1# 2# Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved. 3# 4# SPDX-License-Identifier: BSD-3-Clause 5# 6 7# 8# Trusted Firmware Version 9# 10VERSION_MAJOR := 2 11VERSION_MINOR := 8 12VERSION := ${VERSION_MAJOR}.${VERSION_MINOR} 13 14# Default goal is build all images 15.DEFAULT_GOAL := all 16 17# Avoid any implicit propagation of command line variable definitions to 18# sub-Makefiles, like CFLAGS that we reserved for the firmware images' 19# usage. Other command line options like "-s" are still propagated as usual. 20MAKEOVERRIDES = 21 22MAKE_HELPERS_DIRECTORY := make_helpers/ 23include ${MAKE_HELPERS_DIRECTORY}build_macros.mk 24include ${MAKE_HELPERS_DIRECTORY}build_env.mk 25 26################################################################################ 27# Default values for build configurations, and their dependencies 28################################################################################ 29 30include ${MAKE_HELPERS_DIRECTORY}defaults.mk 31 32# Assertions enabled for DEBUG builds by default 33ENABLE_ASSERTIONS := ${DEBUG} 34ENABLE_PMF := ${ENABLE_RUNTIME_INSTRUMENTATION} 35PLAT := ${DEFAULT_PLAT} 36 37################################################################################ 38# Checkpatch script options 39################################################################################ 40 41CHECKCODE_ARGS := --no-patch 42# Do not check the coding style on imported library files or documentation files 43INC_ARM_DIRS_TO_CHECK := $(sort $(filter-out \ 44 include/drivers/arm/cryptocell, \ 45 $(wildcard include/drivers/arm/*))) 46INC_ARM_DIRS_TO_CHECK += include/drivers/arm/cryptocell/*.h 47INC_DRV_DIRS_TO_CHECK := $(sort $(filter-out \ 48 include/drivers/arm, \ 49 $(wildcard include/drivers/*))) 50INC_LIB_DIRS_TO_CHECK := $(sort $(filter-out \ 51 include/lib/libfdt \ 52 include/lib/libc, \ 53 $(wildcard include/lib/*))) 54INC_DIRS_TO_CHECK := $(sort $(filter-out \ 55 include/lib \ 56 include/drivers, \ 57 $(wildcard include/*))) 58LIB_DIRS_TO_CHECK := $(sort $(filter-out \ 59 lib/compiler-rt \ 60 lib/libfdt% \ 61 lib/libc, \ 62 lib/zlib \ 63 $(wildcard lib/*))) 64ROOT_DIRS_TO_CHECK := $(sort $(filter-out \ 65 lib \ 66 include \ 67 docs \ 68 %.rst, \ 69 $(wildcard *))) 70CHECK_PATHS := ${ROOT_DIRS_TO_CHECK} \ 71 ${INC_DIRS_TO_CHECK} \ 72 ${INC_LIB_DIRS_TO_CHECK} \ 73 ${LIB_DIRS_TO_CHECK} \ 74 ${INC_DRV_DIRS_TO_CHECK} \ 75 ${INC_ARM_DIRS_TO_CHECK} 76 77 78################################################################################ 79# Process build options 80################################################################################ 81 82# Verbose flag 83ifeq (${V},0) 84 Q:=@ 85 ECHO:=@echo 86 CHECKCODE_ARGS += --no-summary --terse 87else 88 Q:= 89 ECHO:=$(ECHO_QUIET) 90endif 91 92ifneq ($(findstring s,$(filter-out --%,$(MAKEFLAGS))),) 93 Q:=@ 94 ECHO:=$(ECHO_QUIET) 95endif 96 97export Q ECHO 98 99# The cert_create tool cannot generate certificates individually, so we use the 100# target 'certificates' to create them all 101ifneq (${GENERATE_COT},0) 102 FIP_DEPS += certificates 103 FWU_FIP_DEPS += fwu_certificates 104endif 105 106# Process BRANCH_PROTECTION value and set 107# Pointer Authentication and Branch Target Identification flags 108ifeq (${BRANCH_PROTECTION},0) 109 # Default value turns off all types of branch protection 110 BP_OPTION := none 111else ifneq (${ARCH},aarch64) 112 $(error BRANCH_PROTECTION requires AArch64) 113else ifeq (${BRANCH_PROTECTION},1) 114 # Enables all types of branch protection features 115 BP_OPTION := standard 116 ENABLE_BTI := 1 117 ENABLE_PAUTH := 1 118else ifeq (${BRANCH_PROTECTION},2) 119 # Return address signing to its standard level 120 BP_OPTION := pac-ret 121 ENABLE_PAUTH := 1 122else ifeq (${BRANCH_PROTECTION},3) 123 # Extend the signing to include leaf functions 124 BP_OPTION := pac-ret+leaf 125 ENABLE_PAUTH := 1 126else ifeq (${BRANCH_PROTECTION},4) 127 # Turn on branch target identification mechanism 128 BP_OPTION := bti 129 ENABLE_BTI := 1 130else 131 $(error Unknown BRANCH_PROTECTION value ${BRANCH_PROTECTION}) 132endif 133 134# FEAT_RME 135ifeq (${ENABLE_RME},1) 136# RME doesn't support PIE 137ifneq (${ENABLE_PIE},0) 138 $(error ENABLE_RME does not support PIE) 139endif 140# RME doesn't support BRBE 141ifneq (${ENABLE_BRBE_FOR_NS},0) 142 $(error ENABLE_RME does not support BRBE.) 143endif 144# RME requires AARCH64 145ifneq (${ARCH},aarch64) 146 $(error ENABLE_RME requires AArch64) 147endif 148# RME requires el2 context to be saved for now. 149CTX_INCLUDE_EL2_REGS := 1 150CTX_INCLUDE_AARCH32_REGS := 0 151ARM_ARCH_MAJOR := 8 152ARM_ARCH_MINOR := 5 153ENABLE_FEAT_ECV = 1 154ENABLE_FEAT_FGT = 1 155 156# RME enables CSV2_2 extension by default. 157ENABLE_FEAT_CSV2_2 = 1 158 159endif 160 161# USE_SPINLOCK_CAS requires AArch64 build 162ifeq (${USE_SPINLOCK_CAS},1) 163ifneq (${ARCH},aarch64) 164 $(error USE_SPINLOCK_CAS requires AArch64) 165endif 166endif 167 168# USE_DEBUGFS experimental feature recommended only in debug builds 169ifeq (${USE_DEBUGFS},1) 170ifeq (${DEBUG},1) 171 $(warning DEBUGFS experimental feature is enabled.) 172else 173 $(warning DEBUGFS experimental, recommended in DEBUG builds ONLY) 174endif 175endif 176 177ifneq (${DECRYPTION_SUPPORT},none) 178ENC_ARGS += -f ${FW_ENC_STATUS} 179ENC_ARGS += -k ${ENC_KEY} 180ENC_ARGS += -n ${ENC_NONCE} 181FIP_DEPS += enctool 182FWU_FIP_DEPS += enctool 183endif 184 185################################################################################ 186# Toolchain 187################################################################################ 188 189HOSTCC := gcc 190export HOSTCC 191 192CC := ${CROSS_COMPILE}gcc 193CPP := ${CROSS_COMPILE}cpp 194AS := ${CROSS_COMPILE}gcc 195AR := ${CROSS_COMPILE}ar 196LINKER := ${CROSS_COMPILE}ld 197OC := ${CROSS_COMPILE}objcopy 198OD := ${CROSS_COMPILE}objdump 199NM := ${CROSS_COMPILE}nm 200PP := ${CROSS_COMPILE}gcc -E 201DTC := dtc 202 203# Use ${LD}.bfd instead if it exists (as absolute path or together with $PATH). 204ifneq ($(strip $(wildcard ${LD}.bfd) \ 205 $(foreach dir,$(subst :, ,${PATH}),$(wildcard ${dir}/${LINKER}.bfd))),) 206LINKER := ${LINKER}.bfd 207endif 208 209ifeq (${ARM_ARCH_MAJOR},7) 210target32-directive = -target arm-none-eabi 211# Will set march32-directive from platform configuration 212else 213target32-directive = -target armv8a-none-eabi 214 215# Set the compiler's target architecture profile based on 216# ARM_ARCH_MAJOR ARM_ARCH_MINOR options 217ifeq (${ARM_ARCH_MINOR},0) 218march32-directive = -march=armv${ARM_ARCH_MAJOR}-a 219march64-directive = -march=armv${ARM_ARCH_MAJOR}-a 220else 221march32-directive = -march=armv${ARM_ARCH_MAJOR}.${ARM_ARCH_MINOR}-a 222march64-directive = -march=armv${ARM_ARCH_MAJOR}.${ARM_ARCH_MINOR}-a 223endif 224endif 225 226# Memory tagging is supported in architecture Armv8.5-A AArch64 and onwards 227ifeq ($(ARCH), aarch64) 228# Check if revision is greater than or equal to 8.5 229ifeq "8.5" "$(word 1, $(sort 8.5 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))" 230mem_tag_arch_support = yes 231endif 232endif 233 234# Get architecture feature modifiers 235arch-features = ${ARM_ARCH_FEATURE} 236 237# Enable required options for memory stack tagging. 238# Currently, these options are enabled only for clang and armclang compiler. 239ifeq (${SUPPORT_STACK_MEMTAG},yes) 240ifdef mem_tag_arch_support 241# Check for armclang and clang compilers 242ifneq ( ,$(filter $(notdir $(CC)),armclang clang)) 243# Add "memtag" architecture feature modifier if not specified 244ifeq ( ,$(findstring memtag,$(arch-features))) 245arch-features := $(arch-features)+memtag 246endif # memtag 247ifeq ($(notdir $(CC)),armclang) 248TF_CFLAGS += -mmemtag-stack 249else ifeq ($(notdir $(CC)),clang) 250TF_CFLAGS += -fsanitize=memtag 251endif # armclang 252endif # armclang clang 253else 254$(error "Error: stack memory tagging is not supported for architecture \ 255 ${ARCH},armv${ARM_ARCH_MAJOR}.${ARM_ARCH_MINOR}-a") 256endif # mem_tag_arch_support 257endif # SUPPORT_STACK_MEMTAG 258 259# Set the compiler's architecture feature modifiers 260ifneq ($(arch-features), none) 261# Strip "none+" from arch-features 262arch-features := $(subst none+,,$(arch-features)) 263ifeq ($(ARCH), aarch32) 264march32-directive := $(march32-directive)+$(arch-features) 265else 266march64-directive := $(march64-directive)+$(arch-features) 267endif 268# Print features 269$(info Arm Architecture Features specified: $(subst +, ,$(arch-features))) 270endif # arch-features 271 272# Determine if FEAT_RNG is supported 273ENABLE_FEAT_RNG = $(if $(findstring rng,${arch-features}),1,0) 274 275# Determine if FEAT_SB is supported 276ENABLE_FEAT_SB = $(if $(findstring sb,${arch-features}),1,0) 277 278ifneq ($(findstring clang,$(notdir $(CC))),) 279 ifneq ($(findstring armclang,$(notdir $(CC))),) 280 TF_CFLAGS_aarch32 := -target arm-arm-none-eabi $(march32-directive) 281 TF_CFLAGS_aarch64 := -target aarch64-arm-none-eabi $(march64-directive) 282 LD := $(LINKER) 283 else 284 TF_CFLAGS_aarch32 = $(target32-directive) $(march32-directive) 285 TF_CFLAGS_aarch64 := -target aarch64-elf $(march64-directive) 286 LD := $(shell $(CC) --print-prog-name ld.lld) 287 288 AR := $(shell $(CC) --print-prog-name llvm-ar) 289 OD := $(shell $(CC) --print-prog-name llvm-objdump) 290 OC := $(shell $(CC) --print-prog-name llvm-objcopy) 291 endif 292 293 CPP := $(CC) -E $(TF_CFLAGS_$(ARCH)) 294 PP := $(CC) -E $(TF_CFLAGS_$(ARCH)) 295 AS := $(CC) -c -x assembler-with-cpp $(TF_CFLAGS_$(ARCH)) 296else ifneq ($(findstring gcc,$(notdir $(CC))),) 297TF_CFLAGS_aarch32 = $(march32-directive) 298TF_CFLAGS_aarch64 = $(march64-directive) 299ifeq ($(ENABLE_LTO),1) 300 # Enable LTO only for aarch64 301 ifeq (${ARCH},aarch64) 302 LTO_CFLAGS = -flto 303 # Use gcc as a wrapper for the ld, recommended for LTO 304 LINKER := ${CROSS_COMPILE}gcc 305 endif 306endif 307LD = $(LINKER) 308else 309TF_CFLAGS_aarch32 = $(march32-directive) 310TF_CFLAGS_aarch64 = $(march64-directive) 311LD = $(LINKER) 312endif 313 314# Process Debug flag 315$(eval $(call add_define,DEBUG)) 316ifneq (${DEBUG}, 0) 317 BUILD_TYPE := debug 318 TF_CFLAGS += -g -gdwarf-4 319 ASFLAGS += -g -Wa,-gdwarf-4 320 321 # Use LOG_LEVEL_INFO by default for debug builds 322 LOG_LEVEL := 40 323else 324 BUILD_TYPE := release 325 # Use LOG_LEVEL_NOTICE by default for release builds 326 LOG_LEVEL := 20 327endif 328 329# Default build string (git branch and commit) 330ifeq (${BUILD_STRING},) 331 BUILD_STRING := $(shell git describe --always --dirty --tags 2> /dev/null) 332endif 333VERSION_STRING := v${VERSION}(${BUILD_TYPE}):${BUILD_STRING} 334 335ifeq (${AARCH32_INSTRUCTION_SET},A32) 336TF_CFLAGS_aarch32 += -marm 337else ifeq (${AARCH32_INSTRUCTION_SET},T32) 338TF_CFLAGS_aarch32 += -mthumb 339else 340$(error Error: Unknown AArch32 instruction set ${AARCH32_INSTRUCTION_SET}) 341endif 342 343TF_CFLAGS_aarch32 += -mno-unaligned-access 344TF_CFLAGS_aarch64 += -mgeneral-regs-only -mstrict-align 345 346ifneq (${BP_OPTION},none) 347TF_CFLAGS_aarch64 += -mbranch-protection=${BP_OPTION} 348endif 349 350ASFLAGS_aarch32 = $(march32-directive) 351ASFLAGS_aarch64 = $(march64-directive) 352 353# General warnings 354WARNINGS := -Wall -Wmissing-include-dirs -Wunused \ 355 -Wdisabled-optimization -Wvla -Wshadow \ 356 -Wredundant-decls 357# stricter warnings 358WARNINGS += -Wextra -Wno-trigraphs 359# too verbose for generic build 360WARNINGS += -Wno-missing-field-initializers \ 361 -Wno-type-limits -Wno-sign-compare \ 362# on clang this flag gets reset if -Wextra is set after it. No difference on gcc 363WARNINGS += -Wno-unused-parameter 364 365# Additional warnings 366# Level 1 - infrequent warnings we should have none of 367# full -Wextra 368WARNING1 += -Wsign-compare 369WARNING1 += -Wtype-limits 370WARNING1 += -Wmissing-field-initializers 371 372# Level 2 - problematic warnings that we want 373# zlib, compiler-rt, coreboot, and mbdedtls blow up with these 374# TODO: disable just for them and move into default build 375WARNING2 += -Wold-style-definition 376WARNING2 += -Wmissing-prototypes 377WARNING2 += -Wmissing-format-attribute 378# TF-A aims to comply with this eventually. Effort too large at present 379WARNING2 += -Wundef 380# currently very involved and many platforms set this off 381WARNING2 += -Wunused-const-variable=2 382 383# Level 3 - very pedantic, frequently ignored 384WARNING3 := -Wbad-function-cast 385WARNING3 += -Waggregate-return 386WARNING3 += -Wnested-externs 387WARNING3 += -Wcast-align 388WARNING3 += -Wcast-qual 389WARNING3 += -Wconversion 390WARNING3 += -Wpacked 391WARNING3 += -Wpointer-arith 392WARNING3 += -Wswitch-default 393 394# Setting W is quite verbose and most warnings will be pre-existing issues 395# outside of the contributor's control. Don't fail the build on them so warnings 396# can be seen and hopefully addressed 397ifdef W 398ifneq (${W},0) 399E ?= 0 400endif 401endif 402 403ifeq (${W},1) 404WARNINGS += $(WARNING1) 405else ifeq (${W},2) 406WARNINGS += $(WARNING1) $(WARNING2) 407else ifeq (${W},3) 408WARNINGS += $(WARNING1) $(WARNING2) $(WARNING3) 409endif 410 411# Compiler specific warnings 412ifeq ($(findstring clang,$(notdir $(CC))),) 413# not using clang 414WARNINGS += -Wunused-but-set-variable -Wmaybe-uninitialized \ 415 -Wpacked-bitfield-compat -Wshift-overflow=2 \ 416 -Wlogical-op 417else 418# using clang 419WARNINGS += -Wshift-overflow -Wshift-sign-overflow \ 420 -Wlogical-op-parentheses 421endif 422 423ifneq (${E},0) 424ERRORS := -Werror 425endif 426 427CPPFLAGS = ${DEFINES} ${INCLUDES} ${MBEDTLS_INC} -nostdinc \ 428 $(ERRORS) $(WARNINGS) 429ASFLAGS += $(CPPFLAGS) $(ASFLAGS_$(ARCH)) \ 430 -ffreestanding -Wa,--fatal-warnings 431TF_CFLAGS += $(CPPFLAGS) $(TF_CFLAGS_$(ARCH)) \ 432 -ffunction-sections -fdata-sections \ 433 -ffreestanding -fno-builtin -fno-common \ 434 -Os -std=gnu99 435 436$(eval $(call add_define,SVE_VECTOR_LEN)) 437 438ifeq (${SANITIZE_UB},on) 439TF_CFLAGS += -fsanitize=undefined -fno-sanitize-recover 440endif 441ifeq (${SANITIZE_UB},trap) 442TF_CFLAGS += -fsanitize=undefined -fno-sanitize-recover \ 443 -fsanitize-undefined-trap-on-error 444endif 445 446GCC_V_OUTPUT := $(shell $(CC) -v 2>&1) 447 448TF_LDFLAGS += -z noexecstack 449 450# LD = armlink 451ifneq ($(findstring armlink,$(notdir $(LD))),) 452TF_LDFLAGS += --diag_error=warning --lto_level=O1 453TF_LDFLAGS += --remove --info=unused,unusedsymbols 454TF_LDFLAGS += $(TF_LDFLAGS_$(ARCH)) 455 456# LD = gcc (used when GCC LTO is enabled) 457else ifneq ($(findstring gcc,$(notdir $(LD))),) 458# Pass ld options with Wl or Xlinker switches 459TF_LDFLAGS += -Wl,--fatal-warnings -O1 460TF_LDFLAGS += -Wl,--gc-sections 461 462TF_LDFLAGS += -Wl,-z,common-page-size=4096 # Configure page size constants 463TF_LDFLAGS += -Wl,-z,max-page-size=4096 464 465ifeq ($(ENABLE_LTO),1) 466 ifeq (${ARCH},aarch64) 467 TF_LDFLAGS += -flto -fuse-linker-plugin 468 endif 469endif 470# GCC automatically adds fix-cortex-a53-843419 flag when used to link 471# which breaks some builds, so disable if errata fix is not explicitly enabled 472ifneq (${ERRATA_A53_843419},1) 473 TF_LDFLAGS += -mno-fix-cortex-a53-843419 474endif 475TF_LDFLAGS += -nostdlib 476TF_LDFLAGS += $(subst --,-Xlinker --,$(TF_LDFLAGS_$(ARCH))) 477 478# LD = gcc-ld (ld) or llvm-ld (ld.lld) or other 479else 480# With ld.bfd version 2.39 and newer new warnings are added. Skip those since we 481# are not loaded by a elf loader. 482TF_LDFLAGS += $(call ld_option, --no-warn-rwx-segments) 483TF_LDFLAGS += -O1 484TF_LDFLAGS += --gc-sections 485 486TF_LDFLAGS += -z common-page-size=4096 # Configure page size constants 487TF_LDFLAGS += -z max-page-size=4096 488 489# ld.lld doesn't recognize the errata flags, 490# therefore don't add those in that case. 491# ld.lld reports section type mismatch warnings, 492# therefore don't add --fatal-warnings to it. 493ifeq ($(findstring ld.lld,$(notdir $(LD))),) 494TF_LDFLAGS += $(TF_LDFLAGS_$(ARCH)) --fatal-warnings 495endif 496endif 497 498DTC_FLAGS += -I dts -O dtb 499DTC_CPPFLAGS += -P -nostdinc -Iinclude -Ifdts -undef \ 500 -x assembler-with-cpp $(DEFINES) 501 502################################################################################ 503# Common sources and include directories 504################################################################################ 505include ${MAKE_HELPERS_DIRECTORY}arch_features.mk 506include lib/compiler-rt/compiler-rt.mk 507 508BL_COMMON_SOURCES += common/bl_common.c \ 509 common/tf_log.c \ 510 common/${ARCH}/debug.S \ 511 drivers/console/multi_console.c \ 512 lib/${ARCH}/cache_helpers.S \ 513 lib/${ARCH}/misc_helpers.S \ 514 plat/common/plat_bl_common.c \ 515 plat/common/plat_log_common.c \ 516 plat/common/${ARCH}/plat_common.c \ 517 plat/common/${ARCH}/platform_helpers.S \ 518 ${COMPILER_RT_SRCS} 519 520ifeq ($(notdir $(CC)),armclang) 521BL_COMMON_SOURCES += lib/${ARCH}/armclang_printf.S 522endif 523 524ifeq (${SANITIZE_UB},on) 525BL_COMMON_SOURCES += plat/common/ubsan.c 526endif 527 528INCLUDES += -Iinclude \ 529 -Iinclude/arch/${ARCH} \ 530 -Iinclude/lib/cpus/${ARCH} \ 531 -Iinclude/lib/el3_runtime/${ARCH} \ 532 ${PLAT_INCLUDES} \ 533 ${SPD_INCLUDES} 534 535include common/backtrace/backtrace.mk 536 537################################################################################ 538# Generic definitions 539################################################################################ 540 541include ${MAKE_HELPERS_DIRECTORY}plat_helpers.mk 542 543ifeq (${BUILD_BASE},) 544 BUILD_BASE := ./build 545endif 546BUILD_PLAT := $(abspath ${BUILD_BASE})/${PLAT}/${BUILD_TYPE} 547 548SPDS := $(sort $(filter-out none, $(patsubst services/spd/%,%,$(wildcard services/spd/*)))) 549 550# Platforms providing their own TBB makefile may override this value 551INCLUDE_TBBR_MK := 1 552 553 554################################################################################ 555# Include SPD Makefile if one has been specified 556################################################################################ 557 558ifneq (${SPD},none) 559 ifeq (${ARCH},aarch32) 560 $(error "Error: SPD is incompatible with AArch32.") 561 endif 562 563 ifdef EL3_PAYLOAD_BASE 564 $(warning "SPD and EL3_PAYLOAD_BASE are incompatible build options.") 565 $(warning "The SPD and its BL32 companion will be present but ignored.") 566 endif 567 568 ifeq (${SPD},spmd) 569 # SPMD is located in std_svc directory 570 SPD_DIR := std_svc 571 572 ifeq ($(SPMD_SPM_AT_SEL2),1) 573 CTX_INCLUDE_EL2_REGS := 1 574 ifeq ($(SPMC_AT_EL3),1) 575 $(error SPM cannot be enabled in both S-EL2 and EL3.) 576 endif 577 endif 578 579 ifeq ($(findstring optee_sp,$(ARM_SPMC_MANIFEST_DTS)),optee_sp) 580 DTC_CPPFLAGS += -DOPTEE_SP_FW_CONFIG 581 endif 582 583 ifeq ($(TS_SP_FW_CONFIG),1) 584 DTC_CPPFLAGS += -DTS_SP_FW_CONFIG 585 endif 586 587 ifneq ($(ARM_BL2_SP_LIST_DTS),) 588 DTC_CPPFLAGS += -DARM_BL2_SP_LIST_DTS=$(ARM_BL2_SP_LIST_DTS) 589 endif 590 591 ifneq ($(SP_LAYOUT_FILE),) 592 BL2_ENABLE_SP_LOAD := 1 593 endif 594 else 595 # All other SPDs in spd directory 596 SPD_DIR := spd 597 endif 598 599 # We expect to locate an spd.mk under the specified SPD directory 600 SPD_MAKE := $(wildcard services/${SPD_DIR}/${SPD}/${SPD}.mk) 601 602 ifeq (${SPD_MAKE},) 603 $(error Error: No services/${SPD_DIR}/${SPD}/${SPD}.mk located) 604 endif 605 $(info Including ${SPD_MAKE}) 606 include ${SPD_MAKE} 607 608 # If there's BL32 companion for the chosen SPD, we expect that the SPD's 609 # Makefile would set NEED_BL32 to "yes". In this case, the build system 610 # supports two mutually exclusive options: 611 # * BL32 is built from source: then BL32_SOURCES must contain the list 612 # of source files to build BL32 613 # * BL32 is a prebuilt binary: then BL32 must point to the image file 614 # that will be included in the FIP 615 # If both BL32_SOURCES and BL32 are defined, the binary takes precedence 616 # over the sources. 617endif 618 619ifeq (${CTX_INCLUDE_EL2_REGS}, 1) 620ifeq (${SPD},none) 621ifeq (${ENABLE_RME},0) 622 $(error CTX_INCLUDE_EL2_REGS is available only when SPD or RME is enabled) 623endif 624endif 625endif 626 627################################################################################ 628# Include rmmd Makefile if RME is enabled 629################################################################################ 630 631ifneq (${ENABLE_RME},0) 632ifneq (${ARCH},aarch64) 633 $(error ENABLE_RME requires AArch64) 634endif 635ifeq ($(SPMC_AT_EL3),1) 636 $(error SPMC_AT_EL3 and ENABLE_RME cannot both be enabled.) 637endif 638include services/std_svc/rmmd/rmmd.mk 639$(warning "RME is an experimental feature") 640endif 641 642################################################################################ 643# Include the platform specific Makefile after the SPD Makefile (the platform 644# makefile may use all previous definitions in this file) 645################################################################################ 646 647include ${PLAT_MAKEFILE_FULL} 648 649$(eval $(call MAKE_PREREQ_DIR,${BUILD_PLAT})) 650 651ifeq (${ARM_ARCH_MAJOR},7) 652include make_helpers/armv7-a-cpus.mk 653endif 654 655PIE_FOUND := $(findstring --enable-default-pie,${GCC_V_OUTPUT}) 656ifneq ($(PIE_FOUND),) 657 TF_CFLAGS += -fno-PIE 658ifneq ($(findstring gcc,$(notdir $(LD))),) 659 TF_LDFLAGS += -no-pie 660endif 661endif 662 663ifneq ($(findstring gcc,$(notdir $(LD))),) 664 PIE_LDFLAGS += -Wl,-pie -Wl,--no-dynamic-linker 665else 666 PIE_LDFLAGS += -pie --no-dynamic-linker 667endif 668 669ifeq ($(ENABLE_PIE),1) 670ifeq ($(BL2_AT_EL3),1) 671ifneq ($(BL2_IN_XIP_MEM),1) 672 BL2_CPPFLAGS += -fpie 673 BL2_CFLAGS += -fpie 674 BL2_LDFLAGS += $(PIE_LDFLAGS) 675endif 676endif 677 BL31_CPPFLAGS += -fpie 678 BL31_CFLAGS += -fpie 679 BL31_LDFLAGS += $(PIE_LDFLAGS) 680 681 BL32_CPPFLAGS += -fpie 682 BL32_CFLAGS += -fpie 683 BL32_LDFLAGS += $(PIE_LDFLAGS) 684endif 685 686ifeq (${ARCH},aarch64) 687BL1_CPPFLAGS += -DIMAGE_AT_EL3 688ifeq ($(BL2_AT_EL3),1) 689BL2_CPPFLAGS += -DIMAGE_AT_EL3 690else 691BL2_CPPFLAGS += -DIMAGE_AT_EL1 692endif 693BL2U_CPPFLAGS += -DIMAGE_AT_EL1 694BL31_CPPFLAGS += -DIMAGE_AT_EL3 695BL32_CPPFLAGS += -DIMAGE_AT_EL1 696endif 697 698# Include the CPU specific operations makefile, which provides default 699# values for all CPU errata workarounds and CPU specific optimisations. 700# This can be overridden by the platform. 701include lib/cpus/cpu-ops.mk 702 703ifeq (${ARCH},aarch32) 704NEED_BL32 := yes 705 706################################################################################ 707# Build `AARCH32_SP` as BL32 image for AArch32 708################################################################################ 709ifneq (${AARCH32_SP},none) 710# We expect to locate an sp.mk under the specified AARCH32_SP directory 711AARCH32_SP_MAKE := $(wildcard bl32/${AARCH32_SP}/${AARCH32_SP}.mk) 712 713ifeq (${AARCH32_SP_MAKE},) 714 $(error Error: No bl32/${AARCH32_SP}/${AARCH32_SP}.mk located) 715endif 716 717$(info Including ${AARCH32_SP_MAKE}) 718include ${AARCH32_SP_MAKE} 719endif 720 721endif 722 723################################################################################ 724# Include libc if not overridden 725################################################################################ 726ifeq (${OVERRIDE_LIBC},0) 727include lib/libc/libc.mk 728endif 729 730################################################################################ 731# Check incompatible options 732################################################################################ 733 734ifdef EL3_PAYLOAD_BASE 735 ifdef PRELOADED_BL33_BASE 736 $(warning "PRELOADED_BL33_BASE and EL3_PAYLOAD_BASE are \ 737 incompatible build options. EL3_PAYLOAD_BASE has priority.") 738 endif 739 ifneq (${GENERATE_COT},0) 740 $(error "GENERATE_COT and EL3_PAYLOAD_BASE are incompatible build options.") 741 endif 742 ifneq (${TRUSTED_BOARD_BOOT},0) 743 $(error "TRUSTED_BOARD_BOOT and EL3_PAYLOAD_BASE are incompatible build options.") 744 endif 745endif 746 747ifeq (${NEED_BL33},yes) 748 ifdef EL3_PAYLOAD_BASE 749 $(warning "BL33 image is not needed when option \ 750 BL33_PAYLOAD_BASE is used and won't be added to the FIP file.") 751 endif 752 ifdef PRELOADED_BL33_BASE 753 $(warning "BL33 image is not needed when option \ 754 PRELOADED_BL33_BASE is used and won't be added to the FIP \ 755 file.") 756 endif 757endif 758 759# When building for systems with hardware-assisted coherency, there's no need to 760# use USE_COHERENT_MEM. Require that USE_COHERENT_MEM must be set to 0 too. 761ifeq ($(HW_ASSISTED_COHERENCY)-$(USE_COHERENT_MEM),1-1) 762$(error USE_COHERENT_MEM cannot be enabled with HW_ASSISTED_COHERENCY) 763endif 764 765#For now, BL2_IN_XIP_MEM is only supported when BL2_AT_EL3 is 1. 766ifeq ($(BL2_AT_EL3)-$(BL2_IN_XIP_MEM),0-1) 767$(error "BL2_IN_XIP_MEM is only supported when BL2_AT_EL3 is enabled") 768endif 769 770# For RAS_EXTENSION, require that EAs are handled in EL3 first 771ifeq ($(RAS_EXTENSION),1) 772 ifneq ($(HANDLE_EA_EL3_FIRST_NS),1) 773 $(error For RAS_EXTENSION, HANDLE_EA_EL3_FIRST_NS must also be 1) 774 endif 775endif 776 777# When FAULT_INJECTION_SUPPORT is used, require that RAS_EXTENSION is enabled 778ifeq ($(FAULT_INJECTION_SUPPORT),1) 779 ifneq ($(RAS_EXTENSION),1) 780 $(error For FAULT_INJECTION_SUPPORT, RAS_EXTENSION must also be 1) 781 endif 782endif 783 784# DYN_DISABLE_AUTH can be set only when TRUSTED_BOARD_BOOT=1 785ifeq ($(DYN_DISABLE_AUTH), 1) 786 ifeq (${TRUSTED_BOARD_BOOT}, 0) 787 $(error "TRUSTED_BOARD_BOOT must be enabled for DYN_DISABLE_AUTH to be set.") 788 endif 789endif 790 791ifeq ($(MEASURED_BOOT)-$(TRUSTED_BOARD_BOOT),1-1) 792# Support authentication verification and hash calculation 793 CRYPTO_SUPPORT := 3 794else ifeq ($(DRTM_SUPPORT)-$(TRUSTED_BOARD_BOOT),1-1) 795# Support authentication verification and hash calculation 796 CRYPTO_SUPPORT := 3 797else ifneq ($(filter 1,${MEASURED_BOOT} ${DRTM_SUPPORT}),) 798# Support hash calculation only 799 CRYPTO_SUPPORT := 2 800else ifeq (${TRUSTED_BOARD_BOOT},1) 801# Support authentication verification only 802 CRYPTO_SUPPORT := 1 803else 804 CRYPTO_SUPPORT := 0 805endif 806 807# SDEI_IN_FCONF is only supported when SDEI_SUPPORT is enabled. 808ifeq ($(SDEI_SUPPORT)-$(SDEI_IN_FCONF),0-1) 809$(error "SDEI_IN_FCONF is only supported when SDEI_SUPPORT is enabled") 810endif 811 812# If pointer authentication is used in the firmware, make sure that all the 813# registers associated to it are also saved and restored. 814# Not doing it would leak the value of the keys used by EL3 to EL1 and S-EL1. 815ifeq ($(ENABLE_PAUTH),1) 816 ifeq ($(CTX_INCLUDE_PAUTH_REGS),0) 817 $(error Pointer Authentication requires CTX_INCLUDE_PAUTH_REGS=1) 818 endif 819endif 820 821ifeq ($(CTX_INCLUDE_PAUTH_REGS),1) 822 ifneq (${ARCH},aarch64) 823 $(error CTX_INCLUDE_PAUTH_REGS requires AArch64) 824 endif 825endif 826 827ifeq ($(CTX_INCLUDE_MTE_REGS),1) 828 ifneq (${ARCH},aarch64) 829 $(error CTX_INCLUDE_MTE_REGS requires AArch64) 830 endif 831endif 832 833ifeq ($(PSA_FWU_SUPPORT),1) 834 $(info PSA_FWU_SUPPORT is an experimental feature) 835endif 836 837ifeq ($(FEATURE_DETECTION),1) 838 $(info FEATURE_DETECTION is an experimental feature) 839endif 840 841ifeq (${ARM_XLAT_TABLES_LIB_V1}, 1) 842 ifeq (${ALLOW_RO_XLAT_TABLES}, 1) 843 $(error "ALLOW_RO_XLAT_TABLES requires translation tables library v2") 844 endif 845endif 846 847ifneq (${DECRYPTION_SUPPORT},none) 848 ifeq (${TRUSTED_BOARD_BOOT}, 0) 849 $(error TRUSTED_BOARD_BOOT must be enabled for DECRYPTION_SUPPORT to be set) 850 endif 851endif 852 853# Ensure that no Aarch64-only features are enabled in Aarch32 build 854ifeq (${ARCH},aarch32) 855 856 # SME/SVE only supported on AArch64 857 ifeq (${ENABLE_SME_FOR_NS},1) 858 $(error "ENABLE_SME_FOR_NS cannot be used with ARCH=aarch32") 859 endif 860 ifeq (${ENABLE_SVE_FOR_NS},1) 861 # Warning instead of error due to CI dependency on this 862 $(error "ENABLE_SVE_FOR_NS cannot be used with ARCH=aarch32") 863 endif 864 865 # BRBE is not supported in AArch32 866 ifeq (${ENABLE_BRBE_FOR_NS},1) 867 $(error "ENABLE_BRBE_FOR_NS cannot be used with ARCH=aarch32") 868 endif 869 870 # FEAT_RNG_TRAP is not supported in AArch32 871 ifeq (${ENABLE_FEAT_RNG_TRAP},1) 872 $(error "ENABLE_FEAT_RNG_TRAP cannot be used with ARCH=aarch32") 873 endif 874endif 875 876# Ensure ENABLE_RME is not used with SME 877ifeq (${ENABLE_RME},1) 878 ifeq (${ENABLE_SME_FOR_NS},1) 879 $(error "ENABLE_SME_FOR_NS cannot be used with ENABLE_RME") 880 endif 881endif 882 883# Secure SME/SVE requires the non-secure component as well 884ifeq (${ENABLE_SME_FOR_SWD},1) 885 ifeq (${ENABLE_SME_FOR_NS},0) 886 $(error "ENABLE_SME_FOR_SWD requires ENABLE_SME_FOR_NS") 887 endif 888endif 889ifeq (${ENABLE_SVE_FOR_SWD},1) 890 ifeq (${ENABLE_SVE_FOR_NS},0) 891 $(error "ENABLE_SVE_FOR_SWD requires ENABLE_SVE_FOR_NS") 892 endif 893endif 894 895# SVE and SME cannot be used with CTX_INCLUDE_FPREGS since secure manager does 896# its own context management including FPU registers. 897ifeq (${CTX_INCLUDE_FPREGS},1) 898 ifeq (${ENABLE_SME_FOR_NS},1) 899 $(error "ENABLE_SME_FOR_NS cannot be used with CTX_INCLUDE_FPREGS") 900 endif 901 ifeq (${ENABLE_SVE_FOR_NS},1) 902 # Warning instead of error due to CI dependency on this 903 $(warning "ENABLE_SVE_FOR_NS cannot be used with CTX_INCLUDE_FPREGS") 904 $(warning "Forced ENABLE_SVE_FOR_NS=0") 905 override ENABLE_SVE_FOR_NS := 0 906 endif 907endif 908 909ifeq ($(DRTM_SUPPORT),1) 910 $(info DRTM_SUPPORT is an experimental feature) 911endif 912 913ifeq (${ENABLE_RME},1) 914 ifneq (${SEPARATE_CODE_AND_RODATA},1) 915 $(error `ENABLE_RME=1` requires `SEPARATE_CODE_AND_RODATA=1`) 916 endif 917endif 918 919################################################################################ 920# Process platform overrideable behaviour 921################################################################################ 922 923ifdef BL1_SOURCES 924NEED_BL1 := yes 925endif 926 927ifdef BL2_SOURCES 928 NEED_BL2 := yes 929 930 # Using BL2 implies that a BL33 image also needs to be supplied for the FIP and 931 # Certificate generation tools. This flag can be overridden by the platform. 932 ifdef EL3_PAYLOAD_BASE 933 # If booting an EL3 payload there is no need for a BL33 image 934 # in the FIP file. 935 NEED_BL33 := no 936 else 937 ifdef PRELOADED_BL33_BASE 938 # If booting a BL33 preloaded image there is no need of 939 # another one in the FIP file. 940 NEED_BL33 := no 941 else 942 NEED_BL33 ?= yes 943 endif 944 endif 945endif 946 947ifdef BL2U_SOURCES 948NEED_BL2U := yes 949endif 950 951# If SCP_BL2 is given, we always want FIP to include it. 952ifdef SCP_BL2 953 NEED_SCP_BL2 := yes 954endif 955 956# For AArch32, BL31 is not currently supported. 957ifneq (${ARCH},aarch32) 958 ifdef BL31_SOURCES 959 # When booting an EL3 payload, there is no need to compile the BL31 image nor 960 # put it in the FIP. 961 ifndef EL3_PAYLOAD_BASE 962 NEED_BL31 := yes 963 endif 964 endif 965endif 966 967# Process TBB related flags 968ifneq (${GENERATE_COT},0) 969 # Common cert_create options 970 ifneq (${CREATE_KEYS},0) 971 $(eval CRT_ARGS += -n) 972 $(eval FWU_CRT_ARGS += -n) 973 ifneq (${SAVE_KEYS},0) 974 $(eval CRT_ARGS += -k) 975 $(eval FWU_CRT_ARGS += -k) 976 endif 977 endif 978 # Include TBBR makefile (unless the platform indicates otherwise) 979 ifeq (${INCLUDE_TBBR_MK},1) 980 include make_helpers/tbbr/tbbr_tools.mk 981 endif 982endif 983 984ifneq (${FIP_ALIGN},0) 985FIP_ARGS += --align ${FIP_ALIGN} 986endif 987 988ifdef FDT_SOURCES 989NEED_FDT := yes 990endif 991 992################################################################################ 993# Include libraries' Makefile that are used in all BL 994################################################################################ 995 996include lib/stack_protector/stack_protector.mk 997 998################################################################################ 999# Auxiliary tools (fiptool, cert_create, etc) 1000################################################################################ 1001 1002# Variables for use with Certificate Generation Tool 1003CRTTOOLPATH ?= tools/cert_create 1004CRTTOOL ?= ${CRTTOOLPATH}/cert_create${BIN_EXT} 1005 1006# Variables for use with Firmware Encryption Tool 1007ENCTOOLPATH ?= tools/encrypt_fw 1008ENCTOOL ?= ${ENCTOOLPATH}/encrypt_fw${BIN_EXT} 1009 1010# Variables for use with Firmware Image Package 1011FIPTOOLPATH ?= tools/fiptool 1012FIPTOOL ?= ${FIPTOOLPATH}/fiptool${BIN_EXT} 1013 1014# Variables for use with sptool 1015SPTOOLPATH ?= tools/sptool 1016SPTOOL ?= ${SPTOOLPATH}/sptool.py 1017SP_MK_GEN ?= ${SPTOOLPATH}/sp_mk_generator.py 1018 1019# Variables for use with ROMLIB 1020ROMLIBPATH ?= lib/romlib 1021 1022# Variable for use with Python 1023PYTHON ?= python3 1024 1025# Variables for use with PRINT_MEMORY_MAP 1026PRINT_MEMORY_MAP_PATH ?= tools/memory 1027PRINT_MEMORY_MAP ?= ${PRINT_MEMORY_MAP_PATH}/print_memory_map.py 1028 1029# Variables for use with documentation build using Sphinx tool 1030DOCS_PATH ?= docs 1031 1032# Defination of SIMICS flag 1033SIMICS_BUILD ?= 0 1034 1035################################################################################ 1036# Include BL specific makefiles 1037################################################################################ 1038 1039ifeq (${NEED_BL1},yes) 1040include bl1/bl1.mk 1041endif 1042 1043ifeq (${NEED_BL2},yes) 1044include bl2/bl2.mk 1045endif 1046 1047ifeq (${NEED_BL2U},yes) 1048include bl2u/bl2u.mk 1049endif 1050 1051ifeq (${NEED_BL31},yes) 1052include bl31/bl31.mk 1053endif 1054 1055################################################################################ 1056# Build options checks 1057################################################################################ 1058 1059$(eval $(call assert_booleans,\ 1060 $(sort \ 1061 ALLOW_RO_XLAT_TABLES \ 1062 BL2_ENABLE_SP_LOAD \ 1063 COLD_BOOT_SINGLE_CPU \ 1064 CREATE_KEYS \ 1065 CTX_INCLUDE_AARCH32_REGS \ 1066 CTX_INCLUDE_FPREGS \ 1067 CTX_INCLUDE_EL2_REGS \ 1068 DEBUG \ 1069 DISABLE_MTPMU \ 1070 DYN_DISABLE_AUTH \ 1071 EL3_EXCEPTION_HANDLING \ 1072 ENABLE_AMU \ 1073 ENABLE_AMU_AUXILIARY_COUNTERS \ 1074 ENABLE_AMU_FCONF \ 1075 AMU_RESTRICT_COUNTERS \ 1076 ENABLE_ASSERTIONS \ 1077 ENABLE_PIE \ 1078 ENABLE_PMF \ 1079 ENABLE_PSCI_STAT \ 1080 ENABLE_RUNTIME_INSTRUMENTATION \ 1081 ENABLE_SME_FOR_NS \ 1082 ENABLE_SME_FOR_SWD \ 1083 ENABLE_SPE_FOR_LOWER_ELS \ 1084 ENABLE_SVE_FOR_NS \ 1085 ENABLE_SVE_FOR_SWD \ 1086 ERROR_DEPRECATED \ 1087 FAULT_INJECTION_SUPPORT \ 1088 GENERATE_COT \ 1089 GICV2_G0_FOR_EL3 \ 1090 HANDLE_EA_EL3_FIRST_NS \ 1091 HW_ASSISTED_COHERENCY \ 1092 INVERTED_MEMMAP \ 1093 MEASURED_BOOT \ 1094 DRTM_SUPPORT \ 1095 NS_TIMER_SWITCH \ 1096 OVERRIDE_LIBC \ 1097 PL011_GENERIC_UART \ 1098 PLAT_RSS_NOT_SUPPORTED \ 1099 PROGRAMMABLE_RESET_ADDRESS \ 1100 PSCI_EXTENDED_STATE_ID \ 1101 RESET_TO_BL31 \ 1102 RESET_TO_BL31_WITH_PARAMS \ 1103 SAVE_KEYS \ 1104 SEPARATE_CODE_AND_RODATA \ 1105 SEPARATE_BL2_NOLOAD_REGION \ 1106 SEPARATE_NOBITS_REGION \ 1107 SPIN_ON_BL1_EXIT \ 1108 SPM_MM \ 1109 SPMC_AT_EL3 \ 1110 SPMD_SPM_AT_SEL2 \ 1111 TRUSTED_BOARD_BOOT \ 1112 USE_COHERENT_MEM \ 1113 USE_DEBUGFS \ 1114 ARM_IO_IN_DTB \ 1115 SDEI_IN_FCONF \ 1116 SEC_INT_DESC_IN_FCONF \ 1117 USE_ROMLIB \ 1118 USE_TBBR_DEFS \ 1119 WARMBOOT_ENABLE_DCACHE_EARLY \ 1120 BL2_AT_EL3 \ 1121 BL2_IN_XIP_MEM \ 1122 BL2_INV_DCACHE \ 1123 USE_SPINLOCK_CAS \ 1124 ENCRYPT_BL31 \ 1125 ENCRYPT_BL32 \ 1126 ERRATA_SPECULATIVE_AT \ 1127 RAS_TRAP_NS_ERR_REC_ACCESS \ 1128 COT_DESC_IN_DTB \ 1129 USE_SP804_TIMER \ 1130 PSA_FWU_SUPPORT \ 1131 ENABLE_SYS_REG_TRACE_FOR_NS \ 1132 ENABLE_MPMM \ 1133 ENABLE_MPMM_FCONF \ 1134 SIMICS_BUILD \ 1135 FEATURE_DETECTION \ 1136 TRNG_SUPPORT \ 1137 CONDITIONAL_CMO \ 1138))) 1139 1140$(eval $(call assert_numerics,\ 1141 $(sort \ 1142 ARM_ARCH_MAJOR \ 1143 ARM_ARCH_MINOR \ 1144 BRANCH_PROTECTION \ 1145 CTX_INCLUDE_PAUTH_REGS \ 1146 CTX_INCLUDE_MTE_REGS \ 1147 CTX_INCLUDE_NEVE_REGS \ 1148 CRYPTO_SUPPORT \ 1149 ENABLE_BRBE_FOR_NS \ 1150 ENABLE_TRBE_FOR_NS \ 1151 ENABLE_BTI \ 1152 ENABLE_PAUTH \ 1153 ENABLE_FEAT_AMUv1 \ 1154 ENABLE_FEAT_AMUv1p1 \ 1155 ENABLE_FEAT_CSV2_2 \ 1156 ENABLE_FEAT_DIT \ 1157 ENABLE_FEAT_ECV \ 1158 ENABLE_FEAT_FGT \ 1159 ENABLE_FEAT_HCX \ 1160 ENABLE_FEAT_PAN \ 1161 ENABLE_FEAT_RNG \ 1162 ENABLE_FEAT_RNG_TRAP \ 1163 ENABLE_FEAT_SB \ 1164 ENABLE_FEAT_SEL2 \ 1165 ENABLE_FEAT_VHE \ 1166 ENABLE_MPAM_FOR_LOWER_ELS \ 1167 ENABLE_RME \ 1168 ENABLE_TRF_FOR_NS \ 1169 FW_ENC_STATUS \ 1170 NR_OF_FW_BANKS \ 1171 NR_OF_IMAGES_IN_FW_BANK \ 1172 RAS_EXTENSION \ 1173 TWED_DELAY \ 1174 ENABLE_FEAT_TWED \ 1175 SVE_VECTOR_LEN \ 1176))) 1177 1178ifdef KEY_SIZE 1179 $(eval $(call assert_numeric,KEY_SIZE)) 1180endif 1181 1182ifeq ($(filter $(SANITIZE_UB), on off trap),) 1183 $(error "Invalid value for SANITIZE_UB: can be one of on, off, trap") 1184endif 1185 1186################################################################################ 1187# Add definitions to the cpp preprocessor based on the current build options. 1188# This is done after including the platform specific makefile to allow the 1189# platform to overwrite the default options 1190################################################################################ 1191 1192$(eval $(call add_defines,\ 1193 $(sort \ 1194 ALLOW_RO_XLAT_TABLES \ 1195 ARM_ARCH_MAJOR \ 1196 ARM_ARCH_MINOR \ 1197 BL2_ENABLE_SP_LOAD \ 1198 COLD_BOOT_SINGLE_CPU \ 1199 CTX_INCLUDE_AARCH32_REGS \ 1200 CTX_INCLUDE_FPREGS \ 1201 CTX_INCLUDE_PAUTH_REGS \ 1202 EL3_EXCEPTION_HANDLING \ 1203 CTX_INCLUDE_MTE_REGS \ 1204 CTX_INCLUDE_EL2_REGS \ 1205 CTX_INCLUDE_NEVE_REGS \ 1206 DECRYPTION_SUPPORT_${DECRYPTION_SUPPORT} \ 1207 DISABLE_MTPMU \ 1208 ENABLE_AMU \ 1209 ENABLE_AMU_AUXILIARY_COUNTERS \ 1210 ENABLE_AMU_FCONF \ 1211 AMU_RESTRICT_COUNTERS \ 1212 ENABLE_ASSERTIONS \ 1213 ENABLE_BTI \ 1214 ENABLE_MPAM_FOR_LOWER_ELS \ 1215 ENABLE_PAUTH \ 1216 ENABLE_PIE \ 1217 ENABLE_PMF \ 1218 ENABLE_PSCI_STAT \ 1219 ENABLE_RME \ 1220 ENABLE_RUNTIME_INSTRUMENTATION \ 1221 ENABLE_SME_FOR_NS \ 1222 ENABLE_SME_FOR_SWD \ 1223 ENABLE_SPE_FOR_LOWER_ELS \ 1224 ENABLE_SVE_FOR_NS \ 1225 ENABLE_SVE_FOR_SWD \ 1226 ENCRYPT_BL31 \ 1227 ENCRYPT_BL32 \ 1228 ERROR_DEPRECATED \ 1229 FAULT_INJECTION_SUPPORT \ 1230 GICV2_G0_FOR_EL3 \ 1231 HANDLE_EA_EL3_FIRST_NS \ 1232 HW_ASSISTED_COHERENCY \ 1233 LOG_LEVEL \ 1234 MEASURED_BOOT \ 1235 DRTM_SUPPORT \ 1236 NS_TIMER_SWITCH \ 1237 PL011_GENERIC_UART \ 1238 PLAT_${PLAT} \ 1239 PLAT_RSS_NOT_SUPPORTED \ 1240 PROGRAMMABLE_RESET_ADDRESS \ 1241 PSCI_EXTENDED_STATE_ID \ 1242 RAS_EXTENSION \ 1243 RESET_TO_BL31 \ 1244 RESET_TO_BL31_WITH_PARAMS \ 1245 SEPARATE_CODE_AND_RODATA \ 1246 SEPARATE_BL2_NOLOAD_REGION \ 1247 SEPARATE_NOBITS_REGION \ 1248 RECLAIM_INIT_CODE \ 1249 SPD_${SPD} \ 1250 SPIN_ON_BL1_EXIT \ 1251 SPM_MM \ 1252 SPMC_AT_EL3 \ 1253 SPMD_SPM_AT_SEL2 \ 1254 TRUSTED_BOARD_BOOT \ 1255 CRYPTO_SUPPORT \ 1256 TRNG_SUPPORT \ 1257 USE_COHERENT_MEM \ 1258 USE_DEBUGFS \ 1259 ARM_IO_IN_DTB \ 1260 SDEI_IN_FCONF \ 1261 SEC_INT_DESC_IN_FCONF \ 1262 USE_ROMLIB \ 1263 USE_TBBR_DEFS \ 1264 WARMBOOT_ENABLE_DCACHE_EARLY \ 1265 BL2_AT_EL3 \ 1266 BL2_IN_XIP_MEM \ 1267 BL2_INV_DCACHE \ 1268 USE_SPINLOCK_CAS \ 1269 ERRATA_SPECULATIVE_AT \ 1270 RAS_TRAP_NS_ERR_REC_ACCESS \ 1271 COT_DESC_IN_DTB \ 1272 USE_SP804_TIMER \ 1273 ENABLE_FEAT_RNG \ 1274 ENABLE_FEAT_RNG_TRAP \ 1275 ENABLE_FEAT_SB \ 1276 ENABLE_FEAT_DIT \ 1277 NR_OF_FW_BANKS \ 1278 NR_OF_IMAGES_IN_FW_BANK \ 1279 PSA_FWU_SUPPORT \ 1280 ENABLE_BRBE_FOR_NS \ 1281 ENABLE_TRBE_FOR_NS \ 1282 ENABLE_SYS_REG_TRACE_FOR_NS \ 1283 ENABLE_TRF_FOR_NS \ 1284 ENABLE_FEAT_HCX \ 1285 ENABLE_MPMM \ 1286 ENABLE_MPMM_FCONF \ 1287 ENABLE_FEAT_FGT \ 1288 ENABLE_FEAT_AMUv1 \ 1289 ENABLE_FEAT_ECV \ 1290 SIMICS_BUILD \ 1291 ENABLE_FEAT_AMUv1p1 \ 1292 ENABLE_FEAT_SEL2 \ 1293 ENABLE_FEAT_VHE \ 1294 ENABLE_FEAT_CSV2_2 \ 1295 ENABLE_FEAT_PAN \ 1296 FEATURE_DETECTION \ 1297 TWED_DELAY \ 1298 ENABLE_FEAT_TWED \ 1299 CONDITIONAL_CMO \ 1300))) 1301 1302ifeq (${SANITIZE_UB},trap) 1303 $(eval $(call add_define,MONITOR_TRAPS)) 1304endif 1305 1306# Define the EL3_PAYLOAD_BASE flag only if it is provided. 1307ifdef EL3_PAYLOAD_BASE 1308 $(eval $(call add_define,EL3_PAYLOAD_BASE)) 1309else 1310 # Define the PRELOADED_BL33_BASE flag only if it is provided and 1311 # EL3_PAYLOAD_BASE is not defined, as it has priority. 1312 ifdef PRELOADED_BL33_BASE 1313 $(eval $(call add_define,PRELOADED_BL33_BASE)) 1314 endif 1315endif 1316 1317# Define the DYN_DISABLE_AUTH flag only if set. 1318ifeq (${DYN_DISABLE_AUTH},1) 1319$(eval $(call add_define,DYN_DISABLE_AUTH)) 1320endif 1321 1322ifneq ($(findstring armlink,$(notdir $(LD))),) 1323$(eval $(call add_define,USE_ARM_LINK)) 1324endif 1325 1326# Generate and include sp_gen.mk if SPD is spmd and SP_LAYOUT_FILE is defined 1327ifeq (${SPD},spmd) 1328ifdef SP_LAYOUT_FILE 1329 -include $(BUILD_PLAT)/sp_gen.mk 1330 FIP_DEPS += sp 1331 CRT_DEPS += sp 1332 NEED_SP_PKG := yes 1333else 1334 ifeq (${SPMD_SPM_AT_SEL2},1) 1335 $(error "SPMD with SPM at S-EL2 require SP_LAYOUT_FILE") 1336 endif 1337endif 1338endif 1339 1340################################################################################ 1341# Build targets 1342################################################################################ 1343 1344.PHONY: all msg_start clean realclean distclean cscope locate-checkpatch checkcodebase checkpatch fiptool sptool fip sp fwu_fip certtool dtbs memmap doc enctool 1345.SUFFIXES: 1346 1347all: msg_start 1348 1349msg_start: 1350 @echo "Building ${PLAT}" 1351 1352ifeq (${ERROR_DEPRECATED},0) 1353# Check if deprecated declarations and cpp warnings should be treated as error or not. 1354ifneq ($(findstring clang,$(notdir $(CC))),) 1355 CPPFLAGS += -Wno-error=deprecated-declarations 1356else 1357 CPPFLAGS += -Wno-error=deprecated-declarations -Wno-error=cpp 1358endif 1359endif # !ERROR_DEPRECATED 1360 1361$(eval $(call MAKE_LIB_DIRS)) 1362$(eval $(call MAKE_LIB,c)) 1363 1364# Expand build macros for the different images 1365ifeq (${NEED_BL1},yes) 1366BL1_SOURCES := $(sort ${BL1_SOURCES}) 1367 1368$(eval $(call MAKE_BL,bl1)) 1369endif 1370 1371ifeq (${NEED_BL2},yes) 1372ifeq (${BL2_AT_EL3}, 0) 1373FIP_BL2_ARGS := tb-fw 1374endif 1375 1376BL2_SOURCES := $(sort ${BL2_SOURCES}) 1377 1378$(if ${BL2}, $(eval $(call TOOL_ADD_IMG,bl2,--${FIP_BL2_ARGS})),\ 1379 $(eval $(call MAKE_BL,bl2,${FIP_BL2_ARGS}))) 1380endif 1381 1382ifeq (${NEED_SCP_BL2},yes) 1383$(eval $(call TOOL_ADD_IMG,scp_bl2,--scp-fw)) 1384endif 1385 1386ifeq (${NEED_BL31},yes) 1387BL31_SOURCES += ${SPD_SOURCES} 1388# Sort BL31 source files to remove duplicates 1389BL31_SOURCES := $(sort ${BL31_SOURCES}) 1390ifneq (${DECRYPTION_SUPPORT},none) 1391$(if ${BL31}, $(eval $(call TOOL_ADD_IMG,bl31,--soc-fw,,$(ENCRYPT_BL31))),\ 1392 $(eval $(call MAKE_BL,bl31,soc-fw,,$(ENCRYPT_BL31)))) 1393else 1394$(if ${BL31}, $(eval $(call TOOL_ADD_IMG,bl31,--soc-fw)),\ 1395 $(eval $(call MAKE_BL,bl31,soc-fw))) 1396endif 1397endif 1398 1399# If a BL32 image is needed but neither BL32 nor BL32_SOURCES is defined, the 1400# build system will call TOOL_ADD_IMG to print a warning message and abort the 1401# process. Note that the dependency on BL32 applies to the FIP only. 1402ifeq (${NEED_BL32},yes) 1403# Sort BL32 source files to remove duplicates 1404BL32_SOURCES := $(sort ${BL32_SOURCES}) 1405BUILD_BL32 := $(if $(BL32),,$(if $(BL32_SOURCES),1)) 1406 1407ifneq (${DECRYPTION_SUPPORT},none) 1408$(if ${BUILD_BL32}, $(eval $(call MAKE_BL,bl32,tos-fw,,$(ENCRYPT_BL32))),\ 1409 $(eval $(call TOOL_ADD_IMG,bl32,--tos-fw,,$(ENCRYPT_BL32)))) 1410else 1411$(if ${BUILD_BL32}, $(eval $(call MAKE_BL,bl32,tos-fw)),\ 1412 $(eval $(call TOOL_ADD_IMG,bl32,--tos-fw))) 1413endif 1414endif 1415 1416# If RMM image is needed but RMM is not defined, Test Realm Payload (TRP) 1417# needs to be built from RMM_SOURCES. 1418ifeq (${NEED_RMM},yes) 1419# Sort RMM source files to remove duplicates 1420RMM_SOURCES := $(sort ${RMM_SOURCES}) 1421BUILD_RMM := $(if $(RMM),,$(if $(RMM_SOURCES),1)) 1422 1423$(if ${BUILD_RMM}, $(eval $(call MAKE_BL,rmm,rmm-fw)),\ 1424 $(eval $(call TOOL_ADD_IMG,rmm,--rmm-fw))) 1425endif 1426 1427# Add the BL33 image if required by the platform 1428ifeq (${NEED_BL33},yes) 1429$(eval $(call TOOL_ADD_IMG,bl33,--nt-fw)) 1430endif 1431 1432ifeq (${NEED_BL2U},yes) 1433$(if ${BL2U}, $(eval $(call TOOL_ADD_IMG,bl2u,--ap-fwu-cfg,FWU_)),\ 1434 $(eval $(call MAKE_BL,bl2u,ap-fwu-cfg,FWU_))) 1435endif 1436 1437# Expand build macros for the different images 1438ifeq (${NEED_FDT},yes) 1439 $(eval $(call MAKE_DTBS,$(BUILD_PLAT)/fdts,$(FDT_SOURCES))) 1440endif 1441 1442# Add Secure Partition packages 1443ifeq (${NEED_SP_PKG},yes) 1444$(BUILD_PLAT)/sp_gen.mk: ${SP_MK_GEN} ${SP_LAYOUT_FILE} | ${BUILD_PLAT} 1445 ${Q}${PYTHON} "$<" "$@" $(filter-out $<,$^) $(BUILD_PLAT) ${COT} 1446sp: $(DTBS) $(BUILD_PLAT)/sp_gen.mk $(SP_PKGS) 1447 @${ECHO_BLANK_LINE} 1448 @echo "Built SP Images successfully" 1449 @${ECHO_BLANK_LINE} 1450endif 1451 1452locate-checkpatch: 1453ifndef CHECKPATCH 1454 $(error "Please set CHECKPATCH to point to the Linux checkpatch.pl file, eg: CHECKPATCH=../linux/scripts/checkpatch.pl") 1455else 1456ifeq (,$(wildcard ${CHECKPATCH})) 1457 $(error "The file CHECKPATCH points to cannot be found, use eg: CHECKPATCH=../linux/scripts/checkpatch.pl") 1458endif 1459endif 1460 1461clean: 1462 @echo " CLEAN" 1463 $(call SHELL_REMOVE_DIR,${BUILD_PLAT}) 1464ifdef UNIX_MK 1465 ${Q}${MAKE} --no-print-directory -C ${FIPTOOLPATH} clean 1466else 1467# Clear the MAKEFLAGS as we do not want 1468# to pass the gnumake flags to nmake. 1469 ${Q}set MAKEFLAGS= && ${MSVC_NMAKE} /nologo /f ${FIPTOOLPATH}/Makefile.msvc FIPTOOLPATH=$(subst /,\,$(FIPTOOLPATH)) FIPTOOL=$(subst /,\,$(FIPTOOL)) clean 1470endif 1471 ${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${CRTTOOLPATH} clean 1472 ${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${ENCTOOLPATH} clean 1473 ${Q}${MAKE} --no-print-directory -C ${ROMLIBPATH} clean 1474 1475realclean distclean: 1476 @echo " REALCLEAN" 1477 $(call SHELL_REMOVE_DIR,${BUILD_BASE}) 1478 $(call SHELL_DELETE_ALL, ${CURDIR}/cscope.*) 1479ifdef UNIX_MK 1480 ${Q}${MAKE} --no-print-directory -C ${FIPTOOLPATH} clean 1481else 1482# Clear the MAKEFLAGS as we do not want 1483# to pass the gnumake flags to nmake. 1484 ${Q}set MAKEFLAGS= && ${MSVC_NMAKE} /nologo /f ${FIPTOOLPATH}/Makefile.msvc FIPTOOLPATH=$(subst /,\,$(FIPTOOLPATH)) FIPTOOL=$(subst /,\,$(FIPTOOL)) realclean 1485endif 1486 ${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${CRTTOOLPATH} realclean 1487 ${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${ENCTOOLPATH} realclean 1488 ${Q}${MAKE} --no-print-directory -C ${ROMLIBPATH} clean 1489 1490checkcodebase: locate-checkpatch 1491 @echo " CHECKING STYLE" 1492 @if test -d .git ; then \ 1493 git ls-files | grep -E -v 'libfdt|libc|docs|\.rst' | \ 1494 while read GIT_FILE ; \ 1495 do ${CHECKPATCH} ${CHECKCODE_ARGS} -f $$GIT_FILE ; \ 1496 done ; \ 1497 else \ 1498 find . -type f -not -iwholename "*.git*" \ 1499 -not -iwholename "*build*" \ 1500 -not -iwholename "*libfdt*" \ 1501 -not -iwholename "*libc*" \ 1502 -not -iwholename "*docs*" \ 1503 -not -iwholename "*.rst" \ 1504 -exec ${CHECKPATCH} ${CHECKCODE_ARGS} -f {} \; ; \ 1505 fi 1506 1507checkpatch: locate-checkpatch 1508 @echo " CHECKING STYLE" 1509 @if test -n "${CHECKPATCH_OPTS}"; then \ 1510 echo " with ${CHECKPATCH_OPTS} option(s)"; \ 1511 fi 1512 ${Q}COMMON_COMMIT=$$(git merge-base HEAD ${BASE_COMMIT}); \ 1513 for commit in `git rev-list --no-merges $$COMMON_COMMIT..HEAD`; \ 1514 do \ 1515 printf "\n[*] Checking style of '$$commit'\n\n"; \ 1516 git log --format=email "$$commit~..$$commit" \ 1517 -- ${CHECK_PATHS} | \ 1518 ${CHECKPATCH} ${CHECKPATCH_OPTS} - || true; \ 1519 git diff --format=email "$$commit~..$$commit" \ 1520 -- ${CHECK_PATHS} | \ 1521 ${CHECKPATCH} ${CHECKPATCH_OPTS} - || true; \ 1522 done 1523 1524certtool: ${CRTTOOL} 1525 1526${CRTTOOL}: FORCE 1527 ${Q}${MAKE} PLAT=${PLAT} USE_TBBR_DEFS=${USE_TBBR_DEFS} COT=${COT} OPENSSL_DIR=${OPENSSL_DIR} CRTTOOL=${CRTTOOL} DEBUG=${DEBUG} V=${V} --no-print-directory -C ${CRTTOOLPATH} all 1528 @${ECHO_BLANK_LINE} 1529 @echo "Built $@ successfully" 1530 @${ECHO_BLANK_LINE} 1531 1532ifneq (${GENERATE_COT},0) 1533certificates: ${CRT_DEPS} ${CRTTOOL} 1534 ${Q}${CRTTOOL} ${CRT_ARGS} 1535 @${ECHO_BLANK_LINE} 1536 @echo "Built $@ successfully" 1537 @echo "Certificates can be found in ${BUILD_PLAT}" 1538 @${ECHO_BLANK_LINE} 1539endif 1540 1541${BUILD_PLAT}/${FIP_NAME}: ${FIP_DEPS} ${FIPTOOL} 1542 $(eval ${CHECK_FIP_CMD}) 1543 ${Q}${FIPTOOL} create ${FIP_ARGS} $@ 1544 ${Q}${FIPTOOL} info $@ 1545 @${ECHO_BLANK_LINE} 1546 @echo "Built $@ successfully" 1547 @${ECHO_BLANK_LINE} 1548 1549ifneq (${GENERATE_COT},0) 1550fwu_certificates: ${FWU_CRT_DEPS} ${CRTTOOL} 1551 ${Q}${CRTTOOL} ${FWU_CRT_ARGS} 1552 @${ECHO_BLANK_LINE} 1553 @echo "Built $@ successfully" 1554 @echo "FWU certificates can be found in ${BUILD_PLAT}" 1555 @${ECHO_BLANK_LINE} 1556endif 1557 1558${BUILD_PLAT}/${FWU_FIP_NAME}: ${FWU_FIP_DEPS} ${FIPTOOL} 1559 $(eval ${CHECK_FWU_FIP_CMD}) 1560 ${Q}${FIPTOOL} create ${FWU_FIP_ARGS} $@ 1561 ${Q}${FIPTOOL} info $@ 1562 @${ECHO_BLANK_LINE} 1563 @echo "Built $@ successfully" 1564 @${ECHO_BLANK_LINE} 1565 1566fiptool: ${FIPTOOL} 1567fip: ${BUILD_PLAT}/${FIP_NAME} 1568fwu_fip: ${BUILD_PLAT}/${FWU_FIP_NAME} 1569 1570${FIPTOOL}: FORCE 1571ifdef UNIX_MK 1572 ${Q}${MAKE} CPPFLAGS="-DVERSION='\"${VERSION_STRING}\"'" FIPTOOL=${FIPTOOL} OPENSSL_DIR=${OPENSSL_DIR} DEBUG=${DEBUG} V=${V} --no-print-directory -C ${FIPTOOLPATH} all 1573else 1574# Clear the MAKEFLAGS as we do not want 1575# to pass the gnumake flags to nmake. 1576 ${Q}set MAKEFLAGS= && ${MSVC_NMAKE} /nologo /f ${FIPTOOLPATH}/Makefile.msvc FIPTOOLPATH=$(subst /,\,$(FIPTOOLPATH)) FIPTOOL=$(subst /,\,$(FIPTOOL)) 1577endif 1578 1579romlib.bin: libraries FORCE 1580 ${Q}${MAKE} PLAT_DIR=${PLAT_DIR} BUILD_PLAT=${BUILD_PLAT} ENABLE_BTI=${ENABLE_BTI} ARM_ARCH_MINOR=${ARM_ARCH_MINOR} INCLUDES='${INCLUDES}' DEFINES='${DEFINES}' --no-print-directory -C ${ROMLIBPATH} all 1581 1582# Call print_memory_map tool 1583memmap: all 1584 ${Q}${PYTHON} ${PRINT_MEMORY_MAP} ${BUILD_PLAT} ${INVERTED_MEMMAP} 1585 1586doc: 1587 @echo " BUILD DOCUMENTATION" 1588 ${Q}${MAKE} --no-print-directory -C ${DOCS_PATH} html 1589 1590enctool: ${ENCTOOL} 1591 1592${ENCTOOL}: FORCE 1593 ${Q}${MAKE} PLAT=${PLAT} BUILD_INFO=0 OPENSSL_DIR=${OPENSSL_DIR} ENCTOOL=${ENCTOOL} DEBUG=${DEBUG} V=${V} --no-print-directory -C ${ENCTOOLPATH} all 1594 @${ECHO_BLANK_LINE} 1595 @echo "Built $@ successfully" 1596 @${ECHO_BLANK_LINE} 1597 1598cscope: 1599 @echo " CSCOPE" 1600 ${Q}find ${CURDIR} -name "*.[chsS]" > cscope.files 1601 ${Q}cscope -b -q -k 1602 1603help: 1604 @echo "usage: ${MAKE} [PLAT=<platform>] [OPTIONS] [TARGET]" 1605 @echo "" 1606 @echo "PLAT is used to specify which platform you wish to build." 1607 @echo "If no platform is specified, PLAT defaults to: ${DEFAULT_PLAT}" 1608 @echo "" 1609 @echo "platform = ${PLATFORM_LIST}" 1610 @echo "" 1611 @echo "Please refer to the User Guide for a list of all supported options." 1612 @echo "Note that the build system doesn't track dependencies for build " 1613 @echo "options. Therefore, if any of the build options are changed " 1614 @echo "from a previous build, a clean build must be performed." 1615 @echo "" 1616 @echo "Supported Targets:" 1617 @echo " all Build all individual bootloader binaries" 1618 @echo " bl1 Build the BL1 binary" 1619 @echo " bl2 Build the BL2 binary" 1620 @echo " bl2u Build the BL2U binary" 1621 @echo " bl31 Build the BL31 binary" 1622 @echo " bl32 Build the BL32 binary. If ARCH=aarch32, then " 1623 @echo " this builds secure payload specified by AARCH32_SP" 1624 @echo " certificates Build the certificates (requires 'GENERATE_COT=1')" 1625 @echo " fip Build the Firmware Image Package (FIP)" 1626 @echo " fwu_fip Build the FWU Firmware Image Package (FIP)" 1627 @echo " checkcodebase Check the coding style of the entire source tree" 1628 @echo " checkpatch Check the coding style on changes in the current" 1629 @echo " branch against BASE_COMMIT (default origin/master)" 1630 @echo " clean Clean the build for the selected platform" 1631 @echo " cscope Generate cscope index" 1632 @echo " distclean Remove all build artifacts for all platforms" 1633 @echo " certtool Build the Certificate generation tool" 1634 @echo " enctool Build the Firmware encryption tool" 1635 @echo " fiptool Build the Firmware Image Package (FIP) creation tool" 1636 @echo " sp Build the Secure Partition Packages" 1637 @echo " sptool Build the Secure Partition Package creation tool" 1638 @echo " dtbs Build the Device Tree Blobs (if required for the platform)" 1639 @echo " memmap Print the memory map of the built binaries" 1640 @echo " doc Build html based documentation using Sphinx tool" 1641 @echo "" 1642 @echo "Note: most build targets require PLAT to be set to a specific platform." 1643 @echo "" 1644 @echo "example: build all targets for the FVP platform:" 1645 @echo " CROSS_COMPILE=aarch64-none-elf- make PLAT=fvp all" 1646 1647.PHONY: FORCE 1648FORCE:; 1649