1# 2# Copyright (c) 2013-2025, Arm Limited and Contributors. All rights reserved. 3# 4# SPDX-License-Identifier: BSD-3-Clause 5# 6 7# 8# Trusted Firmware Version 9# 10VERSION_MAJOR := 2 11VERSION_MINOR := 13 12# VERSION_PATCH is only used for LTS releases 13VERSION_PATCH := 0 14VERSION := ${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH} 15 16# Default goal is build all images 17.DEFAULT_GOAL := all 18 19# Avoid any implicit propagation of command line variable definitions to 20# sub-Makefiles, like CFLAGS that we reserved for the firmware images' 21# usage. Other command line options like "-s" are still propagated as usual. 22MAKEOVERRIDES = 23 24MAKE_HELPERS_DIRECTORY := make_helpers/ 25include ${MAKE_HELPERS_DIRECTORY}build_macros.mk 26include ${MAKE_HELPERS_DIRECTORY}build-rules.mk 27include ${MAKE_HELPERS_DIRECTORY}common.mk 28 29################################################################################ 30# Default values for build configurations, and their dependencies 31################################################################################ 32 33include ${MAKE_HELPERS_DIRECTORY}defaults.mk 34PLAT := ${DEFAULT_PLAT} 35include ${MAKE_HELPERS_DIRECTORY}plat_helpers.mk 36 37# To be able to set platform specific defaults 38ifneq ($(PLAT_DEFAULTS_MAKEFILE_FULL),) 39include ${PLAT_DEFAULTS_MAKEFILE_FULL} 40endif 41 42################################################################################ 43# Configure the toolchains used to build TF-A and its tools 44################################################################################ 45 46include ${MAKE_HELPERS_DIRECTORY}toolchain.mk 47 48# Assertions enabled for DEBUG builds by default 49ENABLE_ASSERTIONS := ${DEBUG} 50ENABLE_PMF := ${ENABLE_RUNTIME_INSTRUMENTATION} 51 52################################################################################ 53# Checkpatch script options 54################################################################################ 55 56CHECKCODE_ARGS := --no-patch 57# Do not check the coding style on imported library files or documentation files 58INC_DRV_DIRS_TO_CHECK := $(sort $(filter-out \ 59 include/drivers/arm, \ 60 $(wildcard include/drivers/*))) 61INC_LIB_DIRS_TO_CHECK := $(sort $(filter-out \ 62 include/lib/libfdt \ 63 include/lib/libc, \ 64 $(wildcard include/lib/*))) 65INC_DIRS_TO_CHECK := $(sort $(filter-out \ 66 include/lib \ 67 include/drivers, \ 68 $(wildcard include/*))) 69LIB_DIRS_TO_CHECK := $(sort $(filter-out \ 70 lib/compiler-rt \ 71 lib/libfdt% \ 72 lib/libc, \ 73 lib/zlib \ 74 $(wildcard lib/*))) 75ROOT_DIRS_TO_CHECK := $(sort $(filter-out \ 76 lib \ 77 include \ 78 docs \ 79 %.rst, \ 80 $(wildcard *))) 81CHECK_PATHS := ${ROOT_DIRS_TO_CHECK} \ 82 ${INC_DIRS_TO_CHECK} \ 83 ${INC_LIB_DIRS_TO_CHECK} \ 84 ${LIB_DIRS_TO_CHECK} \ 85 ${INC_DRV_DIRS_TO_CHECK} \ 86 ${INC_ARM_DIRS_TO_CHECK} 87 88################################################################################ 89# Process build options 90################################################################################ 91 92ifeq ($(verbose),) 93 CHECKCODE_ARGS += --no-summary --terse 94endif 95 96################################################################################ 97# Auxiliary tools (fiptool, cert_create, etc) 98################################################################################ 99 100# Variables for use with Certificate Generation Tool 101CRTTOOLPATH ?= tools/cert_create 102CRTTOOL ?= ${CRTTOOLPATH}/cert_create$(.exe) 103 104# Variables for use with Firmware Encryption Tool 105ENCTOOLPATH ?= tools/encrypt_fw 106ENCTOOL ?= ${ENCTOOLPATH}/encrypt_fw$(.exe) 107 108# Variables for use with Firmware Image Package 109FIPTOOLPATH ?= tools/fiptool 110FIPTOOL ?= ${FIPTOOLPATH}/fiptool$(.exe) 111 112# Variables for use with sptool 113SPTOOLPATH ?= tools/sptool 114SPTOOL ?= ${SPTOOLPATH}/sptool.py 115SP_MK_GEN ?= ${SPTOOLPATH}/sp_mk_generator.py 116SP_DTS_LIST_FRAGMENT ?= ${BUILD_PLAT}/sp_list_fragment.dts 117 118# Variables for use with sptool 119TLCTOOL ?= poetry run tlc 120 121# Variables for use with ROMLIB 122ROMLIBPATH ?= lib/romlib 123 124# Variable for use with Python 125PYTHON ?= python3 126 127# Variables for use with documentation build using Sphinx tool 128DOCS_PATH ?= docs 129 130################################################################################ 131# Compiler Configuration based on ARCH_MAJOR and ARCH_MINOR flags 132################################################################################ 133ifeq (${ARM_ARCH_MAJOR},7) 134 target32-directive = -target arm-none-eabi 135# Will set march-directive from platform configuration 136else 137 target32-directive = -target armv8a-none-eabi 138endif #(ARM_ARCH_MAJOR) 139 140################################################################################ 141# Get Architecture Feature Modifiers 142################################################################################ 143arch-features = ${ARM_ARCH_FEATURE} 144 145ifneq ($(filter %-clang,$($(ARCH)-cc-id)),) 146 ifeq ($($(ARCH)-cc-id),arm-clang) 147 TF_CFLAGS_aarch32 := -target arm-arm-none-eabi 148 TF_CFLAGS_aarch64 := -target aarch64-arm-none-eabi 149 else 150 TF_CFLAGS_aarch32 = $(target32-directive) 151 TF_CFLAGS_aarch64 := -target aarch64-unknown-none-elf 152 endif 153 154else ifeq ($($(ARCH)-cc-id),gnu-gcc) 155 # Enable LTO only for aarch64 156 ifeq (${ARCH},aarch64) 157 LTO_CFLAGS = $(if $(filter-out 0,$(ENABLE_LTO)),-flto) 158 endif 159endif #(clang) 160 161# Process Debug flag 162$(eval $(call add_define,DEBUG)) 163ifneq (${DEBUG}, 0) 164 BUILD_TYPE := debug 165 TF_CFLAGS += -g -gdwarf-4 166 ASFLAGS += -g -Wa,-gdwarf-4 167 168 # Use LOG_LEVEL_INFO by default for debug builds 169 LOG_LEVEL := 40 170else 171 BUILD_TYPE := release 172 # Use LOG_LEVEL_NOTICE by default for release builds 173 LOG_LEVEL := 20 174endif #(Debug) 175 176# Default build string (git branch and commit) 177ifeq (${BUILD_STRING},) 178 BUILD_STRING := $(shell git describe --always --dirty --tags 2> /dev/null) 179endif 180VERSION_STRING := v${VERSION}(${BUILD_TYPE}):${BUILD_STRING} 181 182ifeq (${AARCH32_INSTRUCTION_SET},A32) 183 TF_CFLAGS_aarch32 += -marm 184else ifeq (${AARCH32_INSTRUCTION_SET},T32) 185 TF_CFLAGS_aarch32 += -mthumb 186else 187 $(error Error: Unknown AArch32 instruction set ${AARCH32_INSTRUCTION_SET}) 188endif #(AARCH32_INSTRUCTION_SET) 189 190TF_CFLAGS_aarch32 += -mno-unaligned-access 191TF_CFLAGS_aarch64 += -mgeneral-regs-only -mstrict-align 192 193############################################################################## 194# WARNINGS Configuration 195############################################################################### 196# General warnings 197WARNINGS := -Wall -Wmissing-include-dirs -Wunused \ 198 -Wdisabled-optimization -Wvla -Wshadow \ 199 -Wredundant-decls 200# stricter warnings 201WARNINGS += -Wextra -Wno-trigraphs 202# too verbose for generic build 203WARNINGS += -Wno-missing-field-initializers \ 204 -Wno-type-limits -Wno-sign-compare \ 205# on clang this flag gets reset if -Wextra is set after it. No difference on gcc 206WARNINGS += -Wno-unused-parameter 207 208# Additional warnings 209# Level 1 - infrequent warnings we should have none of 210# full -Wextra 211WARNING1 += -Wsign-compare 212WARNING1 += -Wtype-limits 213WARNING1 += -Wmissing-field-initializers 214 215# Level 2 - problematic warnings that we want 216# zlib, compiler-rt, coreboot, and mbdedtls blow up with these 217# TODO: disable just for them and move into default build 218WARNING2 += -Wold-style-definition 219WARNING2 += -Wmissing-prototypes 220WARNING2 += -Wmissing-format-attribute 221# TF-A aims to comply with this eventually. Effort too large at present 222WARNING2 += -Wundef 223# currently very involved and many platforms set this off 224WARNING2 += -Wunused-const-variable=2 225 226# Level 3 - very pedantic, frequently ignored 227WARNING3 := -Wbad-function-cast 228WARNING3 += -Waggregate-return 229WARNING3 += -Wnested-externs 230WARNING3 += -Wcast-align 231WARNING3 += -Wcast-qual 232WARNING3 += -Wconversion 233WARNING3 += -Wpacked 234WARNING3 += -Wpointer-arith 235WARNING3 += -Wswitch-default 236 237# Setting W is quite verbose and most warnings will be pre-existing issues 238# outside of the contributor's control. Don't fail the build on them so warnings 239# can be seen and hopefully addressed 240ifdef W 241 ifneq (${W},0) 242 E ?= 0 243 endif 244endif 245 246ifeq (${W},1) 247 WARNINGS += $(WARNING1) 248else ifeq (${W},2) 249 WARNINGS += $(WARNING1) $(WARNING2) 250else ifeq (${W},3) 251 WARNINGS += $(WARNING1) $(WARNING2) $(WARNING3) 252endif #(W) 253 254# Compiler specific warnings 255ifeq ($(filter %-clang,$($(ARCH)-cc-id)),) 256# not using clang 257WARNINGS += -Wunused-but-set-variable -Wmaybe-uninitialized \ 258 -Wpacked-bitfield-compat -Wshift-overflow=2 \ 259 -Wlogical-op 260 261# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105523 262TF_CFLAGS_MIN_PAGE_SIZE := $(call cc_option, --param=min-pagesize=0) 263TF_CFLAGS += $(TF_CFLAGS_MIN_PAGE_SIZE) 264 265ifeq ($(HARDEN_SLS), 1) 266 TF_CFLAGS_MHARDEN_SLS := $(call cc_option, -mharden-sls=all) 267 TF_CFLAGS_aarch64 += $(TF_CFLAGS_MHARDEN_SLS) 268endif 269 270else 271# using clang 272WARNINGS += -Wshift-overflow -Wshift-sign-overflow \ 273 -Wlogical-op-parentheses 274endif #(Clang Warning) 275 276ifneq (${E},0) 277 ERRORS := -Werror 278endif #(E) 279 280################################################################################ 281# Compiler and Linker Directives 282################################################################################ 283CPPFLAGS = ${DEFINES} ${INCLUDES} ${MBEDTLS_INC} -nostdinc \ 284 $(ERRORS) $(WARNINGS) 285ASFLAGS += $(CPPFLAGS) \ 286 -ffreestanding -Wa,--fatal-warnings 287TF_CFLAGS += $(CPPFLAGS) $(TF_CFLAGS_$(ARCH)) \ 288 -ffunction-sections -fdata-sections \ 289 -ffreestanding -fno-common \ 290 -Os -std=gnu99 291 292ifeq (${SANITIZE_UB},on) 293 TF_CFLAGS += -fsanitize=undefined -fno-sanitize-recover 294endif #(${SANITIZE_UB},on) 295 296ifeq (${SANITIZE_UB},trap) 297 TF_CFLAGS += -fsanitize=undefined -fno-sanitize-recover \ 298 -fsanitize-undefined-trap-on-error 299endif #(${SANITIZE_UB},trap) 300 301GCC_V_OUTPUT := $(if $($(ARCH)-cc),$(shell $($(ARCH)-cc) -v 2>&1)) 302 303TF_LDFLAGS += -z noexecstack 304 305# LD = armlink 306ifeq ($($(ARCH)-ld-id),arm-link) 307 TF_LDFLAGS += --diag_error=warning --lto_level=O1 308 TF_LDFLAGS += --remove --info=unused,unusedsymbols 309 TF_LDFLAGS += $(TF_LDFLAGS_$(ARCH)) 310 311# LD = gcc (used when GCC LTO is enabled) 312else ifeq ($($(ARCH)-ld-id),gnu-gcc) 313 # Pass ld options with Wl or Xlinker switches 314 TF_LDFLAGS += $(call ld_option,-Xlinker --no-warn-rwx-segments) 315 TF_LDFLAGS += -Wl,--fatal-warnings -O1 316 TF_LDFLAGS += -Wl,--gc-sections 317 318 TF_LDFLAGS += -Wl,-z,common-page-size=4096 #Configure page size constants 319 TF_LDFLAGS += -Wl,-z,max-page-size=4096 320 TF_LDFLAGS += -Wl,--build-id=none 321 322 ifeq ($(ENABLE_LTO),1) 323 ifeq (${ARCH},aarch64) 324 TF_LDFLAGS += -flto -fuse-linker-plugin 325 TF_LDFLAGS += -flto-partition=one 326 endif 327 endif #(ENABLE_LTO) 328 329# GCC automatically adds fix-cortex-a53-843419 flag when used to link 330# which breaks some builds, so disable if errata fix is not explicitly enabled 331 ifeq (${ARCH},aarch64) 332 ifneq (${ERRATA_A53_843419},1) 333 TF_LDFLAGS += -mno-fix-cortex-a53-843419 334 endif 335 endif 336 TF_LDFLAGS += -nostdlib 337 TF_LDFLAGS += $(subst --,-Xlinker --,$(TF_LDFLAGS_$(ARCH))) 338 339# LD = gcc-ld (ld) or llvm-ld (ld.lld) or other 340else 341# With ld.bfd version 2.39 and newer new warnings are added. Skip those since we 342# are not loaded by a elf loader. 343 TF_LDFLAGS += $(call ld_option, --no-warn-rwx-segments) 344 TF_LDFLAGS += -O1 345 TF_LDFLAGS += --gc-sections 346 347 TF_LDFLAGS += -z common-page-size=4096 # Configure page size constants 348 TF_LDFLAGS += -z max-page-size=4096 349 TF_LDFLAGS += --build-id=none 350 351# ld.lld doesn't recognize the errata flags, 352# therefore don't add those in that case. 353# ld.lld reports section type mismatch warnings, 354# therefore don't add --fatal-warnings to it. 355 ifneq ($($(ARCH)-ld-id),llvm-lld) 356 TF_LDFLAGS += $(TF_LDFLAGS_$(ARCH)) --fatal-warnings 357 endif 358 359endif #(LD = armlink) 360 361################################################################################ 362# Setup ARCH_MAJOR/MINOR before parsing arch_features. 363################################################################################ 364ifeq (${ENABLE_RME},1) 365 ARM_ARCH_MAJOR := 9 366 ARM_ARCH_MINOR := 2 367endif 368 369################################################################################ 370# Common sources and include directories 371################################################################################ 372include lib/compiler-rt/compiler-rt.mk 373 374# Allow overriding the timestamp, for example for reproducible builds, or to 375# synchronize timestamps across multiple projects. 376# This must be set to a C string (including quotes where applicable). 377BUILD_MESSAGE_TIMESTAMP ?= __TIME__", "__DATE__ 378 379DEFINES += -DBUILD_MESSAGE_TIMESTAMP='$(BUILD_MESSAGE_TIMESTAMP)' 380DEFINES += -DBUILD_MESSAGE_VERSION_STRING='"$(VERSION_STRING)"' 381DEFINES += -DBUILD_MESSAGE_VERSION='"$(VERSION)"' 382 383BL_COMMON_SOURCES += common/bl_common.c \ 384 common/tf_log.c \ 385 common/${ARCH}/debug.S \ 386 drivers/console/multi_console.c \ 387 lib/${ARCH}/cache_helpers.S \ 388 lib/${ARCH}/misc_helpers.S \ 389 lib/extensions/pmuv3/${ARCH}/pmuv3.c \ 390 plat/common/plat_bl_common.c \ 391 plat/common/plat_log_common.c \ 392 plat/common/${ARCH}/plat_common.c \ 393 plat/common/${ARCH}/platform_helpers.S \ 394 ${COMPILER_RT_SRCS} 395 396ifeq ($($(ARCH)-cc-id),arm-clang) 397 BL_COMMON_SOURCES += lib/${ARCH}/armclang_printf.S 398endif 399 400ifeq (${SANITIZE_UB},on) 401 BL_COMMON_SOURCES += plat/common/ubsan.c 402endif 403 404INCLUDES += -Iinclude \ 405 -Iinclude/arch/${ARCH} \ 406 -Iinclude/lib/cpus/${ARCH} \ 407 -Iinclude/lib/el3_runtime/${ARCH} \ 408 ${PLAT_INCLUDES} \ 409 ${SPD_INCLUDES} 410 411DTC_FLAGS += -I dts -O dtb 412DTC_CPPFLAGS += -P -nostdinc $(INCLUDES) -Ifdts -undef \ 413 -x assembler-with-cpp $(DEFINES) 414 415include common/backtrace/backtrace.mk 416 417################################################################################ 418# Generic definitions 419################################################################################ 420 421ifeq (${BUILD_BASE},) 422 BUILD_BASE := ./build 423endif 424BUILD_PLAT := $(abspath ${BUILD_BASE})/${PLAT}/${BUILD_TYPE} 425 426SPDS := $(sort $(filter-out none, $(patsubst services/spd/%,%,$(wildcard services/spd/*)))) 427 428# Platforms providing their own TBB makefile may override this value 429INCLUDE_TBBR_MK := 1 430 431################################################################################ 432# Include SPD Makefile if one has been specified 433################################################################################ 434 435ifneq (${SPD},none) 436 ifeq (${SPD},spmd) 437 # SPMD is located in std_svc directory 438 SPD_DIR := std_svc 439 440 ifeq ($(SPMD_SPM_AT_SEL2),1) 441 CTX_INCLUDE_EL2_REGS := 1 442 endif 443 444 ifeq ($(findstring optee_sp,$(ARM_SPMC_MANIFEST_DTS)),optee_sp) 445 DTC_CPPFLAGS += -DOPTEE_SP_FW_CONFIG 446 endif 447 448 ifeq ($(findstring trusty_sp,$(ARM_SPMC_MANIFEST_DTS)),trusty_sp) 449 DTC_CPPFLAGS += -DTRUSTY_SP_FW_CONFIG 450 endif 451 452 ifeq ($(TS_SP_FW_CONFIG),1) 453 DTC_CPPFLAGS += -DTS_SP_FW_CONFIG 454 endif 455 456 ifneq ($(ARM_BL2_SP_LIST_DTS),) 457 DTC_CPPFLAGS += -DARM_BL2_SP_LIST_DTS=$(ARM_BL2_SP_LIST_DTS) 458 endif 459 460 ifneq ($(SP_LAYOUT_FILE),) 461 BL2_ENABLE_SP_LOAD := 1 462 endif 463 else 464 # All other SPDs in spd directory 465 SPD_DIR := spd 466 endif #(SPD) 467 468 # We expect to locate an spd.mk under the specified SPD directory 469 SPD_MAKE := $(wildcard services/${SPD_DIR}/${SPD}/${SPD}.mk) 470 471 ifeq (${SPD_MAKE},) 472 $(error Error: No services/${SPD_DIR}/${SPD}/${SPD}.mk located) 473 endif 474 $(info Including ${SPD_MAKE}) 475 include ${SPD_MAKE} 476 477 # If there's BL32 companion for the chosen SPD, we expect that the SPD's 478 # Makefile would set NEED_BL32 to "yes". In this case, the build system 479 # supports two mutually exclusive options: 480 # * BL32 is built from source: then BL32_SOURCES must contain the list 481 # of source files to build BL32 482 # * BL32 is a prebuilt binary: then BL32 must point to the image file 483 # that will be included in the FIP 484 # If both BL32_SOURCES and BL32 are defined, the binary takes precedence 485 # over the sources. 486endif #(SPD=none) 487 488################################################################################ 489# Include the platform specific Makefile after the SPD Makefile (the platform 490# makefile may use all previous definitions in this file) 491################################################################################ 492include ${PLAT_MAKEFILE_FULL} 493 494################################################################################ 495# Setup arch_features based on ARM_ARCH_MAJOR, ARM_ARCH_MINOR provided from 496# platform. 497################################################################################ 498 499include ${MAKE_HELPERS_DIRECTORY}arch_features.mk 500################################################################################ 501# Process BRANCH_PROTECTION value and set 502# Pointer Authentication and Branch Target Identification flags 503################################################################################ 504ifeq (${BRANCH_PROTECTION},0) 505 # Default value turns off all types of branch protection 506 BP_OPTION := none 507else ifneq (${ARCH},aarch64) 508 $(error BRANCH_PROTECTION requires AArch64) 509else ifeq (${BRANCH_PROTECTION},1) 510 # Enables all types of branch protection features 511 BP_OPTION := standard 512 ENABLE_BTI := 1 513 ENABLE_PAUTH := 1 514else ifeq (${BRANCH_PROTECTION},2) 515 # Return address signing to its standard level 516 BP_OPTION := pac-ret 517 ENABLE_PAUTH := 1 518else ifeq (${BRANCH_PROTECTION},3) 519 # Extend the signing to include leaf functions 520 BP_OPTION := pac-ret+leaf 521 ENABLE_PAUTH := 1 522else ifeq (${BRANCH_PROTECTION},4) 523 # Turn on branch target identification mechanism 524 BP_OPTION := bti 525 ENABLE_BTI := 1 526else ifeq (${BRANCH_PROTECTION},5) 527 # Turn on branch target identification mechanism 528 BP_OPTION := standard 529 ENABLE_BTI := 2 530 ENABLE_PAUTH := 2 531else 532 $(error Unknown BRANCH_PROTECTION value ${BRANCH_PROTECTION}) 533endif #(BRANCH_PROTECTION) 534 535ifneq ($(ENABLE_PAUTH),0) 536 CTX_INCLUDE_PAUTH_REGS := ${ENABLE_PAUTH} 537endif 538ifneq (${BP_OPTION},none) 539 TF_CFLAGS_aarch64 += -mbranch-protection=${BP_OPTION} 540endif #(BP_OPTION) 541 542# Pointer Authentication sources 543ifneq (${ENABLE_PAUTH},0) 544# arm/common/aarch64/arm_pauth.c contains a sample platform hook to complete the 545# Pauth support. As it's not secure, it must be reimplemented for real platforms 546 BL_COMMON_SOURCES += lib/extensions/pauth/pauth.c 547endif 548 549################################################################################ 550# RME dependent flags configuration, Enable optional features for RME. 551################################################################################ 552# FEAT_RME 553ifeq (${ENABLE_RME},1) 554 # RME requires AARCH64 555 ifneq (${ARCH},aarch64) 556 $(error ENABLE_RME requires AArch64) 557 endif 558 559 # RME requires el2 context to be saved for now. 560 CTX_INCLUDE_EL2_REGS := 1 561 CTX_INCLUDE_AARCH32_REGS := 0 562 CTX_INCLUDE_PAUTH_REGS := 1 563 564 ifneq ($(ENABLE_FEAT_MPAM), 0) 565 CTX_INCLUDE_MPAM_REGS := 1 566 endif 567 568 # RME enables CSV2_2 extension by default. 569 ENABLE_FEAT_CSV2_2 = 1 570endif #(FEAT_RME) 571 572################################################################################ 573# Include rmmd Makefile if RME is enabled 574################################################################################ 575ifneq (${ENABLE_RME},0) 576 ifneq (${ARCH},aarch64) 577 $(error ENABLE_RME requires AArch64) 578 endif 579 ifeq ($(SPMC_AT_EL3),1) 580 $(error SPMC_AT_EL3 and ENABLE_RME cannot both be enabled.) 581 endif 582 583 ifneq (${SPD}, none) 584 ifneq (${SPD}, spmd) 585 $(error ENABLE_RME is incompatible with SPD=${SPD}. Use SPD=spmd) 586 endif 587 endif 588include services/std_svc/rmmd/rmmd.mk 589$(warning "RME is an experimental feature") 590endif 591 592ifeq (${CTX_INCLUDE_EL2_REGS}, 1) 593 ifeq (${SPD},none) 594 ifeq (${ENABLE_RME},0) 595 $(error CTX_INCLUDE_EL2_REGS is available only when SPD \ 596 or RME is enabled) 597 endif 598 endif 599endif 600 601################################################################################ 602# Verify FEAT_RME, FEAT_SCTLR2 and FEAT_TCR2 are enabled if FEAT_MEC is enabled. 603################################################################################ 604 605ifneq (${ENABLE_FEAT_MEC},0) 606 ifeq (${ENABLE_RME},0) 607 $(error FEAT_RME must be enabled when FEAT_MEC is enabled.) 608 endif 609 ifeq (${ENABLE_FEAT_TCR2},0) 610 $(error FEAT_TCR2 must be enabled when FEAT_MEC is enabled.) 611 endif 612 ifeq (${ENABLE_FEAT_SCTLR2},0) 613 $(error FEAT_SCTLR2 must be enabled when FEAT_MEC is enabled.) 614 endif 615endif 616 617################################################################################ 618# Make 128-Bit sysreg read/writes availabe when FEAT_D128 is enabled. 619################################################################################ 620ifneq (${ENABLE_FEAT_D128}, 0) 621 BL_COMMON_SOURCES += lib/extensions/sysreg128/sysreg128.S 622endif 623 624################################################################################ 625# Platform specific Makefile might provide us ARCH_MAJOR/MINOR use that to come 626# up with appropriate march values for compiler. 627################################################################################ 628include ${MAKE_HELPERS_DIRECTORY}march.mk 629 630TF_CFLAGS += $(march-directive) 631ASFLAGS += $(march-directive) 632 633# This internal flag is common option which is set to 1 for scenarios 634# when the BL2 is running in EL3 level. This occurs in two scenarios - 635# 4 world system running BL2 at EL3 and two world system without BL1 running 636# BL2 in EL3 637 638ifeq (${RESET_TO_BL2},1) 639 BL2_RUNS_AT_EL3 := 1 640 ifeq (${ENABLE_RME},1) 641 $(error RESET_TO_BL2=1 and ENABLE_RME=1 configuration is not \ 642 supported at the moment.) 643 endif 644else ifeq (${ENABLE_RME},1) 645 BL2_RUNS_AT_EL3 := 1 646else 647 BL2_RUNS_AT_EL3 := 0 648endif 649 650# This internal flag is set to 1 when Firmware First handling of External aborts 651# is required by lowe ELs. Currently only NS requires this support. 652ifeq ($(HANDLE_EA_EL3_FIRST_NS),1) 653 FFH_SUPPORT := 1 654else 655 FFH_SUPPORT := 0 656endif 657 658ifeq (${ARM_ARCH_MAJOR},7) 659include make_helpers/armv7-a-cpus.mk 660endif 661 662PIE_FOUND := $(findstring --enable-default-pie,${GCC_V_OUTPUT}) 663ifneq ($(PIE_FOUND),) 664 TF_CFLAGS += -fno-PIE 665ifeq ($($(ARCH)-ld-id),gnu-gcc) 666 TF_LDFLAGS += -no-pie 667endif 668endif #(PIE_FOUND) 669 670ifeq ($($(ARCH)-ld-id),gnu-gcc) 671 PIE_LDFLAGS += -Wl,-pie -Wl,--no-dynamic-linker 672else 673 PIE_LDFLAGS += -pie --no-dynamic-linker 674endif 675 676ifeq ($(ENABLE_PIE),1) 677 ifeq ($(RESET_TO_BL2),1) 678 ifneq ($(BL2_IN_XIP_MEM),1) 679 BL2_CPPFLAGS += -fpie 680 BL2_CFLAGS += -fpie 681 BL2_LDFLAGS += $(PIE_LDFLAGS) 682 endif #(BL2_IN_XIP_MEM) 683 endif #(RESET_TO_BL2) 684 BL31_CPPFLAGS += -fpie 685 BL31_CFLAGS += -fpie 686 BL31_LDFLAGS += $(PIE_LDFLAGS) 687 688 BL32_CPPFLAGS += -fpie 689 BL32_CFLAGS += -fpie 690 BL32_LDFLAGS += $(PIE_LDFLAGS) 691endif #(ENABLE_PIE) 692 693BL1_CPPFLAGS += -DREPORT_ERRATA=${DEBUG} 694BL31_CPPFLAGS += -DREPORT_ERRATA=${DEBUG} 695BL32_CPPFLAGS += -DREPORT_ERRATA=${DEBUG} 696 697BL1_CPPFLAGS += -DIMAGE_AT_EL3 698ifeq ($(RESET_TO_BL2),1) 699 BL2_CPPFLAGS += -DIMAGE_AT_EL3 700else 701 BL2_CPPFLAGS += -DIMAGE_AT_EL1 702endif #(RESET_TO_BL2) 703 704ifeq (${ARCH},aarch64) 705 BL2U_CPPFLAGS += -DIMAGE_AT_EL1 706 BL31_CPPFLAGS += -DIMAGE_AT_EL3 707 BL32_CPPFLAGS += -DIMAGE_AT_EL1 708else 709 BL32_CPPFLAGS += -DIMAGE_AT_EL3 710endif 711 712# Include the CPU specific operations makefile, which provides default 713# values for all CPU errata workarounds and CPU specific optimisations. 714# This can be overridden by the platform. 715include lib/cpus/cpu-ops.mk 716 717################################################################################ 718# Build `AARCH32_SP` as BL32 image for AArch32 719################################################################################ 720ifeq (${ARCH},aarch32) 721 NEED_BL32 := yes 722 723 ifneq (${AARCH32_SP},none) 724 # We expect to locate an sp.mk under the specified AARCH32_SP directory 725 AARCH32_SP_MAKE := $(wildcard bl32/${AARCH32_SP}/${AARCH32_SP}.mk) 726 727 ifeq (${AARCH32_SP_MAKE},) 728 $(error Error: No bl32/${AARCH32_SP}/${AARCH32_SP}.mk located) 729 endif 730 $(info Including ${AARCH32_SP_MAKE}) 731 include ${AARCH32_SP_MAKE} 732 endif 733endif #(ARCH=aarch32) 734 735################################################################################ 736# Include libc if not overridden 737################################################################################ 738ifeq (${OVERRIDE_LIBC},0) 739include lib/libc/libc.mk 740endif 741 742ifneq (${USE_GIC_DRIVER},0) 743include drivers/arm/gic/gic.mk 744endif 745 746################################################################################ 747# Check incompatible options and dependencies 748################################################################################ 749 750# Handle all invalid build configurations with SPMD usage. 751ifeq (${ENABLE_SPMD_LP}, 1) 752ifneq (${SPD},spmd) 753 $(error Error: ENABLE_SPMD_LP requires SPD=spmd.) 754endif 755ifeq ($(SPMC_AT_EL3),1) 756 $(error SPMC at EL3 not supported when enabling SPMD Logical partitions.) 757endif 758endif 759 760ifneq (${SPD},none) 761ifeq (${ARCH},aarch32) 762 $(error "Error: SPD is incompatible with AArch32.") 763endif 764ifdef EL3_PAYLOAD_BASE 765 $(warning "SPD and EL3_PAYLOAD_BASE are incompatible build options.") 766 $(warning "The SPD and its BL32 companion will be present but ignored.") 767endif 768ifeq (${SPD},spmd) 769ifeq ($(SPMD_SPM_AT_SEL2),1) 770 ifeq ($(SPMC_AT_EL3),1) 771 $(error SPM cannot be enabled in both S-EL2 and EL3.) 772 endif 773 ifeq ($(CTX_INCLUDE_SVE_REGS),1) 774 $(error SVE context management not needed with Hafnium SPMC.) 775 endif 776endif 777 778ifeq ($(SPMC_AT_EL3_SEL0_SP),1) 779 ifneq ($(SPMC_AT_EL3),1) 780 $(error SEL0 SP cannot be enabled without SPMC at EL3) 781 endif 782endif 783endif #(SPD=spmd) 784endif #(SPD!=none) 785 786# USE_DEBUGFS experimental feature recommended only in debug builds 787ifeq (${USE_DEBUGFS},1) 788 ifeq (${DEBUG},1) 789 $(warning DEBUGFS experimental feature is enabled.) 790 else 791 $(warning DEBUGFS experimental, recommended in DEBUG builds ONLY) 792 endif 793endif #(USE_DEBUGFS) 794 795# USE_SPINLOCK_CAS requires AArch64 build 796ifeq (${USE_SPINLOCK_CAS},1) 797 ifneq (${ARCH},aarch64) 798 $(error USE_SPINLOCK_CAS requires AArch64) 799 endif 800endif #(USE_SPINLOCK_CAS) 801 802# The cert_create tool cannot generate certificates individually, so we use the 803# target 'certificates' to create them all 804ifneq (${GENERATE_COT},0) 805 FIP_DEPS += certificates 806 FWU_FIP_DEPS += fwu_certificates 807endif 808 809ifneq (${DECRYPTION_SUPPORT},none) 810 ENC_ARGS += -f ${FW_ENC_STATUS} 811 ENC_ARGS += -k ${ENC_KEY} 812 ENC_ARGS += -n ${ENC_NONCE} 813 FIP_DEPS += enctool 814 FWU_FIP_DEPS += enctool 815endif #(DECRYPTION_SUPPORT) 816 817ifdef EL3_PAYLOAD_BASE 818 ifdef PRELOADED_BL33_BASE 819 $(warning "PRELOADED_BL33_BASE and EL3_PAYLOAD_BASE are \ 820 incompatible build options. EL3_PAYLOAD_BASE has priority.") 821 endif 822 ifneq (${GENERATE_COT},0) 823 $(error "GENERATE_COT and EL3_PAYLOAD_BASE are incompatible \ 824 build options.") 825 endif 826 ifneq (${TRUSTED_BOARD_BOOT},0) 827 $(error "TRUSTED_BOARD_BOOT and EL3_PAYLOAD_BASE are \ 828 incompatible \ build options.") 829 endif 830endif #(EL3_PAYLOAD_BASE) 831 832ifeq (${NEED_BL33},yes) 833 ifdef EL3_PAYLOAD_BASE 834 $(warning "BL33 image is not needed when option \ 835 BL33_PAYLOAD_BASE is used and won't be added to the FIP file.") 836 endif 837 ifdef PRELOADED_BL33_BASE 838 $(warning "BL33 image is not needed when option \ 839 PRELOADED_BL33_BASE is used and won't be added to the FIP file.") 840 endif 841endif #(NEED_BL33) 842 843# When building for systems with hardware-assisted coherency, there's no need to 844# use USE_COHERENT_MEM. Require that USE_COHERENT_MEM must be set to 0 too. 845ifeq ($(HW_ASSISTED_COHERENCY)-$(USE_COHERENT_MEM),1-1) 846 $(error USE_COHERENT_MEM cannot be enabled with HW_ASSISTED_COHERENCY) 847endif 848 849#For now, BL2_IN_XIP_MEM is only supported when RESET_TO_BL2 is 1. 850ifeq ($(RESET_TO_BL2)-$(BL2_IN_XIP_MEM),0-1) 851 $(error "BL2_IN_XIP_MEM is only supported when RESET_TO_BL2 is enabled") 852endif 853 854# RAS_EXTENSION is deprecated, provide alternate build options 855ifeq ($(RAS_EXTENSION),1) 856 $(error "RAS_EXTENSION is now deprecated, please use ENABLE_FEAT_RAS \ 857 and HANDLE_EA_EL3_FIRST_NS instead") 858endif 859 860 861# When FAULT_INJECTION_SUPPORT is used, require that FEAT_RAS is enabled 862ifeq ($(FAULT_INJECTION_SUPPORT),1) 863 ifeq ($(ENABLE_FEAT_RAS),0) 864 $(error For FAULT_INJECTION_SUPPORT, ENABLE_FEAT_RAS must not be 0) 865 endif 866endif #(FAULT_INJECTION_SUPPORT) 867 868# DYN_DISABLE_AUTH can be set only when TRUSTED_BOARD_BOOT=1 869ifeq ($(DYN_DISABLE_AUTH), 1) 870 ifeq (${TRUSTED_BOARD_BOOT}, 0) 871 $(error "TRUSTED_BOARD_BOOT must be enabled for DYN_DISABLE_AUTH \ 872 to be set.") 873 endif 874endif #(DYN_DISABLE_AUTH) 875 876ifeq ($(MEASURED_BOOT)-$(TRUSTED_BOARD_BOOT),1-1) 877# Support authentication verification and hash calculation 878 CRYPTO_SUPPORT := 3 879else ifeq ($(DRTM_SUPPORT)-$(TRUSTED_BOARD_BOOT),1-1) 880# Support authentication verification and hash calculation 881 CRYPTO_SUPPORT := 3 882else ifneq ($(filter 1,${MEASURED_BOOT} ${DRTM_SUPPORT}),) 883# Support hash calculation only 884 CRYPTO_SUPPORT := 2 885else ifeq (${TRUSTED_BOARD_BOOT},1) 886# Support authentication verification only 887 CRYPTO_SUPPORT := 1 888else 889 CRYPTO_SUPPORT := 0 890endif #($(MEASURED_BOOT)-$(TRUSTED_BOARD_BOOT)) 891 892ifneq ($(filter 1 2 3,$(CRYPTO_SUPPORT)),) 893CRYPTO_LIB := $(BUILD_PLAT)/lib/libmbedtls.a 894endif 895 896# SDEI_IN_FCONF is only supported when SDEI_SUPPORT is enabled. 897ifeq ($(SDEI_SUPPORT)-$(SDEI_IN_FCONF),0-1) 898 $(error "SDEI_IN_FCONF is only supported when SDEI_SUPPORT is enabled") 899endif 900 901# If pointer authentication is used in the firmware, make sure that all the 902# registers associated to it are also saved and restored. 903# Not doing it would leak the value of the keys used by EL3 to EL1 and S-EL1. 904ifneq ($(ENABLE_PAUTH),0) 905 ifeq ($(CTX_INCLUDE_PAUTH_REGS),0) 906 $(error Pointer Authentication requires CTX_INCLUDE_PAUTH_REGS to be enabled) 907 endif 908endif #(ENABLE_PAUTH) 909 910ifneq ($(CTX_INCLUDE_PAUTH_REGS),0) 911 ifneq (${ARCH},aarch64) 912 $(error CTX_INCLUDE_PAUTH_REGS requires AArch64) 913 endif 914endif #(CTX_INCLUDE_PAUTH_REGS) 915 916# Check ENABLE_FEAT_PAUTH_LR 917ifneq (${ENABLE_FEAT_PAUTH_LR},0) 918 919# Make sure PAUTH is enabled 920ifeq (${ENABLE_PAUTH},0) 921 $(error Error: PAUTH_LR cannot be used without PAUTH (see BRANCH_PROTECTION)) 922endif 923 924# Make sure SCTLR2 is enabled 925ifeq (${ENABLE_FEAT_SCTLR2},0) 926 $(error Error: PAUTH_LR cannot be used without ENABLE_FEAT_SCTLR2) 927endif 928 929# FEAT_PAUTH_LR is only supported in aarch64 state 930ifneq (${ARCH},aarch64) 931 $(error ENABLE_FEAT_PAUTH_LR requires AArch64) 932endif 933 934# Currently, FEAT_PAUTH_LR is only supported by arm/clang compilers 935# TODO implement for GCC when support is added 936ifeq ($($(ARCH)-cc-id),arm-clang) 937 arch-features := $(arch-features)+pauth-lr 938else 939 $(error Error: ENABLE_FEAT_PAUTH_LR not supported for GCC compiler) 940endif 941 942endif # ${ENABLE_FEAT_PAUTH_LR} 943 944ifeq ($(FEATURE_DETECTION),1) 945 $(info FEATURE_DETECTION is an experimental feature) 946endif #(FEATURE_DETECTION) 947 948ifneq ($(ENABLE_SME2_FOR_NS), 0) 949 ifeq (${ENABLE_SME_FOR_NS}, 0) 950 $(warning "ENABLE_SME2_FOR_NS requires ENABLE_SME_FOR_NS also \ 951 to be set") 952 $(warning "Forced ENABLE_SME_FOR_NS=1") 953 override ENABLE_SME_FOR_NS := 1 954 endif 955endif #(ENABLE_SME2_FOR_NS) 956 957ifeq (${ARM_XLAT_TABLES_LIB_V1}, 1) 958 ifeq (${ALLOW_RO_XLAT_TABLES}, 1) 959 $(error "ALLOW_RO_XLAT_TABLES requires translation tables \ 960 library v2") 961 endif 962endif #(ARM_XLAT_TABLES_LIB_V1) 963 964ifneq (${DECRYPTION_SUPPORT},none) 965 ifeq (${TRUSTED_BOARD_BOOT}, 0) 966 $(error TRUSTED_BOARD_BOOT must be enabled for DECRYPTION_SUPPORT \ 967 to be set) 968 endif 969endif #(DECRYPTION_SUPPORT) 970 971# Ensure that no Aarch64-only features are enabled in Aarch32 build 972ifeq (${ARCH},aarch32) 973 974 # SME/SVE only supported on AArch64 975 ifneq (${ENABLE_SME_FOR_NS},0) 976 $(error "ENABLE_SME_FOR_NS cannot be used with ARCH=aarch32") 977 endif 978 979 ifeq (${ENABLE_SVE_FOR_NS},1) 980 # Warning instead of error due to CI dependency on this 981 $(error "ENABLE_SVE_FOR_NS cannot be used with ARCH=aarch32") 982 endif 983 984 # BRBE is not supported in AArch32 985 ifeq (${ENABLE_BRBE_FOR_NS},1) 986 $(error "ENABLE_BRBE_FOR_NS cannot be used with ARCH=aarch32") 987 endif 988 989 # FEAT_RNG_TRAP is not supported in AArch32 990 ifneq (${ENABLE_FEAT_RNG_TRAP},0) 991 $(error "ENABLE_FEAT_RNG_TRAP cannot be used with ARCH=aarch32") 992 endif 993 994 ifneq (${ENABLE_FEAT_FPMR},0) 995 $(error "ENABLE_FEAT_FPMR cannot be used with ARCH=aarch32") 996 endif 997 998 ifeq (${ARCH_FEATURE_AVAILABILITY},1) 999 $(error "ARCH_FEATURE_AVAILABILITY cannot be used with ARCH=aarch32") 1000 endif 1001 # FEAT_MOPS is only supported on AArch64 1002 ifneq (${ENABLE_FEAT_MOPS},0) 1003 $(error "ENABLE_FEAT_MOPS cannot be used with ARCH=aarch32") 1004 endif 1005endif #(ARCH=aarch32) 1006 1007ifneq (${ENABLE_FEAT_FPMR},0) 1008 ifeq (${ENABLE_FEAT_FGT},0) 1009 $(error "ENABLE_FEAT_FPMR requires ENABLE_FEAT_FGT") 1010 endif 1011 ifeq (${ENABLE_FEAT_HCX},0) 1012 $(error "ENABLE_FEAT_FPMR requires ENABLE_FEAT_HCX") 1013 endif 1014endif #(ENABLE_FEAT_FPMR) 1015 1016ifneq (${ENABLE_SME_FOR_NS},0) 1017 ifeq (${ENABLE_SVE_FOR_NS},0) 1018 $(error "ENABLE_SME_FOR_NS requires ENABLE_SVE_FOR_NS") 1019 endif 1020endif #(ENABLE_SME_FOR_NS) 1021 1022# Secure SME/SVE requires the non-secure component as well 1023ifeq (${ENABLE_SME_FOR_SWD},1) 1024 ifeq (${ENABLE_SME_FOR_NS},0) 1025 $(error "ENABLE_SME_FOR_SWD requires ENABLE_SME_FOR_NS") 1026 endif 1027 ifeq (${ENABLE_SVE_FOR_SWD},0) 1028 $(error "ENABLE_SME_FOR_SWD requires ENABLE_SVE_FOR_SWD") 1029 endif 1030endif #(ENABLE_SME_FOR_SWD) 1031 1032# Enabling SVE for SWD requires enabling SVE for NWD due to ENABLE_FEAT 1033# mechanism. 1034ifeq (${ENABLE_SVE_FOR_SWD},1) 1035 ifeq (${ENABLE_SVE_FOR_NS},0) 1036 $(error "ENABLE_SVE_FOR_SWD requires ENABLE_SVE_FOR_NS") 1037 endif 1038endif 1039 1040# Enabling FEAT_MOPS requires access to hcrx_el2 registers which is 1041# available only when FEAT_HCX is enabled. 1042ifneq (${ENABLE_FEAT_MOPS},0) 1043 ifeq (${ENABLE_FEAT_HCX},0) 1044 $(error "ENABLE_FEAT_MOPS requires ENABLE_FEAT_HCX") 1045 endif 1046endif 1047 1048# Enabling SVE for both the worlds typically requires the context 1049# management of SVE registers. The only exception being SPMC at S-EL2. 1050ifeq (${ENABLE_SVE_FOR_SWD}, 1) 1051 ifneq (${ENABLE_SVE_FOR_NS}, 0) 1052 ifeq (${CTX_INCLUDE_SVE_REGS}-$(SPMD_SPM_AT_SEL2),0-0) 1053 $(warning "ENABLE_SVE_FOR_SWD and ENABLE_SVE_FOR_NS together require CTX_INCLUDE_SVE_REGS") 1054 endif 1055 endif 1056endif 1057 1058# Enabling SVE in either world while enabling CTX_INCLUDE_FPREGS requires 1059# CTX_INCLUDE_SVE_REGS to be enabled due to architectural dependency between FP 1060# and SVE registers. 1061ifeq (${CTX_INCLUDE_FPREGS}, 1) 1062 ifneq (${ENABLE_SVE_FOR_NS},0) 1063 ifeq (${CTX_INCLUDE_SVE_REGS},0) 1064 # Warning instead of error due to CI dependency on this 1065 $(warning "CTX_INCLUDE_FPREGS and ENABLE_SVE_FOR_NS together require CTX_INCLUDE_SVE_REGS") 1066 $(warning "Forced ENABLE_SVE_FOR_NS=0") 1067 override ENABLE_SVE_FOR_NS := 0 1068 endif 1069 endif 1070endif #(CTX_INCLUDE_FPREGS) 1071 1072# SVE context management is only required if secure world has access to SVE/FP 1073# functionality. 1074ifeq (${CTX_INCLUDE_SVE_REGS},1) 1075 ifeq (${ENABLE_SVE_FOR_SWD},0) 1076 $(error "CTX_INCLUDE_SVE_REGS requires ENABLE_SVE_FOR_SWD to also be enabled") 1077 endif 1078endif 1079 1080# SME cannot be used with CTX_INCLUDE_FPREGS since SPM does its own context 1081# management including FPU registers. 1082ifeq (${CTX_INCLUDE_FPREGS},1) 1083 ifneq (${ENABLE_SME_FOR_NS},0) 1084 $(error "ENABLE_SME_FOR_NS cannot be used with CTX_INCLUDE_FPREGS") 1085 endif 1086endif #(CTX_INCLUDE_FPREGS) 1087 1088ifeq ($(DRTM_SUPPORT),1) 1089 $(info DRTM_SUPPORT is an experimental feature) 1090endif 1091 1092ifeq (${HOB_LIST},1) 1093 $(warning HOB_LIST is an experimental feature) 1094endif 1095 1096ifeq (${TRANSFER_LIST},1) 1097 $(info TRANSFER_LIST is an experimental feature) 1098endif 1099 1100ifeq (${ENABLE_RME},1) 1101 ifneq (${SEPARATE_CODE_AND_RODATA},1) 1102 $(error `ENABLE_RME=1` requires `SEPARATE_CODE_AND_RODATA=1`) 1103 endif 1104endif 1105 1106ifeq ($(PSA_CRYPTO),1) 1107 $(info PSA_CRYPTO is an experimental feature) 1108endif 1109 1110ifeq ($(DICE_PROTECTION_ENVIRONMENT),1) 1111 $(info DICE_PROTECTION_ENVIRONMENT is an experimental feature) 1112endif 1113 1114################################################################################ 1115# Process platform overrideable behaviour 1116################################################################################ 1117 1118ifdef BL1_SOURCES 1119 NEED_BL1 := yes 1120endif #(BL1_SOURCES) 1121 1122ifdef BL2_SOURCES 1123 NEED_BL2 := yes 1124 1125 # Using BL2 implies that a BL33 image also needs to be supplied for the FIP and 1126 # Certificate generation tools. This flag can be overridden by the platform. 1127 ifdef EL3_PAYLOAD_BASE 1128 # If booting an EL3 payload there is no need for a BL33 image 1129 # in the FIP file. 1130 NEED_BL33 := no 1131 else 1132 ifdef PRELOADED_BL33_BASE 1133 # If booting a BL33 preloaded image there is no need of 1134 # another one in the FIP file. 1135 NEED_BL33 := no 1136 else 1137 NEED_BL33 ?= yes 1138 endif 1139 endif 1140endif #(BL2_SOURCES) 1141 1142ifdef BL2U_SOURCES 1143 NEED_BL2U := yes 1144endif #(BL2U_SOURCES) 1145 1146# If SCP_BL2 is given, we always want FIP to include it. 1147ifdef SCP_BL2 1148 NEED_SCP_BL2 := yes 1149endif #(SCP_BL2) 1150 1151# For AArch32, BL31 is not currently supported. 1152ifneq (${ARCH},aarch32) 1153 ifdef BL31_SOURCES 1154 # When booting an EL3 payload, there is no need to compile the BL31 1155 # image nor put it in the FIP. 1156 ifndef EL3_PAYLOAD_BASE 1157 NEED_BL31 := yes 1158 endif 1159 endif 1160endif #(ARCH=aarch64) 1161 1162# Process TBB related flags 1163ifneq (${GENERATE_COT},0) 1164 # Common cert_create options 1165 ifneq (${CREATE_KEYS},0) 1166 $(eval CRT_ARGS += -n) 1167 $(eval FWU_CRT_ARGS += -n) 1168 ifneq (${SAVE_KEYS},0) 1169 $(eval CRT_ARGS += -k) 1170 $(eval FWU_CRT_ARGS += -k) 1171 endif 1172 endif 1173 # Include TBBR makefile (unless the platform indicates otherwise) 1174 ifeq (${INCLUDE_TBBR_MK},1) 1175 include make_helpers/tbbr/tbbr_tools.mk 1176 endif 1177endif #(GENERATE_COT) 1178 1179ifneq (${FIP_ALIGN},0) 1180 FIP_ARGS += --align ${FIP_ALIGN} 1181endif #(FIP_ALIGN) 1182 1183ifdef FDT_SOURCES 1184 NEED_FDT := yes 1185endif #(FDT_SOURCES) 1186 1187################################################################################ 1188# Include libraries' Makefile that are used in all BL 1189################################################################################ 1190 1191include lib/stack_protector/stack_protector.mk 1192 1193################################################################################ 1194# Include BL specific makefiles 1195################################################################################ 1196 1197ifeq (${NEED_BL1},yes) 1198include bl1/bl1.mk 1199endif 1200 1201ifeq (${NEED_BL2},yes) 1202include bl2/bl2.mk 1203endif 1204 1205ifeq (${NEED_BL2U},yes) 1206include bl2u/bl2u.mk 1207endif 1208 1209ifeq (${NEED_BL31},yes) 1210include bl31/bl31.mk 1211endif 1212 1213################################################################################ 1214# Build options checks 1215################################################################################ 1216 1217# Boolean_Flags 1218$(eval $(call assert_booleans,\ 1219 $(sort \ 1220 ALLOW_RO_XLAT_TABLES \ 1221 BL2_ENABLE_SP_LOAD \ 1222 COLD_BOOT_SINGLE_CPU \ 1223 CREATE_KEYS \ 1224 CTX_INCLUDE_AARCH32_REGS \ 1225 CTX_INCLUDE_FPREGS \ 1226 CTX_INCLUDE_SVE_REGS \ 1227 CTX_INCLUDE_EL2_REGS \ 1228 CTX_INCLUDE_MPAM_REGS \ 1229 DEBUG \ 1230 DYN_DISABLE_AUTH \ 1231 EL3_EXCEPTION_HANDLING \ 1232 ENABLE_AMU_AUXILIARY_COUNTERS \ 1233 AMU_RESTRICT_COUNTERS \ 1234 ENABLE_ASSERTIONS \ 1235 ENABLE_PIE \ 1236 ENABLE_PMF \ 1237 ENABLE_PSCI_STAT \ 1238 ENABLE_RUNTIME_INSTRUMENTATION \ 1239 ENABLE_SME_FOR_SWD \ 1240 ENABLE_SVE_FOR_SWD \ 1241 ENABLE_FEAT_RAS \ 1242 FFH_SUPPORT \ 1243 ERROR_DEPRECATED \ 1244 FAULT_INJECTION_SUPPORT \ 1245 GENERATE_COT \ 1246 GICV2_G0_FOR_EL3 \ 1247 HANDLE_EA_EL3_FIRST_NS \ 1248 HARDEN_SLS \ 1249 HW_ASSISTED_COHERENCY \ 1250 MEASURED_BOOT \ 1251 DISCRETE_TPM \ 1252 DICE_PROTECTION_ENVIRONMENT \ 1253 RMMD_ENABLE_EL3_TOKEN_SIGN \ 1254 RMMD_ENABLE_IDE_KEY_PROG \ 1255 DRTM_SUPPORT \ 1256 NS_TIMER_SWITCH \ 1257 OVERRIDE_LIBC \ 1258 PL011_GENERIC_UART \ 1259 PROGRAMMABLE_RESET_ADDRESS \ 1260 PSCI_EXTENDED_STATE_ID \ 1261 PSCI_OS_INIT_MODE \ 1262 ARCH_FEATURE_AVAILABILITY \ 1263 RESET_TO_BL31 \ 1264 SAVE_KEYS \ 1265 SEPARATE_CODE_AND_RODATA \ 1266 SEPARATE_BL2_NOLOAD_REGION \ 1267 SEPARATE_NOBITS_REGION \ 1268 SEPARATE_RWDATA_REGION \ 1269 SEPARATE_SIMD_SECTION \ 1270 SPIN_ON_BL1_EXIT \ 1271 SPM_MM \ 1272 SPMC_AT_EL3 \ 1273 SPMC_AT_EL3_SEL0_SP \ 1274 SPMD_SPM_AT_SEL2 \ 1275 ENABLE_SPMD_LP \ 1276 TRANSFER_LIST \ 1277 TRUSTED_BOARD_BOOT \ 1278 USE_COHERENT_MEM \ 1279 USE_DEBUGFS \ 1280 ARM_IO_IN_DTB \ 1281 SDEI_IN_FCONF \ 1282 SEC_INT_DESC_IN_FCONF \ 1283 USE_ROMLIB \ 1284 USE_TBBR_DEFS \ 1285 WARMBOOT_ENABLE_DCACHE_EARLY \ 1286 RESET_TO_BL2 \ 1287 BL2_IN_XIP_MEM \ 1288 BL2_INV_DCACHE \ 1289 USE_SPINLOCK_CAS \ 1290 ENCRYPT_BL31 \ 1291 ENCRYPT_BL32 \ 1292 ERRATA_SPECULATIVE_AT \ 1293 ERRATA_SME_POWER_DOWN \ 1294 RAS_TRAP_NS_ERR_REC_ACCESS \ 1295 COT_DESC_IN_DTB \ 1296 USE_SP804_TIMER \ 1297 PSA_FWU_SUPPORT \ 1298 PSA_FWU_METADATA_FW_STORE_DESC \ 1299 ENABLE_MPMM \ 1300 FEAT_PABANDON \ 1301 FEATURE_DETECTION \ 1302 TRNG_SUPPORT \ 1303 ENABLE_ERRATA_ALL \ 1304 ERRATA_ABI_SUPPORT \ 1305 ERRATA_NON_ARM_INTERCONNECT \ 1306 CONDITIONAL_CMO \ 1307 PSA_CRYPTO \ 1308 ENABLE_CONSOLE_GETC \ 1309 INIT_UNUSED_NS_EL2 \ 1310 PLATFORM_REPORT_CTX_MEM_USE \ 1311 EARLY_CONSOLE \ 1312 PRESERVE_DSU_PMU_REGS \ 1313 HOB_LIST \ 1314))) 1315 1316# Numeric_Flags 1317$(eval $(call assert_numerics,\ 1318 $(sort \ 1319 ARM_ARCH_MAJOR \ 1320 ARM_ARCH_MINOR \ 1321 BRANCH_PROTECTION \ 1322 CTX_INCLUDE_PAUTH_REGS \ 1323 CTX_INCLUDE_NEVE_REGS \ 1324 CRYPTO_SUPPORT \ 1325 DISABLE_MTPMU \ 1326 ENABLE_BRBE_FOR_NS \ 1327 ENABLE_TRBE_FOR_NS \ 1328 ENABLE_BTI \ 1329 ENABLE_PAUTH \ 1330 ENABLE_FEAT_PAUTH_LR \ 1331 ENABLE_FEAT_AMU \ 1332 ENABLE_FEAT_AMUv1p1 \ 1333 ENABLE_FEAT_CSV2_2 \ 1334 ENABLE_FEAT_CSV2_3 \ 1335 ENABLE_FEAT_DEBUGV8P9 \ 1336 ENABLE_FEAT_DIT \ 1337 ENABLE_FEAT_ECV \ 1338 ENABLE_FEAT_FGT \ 1339 ENABLE_FEAT_FGT2 \ 1340 ENABLE_FEAT_FPMR \ 1341 ENABLE_FEAT_HCX \ 1342 ENABLE_FEAT_LS64_ACCDATA \ 1343 ENABLE_FEAT_MEC \ 1344 ENABLE_FEAT_MOPS \ 1345 ENABLE_FEAT_MTE2 \ 1346 ENABLE_FEAT_PAN \ 1347 ENABLE_FEAT_RNG \ 1348 ENABLE_FEAT_RNG_TRAP \ 1349 ENABLE_FEAT_SEL2 \ 1350 ENABLE_FEAT_TCR2 \ 1351 ENABLE_FEAT_THE \ 1352 ENABLE_FEAT_SB \ 1353 ENABLE_FEAT_S2PIE \ 1354 ENABLE_FEAT_S1PIE \ 1355 ENABLE_FEAT_S2POE \ 1356 ENABLE_FEAT_S1POE \ 1357 ENABLE_FEAT_SCTLR2 \ 1358 ENABLE_FEAT_D128 \ 1359 ENABLE_FEAT_GCS \ 1360 ENABLE_FEAT_VHE \ 1361 ENABLE_FEAT_MPAM \ 1362 ENABLE_RME \ 1363 ENABLE_SPE_FOR_NS \ 1364 ENABLE_SYS_REG_TRACE_FOR_NS \ 1365 ENABLE_SME_FOR_NS \ 1366 ENABLE_SME2_FOR_NS \ 1367 ENABLE_SVE_FOR_NS \ 1368 ENABLE_TRF_FOR_NS \ 1369 FW_ENC_STATUS \ 1370 NR_OF_FW_BANKS \ 1371 NR_OF_IMAGES_IN_FW_BANK \ 1372 TWED_DELAY \ 1373 ENABLE_FEAT_TWED \ 1374 SVE_VECTOR_LEN \ 1375 IMPDEF_SYSREG_TRAP \ 1376))) 1377 1378ifdef KEY_SIZE 1379 $(eval $(call assert_numeric,KEY_SIZE)) 1380endif 1381 1382ifeq ($(filter $(SANITIZE_UB), on off trap),) 1383 $(error "Invalid value for SANITIZE_UB: can be one of on, off, trap") 1384endif 1385 1386################################################################################ 1387# Add definitions to the cpp preprocessor based on the current build options. 1388# This is done after including the platform specific makefile to allow the 1389# platform to overwrite the default options 1390################################################################################ 1391 1392$(eval $(call add_defines,\ 1393 $(sort \ 1394 ALLOW_RO_XLAT_TABLES \ 1395 ARM_ARCH_MAJOR \ 1396 ARM_ARCH_MINOR \ 1397 BL2_ENABLE_SP_LOAD \ 1398 COLD_BOOT_SINGLE_CPU \ 1399 CTX_INCLUDE_AARCH32_REGS \ 1400 CTX_INCLUDE_FPREGS \ 1401 CTX_INCLUDE_SVE_REGS \ 1402 CTX_INCLUDE_PAUTH_REGS \ 1403 CTX_INCLUDE_MPAM_REGS \ 1404 EL3_EXCEPTION_HANDLING \ 1405 CTX_INCLUDE_EL2_REGS \ 1406 CTX_INCLUDE_NEVE_REGS \ 1407 DECRYPTION_SUPPORT_${DECRYPTION_SUPPORT} \ 1408 DISABLE_MTPMU \ 1409 ENABLE_FEAT_AMU \ 1410 ENABLE_AMU_AUXILIARY_COUNTERS \ 1411 AMU_RESTRICT_COUNTERS \ 1412 ENABLE_ASSERTIONS \ 1413 ENABLE_BTI \ 1414 ENABLE_FEAT_DEBUGV8P9 \ 1415 ENABLE_FEAT_MPAM \ 1416 ENABLE_PAUTH \ 1417 ENABLE_FEAT_PAUTH_LR \ 1418 ENABLE_PIE \ 1419 ENABLE_PMF \ 1420 ENABLE_PSCI_STAT \ 1421 ENABLE_RME \ 1422 RMMD_ENABLE_EL3_TOKEN_SIGN \ 1423 RMMD_ENABLE_IDE_KEY_PROG \ 1424 ENABLE_RUNTIME_INSTRUMENTATION \ 1425 ENABLE_SME_FOR_NS \ 1426 ENABLE_SME2_FOR_NS \ 1427 ENABLE_SME_FOR_SWD \ 1428 ENABLE_SPE_FOR_NS \ 1429 ENABLE_SVE_FOR_NS \ 1430 ENABLE_SVE_FOR_SWD \ 1431 ENABLE_FEAT_RAS \ 1432 FFH_SUPPORT \ 1433 ENCRYPT_BL31 \ 1434 ENCRYPT_BL32 \ 1435 ERROR_DEPRECATED \ 1436 FAULT_INJECTION_SUPPORT \ 1437 GICV2_G0_FOR_EL3 \ 1438 HANDLE_EA_EL3_FIRST_NS \ 1439 HW_ASSISTED_COHERENCY \ 1440 LOG_LEVEL \ 1441 MEASURED_BOOT \ 1442 DISCRETE_TPM \ 1443 DICE_PROTECTION_ENVIRONMENT \ 1444 DRTM_SUPPORT \ 1445 NS_TIMER_SWITCH \ 1446 PL011_GENERIC_UART \ 1447 PLAT_${PLAT} \ 1448 PROGRAMMABLE_RESET_ADDRESS \ 1449 PSCI_EXTENDED_STATE_ID \ 1450 PSCI_OS_INIT_MODE \ 1451 ARCH_FEATURE_AVAILABILITY \ 1452 RESET_TO_BL31 \ 1453 RME_GPT_BITLOCK_BLOCK \ 1454 RME_GPT_MAX_BLOCK \ 1455 SEPARATE_CODE_AND_RODATA \ 1456 SEPARATE_BL2_NOLOAD_REGION \ 1457 SEPARATE_NOBITS_REGION \ 1458 SEPARATE_RWDATA_REGION \ 1459 SEPARATE_SIMD_SECTION \ 1460 RECLAIM_INIT_CODE \ 1461 SPD_${SPD} \ 1462 SPIN_ON_BL1_EXIT \ 1463 SPM_MM \ 1464 SPMC_AT_EL3 \ 1465 SPMC_AT_EL3_SEL0_SP \ 1466 SPMD_SPM_AT_SEL2 \ 1467 TRANSFER_LIST \ 1468 TRUSTED_BOARD_BOOT \ 1469 CRYPTO_SUPPORT \ 1470 TRNG_SUPPORT \ 1471 ERRATA_ABI_SUPPORT \ 1472 ERRATA_NON_ARM_INTERCONNECT \ 1473 USE_COHERENT_MEM \ 1474 USE_DEBUGFS \ 1475 ARM_IO_IN_DTB \ 1476 SDEI_IN_FCONF \ 1477 SEC_INT_DESC_IN_FCONF \ 1478 USE_ROMLIB \ 1479 USE_TBBR_DEFS \ 1480 WARMBOOT_ENABLE_DCACHE_EARLY \ 1481 RESET_TO_BL2 \ 1482 BL2_RUNS_AT_EL3 \ 1483 BL2_IN_XIP_MEM \ 1484 BL2_INV_DCACHE \ 1485 USE_SPINLOCK_CAS \ 1486 ERRATA_SPECULATIVE_AT \ 1487 ERRATA_SME_POWER_DOWN \ 1488 RAS_TRAP_NS_ERR_REC_ACCESS \ 1489 COT_DESC_IN_DTB \ 1490 USE_SP804_TIMER \ 1491 ENABLE_FEAT_RNG \ 1492 ENABLE_FEAT_RNG_TRAP \ 1493 ENABLE_FEAT_SB \ 1494 ENABLE_FEAT_DIT \ 1495 NR_OF_FW_BANKS \ 1496 NR_OF_IMAGES_IN_FW_BANK \ 1497 PSA_FWU_SUPPORT \ 1498 PSA_FWU_METADATA_FW_STORE_DESC \ 1499 ENABLE_BRBE_FOR_NS \ 1500 ENABLE_TRBE_FOR_NS \ 1501 ENABLE_SYS_REG_TRACE_FOR_NS \ 1502 ENABLE_TRF_FOR_NS \ 1503 ENABLE_FEAT_HCX \ 1504 ENABLE_MPMM \ 1505 FEAT_PABANDON \ 1506 ENABLE_FEAT_FGT \ 1507 ENABLE_FEAT_FGT2 \ 1508 ENABLE_FEAT_FPMR \ 1509 ENABLE_FEAT_ECV \ 1510 ENABLE_FEAT_AMUv1p1 \ 1511 ENABLE_FEAT_SEL2 \ 1512 ENABLE_FEAT_VHE \ 1513 ENABLE_FEAT_CSV2_2 \ 1514 ENABLE_FEAT_CSV2_3 \ 1515 ENABLE_FEAT_LS64_ACCDATA \ 1516 ENABLE_FEAT_MEC \ 1517 ENABLE_FEAT_PAN \ 1518 ENABLE_FEAT_TCR2 \ 1519 ENABLE_FEAT_THE \ 1520 ENABLE_FEAT_S2PIE \ 1521 ENABLE_FEAT_S1PIE \ 1522 ENABLE_FEAT_S2POE \ 1523 ENABLE_FEAT_S1POE \ 1524 ENABLE_FEAT_SCTLR2 \ 1525 ENABLE_FEAT_D128 \ 1526 ENABLE_FEAT_GCS \ 1527 ENABLE_FEAT_MOPS \ 1528 ENABLE_FEAT_MTE2 \ 1529 FEATURE_DETECTION \ 1530 TWED_DELAY \ 1531 ENABLE_FEAT_TWED \ 1532 CONDITIONAL_CMO \ 1533 IMPDEF_SYSREG_TRAP \ 1534 SVE_VECTOR_LEN \ 1535 ENABLE_SPMD_LP \ 1536 PSA_CRYPTO \ 1537 ENABLE_CONSOLE_GETC \ 1538 INIT_UNUSED_NS_EL2 \ 1539 PLATFORM_REPORT_CTX_MEM_USE \ 1540 EARLY_CONSOLE \ 1541 PRESERVE_DSU_PMU_REGS \ 1542 HOB_LIST \ 1543))) 1544 1545ifeq (${PLATFORM_REPORT_CTX_MEM_USE}, 1) 1546ifeq (${DEBUG}, 0) 1547 $(warning "PLATFORM_REPORT_CTX_MEM_USE can be applied when DEBUG=1 only") 1548 override PLATFORM_REPORT_CTX_MEM_USE := 0 1549endif 1550endif 1551 1552ifeq (${SANITIZE_UB},trap) 1553 $(eval $(call add_define,MONITOR_TRAPS)) 1554endif #(SANITIZE_UB) 1555 1556# Define the EL3_PAYLOAD_BASE flag only if it is provided. 1557ifdef EL3_PAYLOAD_BASE 1558 $(eval $(call add_define,EL3_PAYLOAD_BASE)) 1559else 1560# Define the PRELOADED_BL33_BASE flag only if it is provided and 1561# EL3_PAYLOAD_BASE is not defined, as it has priority. 1562 ifdef PRELOADED_BL33_BASE 1563 $(eval $(call add_define,PRELOADED_BL33_BASE)) 1564 endif 1565endif #(EL3_PAYLOAD_BASE) 1566 1567# Define the DYN_DISABLE_AUTH flag only if set. 1568ifeq (${DYN_DISABLE_AUTH},1) 1569 $(eval $(call add_define,DYN_DISABLE_AUTH)) 1570endif 1571 1572ifeq ($($(ARCH)-ld-id),arm-link) 1573 $(eval $(call add_define,USE_ARM_LINK)) 1574endif 1575 1576# Generate and include sp_gen.mk if SPD is spmd and SP_LAYOUT_FILE is defined 1577ifeq (${SPD},spmd) 1578ifdef SP_LAYOUT_FILE 1579 -include $(BUILD_PLAT)/sp_gen.mk 1580 FIP_DEPS += sp 1581 CRT_DEPS += sp 1582 NEED_SP_PKG := yes 1583else 1584 ifeq (${SPMD_SPM_AT_SEL2},1) 1585 $(error "SPMD with SPM at S-EL2 require SP_LAYOUT_FILE") 1586 endif 1587endif #(SP_LAYOUT_FILE) 1588endif #(SPD) 1589 1590################################################################################ 1591# Build targets 1592################################################################################ 1593 1594.PHONY: all msg_start clean realclean distclean cscope locate-checkpatch checkcodebase checkpatch fiptool sptool fip sp tl fwu_fip certtool dtbs memmap doc enctool 1595 1596all: msg_start 1597 1598msg_start: 1599 $(s)echo "Building ${PLAT}" 1600 1601ifeq (${ERROR_DEPRECATED},0) 1602# Check if deprecated declarations and cpp warnings should be treated as error or not. 1603ifneq ($(filter %-clang,$($(ARCH)-cc-id)),) 1604 CPPFLAGS += -Wno-error=deprecated-declarations 1605else 1606 CPPFLAGS += -Wno-error=deprecated-declarations -Wno-error=cpp 1607endif 1608endif #(!ERROR_DEPRECATED) 1609 1610$(eval $(call MAKE_LIB,c)) 1611 1612# Expand build macros for the different images 1613ifeq (${NEED_BL1},yes) 1614BL1_SOURCES := $(sort ${BL1_SOURCES}) 1615$(eval $(call MAKE_BL,bl1)) 1616endif #(NEED_BL1) 1617 1618ifeq (${NEED_BL2},yes) 1619 1620ifeq (${RESET_TO_BL2}, 0) 1621FIP_BL2_ARGS := tb-fw 1622endif 1623 1624BL2_SOURCES := $(sort ${BL2_SOURCES}) 1625 1626$(if ${BL2}, $(eval $(call TOOL_ADD_IMG,bl2,--${FIP_BL2_ARGS})),\ 1627 $(eval $(call MAKE_BL,bl2,${FIP_BL2_ARGS}))) 1628 1629endif #(NEED_BL2) 1630 1631ifeq (${NEED_SCP_BL2},yes) 1632$(eval $(call TOOL_ADD_IMG,scp_bl2,--scp-fw)) 1633endif #(NEED_SCP_BL2) 1634 1635ifeq (${NEED_BL31},yes) 1636BL31_SOURCES += ${SPD_SOURCES} 1637# Sort BL31 source files to remove duplicates 1638BL31_SOURCES := $(sort ${BL31_SOURCES}) 1639ifneq (${DECRYPTION_SUPPORT},none) 1640$(if ${BL31}, $(eval $(call TOOL_ADD_IMG,bl31,--soc-fw,,$(ENCRYPT_BL31))),\ 1641 $(eval $(call MAKE_BL,bl31,soc-fw,,$(ENCRYPT_BL31)))) 1642else 1643$(if ${BL31}, $(eval $(call TOOL_ADD_IMG,bl31,--soc-fw)),\ 1644 $(eval $(call MAKE_BL,bl31,soc-fw))) 1645endif #(DECRYPTION_SUPPORT) 1646endif #(NEED_BL31) 1647 1648# If a BL32 image is needed but neither BL32 nor BL32_SOURCES is defined, the 1649# build system will call TOOL_ADD_IMG to print a warning message and abort the 1650# process. Note that the dependency on BL32 applies to the FIP only. 1651ifeq (${NEED_BL32},yes) 1652# Sort BL32 source files to remove duplicates 1653BL32_SOURCES := $(sort ${BL32_SOURCES}) 1654BUILD_BL32 := $(if $(BL32),,$(if $(BL32_SOURCES),1)) 1655 1656ifneq (${DECRYPTION_SUPPORT},none) 1657$(if ${BUILD_BL32}, $(eval $(call MAKE_BL,bl32,tos-fw,,$(ENCRYPT_BL32))),\ 1658 $(eval $(call TOOL_ADD_IMG,bl32,--tos-fw,,$(ENCRYPT_BL32)))) 1659else 1660$(if ${BUILD_BL32}, $(eval $(call MAKE_BL,bl32,tos-fw)),\ 1661 $(eval $(call TOOL_ADD_IMG,bl32,--tos-fw))) 1662endif #(DECRYPTION_SUPPORT) 1663endif #(NEED_BL32) 1664 1665# If RMM image is needed but RMM is not defined, Test Realm Payload (TRP) 1666# needs to be built from RMM_SOURCES. 1667ifeq (${NEED_RMM},yes) 1668# Sort RMM source files to remove duplicates 1669RMM_SOURCES := $(sort ${RMM_SOURCES}) 1670BUILD_RMM := $(if $(RMM),,$(if $(RMM_SOURCES),1)) 1671 1672$(if ${BUILD_RMM}, $(eval $(call MAKE_BL,rmm,rmm-fw)),\ 1673 $(eval $(call TOOL_ADD_IMG,rmm,--rmm-fw))) 1674endif #(NEED_RMM) 1675 1676# Add the BL33 image if required by the platform 1677ifeq (${NEED_BL33},yes) 1678$(eval $(call TOOL_ADD_IMG,bl33,--nt-fw)) 1679endif #(NEED_BL33) 1680 1681ifeq (${NEED_BL2U},yes) 1682$(if ${BL2U}, $(eval $(call TOOL_ADD_IMG,bl2u,--ap-fwu-cfg,FWU_)),\ 1683 $(eval $(call MAKE_BL,bl2u,ap-fwu-cfg,FWU_))) 1684endif #(NEED_BL2U) 1685 1686# Expand build macros for the different images 1687ifeq (${NEED_FDT},yes) 1688 $(eval $(call MAKE_DTBS,$(BUILD_PLAT)/fdts,$(FDT_SOURCES))) 1689 1690 ifneq (${INITRD_SIZE}${INITRD_PATH},) 1691 ifndef INITRD_BASE 1692 $(error INITRD_BASE must be set when inserting initrd properties to the DTB.) 1693 endif 1694 1695 INITRD_SIZE ?= $(shell printf "0x%x\n" $$(stat -Lc %s $(INITRD_PATH))) 1696 initrd_end = $(shell printf "0x%x\n" $$(expr $$(($(INITRD_BASE) + $(INITRD_SIZE))))) 1697 1698 define $(HW_CONFIG)-after += 1699 $(s)echo " INITRD $(HW_CONFIG)" 1700 $(q)fdtput -t x $@ /chosen linux,initrd-start $(INITRD_BASE) 1701 $(q)fdtput -t x $@ /chosen linux,initrd-end $(initrd_end) 1702 endef 1703 endif 1704endif #(NEED_FDT) 1705 1706# Add Secure Partition packages 1707ifeq (${NEED_SP_PKG},yes) 1708$(BUILD_PLAT)/sp_gen.mk: ${SP_MK_GEN} ${SP_LAYOUT_FILE} | $$(@D)/ 1709 $(if $(host-poetry),$(q)poetry -q install --no-root) 1710 $(q)$(if $(host-poetry),poetry run )${PYTHON} "$<" "$@" $(filter-out $<,$^) $(BUILD_PLAT) ${COT} ${SP_DTS_LIST_FRAGMENT} 1711sp: $(DTBS) $(BUILD_PLAT)/sp_gen.mk $(SP_PKGS) 1712 $(s)echo 1713 $(s)echo "Built SP Images successfully" 1714 $(s)echo 1715endif #(NEED_SP_PKG) 1716 1717locate-checkpatch: 1718ifndef CHECKPATCH 1719 $(error "Please set CHECKPATCH to point to the Linux checkpatch.pl file, eg: CHECKPATCH=../linux/scripts/checkpatch.pl") 1720else 1721ifeq (,$(wildcard ${CHECKPATCH})) 1722 $(error "The file CHECKPATCH points to cannot be found, use eg: CHECKPATCH=../linux/scripts/checkpatch.pl") 1723endif 1724endif #(CHECKPATCH) 1725 1726clean: 1727 $(s)echo " CLEAN" 1728 $(q)rm -rf $(BUILD_PLAT) 1729 $(q)${MAKE} --no-print-directory -C ${FIPTOOLPATH} clean 1730 $(q)${MAKE} PLAT=${PLAT} --no-print-directory -C ${CRTTOOLPATH} clean 1731 $(q)${MAKE} PLAT=${PLAT} --no-print-directory -C ${ENCTOOLPATH} clean 1732 $(q)${MAKE} --no-print-directory -C ${ROMLIBPATH} clean 1733 1734realclean distclean: 1735 $(s)echo " REALCLEAN" 1736 $(q)rm -rf $(BUILD_BASE) 1737 $(q)rm -rf $(CURDIR)/cscope.* 1738 $(q)${MAKE} --no-print-directory -C ${FIPTOOLPATH} clean 1739 $(q)${MAKE} PLAT=${PLAT} --no-print-directory -C ${CRTTOOLPATH} realclean 1740 $(q)${MAKE} PLAT=${PLAT} --no-print-directory -C ${ENCTOOLPATH} realclean 1741 $(q)${MAKE} --no-print-directory -C ${ROMLIBPATH} clean 1742 1743checkcodebase: locate-checkpatch 1744 $(s)echo " CHECKING STYLE" 1745 $(q)if test -d .git ; then \ 1746 git ls-files | grep -E -v 'libfdt|libc|docs|\.rst' | \ 1747 while read GIT_FILE ; \ 1748 do ${CHECKPATCH} ${CHECKCODE_ARGS} -f $$GIT_FILE ; \ 1749 done ; \ 1750 else \ 1751 find . -type f -not -iwholename "*.git*" \ 1752 -not -iwholename "*build*" \ 1753 -not -iwholename "*libfdt*" \ 1754 -not -iwholename "*libc*" \ 1755 -not -iwholename "*docs*" \ 1756 -not -iwholename "*.rst" \ 1757 -exec ${CHECKPATCH} ${CHECKCODE_ARGS} -f {} \; ; \ 1758 fi 1759 1760checkpatch: locate-checkpatch 1761 $(s)echo " CHECKING STYLE" 1762 $(q)if test -n "${CHECKPATCH_OPTS}"; then \ 1763 echo " with ${CHECKPATCH_OPTS} option(s)"; \ 1764 fi 1765 $(q)COMMON_COMMIT=$$(git merge-base HEAD ${BASE_COMMIT}); \ 1766 for commit in `git rev-list --no-merges $$COMMON_COMMIT..HEAD`; \ 1767 do \ 1768 printf "\n[*] Checking style of '$$commit'\n\n"; \ 1769 ( git log --format=email "$$commit~..$$commit" \ 1770 -- ${CHECK_PATHS} ; \ 1771 git diff --format=email "$$commit~..$$commit" \ 1772 -- ${CHECK_PATHS}; ) | \ 1773 ${CHECKPATCH} ${CHECKPATCH_OPTS} - || true; \ 1774 done 1775 1776certtool: ${CRTTOOL} 1777 1778${CRTTOOL}: FORCE 1779 $(q)${MAKE} PLAT=${PLAT} USE_TBBR_DEFS=${USE_TBBR_DEFS} COT=${COT} OPENSSL_DIR=${OPENSSL_DIR} CRTTOOL=${CRTTOOL} DEBUG=${DEBUG} --no-print-directory -C ${CRTTOOLPATH} all 1780 $(s)echo 1781 $(s)echo "Built $@ successfully" 1782 $(s)echo 1783 1784ifneq (${GENERATE_COT},0) 1785certificates: ${CRT_DEPS} ${CRTTOOL} 1786 $(q)${CRTTOOL} ${CRT_ARGS} 1787 $(s)echo 1788 $(s)echo "Built $@ successfully" 1789 $(s)echo "Certificates can be found in ${BUILD_PLAT}" 1790 $(s)echo 1791endif #(GENERATE_COT) 1792 1793${BUILD_PLAT}/${FIP_NAME}: ${FIP_DEPS} ${FIPTOOL} 1794 $(eval ${CHECK_FIP_CMD}) 1795 $(q)${FIPTOOL} create ${FIP_ARGS} $@ 1796 $(q)${FIPTOOL} info $@ 1797 $(s)echo 1798 $(s)echo "Built $@ successfully" 1799 $(s)echo 1800 1801ifneq (${GENERATE_COT},0) 1802fwu_certificates: ${FWU_CRT_DEPS} ${CRTTOOL} 1803 $(q)${CRTTOOL} ${FWU_CRT_ARGS} 1804 $(s)echo 1805 $(s)echo "Built $@ successfully" 1806 $(s)echo "FWU certificates can be found in ${BUILD_PLAT}" 1807 $(s)echo 1808endif #(GENERATE_COT) 1809 1810${BUILD_PLAT}/${FWU_FIP_NAME}: ${FWU_FIP_DEPS} ${FIPTOOL} 1811 $(eval ${CHECK_FWU_FIP_CMD}) 1812 $(q)${FIPTOOL} create ${FWU_FIP_ARGS} $@ 1813 $(q)${FIPTOOL} info $@ 1814 $(s)echo 1815 $(s)echo "Built $@ successfully" 1816 $(s)echo 1817 1818fiptool: ${FIPTOOL} 1819fip: ${BUILD_PLAT}/${FIP_NAME} 1820fwu_fip: ${BUILD_PLAT}/${FWU_FIP_NAME} 1821 1822${FIPTOOL}: FORCE 1823 $(q)${MAKE} PLAT=${PLAT} CPPFLAGS="-DVERSION='\"${VERSION_STRING}\"'" FIPTOOL=${FIPTOOL} OPENSSL_DIR=${OPENSSL_DIR} DEBUG=${DEBUG} --no-print-directory -C ${FIPTOOLPATH} all 1824 1825$(BUILD_PLAT)/romlib/romlib.bin $(BUILD_PLAT)/lib/libwrappers.a $&: $(BUILD_PLAT)/lib/libfdt.a $(BUILD_PLAT)/lib/libc.a $(CRYPTO_LIB) 1826 $(q)${MAKE} PLAT_DIR=${PLAT_DIR} BUILD_PLAT=${BUILD_PLAT} ENABLE_BTI=${ENABLE_BTI} CRYPTO_SUPPORT=${CRYPTO_SUPPORT} ARM_ARCH_MINOR=${ARM_ARCH_MINOR} INCLUDES=$(call escape-shell,$(INCLUDES)) DEFINES=$(call escape-shell,$(DEFINES)) --no-print-directory -C ${ROMLIBPATH} all 1827 1828memmap: all 1829 $(if $(host-poetry),$(q)poetry -q install --no-root) 1830 $(q)$(if $(host-poetry),poetry run )memory -sr ${BUILD_PLAT} 1831 1832tl: ${BUILD_PLAT}/tl.bin 1833${BUILD_PLAT}/tl.bin: ${HW_CONFIG} 1834 $(if $(host-poetry),$(q)poetry -q install --no-root) 1835 $(q)$(if $(host-poetry),poetry run )tlc create --fdt $< -s ${FW_HANDOFF_SIZE} $@ 1836 1837doc: 1838 $(s)echo " BUILD DOCUMENTATION" 1839 $(if $(host-poetry),$(q)poetry -q install --with docs --no-root) 1840 $(q)$(if $(host-poetry),poetry run )${MAKE} --no-print-directory -C ${DOCS_PATH} html 1841 1842enctool: ${ENCTOOL} 1843 1844${ENCTOOL}: FORCE 1845 $(q)${MAKE} PLAT=${PLAT} BUILD_INFO=0 OPENSSL_DIR=${OPENSSL_DIR} ENCTOOL=${ENCTOOL} DEBUG=${DEBUG} --no-print-directory -C ${ENCTOOLPATH} all 1846 $(s)echo 1847 $(s)echo "Built $@ successfully" 1848 $(s)echo 1849 1850cscope: 1851 $(s)echo " CSCOPE" 1852 $(q)find ${CURDIR} -name "*.[chsS]" > cscope.files 1853 $(q)cscope -b -q -k 1854 1855help: 1856 $(s)echo "usage: ${MAKE} [PLAT=<platform>] [OPTIONS] [TARGET]" 1857 $(s)echo "" 1858 $(s)echo "PLAT is used to specify which platform you wish to build." 1859 $(s)echo "If no platform is specified, PLAT defaults to: ${DEFAULT_PLAT}" 1860 $(s)echo "" 1861 $(s)echo "platform = ${PLATFORM_LIST}" 1862 $(s)echo "" 1863 $(s)echo "Please refer to the User Guide for a list of all supported options." 1864 $(s)echo "Note that the build system doesn't track dependencies for build " 1865 $(s)echo "options. Therefore, if any of the build options are changed " 1866 $(s)echo "from a previous build, a clean build must be performed." 1867 $(s)echo "" 1868 $(s)echo "Supported Targets:" 1869 $(s)echo " all Build all individual bootloader binaries" 1870 $(s)echo " bl1 Build the BL1 binary" 1871 $(s)echo " bl2 Build the BL2 binary" 1872 $(s)echo " bl2u Build the BL2U binary" 1873 $(s)echo " bl31 Build the BL31 binary" 1874 $(s)echo " bl32 Build the BL32 binary. If ARCH=aarch32, then " 1875 $(s)echo " this builds secure payload specified by AARCH32_SP" 1876 $(s)echo " certificates Build the certificates (requires 'GENERATE_COT=1')" 1877 $(s)echo " fip Build the Firmware Image Package (FIP)" 1878 $(s)echo " fwu_fip Build the FWU Firmware Image Package (FIP)" 1879 $(s)echo " checkcodebase Check the coding style of the entire source tree" 1880 $(s)echo " checkpatch Check the coding style on changes in the current" 1881 $(s)echo " branch against BASE_COMMIT (default origin/master)" 1882 $(s)echo " clean Clean the build for the selected platform" 1883 $(s)echo " cscope Generate cscope index" 1884 $(s)echo " distclean Remove all build artifacts for all platforms" 1885 $(s)echo " certtool Build the Certificate generation tool" 1886 $(s)echo " enctool Build the Firmware encryption tool" 1887 $(s)echo " fiptool Build the Firmware Image Package (FIP) creation tool" 1888 $(s)echo " sp Build the Secure Partition Packages" 1889 $(s)echo " sptool Build the Secure Partition Package creation tool" 1890 $(s)echo " dtbs Build the Device Tree Blobs (if required for the platform)" 1891 $(s)echo " memmap Print the memory map of the built binaries" 1892 $(s)echo " doc Build html based documentation using Sphinx tool" 1893 $(s)echo "" 1894 $(s)echo "Note: most build targets require PLAT to be set to a specific platform." 1895 $(s)echo "" 1896 $(s)echo "example: build all targets for the FVP platform:" 1897 $(s)echo " CROSS_COMPILE=aarch64-none-elf- make PLAT=fvp all" 1898 1899.PHONY: FORCE 1900FORCE:; 1901