1# 2# Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved. 3# 4# SPDX-License-Identifier: BSD-3-Clause 5# 6 7# 8# Trusted Firmware Version 9# 10VERSION_MAJOR := 2 11VERSION_MINOR := 7 12VERSION := ${VERSION_MAJOR}.${VERSION_MINOR} 13 14# Default goal is build all images 15.DEFAULT_GOAL := all 16 17# Avoid any implicit propagation of command line variable definitions to 18# sub-Makefiles, like CFLAGS that we reserved for the firmware images' 19# usage. Other command line options like "-s" are still propagated as usual. 20MAKEOVERRIDES = 21 22MAKE_HELPERS_DIRECTORY := make_helpers/ 23include ${MAKE_HELPERS_DIRECTORY}build_macros.mk 24include ${MAKE_HELPERS_DIRECTORY}build_env.mk 25 26################################################################################ 27# Default values for build configurations, and their dependencies 28################################################################################ 29 30include ${MAKE_HELPERS_DIRECTORY}defaults.mk 31 32# Assertions enabled for DEBUG builds by default 33ENABLE_ASSERTIONS := ${DEBUG} 34ENABLE_PMF := ${ENABLE_RUNTIME_INSTRUMENTATION} 35PLAT := ${DEFAULT_PLAT} 36 37################################################################################ 38# Checkpatch script options 39################################################################################ 40 41CHECKCODE_ARGS := --no-patch 42# Do not check the coding style on imported library files or documentation files 43INC_ARM_DIRS_TO_CHECK := $(sort $(filter-out \ 44 include/drivers/arm/cryptocell, \ 45 $(wildcard include/drivers/arm/*))) 46INC_ARM_DIRS_TO_CHECK += include/drivers/arm/cryptocell/*.h 47INC_DRV_DIRS_TO_CHECK := $(sort $(filter-out \ 48 include/drivers/arm, \ 49 $(wildcard include/drivers/*))) 50INC_LIB_DIRS_TO_CHECK := $(sort $(filter-out \ 51 include/lib/libfdt \ 52 include/lib/libc, \ 53 $(wildcard include/lib/*))) 54INC_DIRS_TO_CHECK := $(sort $(filter-out \ 55 include/lib \ 56 include/drivers, \ 57 $(wildcard include/*))) 58LIB_DIRS_TO_CHECK := $(sort $(filter-out \ 59 lib/compiler-rt \ 60 lib/libfdt% \ 61 lib/libc, \ 62 lib/zlib \ 63 $(wildcard lib/*))) 64ROOT_DIRS_TO_CHECK := $(sort $(filter-out \ 65 lib \ 66 include \ 67 docs \ 68 %.rst, \ 69 $(wildcard *))) 70CHECK_PATHS := ${ROOT_DIRS_TO_CHECK} \ 71 ${INC_DIRS_TO_CHECK} \ 72 ${INC_LIB_DIRS_TO_CHECK} \ 73 ${LIB_DIRS_TO_CHECK} \ 74 ${INC_DRV_DIRS_TO_CHECK} \ 75 ${INC_ARM_DIRS_TO_CHECK} 76 77 78################################################################################ 79# Process build options 80################################################################################ 81 82# Verbose flag 83ifeq (${V},0) 84 Q:=@ 85 ECHO:=@echo 86 CHECKCODE_ARGS += --no-summary --terse 87else 88 Q:= 89 ECHO:=$(ECHO_QUIET) 90endif 91 92ifneq ($(findstring s,$(filter-out --%,$(MAKEFLAGS))),) 93 Q:=@ 94 ECHO:=$(ECHO_QUIET) 95endif 96 97export Q ECHO 98 99# The cert_create tool cannot generate certificates individually, so we use the 100# target 'certificates' to create them all 101ifneq (${GENERATE_COT},0) 102 FIP_DEPS += certificates 103 FWU_FIP_DEPS += fwu_certificates 104endif 105 106# Process BRANCH_PROTECTION value and set 107# Pointer Authentication and Branch Target Identification flags 108ifeq (${BRANCH_PROTECTION},0) 109 # Default value turns off all types of branch protection 110 BP_OPTION := none 111else ifneq (${ARCH},aarch64) 112 $(error BRANCH_PROTECTION requires AArch64) 113else ifeq (${BRANCH_PROTECTION},1) 114 # Enables all types of branch protection features 115 BP_OPTION := standard 116 ENABLE_BTI := 1 117 ENABLE_PAUTH := 1 118else ifeq (${BRANCH_PROTECTION},2) 119 # Return address signing to its standard level 120 BP_OPTION := pac-ret 121 ENABLE_PAUTH := 1 122else ifeq (${BRANCH_PROTECTION},3) 123 # Extend the signing to include leaf functions 124 BP_OPTION := pac-ret+leaf 125 ENABLE_PAUTH := 1 126else ifeq (${BRANCH_PROTECTION},4) 127 # Turn on branch target identification mechanism 128 BP_OPTION := bti 129 ENABLE_BTI := 1 130else 131 $(error Unknown BRANCH_PROTECTION value ${BRANCH_PROTECTION}) 132endif 133 134# FEAT_RME 135ifeq (${ENABLE_RME},1) 136# RME doesn't support PIE 137ifneq (${ENABLE_PIE},0) 138 $(error ENABLE_RME does not support PIE) 139endif 140# RME doesn't support BRBE 141ifneq (${ENABLE_BRBE_FOR_NS},0) 142 $(error ENABLE_RME does not support BRBE.) 143endif 144# RME requires AARCH64 145ifneq (${ARCH},aarch64) 146 $(error ENABLE_RME requires AArch64) 147endif 148# RME requires el2 context to be saved for now. 149CTX_INCLUDE_EL2_REGS := 1 150CTX_INCLUDE_AARCH32_REGS := 0 151ARM_ARCH_MAJOR := 8 152ARM_ARCH_MINOR := 6 153endif 154 155# USE_SPINLOCK_CAS requires AArch64 build 156ifeq (${USE_SPINLOCK_CAS},1) 157ifneq (${ARCH},aarch64) 158 $(error USE_SPINLOCK_CAS requires AArch64) 159endif 160endif 161 162# USE_DEBUGFS experimental feature recommended only in debug builds 163ifeq (${USE_DEBUGFS},1) 164ifeq (${DEBUG},1) 165 $(warning DEBUGFS experimental feature is enabled.) 166else 167 $(warning DEBUGFS experimental, recommended in DEBUG builds ONLY) 168endif 169endif 170 171ifneq (${DECRYPTION_SUPPORT},none) 172ENC_ARGS += -f ${FW_ENC_STATUS} 173ENC_ARGS += -k ${ENC_KEY} 174ENC_ARGS += -n ${ENC_NONCE} 175FIP_DEPS += enctool 176FWU_FIP_DEPS += enctool 177endif 178 179################################################################################ 180# Toolchain 181################################################################################ 182 183HOSTCC := gcc 184export HOSTCC 185 186CC := ${CROSS_COMPILE}gcc 187CPP := ${CROSS_COMPILE}cpp 188AS := ${CROSS_COMPILE}gcc 189AR := ${CROSS_COMPILE}ar 190LINKER := ${CROSS_COMPILE}ld 191OC := ${CROSS_COMPILE}objcopy 192OD := ${CROSS_COMPILE}objdump 193NM := ${CROSS_COMPILE}nm 194PP := ${CROSS_COMPILE}gcc -E 195DTC := dtc 196 197# Use ${LD}.bfd instead if it exists (as absolute path or together with $PATH). 198ifneq ($(strip $(wildcard ${LD}.bfd) \ 199 $(foreach dir,$(subst :, ,${PATH}),$(wildcard ${dir}/${LINKER}.bfd))),) 200LINKER := ${LINKER}.bfd 201endif 202 203ifeq (${ARM_ARCH_MAJOR},7) 204target32-directive = -target arm-none-eabi 205# Will set march32-directive from platform configuration 206else 207target32-directive = -target armv8a-none-eabi 208 209# Set the compiler's target architecture profile based on 210# ARM_ARCH_MAJOR ARM_ARCH_MINOR options 211ifeq (${ARM_ARCH_MINOR},0) 212march32-directive = -march=armv${ARM_ARCH_MAJOR}-a 213march64-directive = -march=armv${ARM_ARCH_MAJOR}-a 214else 215march32-directive = -march=armv${ARM_ARCH_MAJOR}.${ARM_ARCH_MINOR}-a 216march64-directive = -march=armv${ARM_ARCH_MAJOR}.${ARM_ARCH_MINOR}-a 217endif 218endif 219 220# Memory tagging is supported in architecture Armv8.5-A AArch64 and onwards 221ifeq ($(ARCH), aarch64) 222# Check if revision is greater than or equal to 8.5 223ifeq "8.5" "$(word 1, $(sort 8.5 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))" 224mem_tag_arch_support = yes 225endif 226endif 227 228# Get architecture feature modifiers 229arch-features = ${ARM_ARCH_FEATURE} 230 231# Enable required options for memory stack tagging. 232# Currently, these options are enabled only for clang and armclang compiler. 233ifeq (${SUPPORT_STACK_MEMTAG},yes) 234ifdef mem_tag_arch_support 235# Check for armclang and clang compilers 236ifneq ( ,$(filter $(notdir $(CC)),armclang clang)) 237# Add "memtag" architecture feature modifier if not specified 238ifeq ( ,$(findstring memtag,$(arch-features))) 239arch-features := $(arch-features)+memtag 240endif # memtag 241ifeq ($(notdir $(CC)),armclang) 242TF_CFLAGS += -mmemtag-stack 243else ifeq ($(notdir $(CC)),clang) 244TF_CFLAGS += -fsanitize=memtag 245endif # armclang 246endif # armclang clang 247else 248$(error "Error: stack memory tagging is not supported for architecture \ 249 ${ARCH},armv${ARM_ARCH_MAJOR}.${ARM_ARCH_MINOR}-a") 250endif # mem_tag_arch_support 251endif # SUPPORT_STACK_MEMTAG 252 253# Set the compiler's architecture feature modifiers 254ifneq ($(arch-features), none) 255# Strip "none+" from arch-features 256arch-features := $(subst none+,,$(arch-features)) 257ifeq ($(ARCH), aarch32) 258march32-directive := $(march32-directive)+$(arch-features) 259else 260march64-directive := $(march64-directive)+$(arch-features) 261endif 262# Print features 263$(info Arm Architecture Features specified: $(subst +, ,$(arch-features))) 264endif # arch-features 265 266# Determine if FEAT_RNG is supported 267ENABLE_FEAT_RNG = $(if $(findstring rng,${arch-features}),1,0) 268 269# Determine if FEAT_SB is supported 270ENABLE_FEAT_SB = $(if $(findstring sb,${arch-features}),1,0) 271 272ifneq ($(findstring clang,$(notdir $(CC))),) 273 ifneq ($(findstring armclang,$(notdir $(CC))),) 274 TF_CFLAGS_aarch32 := -target arm-arm-none-eabi $(march32-directive) 275 TF_CFLAGS_aarch64 := -target aarch64-arm-none-eabi $(march64-directive) 276 LD := $(LINKER) 277 else 278 TF_CFLAGS_aarch32 := $(target32-directive) $(march32-directive) 279 TF_CFLAGS_aarch64 := -target aarch64-elf $(march64-directive) 280 LD := $(shell $(CC) --print-prog-name ld.lld) 281 282 AR := $(shell $(CC) --print-prog-name llvm-ar) 283 OD := $(shell $(CC) --print-prog-name llvm-objdump) 284 OC := $(shell $(CC) --print-prog-name llvm-objcopy) 285 endif 286 287 CPP := $(CC) -E $(TF_CFLAGS_$(ARCH)) 288 PP := $(CC) -E $(TF_CFLAGS_$(ARCH)) 289 AS := $(CC) -c -x assembler-with-cpp $(TF_CFLAGS_$(ARCH)) 290else ifneq ($(findstring gcc,$(notdir $(CC))),) 291TF_CFLAGS_aarch32 = $(march32-directive) 292TF_CFLAGS_aarch64 = $(march64-directive) 293ifeq ($(ENABLE_LTO),1) 294 # Enable LTO only for aarch64 295 ifeq (${ARCH},aarch64) 296 LTO_CFLAGS = -flto 297 # Use gcc as a wrapper for the ld, recommended for LTO 298 LINKER := ${CROSS_COMPILE}gcc 299 endif 300endif 301LD = $(LINKER) 302else 303TF_CFLAGS_aarch32 = $(march32-directive) 304TF_CFLAGS_aarch64 = $(march64-directive) 305LD = $(LINKER) 306endif 307 308# Process Debug flag 309$(eval $(call add_define,DEBUG)) 310ifneq (${DEBUG}, 0) 311 BUILD_TYPE := debug 312 TF_CFLAGS += -g -gdwarf-4 313 ASFLAGS += -g -Wa,-gdwarf-4 314 315 # Use LOG_LEVEL_INFO by default for debug builds 316 LOG_LEVEL := 40 317else 318 BUILD_TYPE := release 319 # Use LOG_LEVEL_NOTICE by default for release builds 320 LOG_LEVEL := 20 321endif 322 323# Default build string (git branch and commit) 324ifeq (${BUILD_STRING},) 325 BUILD_STRING := $(shell git describe --always --dirty --tags 2> /dev/null) 326endif 327VERSION_STRING := v${VERSION}(${BUILD_TYPE}):${BUILD_STRING} 328 329ifeq (${AARCH32_INSTRUCTION_SET},A32) 330TF_CFLAGS_aarch32 += -marm 331else ifeq (${AARCH32_INSTRUCTION_SET},T32) 332TF_CFLAGS_aarch32 += -mthumb 333else 334$(error Error: Unknown AArch32 instruction set ${AARCH32_INSTRUCTION_SET}) 335endif 336 337TF_CFLAGS_aarch32 += -mno-unaligned-access 338TF_CFLAGS_aarch64 += -mgeneral-regs-only -mstrict-align 339 340ifneq (${BP_OPTION},none) 341TF_CFLAGS_aarch64 += -mbranch-protection=${BP_OPTION} 342endif 343 344ASFLAGS_aarch32 = $(march32-directive) 345ASFLAGS_aarch64 = $(march64-directive) 346 347# General warnings 348WARNINGS := -Wall -Wmissing-include-dirs -Wunused \ 349 -Wdisabled-optimization -Wvla -Wshadow \ 350 -Wno-unused-parameter -Wredundant-decls 351 352# Additional warnings 353# Level 1 354WARNING1 := -Wextra 355WARNING1 += -Wmissing-format-attribute 356WARNING1 += -Wmissing-prototypes 357WARNING1 += -Wold-style-definition 358 359# Level 2 360WARNING2 := -Waggregate-return 361WARNING2 += -Wcast-align 362WARNING2 += -Wnested-externs 363 364WARNING3 := -Wbad-function-cast 365WARNING3 += -Wcast-qual 366WARNING3 += -Wconversion 367WARNING3 += -Wpacked 368WARNING3 += -Wpointer-arith 369WARNING3 += -Wswitch-default 370 371ifeq (${W},1) 372WARNINGS += $(WARNING1) 373else ifeq (${W},2) 374WARNINGS += $(WARNING1) $(WARNING2) 375else ifeq (${W},3) 376WARNINGS += $(WARNING1) $(WARNING2) $(WARNING3) 377endif 378 379# Compiler specific warnings 380ifeq ($(findstring clang,$(notdir $(CC))),) 381# not using clang 382WARNINGS += -Wunused-but-set-variable -Wmaybe-uninitialized \ 383 -Wpacked-bitfield-compat -Wshift-overflow=2 \ 384 -Wlogical-op 385else 386# using clang 387WARNINGS += -Wshift-overflow -Wshift-sign-overflow \ 388 -Wlogical-op-parentheses 389endif 390 391ifneq (${E},0) 392ERRORS := -Werror 393endif 394 395CPPFLAGS = ${DEFINES} ${INCLUDES} ${MBEDTLS_INC} -nostdinc \ 396 $(ERRORS) $(WARNINGS) 397ASFLAGS += $(CPPFLAGS) $(ASFLAGS_$(ARCH)) \ 398 -ffreestanding -Wa,--fatal-warnings 399TF_CFLAGS += $(CPPFLAGS) $(TF_CFLAGS_$(ARCH)) \ 400 -ffunction-sections -fdata-sections \ 401 -ffreestanding -fno-builtin -fno-common \ 402 -Os -std=gnu99 403 404$(eval $(call add_define,SVE_VECTOR_LEN)) 405 406ifeq (${SANITIZE_UB},on) 407TF_CFLAGS += -fsanitize=undefined -fno-sanitize-recover 408endif 409ifeq (${SANITIZE_UB},trap) 410TF_CFLAGS += -fsanitize=undefined -fno-sanitize-recover \ 411 -fsanitize-undefined-trap-on-error 412endif 413 414GCC_V_OUTPUT := $(shell $(CC) -v 2>&1) 415 416# LD = armlink 417ifneq ($(findstring armlink,$(notdir $(LD))),) 418TF_LDFLAGS += --diag_error=warning --lto_level=O1 419TF_LDFLAGS += --remove --info=unused,unusedsymbols 420TF_LDFLAGS += $(TF_LDFLAGS_$(ARCH)) 421 422# LD = gcc (used when GCC LTO is enabled) 423else ifneq ($(findstring gcc,$(notdir $(LD))),) 424# Pass ld options with Wl or Xlinker switches 425TF_LDFLAGS += -Wl,--fatal-warnings -O1 426TF_LDFLAGS += -Wl,--gc-sections 427ifeq ($(ENABLE_LTO),1) 428 ifeq (${ARCH},aarch64) 429 TF_LDFLAGS += -flto -fuse-linker-plugin 430 endif 431endif 432# GCC automatically adds fix-cortex-a53-843419 flag when used to link 433# which breaks some builds, so disable if errata fix is not explicitly enabled 434ifneq (${ERRATA_A53_843419},1) 435 TF_LDFLAGS += -mno-fix-cortex-a53-843419 436endif 437TF_LDFLAGS += -nostdlib 438TF_LDFLAGS += $(subst --,-Xlinker --,$(TF_LDFLAGS_$(ARCH))) 439 440# LD = gcc-ld (ld) or llvm-ld (ld.lld) or other 441else 442TF_LDFLAGS += --fatal-warnings -O1 443TF_LDFLAGS += --gc-sections 444# ld.lld doesn't recognize the errata flags, 445# therefore don't add those in that case 446ifeq ($(findstring ld.lld,$(notdir $(LD))),) 447TF_LDFLAGS += $(TF_LDFLAGS_$(ARCH)) 448endif 449endif 450 451DTC_FLAGS += -I dts -O dtb 452DTC_CPPFLAGS += -P -nostdinc -Iinclude -Ifdts -undef \ 453 -x assembler-with-cpp $(DEFINES) 454 455################################################################################ 456# Common sources and include directories 457################################################################################ 458include ${MAKE_HELPERS_DIRECTORY}arch_features.mk 459include lib/compiler-rt/compiler-rt.mk 460 461BL_COMMON_SOURCES += common/bl_common.c \ 462 common/tf_log.c \ 463 common/${ARCH}/debug.S \ 464 drivers/console/multi_console.c \ 465 lib/${ARCH}/cache_helpers.S \ 466 lib/${ARCH}/misc_helpers.S \ 467 plat/common/plat_bl_common.c \ 468 plat/common/plat_log_common.c \ 469 plat/common/${ARCH}/plat_common.c \ 470 plat/common/${ARCH}/platform_helpers.S \ 471 ${COMPILER_RT_SRCS} 472 473ifeq ($(notdir $(CC)),armclang) 474BL_COMMON_SOURCES += lib/${ARCH}/armclang_printf.S 475endif 476 477ifeq (${SANITIZE_UB},on) 478BL_COMMON_SOURCES += plat/common/ubsan.c 479endif 480 481INCLUDES += -Iinclude \ 482 -Iinclude/arch/${ARCH} \ 483 -Iinclude/lib/cpus/${ARCH} \ 484 -Iinclude/lib/el3_runtime/${ARCH} \ 485 ${PLAT_INCLUDES} \ 486 ${SPD_INCLUDES} 487 488include common/backtrace/backtrace.mk 489 490################################################################################ 491# Generic definitions 492################################################################################ 493 494include ${MAKE_HELPERS_DIRECTORY}plat_helpers.mk 495 496ifeq (${BUILD_BASE},) 497 BUILD_BASE := ./build 498endif 499BUILD_PLAT := $(abspath ${BUILD_BASE})/${PLAT}/${BUILD_TYPE} 500 501SPDS := $(sort $(filter-out none, $(patsubst services/spd/%,%,$(wildcard services/spd/*)))) 502 503# Platforms providing their own TBB makefile may override this value 504INCLUDE_TBBR_MK := 1 505 506 507################################################################################ 508# Include SPD Makefile if one has been specified 509################################################################################ 510 511ifneq (${SPD},none) 512 ifeq (${ARCH},aarch32) 513 $(error "Error: SPD is incompatible with AArch32.") 514 endif 515 516 ifdef EL3_PAYLOAD_BASE 517 $(warning "SPD and EL3_PAYLOAD_BASE are incompatible build options.") 518 $(warning "The SPD and its BL32 companion will be present but ignored.") 519 endif 520 521 ifeq (${SPD},spmd) 522 # SPMD is located in std_svc directory 523 SPD_DIR := std_svc 524 525 ifeq ($(SPMD_SPM_AT_SEL2),1) 526 ifeq ($(CTX_INCLUDE_EL2_REGS),0) 527 $(error SPMD with SPM at S-EL2 requires CTX_INCLUDE_EL2_REGS option) 528 endif 529 ifeq ($(SPMC_AT_EL3),1) 530 $(error SPM cannot be enabled in both S-EL2 and EL3.) 531 endif 532 endif 533 534 ifeq ($(findstring optee_sp,$(ARM_SPMC_MANIFEST_DTS)),optee_sp) 535 DTC_CPPFLAGS += -DOPTEE_SP_FW_CONFIG 536 endif 537 538 ifeq ($(TS_SP_FW_CONFIG),1) 539 DTC_CPPFLAGS += -DTS_SP_FW_CONFIG 540 endif 541 542 ifneq ($(ARM_BL2_SP_LIST_DTS),) 543 DTC_CPPFLAGS += -DARM_BL2_SP_LIST_DTS=$(ARM_BL2_SP_LIST_DTS) 544 endif 545 546 ifneq ($(SP_LAYOUT_FILE),) 547 BL2_ENABLE_SP_LOAD := 1 548 endif 549 else 550 # All other SPDs in spd directory 551 SPD_DIR := spd 552 endif 553 554 # We expect to locate an spd.mk under the specified SPD directory 555 SPD_MAKE := $(wildcard services/${SPD_DIR}/${SPD}/${SPD}.mk) 556 557 ifeq (${SPD_MAKE},) 558 $(error Error: No services/${SPD_DIR}/${SPD}/${SPD}.mk located) 559 endif 560 $(info Including ${SPD_MAKE}) 561 include ${SPD_MAKE} 562 563 # If there's BL32 companion for the chosen SPD, we expect that the SPD's 564 # Makefile would set NEED_BL32 to "yes". In this case, the build system 565 # supports two mutually exclusive options: 566 # * BL32 is built from source: then BL32_SOURCES must contain the list 567 # of source files to build BL32 568 # * BL32 is a prebuilt binary: then BL32 must point to the image file 569 # that will be included in the FIP 570 # If both BL32_SOURCES and BL32 are defined, the binary takes precedence 571 # over the sources. 572endif 573 574################################################################################ 575# Include rmmd Makefile if RME is enabled 576################################################################################ 577 578ifneq (${ENABLE_RME},0) 579ifneq (${ARCH},aarch64) 580 $(error ENABLE_RME requires AArch64) 581endif 582ifeq ($(SPMC_AT_EL3),1) 583 $(error SPMC_AT_EL3 and ENABLE_RME cannot both be enabled.) 584endif 585include services/std_svc/rmmd/rmmd.mk 586$(warning "RME is an experimental feature") 587endif 588 589################################################################################ 590# Include the platform specific Makefile after the SPD Makefile (the platform 591# makefile may use all previous definitions in this file) 592################################################################################ 593 594include ${PLAT_MAKEFILE_FULL} 595 596$(eval $(call MAKE_PREREQ_DIR,${BUILD_PLAT})) 597 598ifeq (${ARM_ARCH_MAJOR},7) 599include make_helpers/armv7-a-cpus.mk 600endif 601 602PIE_FOUND := $(findstring --enable-default-pie,${GCC_V_OUTPUT}) 603ifneq ($(PIE_FOUND),) 604 TF_CFLAGS += -fno-PIE 605ifneq ($(findstring gcc,$(notdir $(LD))),) 606 TF_LDFLAGS += -no-pie 607endif 608endif 609 610ifneq ($(findstring gcc,$(notdir $(LD))),) 611 PIE_LDFLAGS += -Wl,-pie -Wl,--no-dynamic-linker 612else 613 PIE_LDFLAGS += -pie --no-dynamic-linker 614endif 615 616ifeq ($(ENABLE_PIE),1) 617ifeq ($(BL2_AT_EL3),1) 618ifneq ($(BL2_IN_XIP_MEM),1) 619 BL2_CFLAGS += -fpie 620 BL2_LDFLAGS += $(PIE_LDFLAGS) 621endif 622endif 623 BL31_CFLAGS += -fpie 624 BL31_LDFLAGS += $(PIE_LDFLAGS) 625 BL32_CFLAGS += -fpie 626 BL32_LDFLAGS += $(PIE_LDFLAGS) 627endif 628 629ifeq (${ARCH},aarch64) 630BL1_CPPFLAGS += -DIMAGE_AT_EL3 631ifeq ($(BL2_AT_EL3),1) 632BL2_CPPFLAGS += -DIMAGE_AT_EL3 633else 634BL2_CPPFLAGS += -DIMAGE_AT_EL1 635endif 636BL2U_CPPFLAGS += -DIMAGE_AT_EL1 637BL31_CPPFLAGS += -DIMAGE_AT_EL3 638BL32_CPPFLAGS += -DIMAGE_AT_EL1 639endif 640 641# Include the CPU specific operations makefile, which provides default 642# values for all CPU errata workarounds and CPU specific optimisations. 643# This can be overridden by the platform. 644include lib/cpus/cpu-ops.mk 645 646ifeq (${ARCH},aarch32) 647NEED_BL32 := yes 648 649################################################################################ 650# Build `AARCH32_SP` as BL32 image for AArch32 651################################################################################ 652ifneq (${AARCH32_SP},none) 653# We expect to locate an sp.mk under the specified AARCH32_SP directory 654AARCH32_SP_MAKE := $(wildcard bl32/${AARCH32_SP}/${AARCH32_SP}.mk) 655 656ifeq (${AARCH32_SP_MAKE},) 657 $(error Error: No bl32/${AARCH32_SP}/${AARCH32_SP}.mk located) 658endif 659 660$(info Including ${AARCH32_SP_MAKE}) 661include ${AARCH32_SP_MAKE} 662endif 663 664endif 665 666################################################################################ 667# Include libc if not overridden 668################################################################################ 669ifeq (${OVERRIDE_LIBC},0) 670include lib/libc/libc.mk 671endif 672 673################################################################################ 674# Check incompatible options 675################################################################################ 676 677ifdef EL3_PAYLOAD_BASE 678 ifdef PRELOADED_BL33_BASE 679 $(warning "PRELOADED_BL33_BASE and EL3_PAYLOAD_BASE are \ 680 incompatible build options. EL3_PAYLOAD_BASE has priority.") 681 endif 682 ifneq (${GENERATE_COT},0) 683 $(error "GENERATE_COT and EL3_PAYLOAD_BASE are incompatible build options.") 684 endif 685 ifneq (${TRUSTED_BOARD_BOOT},0) 686 $(error "TRUSTED_BOARD_BOOT and EL3_PAYLOAD_BASE are incompatible build options.") 687 endif 688endif 689 690ifeq (${NEED_BL33},yes) 691 ifdef EL3_PAYLOAD_BASE 692 $(warning "BL33 image is not needed when option \ 693 BL33_PAYLOAD_BASE is used and won't be added to the FIP file.") 694 endif 695 ifdef PRELOADED_BL33_BASE 696 $(warning "BL33 image is not needed when option \ 697 PRELOADED_BL33_BASE is used and won't be added to the FIP \ 698 file.") 699 endif 700endif 701 702# When building for systems with hardware-assisted coherency, there's no need to 703# use USE_COHERENT_MEM. Require that USE_COHERENT_MEM must be set to 0 too. 704ifeq ($(HW_ASSISTED_COHERENCY)-$(USE_COHERENT_MEM),1-1) 705$(error USE_COHERENT_MEM cannot be enabled with HW_ASSISTED_COHERENCY) 706endif 707 708#For now, BL2_IN_XIP_MEM is only supported when BL2_AT_EL3 is 1. 709ifeq ($(BL2_AT_EL3)-$(BL2_IN_XIP_MEM),0-1) 710$(error "BL2_IN_XIP_MEM is only supported when BL2_AT_EL3 is enabled") 711endif 712 713# For RAS_EXTENSION, require that EAs are handled in EL3 first 714ifeq ($(RAS_EXTENSION),1) 715 ifneq ($(HANDLE_EA_EL3_FIRST),1) 716 $(error For RAS_EXTENSION, HANDLE_EA_EL3_FIRST must also be 1) 717 endif 718endif 719 720# When FAULT_INJECTION_SUPPORT is used, require that RAS_EXTENSION is enabled 721ifeq ($(FAULT_INJECTION_SUPPORT),1) 722 ifneq ($(RAS_EXTENSION),1) 723 $(error For FAULT_INJECTION_SUPPORT, RAS_EXTENSION must also be 1) 724 endif 725endif 726 727# DYN_DISABLE_AUTH can be set only when TRUSTED_BOARD_BOOT=1 728ifeq ($(DYN_DISABLE_AUTH), 1) 729 ifeq (${TRUSTED_BOARD_BOOT}, 0) 730 $(error "TRUSTED_BOARD_BOOT must be enabled for DYN_DISABLE_AUTH to be set.") 731 endif 732endif 733 734ifeq ($(MEASURED_BOOT)-$(TRUSTED_BOARD_BOOT),1-1) 735# Support authentication verification and hash calculation 736 CRYPTO_SUPPORT := 3 737else ifeq ($(DRTM_SUPPORT)-$(TRUSTED_BOARD_BOOT),1-1) 738# Support authentication verification and hash calculation 739 CRYPTO_SUPPORT := 3 740else ifneq ($(filter 1,${MEASURED_BOOT} ${DRTM_SUPPORT}),) 741# Support hash calculation only 742 CRYPTO_SUPPORT := 2 743else ifeq (${TRUSTED_BOARD_BOOT},1) 744# Support authentication verification only 745 CRYPTO_SUPPORT := 1 746else 747 CRYPTO_SUPPORT := 0 748endif 749 750# SDEI_IN_FCONF is only supported when SDEI_SUPPORT is enabled. 751ifeq ($(SDEI_SUPPORT)-$(SDEI_IN_FCONF),0-1) 752$(error "SDEI_IN_FCONF is only supported when SDEI_SUPPORT is enabled") 753endif 754 755# If pointer authentication is used in the firmware, make sure that all the 756# registers associated to it are also saved and restored. 757# Not doing it would leak the value of the keys used by EL3 to EL1 and S-EL1. 758ifeq ($(ENABLE_PAUTH),1) 759 ifeq ($(CTX_INCLUDE_PAUTH_REGS),0) 760 $(error Pointer Authentication requires CTX_INCLUDE_PAUTH_REGS=1) 761 endif 762endif 763 764ifeq ($(CTX_INCLUDE_PAUTH_REGS),1) 765 ifneq (${ARCH},aarch64) 766 $(error CTX_INCLUDE_PAUTH_REGS requires AArch64) 767 endif 768endif 769 770ifeq ($(CTX_INCLUDE_MTE_REGS),1) 771 ifneq (${ARCH},aarch64) 772 $(error CTX_INCLUDE_MTE_REGS requires AArch64) 773 endif 774endif 775 776ifeq ($(PSA_FWU_SUPPORT),1) 777 $(info PSA_FWU_SUPPORT is an experimental feature) 778endif 779 780ifeq ($(FEATURE_DETECTION),1) 781 $(info FEATURE_DETECTION is an experimental feature) 782endif 783 784ifeq (${ARM_XLAT_TABLES_LIB_V1}, 1) 785 ifeq (${ALLOW_RO_XLAT_TABLES}, 1) 786 $(error "ALLOW_RO_XLAT_TABLES requires translation tables library v2") 787 endif 788endif 789 790ifneq (${DECRYPTION_SUPPORT},none) 791 ifeq (${TRUSTED_BOARD_BOOT}, 0) 792 $(error TRUSTED_BOARD_BOOT must be enabled for DECRYPTION_SUPPORT to be set) 793 endif 794endif 795 796# Ensure that no Aarch64-only features are enabled in Aarch32 build 797ifeq (${ARCH},aarch32) 798 799 # SME/SVE only supported on AArch64 800 ifeq (${ENABLE_SME_FOR_NS},1) 801 $(error "ENABLE_SME_FOR_NS cannot be used with ARCH=aarch32") 802 endif 803 ifeq (${ENABLE_SVE_FOR_NS},1) 804 # Warning instead of error due to CI dependency on this 805 $(error "ENABLE_SVE_FOR_NS cannot be used with ARCH=aarch32") 806 endif 807 808 # BRBE is not supported in AArch32 809 ifeq (${ENABLE_BRBE_FOR_NS},1) 810 $(error "ENABLE_BRBE_FOR_NS cannot be used with ARCH=aarch32") 811 endif 812 813 # FEAT_RNG_TRAP is not supported in AArch32 814 ifeq (${ENABLE_FEAT_RNG_TRAP},1) 815 $(error "ENABLE_FEAT_RNG_TRAP cannot be used with ARCH=aarch32") 816 endif 817endif 818 819# Ensure ENABLE_RME is not used with SME 820ifeq (${ENABLE_RME},1) 821 ifeq (${ENABLE_SME_FOR_NS},1) 822 $(error "ENABLE_SME_FOR_NS cannot be used with ENABLE_RME") 823 endif 824endif 825 826# Secure SME/SVE requires the non-secure component as well 827ifeq (${ENABLE_SME_FOR_SWD},1) 828 ifeq (${ENABLE_SME_FOR_NS},0) 829 $(error "ENABLE_SME_FOR_SWD requires ENABLE_SME_FOR_NS") 830 endif 831endif 832ifeq (${ENABLE_SVE_FOR_SWD},1) 833 ifeq (${ENABLE_SVE_FOR_NS},0) 834 $(error "ENABLE_SVE_FOR_SWD requires ENABLE_SVE_FOR_NS") 835 endif 836endif 837 838# SVE and SME cannot be used with CTX_INCLUDE_FPREGS since secure manager does 839# its own context management including FPU registers. 840ifeq (${CTX_INCLUDE_FPREGS},1) 841 ifeq (${ENABLE_SME_FOR_NS},1) 842 $(error "ENABLE_SME_FOR_NS cannot be used with CTX_INCLUDE_FPREGS") 843 endif 844 ifeq (${ENABLE_SVE_FOR_NS},1) 845 # Warning instead of error due to CI dependency on this 846 $(warning "ENABLE_SVE_FOR_NS cannot be used with CTX_INCLUDE_FPREGS") 847 $(warning "Forced ENABLE_SVE_FOR_NS=0") 848 override ENABLE_SVE_FOR_NS := 0 849 endif 850endif 851 852ifeq ($(DRTM_SUPPORT),1) 853 $(info DRTM_SUPPORT is an experimental feature) 854endif 855 856ifeq (${ENABLE_RME},1) 857 ifneq (${SEPARATE_CODE_AND_RODATA},1) 858 $(error `ENABLE_RME=1` requires `SEPARATE_CODE_AND_RODATA=1`) 859 endif 860endif 861 862################################################################################ 863# Process platform overrideable behaviour 864################################################################################ 865 866ifdef BL1_SOURCES 867NEED_BL1 := yes 868endif 869 870ifdef BL2_SOURCES 871 NEED_BL2 := yes 872 873 # Using BL2 implies that a BL33 image also needs to be supplied for the FIP and 874 # Certificate generation tools. This flag can be overridden by the platform. 875 ifdef EL3_PAYLOAD_BASE 876 # If booting an EL3 payload there is no need for a BL33 image 877 # in the FIP file. 878 NEED_BL33 := no 879 else 880 ifdef PRELOADED_BL33_BASE 881 # If booting a BL33 preloaded image there is no need of 882 # another one in the FIP file. 883 NEED_BL33 := no 884 else 885 NEED_BL33 ?= yes 886 endif 887 endif 888endif 889 890ifdef BL2U_SOURCES 891NEED_BL2U := yes 892endif 893 894# If SCP_BL2 is given, we always want FIP to include it. 895ifdef SCP_BL2 896 NEED_SCP_BL2 := yes 897endif 898 899# For AArch32, BL31 is not currently supported. 900ifneq (${ARCH},aarch32) 901 ifdef BL31_SOURCES 902 # When booting an EL3 payload, there is no need to compile the BL31 image nor 903 # put it in the FIP. 904 ifndef EL3_PAYLOAD_BASE 905 NEED_BL31 := yes 906 endif 907 endif 908endif 909 910# Process TBB related flags 911ifneq (${GENERATE_COT},0) 912 # Common cert_create options 913 ifneq (${CREATE_KEYS},0) 914 $(eval CRT_ARGS += -n) 915 $(eval FWU_CRT_ARGS += -n) 916 ifneq (${SAVE_KEYS},0) 917 $(eval CRT_ARGS += -k) 918 $(eval FWU_CRT_ARGS += -k) 919 endif 920 endif 921 # Include TBBR makefile (unless the platform indicates otherwise) 922 ifeq (${INCLUDE_TBBR_MK},1) 923 include make_helpers/tbbr/tbbr_tools.mk 924 endif 925endif 926 927ifneq (${FIP_ALIGN},0) 928FIP_ARGS += --align ${FIP_ALIGN} 929endif 930 931ifdef FDT_SOURCES 932NEED_FDT := yes 933endif 934 935################################################################################ 936# Include libraries' Makefile that are used in all BL 937################################################################################ 938 939include lib/stack_protector/stack_protector.mk 940 941################################################################################ 942# Auxiliary tools (fiptool, cert_create, etc) 943################################################################################ 944 945# Variables for use with Certificate Generation Tool 946CRTTOOLPATH ?= tools/cert_create 947CRTTOOL ?= ${CRTTOOLPATH}/cert_create${BIN_EXT} 948 949# Variables for use with Firmware Encryption Tool 950ENCTOOLPATH ?= tools/encrypt_fw 951ENCTOOL ?= ${ENCTOOLPATH}/encrypt_fw${BIN_EXT} 952 953# Variables for use with Firmware Image Package 954FIPTOOLPATH ?= tools/fiptool 955FIPTOOL ?= ${FIPTOOLPATH}/fiptool${BIN_EXT} 956 957# Variables for use with sptool 958SPTOOLPATH ?= tools/sptool 959SPTOOL ?= ${SPTOOLPATH}/sptool.py 960SP_MK_GEN ?= ${SPTOOLPATH}/sp_mk_generator.py 961 962# Variables for use with ROMLIB 963ROMLIBPATH ?= lib/romlib 964 965# Variable for use with Python 966PYTHON ?= python3 967 968# Variables for use with PRINT_MEMORY_MAP 969PRINT_MEMORY_MAP_PATH ?= tools/memory 970PRINT_MEMORY_MAP ?= ${PRINT_MEMORY_MAP_PATH}/print_memory_map.py 971 972# Variables for use with documentation build using Sphinx tool 973DOCS_PATH ?= docs 974 975# Defination of SIMICS flag 976SIMICS_BUILD ?= 0 977 978################################################################################ 979# Include BL specific makefiles 980################################################################################ 981 982ifeq (${NEED_BL1},yes) 983include bl1/bl1.mk 984endif 985 986ifeq (${NEED_BL2},yes) 987include bl2/bl2.mk 988endif 989 990ifeq (${NEED_BL2U},yes) 991include bl2u/bl2u.mk 992endif 993 994ifeq (${NEED_BL31},yes) 995include bl31/bl31.mk 996endif 997 998################################################################################ 999# Build options checks 1000################################################################################ 1001 1002$(eval $(call assert_booleans,\ 1003 $(sort \ 1004 ALLOW_RO_XLAT_TABLES \ 1005 BL2_ENABLE_SP_LOAD \ 1006 COLD_BOOT_SINGLE_CPU \ 1007 CREATE_KEYS \ 1008 CTX_INCLUDE_AARCH32_REGS \ 1009 CTX_INCLUDE_FPREGS \ 1010 CTX_INCLUDE_EL2_REGS \ 1011 DEBUG \ 1012 DISABLE_MTPMU \ 1013 DYN_DISABLE_AUTH \ 1014 EL3_EXCEPTION_HANDLING \ 1015 ENABLE_AMU \ 1016 ENABLE_AMU_AUXILIARY_COUNTERS \ 1017 ENABLE_AMU_FCONF \ 1018 AMU_RESTRICT_COUNTERS \ 1019 ENABLE_ASSERTIONS \ 1020 ENABLE_PIE \ 1021 ENABLE_PMF \ 1022 ENABLE_PSCI_STAT \ 1023 ENABLE_RUNTIME_INSTRUMENTATION \ 1024 ENABLE_SME_FOR_NS \ 1025 ENABLE_SME_FOR_SWD \ 1026 ENABLE_SPE_FOR_LOWER_ELS \ 1027 ENABLE_SVE_FOR_NS \ 1028 ENABLE_SVE_FOR_SWD \ 1029 ERROR_DEPRECATED \ 1030 FAULT_INJECTION_SUPPORT \ 1031 GENERATE_COT \ 1032 GICV2_G0_FOR_EL3 \ 1033 HANDLE_EA_EL3_FIRST \ 1034 HW_ASSISTED_COHERENCY \ 1035 INVERTED_MEMMAP \ 1036 MEASURED_BOOT \ 1037 DRTM_SUPPORT \ 1038 NS_TIMER_SWITCH \ 1039 OVERRIDE_LIBC \ 1040 PL011_GENERIC_UART \ 1041 PLAT_RSS_NOT_SUPPORTED \ 1042 PROGRAMMABLE_RESET_ADDRESS \ 1043 PSCI_EXTENDED_STATE_ID \ 1044 RESET_TO_BL31 \ 1045 RESET_TO_BL31_WITH_PARAMS \ 1046 SAVE_KEYS \ 1047 SEPARATE_CODE_AND_RODATA \ 1048 SEPARATE_BL2_NOLOAD_REGION \ 1049 SEPARATE_NOBITS_REGION \ 1050 SPIN_ON_BL1_EXIT \ 1051 SPM_MM \ 1052 SPMC_AT_EL3 \ 1053 SPMD_SPM_AT_SEL2 \ 1054 TRUSTED_BOARD_BOOT \ 1055 USE_COHERENT_MEM \ 1056 USE_DEBUGFS \ 1057 ARM_IO_IN_DTB \ 1058 SDEI_IN_FCONF \ 1059 SEC_INT_DESC_IN_FCONF \ 1060 USE_ROMLIB \ 1061 USE_TBBR_DEFS \ 1062 WARMBOOT_ENABLE_DCACHE_EARLY \ 1063 BL2_AT_EL3 \ 1064 BL2_IN_XIP_MEM \ 1065 BL2_INV_DCACHE \ 1066 USE_SPINLOCK_CAS \ 1067 ENCRYPT_BL31 \ 1068 ENCRYPT_BL32 \ 1069 ERRATA_SPECULATIVE_AT \ 1070 RAS_TRAP_NS_ERR_REC_ACCESS \ 1071 COT_DESC_IN_DTB \ 1072 USE_SP804_TIMER \ 1073 PSA_FWU_SUPPORT \ 1074 ENABLE_SYS_REG_TRACE_FOR_NS \ 1075 ENABLE_MPMM \ 1076 ENABLE_MPMM_FCONF \ 1077 SIMICS_BUILD \ 1078 FEATURE_DETECTION \ 1079))) 1080 1081$(eval $(call assert_numerics,\ 1082 $(sort \ 1083 ARM_ARCH_MAJOR \ 1084 ARM_ARCH_MINOR \ 1085 BRANCH_PROTECTION \ 1086 CTX_INCLUDE_PAUTH_REGS \ 1087 CTX_INCLUDE_MTE_REGS \ 1088 CTX_INCLUDE_NEVE_REGS \ 1089 CRYPTO_SUPPORT \ 1090 ENABLE_BRBE_FOR_NS \ 1091 ENABLE_TRBE_FOR_NS \ 1092 ENABLE_BTI \ 1093 ENABLE_PAUTH \ 1094 ENABLE_FEAT_AMUv1 \ 1095 ENABLE_FEAT_AMUv1p1 \ 1096 ENABLE_FEAT_CSV2_2 \ 1097 ENABLE_FEAT_DIT \ 1098 ENABLE_FEAT_ECV \ 1099 ENABLE_FEAT_FGT \ 1100 ENABLE_FEAT_HCX \ 1101 ENABLE_FEAT_PAN \ 1102 ENABLE_FEAT_RNG \ 1103 ENABLE_FEAT_RNG_TRAP \ 1104 ENABLE_FEAT_SB \ 1105 ENABLE_FEAT_SEL2 \ 1106 ENABLE_FEAT_VHE \ 1107 ENABLE_MPAM_FOR_LOWER_ELS \ 1108 ENABLE_RME \ 1109 ENABLE_TRF_FOR_NS \ 1110 FW_ENC_STATUS \ 1111 NR_OF_FW_BANKS \ 1112 NR_OF_IMAGES_IN_FW_BANK \ 1113 RAS_EXTENSION \ 1114 TWED_DELAY \ 1115 ENABLE_FEAT_TWED \ 1116 SVE_VECTOR_LEN \ 1117))) 1118 1119ifdef KEY_SIZE 1120 $(eval $(call assert_numeric,KEY_SIZE)) 1121endif 1122 1123ifeq ($(filter $(SANITIZE_UB), on off trap),) 1124 $(error "Invalid value for SANITIZE_UB: can be one of on, off, trap") 1125endif 1126 1127################################################################################ 1128# Add definitions to the cpp preprocessor based on the current build options. 1129# This is done after including the platform specific makefile to allow the 1130# platform to overwrite the default options 1131################################################################################ 1132 1133$(eval $(call add_defines,\ 1134 $(sort \ 1135 ALLOW_RO_XLAT_TABLES \ 1136 ARM_ARCH_MAJOR \ 1137 ARM_ARCH_MINOR \ 1138 BL2_ENABLE_SP_LOAD \ 1139 COLD_BOOT_SINGLE_CPU \ 1140 CTX_INCLUDE_AARCH32_REGS \ 1141 CTX_INCLUDE_FPREGS \ 1142 CTX_INCLUDE_PAUTH_REGS \ 1143 EL3_EXCEPTION_HANDLING \ 1144 CTX_INCLUDE_MTE_REGS \ 1145 CTX_INCLUDE_EL2_REGS \ 1146 CTX_INCLUDE_NEVE_REGS \ 1147 DECRYPTION_SUPPORT_${DECRYPTION_SUPPORT} \ 1148 DISABLE_MTPMU \ 1149 ENABLE_AMU \ 1150 ENABLE_AMU_AUXILIARY_COUNTERS \ 1151 ENABLE_AMU_FCONF \ 1152 AMU_RESTRICT_COUNTERS \ 1153 ENABLE_ASSERTIONS \ 1154 ENABLE_BTI \ 1155 ENABLE_MPAM_FOR_LOWER_ELS \ 1156 ENABLE_PAUTH \ 1157 ENABLE_PIE \ 1158 ENABLE_PMF \ 1159 ENABLE_PSCI_STAT \ 1160 ENABLE_RME \ 1161 ENABLE_RUNTIME_INSTRUMENTATION \ 1162 ENABLE_SME_FOR_NS \ 1163 ENABLE_SME_FOR_SWD \ 1164 ENABLE_SPE_FOR_LOWER_ELS \ 1165 ENABLE_SVE_FOR_NS \ 1166 ENABLE_SVE_FOR_SWD \ 1167 ENCRYPT_BL31 \ 1168 ENCRYPT_BL32 \ 1169 ERROR_DEPRECATED \ 1170 FAULT_INJECTION_SUPPORT \ 1171 GICV2_G0_FOR_EL3 \ 1172 HANDLE_EA_EL3_FIRST \ 1173 HW_ASSISTED_COHERENCY \ 1174 LOG_LEVEL \ 1175 MEASURED_BOOT \ 1176 DRTM_SUPPORT \ 1177 NS_TIMER_SWITCH \ 1178 PL011_GENERIC_UART \ 1179 PLAT_${PLAT} \ 1180 PLAT_RSS_NOT_SUPPORTED \ 1181 PROGRAMMABLE_RESET_ADDRESS \ 1182 PSCI_EXTENDED_STATE_ID \ 1183 RAS_EXTENSION \ 1184 RESET_TO_BL31 \ 1185 RESET_TO_BL31_WITH_PARAMS \ 1186 SEPARATE_CODE_AND_RODATA \ 1187 SEPARATE_BL2_NOLOAD_REGION \ 1188 SEPARATE_NOBITS_REGION \ 1189 RECLAIM_INIT_CODE \ 1190 SPD_${SPD} \ 1191 SPIN_ON_BL1_EXIT \ 1192 SPM_MM \ 1193 SPMC_AT_EL3 \ 1194 SPMD_SPM_AT_SEL2 \ 1195 TRUSTED_BOARD_BOOT \ 1196 CRYPTO_SUPPORT \ 1197 TRNG_SUPPORT \ 1198 USE_COHERENT_MEM \ 1199 USE_DEBUGFS \ 1200 ARM_IO_IN_DTB \ 1201 SDEI_IN_FCONF \ 1202 SEC_INT_DESC_IN_FCONF \ 1203 USE_ROMLIB \ 1204 USE_TBBR_DEFS \ 1205 WARMBOOT_ENABLE_DCACHE_EARLY \ 1206 BL2_AT_EL3 \ 1207 BL2_IN_XIP_MEM \ 1208 BL2_INV_DCACHE \ 1209 USE_SPINLOCK_CAS \ 1210 ERRATA_SPECULATIVE_AT \ 1211 RAS_TRAP_NS_ERR_REC_ACCESS \ 1212 COT_DESC_IN_DTB \ 1213 USE_SP804_TIMER \ 1214 ENABLE_FEAT_RNG \ 1215 ENABLE_FEAT_RNG_TRAP \ 1216 ENABLE_FEAT_SB \ 1217 ENABLE_FEAT_DIT \ 1218 NR_OF_FW_BANKS \ 1219 NR_OF_IMAGES_IN_FW_BANK \ 1220 PSA_FWU_SUPPORT \ 1221 ENABLE_BRBE_FOR_NS \ 1222 ENABLE_TRBE_FOR_NS \ 1223 ENABLE_SYS_REG_TRACE_FOR_NS \ 1224 ENABLE_TRF_FOR_NS \ 1225 ENABLE_FEAT_HCX \ 1226 ENABLE_MPMM \ 1227 ENABLE_MPMM_FCONF \ 1228 ENABLE_FEAT_FGT \ 1229 ENABLE_FEAT_AMUv1 \ 1230 ENABLE_FEAT_ECV \ 1231 SIMICS_BUILD \ 1232 ENABLE_FEAT_AMUv1p1 \ 1233 ENABLE_FEAT_SEL2 \ 1234 ENABLE_FEAT_VHE \ 1235 ENABLE_FEAT_CSV2_2 \ 1236 ENABLE_FEAT_PAN \ 1237 FEATURE_DETECTION \ 1238 TWED_DELAY \ 1239 ENABLE_FEAT_TWED \ 1240))) 1241 1242ifeq (${SANITIZE_UB},trap) 1243 $(eval $(call add_define,MONITOR_TRAPS)) 1244endif 1245 1246# Define the EL3_PAYLOAD_BASE flag only if it is provided. 1247ifdef EL3_PAYLOAD_BASE 1248 $(eval $(call add_define,EL3_PAYLOAD_BASE)) 1249else 1250 # Define the PRELOADED_BL33_BASE flag only if it is provided and 1251 # EL3_PAYLOAD_BASE is not defined, as it has priority. 1252 ifdef PRELOADED_BL33_BASE 1253 $(eval $(call add_define,PRELOADED_BL33_BASE)) 1254 endif 1255endif 1256 1257# Define the DYN_DISABLE_AUTH flag only if set. 1258ifeq (${DYN_DISABLE_AUTH},1) 1259$(eval $(call add_define,DYN_DISABLE_AUTH)) 1260endif 1261 1262ifneq ($(findstring armlink,$(notdir $(LD))),) 1263$(eval $(call add_define,USE_ARM_LINK)) 1264endif 1265 1266# Generate and include sp_gen.mk if SPD is spmd and SP_LAYOUT_FILE is defined 1267ifeq (${SPD},spmd) 1268ifdef SP_LAYOUT_FILE 1269 -include $(BUILD_PLAT)/sp_gen.mk 1270 FIP_DEPS += sp 1271 CRT_DEPS += sp 1272 NEED_SP_PKG := yes 1273else 1274 ifeq (${SPMD_SPM_AT_SEL2},1) 1275 $(error "SPMD with SPM at S-EL2 require SP_LAYOUT_FILE") 1276 endif 1277endif 1278endif 1279 1280################################################################################ 1281# Build targets 1282################################################################################ 1283 1284.PHONY: all msg_start clean realclean distclean cscope locate-checkpatch checkcodebase checkpatch fiptool sptool fip sp fwu_fip certtool dtbs memmap doc enctool 1285.SUFFIXES: 1286 1287all: msg_start 1288 1289msg_start: 1290 @echo "Building ${PLAT}" 1291 1292ifeq (${ERROR_DEPRECATED},0) 1293# Check if deprecated declarations and cpp warnings should be treated as error or not. 1294ifneq ($(findstring clang,$(notdir $(CC))),) 1295 CPPFLAGS += -Wno-error=deprecated-declarations 1296else 1297 CPPFLAGS += -Wno-error=deprecated-declarations -Wno-error=cpp 1298endif 1299endif # !ERROR_DEPRECATED 1300 1301$(eval $(call MAKE_LIB_DIRS)) 1302$(eval $(call MAKE_LIB,c)) 1303 1304# Expand build macros for the different images 1305ifeq (${NEED_BL1},yes) 1306BL1_SOURCES := $(sort ${BL1_SOURCES}) 1307 1308$(eval $(call MAKE_BL,bl1)) 1309endif 1310 1311ifeq (${NEED_BL2},yes) 1312ifeq (${BL2_AT_EL3}, 0) 1313FIP_BL2_ARGS := tb-fw 1314endif 1315 1316BL2_SOURCES := $(sort ${BL2_SOURCES}) 1317 1318$(if ${BL2}, $(eval $(call TOOL_ADD_IMG,bl2,--${FIP_BL2_ARGS})),\ 1319 $(eval $(call MAKE_BL,bl2,${FIP_BL2_ARGS}))) 1320endif 1321 1322ifeq (${NEED_SCP_BL2},yes) 1323$(eval $(call TOOL_ADD_IMG,scp_bl2,--scp-fw)) 1324endif 1325 1326ifeq (${NEED_BL31},yes) 1327BL31_SOURCES += ${SPD_SOURCES} 1328# Sort BL31 source files to remove duplicates 1329BL31_SOURCES := $(sort ${BL31_SOURCES}) 1330ifneq (${DECRYPTION_SUPPORT},none) 1331$(if ${BL31}, $(eval $(call TOOL_ADD_IMG,bl31,--soc-fw,,$(ENCRYPT_BL31))),\ 1332 $(eval $(call MAKE_BL,bl31,soc-fw,,$(ENCRYPT_BL31)))) 1333else 1334$(if ${BL31}, $(eval $(call TOOL_ADD_IMG,bl31,--soc-fw)),\ 1335 $(eval $(call MAKE_BL,bl31,soc-fw))) 1336endif 1337endif 1338 1339# If a BL32 image is needed but neither BL32 nor BL32_SOURCES is defined, the 1340# build system will call TOOL_ADD_IMG to print a warning message and abort the 1341# process. Note that the dependency on BL32 applies to the FIP only. 1342ifeq (${NEED_BL32},yes) 1343# Sort BL32 source files to remove duplicates 1344BL32_SOURCES := $(sort ${BL32_SOURCES}) 1345BUILD_BL32 := $(if $(BL32),,$(if $(BL32_SOURCES),1)) 1346 1347ifneq (${DECRYPTION_SUPPORT},none) 1348$(if ${BUILD_BL32}, $(eval $(call MAKE_BL,bl32,tos-fw,,$(ENCRYPT_BL32))),\ 1349 $(eval $(call TOOL_ADD_IMG,bl32,--tos-fw,,$(ENCRYPT_BL32)))) 1350else 1351$(if ${BUILD_BL32}, $(eval $(call MAKE_BL,bl32,tos-fw)),\ 1352 $(eval $(call TOOL_ADD_IMG,bl32,--tos-fw))) 1353endif 1354endif 1355 1356# If RMM image is needed but RMM is not defined, Test Realm Payload (TRP) 1357# needs to be built from RMM_SOURCES. 1358ifeq (${NEED_RMM},yes) 1359# Sort RMM source files to remove duplicates 1360RMM_SOURCES := $(sort ${RMM_SOURCES}) 1361BUILD_RMM := $(if $(RMM),,$(if $(RMM_SOURCES),1)) 1362 1363$(if ${BUILD_RMM}, $(eval $(call MAKE_BL,rmm,rmm-fw)),\ 1364 $(eval $(call TOOL_ADD_IMG,rmm,--rmm-fw))) 1365endif 1366 1367# Add the BL33 image if required by the platform 1368ifeq (${NEED_BL33},yes) 1369$(eval $(call TOOL_ADD_IMG,bl33,--nt-fw)) 1370endif 1371 1372ifeq (${NEED_BL2U},yes) 1373$(if ${BL2U}, $(eval $(call TOOL_ADD_IMG,bl2u,--ap-fwu-cfg,FWU_)),\ 1374 $(eval $(call MAKE_BL,bl2u,ap-fwu-cfg,FWU_))) 1375endif 1376 1377# Expand build macros for the different images 1378ifeq (${NEED_FDT},yes) 1379 $(eval $(call MAKE_DTBS,$(BUILD_PLAT)/fdts,$(FDT_SOURCES))) 1380endif 1381 1382# Add Secure Partition packages 1383ifeq (${NEED_SP_PKG},yes) 1384$(BUILD_PLAT)/sp_gen.mk: ${SP_MK_GEN} ${SP_LAYOUT_FILE} | ${BUILD_PLAT} 1385 ${Q}${PYTHON} "$<" "$@" $(filter-out $<,$^) $(BUILD_PLAT) ${COT} 1386sp: $(DTBS) $(BUILD_PLAT)/sp_gen.mk $(SP_PKGS) 1387 @${ECHO_BLANK_LINE} 1388 @echo "Built SP Images successfully" 1389 @${ECHO_BLANK_LINE} 1390endif 1391 1392locate-checkpatch: 1393ifndef CHECKPATCH 1394 $(error "Please set CHECKPATCH to point to the Linux checkpatch.pl file, eg: CHECKPATCH=../linux/scripts/checkpatch.pl") 1395else 1396ifeq (,$(wildcard ${CHECKPATCH})) 1397 $(error "The file CHECKPATCH points to cannot be found, use eg: CHECKPATCH=../linux/scripts/checkpatch.pl") 1398endif 1399endif 1400 1401clean: 1402 @echo " CLEAN" 1403 $(call SHELL_REMOVE_DIR,${BUILD_PLAT}) 1404ifdef UNIX_MK 1405 ${Q}${MAKE} --no-print-directory -C ${FIPTOOLPATH} clean 1406else 1407# Clear the MAKEFLAGS as we do not want 1408# to pass the gnumake flags to nmake. 1409 ${Q}set MAKEFLAGS= && ${MSVC_NMAKE} /nologo /f ${FIPTOOLPATH}/Makefile.msvc FIPTOOLPATH=$(subst /,\,$(FIPTOOLPATH)) FIPTOOL=$(subst /,\,$(FIPTOOL)) clean 1410endif 1411 ${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${CRTTOOLPATH} clean 1412 ${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${ENCTOOLPATH} clean 1413 ${Q}${MAKE} --no-print-directory -C ${ROMLIBPATH} clean 1414 1415realclean distclean: 1416 @echo " REALCLEAN" 1417 $(call SHELL_REMOVE_DIR,${BUILD_BASE}) 1418 $(call SHELL_DELETE_ALL, ${CURDIR}/cscope.*) 1419ifdef UNIX_MK 1420 ${Q}${MAKE} --no-print-directory -C ${FIPTOOLPATH} clean 1421else 1422# Clear the MAKEFLAGS as we do not want 1423# to pass the gnumake flags to nmake. 1424 ${Q}set MAKEFLAGS= && ${MSVC_NMAKE} /nologo /f ${FIPTOOLPATH}/Makefile.msvc FIPTOOLPATH=$(subst /,\,$(FIPTOOLPATH)) FIPTOOL=$(subst /,\,$(FIPTOOL)) realclean 1425endif 1426 ${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${CRTTOOLPATH} realclean 1427 ${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${ENCTOOLPATH} realclean 1428 ${Q}${MAKE} --no-print-directory -C ${ROMLIBPATH} clean 1429 1430checkcodebase: locate-checkpatch 1431 @echo " CHECKING STYLE" 1432 @if test -d .git ; then \ 1433 git ls-files | grep -E -v 'libfdt|libc|docs|\.rst' | \ 1434 while read GIT_FILE ; \ 1435 do ${CHECKPATCH} ${CHECKCODE_ARGS} -f $$GIT_FILE ; \ 1436 done ; \ 1437 else \ 1438 find . -type f -not -iwholename "*.git*" \ 1439 -not -iwholename "*build*" \ 1440 -not -iwholename "*libfdt*" \ 1441 -not -iwholename "*libc*" \ 1442 -not -iwholename "*docs*" \ 1443 -not -iwholename "*.rst" \ 1444 -exec ${CHECKPATCH} ${CHECKCODE_ARGS} -f {} \; ; \ 1445 fi 1446 1447checkpatch: locate-checkpatch 1448 @echo " CHECKING STYLE" 1449 @if test -n "${CHECKPATCH_OPTS}"; then \ 1450 echo " with ${CHECKPATCH_OPTS} option(s)"; \ 1451 fi 1452 ${Q}COMMON_COMMIT=$$(git merge-base HEAD ${BASE_COMMIT}); \ 1453 for commit in `git rev-list --no-merges $$COMMON_COMMIT..HEAD`; \ 1454 do \ 1455 printf "\n[*] Checking style of '$$commit'\n\n"; \ 1456 git log --format=email "$$commit~..$$commit" \ 1457 -- ${CHECK_PATHS} | \ 1458 ${CHECKPATCH} ${CHECKPATCH_OPTS} - || true; \ 1459 git diff --format=email "$$commit~..$$commit" \ 1460 -- ${CHECK_PATHS} | \ 1461 ${CHECKPATCH} ${CHECKPATCH_OPTS} - || true; \ 1462 done 1463 1464certtool: ${CRTTOOL} 1465 1466${CRTTOOL}: FORCE 1467 ${Q}${MAKE} PLAT=${PLAT} USE_TBBR_DEFS=${USE_TBBR_DEFS} COT=${COT} OPENSSL_DIR=${OPENSSL_DIR} CRTTOOL=${CRTTOOL} --no-print-directory -C ${CRTTOOLPATH} 1468 @${ECHO_BLANK_LINE} 1469 @echo "Built $@ successfully" 1470 @${ECHO_BLANK_LINE} 1471 1472ifneq (${GENERATE_COT},0) 1473certificates: ${CRT_DEPS} ${CRTTOOL} 1474 ${Q}${CRTTOOL} ${CRT_ARGS} 1475 @${ECHO_BLANK_LINE} 1476 @echo "Built $@ successfully" 1477 @echo "Certificates can be found in ${BUILD_PLAT}" 1478 @${ECHO_BLANK_LINE} 1479endif 1480 1481${BUILD_PLAT}/${FIP_NAME}: ${FIP_DEPS} ${FIPTOOL} 1482 $(eval ${CHECK_FIP_CMD}) 1483 ${Q}${FIPTOOL} create ${FIP_ARGS} $@ 1484 ${Q}${FIPTOOL} info $@ 1485 @${ECHO_BLANK_LINE} 1486 @echo "Built $@ successfully" 1487 @${ECHO_BLANK_LINE} 1488 1489ifneq (${GENERATE_COT},0) 1490fwu_certificates: ${FWU_CRT_DEPS} ${CRTTOOL} 1491 ${Q}${CRTTOOL} ${FWU_CRT_ARGS} 1492 @${ECHO_BLANK_LINE} 1493 @echo "Built $@ successfully" 1494 @echo "FWU certificates can be found in ${BUILD_PLAT}" 1495 @${ECHO_BLANK_LINE} 1496endif 1497 1498${BUILD_PLAT}/${FWU_FIP_NAME}: ${FWU_FIP_DEPS} ${FIPTOOL} 1499 $(eval ${CHECK_FWU_FIP_CMD}) 1500 ${Q}${FIPTOOL} create ${FWU_FIP_ARGS} $@ 1501 ${Q}${FIPTOOL} info $@ 1502 @${ECHO_BLANK_LINE} 1503 @echo "Built $@ successfully" 1504 @${ECHO_BLANK_LINE} 1505 1506fiptool: ${FIPTOOL} 1507fip: ${BUILD_PLAT}/${FIP_NAME} 1508fwu_fip: ${BUILD_PLAT}/${FWU_FIP_NAME} 1509 1510${FIPTOOL}: FORCE 1511ifdef UNIX_MK 1512 ${Q}${MAKE} CPPFLAGS="-DVERSION='\"${VERSION_STRING}\"'" FIPTOOL=${FIPTOOL} OPENSSL_DIR=${OPENSSL_DIR} --no-print-directory -C ${FIPTOOLPATH} 1513else 1514# Clear the MAKEFLAGS as we do not want 1515# to pass the gnumake flags to nmake. 1516 ${Q}set MAKEFLAGS= && ${MSVC_NMAKE} /nologo /f ${FIPTOOLPATH}/Makefile.msvc FIPTOOLPATH=$(subst /,\,$(FIPTOOLPATH)) FIPTOOL=$(subst /,\,$(FIPTOOL)) 1517endif 1518 1519romlib.bin: libraries FORCE 1520 ${Q}${MAKE} PLAT_DIR=${PLAT_DIR} BUILD_PLAT=${BUILD_PLAT} ENABLE_BTI=${ENABLE_BTI} ARM_ARCH_MINOR=${ARM_ARCH_MINOR} INCLUDES='${INCLUDES}' DEFINES='${DEFINES}' --no-print-directory -C ${ROMLIBPATH} all 1521 1522# Call print_memory_map tool 1523memmap: all 1524 ${Q}${PYTHON} ${PRINT_MEMORY_MAP} ${BUILD_PLAT} ${INVERTED_MEMMAP} 1525 1526doc: 1527 @echo " BUILD DOCUMENTATION" 1528 ${Q}${MAKE} --no-print-directory -C ${DOCS_PATH} html 1529 1530enctool: ${ENCTOOL} 1531 1532${ENCTOOL}: FORCE 1533 ${Q}${MAKE} PLAT=${PLAT} BUILD_INFO=0 OPENSSL_DIR=${OPENSSL_DIR} ENCTOOL=${ENCTOOL} --no-print-directory -C ${ENCTOOLPATH} 1534 @${ECHO_BLANK_LINE} 1535 @echo "Built $@ successfully" 1536 @${ECHO_BLANK_LINE} 1537 1538cscope: 1539 @echo " CSCOPE" 1540 ${Q}find ${CURDIR} -name "*.[chsS]" > cscope.files 1541 ${Q}cscope -b -q -k 1542 1543help: 1544 @echo "usage: ${MAKE} [PLAT=<platform>] [OPTIONS] [TARGET]" 1545 @echo "" 1546 @echo "PLAT is used to specify which platform you wish to build." 1547 @echo "If no platform is specified, PLAT defaults to: ${DEFAULT_PLAT}" 1548 @echo "" 1549 @echo "platform = ${PLATFORM_LIST}" 1550 @echo "" 1551 @echo "Please refer to the User Guide for a list of all supported options." 1552 @echo "Note that the build system doesn't track dependencies for build " 1553 @echo "options. Therefore, if any of the build options are changed " 1554 @echo "from a previous build, a clean build must be performed." 1555 @echo "" 1556 @echo "Supported Targets:" 1557 @echo " all Build all individual bootloader binaries" 1558 @echo " bl1 Build the BL1 binary" 1559 @echo " bl2 Build the BL2 binary" 1560 @echo " bl2u Build the BL2U binary" 1561 @echo " bl31 Build the BL31 binary" 1562 @echo " bl32 Build the BL32 binary. If ARCH=aarch32, then " 1563 @echo " this builds secure payload specified by AARCH32_SP" 1564 @echo " certificates Build the certificates (requires 'GENERATE_COT=1')" 1565 @echo " fip Build the Firmware Image Package (FIP)" 1566 @echo " fwu_fip Build the FWU Firmware Image Package (FIP)" 1567 @echo " checkcodebase Check the coding style of the entire source tree" 1568 @echo " checkpatch Check the coding style on changes in the current" 1569 @echo " branch against BASE_COMMIT (default origin/master)" 1570 @echo " clean Clean the build for the selected platform" 1571 @echo " cscope Generate cscope index" 1572 @echo " distclean Remove all build artifacts for all platforms" 1573 @echo " certtool Build the Certificate generation tool" 1574 @echo " enctool Build the Firmware encryption tool" 1575 @echo " fiptool Build the Firmware Image Package (FIP) creation tool" 1576 @echo " sp Build the Secure Partition Packages" 1577 @echo " sptool Build the Secure Partition Package creation tool" 1578 @echo " dtbs Build the Device Tree Blobs (if required for the platform)" 1579 @echo " memmap Print the memory map of the built binaries" 1580 @echo " doc Build html based documentation using Sphinx tool" 1581 @echo "" 1582 @echo "Note: most build targets require PLAT to be set to a specific platform." 1583 @echo "" 1584 @echo "example: build all targets for the FVP platform:" 1585 @echo " CROSS_COMPILE=aarch64-none-elf- make PLAT=fvp all" 1586 1587.PHONY: FORCE 1588FORCE:; 1589