1# 2# Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved. 3# 4# SPDX-License-Identifier: BSD-3-Clause 5# 6 7# 8# Trusted Firmware Version 9# 10VERSION_MAJOR := 2 11VERSION_MINOR := 7 12VERSION := ${VERSION_MAJOR}.${VERSION_MINOR} 13 14# Default goal is build all images 15.DEFAULT_GOAL := all 16 17# Avoid any implicit propagation of command line variable definitions to 18# sub-Makefiles, like CFLAGS that we reserved for the firmware images' 19# usage. Other command line options like "-s" are still propagated as usual. 20MAKEOVERRIDES = 21 22MAKE_HELPERS_DIRECTORY := make_helpers/ 23include ${MAKE_HELPERS_DIRECTORY}build_macros.mk 24include ${MAKE_HELPERS_DIRECTORY}build_env.mk 25 26################################################################################ 27# Default values for build configurations, and their dependencies 28################################################################################ 29 30include ${MAKE_HELPERS_DIRECTORY}defaults.mk 31 32# Assertions enabled for DEBUG builds by default 33ENABLE_ASSERTIONS := ${DEBUG} 34ENABLE_PMF := ${ENABLE_RUNTIME_INSTRUMENTATION} 35PLAT := ${DEFAULT_PLAT} 36 37################################################################################ 38# Checkpatch script options 39################################################################################ 40 41CHECKCODE_ARGS := --no-patch 42# Do not check the coding style on imported library files or documentation files 43INC_ARM_DIRS_TO_CHECK := $(sort $(filter-out \ 44 include/drivers/arm/cryptocell, \ 45 $(wildcard include/drivers/arm/*))) 46INC_ARM_DIRS_TO_CHECK += include/drivers/arm/cryptocell/*.h 47INC_DRV_DIRS_TO_CHECK := $(sort $(filter-out \ 48 include/drivers/arm, \ 49 $(wildcard include/drivers/*))) 50INC_LIB_DIRS_TO_CHECK := $(sort $(filter-out \ 51 include/lib/libfdt \ 52 include/lib/libc, \ 53 $(wildcard include/lib/*))) 54INC_DIRS_TO_CHECK := $(sort $(filter-out \ 55 include/lib \ 56 include/drivers, \ 57 $(wildcard include/*))) 58LIB_DIRS_TO_CHECK := $(sort $(filter-out \ 59 lib/compiler-rt \ 60 lib/libfdt% \ 61 lib/libc, \ 62 $(wildcard lib/*))) 63ROOT_DIRS_TO_CHECK := $(sort $(filter-out \ 64 lib \ 65 include \ 66 docs \ 67 %.rst, \ 68 $(wildcard *))) 69CHECK_PATHS := ${ROOT_DIRS_TO_CHECK} \ 70 ${INC_DIRS_TO_CHECK} \ 71 ${INC_LIB_DIRS_TO_CHECK} \ 72 ${LIB_DIRS_TO_CHECK} \ 73 ${INC_DRV_DIRS_TO_CHECK} \ 74 ${INC_ARM_DIRS_TO_CHECK} 75 76 77################################################################################ 78# Process build options 79################################################################################ 80 81# Verbose flag 82ifeq (${V},0) 83 Q:=@ 84 ECHO:=@echo 85 CHECKCODE_ARGS += --no-summary --terse 86else 87 Q:= 88 ECHO:=$(ECHO_QUIET) 89endif 90 91ifneq ($(findstring s,$(filter-out --%,$(MAKEFLAGS))),) 92 Q:=@ 93 ECHO:=$(ECHO_QUIET) 94endif 95 96export Q ECHO 97 98# The cert_create tool cannot generate certificates individually, so we use the 99# target 'certificates' to create them all 100ifneq (${GENERATE_COT},0) 101 FIP_DEPS += certificates 102 FWU_FIP_DEPS += fwu_certificates 103endif 104 105# Process BRANCH_PROTECTION value and set 106# Pointer Authentication and Branch Target Identification flags 107ifeq (${BRANCH_PROTECTION},0) 108 # Default value turns off all types of branch protection 109 BP_OPTION := none 110else ifneq (${ARCH},aarch64) 111 $(error BRANCH_PROTECTION requires AArch64) 112else ifeq (${BRANCH_PROTECTION},1) 113 # Enables all types of branch protection features 114 BP_OPTION := standard 115 ENABLE_BTI := 1 116 ENABLE_PAUTH := 1 117else ifeq (${BRANCH_PROTECTION},2) 118 # Return address signing to its standard level 119 BP_OPTION := pac-ret 120 ENABLE_PAUTH := 1 121else ifeq (${BRANCH_PROTECTION},3) 122 # Extend the signing to include leaf functions 123 BP_OPTION := pac-ret+leaf 124 ENABLE_PAUTH := 1 125else ifeq (${BRANCH_PROTECTION},4) 126 # Turn on branch target identification mechanism 127 BP_OPTION := bti 128 ENABLE_BTI := 1 129else 130 $(error Unknown BRANCH_PROTECTION value ${BRANCH_PROTECTION}) 131endif 132 133# FEAT_RME 134ifeq (${ENABLE_RME},1) 135# RME doesn't support PIE 136ifneq (${ENABLE_PIE},0) 137 $(error ENABLE_RME does not support PIE) 138endif 139# RME doesn't support BRBE 140ifneq (${ENABLE_BRBE_FOR_NS},0) 141 $(error ENABLE_RME does not support BRBE.) 142endif 143# RME requires AARCH64 144ifneq (${ARCH},aarch64) 145 $(error ENABLE_RME requires AArch64) 146endif 147# RME requires el2 context to be saved for now. 148CTX_INCLUDE_EL2_REGS := 1 149CTX_INCLUDE_AARCH32_REGS := 0 150ARM_ARCH_MAJOR := 8 151ARM_ARCH_MINOR := 6 152endif 153 154# USE_SPINLOCK_CAS requires AArch64 build 155ifeq (${USE_SPINLOCK_CAS},1) 156ifneq (${ARCH},aarch64) 157 $(error USE_SPINLOCK_CAS requires AArch64) 158endif 159endif 160 161# USE_DEBUGFS experimental feature recommended only in debug builds 162ifeq (${USE_DEBUGFS},1) 163ifeq (${DEBUG},1) 164 $(warning DEBUGFS experimental feature is enabled.) 165else 166 $(warning DEBUGFS experimental, recommended in DEBUG builds ONLY) 167endif 168endif 169 170ifneq (${DECRYPTION_SUPPORT},none) 171ENC_ARGS += -f ${FW_ENC_STATUS} 172ENC_ARGS += -k ${ENC_KEY} 173ENC_ARGS += -n ${ENC_NONCE} 174FIP_DEPS += enctool 175FWU_FIP_DEPS += enctool 176endif 177 178################################################################################ 179# Toolchain 180################################################################################ 181 182HOSTCC := gcc 183export HOSTCC 184 185CC := ${CROSS_COMPILE}gcc 186CPP := ${CROSS_COMPILE}cpp 187AS := ${CROSS_COMPILE}gcc 188AR := ${CROSS_COMPILE}ar 189LINKER := ${CROSS_COMPILE}ld 190OC := ${CROSS_COMPILE}objcopy 191OD := ${CROSS_COMPILE}objdump 192NM := ${CROSS_COMPILE}nm 193PP := ${CROSS_COMPILE}gcc -E 194DTC := dtc 195 196# Use ${LD}.bfd instead if it exists (as absolute path or together with $PATH). 197ifneq ($(strip $(wildcard ${LD}.bfd) \ 198 $(foreach dir,$(subst :, ,${PATH}),$(wildcard ${dir}/${LINKER}.bfd))),) 199LINKER := ${LINKER}.bfd 200endif 201 202ifeq (${ARM_ARCH_MAJOR},7) 203target32-directive = -target arm-none-eabi 204# Will set march32-directive from platform configuration 205else 206target32-directive = -target armv8a-none-eabi 207 208# Set the compiler's target architecture profile based on 209# ARM_ARCH_MAJOR ARM_ARCH_MINOR options 210ifeq (${ARM_ARCH_MINOR},0) 211march32-directive = -march=armv${ARM_ARCH_MAJOR}-a 212march64-directive = -march=armv${ARM_ARCH_MAJOR}-a 213else 214march32-directive = -march=armv${ARM_ARCH_MAJOR}.${ARM_ARCH_MINOR}-a 215march64-directive = -march=armv${ARM_ARCH_MAJOR}.${ARM_ARCH_MINOR}-a 216endif 217endif 218 219# Memory tagging is supported in architecture Armv8.5-A AArch64 and onwards 220ifeq ($(ARCH), aarch64) 221# Check if revision is greater than or equal to 8.5 222ifeq "8.5" "$(word 1, $(sort 8.5 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))" 223mem_tag_arch_support = yes 224endif 225endif 226 227# Get architecture feature modifiers 228arch-features = ${ARM_ARCH_FEATURE} 229 230# Enable required options for memory stack tagging. 231# Currently, these options are enabled only for clang and armclang compiler. 232ifeq (${SUPPORT_STACK_MEMTAG},yes) 233ifdef mem_tag_arch_support 234# Check for armclang and clang compilers 235ifneq ( ,$(filter $(notdir $(CC)),armclang clang)) 236# Add "memtag" architecture feature modifier if not specified 237ifeq ( ,$(findstring memtag,$(arch-features))) 238arch-features := $(arch-features)+memtag 239endif # memtag 240ifeq ($(notdir $(CC)),armclang) 241TF_CFLAGS += -mmemtag-stack 242else ifeq ($(notdir $(CC)),clang) 243TF_CFLAGS += -fsanitize=memtag 244endif # armclang 245endif # armclang clang 246else 247$(error "Error: stack memory tagging is not supported for architecture \ 248 ${ARCH},armv${ARM_ARCH_MAJOR}.${ARM_ARCH_MINOR}-a") 249endif # mem_tag_arch_support 250endif # SUPPORT_STACK_MEMTAG 251 252# Set the compiler's architecture feature modifiers 253ifneq ($(arch-features), none) 254# Strip "none+" from arch-features 255arch-features := $(subst none+,,$(arch-features)) 256ifeq ($(ARCH), aarch32) 257march32-directive := $(march32-directive)+$(arch-features) 258else 259march64-directive := $(march64-directive)+$(arch-features) 260endif 261# Print features 262$(info Arm Architecture Features specified: $(subst +, ,$(arch-features))) 263endif # arch-features 264 265# Determine if FEAT_RNG is supported 266ENABLE_FEAT_RNG = $(if $(findstring rng,${arch-features}),1,0) 267 268# Determine if FEAT_SB is supported 269ENABLE_FEAT_SB = $(if $(findstring sb,${arch-features}),1,0) 270 271ifneq ($(findstring clang,$(notdir $(CC))),) 272 ifneq ($(findstring armclang,$(notdir $(CC))),) 273 TF_CFLAGS_aarch32 := -target arm-arm-none-eabi $(march32-directive) 274 TF_CFLAGS_aarch64 := -target aarch64-arm-none-eabi $(march64-directive) 275 LD := $(LINKER) 276 else 277 TF_CFLAGS_aarch32 := $(target32-directive) $(march32-directive) 278 TF_CFLAGS_aarch64 := -target aarch64-elf $(march64-directive) 279 LD := $(shell $(CC) --print-prog-name ld.lld) 280 281 AR := $(shell $(CC) --print-prog-name llvm-ar) 282 OD := $(shell $(CC) --print-prog-name llvm-objdump) 283 OC := $(shell $(CC) --print-prog-name llvm-objcopy) 284 endif 285 286 CPP := $(CC) -E $(TF_CFLAGS_$(ARCH)) 287 PP := $(CC) -E $(TF_CFLAGS_$(ARCH)) 288 AS := $(CC) -c -x assembler-with-cpp $(TF_CFLAGS_$(ARCH)) 289else ifneq ($(findstring gcc,$(notdir $(CC))),) 290TF_CFLAGS_aarch32 = $(march32-directive) 291TF_CFLAGS_aarch64 = $(march64-directive) 292ifeq ($(ENABLE_LTO),1) 293 # Enable LTO only for aarch64 294 ifeq (${ARCH},aarch64) 295 LTO_CFLAGS = -flto 296 # Use gcc as a wrapper for the ld, recommended for LTO 297 LINKER := ${CROSS_COMPILE}gcc 298 endif 299endif 300LD = $(LINKER) 301else 302TF_CFLAGS_aarch32 = $(march32-directive) 303TF_CFLAGS_aarch64 = $(march64-directive) 304LD = $(LINKER) 305endif 306 307# Process Debug flag 308$(eval $(call add_define,DEBUG)) 309ifneq (${DEBUG}, 0) 310 BUILD_TYPE := debug 311 TF_CFLAGS += -g -gdwarf-4 312 ASFLAGS += -g -Wa,-gdwarf-4 313 314 # Use LOG_LEVEL_INFO by default for debug builds 315 LOG_LEVEL := 40 316else 317 BUILD_TYPE := release 318 # Use LOG_LEVEL_NOTICE by default for release builds 319 LOG_LEVEL := 20 320endif 321 322# Default build string (git branch and commit) 323ifeq (${BUILD_STRING},) 324 BUILD_STRING := $(shell git describe --always --dirty --tags 2> /dev/null) 325endif 326VERSION_STRING := v${VERSION}(${BUILD_TYPE}):${BUILD_STRING} 327 328ifeq (${AARCH32_INSTRUCTION_SET},A32) 329TF_CFLAGS_aarch32 += -marm 330else ifeq (${AARCH32_INSTRUCTION_SET},T32) 331TF_CFLAGS_aarch32 += -mthumb 332else 333$(error Error: Unknown AArch32 instruction set ${AARCH32_INSTRUCTION_SET}) 334endif 335 336TF_CFLAGS_aarch32 += -mno-unaligned-access 337TF_CFLAGS_aarch64 += -mgeneral-regs-only -mstrict-align 338 339ifneq (${BP_OPTION},none) 340TF_CFLAGS_aarch64 += -mbranch-protection=${BP_OPTION} 341endif 342 343ASFLAGS_aarch32 = $(march32-directive) 344ASFLAGS_aarch64 = $(march64-directive) 345 346# General warnings 347WARNINGS := -Wall -Wmissing-include-dirs -Wunused \ 348 -Wdisabled-optimization -Wvla -Wshadow \ 349 -Wno-unused-parameter -Wredundant-decls 350 351# Additional warnings 352# Level 1 353WARNING1 := -Wextra 354WARNING1 += -Wmissing-format-attribute 355WARNING1 += -Wmissing-prototypes 356WARNING1 += -Wold-style-definition 357 358# Level 2 359WARNING2 := -Waggregate-return 360WARNING2 += -Wcast-align 361WARNING2 += -Wnested-externs 362 363WARNING3 := -Wbad-function-cast 364WARNING3 += -Wcast-qual 365WARNING3 += -Wconversion 366WARNING3 += -Wpacked 367WARNING3 += -Wpointer-arith 368WARNING3 += -Wswitch-default 369 370ifeq (${W},1) 371WARNINGS += $(WARNING1) 372else ifeq (${W},2) 373WARNINGS += $(WARNING1) $(WARNING2) 374else ifeq (${W},3) 375WARNINGS += $(WARNING1) $(WARNING2) $(WARNING3) 376endif 377 378# Compiler specific warnings 379ifeq ($(findstring clang,$(notdir $(CC))),) 380# not using clang 381WARNINGS += -Wunused-but-set-variable -Wmaybe-uninitialized \ 382 -Wpacked-bitfield-compat -Wshift-overflow=2 \ 383 -Wlogical-op 384else 385# using clang 386WARNINGS += -Wshift-overflow -Wshift-sign-overflow \ 387 -Wlogical-op-parentheses 388endif 389 390ifneq (${E},0) 391ERRORS := -Werror 392endif 393 394CPPFLAGS = ${DEFINES} ${INCLUDES} ${MBEDTLS_INC} -nostdinc \ 395 $(ERRORS) $(WARNINGS) 396ASFLAGS += $(CPPFLAGS) $(ASFLAGS_$(ARCH)) \ 397 -ffreestanding -Wa,--fatal-warnings 398TF_CFLAGS += $(CPPFLAGS) $(TF_CFLAGS_$(ARCH)) \ 399 -ffunction-sections -fdata-sections \ 400 -ffreestanding -fno-builtin -fno-common \ 401 -Os -std=gnu99 402 403$(eval $(call add_define,SVE_VECTOR_LEN)) 404 405ifeq (${SANITIZE_UB},on) 406TF_CFLAGS += -fsanitize=undefined -fno-sanitize-recover 407endif 408ifeq (${SANITIZE_UB},trap) 409TF_CFLAGS += -fsanitize=undefined -fno-sanitize-recover \ 410 -fsanitize-undefined-trap-on-error 411endif 412 413GCC_V_OUTPUT := $(shell $(CC) -v 2>&1) 414 415# LD = armlink 416ifneq ($(findstring armlink,$(notdir $(LD))),) 417TF_LDFLAGS += --diag_error=warning --lto_level=O1 418TF_LDFLAGS += --remove --info=unused,unusedsymbols 419TF_LDFLAGS += $(TF_LDFLAGS_$(ARCH)) 420 421# LD = gcc (used when GCC LTO is enabled) 422else ifneq ($(findstring gcc,$(notdir $(LD))),) 423# Pass ld options with Wl or Xlinker switches 424TF_LDFLAGS += -Wl,--fatal-warnings -O1 425TF_LDFLAGS += -Wl,--gc-sections 426ifeq ($(ENABLE_LTO),1) 427 ifeq (${ARCH},aarch64) 428 TF_LDFLAGS += -flto -fuse-linker-plugin 429 endif 430endif 431# GCC automatically adds fix-cortex-a53-843419 flag when used to link 432# which breaks some builds, so disable if errata fix is not explicitly enabled 433ifneq (${ERRATA_A53_843419},1) 434 TF_LDFLAGS += -mno-fix-cortex-a53-843419 435endif 436TF_LDFLAGS += -nostdlib 437TF_LDFLAGS += $(subst --,-Xlinker --,$(TF_LDFLAGS_$(ARCH))) 438 439# LD = gcc-ld (ld) or llvm-ld (ld.lld) or other 440else 441TF_LDFLAGS += --fatal-warnings -O1 442TF_LDFLAGS += --gc-sections 443# ld.lld doesn't recognize the errata flags, 444# therefore don't add those in that case 445ifeq ($(findstring ld.lld,$(notdir $(LD))),) 446TF_LDFLAGS += $(TF_LDFLAGS_$(ARCH)) 447endif 448endif 449 450DTC_FLAGS += -I dts -O dtb 451DTC_CPPFLAGS += -P -nostdinc -Iinclude -Ifdts -undef \ 452 -x assembler-with-cpp $(DEFINES) 453 454################################################################################ 455# Common sources and include directories 456################################################################################ 457include ${MAKE_HELPERS_DIRECTORY}arch_features.mk 458include lib/compiler-rt/compiler-rt.mk 459 460BL_COMMON_SOURCES += common/bl_common.c \ 461 common/tf_log.c \ 462 common/${ARCH}/debug.S \ 463 drivers/console/multi_console.c \ 464 lib/${ARCH}/cache_helpers.S \ 465 lib/${ARCH}/misc_helpers.S \ 466 plat/common/plat_bl_common.c \ 467 plat/common/plat_log_common.c \ 468 plat/common/${ARCH}/plat_common.c \ 469 plat/common/${ARCH}/platform_helpers.S \ 470 ${COMPILER_RT_SRCS} 471 472ifeq ($(notdir $(CC)),armclang) 473BL_COMMON_SOURCES += lib/${ARCH}/armclang_printf.S 474endif 475 476ifeq (${SANITIZE_UB},on) 477BL_COMMON_SOURCES += plat/common/ubsan.c 478endif 479 480INCLUDES += -Iinclude \ 481 -Iinclude/arch/${ARCH} \ 482 -Iinclude/lib/cpus/${ARCH} \ 483 -Iinclude/lib/el3_runtime/${ARCH} \ 484 ${PLAT_INCLUDES} \ 485 ${SPD_INCLUDES} 486 487include common/backtrace/backtrace.mk 488 489################################################################################ 490# Generic definitions 491################################################################################ 492 493include ${MAKE_HELPERS_DIRECTORY}plat_helpers.mk 494 495ifeq (${BUILD_BASE},) 496 BUILD_BASE := ./build 497endif 498BUILD_PLAT := $(abspath ${BUILD_BASE})/${PLAT}/${BUILD_TYPE} 499 500SPDS := $(sort $(filter-out none, $(patsubst services/spd/%,%,$(wildcard services/spd/*)))) 501 502# Platforms providing their own TBB makefile may override this value 503INCLUDE_TBBR_MK := 1 504 505 506################################################################################ 507# Include SPD Makefile if one has been specified 508################################################################################ 509 510ifneq (${SPD},none) 511 ifeq (${ARCH},aarch32) 512 $(error "Error: SPD is incompatible with AArch32.") 513 endif 514 515 ifdef EL3_PAYLOAD_BASE 516 $(warning "SPD and EL3_PAYLOAD_BASE are incompatible build options.") 517 $(warning "The SPD and its BL32 companion will be present but ignored.") 518 endif 519 520 ifeq (${SPD},spmd) 521 # SPMD is located in std_svc directory 522 SPD_DIR := std_svc 523 524 ifeq ($(SPMD_SPM_AT_SEL2),1) 525 ifeq ($(CTX_INCLUDE_EL2_REGS),0) 526 $(error SPMD with SPM at S-EL2 requires CTX_INCLUDE_EL2_REGS option) 527 endif 528 ifeq ($(SPMC_AT_EL3),1) 529 $(error SPM cannot be enabled in both S-EL2 and EL3.) 530 endif 531 endif 532 533 ifeq ($(findstring optee_sp,$(ARM_SPMC_MANIFEST_DTS)),optee_sp) 534 DTC_CPPFLAGS += -DOPTEE_SP_FW_CONFIG 535 endif 536 537 ifeq ($(TS_SP_FW_CONFIG),1) 538 DTC_CPPFLAGS += -DTS_SP_FW_CONFIG 539 endif 540 541 ifneq ($(ARM_BL2_SP_LIST_DTS),) 542 DTC_CPPFLAGS += -DARM_BL2_SP_LIST_DTS=$(ARM_BL2_SP_LIST_DTS) 543 endif 544 545 ifneq ($(SP_LAYOUT_FILE),) 546 BL2_ENABLE_SP_LOAD := 1 547 endif 548 else 549 # All other SPDs in spd directory 550 SPD_DIR := spd 551 endif 552 553 # We expect to locate an spd.mk under the specified SPD directory 554 SPD_MAKE := $(wildcard services/${SPD_DIR}/${SPD}/${SPD}.mk) 555 556 ifeq (${SPD_MAKE},) 557 $(error Error: No services/${SPD_DIR}/${SPD}/${SPD}.mk located) 558 endif 559 $(info Including ${SPD_MAKE}) 560 include ${SPD_MAKE} 561 562 # If there's BL32 companion for the chosen SPD, we expect that the SPD's 563 # Makefile would set NEED_BL32 to "yes". In this case, the build system 564 # supports two mutually exclusive options: 565 # * BL32 is built from source: then BL32_SOURCES must contain the list 566 # of source files to build BL32 567 # * BL32 is a prebuilt binary: then BL32 must point to the image file 568 # that will be included in the FIP 569 # If both BL32_SOURCES and BL32 are defined, the binary takes precedence 570 # over the sources. 571endif 572 573################################################################################ 574# Include rmmd Makefile if RME is enabled 575################################################################################ 576 577ifneq (${ENABLE_RME},0) 578ifneq (${ARCH},aarch64) 579 $(error ENABLE_RME requires AArch64) 580endif 581ifeq ($(SPMC_AT_EL3),1) 582 $(error SPMC_AT_EL3 and ENABLE_RME cannot both be enabled.) 583endif 584include services/std_svc/rmmd/rmmd.mk 585$(warning "RME is an experimental feature") 586endif 587 588################################################################################ 589# Include the platform specific Makefile after the SPD Makefile (the platform 590# makefile may use all previous definitions in this file) 591################################################################################ 592 593include ${PLAT_MAKEFILE_FULL} 594 595$(eval $(call MAKE_PREREQ_DIR,${BUILD_PLAT})) 596 597ifeq (${ARM_ARCH_MAJOR},7) 598include make_helpers/armv7-a-cpus.mk 599endif 600 601PIE_FOUND := $(findstring --enable-default-pie,${GCC_V_OUTPUT}) 602ifneq ($(PIE_FOUND),) 603 TF_CFLAGS += -fno-PIE 604ifneq ($(findstring gcc,$(notdir $(LD))),) 605 TF_LDFLAGS += -no-pie 606endif 607endif 608 609ifneq ($(findstring gcc,$(notdir $(LD))),) 610 PIE_LDFLAGS += -Wl,-pie -Wl,--no-dynamic-linker 611else 612 PIE_LDFLAGS += -pie --no-dynamic-linker 613endif 614 615ifeq ($(ENABLE_PIE),1) 616ifeq ($(BL2_AT_EL3),1) 617ifneq ($(BL2_IN_XIP_MEM),1) 618 BL2_CFLAGS += -fpie 619 BL2_LDFLAGS += $(PIE_LDFLAGS) 620endif 621endif 622 BL31_CFLAGS += -fpie 623 BL31_LDFLAGS += $(PIE_LDFLAGS) 624 BL32_CFLAGS += -fpie 625 BL32_LDFLAGS += $(PIE_LDFLAGS) 626endif 627 628ifeq (${ARCH},aarch64) 629BL1_CPPFLAGS += -DIMAGE_AT_EL3 630ifeq ($(BL2_AT_EL3),1) 631BL2_CPPFLAGS += -DIMAGE_AT_EL3 632else 633BL2_CPPFLAGS += -DIMAGE_AT_EL1 634endif 635BL2U_CPPFLAGS += -DIMAGE_AT_EL1 636BL31_CPPFLAGS += -DIMAGE_AT_EL3 637BL32_CPPFLAGS += -DIMAGE_AT_EL1 638endif 639 640# Include the CPU specific operations makefile, which provides default 641# values for all CPU errata workarounds and CPU specific optimisations. 642# This can be overridden by the platform. 643include lib/cpus/cpu-ops.mk 644 645ifeq (${ARCH},aarch32) 646NEED_BL32 := yes 647 648################################################################################ 649# Build `AARCH32_SP` as BL32 image for AArch32 650################################################################################ 651ifneq (${AARCH32_SP},none) 652# We expect to locate an sp.mk under the specified AARCH32_SP directory 653AARCH32_SP_MAKE := $(wildcard bl32/${AARCH32_SP}/${AARCH32_SP}.mk) 654 655ifeq (${AARCH32_SP_MAKE},) 656 $(error Error: No bl32/${AARCH32_SP}/${AARCH32_SP}.mk located) 657endif 658 659$(info Including ${AARCH32_SP_MAKE}) 660include ${AARCH32_SP_MAKE} 661endif 662 663endif 664 665################################################################################ 666# Include libc if not overridden 667################################################################################ 668ifeq (${OVERRIDE_LIBC},0) 669include lib/libc/libc.mk 670endif 671 672################################################################################ 673# Check incompatible options 674################################################################################ 675 676ifdef EL3_PAYLOAD_BASE 677 ifdef PRELOADED_BL33_BASE 678 $(warning "PRELOADED_BL33_BASE and EL3_PAYLOAD_BASE are \ 679 incompatible build options. EL3_PAYLOAD_BASE has priority.") 680 endif 681 ifneq (${GENERATE_COT},0) 682 $(error "GENERATE_COT and EL3_PAYLOAD_BASE are incompatible build options.") 683 endif 684 ifneq (${TRUSTED_BOARD_BOOT},0) 685 $(error "TRUSTED_BOARD_BOOT and EL3_PAYLOAD_BASE are incompatible build options.") 686 endif 687endif 688 689ifeq (${NEED_BL33},yes) 690 ifdef EL3_PAYLOAD_BASE 691 $(warning "BL33 image is not needed when option \ 692 BL33_PAYLOAD_BASE is used and won't be added to the FIP file.") 693 endif 694 ifdef PRELOADED_BL33_BASE 695 $(warning "BL33 image is not needed when option \ 696 PRELOADED_BL33_BASE is used and won't be added to the FIP \ 697 file.") 698 endif 699endif 700 701# When building for systems with hardware-assisted coherency, there's no need to 702# use USE_COHERENT_MEM. Require that USE_COHERENT_MEM must be set to 0 too. 703ifeq ($(HW_ASSISTED_COHERENCY)-$(USE_COHERENT_MEM),1-1) 704$(error USE_COHERENT_MEM cannot be enabled with HW_ASSISTED_COHERENCY) 705endif 706 707#For now, BL2_IN_XIP_MEM is only supported when BL2_AT_EL3 is 1. 708ifeq ($(BL2_AT_EL3)-$(BL2_IN_XIP_MEM),0-1) 709$(error "BL2_IN_XIP_MEM is only supported when BL2_AT_EL3 is enabled") 710endif 711 712# For RAS_EXTENSION, require that EAs are handled in EL3 first 713ifeq ($(RAS_EXTENSION),1) 714 ifneq ($(HANDLE_EA_EL3_FIRST),1) 715 $(error For RAS_EXTENSION, HANDLE_EA_EL3_FIRST must also be 1) 716 endif 717endif 718 719# When FAULT_INJECTION_SUPPORT is used, require that RAS_EXTENSION is enabled 720ifeq ($(FAULT_INJECTION_SUPPORT),1) 721 ifneq ($(RAS_EXTENSION),1) 722 $(error For FAULT_INJECTION_SUPPORT, RAS_EXTENSION must also be 1) 723 endif 724endif 725 726# DYN_DISABLE_AUTH can be set only when TRUSTED_BOARD_BOOT=1 727ifeq ($(DYN_DISABLE_AUTH), 1) 728 ifeq (${TRUSTED_BOARD_BOOT}, 0) 729 $(error "TRUSTED_BOARD_BOOT must be enabled for DYN_DISABLE_AUTH to be set.") 730 endif 731endif 732 733ifeq ($(MEASURED_BOOT)-$(TRUSTED_BOARD_BOOT),1-1) 734# Support authentication verification and hash calculation 735 CRYPTO_SUPPORT := 3 736else ifeq ($(DRTM_SUPPORT)-$(TRUSTED_BOARD_BOOT),1-1) 737# Support authentication verification and hash calculation 738 CRYPTO_SUPPORT := 3 739else ifneq ($(filter 1,${MEASURED_BOOT} ${DRTM_SUPPORT}),) 740# Support hash calculation only 741 CRYPTO_SUPPORT := 2 742else ifeq (${TRUSTED_BOARD_BOOT},1) 743# Support authentication verification only 744 CRYPTO_SUPPORT := 1 745else 746 CRYPTO_SUPPORT := 0 747endif 748 749# SDEI_IN_FCONF is only supported when SDEI_SUPPORT is enabled. 750ifeq ($(SDEI_SUPPORT)-$(SDEI_IN_FCONF),0-1) 751$(error "SDEI_IN_FCONF is only supported when SDEI_SUPPORT is enabled") 752endif 753 754# If pointer authentication is used in the firmware, make sure that all the 755# registers associated to it are also saved and restored. 756# Not doing it would leak the value of the keys used by EL3 to EL1 and S-EL1. 757ifeq ($(ENABLE_PAUTH),1) 758 ifeq ($(CTX_INCLUDE_PAUTH_REGS),0) 759 $(error Pointer Authentication requires CTX_INCLUDE_PAUTH_REGS=1) 760 endif 761endif 762 763ifeq ($(CTX_INCLUDE_PAUTH_REGS),1) 764 ifneq (${ARCH},aarch64) 765 $(error CTX_INCLUDE_PAUTH_REGS requires AArch64) 766 endif 767endif 768 769ifeq ($(CTX_INCLUDE_MTE_REGS),1) 770 ifneq (${ARCH},aarch64) 771 $(error CTX_INCLUDE_MTE_REGS requires AArch64) 772 endif 773endif 774 775ifeq ($(PSA_FWU_SUPPORT),1) 776 $(info PSA_FWU_SUPPORT is an experimental feature) 777endif 778 779ifeq ($(FEATURE_DETECTION),1) 780 $(info FEATURE_DETECTION is an experimental feature) 781endif 782 783ifeq (${ARM_XLAT_TABLES_LIB_V1}, 1) 784 ifeq (${ALLOW_RO_XLAT_TABLES}, 1) 785 $(error "ALLOW_RO_XLAT_TABLES requires translation tables library v2") 786 endif 787endif 788 789ifneq (${DECRYPTION_SUPPORT},none) 790 ifeq (${TRUSTED_BOARD_BOOT}, 0) 791 $(error TRUSTED_BOARD_BOOT must be enabled for DECRYPTION_SUPPORT to be set) 792 endif 793endif 794 795# Ensure that no Aarch64-only features are enabled in Aarch32 build 796ifeq (${ARCH},aarch32) 797 798 # SME/SVE only supported on AArch64 799 ifeq (${ENABLE_SME_FOR_NS},1) 800 $(error "ENABLE_SME_FOR_NS cannot be used with ARCH=aarch32") 801 endif 802 ifeq (${ENABLE_SVE_FOR_NS},1) 803 # Warning instead of error due to CI dependency on this 804 $(error "ENABLE_SVE_FOR_NS cannot be used with ARCH=aarch32") 805 endif 806 807 # BRBE is not supported in AArch32 808 ifeq (${ENABLE_BRBE_FOR_NS},1) 809 $(error "ENABLE_BRBE_FOR_NS cannot be used with ARCH=aarch32") 810 endif 811 812 # FEAT_RNG_TRAP is not supported in AArch32 813 ifeq (${ENABLE_FEAT_RNG_TRAP},1) 814 $(error "ENABLE_FEAT_RNG_TRAP cannot be used with ARCH=aarch32") 815 endif 816endif 817 818# Ensure ENABLE_RME is not used with SME 819ifeq (${ENABLE_RME},1) 820 ifeq (${ENABLE_SME_FOR_NS},1) 821 $(error "ENABLE_SME_FOR_NS cannot be used with ENABLE_RME") 822 endif 823endif 824 825# Secure SME/SVE requires the non-secure component as well 826ifeq (${ENABLE_SME_FOR_SWD},1) 827 ifeq (${ENABLE_SME_FOR_NS},0) 828 $(error "ENABLE_SME_FOR_SWD requires ENABLE_SME_FOR_NS") 829 endif 830endif 831ifeq (${ENABLE_SVE_FOR_SWD},1) 832 ifeq (${ENABLE_SVE_FOR_NS},0) 833 $(error "ENABLE_SVE_FOR_SWD requires ENABLE_SVE_FOR_NS") 834 endif 835endif 836 837# SVE and SME cannot be used with CTX_INCLUDE_FPREGS since secure manager does 838# its own context management including FPU registers. 839ifeq (${CTX_INCLUDE_FPREGS},1) 840 ifeq (${ENABLE_SME_FOR_NS},1) 841 $(error "ENABLE_SME_FOR_NS cannot be used with CTX_INCLUDE_FPREGS") 842 endif 843 ifeq (${ENABLE_SVE_FOR_NS},1) 844 # Warning instead of error due to CI dependency on this 845 $(warning "ENABLE_SVE_FOR_NS cannot be used with CTX_INCLUDE_FPREGS") 846 $(warning "Forced ENABLE_SVE_FOR_NS=0") 847 override ENABLE_SVE_FOR_NS := 0 848 endif 849endif 850 851ifeq ($(DRTM_SUPPORT),1) 852 $(info DRTM_SUPPORT is an experimental feature) 853endif 854 855ifeq (${ENABLE_RME},1) 856 ifneq (${SEPARATE_CODE_AND_RODATA},1) 857 $(error `ENABLE_RME=1` requires `SEPARATE_CODE_AND_RODATA=1`) 858 endif 859endif 860 861################################################################################ 862# Process platform overrideable behaviour 863################################################################################ 864 865ifdef BL1_SOURCES 866NEED_BL1 := yes 867endif 868 869ifdef BL2_SOURCES 870 NEED_BL2 := yes 871 872 # Using BL2 implies that a BL33 image also needs to be supplied for the FIP and 873 # Certificate generation tools. This flag can be overridden by the platform. 874 ifdef EL3_PAYLOAD_BASE 875 # If booting an EL3 payload there is no need for a BL33 image 876 # in the FIP file. 877 NEED_BL33 := no 878 else 879 ifdef PRELOADED_BL33_BASE 880 # If booting a BL33 preloaded image there is no need of 881 # another one in the FIP file. 882 NEED_BL33 := no 883 else 884 NEED_BL33 ?= yes 885 endif 886 endif 887endif 888 889ifdef BL2U_SOURCES 890NEED_BL2U := yes 891endif 892 893# If SCP_BL2 is given, we always want FIP to include it. 894ifdef SCP_BL2 895 NEED_SCP_BL2 := yes 896endif 897 898# For AArch32, BL31 is not currently supported. 899ifneq (${ARCH},aarch32) 900 ifdef BL31_SOURCES 901 # When booting an EL3 payload, there is no need to compile the BL31 image nor 902 # put it in the FIP. 903 ifndef EL3_PAYLOAD_BASE 904 NEED_BL31 := yes 905 endif 906 endif 907endif 908 909# Process TBB related flags 910ifneq (${GENERATE_COT},0) 911 # Common cert_create options 912 ifneq (${CREATE_KEYS},0) 913 $(eval CRT_ARGS += -n) 914 $(eval FWU_CRT_ARGS += -n) 915 ifneq (${SAVE_KEYS},0) 916 $(eval CRT_ARGS += -k) 917 $(eval FWU_CRT_ARGS += -k) 918 endif 919 endif 920 # Include TBBR makefile (unless the platform indicates otherwise) 921 ifeq (${INCLUDE_TBBR_MK},1) 922 include make_helpers/tbbr/tbbr_tools.mk 923 endif 924endif 925 926ifneq (${FIP_ALIGN},0) 927FIP_ARGS += --align ${FIP_ALIGN} 928endif 929 930ifdef FDT_SOURCES 931NEED_FDT := yes 932endif 933 934################################################################################ 935# Include libraries' Makefile that are used in all BL 936################################################################################ 937 938include lib/stack_protector/stack_protector.mk 939 940################################################################################ 941# Auxiliary tools (fiptool, cert_create, etc) 942################################################################################ 943 944# Variables for use with Certificate Generation Tool 945CRTTOOLPATH ?= tools/cert_create 946CRTTOOL ?= ${CRTTOOLPATH}/cert_create${BIN_EXT} 947 948# Variables for use with Firmware Encryption Tool 949ENCTOOLPATH ?= tools/encrypt_fw 950ENCTOOL ?= ${ENCTOOLPATH}/encrypt_fw${BIN_EXT} 951 952# Variables for use with Firmware Image Package 953FIPTOOLPATH ?= tools/fiptool 954FIPTOOL ?= ${FIPTOOLPATH}/fiptool${BIN_EXT} 955 956# Variables for use with sptool 957SPTOOLPATH ?= tools/sptool 958SPTOOL ?= ${SPTOOLPATH}/sptool.py 959SP_MK_GEN ?= ${SPTOOLPATH}/sp_mk_generator.py 960 961# Variables for use with ROMLIB 962ROMLIBPATH ?= lib/romlib 963 964# Variable for use with Python 965PYTHON ?= python3 966 967# Variables for use with PRINT_MEMORY_MAP 968PRINT_MEMORY_MAP_PATH ?= tools/memory 969PRINT_MEMORY_MAP ?= ${PRINT_MEMORY_MAP_PATH}/print_memory_map.py 970 971# Variables for use with documentation build using Sphinx tool 972DOCS_PATH ?= docs 973 974# Defination of SIMICS flag 975SIMICS_BUILD ?= 0 976 977################################################################################ 978# Include BL specific makefiles 979################################################################################ 980 981ifeq (${NEED_BL1},yes) 982include bl1/bl1.mk 983endif 984 985ifeq (${NEED_BL2},yes) 986include bl2/bl2.mk 987endif 988 989ifeq (${NEED_BL2U},yes) 990include bl2u/bl2u.mk 991endif 992 993ifeq (${NEED_BL31},yes) 994include bl31/bl31.mk 995endif 996 997################################################################################ 998# Build options checks 999################################################################################ 1000 1001$(eval $(call assert_booleans,\ 1002 $(sort \ 1003 ALLOW_RO_XLAT_TABLES \ 1004 BL2_ENABLE_SP_LOAD \ 1005 COLD_BOOT_SINGLE_CPU \ 1006 CREATE_KEYS \ 1007 CTX_INCLUDE_AARCH32_REGS \ 1008 CTX_INCLUDE_FPREGS \ 1009 CTX_INCLUDE_EL2_REGS \ 1010 DEBUG \ 1011 DISABLE_MTPMU \ 1012 DYN_DISABLE_AUTH \ 1013 EL3_EXCEPTION_HANDLING \ 1014 ENABLE_AMU \ 1015 ENABLE_AMU_AUXILIARY_COUNTERS \ 1016 ENABLE_AMU_FCONF \ 1017 AMU_RESTRICT_COUNTERS \ 1018 ENABLE_ASSERTIONS \ 1019 ENABLE_PIE \ 1020 ENABLE_PMF \ 1021 ENABLE_PSCI_STAT \ 1022 ENABLE_RUNTIME_INSTRUMENTATION \ 1023 ENABLE_SME_FOR_NS \ 1024 ENABLE_SME_FOR_SWD \ 1025 ENABLE_SPE_FOR_LOWER_ELS \ 1026 ENABLE_SVE_FOR_NS \ 1027 ENABLE_SVE_FOR_SWD \ 1028 ERROR_DEPRECATED \ 1029 FAULT_INJECTION_SUPPORT \ 1030 GENERATE_COT \ 1031 GICV2_G0_FOR_EL3 \ 1032 HANDLE_EA_EL3_FIRST \ 1033 HW_ASSISTED_COHERENCY \ 1034 INVERTED_MEMMAP \ 1035 MEASURED_BOOT \ 1036 DRTM_SUPPORT \ 1037 NS_TIMER_SWITCH \ 1038 OVERRIDE_LIBC \ 1039 PL011_GENERIC_UART \ 1040 PLAT_RSS_NOT_SUPPORTED \ 1041 PROGRAMMABLE_RESET_ADDRESS \ 1042 PSCI_EXTENDED_STATE_ID \ 1043 RESET_TO_BL31 \ 1044 RESET_TO_BL31_WITH_PARAMS \ 1045 SAVE_KEYS \ 1046 SEPARATE_CODE_AND_RODATA \ 1047 SEPARATE_BL2_NOLOAD_REGION \ 1048 SEPARATE_NOBITS_REGION \ 1049 SPIN_ON_BL1_EXIT \ 1050 SPM_MM \ 1051 SPMC_AT_EL3 \ 1052 SPMD_SPM_AT_SEL2 \ 1053 TRUSTED_BOARD_BOOT \ 1054 USE_COHERENT_MEM \ 1055 USE_DEBUGFS \ 1056 ARM_IO_IN_DTB \ 1057 SDEI_IN_FCONF \ 1058 SEC_INT_DESC_IN_FCONF \ 1059 USE_ROMLIB \ 1060 USE_TBBR_DEFS \ 1061 WARMBOOT_ENABLE_DCACHE_EARLY \ 1062 BL2_AT_EL3 \ 1063 BL2_IN_XIP_MEM \ 1064 BL2_INV_DCACHE \ 1065 USE_SPINLOCK_CAS \ 1066 ENCRYPT_BL31 \ 1067 ENCRYPT_BL32 \ 1068 ERRATA_SPECULATIVE_AT \ 1069 RAS_TRAP_NS_ERR_REC_ACCESS \ 1070 COT_DESC_IN_DTB \ 1071 USE_SP804_TIMER \ 1072 PSA_FWU_SUPPORT \ 1073 ENABLE_SYS_REG_TRACE_FOR_NS \ 1074 ENABLE_MPMM \ 1075 ENABLE_MPMM_FCONF \ 1076 SIMICS_BUILD \ 1077 FEATURE_DETECTION \ 1078))) 1079 1080$(eval $(call assert_numerics,\ 1081 $(sort \ 1082 ARM_ARCH_MAJOR \ 1083 ARM_ARCH_MINOR \ 1084 BRANCH_PROTECTION \ 1085 CTX_INCLUDE_PAUTH_REGS \ 1086 CTX_INCLUDE_MTE_REGS \ 1087 CTX_INCLUDE_NEVE_REGS \ 1088 CRYPTO_SUPPORT \ 1089 ENABLE_BRBE_FOR_NS \ 1090 ENABLE_TRBE_FOR_NS \ 1091 ENABLE_BTI \ 1092 ENABLE_PAUTH \ 1093 ENABLE_FEAT_AMUv1 \ 1094 ENABLE_FEAT_AMUv1p1 \ 1095 ENABLE_FEAT_CSV2_2 \ 1096 ENABLE_FEAT_DIT \ 1097 ENABLE_FEAT_ECV \ 1098 ENABLE_FEAT_FGT \ 1099 ENABLE_FEAT_HCX \ 1100 ENABLE_FEAT_PAN \ 1101 ENABLE_FEAT_RNG \ 1102 ENABLE_FEAT_RNG_TRAP \ 1103 ENABLE_FEAT_SB \ 1104 ENABLE_FEAT_SEL2 \ 1105 ENABLE_FEAT_VHE \ 1106 ENABLE_MPAM_FOR_LOWER_ELS \ 1107 ENABLE_RME \ 1108 ENABLE_TRF_FOR_NS \ 1109 FW_ENC_STATUS \ 1110 NR_OF_FW_BANKS \ 1111 NR_OF_IMAGES_IN_FW_BANK \ 1112 RAS_EXTENSION \ 1113 TWED_DELAY \ 1114 ENABLE_FEAT_TWED \ 1115 SVE_VECTOR_LEN \ 1116))) 1117 1118ifdef KEY_SIZE 1119 $(eval $(call assert_numeric,KEY_SIZE)) 1120endif 1121 1122ifeq ($(filter $(SANITIZE_UB), on off trap),) 1123 $(error "Invalid value for SANITIZE_UB: can be one of on, off, trap") 1124endif 1125 1126################################################################################ 1127# Add definitions to the cpp preprocessor based on the current build options. 1128# This is done after including the platform specific makefile to allow the 1129# platform to overwrite the default options 1130################################################################################ 1131 1132$(eval $(call add_defines,\ 1133 $(sort \ 1134 ALLOW_RO_XLAT_TABLES \ 1135 ARM_ARCH_MAJOR \ 1136 ARM_ARCH_MINOR \ 1137 BL2_ENABLE_SP_LOAD \ 1138 COLD_BOOT_SINGLE_CPU \ 1139 CTX_INCLUDE_AARCH32_REGS \ 1140 CTX_INCLUDE_FPREGS \ 1141 CTX_INCLUDE_PAUTH_REGS \ 1142 EL3_EXCEPTION_HANDLING \ 1143 CTX_INCLUDE_MTE_REGS \ 1144 CTX_INCLUDE_EL2_REGS \ 1145 CTX_INCLUDE_NEVE_REGS \ 1146 DECRYPTION_SUPPORT_${DECRYPTION_SUPPORT} \ 1147 DISABLE_MTPMU \ 1148 ENABLE_AMU \ 1149 ENABLE_AMU_AUXILIARY_COUNTERS \ 1150 ENABLE_AMU_FCONF \ 1151 AMU_RESTRICT_COUNTERS \ 1152 ENABLE_ASSERTIONS \ 1153 ENABLE_BTI \ 1154 ENABLE_MPAM_FOR_LOWER_ELS \ 1155 ENABLE_PAUTH \ 1156 ENABLE_PIE \ 1157 ENABLE_PMF \ 1158 ENABLE_PSCI_STAT \ 1159 ENABLE_RME \ 1160 ENABLE_RUNTIME_INSTRUMENTATION \ 1161 ENABLE_SME_FOR_NS \ 1162 ENABLE_SME_FOR_SWD \ 1163 ENABLE_SPE_FOR_LOWER_ELS \ 1164 ENABLE_SVE_FOR_NS \ 1165 ENABLE_SVE_FOR_SWD \ 1166 ENCRYPT_BL31 \ 1167 ENCRYPT_BL32 \ 1168 ERROR_DEPRECATED \ 1169 FAULT_INJECTION_SUPPORT \ 1170 GICV2_G0_FOR_EL3 \ 1171 HANDLE_EA_EL3_FIRST \ 1172 HW_ASSISTED_COHERENCY \ 1173 LOG_LEVEL \ 1174 MEASURED_BOOT \ 1175 DRTM_SUPPORT \ 1176 NS_TIMER_SWITCH \ 1177 PL011_GENERIC_UART \ 1178 PLAT_${PLAT} \ 1179 PLAT_RSS_NOT_SUPPORTED \ 1180 PROGRAMMABLE_RESET_ADDRESS \ 1181 PSCI_EXTENDED_STATE_ID \ 1182 RAS_EXTENSION \ 1183 RESET_TO_BL31 \ 1184 RESET_TO_BL31_WITH_PARAMS \ 1185 SEPARATE_CODE_AND_RODATA \ 1186 SEPARATE_BL2_NOLOAD_REGION \ 1187 SEPARATE_NOBITS_REGION \ 1188 RECLAIM_INIT_CODE \ 1189 SPD_${SPD} \ 1190 SPIN_ON_BL1_EXIT \ 1191 SPM_MM \ 1192 SPMC_AT_EL3 \ 1193 SPMD_SPM_AT_SEL2 \ 1194 TRUSTED_BOARD_BOOT \ 1195 CRYPTO_SUPPORT \ 1196 TRNG_SUPPORT \ 1197 USE_COHERENT_MEM \ 1198 USE_DEBUGFS \ 1199 ARM_IO_IN_DTB \ 1200 SDEI_IN_FCONF \ 1201 SEC_INT_DESC_IN_FCONF \ 1202 USE_ROMLIB \ 1203 USE_TBBR_DEFS \ 1204 WARMBOOT_ENABLE_DCACHE_EARLY \ 1205 BL2_AT_EL3 \ 1206 BL2_IN_XIP_MEM \ 1207 BL2_INV_DCACHE \ 1208 USE_SPINLOCK_CAS \ 1209 ERRATA_SPECULATIVE_AT \ 1210 RAS_TRAP_NS_ERR_REC_ACCESS \ 1211 COT_DESC_IN_DTB \ 1212 USE_SP804_TIMER \ 1213 ENABLE_FEAT_RNG \ 1214 ENABLE_FEAT_RNG_TRAP \ 1215 ENABLE_FEAT_SB \ 1216 ENABLE_FEAT_DIT \ 1217 NR_OF_FW_BANKS \ 1218 NR_OF_IMAGES_IN_FW_BANK \ 1219 PSA_FWU_SUPPORT \ 1220 ENABLE_BRBE_FOR_NS \ 1221 ENABLE_TRBE_FOR_NS \ 1222 ENABLE_SYS_REG_TRACE_FOR_NS \ 1223 ENABLE_TRF_FOR_NS \ 1224 ENABLE_FEAT_HCX \ 1225 ENABLE_MPMM \ 1226 ENABLE_MPMM_FCONF \ 1227 ENABLE_FEAT_FGT \ 1228 ENABLE_FEAT_AMUv1 \ 1229 ENABLE_FEAT_ECV \ 1230 SIMICS_BUILD \ 1231 ENABLE_FEAT_AMUv1p1 \ 1232 ENABLE_FEAT_SEL2 \ 1233 ENABLE_FEAT_VHE \ 1234 ENABLE_FEAT_CSV2_2 \ 1235 ENABLE_FEAT_PAN \ 1236 FEATURE_DETECTION \ 1237 TWED_DELAY \ 1238 ENABLE_FEAT_TWED \ 1239))) 1240 1241ifeq (${SANITIZE_UB},trap) 1242 $(eval $(call add_define,MONITOR_TRAPS)) 1243endif 1244 1245# Define the EL3_PAYLOAD_BASE flag only if it is provided. 1246ifdef EL3_PAYLOAD_BASE 1247 $(eval $(call add_define,EL3_PAYLOAD_BASE)) 1248else 1249 # Define the PRELOADED_BL33_BASE flag only if it is provided and 1250 # EL3_PAYLOAD_BASE is not defined, as it has priority. 1251 ifdef PRELOADED_BL33_BASE 1252 $(eval $(call add_define,PRELOADED_BL33_BASE)) 1253 endif 1254endif 1255 1256# Define the DYN_DISABLE_AUTH flag only if set. 1257ifeq (${DYN_DISABLE_AUTH},1) 1258$(eval $(call add_define,DYN_DISABLE_AUTH)) 1259endif 1260 1261ifneq ($(findstring armlink,$(notdir $(LD))),) 1262$(eval $(call add_define,USE_ARM_LINK)) 1263endif 1264 1265# Generate and include sp_gen.mk if SPD is spmd and SP_LAYOUT_FILE is defined 1266ifeq (${SPD},spmd) 1267ifdef SP_LAYOUT_FILE 1268 -include $(BUILD_PLAT)/sp_gen.mk 1269 FIP_DEPS += sp 1270 CRT_DEPS += sp 1271 NEED_SP_PKG := yes 1272else 1273 ifeq (${SPMD_SPM_AT_SEL2},1) 1274 $(error "SPMD with SPM at S-EL2 require SP_LAYOUT_FILE") 1275 endif 1276endif 1277endif 1278 1279################################################################################ 1280# Build targets 1281################################################################################ 1282 1283.PHONY: all msg_start clean realclean distclean cscope locate-checkpatch checkcodebase checkpatch fiptool sptool fip sp fwu_fip certtool dtbs memmap doc enctool 1284.SUFFIXES: 1285 1286all: msg_start 1287 1288msg_start: 1289 @echo "Building ${PLAT}" 1290 1291ifeq (${ERROR_DEPRECATED},0) 1292# Check if deprecated declarations and cpp warnings should be treated as error or not. 1293ifneq ($(findstring clang,$(notdir $(CC))),) 1294 CPPFLAGS += -Wno-error=deprecated-declarations 1295else 1296 CPPFLAGS += -Wno-error=deprecated-declarations -Wno-error=cpp 1297endif 1298endif # !ERROR_DEPRECATED 1299 1300$(eval $(call MAKE_LIB_DIRS)) 1301$(eval $(call MAKE_LIB,c)) 1302 1303# Expand build macros for the different images 1304ifeq (${NEED_BL1},yes) 1305BL1_SOURCES := $(sort ${BL1_SOURCES}) 1306 1307$(eval $(call MAKE_BL,bl1)) 1308endif 1309 1310ifeq (${NEED_BL2},yes) 1311ifeq (${BL2_AT_EL3}, 0) 1312FIP_BL2_ARGS := tb-fw 1313endif 1314 1315BL2_SOURCES := $(sort ${BL2_SOURCES}) 1316 1317$(if ${BL2}, $(eval $(call TOOL_ADD_IMG,bl2,--${FIP_BL2_ARGS})),\ 1318 $(eval $(call MAKE_BL,bl2,${FIP_BL2_ARGS}))) 1319endif 1320 1321ifeq (${NEED_SCP_BL2},yes) 1322$(eval $(call TOOL_ADD_IMG,scp_bl2,--scp-fw)) 1323endif 1324 1325ifeq (${NEED_BL31},yes) 1326BL31_SOURCES += ${SPD_SOURCES} 1327# Sort BL31 source files to remove duplicates 1328BL31_SOURCES := $(sort ${BL31_SOURCES}) 1329ifneq (${DECRYPTION_SUPPORT},none) 1330$(if ${BL31}, $(eval $(call TOOL_ADD_IMG,bl31,--soc-fw,,$(ENCRYPT_BL31))),\ 1331 $(eval $(call MAKE_BL,bl31,soc-fw,,$(ENCRYPT_BL31)))) 1332else 1333$(if ${BL31}, $(eval $(call TOOL_ADD_IMG,bl31,--soc-fw)),\ 1334 $(eval $(call MAKE_BL,bl31,soc-fw))) 1335endif 1336endif 1337 1338# If a BL32 image is needed but neither BL32 nor BL32_SOURCES is defined, the 1339# build system will call TOOL_ADD_IMG to print a warning message and abort the 1340# process. Note that the dependency on BL32 applies to the FIP only. 1341ifeq (${NEED_BL32},yes) 1342# Sort BL32 source files to remove duplicates 1343BL32_SOURCES := $(sort ${BL32_SOURCES}) 1344BUILD_BL32 := $(if $(BL32),,$(if $(BL32_SOURCES),1)) 1345 1346ifneq (${DECRYPTION_SUPPORT},none) 1347$(if ${BUILD_BL32}, $(eval $(call MAKE_BL,bl32,tos-fw,,$(ENCRYPT_BL32))),\ 1348 $(eval $(call TOOL_ADD_IMG,bl32,--tos-fw,,$(ENCRYPT_BL32)))) 1349else 1350$(if ${BUILD_BL32}, $(eval $(call MAKE_BL,bl32,tos-fw)),\ 1351 $(eval $(call TOOL_ADD_IMG,bl32,--tos-fw))) 1352endif 1353endif 1354 1355# If RMM image is needed but RMM is not defined, Test Realm Payload (TRP) 1356# needs to be built from RMM_SOURCES. 1357ifeq (${NEED_RMM},yes) 1358# Sort RMM source files to remove duplicates 1359RMM_SOURCES := $(sort ${RMM_SOURCES}) 1360BUILD_RMM := $(if $(RMM),,$(if $(RMM_SOURCES),1)) 1361 1362$(if ${BUILD_RMM}, $(eval $(call MAKE_BL,rmm,rmm-fw)),\ 1363 $(eval $(call TOOL_ADD_IMG,rmm,--rmm-fw))) 1364endif 1365 1366# Add the BL33 image if required by the platform 1367ifeq (${NEED_BL33},yes) 1368$(eval $(call TOOL_ADD_IMG,bl33,--nt-fw)) 1369endif 1370 1371ifeq (${NEED_BL2U},yes) 1372$(if ${BL2U}, $(eval $(call TOOL_ADD_IMG,bl2u,--ap-fwu-cfg,FWU_)),\ 1373 $(eval $(call MAKE_BL,bl2u,ap-fwu-cfg,FWU_))) 1374endif 1375 1376# Expand build macros for the different images 1377ifeq (${NEED_FDT},yes) 1378 $(eval $(call MAKE_DTBS,$(BUILD_PLAT)/fdts,$(FDT_SOURCES))) 1379endif 1380 1381# Add Secure Partition packages 1382ifeq (${NEED_SP_PKG},yes) 1383$(BUILD_PLAT)/sp_gen.mk: ${SP_MK_GEN} ${SP_LAYOUT_FILE} | ${BUILD_PLAT} 1384 ${Q}${PYTHON} "$<" "$@" $(filter-out $<,$^) $(BUILD_PLAT) ${COT} 1385sp: $(DTBS) $(BUILD_PLAT)/sp_gen.mk $(SP_PKGS) 1386 @${ECHO_BLANK_LINE} 1387 @echo "Built SP Images successfully" 1388 @${ECHO_BLANK_LINE} 1389endif 1390 1391locate-checkpatch: 1392ifndef CHECKPATCH 1393 $(error "Please set CHECKPATCH to point to the Linux checkpatch.pl file, eg: CHECKPATCH=../linux/scripts/checkpatch.pl") 1394else 1395ifeq (,$(wildcard ${CHECKPATCH})) 1396 $(error "The file CHECKPATCH points to cannot be found, use eg: CHECKPATCH=../linux/scripts/checkpatch.pl") 1397endif 1398endif 1399 1400clean: 1401 @echo " CLEAN" 1402 $(call SHELL_REMOVE_DIR,${BUILD_PLAT}) 1403ifdef UNIX_MK 1404 ${Q}${MAKE} --no-print-directory -C ${FIPTOOLPATH} clean 1405else 1406# Clear the MAKEFLAGS as we do not want 1407# to pass the gnumake flags to nmake. 1408 ${Q}set MAKEFLAGS= && ${MSVC_NMAKE} /nologo /f ${FIPTOOLPATH}/Makefile.msvc FIPTOOLPATH=$(subst /,\,$(FIPTOOLPATH)) FIPTOOL=$(subst /,\,$(FIPTOOL)) clean 1409endif 1410 ${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${CRTTOOLPATH} clean 1411 ${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${ENCTOOLPATH} clean 1412 ${Q}${MAKE} --no-print-directory -C ${ROMLIBPATH} clean 1413 1414realclean distclean: 1415 @echo " REALCLEAN" 1416 $(call SHELL_REMOVE_DIR,${BUILD_BASE}) 1417 $(call SHELL_DELETE_ALL, ${CURDIR}/cscope.*) 1418ifdef UNIX_MK 1419 ${Q}${MAKE} --no-print-directory -C ${FIPTOOLPATH} clean 1420else 1421# Clear the MAKEFLAGS as we do not want 1422# to pass the gnumake flags to nmake. 1423 ${Q}set MAKEFLAGS= && ${MSVC_NMAKE} /nologo /f ${FIPTOOLPATH}/Makefile.msvc FIPTOOLPATH=$(subst /,\,$(FIPTOOLPATH)) FIPTOOL=$(subst /,\,$(FIPTOOL)) realclean 1424endif 1425 ${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${CRTTOOLPATH} realclean 1426 ${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${ENCTOOLPATH} realclean 1427 ${Q}${MAKE} --no-print-directory -C ${ROMLIBPATH} clean 1428 1429checkcodebase: locate-checkpatch 1430 @echo " CHECKING STYLE" 1431 @if test -d .git ; then \ 1432 git ls-files | grep -E -v 'libfdt|libc|docs|\.rst' | \ 1433 while read GIT_FILE ; \ 1434 do ${CHECKPATCH} ${CHECKCODE_ARGS} -f $$GIT_FILE ; \ 1435 done ; \ 1436 else \ 1437 find . -type f -not -iwholename "*.git*" \ 1438 -not -iwholename "*build*" \ 1439 -not -iwholename "*libfdt*" \ 1440 -not -iwholename "*libc*" \ 1441 -not -iwholename "*docs*" \ 1442 -not -iwholename "*.rst" \ 1443 -exec ${CHECKPATCH} ${CHECKCODE_ARGS} -f {} \; ; \ 1444 fi 1445 1446checkpatch: locate-checkpatch 1447 @echo " CHECKING STYLE" 1448 @if test -n "${CHECKPATCH_OPTS}"; then \ 1449 echo " with ${CHECKPATCH_OPTS} option(s)"; \ 1450 fi 1451 ${Q}COMMON_COMMIT=$$(git merge-base HEAD ${BASE_COMMIT}); \ 1452 for commit in `git rev-list --no-merges $$COMMON_COMMIT..HEAD`; \ 1453 do \ 1454 printf "\n[*] Checking style of '$$commit'\n\n"; \ 1455 git log --format=email "$$commit~..$$commit" \ 1456 -- ${CHECK_PATHS} | \ 1457 ${CHECKPATCH} ${CHECKPATCH_OPTS} - || true; \ 1458 git diff --format=email "$$commit~..$$commit" \ 1459 -- ${CHECK_PATHS} | \ 1460 ${CHECKPATCH} ${CHECKPATCH_OPTS} - || true; \ 1461 done 1462 1463certtool: ${CRTTOOL} 1464 1465${CRTTOOL}: FORCE 1466 ${Q}${MAKE} PLAT=${PLAT} USE_TBBR_DEFS=${USE_TBBR_DEFS} COT=${COT} OPENSSL_DIR=${OPENSSL_DIR} CRTTOOL=${CRTTOOL} --no-print-directory -C ${CRTTOOLPATH} 1467 @${ECHO_BLANK_LINE} 1468 @echo "Built $@ successfully" 1469 @${ECHO_BLANK_LINE} 1470 1471ifneq (${GENERATE_COT},0) 1472certificates: ${CRT_DEPS} ${CRTTOOL} 1473 ${Q}${CRTTOOL} ${CRT_ARGS} 1474 @${ECHO_BLANK_LINE} 1475 @echo "Built $@ successfully" 1476 @echo "Certificates can be found in ${BUILD_PLAT}" 1477 @${ECHO_BLANK_LINE} 1478endif 1479 1480${BUILD_PLAT}/${FIP_NAME}: ${FIP_DEPS} ${FIPTOOL} 1481 $(eval ${CHECK_FIP_CMD}) 1482 ${Q}${FIPTOOL} create ${FIP_ARGS} $@ 1483 ${Q}${FIPTOOL} info $@ 1484 @${ECHO_BLANK_LINE} 1485 @echo "Built $@ successfully" 1486 @${ECHO_BLANK_LINE} 1487 1488ifneq (${GENERATE_COT},0) 1489fwu_certificates: ${FWU_CRT_DEPS} ${CRTTOOL} 1490 ${Q}${CRTTOOL} ${FWU_CRT_ARGS} 1491 @${ECHO_BLANK_LINE} 1492 @echo "Built $@ successfully" 1493 @echo "FWU certificates can be found in ${BUILD_PLAT}" 1494 @${ECHO_BLANK_LINE} 1495endif 1496 1497${BUILD_PLAT}/${FWU_FIP_NAME}: ${FWU_FIP_DEPS} ${FIPTOOL} 1498 $(eval ${CHECK_FWU_FIP_CMD}) 1499 ${Q}${FIPTOOL} create ${FWU_FIP_ARGS} $@ 1500 ${Q}${FIPTOOL} info $@ 1501 @${ECHO_BLANK_LINE} 1502 @echo "Built $@ successfully" 1503 @${ECHO_BLANK_LINE} 1504 1505fiptool: ${FIPTOOL} 1506fip: ${BUILD_PLAT}/${FIP_NAME} 1507fwu_fip: ${BUILD_PLAT}/${FWU_FIP_NAME} 1508 1509${FIPTOOL}: FORCE 1510ifdef UNIX_MK 1511 ${Q}${MAKE} CPPFLAGS="-DVERSION='\"${VERSION_STRING}\"'" FIPTOOL=${FIPTOOL} OPENSSL_DIR=${OPENSSL_DIR} --no-print-directory -C ${FIPTOOLPATH} 1512else 1513# Clear the MAKEFLAGS as we do not want 1514# to pass the gnumake flags to nmake. 1515 ${Q}set MAKEFLAGS= && ${MSVC_NMAKE} /nologo /f ${FIPTOOLPATH}/Makefile.msvc FIPTOOLPATH=$(subst /,\,$(FIPTOOLPATH)) FIPTOOL=$(subst /,\,$(FIPTOOL)) 1516endif 1517 1518romlib.bin: libraries FORCE 1519 ${Q}${MAKE} PLAT_DIR=${PLAT_DIR} BUILD_PLAT=${BUILD_PLAT} ENABLE_BTI=${ENABLE_BTI} ARM_ARCH_MINOR=${ARM_ARCH_MINOR} INCLUDES='${INCLUDES}' DEFINES='${DEFINES}' --no-print-directory -C ${ROMLIBPATH} all 1520 1521# Call print_memory_map tool 1522memmap: all 1523 ${Q}${PYTHON} ${PRINT_MEMORY_MAP} ${BUILD_PLAT} ${INVERTED_MEMMAP} 1524 1525doc: 1526 @echo " BUILD DOCUMENTATION" 1527 ${Q}${MAKE} --no-print-directory -C ${DOCS_PATH} html 1528 1529enctool: ${ENCTOOL} 1530 1531${ENCTOOL}: FORCE 1532 ${Q}${MAKE} PLAT=${PLAT} BUILD_INFO=0 OPENSSL_DIR=${OPENSSL_DIR} ENCTOOL=${ENCTOOL} --no-print-directory -C ${ENCTOOLPATH} 1533 @${ECHO_BLANK_LINE} 1534 @echo "Built $@ successfully" 1535 @${ECHO_BLANK_LINE} 1536 1537cscope: 1538 @echo " CSCOPE" 1539 ${Q}find ${CURDIR} -name "*.[chsS]" > cscope.files 1540 ${Q}cscope -b -q -k 1541 1542help: 1543 @echo "usage: ${MAKE} [PLAT=<platform>] [OPTIONS] [TARGET]" 1544 @echo "" 1545 @echo "PLAT is used to specify which platform you wish to build." 1546 @echo "If no platform is specified, PLAT defaults to: ${DEFAULT_PLAT}" 1547 @echo "" 1548 @echo "platform = ${PLATFORM_LIST}" 1549 @echo "" 1550 @echo "Please refer to the User Guide for a list of all supported options." 1551 @echo "Note that the build system doesn't track dependencies for build " 1552 @echo "options. Therefore, if any of the build options are changed " 1553 @echo "from a previous build, a clean build must be performed." 1554 @echo "" 1555 @echo "Supported Targets:" 1556 @echo " all Build all individual bootloader binaries" 1557 @echo " bl1 Build the BL1 binary" 1558 @echo " bl2 Build the BL2 binary" 1559 @echo " bl2u Build the BL2U binary" 1560 @echo " bl31 Build the BL31 binary" 1561 @echo " bl32 Build the BL32 binary. If ARCH=aarch32, then " 1562 @echo " this builds secure payload specified by AARCH32_SP" 1563 @echo " certificates Build the certificates (requires 'GENERATE_COT=1')" 1564 @echo " fip Build the Firmware Image Package (FIP)" 1565 @echo " fwu_fip Build the FWU Firmware Image Package (FIP)" 1566 @echo " checkcodebase Check the coding style of the entire source tree" 1567 @echo " checkpatch Check the coding style on changes in the current" 1568 @echo " branch against BASE_COMMIT (default origin/master)" 1569 @echo " clean Clean the build for the selected platform" 1570 @echo " cscope Generate cscope index" 1571 @echo " distclean Remove all build artifacts for all platforms" 1572 @echo " certtool Build the Certificate generation tool" 1573 @echo " enctool Build the Firmware encryption tool" 1574 @echo " fiptool Build the Firmware Image Package (FIP) creation tool" 1575 @echo " sp Build the Secure Partition Packages" 1576 @echo " sptool Build the Secure Partition Package creation tool" 1577 @echo " dtbs Build the Device Tree Blobs (if required for the platform)" 1578 @echo " memmap Print the memory map of the built binaries" 1579 @echo " doc Build html based documentation using Sphinx tool" 1580 @echo "" 1581 @echo "Note: most build targets require PLAT to be set to a specific platform." 1582 @echo "" 1583 @echo "example: build all targets for the FVP platform:" 1584 @echo " CROSS_COMPILE=aarch64-none-elf- make PLAT=fvp all" 1585 1586.PHONY: FORCE 1587FORCE:; 1588