FEAT 1026# mechanism. 1027ifeq (${ENABLE_SVE_FOR_SWD},1) 1028 ifeq (${ENABLE_SVE_FOR_NS},0) 1029 $(error "ENABLE_SVE_FOR_SWD requires ENABLE_SVE_FOR_NS") 1030 endif 1031endif 1032 1033# Enabling FEAT_MOPS requires access to hcrx_el2 registers which is 1034# available only when FEAT_HCX is enabled. 1035ifneq (${ENABLE_FEAT_MOPS},0) 1036 ifeq (${ENABLE_FEAT_HCX},0) 1037 $(error "ENABLE_FEAT_MOPS requires ENABLE_FEAT_HCX") 1038 endif 1039endif 1040 1041# Enabling SVE for both the worlds typically requires the context 1042# management of SVE registers. The only exception being SPMC at S-EL2. 1043ifeq (${ENABLE_SVE_FOR_SWD}, 1) 1044 ifneq (${ENABLE_SVE_FOR_NS}, 0) 1045 ifeq (${CTX_INCLUDE_SVE_REGS}-$(SPMD_SPM_AT_SEL2),0-0) 1046 $(warning "ENABLE_SVE_FOR_SWD and ENABLE_SVE_FOR_NS together require CTX_INCLUDE_SVE_REGS") 1047 endif 1048 endif 1049endif 1050 1051# Enabling SVE in either world while enabling CTX_INCLUDE_FPREGS requires 1052# CTX_INCLUDE_SVE_REGS to be enabled due to architectural dependency between FP 1053# and SVE registers. 1054ifeq (${CTX_INCLUDE_FPREGS}, 1) 1055 ifneq (${ENABLE_SVE_FOR_NS},0) 1056 ifeq (${CTX_INCLUDE_SVE_REGS},0) 1057 # Warning instead of error due to CI dependency on this 1058 $(warning "CTX_INCLUDE_FPREGS and ENABLE_SVE_FOR_NS together require CTX_INCLUDE_SVE_REGS") 1059 $(warning "Forced ENABLE_SVE_FOR_NS=0") 1060 override ENABLE_SVE_FOR_NS := 0 1061 endif 1062 endif 1063endif #(CTX_INCLUDE_FPREGS) 1064 1065# SVE context management is only required if secure world has access to SVE/FP 1066# functionality. 1067ifeq (${CTX_INCLUDE_SVE_REGS},1) 1068 ifeq (${ENABLE_SVE_FOR_SWD},0) 1069 $(error "CTX_INCLUDE_SVE_REGS requires ENABLE_SVE_FOR_SWD to also be enabled") 1070 endif 1071endif 1072 1073# SME cannot be used with CTX_INCLUDE_FPREGS since SPM does its own context 1074# management including FPU registers. 1075ifeq (${CTX_INCLUDE_FPREGS},1) 1076 ifneq (${ENABLE_SME_FOR_NS},0) 1077 $(error "ENABLE_SME_FOR_NS cannot be used with CTX_INCLUDE_FPREGS") 1078 endif 1079endif #(CTX_INCLUDE_FPREGS) 1080 1081ifeq ($(DRTM_SUPPORT),1) 1082 $(info DRTM_SUPPORT is an experimental feature) 1083endif 1084 1085ifeq (${HOB_LIST},1) 1086 $(warning HOB_LIST is an experimental feature) 1087endif 1088 1089ifeq (${TRANSFER_LIST},1) 1090 $(info TRANSFER_LIST is an experimental feature) 1091endif 1092 1093ifeq (${ENABLE_RME},1) 1094 ifneq (${SEPARATE_CODE_AND_RODATA},1) 1095 $(error `ENABLE_RME=1` requires `SEPARATE_CODE_AND_RODATA=1`) 1096 endif 1097endif 1098 1099ifeq ($(PSA_CRYPTO),1) 1100 $(info PSA_CRYPTO is an experimental feature) 1101endif 1102 1103ifeq ($(DICE_PROTECTION_ENVIRONMENT),1) 1104 $(info DICE_PROTECTION_ENVIRONMENT is an experimental feature) 1105endif 1106 1107################################################################################ 1108# Process platform overrideable behaviour 1109################################################################################ 1110 1111ifdef BL1_SOURCES 1112 NEED_BL1 := yes 1113endif #(BL1_SOURCES) 1114 1115ifdef BL2_SOURCES 1116 NEED_BL2 := yes 1117 1118 # Using BL2 implies that a BL33 image also needs to be supplied for the FIP and 1119 # Certificate generation tools. This flag can be overridden by the platform. 1120 ifdef EL3_PAYLOAD_BASE 1121 # If booting an EL3 payload there is no need for a BL33 image 1122 # in the FIP file. 1123 NEED_BL33 := no 1124 else 1125 ifdef PRELOADED_BL33_BASE 1126 # If booting a BL33 preloaded image there is no need of 1127 # another one in the FIP file. 1128 NEED_BL33 := no 1129 else 1130 NEED_BL33 ?= yes 1131 endif 1132 endif 1133endif #(BL2_SOURCES) 1134 1135ifdef BL2U_SOURCES 1136 NEED_BL2U := yes 1137endif #(BL2U_SOURCES) 1138 1139# If SCP_BL2 is given, we always want FIP to include it. 1140ifdef SCP_BL2 1141 NEED_SCP_BL2 := yes 1142endif #(SCP_BL2) 1143 1144# For AArch32, BL31 is not currently supported. 1145ifneq (${ARCH},aarch32) 1146 ifdef BL31_SOURCES 1147 # When booting an EL3 payload, there is no need to compile the BL31 1148 # image nor put it in the FIP. 1149 ifndef EL3_PAYLOAD_BASE 1150 NEED_BL31 := yes 1151 endif 1152 endif 1153endif #(ARCH=aarch64) 1154 1155# Process TBB related flags 1156ifneq (${GENERATE_COT},0) 1157 # Common cert_create options 1158 ifneq (${CREATE_KEYS},0) 1159 $(eval CRT_ARGS += -n) 1160 $(eval FWU_CRT_ARGS += -n) 1161 ifneq (${SAVE_KEYS},0) 1162 $(eval CRT_ARGS += -k) 1163 $(eval FWU_CRT_ARGS += -k) 1164 endif 1165 endif 1166 # Include TBBR makefile (unless the platform indicates otherwise) 1167 ifeq (${INCLUDE_TBBR_MK},1) 1168 include make_helpers/tbbr/tbbr_tools.mk 1169 endif 1170endif #(GENERATE_COT) 1171 1172ifneq (${FIP_ALIGN},0) 1173 FIP_ARGS += --align ${FIP_ALIGN} 1174endif #(FIP_ALIGN) 1175 1176ifdef FDT_SOURCES 1177 NEED_FDT := yes 1178endif #(FDT_SOURCES) 1179 1180################################################################################ 1181# Include libraries' Makefile that are used in all BL 1182################################################################################ 1183 1184include lib/stack_protector/stack_protector.mk 1185 1186################################################################################ 1187# Include BL specific makefiles 1188################################################################################ 1189 1190ifeq (${NEED_BL1},yes) 1191include bl1/bl1.mk 1192endif 1193 1194ifeq (${NEED_BL2},yes) 1195include bl2/bl2.mk 1196endif 1197 1198ifeq (${NEED_BL2U},yes) 1199include bl2u/bl2u.mk 1200endif 1201 1202ifeq (${NEED_BL31},yes) 1203include bl31/bl31.mk 1204endif 1205 1206################################################################################ 1207# Build options checks 1208################################################################################ 1209 1210# Boolean_Flags 1211$(eval $(call assert_booleans,\ 1212 $(sort \ 1213 ALLOW_RO_XLAT_TABLES \ 1214 BL2_ENABLE_SP_LOAD \ 1215 COLD_BOOT_SINGLE_CPU \ 1216 CREATE_KEYS \ 1217 CTX_INCLUDE_AARCH32_REGS \ 1218 CTX_INCLUDE_FPREGS \ 1219 CTX_INCLUDE_SVE_REGS \ 1220 CTX_INCLUDE_EL2_REGS \ 1221 CTX_INCLUDE_MPAM_REGS \ 1222 DEBUG \ 1223 DYN_DISABLE_AUTH \ 1224 EL3_EXCEPTION_HANDLING \ 1225 ENABLE_AMU_AUXILIARY_COUNTERS \ 1226 AMU_RESTRICT_COUNTERS \ 1227 ENABLE_ASSERTIONS \ 1228 ENABLE_PIE \ 1229 ENABLE_PMF \ 1230 ENABLE_PSCI_STAT \ 1231 ENABLE_RUNTIME_INSTRUMENTATION \ 1232 ENABLE_SME_FOR_SWD \ 1233 ENABLE_SVE_FOR_SWD \ 1234 ENABLE_FEAT_RAS \ 1235 FFH_SUPPORT \ 1236 ERROR_DEPRECATED \ 1237 FAULT_INJECTION_SUPPORT \ 1238 GENERATE_COT \ 1239 GICV2_G0_FOR_EL3 \ 1240 HANDLE_EA_EL3_FIRST_NS \ 1241 HARDEN_SLS \ 1242 HW_ASSISTED_COHERENCY \ 1243 MEASURED_BOOT \ 1244 DISCRETE_TPM \ 1245 DICE_PROTECTION_ENVIRONMENT \ 1246 RMMD_ENABLE_EL3_TOKEN_SIGN \ 1247 RMMD_ENABLE_IDE_KEY_PROG \ 1248 DRTM_SUPPORT \ 1249 NS_TIMER_SWITCH \ 1250 OVERRIDE_LIBC \ 1251 PL011_GENERIC_UART \ 1252 PROGRAMMABLE_RESET_ADDRESS \ 1253 PSCI_EXTENDED_STATE_ID \ 1254 PSCI_OS_INIT_MODE \ 1255 ARCH_FEATURE_AVAILABILITY \ 1256 RESET_TO_BL31 \ 1257 SAVE_KEYS \ 1258 SEPARATE_CODE_AND_RODATA \ 1259 SEPARATE_BL2_NOLOAD_REGION \ 1260 SEPARATE_NOBITS_REGION \ 1261 SEPARATE_RWDATA_REGION \ 1262 SEPARATE_SIMD_SECTION \ 1263 SPIN_ON_BL1_EXIT \ 1264 SPM_MM \ 1265 SPMC_AT_EL3 \ 1266 SPMC_AT_EL3_SEL0_SP \ 1267 SPMD_SPM_AT_SEL2 \ 1268 ENABLE_SPMD_LP \ 1269 TRANSFER_LIST \ 1270 TRUSTED_BOARD_BOOT \ 1271 USE_COHERENT_MEM \ 1272 USE_DEBUGFS \ 1273 ARM_IO_IN_DTB \ 1274 SDEI_IN_FCONF \ 1275 SEC_INT_DESC_IN_FCONF \ 1276 USE_ROMLIB \ 1277 USE_TBBR_DEFS \ 1278 WARMBOOT_ENABLE_DCACHE_EARLY \ 1279 RESET_TO_BL2 \ 1280 BL2_IN_XIP_MEM \ 1281 BL2_INV_DCACHE \ 1282 USE_SPINLOCK_CAS \ 1283 ENCRYPT_BL31 \ 1284 ENCRYPT_BL32 \ 1285 ERRATA_SPECULATIVE_AT \ 1286 ERRATA_SME_POWER_DOWN \ 1287 RAS_TRAP_NS_ERR_REC_ACCESS \ 1288 COT_DESC_IN_DTB \ 1289 USE_SP804_TIMER \ 1290 PSA_FWU_SUPPORT \ 1291 PSA_FWU_METADATA_FW_STORE_DESC \ 1292 ENABLE_MPMM \ 1293 FEAT_PABANDON \ 1294 FEATURE_DETECTION \ 1295 TRNG_SUPPORT \ 1296 ENABLE_ERRATA_ALL \ 1297 ERRATA_ABI_SUPPORT \ 1298 ERRATA_NON_ARM_INTERCONNECT \ 1299 CONDITIONAL_CMO \ 1300 PSA_CRYPTO \ 1301 ENABLE_CONSOLE_GETC \ 1302 INIT_UNUSED_NS_EL2 \ 1303 PLATFORM_REPORT_CTX_MEM_USE \ 1304 EARLY_CONSOLE \ 1305 PRESERVE_DSU_PMU_REGS \ 1306 HOB_LIST \ 1307))) 1308 1309# Numeric_Flags 1310$(eval $(call assert_numerics,\ 1311 $(sort \ 1312 ARM_ARCH_MAJOR \ 1313 ARM_ARCH_MINOR \ 1314 BRANCH_PROTECTION \ 1315 CTX_INCLUDE_PAUTH_REGS \ 1316 CTX_INCLUDE_NEVE_REGS \ 1317 CRYPTO_SUPPORT \ 1318 DISABLE_MTPMU \ 1319 ENABLE_BRBE_FOR_NS \ 1320 ENABLE_TRBE_FOR_NS \ 1321 ENABLE_BTI \ 1322 ENABLE_PAUTH \ 1323 ENABLE_FEAT_AMU \ 1324 ENABLE_FEAT_AMUv1p1 \ 1325 ENABLE_FEAT_CSV2_2 \ 1326 ENABLE_FEAT_CSV2_3 \ 1327 ENABLE_FEAT_DEBUGV8P9 \ 1328 ENABLE_FEAT_DIT \ 1329 ENABLE_FEAT_ECV \ 1330 ENABLE_FEAT_FGT \ 1331 ENABLE_FEAT_FGT2 \ 1332 ENABLE_FEAT_FPMR \ 1333 ENABLE_FEAT_HCX \ 1334 ENABLE_FEAT_LS64_ACCDATA \ 1335 ENABLE_FEAT_MEC \ 1336 ENABLE_FEAT_MOPS \ 1337 ENABLE_FEAT_MTE2 \ 1338 ENABLE_FEAT_PAN \ 1339 ENABLE_FEAT_RNG \ 1340 ENABLE_FEAT_RNG_TRAP \ 1341 ENABLE_FEAT_SEL2 \ 1342 ENABLE_FEAT_TCR2 \ 1343 ENABLE_FEAT_THE \ 1344 ENABLE_FEAT_SB \ 1345 ENABLE_FEAT_S2PIE \ 1346 ENABLE_FEAT_S1PIE \ 1347 ENABLE_FEAT_S2POE \ 1348 ENABLE_FEAT_S1POE \ 1349 ENABLE_FEAT_SCTLR2 \ 1350 ENABLE_FEAT_D128 \ 1351 ENABLE_FEAT_GCS \ 1352 ENABLE_FEAT_VHE \ 1353 ENABLE_FEAT_MPAM \ 1354 ENABLE_RME \ 1355 ENABLE_SPE_FOR_NS \ 1356 ENABLE_SYS_REG_TRACE_FOR_NS \ 1357 ENABLE_SME_FOR_NS \ 1358 ENABLE_SME2_FOR_NS \ 1359 ENABLE_SVE_FOR_NS \ 1360 ENABLE_TRF_FOR_NS \ 1361 FW_ENC_STATUS \ 1362 NR_OF_FW_BANKS \ 1363 NR_OF_IMAGES_IN_FW_BANK \ 1364 TWED_DELAY \ 1365 ENABLE_FEAT_TWED \ 1366 SVE_VECTOR_LEN \ 1367 IMPDEF_SYSREG_TRAP \ 1368))) 1369 1370ifdef KEY_SIZE 1371 $(eval $(call assert_numeric,KEY_SIZE)) 1372endif 1373 1374ifeq ($(filter $(SANITIZE_UB), on off trap),) 1375 $(error "Invalid value for SANITIZE_UB: can be one of on, off, trap") 1376endif 1377 1378################################################################################ 1379# Add definitions to the cpp preprocessor based on the current build options. 1380# This is done after including the platform specific makefile to allow the 1381# platform to overwrite the default options 1382################################################################################ 1383 1384$(eval $(call add_defines,\ 1385 $(sort \ 1386 ALLOW_RO_XLAT_TABLES \ 1387 ARM_ARCH_MAJOR \ 1388 ARM_ARCH_MINOR \ 1389 BL2_ENABLE_SP_LOAD \ 1390 COLD_BOOT_SINGLE_CPU \ 1391 CTX_INCLUDE_AARCH32_REGS \ 1392 CTX_INCLUDE_FPREGS \ 1393 CTX_INCLUDE_SVE_REGS \ 1394 CTX_INCLUDE_PAUTH_REGS \ 1395 CTX_INCLUDE_MPAM_REGS \ 1396 EL3_EXCEPTION_HANDLING \ 1397 CTX_INCLUDE_EL2_REGS \ 1398 CTX_INCLUDE_NEVE_REGS \ 1399 DECRYPTION_SUPPORT_${DECRYPTION_SUPPORT} \ 1400 DISABLE_MTPMU \ 1401 ENABLE_FEAT_AMU \ 1402 ENABLE_AMU_AUXILIARY_COUNTERS \ 1403 AMU_RESTRICT_COUNTERS \ 1404 ENABLE_ASSERTIONS \ 1405 ENABLE_BTI \ 1406 ENABLE_FEAT_DEBUGV8P9 \ 1407 ENABLE_FEAT_MPAM \ 1408 ENABLE_PAUTH \ 1409 ENABLE_PIE \ 1410 ENABLE_PMF \ 1411 ENABLE_PSCI_STAT \ 1412 ENABLE_RME \ 1413 RMMD_ENABLE_EL3_TOKEN_SIGN \ 1414 RMMD_ENABLE_IDE_KEY_PROG \ 1415 ENABLE_RUNTIME_INSTRUMENTATION \ 1416 ENABLE_SME_FOR_NS \ 1417 ENABLE_SME2_FOR_NS \ 1418 ENABLE_SME_FOR_SWD \ 1419 ENABLE_SPE_FOR_NS \ 1420 ENABLE_SVE_FOR_NS \ 1421 ENABLE_SVE_FOR_SWD \ 1422 ENABLE_FEAT_RAS \ 1423 FFH_SUPPORT \ 1424 ENCRYPT_BL31 \ 1425 ENCRYPT_BL32 \ 1426 ERROR_DEPRECATED \ 1427 FAULT_INJECTION_SUPPORT \ 1428 GICV2_G0_FOR_EL3 \ 1429 HANDLE_EA_EL3_FIRST_NS \ 1430 HW_ASSISTED_COHERENCY \ 1431 LOG_LEVEL \ 1432 MEASURED_BOOT \ 1433 DISCRETE_TPM \ 1434 DICE_PROTECTION_ENVIRONMENT \ 1435 DRTM_SUPPORT \ 1436 NS_TIMER_SWITCH \ 1437 PL011_GENERIC_UART \ 1438 PLAT_${PLAT} \ 1439 PROGRAMMABLE_RESET_ADDRESS \ 1440 PSCI_EXTENDED_STATE_ID \ 1441 PSCI_OS_INIT_MODE \ 1442 ARCH_FEATURE_AVAILABILITY \ 1443 RESET_TO_BL31 \ 1444 RME_GPT_BITLOCK_BLOCK \ 1445 RME_GPT_MAX_BLOCK \ 1446 SEPARATE_CODE_AND_RODATA \ 1447 SEPARATE_BL2_NOLOAD_REGION \ 1448 SEPARATE_NOBITS_REGION \ 1449 SEPARATE_RWDATA_REGION \ 1450 SEPARATE_SIMD_SECTION \ 1451 RECLAIM_INIT_CODE \ 1452 SPD_${SPD} \ 1453 SPIN_ON_BL1_EXIT \ 1454 SPM_MM \ 1455 SPMC_AT_EL3 \ 1456 SPMC_AT_EL3_SEL0_SP \ 1457 SPMD_SPM_AT_SEL2 \ 1458 TRANSFER_LIST \ 1459 TRUSTED_BOARD_BOOT \ 1460 CRYPTO_SUPPORT \ 1461 TRNG_SUPPORT \ 1462 ERRATA_ABI_SUPPORT \ 1463 ERRATA_NON_ARM_INTERCONNECT \ 1464 USE_COHERENT_MEM \ 1465 USE_DEBUGFS \ 1466 ARM_IO_IN_DTB \ 1467 SDEI_IN_FCONF \ 1468 SEC_INT_DESC_IN_FCONF \ 1469 USE_ROMLIB \ 1470 USE_TBBR_DEFS \ 1471 WARMBOOT_ENABLE_DCACHE_EARLY \ 1472 RESET_TO_BL2 \ 1473 BL2_RUNS_AT_EL3 \ 1474 BL2_IN_XIP_MEM \ 1475 BL2_INV_DCACHE \ 1476 USE_SPINLOCK_CAS \ 1477 ERRATA_SPECULATIVE_AT \ 1478 ERRATA_SME_POWER_DOWN \ 1479 RAS_TRAP_NS_ERR_REC_ACCESS \ 1480 COT_DESC_IN_DTB \ 1481 USE_SP804_TIMER \ 1482 ENABLE_FEAT_RNG \ 1483 ENABLE_FEAT_RNG_TRAP \ 1484 ENABLE_FEAT_SB \ 1485 ENABLE_FEAT_DIT \ 1486 NR_OF_FW_BANKS \ 1487 NR_OF_IMAGES_IN_FW_BANK \ 1488 PSA_FWU_SUPPORT \ 1489 PSA_FWU_METADATA_FW_STORE_DESC \ 1490 ENABLE_BRBE_FOR_NS \ 1491 ENABLE_TRBE_FOR_NS \ 1492 ENABLE_SYS_REG_TRACE_FOR_NS \ 1493 ENABLE_TRF_FOR_NS \ 1494 ENABLE_FEAT_HCX \ 1495 ENABLE_MPMM \ 1496 FEAT_PABANDON \ 1497 ENABLE_FEAT_FGT \ 1498 ENABLE_FEAT_FGT2 \ 1499 ENABLE_FEAT_FPMR \ 1500 ENABLE_FEAT_ECV \ 1501 ENABLE_FEAT_AMUv1p1 \ 1502 ENABLE_FEAT_SEL2 \ 1503 ENABLE_FEAT_VHE \ 1504 ENABLE_FEAT_CSV2_2 \ 1505 ENABLE_FEAT_CSV2_3 \ 1506 ENABLE_FEAT_LS64_ACCDATA \ 1507 ENABLE_FEAT_MEC \ 1508 ENABLE_FEAT_PAN \ 1509 ENABLE_FEAT_TCR2 \ 1510 ENABLE_FEAT_THE \ 1511 ENABLE_FEAT_S2PIE \ 1512 ENABLE_FEAT_S1PIE \ 1513 ENABLE_FEAT_S2POE \ 1514 ENABLE_FEAT_S1POE \ 1515 ENABLE_FEAT_SCTLR2 \ 1516 ENABLE_FEAT_D128 \ 1517 ENABLE_FEAT_GCS \ 1518 ENABLE_FEAT_MOPS \ 1519 ENABLE_FEAT_MTE2 \ 1520 FEATURE_DETECTION \ 1521 TWED_DELAY \ 1522 ENABLE_FEAT_TWED \ 1523 CONDITIONAL_CMO \ 1524 IMPDEF_SYSREG_TRAP \ 1525 SVE_VECTOR_LEN \ 1526 ENABLE_SPMD_LP \ 1527 PSA_CRYPTO \ 1528 ENABLE_CONSOLE_GETC \ 1529 INIT_UNUSED_NS_EL2 \ 1530 PLATFORM_REPORT_CTX_MEM_USE \ 1531 EARLY_CONSOLE \ 1532 PRESERVE_DSU_PMU_REGS \ 1533 HOB_LIST \ 1534))) 1535 1536ifeq (${PLATFORM_REPORT_CTX_MEM_USE}, 1) 1537ifeq (${DEBUG}, 0) 1538 $(warning "PLATFORM_REPORT_CTX_MEM_USE can be applied when DEBUG=1 only") 1539 override PLATFORM_REPORT_CTX_MEM_USE := 0 1540endif 1541endif 1542 1543ifeq (${SANITIZE_UB},trap) 1544 $(eval $(call add_define,MONITOR_TRAPS)) 1545endif #(SANITIZE_UB) 1546 1547# Define the EL3_PAYLOAD_BASE flag only if it is provided. 1548ifdef EL3_PAYLOAD_BASE 1549 $(eval $(call add_define,EL3_PAYLOAD_BASE)) 1550else 1551# Define the PRELOADED_BL33_BASE flag only if it is provided and 1552# EL3_PAYLOAD_BASE is not defined, as it has priority. 1553 ifdef PRELOADED_BL33_BASE 1554 $(eval $(call add_define,PRELOADED_BL33_BASE)) 1555 endif 1556endif #(EL3_PAYLOAD_BASE) 1557 1558# Define the DYN_DISABLE_AUTH flag only if set. 1559ifeq (${DYN_DISABLE_AUTH},1) 1560 $(eval $(call add_define,DYN_DISABLE_AUTH)) 1561endif 1562 1563ifeq ($($(ARCH)-ld-id),arm-link) 1564 $(eval $(call add_define,USE_ARM_LINK)) 1565endif 1566 1567# Generate and include sp_gen.mk if SPD is spmd and SP_LAYOUT_FILE is defined 1568ifeq (${SPD},spmd) 1569ifdef SP_LAYOUT_FILE 1570 -include $(BUILD_PLAT)/sp_gen.mk 1571 FIP_DEPS += sp 1572 CRT_DEPS += sp 1573 NEED_SP_PKG := yes 1574else 1575 ifeq (${SPMD_SPM_AT_SEL2},1) 1576 $(error "SPMD with SPM at S-EL2 require SP_LAYOUT_FILE") 1577 endif 1578endif #(SP_LAYOUT_FILE) 1579endif #(SPD) 1580 1581################################################################################ 1582# Build targets 1583################################################################################ 1584 1585.PHONY: all msg_start clean realclean distclean cscope locate-checkpatch checkcodebase checkpatch fiptool sptool fip sp tl fwu_fip certtool dtbs memmap doc enctool 1586 1587all: msg_start 1588 1589msg_start: 1590 $(s)echo "Building ${PLAT}" 1591 1592ifeq (${ERROR_DEPRECATED},0) 1593# Check if deprecated declarations and cpp warnings should be treated as error or not. 1594ifneq ($(filter %-clang,$($(ARCH)-cc-id)),) 1595 CPPFLAGS += -Wno-error=deprecated-declarations 1596else 1597 CPPFLAGS += -Wno-error=deprecated-declarations -Wno-error=cpp 1598endif 1599endif #(!ERROR_DEPRECATED) 1600 1601$(eval $(call MAKE_LIB,c)) 1602 1603# Expand build macros for the different images 1604ifeq (${NEED_BL1},yes) 1605BL1_SOURCES := $(sort ${BL1_SOURCES}) 1606$(eval $(call MAKE_BL,bl1)) 1607endif #(NEED_BL1) 1608 1609ifeq (${NEED_BL2},yes) 1610 1611ifeq (${RESET_TO_BL2}, 0) 1612FIP_BL2_ARGS := tb-fw 1613endif 1614 1615BL2_SOURCES := $(sort ${BL2_SOURCES}) 1616 1617$(if ${BL2}, $(eval $(call TOOL_ADD_IMG,bl2,--${FIP_BL2_ARGS})),\ 1618 $(eval $(call MAKE_BL,bl2,${FIP_BL2_ARGS}))) 1619 1620endif #(NEED_BL2) 1621 1622ifeq (${NEED_SCP_BL2},yes) 1623$(eval $(call TOOL_ADD_IMG,scp_bl2,--scp-fw)) 1624endif #(NEED_SCP_BL2) 1625 1626ifeq (${NEED_BL31},yes) 1627BL31_SOURCES += ${SPD_SOURCES} 1628# Sort BL31 source files to remove duplicates 1629BL31_SOURCES := $(sort ${BL31_SOURCES}) 1630ifneq (${DECRYPTION_SUPPORT},none) 1631$(if ${BL31}, $(eval $(call TOOL_ADD_IMG,bl31,--soc-fw,,$(ENCRYPT_BL31))),\ 1632 $(eval $(call MAKE_BL,bl31,soc-fw,,$(ENCRYPT_BL31)))) 1633else 1634$(if ${BL31}, $(eval $(call TOOL_ADD_IMG,bl31,--soc-fw)),\ 1635 $(eval $(call MAKE_BL,bl31,soc-fw))) 1636endif #(DECRYPTION_SUPPORT) 1637endif #(NEED_BL31) 1638 1639# If a BL32 image is needed but neither BL32 nor BL32_SOURCES is defined, the 1640# build system will call TOOL_ADD_IMG to print a warning message and abort the 1641# process. Note that the dependency on BL32 applies to the FIP only. 1642ifeq (${NEED_BL32},yes) 1643# Sort BL32 source files to remove duplicates 1644BL32_SOURCES := $(sort ${BL32_SOURCES}) 1645BUILD_BL32 := $(if $(BL32),,$(if $(BL32_SOURCES),1)) 1646 1647ifneq (${DECRYPTION_SUPPORT},none) 1648$(if ${BUILD_BL32}, $(eval $(call MAKE_BL,bl32,tos-fw,,$(ENCRYPT_BL32))),\ 1649 $(eval $(call TOOL_ADD_IMG,bl32,--tos-fw,,$(ENCRYPT_BL32)))) 1650else 1651$(if ${BUILD_BL32}, $(eval $(call MAKE_BL,bl32,tos-fw)),\ 1652 $(eval $(call TOOL_ADD_IMG,bl32,--tos-fw))) 1653endif #(DECRYPTION_SUPPORT) 1654endif #(NEED_BL32) 1655 1656# If RMM image is needed but RMM is not defined, Test Realm Payload (TRP) 1657# needs to be built from RMM_SOURCES. 1658ifeq (${NEED_RMM},yes) 1659# Sort RMM source files to remove duplicates 1660RMM_SOURCES := $(sort ${RMM_SOURCES}) 1661BUILD_RMM := $(if $(RMM),,$(if $(RMM_SOURCES),1)) 1662 1663$(if ${BUILD_RMM}, $(eval $(call MAKE_BL,rmm,rmm-fw)),\ 1664 $(eval $(call TOOL_ADD_IMG,rmm,--rmm-fw))) 1665endif #(NEED_RMM) 1666 1667# Add the BL33 image if required by the platform 1668ifeq (${NEED_BL33},yes) 1669$(eval $(call TOOL_ADD_IMG,bl33,--nt-fw)) 1670endif #(NEED_BL33) 1671 1672ifeq (${NEED_BL2U},yes) 1673$(if ${BL2U}, $(eval $(call TOOL_ADD_IMG,bl2u,--ap-fwu-cfg,FWU_)),\ 1674 $(eval $(call MAKE_BL,bl2u,ap-fwu-cfg,FWU_))) 1675endif #(NEED_BL2U) 1676 1677# Expand build macros for the different images 1678ifeq (${NEED_FDT},yes) 1679 $(eval $(call MAKE_DTBS,$(BUILD_PLAT)/fdts,$(FDT_SOURCES))) 1680 1681 ifneq (${INITRD_SIZE}${INITRD_PATH},) 1682 ifndef INITRD_BASE 1683 $(error INITRD_BASE must be set when inserting initrd properties to the DTB.) 1684 endif 1685 1686 INITRD_SIZE ?= $(shell printf "0x%x\n" $$(stat -Lc %s $(INITRD_PATH))) 1687 initrd_end = $(shell printf "0x%x\n" $$(expr $$(($(INITRD_BASE) + $(INITRD_SIZE))))) 1688 1689 define $(HW_CONFIG)-after += 1690 $(s)echo " INITRD $(HW_CONFIG)" 1691 $(q)fdtput -t x $@ /chosen linux,initrd-start $(INITRD_BASE) 1692 $(q)fdtput -t x $@ /chosen linux,initrd-end $(initrd_end) 1693 endef 1694 endif 1695endif #(NEED_FDT) 1696 1697# Add Secure Partition packages 1698ifeq (${NEED_SP_PKG},yes) 1699$(BUILD_PLAT)/sp_gen.mk: ${SP_MK_GEN} ${SP_LAYOUT_FILE} | $$(@D)/ 1700 $(if $(host-poetry),$(q)poetry -q install --no-root) 1701 $(q)$(if $(host-poetry),poetry run )${PYTHON} "$<" "$@" $(filter-out $<,$^) $(BUILD_PLAT) ${COT} ${SP_DTS_LIST_FRAGMENT} 1702sp: $(DTBS) $(BUILD_PLAT)/sp_gen.mk $(SP_PKGS) 1703 $(s)echo 1704 $(s)echo "Built SP Images successfully" 1705 $(s)echo 1706endif #(NEED_SP_PKG) 1707 1708locate-checkpatch: 1709ifndef CHECKPATCH 1710 $(error "Please set CHECKPATCH to point to the Linux checkpatch.pl file, eg: CHECKPATCH=../linux/scripts/checkpatch.pl") 1711else 1712ifeq (,$(wildcard ${CHECKPATCH})) 1713 $(error "The file CHECKPATCH points to cannot be found, use eg: CHECKPATCH=../linux/scripts/checkpatch.pl") 1714endif 1715endif #(CHECKPATCH) 1716 1717clean: 1718 $(s)echo " CLEAN" 1719 $(q)rm -rf $(BUILD_PLAT) 1720 $(q)${MAKE} --no-print-directory -C ${FIPTOOLPATH} clean 1721 $(q)${MAKE} PLAT=${PLAT} --no-print-directory -C ${CRTTOOLPATH} clean 1722 $(q)${MAKE} PLAT=${PLAT} --no-print-directory -C ${ENCTOOLPATH} clean 1723 $(q)${MAKE} --no-print-directory -C ${ROMLIBPATH} clean 1724 1725realclean distclean: 1726 $(s)echo " REALCLEAN" 1727 $(q)rm -rf $(BUILD_BASE) 1728 $(q)rm -rf $(CURDIR)/cscope.* 1729 $(q)${MAKE} --no-print-directory -C ${FIPTOOLPATH} clean 1730 $(q)${MAKE} PLAT=${PLAT} --no-print-directory -C ${CRTTOOLPATH} realclean 1731 $(q)${MAKE} PLAT=${PLAT} --no-print-directory -C ${ENCTOOLPATH} realclean 1732 $(q)${MAKE} --no-print-directory -C ${ROMLIBPATH} clean 1733 1734checkcodebase: locate-checkpatch 1735 $(s)echo " CHECKING STYLE" 1736 $(q)if test -d .git ; then \ 1737 git ls-files | grep -E -v 'libfdt|libc|docs|\.rst' | \ 1738 while read GIT_FILE ; \ 1739 do ${CHECKPATCH} ${CHECKCODE_ARGS} -f $$GIT_FILE ; \ 1740 done ; \ 1741 else \ 1742 find . -type f -not -iwholename "*.git*" \ 1743 -not -iwholename "*build*" \ 1744 -not -iwholename "*libfdt*" \ 1745 -not -iwholename "*libc*" \ 1746 -not -iwholename "*docs*" \ 1747 -not -iwholename "*.rst" \ 1748 -exec ${CHECKPATCH} ${CHECKCODE_ARGS} -f {} \; ; \ 1749 fi 1750 1751checkpatch: locate-checkpatch 1752 $(s)echo " CHECKING STYLE" 1753 $(q)if test -n "${CHECKPATCH_OPTS}"; then \ 1754 echo " with ${CHECKPATCH_OPTS} option(s)"; \ 1755 fi 1756 $(q)COMMON_COMMIT=$$(git merge-base HEAD ${BASE_COMMIT}); \ 1757 for commit in `git rev-list --no-merges $$COMMON_COMMIT..HEAD`; \ 1758 do \ 1759 printf "\n[*] Checking style of '$$commit'\n\n"; \ 1760 ( git log --format=email "$$commit~..$$commit" \ 1761 -- ${CHECK_PATHS} ; \ 1762 git diff --format=email "$$commit~..$$commit" \ 1763 -- ${CHECK_PATHS}; ) | \ 1764 ${CHECKPATCH} ${CHECKPATCH_OPTS} - || true; \ 1765 done 1766 1767certtool: ${CRTTOOL} 1768 1769${CRTTOOL}: FORCE 1770 $(q)${MAKE} PLAT=${PLAT} USE_TBBR_DEFS=${USE_TBBR_DEFS} COT=${COT} OPENSSL_DIR=${OPENSSL_DIR} CRTTOOL=${CRTTOOL} DEBUG=${DEBUG} --no-print-directory -C ${CRTTOOLPATH} all 1771 $(s)echo 1772 $(s)echo "Built $@ successfully" 1773 $(s)echo 1774 1775ifneq (${GENERATE_COT},0) 1776certificates: ${CRT_DEPS} ${CRTTOOL} 1777 $(q)${CRTTOOL} ${CRT_ARGS} 1778 $(s)echo 1779 $(s)echo "Built $@ successfully" 1780 $(s)echo "Certificates can be found in ${BUILD_PLAT}" 1781 $(s)echo 1782endif #(GENERATE_COT) 1783 1784${BUILD_PLAT}/${FIP_NAME}: ${FIP_DEPS} ${FIPTOOL} 1785 $(eval ${CHECK_FIP_CMD}) 1786 $(q)${FIPTOOL} create ${FIP_ARGS} $@ 1787 $(q)${FIPTOOL} info $@ 1788 $(s)echo 1789 $(s)echo "Built $@ successfully" 1790 $(s)echo 1791 1792ifneq (${GENERATE_COT},0) 1793fwu_certificates: ${FWU_CRT_DEPS} ${CRTTOOL} 1794 $(q)${CRTTOOL} ${FWU_CRT_ARGS} 1795 $(s)echo 1796 $(s)echo "Built $@ successfully" 1797 $(s)echo "FWU certificates can be found in ${BUILD_PLAT}" 1798 $(s)echo 1799endif #(GENERATE_COT) 1800 1801${BUILD_PLAT}/${FWU_FIP_NAME}: ${FWU_FIP_DEPS} ${FIPTOOL} 1802 $(eval ${CHECK_FWU_FIP_CMD}) 1803 $(q)${FIPTOOL} create ${FWU_FIP_ARGS} $@ 1804 $(q)${FIPTOOL} info $@ 1805 $(s)echo 1806 $(s)echo "Built $@ successfully" 1807 $(s)echo 1808 1809fiptool: ${FIPTOOL} 1810fip: ${BUILD_PLAT}/${FIP_NAME} 1811fwu_fip: ${BUILD_PLAT}/${FWU_FIP_NAME} 1812 1813${FIPTOOL}: FORCE 1814 $(q)${MAKE} PLAT=${PLAT} CPPFLAGS="-DVERSION='\"${VERSION_STRING}\"'" FIPTOOL=${FIPTOOL} OPENSSL_DIR=${OPENSSL_DIR} DEBUG=${DEBUG} --no-print-directory -C ${FIPTOOLPATH} all 1815 1816$(BUILD_PLAT)/romlib/romlib.bin $(BUILD_PLAT)/lib/libwrappers.a $&: $(BUILD_PLAT)/lib/libfdt.a $(BUILD_PLAT)/lib/libc.a $(CRYPTO_LIB) 1817 $(q)${MAKE} PLAT_DIR=${PLAT_DIR} BUILD_PLAT=${BUILD_PLAT} ENABLE_BTI=${ENABLE_BTI} CRYPTO_SUPPORT=${CRYPTO_SUPPORT} ARM_ARCH_MINOR=${ARM_ARCH_MINOR} INCLUDES=$(call escape-shell,$(INCLUDES)) DEFINES=$(call escape-shell,$(DEFINES)) --no-print-directory -C ${ROMLIBPATH} all 1818 1819memmap: all 1820 $(if $(host-poetry),$(q)poetry -q install --no-root) 1821 $(q)$(if $(host-poetry),poetry run )memory -sr ${BUILD_PLAT} 1822 1823tl: ${BUILD_PLAT}/tl.bin 1824${BUILD_PLAT}/tl.bin: ${HW_CONFIG} 1825 $(if $(host-poetry),$(q)poetry -q install --no-root) 1826 $(q)$(if $(host-poetry),poetry run )tlc create --fdt $< -s ${FW_HANDOFF_SIZE} $@ 1827 1828doc: 1829 $(s)echo " BUILD DOCUMENTATION" 1830 $(q)${MAKE} --no-print-directory -C ${DOCS_PATH} html 1831 1832enctool: ${ENCTOOL} 1833 1834${ENCTOOL}: FORCE 1835 $(q)${MAKE} PLAT=${PLAT} BUILD_INFO=0 OPENSSL_DIR=${OPENSSL_DIR} ENCTOOL=${ENCTOOL} DEBUG=${DEBUG} --no-print-directory -C ${ENCTOOLPATH} all 1836 $(s)echo 1837 $(s)echo "Built $@ successfully" 1838 $(s)echo 1839 1840cscope: 1841 $(s)echo " CSCOPE" 1842 $(q)find ${CURDIR} -name "*.[chsS]" > cscope.files 1843 $(q)cscope -b -q -k 1844 1845help: 1846 $(s)echo "usage: ${MAKE} [PLAT=<platform>] [OPTIONS] [TARGET]" 1847 $(s)echo "" 1848 $(s)echo "PLAT is used to specify which platform you wish to build." 1849 $(s)echo "If no platform is specified, PLAT defaults to: ${DEFAULT_PLAT}" 1850 $(s)echo "" 1851 $(s)echo "platform = ${PLATFORM_LIST}" 1852 $(s)echo "" 1853 $(s)echo "Please refer to the User Guide for a list of all supported options." 1854 $(s)echo "Note that the build system doesn't track dependencies for build " 1855 $(s)echo "options. Therefore, if any of the build options are changed " 1856 $(s)echo "from a previous build, a clean build must be performed." 1857 $(s)echo "" 1858 $(s)echo "Supported Targets:" 1859 $(s)echo " all Build all individual bootloader binaries" 1860 $(s)echo " bl1 Build the BL1 binary" 1861 $(s)echo " bl2 Build the BL2 binary" 1862 $(s)echo " bl2u Build the BL2U binary" 1863 $(s)echo " bl31 Build the BL31 binary" 1864 $(s)echo " bl32 Build the BL32 binary. If ARCH=aarch32, then " 1865 $(s)echo " this builds secure payload specified by AARCH32_SP" 1866 $(s)echo " certificates Build the certificates (requires 'GENERATE_COT=1')" 1867 $(s)echo " fip Build the Firmware Image Package (FIP)" 1868 $(s)echo " fwu_fip Build the FWU Firmware Image Package (FIP)" 1869 $(s)echo " checkcodebase Check the coding style of the entire source tree" 1870 $(s)echo " checkpatch Check the coding style on changes in the current" 1871 $(s)echo " branch against BASE_COMMIT (default origin/master)" 1872 $(s)echo " clean Clean the build for the selected platform" 1873 $(s)echo " cscope Generate cscope index" 1874 $(s)echo " distclean Remove all build artifacts for all platforms" 1875 $(s)echo " certtool Build the Certificate generation tool" 1876 $(s)echo " enctool Build the Firmware encryption tool" 1877 $(s)echo " fiptool Build the Firmware Image Package (FIP) creation tool" 1878 $(s)echo " sp Build the Secure Partition Packages" 1879 $(s)echo " sptool Build the Secure Partition Package creation tool" 1880 $(s)echo " dtbs Build the Device Tree Blobs (if required for the platform)" 1881 $(s)echo " memmap Print the memory map of the built binaries" 1882 $(s)echo " doc Build html based documentation using Sphinx tool" 1883 $(s)echo "" 1884 $(s)echo "Note: most build targets require PLAT to be set to a specific platform." 1885 $(s)echo "" 1886 $(s)echo "example: build all targets for the FVP platform:" 1887 $(s)echo " CROSS_COMPILE=aarch64-none-elf- make PLAT=fvp all" 1888 1889.PHONY: FORCE 1890FORCE:; 1891