1# 2# Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved. 3# 4# SPDX-License-Identifier: BSD-3-Clause 5# 6 7# 8# Trusted Firmware Version 9# 10VERSION_MAJOR := 2 11VERSION_MINOR := 8 12VERSION := ${VERSION_MAJOR}.${VERSION_MINOR} 13 14# Default goal is build all images 15.DEFAULT_GOAL := all 16 17# Avoid any implicit propagation of command line variable definitions to 18# sub-Makefiles, like CFLAGS that we reserved for the firmware images' 19# usage. Other command line options like "-s" are still propagated as usual. 20MAKEOVERRIDES = 21 22MAKE_HELPERS_DIRECTORY := make_helpers/ 23include ${MAKE_HELPERS_DIRECTORY}build_macros.mk 24include ${MAKE_HELPERS_DIRECTORY}build_env.mk 25 26################################################################################ 27# Default values for build configurations, and their dependencies 28################################################################################ 29 30include ${MAKE_HELPERS_DIRECTORY}defaults.mk 31 32# Assertions enabled for DEBUG builds by default 33ENABLE_ASSERTIONS := ${DEBUG} 34ENABLE_PMF := ${ENABLE_RUNTIME_INSTRUMENTATION} 35PLAT := ${DEFAULT_PLAT} 36 37################################################################################ 38# Checkpatch script options 39################################################################################ 40 41CHECKCODE_ARGS := --no-patch 42# Do not check the coding style on imported library files or documentation files 43INC_ARM_DIRS_TO_CHECK := $(sort $(filter-out \ 44 include/drivers/arm/cryptocell, \ 45 $(wildcard include/drivers/arm/*))) 46INC_ARM_DIRS_TO_CHECK += include/drivers/arm/cryptocell/*.h 47INC_DRV_DIRS_TO_CHECK := $(sort $(filter-out \ 48 include/drivers/arm, \ 49 $(wildcard include/drivers/*))) 50INC_LIB_DIRS_TO_CHECK := $(sort $(filter-out \ 51 include/lib/libfdt \ 52 include/lib/libc, \ 53 $(wildcard include/lib/*))) 54INC_DIRS_TO_CHECK := $(sort $(filter-out \ 55 include/lib \ 56 include/drivers, \ 57 $(wildcard include/*))) 58LIB_DIRS_TO_CHECK := $(sort $(filter-out \ 59 lib/compiler-rt \ 60 lib/libfdt% \ 61 lib/libc, \ 62 lib/zlib \ 63 $(wildcard lib/*))) 64ROOT_DIRS_TO_CHECK := $(sort $(filter-out \ 65 lib \ 66 include \ 67 docs \ 68 %.rst, \ 69 $(wildcard *))) 70CHECK_PATHS := ${ROOT_DIRS_TO_CHECK} \ 71 ${INC_DIRS_TO_CHECK} \ 72 ${INC_LIB_DIRS_TO_CHECK} \ 73 ${LIB_DIRS_TO_CHECK} \ 74 ${INC_DRV_DIRS_TO_CHECK} \ 75 ${INC_ARM_DIRS_TO_CHECK} 76 77 78################################################################################ 79# Process build options 80################################################################################ 81 82# Verbose flag 83ifeq (${V},0) 84 Q:=@ 85 ECHO:=@echo 86 CHECKCODE_ARGS += --no-summary --terse 87else 88 Q:= 89 ECHO:=$(ECHO_QUIET) 90endif 91 92ifneq ($(findstring s,$(filter-out --%,$(MAKEFLAGS))),) 93 Q:=@ 94 ECHO:=$(ECHO_QUIET) 95endif 96 97export Q ECHO 98 99# The cert_create tool cannot generate certificates individually, so we use the 100# target 'certificates' to create them all 101ifneq (${GENERATE_COT},0) 102 FIP_DEPS += certificates 103 FWU_FIP_DEPS += fwu_certificates 104endif 105 106# Process BRANCH_PROTECTION value and set 107# Pointer Authentication and Branch Target Identification flags 108ifeq (${BRANCH_PROTECTION},0) 109 # Default value turns off all types of branch protection 110 BP_OPTION := none 111else ifneq (${ARCH},aarch64) 112 $(error BRANCH_PROTECTION requires AArch64) 113else ifeq (${BRANCH_PROTECTION},1) 114 # Enables all types of branch protection features 115 BP_OPTION := standard 116 ENABLE_BTI := 1 117 ENABLE_PAUTH := 1 118else ifeq (${BRANCH_PROTECTION},2) 119 # Return address signing to its standard level 120 BP_OPTION := pac-ret 121 ENABLE_PAUTH := 1 122else ifeq (${BRANCH_PROTECTION},3) 123 # Extend the signing to include leaf functions 124 BP_OPTION := pac-ret+leaf 125 ENABLE_PAUTH := 1 126else ifeq (${BRANCH_PROTECTION},4) 127 # Turn on branch target identification mechanism 128 BP_OPTION := bti 129 ENABLE_BTI := 1 130else 131 $(error Unknown BRANCH_PROTECTION value ${BRANCH_PROTECTION}) 132endif 133 134# FEAT_RME 135ifeq (${ENABLE_RME},1) 136# RME doesn't support PIE 137ifneq (${ENABLE_PIE},0) 138 $(error ENABLE_RME does not support PIE) 139endif 140# RME doesn't support BRBE 141ifneq (${ENABLE_BRBE_FOR_NS},0) 142 $(error ENABLE_RME does not support BRBE.) 143endif 144# RME requires AARCH64 145ifneq (${ARCH},aarch64) 146 $(error ENABLE_RME requires AArch64) 147endif 148# RME requires el2 context to be saved for now. 149CTX_INCLUDE_EL2_REGS := 1 150CTX_INCLUDE_AARCH32_REGS := 0 151ARM_ARCH_MAJOR := 8 152ARM_ARCH_MINOR := 5 153ENABLE_FEAT_ECV = 1 154ENABLE_FEAT_FGT = 1 155 156# RME enables CSV2_2 extension by default. 157ENABLE_FEAT_CSV2_2 = 1 158 159endif 160 161# USE_SPINLOCK_CAS requires AArch64 build 162ifeq (${USE_SPINLOCK_CAS},1) 163ifneq (${ARCH},aarch64) 164 $(error USE_SPINLOCK_CAS requires AArch64) 165endif 166endif 167 168# USE_DEBUGFS experimental feature recommended only in debug builds 169ifeq (${USE_DEBUGFS},1) 170ifeq (${DEBUG},1) 171 $(warning DEBUGFS experimental feature is enabled.) 172else 173 $(warning DEBUGFS experimental, recommended in DEBUG builds ONLY) 174endif 175endif 176 177ifneq (${DECRYPTION_SUPPORT},none) 178ENC_ARGS += -f ${FW_ENC_STATUS} 179ENC_ARGS += -k ${ENC_KEY} 180ENC_ARGS += -n ${ENC_NONCE} 181FIP_DEPS += enctool 182FWU_FIP_DEPS += enctool 183endif 184 185################################################################################ 186# Toolchain 187################################################################################ 188 189HOSTCC := gcc 190export HOSTCC 191 192CC := ${CROSS_COMPILE}gcc 193CPP := ${CROSS_COMPILE}cpp 194AS := ${CROSS_COMPILE}gcc 195AR := ${CROSS_COMPILE}ar 196LINKER := ${CROSS_COMPILE}ld 197OC := ${CROSS_COMPILE}objcopy 198OD := ${CROSS_COMPILE}objdump 199NM := ${CROSS_COMPILE}nm 200PP := ${CROSS_COMPILE}gcc -E 201DTC := dtc 202 203# Use ${LD}.bfd instead if it exists (as absolute path or together with $PATH). 204ifneq ($(strip $(wildcard ${LD}.bfd) \ 205 $(foreach dir,$(subst :, ,${PATH}),$(wildcard ${dir}/${LINKER}.bfd))),) 206LINKER := ${LINKER}.bfd 207endif 208 209ifeq (${ARM_ARCH_MAJOR},7) 210target32-directive = -target arm-none-eabi 211# Will set march32-directive from platform configuration 212else 213target32-directive = -target armv8a-none-eabi 214 215# Set the compiler's target architecture profile based on 216# ARM_ARCH_MAJOR ARM_ARCH_MINOR options 217ifeq (${ARM_ARCH_MINOR},0) 218march32-directive = -march=armv${ARM_ARCH_MAJOR}-a 219march64-directive = -march=armv${ARM_ARCH_MAJOR}-a 220else 221march32-directive = -march=armv${ARM_ARCH_MAJOR}.${ARM_ARCH_MINOR}-a 222march64-directive = -march=armv${ARM_ARCH_MAJOR}.${ARM_ARCH_MINOR}-a 223endif 224endif 225 226# Memory tagging is supported in architecture Armv8.5-A AArch64 and onwards 227ifeq ($(ARCH), aarch64) 228# Check if revision is greater than or equal to 8.5 229ifeq "8.5" "$(word 1, $(sort 8.5 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))" 230mem_tag_arch_support = yes 231endif 232endif 233 234# Get architecture feature modifiers 235arch-features = ${ARM_ARCH_FEATURE} 236 237# Enable required options for memory stack tagging. 238# Currently, these options are enabled only for clang and armclang compiler. 239ifeq (${SUPPORT_STACK_MEMTAG},yes) 240ifdef mem_tag_arch_support 241# Check for armclang and clang compilers 242ifneq ( ,$(filter $(notdir $(CC)),armclang clang)) 243# Add "memtag" architecture feature modifier if not specified 244ifeq ( ,$(findstring memtag,$(arch-features))) 245arch-features := $(arch-features)+memtag 246endif # memtag 247ifeq ($(notdir $(CC)),armclang) 248TF_CFLAGS += -mmemtag-stack 249else ifeq ($(notdir $(CC)),clang) 250TF_CFLAGS += -fsanitize=memtag 251endif # armclang 252endif # armclang clang 253else 254$(error "Error: stack memory tagging is not supported for architecture \ 255 ${ARCH},armv${ARM_ARCH_MAJOR}.${ARM_ARCH_MINOR}-a") 256endif # mem_tag_arch_support 257endif # SUPPORT_STACK_MEMTAG 258 259# Set the compiler's architecture feature modifiers 260ifneq ($(arch-features), none) 261# Strip "none+" from arch-features 262arch-features := $(subst none+,,$(arch-features)) 263ifeq ($(ARCH), aarch32) 264march32-directive := $(march32-directive)+$(arch-features) 265else 266march64-directive := $(march64-directive)+$(arch-features) 267endif 268# Print features 269$(info Arm Architecture Features specified: $(subst +, ,$(arch-features))) 270endif # arch-features 271 272# Determine if FEAT_RNG is supported 273ENABLE_FEAT_RNG = $(if $(findstring rng,${arch-features}),1,0) 274 275# Determine if FEAT_SB is supported 276ENABLE_FEAT_SB = $(if $(findstring sb,${arch-features}),1,0) 277 278ifneq ($(findstring clang,$(notdir $(CC))),) 279 ifneq ($(findstring armclang,$(notdir $(CC))),) 280 TF_CFLAGS_aarch32 := -target arm-arm-none-eabi $(march32-directive) 281 TF_CFLAGS_aarch64 := -target aarch64-arm-none-eabi $(march64-directive) 282 LD := $(LINKER) 283 else 284 TF_CFLAGS_aarch32 = $(target32-directive) $(march32-directive) 285 TF_CFLAGS_aarch64 := -target aarch64-elf $(march64-directive) 286 LD := $(shell $(CC) --print-prog-name ld.lld) 287 288 AR := $(shell $(CC) --print-prog-name llvm-ar) 289 OD := $(shell $(CC) --print-prog-name llvm-objdump) 290 OC := $(shell $(CC) --print-prog-name llvm-objcopy) 291 endif 292 293 CPP := $(CC) -E $(TF_CFLAGS_$(ARCH)) 294 PP := $(CC) -E $(TF_CFLAGS_$(ARCH)) 295 AS := $(CC) -c -x assembler-with-cpp $(TF_CFLAGS_$(ARCH)) 296else ifneq ($(findstring gcc,$(notdir $(CC))),) 297TF_CFLAGS_aarch32 = $(march32-directive) 298TF_CFLAGS_aarch64 = $(march64-directive) 299ifeq ($(ENABLE_LTO),1) 300 # Enable LTO only for aarch64 301 ifeq (${ARCH},aarch64) 302 LTO_CFLAGS = -flto 303 # Use gcc as a wrapper for the ld, recommended for LTO 304 LINKER := ${CROSS_COMPILE}gcc 305 endif 306endif 307LD = $(LINKER) 308else 309TF_CFLAGS_aarch32 = $(march32-directive) 310TF_CFLAGS_aarch64 = $(march64-directive) 311LD = $(LINKER) 312endif 313 314# Process Debug flag 315$(eval $(call add_define,DEBUG)) 316ifneq (${DEBUG}, 0) 317 BUILD_TYPE := debug 318 TF_CFLAGS += -g -gdwarf-4 319 ASFLAGS += -g -Wa,-gdwarf-4 320 321 # Use LOG_LEVEL_INFO by default for debug builds 322 LOG_LEVEL := 40 323else 324 BUILD_TYPE := release 325 # Use LOG_LEVEL_NOTICE by default for release builds 326 LOG_LEVEL := 20 327endif 328 329# Default build string (git branch and commit) 330ifeq (${BUILD_STRING},) 331 BUILD_STRING := $(shell git describe --always --dirty --tags 2> /dev/null) 332endif 333VERSION_STRING := v${VERSION}(${BUILD_TYPE}):${BUILD_STRING} 334 335ifeq (${AARCH32_INSTRUCTION_SET},A32) 336TF_CFLAGS_aarch32 += -marm 337else ifeq (${AARCH32_INSTRUCTION_SET},T32) 338TF_CFLAGS_aarch32 += -mthumb 339else 340$(error Error: Unknown AArch32 instruction set ${AARCH32_INSTRUCTION_SET}) 341endif 342 343TF_CFLAGS_aarch32 += -mno-unaligned-access 344TF_CFLAGS_aarch64 += -mgeneral-regs-only -mstrict-align 345 346ifneq (${BP_OPTION},none) 347TF_CFLAGS_aarch64 += -mbranch-protection=${BP_OPTION} 348endif 349 350ASFLAGS_aarch32 = $(march32-directive) 351ASFLAGS_aarch64 = $(march64-directive) 352 353# General warnings 354WARNINGS := -Wall -Wmissing-include-dirs -Wunused \ 355 -Wdisabled-optimization -Wvla -Wshadow \ 356 -Wredundant-decls 357# stricter warnings 358WARNINGS += -Wextra -Wno-trigraphs 359# too verbose for generic build 360WARNINGS += -Wno-missing-field-initializers \ 361 -Wno-type-limits -Wno-sign-compare \ 362# on clang this flag gets reset if -Wextra is set after it. No difference on gcc 363WARNINGS += -Wno-unused-parameter 364 365# Additional warnings 366# Level 1 - infrequent warnings we should have none of 367# full -Wextra 368WARNING1 += -Wsign-compare 369WARNING1 += -Wtype-limits 370WARNING1 += -Wmissing-field-initializers 371 372# Level 2 - problematic warnings that we want 373# zlib, compiler-rt, coreboot, and mbdedtls blow up with these 374# TODO: disable just for them and move into default build 375WARNING2 += -Wold-style-definition 376WARNING2 += -Wmissing-prototypes 377WARNING2 += -Wmissing-format-attribute 378# TF-A aims to comply with this eventually. Effort too large at present 379WARNING2 += -Wundef 380# currently very involved and many platforms set this off 381WARNING2 += -Wunused-const-variable=2 382 383# Level 3 - very pedantic, frequently ignored 384WARNING3 := -Wbad-function-cast 385WARNING3 += -Waggregate-return 386WARNING3 += -Wnested-externs 387WARNING3 += -Wcast-align 388WARNING3 += -Wcast-qual 389WARNING3 += -Wconversion 390WARNING3 += -Wpacked 391WARNING3 += -Wpointer-arith 392WARNING3 += -Wswitch-default 393 394# Setting W is quite verbose and most warnings will be pre-existing issues 395# outside of the contributor's control. Don't fail the build on them so warnings 396# can be seen and hopefully addressed 397ifdef W 398ifneq (${W},0) 399E ?= 0 400endif 401endif 402 403ifeq (${W},1) 404WARNINGS += $(WARNING1) 405else ifeq (${W},2) 406WARNINGS += $(WARNING1) $(WARNING2) 407else ifeq (${W},3) 408WARNINGS += $(WARNING1) $(WARNING2) $(WARNING3) 409endif 410 411# Compiler specific warnings 412ifeq ($(findstring clang,$(notdir $(CC))),) 413# not using clang 414WARNINGS += -Wunused-but-set-variable -Wmaybe-uninitialized \ 415 -Wpacked-bitfield-compat -Wshift-overflow=2 \ 416 -Wlogical-op 417else 418# using clang 419WARNINGS += -Wshift-overflow -Wshift-sign-overflow \ 420 -Wlogical-op-parentheses 421endif 422 423ifneq (${E},0) 424ERRORS := -Werror 425endif 426 427CPPFLAGS = ${DEFINES} ${INCLUDES} ${MBEDTLS_INC} -nostdinc \ 428 $(ERRORS) $(WARNINGS) 429ASFLAGS += $(CPPFLAGS) $(ASFLAGS_$(ARCH)) \ 430 -ffreestanding -Wa,--fatal-warnings 431TF_CFLAGS += $(CPPFLAGS) $(TF_CFLAGS_$(ARCH)) \ 432 -ffunction-sections -fdata-sections \ 433 -ffreestanding -fno-builtin -fno-common \ 434 -Os -std=gnu99 435 436$(eval $(call add_define,SVE_VECTOR_LEN)) 437 438ifeq (${SANITIZE_UB},on) 439TF_CFLAGS += -fsanitize=undefined -fno-sanitize-recover 440endif 441ifeq (${SANITIZE_UB},trap) 442TF_CFLAGS += -fsanitize=undefined -fno-sanitize-recover \ 443 -fsanitize-undefined-trap-on-error 444endif 445 446GCC_V_OUTPUT := $(shell $(CC) -v 2>&1) 447 448# LD = armlink 449ifneq ($(findstring armlink,$(notdir $(LD))),) 450TF_LDFLAGS += --diag_error=warning --lto_level=O1 451TF_LDFLAGS += --remove --info=unused,unusedsymbols 452TF_LDFLAGS += $(TF_LDFLAGS_$(ARCH)) 453 454# LD = gcc (used when GCC LTO is enabled) 455else ifneq ($(findstring gcc,$(notdir $(LD))),) 456# Pass ld options with Wl or Xlinker switches 457TF_LDFLAGS += -Wl,--fatal-warnings -O1 458TF_LDFLAGS += -Wl,--gc-sections 459 460TF_LDFLAGS += -Wl,-z,common-page-size=4096 # Configure page size constants 461TF_LDFLAGS += -Wl,-z,max-page-size=4096 462 463ifeq ($(ENABLE_LTO),1) 464 ifeq (${ARCH},aarch64) 465 TF_LDFLAGS += -flto -fuse-linker-plugin 466 endif 467endif 468# GCC automatically adds fix-cortex-a53-843419 flag when used to link 469# which breaks some builds, so disable if errata fix is not explicitly enabled 470ifneq (${ERRATA_A53_843419},1) 471 TF_LDFLAGS += -mno-fix-cortex-a53-843419 472endif 473TF_LDFLAGS += -nostdlib 474TF_LDFLAGS += $(subst --,-Xlinker --,$(TF_LDFLAGS_$(ARCH))) 475 476# LD = gcc-ld (ld) or llvm-ld (ld.lld) or other 477else 478TF_LDFLAGS += -O1 479TF_LDFLAGS += --gc-sections 480 481TF_LDFLAGS += -z common-page-size=4096 # Configure page size constants 482TF_LDFLAGS += -z max-page-size=4096 483 484# ld.lld doesn't recognize the errata flags, 485# therefore don't add those in that case. 486# ld.lld reports section type mismatch warnings, 487# therefore don't add --fatal-warnings to it. 488ifeq ($(findstring ld.lld,$(notdir $(LD))),) 489TF_LDFLAGS += $(TF_LDFLAGS_$(ARCH)) --fatal-warnings 490endif 491endif 492 493DTC_FLAGS += -I dts -O dtb 494DTC_CPPFLAGS += -P -nostdinc -Iinclude -Ifdts -undef \ 495 -x assembler-with-cpp $(DEFINES) 496 497################################################################################ 498# Common sources and include directories 499################################################################################ 500include ${MAKE_HELPERS_DIRECTORY}arch_features.mk 501include lib/compiler-rt/compiler-rt.mk 502 503BL_COMMON_SOURCES += common/bl_common.c \ 504 common/tf_log.c \ 505 common/${ARCH}/debug.S \ 506 drivers/console/multi_console.c \ 507 lib/${ARCH}/cache_helpers.S \ 508 lib/${ARCH}/misc_helpers.S \ 509 plat/common/plat_bl_common.c \ 510 plat/common/plat_log_common.c \ 511 plat/common/${ARCH}/plat_common.c \ 512 plat/common/${ARCH}/platform_helpers.S \ 513 ${COMPILER_RT_SRCS} 514 515# Pointer Authentication sources 516ifeq (${ENABLE_PAUTH}, 1) 517# arm/common/aarch64/arm_pauth.c contains a sample platform hook to complete the 518# Pauth support. As it's not secure, it must be reimplemented for real platforms 519BL_COMMON_SOURCES += lib/extensions/pauth/pauth_helpers.S 520endif 521 522ifeq ($(notdir $(CC)),armclang) 523BL_COMMON_SOURCES += lib/${ARCH}/armclang_printf.S 524endif 525 526ifeq (${SANITIZE_UB},on) 527BL_COMMON_SOURCES += plat/common/ubsan.c 528endif 529 530INCLUDES += -Iinclude \ 531 -Iinclude/arch/${ARCH} \ 532 -Iinclude/lib/cpus/${ARCH} \ 533 -Iinclude/lib/el3_runtime/${ARCH} \ 534 ${PLAT_INCLUDES} \ 535 ${SPD_INCLUDES} 536 537include common/backtrace/backtrace.mk 538 539################################################################################ 540# Generic definitions 541################################################################################ 542 543include ${MAKE_HELPERS_DIRECTORY}plat_helpers.mk 544 545ifeq (${BUILD_BASE},) 546 BUILD_BASE := ./build 547endif 548BUILD_PLAT := $(abspath ${BUILD_BASE})/${PLAT}/${BUILD_TYPE} 549 550SPDS := $(sort $(filter-out none, $(patsubst services/spd/%,%,$(wildcard services/spd/*)))) 551 552# Platforms providing their own TBB makefile may override this value 553INCLUDE_TBBR_MK := 1 554 555 556################################################################################ 557# Include SPD Makefile if one has been specified 558################################################################################ 559 560ifneq (${SPD},none) 561 ifeq (${ARCH},aarch32) 562 $(error "Error: SPD is incompatible with AArch32.") 563 endif 564 565 ifdef EL3_PAYLOAD_BASE 566 $(warning "SPD and EL3_PAYLOAD_BASE are incompatible build options.") 567 $(warning "The SPD and its BL32 companion will be present but ignored.") 568 endif 569 570 ifeq (${SPD},spmd) 571 # SPMD is located in std_svc directory 572 SPD_DIR := std_svc 573 574 ifeq ($(SPMD_SPM_AT_SEL2),1) 575 CTX_INCLUDE_EL2_REGS := 1 576 ifeq ($(SPMC_AT_EL3),1) 577 $(error SPM cannot be enabled in both S-EL2 and EL3.) 578 endif 579 endif 580 581 ifeq ($(findstring optee_sp,$(ARM_SPMC_MANIFEST_DTS)),optee_sp) 582 DTC_CPPFLAGS += -DOPTEE_SP_FW_CONFIG 583 endif 584 585 ifeq ($(TS_SP_FW_CONFIG),1) 586 DTC_CPPFLAGS += -DTS_SP_FW_CONFIG 587 endif 588 589 ifneq ($(ARM_BL2_SP_LIST_DTS),) 590 DTC_CPPFLAGS += -DARM_BL2_SP_LIST_DTS=$(ARM_BL2_SP_LIST_DTS) 591 endif 592 593 ifneq ($(SP_LAYOUT_FILE),) 594 BL2_ENABLE_SP_LOAD := 1 595 endif 596 else 597 # All other SPDs in spd directory 598 SPD_DIR := spd 599 endif 600 601 # We expect to locate an spd.mk under the specified SPD directory 602 SPD_MAKE := $(wildcard services/${SPD_DIR}/${SPD}/${SPD}.mk) 603 604 ifeq (${SPD_MAKE},) 605 $(error Error: No services/${SPD_DIR}/${SPD}/${SPD}.mk located) 606 endif 607 $(info Including ${SPD_MAKE}) 608 include ${SPD_MAKE} 609 610 # If there's BL32 companion for the chosen SPD, we expect that the SPD's 611 # Makefile would set NEED_BL32 to "yes". In this case, the build system 612 # supports two mutually exclusive options: 613 # * BL32 is built from source: then BL32_SOURCES must contain the list 614 # of source files to build BL32 615 # * BL32 is a prebuilt binary: then BL32 must point to the image file 616 # that will be included in the FIP 617 # If both BL32_SOURCES and BL32 are defined, the binary takes precedence 618 # over the sources. 619endif 620 621ifeq (${CTX_INCLUDE_EL2_REGS}, 1) 622ifeq (${SPD},none) 623ifeq (${ENABLE_RME},0) 624 $(error CTX_INCLUDE_EL2_REGS is available only when SPD or RME is enabled) 625endif 626endif 627endif 628 629################################################################################ 630# Include rmmd Makefile if RME is enabled 631################################################################################ 632 633ifneq (${ENABLE_RME},0) 634ifneq (${ARCH},aarch64) 635 $(error ENABLE_RME requires AArch64) 636endif 637ifeq ($(SPMC_AT_EL3),1) 638 $(error SPMC_AT_EL3 and ENABLE_RME cannot both be enabled.) 639endif 640include services/std_svc/rmmd/rmmd.mk 641$(warning "RME is an experimental feature") 642endif 643 644################################################################################ 645# Include the platform specific Makefile after the SPD Makefile (the platform 646# makefile may use all previous definitions in this file) 647################################################################################ 648 649include ${PLAT_MAKEFILE_FULL} 650 651$(eval $(call MAKE_PREREQ_DIR,${BUILD_PLAT})) 652 653ifeq (${ARM_ARCH_MAJOR},7) 654include make_helpers/armv7-a-cpus.mk 655endif 656 657PIE_FOUND := $(findstring --enable-default-pie,${GCC_V_OUTPUT}) 658ifneq ($(PIE_FOUND),) 659 TF_CFLAGS += -fno-PIE 660ifneq ($(findstring gcc,$(notdir $(LD))),) 661 TF_LDFLAGS += -no-pie 662endif 663endif 664 665ifneq ($(findstring gcc,$(notdir $(LD))),) 666 PIE_LDFLAGS += -Wl,-pie -Wl,--no-dynamic-linker 667else 668 PIE_LDFLAGS += -pie --no-dynamic-linker 669endif 670 671ifeq ($(ENABLE_PIE),1) 672ifeq ($(BL2_AT_EL3),1) 673ifneq ($(BL2_IN_XIP_MEM),1) 674 BL2_CPPFLAGS += -fpie 675 BL2_CFLAGS += -fpie 676 BL2_LDFLAGS += $(PIE_LDFLAGS) 677endif 678endif 679 BL31_CPPFLAGS += -fpie 680 BL31_CFLAGS += -fpie 681 BL31_LDFLAGS += $(PIE_LDFLAGS) 682 683 BL32_CPPFLAGS += -fpie 684 BL32_CFLAGS += -fpie 685 BL32_LDFLAGS += $(PIE_LDFLAGS) 686endif 687 688ifeq (${ARCH},aarch64) 689BL1_CPPFLAGS += -DIMAGE_AT_EL3 690ifeq ($(BL2_AT_EL3),1) 691BL2_CPPFLAGS += -DIMAGE_AT_EL3 692else 693BL2_CPPFLAGS += -DIMAGE_AT_EL1 694endif 695BL2U_CPPFLAGS += -DIMAGE_AT_EL1 696BL31_CPPFLAGS += -DIMAGE_AT_EL3 697BL32_CPPFLAGS += -DIMAGE_AT_EL1 698endif 699 700# Include the CPU specific operations makefile, which provides default 701# values for all CPU errata workarounds and CPU specific optimisations. 702# This can be overridden by the platform. 703include lib/cpus/cpu-ops.mk 704 705ifeq (${ARCH},aarch32) 706NEED_BL32 := yes 707 708################################################################################ 709# Build `AARCH32_SP` as BL32 image for AArch32 710################################################################################ 711ifneq (${AARCH32_SP},none) 712# We expect to locate an sp.mk under the specified AARCH32_SP directory 713AARCH32_SP_MAKE := $(wildcard bl32/${AARCH32_SP}/${AARCH32_SP}.mk) 714 715ifeq (${AARCH32_SP_MAKE},) 716 $(error Error: No bl32/${AARCH32_SP}/${AARCH32_SP}.mk located) 717endif 718 719$(info Including ${AARCH32_SP_MAKE}) 720include ${AARCH32_SP_MAKE} 721endif 722 723endif 724 725################################################################################ 726# Include libc if not overridden 727################################################################################ 728ifeq (${OVERRIDE_LIBC},0) 729include lib/libc/libc.mk 730endif 731 732################################################################################ 733# Check incompatible options 734################################################################################ 735 736ifdef EL3_PAYLOAD_BASE 737 ifdef PRELOADED_BL33_BASE 738 $(warning "PRELOADED_BL33_BASE and EL3_PAYLOAD_BASE are \ 739 incompatible build options. EL3_PAYLOAD_BASE has priority.") 740 endif 741 ifneq (${GENERATE_COT},0) 742 $(error "GENERATE_COT and EL3_PAYLOAD_BASE are incompatible build options.") 743 endif 744 ifneq (${TRUSTED_BOARD_BOOT},0) 745 $(error "TRUSTED_BOARD_BOOT and EL3_PAYLOAD_BASE are incompatible build options.") 746 endif 747endif 748 749ifeq (${NEED_BL33},yes) 750 ifdef EL3_PAYLOAD_BASE 751 $(warning "BL33 image is not needed when option \ 752 BL33_PAYLOAD_BASE is used and won't be added to the FIP file.") 753 endif 754 ifdef PRELOADED_BL33_BASE 755 $(warning "BL33 image is not needed when option \ 756 PRELOADED_BL33_BASE is used and won't be added to the FIP \ 757 file.") 758 endif 759endif 760 761# When building for systems with hardware-assisted coherency, there's no need to 762# use USE_COHERENT_MEM. Require that USE_COHERENT_MEM must be set to 0 too. 763ifeq ($(HW_ASSISTED_COHERENCY)-$(USE_COHERENT_MEM),1-1) 764$(error USE_COHERENT_MEM cannot be enabled with HW_ASSISTED_COHERENCY) 765endif 766 767#For now, BL2_IN_XIP_MEM is only supported when BL2_AT_EL3 is 1. 768ifeq ($(BL2_AT_EL3)-$(BL2_IN_XIP_MEM),0-1) 769$(error "BL2_IN_XIP_MEM is only supported when BL2_AT_EL3 is enabled") 770endif 771 772# For RAS_EXTENSION, require that EAs are handled in EL3 first 773ifeq ($(RAS_EXTENSION),1) 774 ifneq ($(HANDLE_EA_EL3_FIRST_NS),1) 775 $(error For RAS_EXTENSION, HANDLE_EA_EL3_FIRST_NS must also be 1) 776 endif 777endif 778 779# When FAULT_INJECTION_SUPPORT is used, require that RAS_EXTENSION is enabled 780ifeq ($(FAULT_INJECTION_SUPPORT),1) 781 ifneq ($(RAS_EXTENSION),1) 782 $(error For FAULT_INJECTION_SUPPORT, RAS_EXTENSION must also be 1) 783 endif 784endif 785 786# DYN_DISABLE_AUTH can be set only when TRUSTED_BOARD_BOOT=1 787ifeq ($(DYN_DISABLE_AUTH), 1) 788 ifeq (${TRUSTED_BOARD_BOOT}, 0) 789 $(error "TRUSTED_BOARD_BOOT must be enabled for DYN_DISABLE_AUTH to be set.") 790 endif 791endif 792 793ifeq ($(MEASURED_BOOT)-$(TRUSTED_BOARD_BOOT),1-1) 794# Support authentication verification and hash calculation 795 CRYPTO_SUPPORT := 3 796else ifeq ($(DRTM_SUPPORT)-$(TRUSTED_BOARD_BOOT),1-1) 797# Support authentication verification and hash calculation 798 CRYPTO_SUPPORT := 3 799else ifneq ($(filter 1,${MEASURED_BOOT} ${DRTM_SUPPORT}),) 800# Support hash calculation only 801 CRYPTO_SUPPORT := 2 802else ifeq (${TRUSTED_BOARD_BOOT},1) 803# Support authentication verification only 804 CRYPTO_SUPPORT := 1 805else 806 CRYPTO_SUPPORT := 0 807endif 808 809# SDEI_IN_FCONF is only supported when SDEI_SUPPORT is enabled. 810ifeq ($(SDEI_SUPPORT)-$(SDEI_IN_FCONF),0-1) 811$(error "SDEI_IN_FCONF is only supported when SDEI_SUPPORT is enabled") 812endif 813 814# If pointer authentication is used in the firmware, make sure that all the 815# registers associated to it are also saved and restored. 816# Not doing it would leak the value of the keys used by EL3 to EL1 and S-EL1. 817ifeq ($(ENABLE_PAUTH),1) 818 ifeq ($(CTX_INCLUDE_PAUTH_REGS),0) 819 $(error Pointer Authentication requires CTX_INCLUDE_PAUTH_REGS=1) 820 endif 821endif 822 823ifeq ($(CTX_INCLUDE_PAUTH_REGS),1) 824 ifneq (${ARCH},aarch64) 825 $(error CTX_INCLUDE_PAUTH_REGS requires AArch64) 826 endif 827endif 828 829ifeq ($(CTX_INCLUDE_MTE_REGS),1) 830 ifneq (${ARCH},aarch64) 831 $(error CTX_INCLUDE_MTE_REGS requires AArch64) 832 endif 833endif 834 835ifeq ($(PSA_FWU_SUPPORT),1) 836 $(info PSA_FWU_SUPPORT is an experimental feature) 837endif 838 839ifeq ($(FEATURE_DETECTION),1) 840 $(info FEATURE_DETECTION is an experimental feature) 841endif 842 843ifeq (${ARM_XLAT_TABLES_LIB_V1}, 1) 844 ifeq (${ALLOW_RO_XLAT_TABLES}, 1) 845 $(error "ALLOW_RO_XLAT_TABLES requires translation tables library v2") 846 endif 847endif 848 849ifneq (${DECRYPTION_SUPPORT},none) 850 ifeq (${TRUSTED_BOARD_BOOT}, 0) 851 $(error TRUSTED_BOARD_BOOT must be enabled for DECRYPTION_SUPPORT to be set) 852 endif 853endif 854 855# Ensure that no Aarch64-only features are enabled in Aarch32 build 856ifeq (${ARCH},aarch32) 857 858 # SME/SVE only supported on AArch64 859 ifeq (${ENABLE_SME_FOR_NS},1) 860 $(error "ENABLE_SME_FOR_NS cannot be used with ARCH=aarch32") 861 endif 862 ifeq (${ENABLE_SVE_FOR_NS},1) 863 # Warning instead of error due to CI dependency on this 864 $(error "ENABLE_SVE_FOR_NS cannot be used with ARCH=aarch32") 865 endif 866 867 # BRBE is not supported in AArch32 868 ifeq (${ENABLE_BRBE_FOR_NS},1) 869 $(error "ENABLE_BRBE_FOR_NS cannot be used with ARCH=aarch32") 870 endif 871 872 # FEAT_RNG_TRAP is not supported in AArch32 873 ifeq (${ENABLE_FEAT_RNG_TRAP},1) 874 $(error "ENABLE_FEAT_RNG_TRAP cannot be used with ARCH=aarch32") 875 endif 876endif 877 878# Ensure ENABLE_RME is not used with SME 879ifeq (${ENABLE_RME},1) 880 ifeq (${ENABLE_SME_FOR_NS},1) 881 $(error "ENABLE_SME_FOR_NS cannot be used with ENABLE_RME") 882 endif 883endif 884 885# Secure SME/SVE requires the non-secure component as well 886ifeq (${ENABLE_SME_FOR_SWD},1) 887 ifeq (${ENABLE_SME_FOR_NS},0) 888 $(error "ENABLE_SME_FOR_SWD requires ENABLE_SME_FOR_NS") 889 endif 890endif 891ifeq (${ENABLE_SVE_FOR_SWD},1) 892 ifeq (${ENABLE_SVE_FOR_NS},0) 893 $(error "ENABLE_SVE_FOR_SWD requires ENABLE_SVE_FOR_NS") 894 endif 895endif 896 897# SVE and SME cannot be used with CTX_INCLUDE_FPREGS since secure manager does 898# its own context management including FPU registers. 899ifeq (${CTX_INCLUDE_FPREGS},1) 900 ifeq (${ENABLE_SME_FOR_NS},1) 901 $(error "ENABLE_SME_FOR_NS cannot be used with CTX_INCLUDE_FPREGS") 902 endif 903 ifeq (${ENABLE_SVE_FOR_NS},1) 904 # Warning instead of error due to CI dependency on this 905 $(warning "ENABLE_SVE_FOR_NS cannot be used with CTX_INCLUDE_FPREGS") 906 $(warning "Forced ENABLE_SVE_FOR_NS=0") 907 override ENABLE_SVE_FOR_NS := 0 908 endif 909endif 910 911ifeq ($(DRTM_SUPPORT),1) 912 $(info DRTM_SUPPORT is an experimental feature) 913endif 914 915ifeq (${ENABLE_RME},1) 916 ifneq (${SEPARATE_CODE_AND_RODATA},1) 917 $(error `ENABLE_RME=1` requires `SEPARATE_CODE_AND_RODATA=1`) 918 endif 919endif 920 921################################################################################ 922# Process platform overrideable behaviour 923################################################################################ 924 925ifdef BL1_SOURCES 926NEED_BL1 := yes 927endif 928 929ifdef BL2_SOURCES 930 NEED_BL2 := yes 931 932 # Using BL2 implies that a BL33 image also needs to be supplied for the FIP and 933 # Certificate generation tools. This flag can be overridden by the platform. 934 ifdef EL3_PAYLOAD_BASE 935 # If booting an EL3 payload there is no need for a BL33 image 936 # in the FIP file. 937 NEED_BL33 := no 938 else 939 ifdef PRELOADED_BL33_BASE 940 # If booting a BL33 preloaded image there is no need of 941 # another one in the FIP file. 942 NEED_BL33 := no 943 else 944 NEED_BL33 ?= yes 945 endif 946 endif 947endif 948 949ifdef BL2U_SOURCES 950NEED_BL2U := yes 951endif 952 953# If SCP_BL2 is given, we always want FIP to include it. 954ifdef SCP_BL2 955 NEED_SCP_BL2 := yes 956endif 957 958# For AArch32, BL31 is not currently supported. 959ifneq (${ARCH},aarch32) 960 ifdef BL31_SOURCES 961 # When booting an EL3 payload, there is no need to compile the BL31 image nor 962 # put it in the FIP. 963 ifndef EL3_PAYLOAD_BASE 964 NEED_BL31 := yes 965 endif 966 endif 967endif 968 969# Process TBB related flags 970ifneq (${GENERATE_COT},0) 971 # Common cert_create options 972 ifneq (${CREATE_KEYS},0) 973 $(eval CRT_ARGS += -n) 974 $(eval FWU_CRT_ARGS += -n) 975 ifneq (${SAVE_KEYS},0) 976 $(eval CRT_ARGS += -k) 977 $(eval FWU_CRT_ARGS += -k) 978 endif 979 endif 980 # Include TBBR makefile (unless the platform indicates otherwise) 981 ifeq (${INCLUDE_TBBR_MK},1) 982 include make_helpers/tbbr/tbbr_tools.mk 983 endif 984endif 985 986ifneq (${FIP_ALIGN},0) 987FIP_ARGS += --align ${FIP_ALIGN} 988endif 989 990ifdef FDT_SOURCES 991NEED_FDT := yes 992endif 993 994################################################################################ 995# Include libraries' Makefile that are used in all BL 996################################################################################ 997 998include lib/stack_protector/stack_protector.mk 999 1000################################################################################ 1001# Auxiliary tools (fiptool, cert_create, etc) 1002################################################################################ 1003 1004# Variables for use with Certificate Generation Tool 1005CRTTOOLPATH ?= tools/cert_create 1006CRTTOOL ?= ${CRTTOOLPATH}/cert_create${BIN_EXT} 1007 1008# Variables for use with Firmware Encryption Tool 1009ENCTOOLPATH ?= tools/encrypt_fw 1010ENCTOOL ?= ${ENCTOOLPATH}/encrypt_fw${BIN_EXT} 1011 1012# Variables for use with Firmware Image Package 1013FIPTOOLPATH ?= tools/fiptool 1014FIPTOOL ?= ${FIPTOOLPATH}/fiptool${BIN_EXT} 1015 1016# Variables for use with sptool 1017SPTOOLPATH ?= tools/sptool 1018SPTOOL ?= ${SPTOOLPATH}/sptool.py 1019SP_MK_GEN ?= ${SPTOOLPATH}/sp_mk_generator.py 1020 1021# Variables for use with ROMLIB 1022ROMLIBPATH ?= lib/romlib 1023 1024# Variable for use with Python 1025PYTHON ?= python3 1026 1027# Variables for use with PRINT_MEMORY_MAP 1028PRINT_MEMORY_MAP_PATH ?= tools/memory 1029PRINT_MEMORY_MAP ?= ${PRINT_MEMORY_MAP_PATH}/print_memory_map.py 1030 1031# Variables for use with documentation build using Sphinx tool 1032DOCS_PATH ?= docs 1033 1034# Defination of SIMICS flag 1035SIMICS_BUILD ?= 0 1036 1037################################################################################ 1038# Include BL specific makefiles 1039################################################################################ 1040 1041ifeq (${NEED_BL1},yes) 1042include bl1/bl1.mk 1043endif 1044 1045ifeq (${NEED_BL2},yes) 1046include bl2/bl2.mk 1047endif 1048 1049ifeq (${NEED_BL2U},yes) 1050include bl2u/bl2u.mk 1051endif 1052 1053ifeq (${NEED_BL31},yes) 1054include bl31/bl31.mk 1055endif 1056 1057################################################################################ 1058# Build options checks 1059################################################################################ 1060 1061$(eval $(call assert_booleans,\ 1062 $(sort \ 1063 ALLOW_RO_XLAT_TABLES \ 1064 BL2_ENABLE_SP_LOAD \ 1065 COLD_BOOT_SINGLE_CPU \ 1066 CREATE_KEYS \ 1067 CTX_INCLUDE_AARCH32_REGS \ 1068 CTX_INCLUDE_FPREGS \ 1069 CTX_INCLUDE_EL2_REGS \ 1070 DEBUG \ 1071 DISABLE_MTPMU \ 1072 DYN_DISABLE_AUTH \ 1073 EL3_EXCEPTION_HANDLING \ 1074 ENABLE_AMU \ 1075 ENABLE_AMU_AUXILIARY_COUNTERS \ 1076 ENABLE_AMU_FCONF \ 1077 AMU_RESTRICT_COUNTERS \ 1078 ENABLE_ASSERTIONS \ 1079 ENABLE_PIE \ 1080 ENABLE_PMF \ 1081 ENABLE_PSCI_STAT \ 1082 ENABLE_RUNTIME_INSTRUMENTATION \ 1083 ENABLE_SME_FOR_NS \ 1084 ENABLE_SME_FOR_SWD \ 1085 ENABLE_SPE_FOR_LOWER_ELS \ 1086 ENABLE_SVE_FOR_NS \ 1087 ENABLE_SVE_FOR_SWD \ 1088 ERROR_DEPRECATED \ 1089 FAULT_INJECTION_SUPPORT \ 1090 GENERATE_COT \ 1091 GICV2_G0_FOR_EL3 \ 1092 HANDLE_EA_EL3_FIRST_NS \ 1093 HW_ASSISTED_COHERENCY \ 1094 INVERTED_MEMMAP \ 1095 MEASURED_BOOT \ 1096 DRTM_SUPPORT \ 1097 NS_TIMER_SWITCH \ 1098 OVERRIDE_LIBC \ 1099 PL011_GENERIC_UART \ 1100 PLAT_RSS_NOT_SUPPORTED \ 1101 PROGRAMMABLE_RESET_ADDRESS \ 1102 PSCI_EXTENDED_STATE_ID \ 1103 RESET_TO_BL31 \ 1104 RESET_TO_BL31_WITH_PARAMS \ 1105 SAVE_KEYS \ 1106 SEPARATE_CODE_AND_RODATA \ 1107 SEPARATE_BL2_NOLOAD_REGION \ 1108 SEPARATE_NOBITS_REGION \ 1109 SPIN_ON_BL1_EXIT \ 1110 SPM_MM \ 1111 SPMC_AT_EL3 \ 1112 SPMD_SPM_AT_SEL2 \ 1113 TRUSTED_BOARD_BOOT \ 1114 USE_COHERENT_MEM \ 1115 USE_DEBUGFS \ 1116 ARM_IO_IN_DTB \ 1117 SDEI_IN_FCONF \ 1118 SEC_INT_DESC_IN_FCONF \ 1119 USE_ROMLIB \ 1120 USE_TBBR_DEFS \ 1121 WARMBOOT_ENABLE_DCACHE_EARLY \ 1122 BL2_AT_EL3 \ 1123 BL2_IN_XIP_MEM \ 1124 BL2_INV_DCACHE \ 1125 USE_SPINLOCK_CAS \ 1126 ENCRYPT_BL31 \ 1127 ENCRYPT_BL32 \ 1128 ERRATA_SPECULATIVE_AT \ 1129 RAS_TRAP_NS_ERR_REC_ACCESS \ 1130 COT_DESC_IN_DTB \ 1131 USE_SP804_TIMER \ 1132 PSA_FWU_SUPPORT \ 1133 ENABLE_SYS_REG_TRACE_FOR_NS \ 1134 ENABLE_MPMM \ 1135 ENABLE_MPMM_FCONF \ 1136 SIMICS_BUILD \ 1137 FEATURE_DETECTION \ 1138 TRNG_SUPPORT \ 1139 CONDITIONAL_CMO \ 1140))) 1141 1142$(eval $(call assert_numerics,\ 1143 $(sort \ 1144 ARM_ARCH_MAJOR \ 1145 ARM_ARCH_MINOR \ 1146 BRANCH_PROTECTION \ 1147 CTX_INCLUDE_PAUTH_REGS \ 1148 CTX_INCLUDE_MTE_REGS \ 1149 CTX_INCLUDE_NEVE_REGS \ 1150 CRYPTO_SUPPORT \ 1151 ENABLE_BRBE_FOR_NS \ 1152 ENABLE_TRBE_FOR_NS \ 1153 ENABLE_BTI \ 1154 ENABLE_PAUTH \ 1155 ENABLE_FEAT_AMUv1 \ 1156 ENABLE_FEAT_AMUv1p1 \ 1157 ENABLE_FEAT_CSV2_2 \ 1158 ENABLE_FEAT_DIT \ 1159 ENABLE_FEAT_ECV \ 1160 ENABLE_FEAT_FGT \ 1161 ENABLE_FEAT_HCX \ 1162 ENABLE_FEAT_PAN \ 1163 ENABLE_FEAT_RNG \ 1164 ENABLE_FEAT_RNG_TRAP \ 1165 ENABLE_FEAT_SB \ 1166 ENABLE_FEAT_SEL2 \ 1167 ENABLE_FEAT_VHE \ 1168 ENABLE_MPAM_FOR_LOWER_ELS \ 1169 ENABLE_RME \ 1170 ENABLE_TRF_FOR_NS \ 1171 FW_ENC_STATUS \ 1172 NR_OF_FW_BANKS \ 1173 NR_OF_IMAGES_IN_FW_BANK \ 1174 RAS_EXTENSION \ 1175 TWED_DELAY \ 1176 ENABLE_FEAT_TWED \ 1177 SVE_VECTOR_LEN \ 1178))) 1179 1180ifdef KEY_SIZE 1181 $(eval $(call assert_numeric,KEY_SIZE)) 1182endif 1183 1184ifeq ($(filter $(SANITIZE_UB), on off trap),) 1185 $(error "Invalid value for SANITIZE_UB: can be one of on, off, trap") 1186endif 1187 1188################################################################################ 1189# Add definitions to the cpp preprocessor based on the current build options. 1190# This is done after including the platform specific makefile to allow the 1191# platform to overwrite the default options 1192################################################################################ 1193 1194$(eval $(call add_defines,\ 1195 $(sort \ 1196 ALLOW_RO_XLAT_TABLES \ 1197 ARM_ARCH_MAJOR \ 1198 ARM_ARCH_MINOR \ 1199 BL2_ENABLE_SP_LOAD \ 1200 COLD_BOOT_SINGLE_CPU \ 1201 CTX_INCLUDE_AARCH32_REGS \ 1202 CTX_INCLUDE_FPREGS \ 1203 CTX_INCLUDE_PAUTH_REGS \ 1204 EL3_EXCEPTION_HANDLING \ 1205 CTX_INCLUDE_MTE_REGS \ 1206 CTX_INCLUDE_EL2_REGS \ 1207 CTX_INCLUDE_NEVE_REGS \ 1208 DECRYPTION_SUPPORT_${DECRYPTION_SUPPORT} \ 1209 DISABLE_MTPMU \ 1210 ENABLE_AMU \ 1211 ENABLE_AMU_AUXILIARY_COUNTERS \ 1212 ENABLE_AMU_FCONF \ 1213 AMU_RESTRICT_COUNTERS \ 1214 ENABLE_ASSERTIONS \ 1215 ENABLE_BTI \ 1216 ENABLE_MPAM_FOR_LOWER_ELS \ 1217 ENABLE_PAUTH \ 1218 ENABLE_PIE \ 1219 ENABLE_PMF \ 1220 ENABLE_PSCI_STAT \ 1221 ENABLE_RME \ 1222 ENABLE_RUNTIME_INSTRUMENTATION \ 1223 ENABLE_SME_FOR_NS \ 1224 ENABLE_SME_FOR_SWD \ 1225 ENABLE_SPE_FOR_LOWER_ELS \ 1226 ENABLE_SVE_FOR_NS \ 1227 ENABLE_SVE_FOR_SWD \ 1228 ENCRYPT_BL31 \ 1229 ENCRYPT_BL32 \ 1230 ERROR_DEPRECATED \ 1231 FAULT_INJECTION_SUPPORT \ 1232 GICV2_G0_FOR_EL3 \ 1233 HANDLE_EA_EL3_FIRST_NS \ 1234 HW_ASSISTED_COHERENCY \ 1235 LOG_LEVEL \ 1236 MEASURED_BOOT \ 1237 DRTM_SUPPORT \ 1238 NS_TIMER_SWITCH \ 1239 PL011_GENERIC_UART \ 1240 PLAT_${PLAT} \ 1241 PLAT_RSS_NOT_SUPPORTED \ 1242 PROGRAMMABLE_RESET_ADDRESS \ 1243 PSCI_EXTENDED_STATE_ID \ 1244 RAS_EXTENSION \ 1245 RESET_TO_BL31 \ 1246 RESET_TO_BL31_WITH_PARAMS \ 1247 SEPARATE_CODE_AND_RODATA \ 1248 SEPARATE_BL2_NOLOAD_REGION \ 1249 SEPARATE_NOBITS_REGION \ 1250 RECLAIM_INIT_CODE \ 1251 SPD_${SPD} \ 1252 SPIN_ON_BL1_EXIT \ 1253 SPM_MM \ 1254 SPMC_AT_EL3 \ 1255 SPMD_SPM_AT_SEL2 \ 1256 TRUSTED_BOARD_BOOT \ 1257 CRYPTO_SUPPORT \ 1258 TRNG_SUPPORT \ 1259 USE_COHERENT_MEM \ 1260 USE_DEBUGFS \ 1261 ARM_IO_IN_DTB \ 1262 SDEI_IN_FCONF \ 1263 SEC_INT_DESC_IN_FCONF \ 1264 USE_ROMLIB \ 1265 USE_TBBR_DEFS \ 1266 WARMBOOT_ENABLE_DCACHE_EARLY \ 1267 BL2_AT_EL3 \ 1268 BL2_IN_XIP_MEM \ 1269 BL2_INV_DCACHE \ 1270 USE_SPINLOCK_CAS \ 1271 ERRATA_SPECULATIVE_AT \ 1272 RAS_TRAP_NS_ERR_REC_ACCESS \ 1273 COT_DESC_IN_DTB \ 1274 USE_SP804_TIMER \ 1275 ENABLE_FEAT_RNG \ 1276 ENABLE_FEAT_RNG_TRAP \ 1277 ENABLE_FEAT_SB \ 1278 ENABLE_FEAT_DIT \ 1279 NR_OF_FW_BANKS \ 1280 NR_OF_IMAGES_IN_FW_BANK \ 1281 PSA_FWU_SUPPORT \ 1282 ENABLE_BRBE_FOR_NS \ 1283 ENABLE_TRBE_FOR_NS \ 1284 ENABLE_SYS_REG_TRACE_FOR_NS \ 1285 ENABLE_TRF_FOR_NS \ 1286 ENABLE_FEAT_HCX \ 1287 ENABLE_MPMM \ 1288 ENABLE_MPMM_FCONF \ 1289 ENABLE_FEAT_FGT \ 1290 ENABLE_FEAT_AMUv1 \ 1291 ENABLE_FEAT_ECV \ 1292 SIMICS_BUILD \ 1293 ENABLE_FEAT_AMUv1p1 \ 1294 ENABLE_FEAT_SEL2 \ 1295 ENABLE_FEAT_VHE \ 1296 ENABLE_FEAT_CSV2_2 \ 1297 ENABLE_FEAT_PAN \ 1298 FEATURE_DETECTION \ 1299 TWED_DELAY \ 1300 ENABLE_FEAT_TWED \ 1301 CONDITIONAL_CMO \ 1302))) 1303 1304ifeq (${SANITIZE_UB},trap) 1305 $(eval $(call add_define,MONITOR_TRAPS)) 1306endif 1307 1308# Define the EL3_PAYLOAD_BASE flag only if it is provided. 1309ifdef EL3_PAYLOAD_BASE 1310 $(eval $(call add_define,EL3_PAYLOAD_BASE)) 1311else 1312 # Define the PRELOADED_BL33_BASE flag only if it is provided and 1313 # EL3_PAYLOAD_BASE is not defined, as it has priority. 1314 ifdef PRELOADED_BL33_BASE 1315 $(eval $(call add_define,PRELOADED_BL33_BASE)) 1316 endif 1317endif 1318 1319# Define the DYN_DISABLE_AUTH flag only if set. 1320ifeq (${DYN_DISABLE_AUTH},1) 1321$(eval $(call add_define,DYN_DISABLE_AUTH)) 1322endif 1323 1324ifneq ($(findstring armlink,$(notdir $(LD))),) 1325$(eval $(call add_define,USE_ARM_LINK)) 1326endif 1327 1328# Generate and include sp_gen.mk if SPD is spmd and SP_LAYOUT_FILE is defined 1329ifeq (${SPD},spmd) 1330ifdef SP_LAYOUT_FILE 1331 -include $(BUILD_PLAT)/sp_gen.mk 1332 FIP_DEPS += sp 1333 CRT_DEPS += sp 1334 NEED_SP_PKG := yes 1335else 1336 ifeq (${SPMD_SPM_AT_SEL2},1) 1337 $(error "SPMD with SPM at S-EL2 require SP_LAYOUT_FILE") 1338 endif 1339endif 1340endif 1341 1342################################################################################ 1343# Build targets 1344################################################################################ 1345 1346.PHONY: all msg_start clean realclean distclean cscope locate-checkpatch checkcodebase checkpatch fiptool sptool fip sp fwu_fip certtool dtbs memmap doc enctool 1347.SUFFIXES: 1348 1349all: msg_start 1350 1351msg_start: 1352 @echo "Building ${PLAT}" 1353 1354ifeq (${ERROR_DEPRECATED},0) 1355# Check if deprecated declarations and cpp warnings should be treated as error or not. 1356ifneq ($(findstring clang,$(notdir $(CC))),) 1357 CPPFLAGS += -Wno-error=deprecated-declarations 1358else 1359 CPPFLAGS += -Wno-error=deprecated-declarations -Wno-error=cpp 1360endif 1361endif # !ERROR_DEPRECATED 1362 1363$(eval $(call MAKE_LIB_DIRS)) 1364$(eval $(call MAKE_LIB,c)) 1365 1366# Expand build macros for the different images 1367ifeq (${NEED_BL1},yes) 1368BL1_SOURCES := $(sort ${BL1_SOURCES}) 1369 1370$(eval $(call MAKE_BL,bl1)) 1371endif 1372 1373ifeq (${NEED_BL2},yes) 1374ifeq (${BL2_AT_EL3}, 0) 1375FIP_BL2_ARGS := tb-fw 1376endif 1377 1378BL2_SOURCES := $(sort ${BL2_SOURCES}) 1379 1380$(if ${BL2}, $(eval $(call TOOL_ADD_IMG,bl2,--${FIP_BL2_ARGS})),\ 1381 $(eval $(call MAKE_BL,bl2,${FIP_BL2_ARGS}))) 1382endif 1383 1384ifeq (${NEED_SCP_BL2},yes) 1385$(eval $(call TOOL_ADD_IMG,scp_bl2,--scp-fw)) 1386endif 1387 1388ifeq (${NEED_BL31},yes) 1389BL31_SOURCES += ${SPD_SOURCES} 1390# Sort BL31 source files to remove duplicates 1391BL31_SOURCES := $(sort ${BL31_SOURCES}) 1392ifneq (${DECRYPTION_SUPPORT},none) 1393$(if ${BL31}, $(eval $(call TOOL_ADD_IMG,bl31,--soc-fw,,$(ENCRYPT_BL31))),\ 1394 $(eval $(call MAKE_BL,bl31,soc-fw,,$(ENCRYPT_BL31)))) 1395else 1396$(if ${BL31}, $(eval $(call TOOL_ADD_IMG,bl31,--soc-fw)),\ 1397 $(eval $(call MAKE_BL,bl31,soc-fw))) 1398endif 1399endif 1400 1401# If a BL32 image is needed but neither BL32 nor BL32_SOURCES is defined, the 1402# build system will call TOOL_ADD_IMG to print a warning message and abort the 1403# process. Note that the dependency on BL32 applies to the FIP only. 1404ifeq (${NEED_BL32},yes) 1405# Sort BL32 source files to remove duplicates 1406BL32_SOURCES := $(sort ${BL32_SOURCES}) 1407BUILD_BL32 := $(if $(BL32),,$(if $(BL32_SOURCES),1)) 1408 1409ifneq (${DECRYPTION_SUPPORT},none) 1410$(if ${BUILD_BL32}, $(eval $(call MAKE_BL,bl32,tos-fw,,$(ENCRYPT_BL32))),\ 1411 $(eval $(call TOOL_ADD_IMG,bl32,--tos-fw,,$(ENCRYPT_BL32)))) 1412else 1413$(if ${BUILD_BL32}, $(eval $(call MAKE_BL,bl32,tos-fw)),\ 1414 $(eval $(call TOOL_ADD_IMG,bl32,--tos-fw))) 1415endif 1416endif 1417 1418# If RMM image is needed but RMM is not defined, Test Realm Payload (TRP) 1419# needs to be built from RMM_SOURCES. 1420ifeq (${NEED_RMM},yes) 1421# Sort RMM source files to remove duplicates 1422RMM_SOURCES := $(sort ${RMM_SOURCES}) 1423BUILD_RMM := $(if $(RMM),,$(if $(RMM_SOURCES),1)) 1424 1425$(if ${BUILD_RMM}, $(eval $(call MAKE_BL,rmm,rmm-fw)),\ 1426 $(eval $(call TOOL_ADD_IMG,rmm,--rmm-fw))) 1427endif 1428 1429# Add the BL33 image if required by the platform 1430ifeq (${NEED_BL33},yes) 1431$(eval $(call TOOL_ADD_IMG,bl33,--nt-fw)) 1432endif 1433 1434ifeq (${NEED_BL2U},yes) 1435$(if ${BL2U}, $(eval $(call TOOL_ADD_IMG,bl2u,--ap-fwu-cfg,FWU_)),\ 1436 $(eval $(call MAKE_BL,bl2u,ap-fwu-cfg,FWU_))) 1437endif 1438 1439# Expand build macros for the different images 1440ifeq (${NEED_FDT},yes) 1441 $(eval $(call MAKE_DTBS,$(BUILD_PLAT)/fdts,$(FDT_SOURCES))) 1442endif 1443 1444# Add Secure Partition packages 1445ifeq (${NEED_SP_PKG},yes) 1446$(BUILD_PLAT)/sp_gen.mk: ${SP_MK_GEN} ${SP_LAYOUT_FILE} | ${BUILD_PLAT} 1447 ${Q}${PYTHON} "$<" "$@" $(filter-out $<,$^) $(BUILD_PLAT) ${COT} 1448sp: $(DTBS) $(BUILD_PLAT)/sp_gen.mk $(SP_PKGS) 1449 @${ECHO_BLANK_LINE} 1450 @echo "Built SP Images successfully" 1451 @${ECHO_BLANK_LINE} 1452endif 1453 1454locate-checkpatch: 1455ifndef CHECKPATCH 1456 $(error "Please set CHECKPATCH to point to the Linux checkpatch.pl file, eg: CHECKPATCH=../linux/scripts/checkpatch.pl") 1457else 1458ifeq (,$(wildcard ${CHECKPATCH})) 1459 $(error "The file CHECKPATCH points to cannot be found, use eg: CHECKPATCH=../linux/scripts/checkpatch.pl") 1460endif 1461endif 1462 1463clean: 1464 @echo " CLEAN" 1465 $(call SHELL_REMOVE_DIR,${BUILD_PLAT}) 1466ifdef UNIX_MK 1467 ${Q}${MAKE} --no-print-directory -C ${FIPTOOLPATH} clean 1468else 1469# Clear the MAKEFLAGS as we do not want 1470# to pass the gnumake flags to nmake. 1471 ${Q}set MAKEFLAGS= && ${MSVC_NMAKE} /nologo /f ${FIPTOOLPATH}/Makefile.msvc FIPTOOLPATH=$(subst /,\,$(FIPTOOLPATH)) FIPTOOL=$(subst /,\,$(FIPTOOL)) clean 1472endif 1473 ${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${CRTTOOLPATH} clean 1474 ${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${ENCTOOLPATH} clean 1475 ${Q}${MAKE} --no-print-directory -C ${ROMLIBPATH} clean 1476 1477realclean distclean: 1478 @echo " REALCLEAN" 1479 $(call SHELL_REMOVE_DIR,${BUILD_BASE}) 1480 $(call SHELL_DELETE_ALL, ${CURDIR}/cscope.*) 1481ifdef UNIX_MK 1482 ${Q}${MAKE} --no-print-directory -C ${FIPTOOLPATH} clean 1483else 1484# Clear the MAKEFLAGS as we do not want 1485# to pass the gnumake flags to nmake. 1486 ${Q}set MAKEFLAGS= && ${MSVC_NMAKE} /nologo /f ${FIPTOOLPATH}/Makefile.msvc FIPTOOLPATH=$(subst /,\,$(FIPTOOLPATH)) FIPTOOL=$(subst /,\,$(FIPTOOL)) realclean 1487endif 1488 ${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${CRTTOOLPATH} realclean 1489 ${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${ENCTOOLPATH} realclean 1490 ${Q}${MAKE} --no-print-directory -C ${ROMLIBPATH} clean 1491 1492checkcodebase: locate-checkpatch 1493 @echo " CHECKING STYLE" 1494 @if test -d .git ; then \ 1495 git ls-files | grep -E -v 'libfdt|libc|docs|\.rst' | \ 1496 while read GIT_FILE ; \ 1497 do ${CHECKPATCH} ${CHECKCODE_ARGS} -f $$GIT_FILE ; \ 1498 done ; \ 1499 else \ 1500 find . -type f -not -iwholename "*.git*" \ 1501 -not -iwholename "*build*" \ 1502 -not -iwholename "*libfdt*" \ 1503 -not -iwholename "*libc*" \ 1504 -not -iwholename "*docs*" \ 1505 -not -iwholename "*.rst" \ 1506 -exec ${CHECKPATCH} ${CHECKCODE_ARGS} -f {} \; ; \ 1507 fi 1508 1509checkpatch: locate-checkpatch 1510 @echo " CHECKING STYLE" 1511 @if test -n "${CHECKPATCH_OPTS}"; then \ 1512 echo " with ${CHECKPATCH_OPTS} option(s)"; \ 1513 fi 1514 ${Q}COMMON_COMMIT=$$(git merge-base HEAD ${BASE_COMMIT}); \ 1515 for commit in `git rev-list --no-merges $$COMMON_COMMIT..HEAD`; \ 1516 do \ 1517 printf "\n[*] Checking style of '$$commit'\n\n"; \ 1518 git log --format=email "$$commit~..$$commit" \ 1519 -- ${CHECK_PATHS} | \ 1520 ${CHECKPATCH} ${CHECKPATCH_OPTS} - || true; \ 1521 git diff --format=email "$$commit~..$$commit" \ 1522 -- ${CHECK_PATHS} | \ 1523 ${CHECKPATCH} ${CHECKPATCH_OPTS} - || true; \ 1524 done 1525 1526certtool: ${CRTTOOL} 1527 1528${CRTTOOL}: FORCE 1529 ${Q}${MAKE} PLAT=${PLAT} USE_TBBR_DEFS=${USE_TBBR_DEFS} COT=${COT} OPENSSL_DIR=${OPENSSL_DIR} CRTTOOL=${CRTTOOL} DEBUG=${DEBUG} V=${V} --no-print-directory -C ${CRTTOOLPATH} all 1530 @${ECHO_BLANK_LINE} 1531 @echo "Built $@ successfully" 1532 @${ECHO_BLANK_LINE} 1533 1534ifneq (${GENERATE_COT},0) 1535certificates: ${CRT_DEPS} ${CRTTOOL} 1536 ${Q}${CRTTOOL} ${CRT_ARGS} 1537 @${ECHO_BLANK_LINE} 1538 @echo "Built $@ successfully" 1539 @echo "Certificates can be found in ${BUILD_PLAT}" 1540 @${ECHO_BLANK_LINE} 1541endif 1542 1543${BUILD_PLAT}/${FIP_NAME}: ${FIP_DEPS} ${FIPTOOL} 1544 $(eval ${CHECK_FIP_CMD}) 1545 ${Q}${FIPTOOL} create ${FIP_ARGS} $@ 1546 ${Q}${FIPTOOL} info $@ 1547 @${ECHO_BLANK_LINE} 1548 @echo "Built $@ successfully" 1549 @${ECHO_BLANK_LINE} 1550 1551ifneq (${GENERATE_COT},0) 1552fwu_certificates: ${FWU_CRT_DEPS} ${CRTTOOL} 1553 ${Q}${CRTTOOL} ${FWU_CRT_ARGS} 1554 @${ECHO_BLANK_LINE} 1555 @echo "Built $@ successfully" 1556 @echo "FWU certificates can be found in ${BUILD_PLAT}" 1557 @${ECHO_BLANK_LINE} 1558endif 1559 1560${BUILD_PLAT}/${FWU_FIP_NAME}: ${FWU_FIP_DEPS} ${FIPTOOL} 1561 $(eval ${CHECK_FWU_FIP_CMD}) 1562 ${Q}${FIPTOOL} create ${FWU_FIP_ARGS} $@ 1563 ${Q}${FIPTOOL} info $@ 1564 @${ECHO_BLANK_LINE} 1565 @echo "Built $@ successfully" 1566 @${ECHO_BLANK_LINE} 1567 1568fiptool: ${FIPTOOL} 1569fip: ${BUILD_PLAT}/${FIP_NAME} 1570fwu_fip: ${BUILD_PLAT}/${FWU_FIP_NAME} 1571 1572${FIPTOOL}: FORCE 1573ifdef UNIX_MK 1574 ${Q}${MAKE} CPPFLAGS="-DVERSION='\"${VERSION_STRING}\"'" FIPTOOL=${FIPTOOL} OPENSSL_DIR=${OPENSSL_DIR} DEBUG=${DEBUG} V=${V} --no-print-directory -C ${FIPTOOLPATH} all 1575else 1576# Clear the MAKEFLAGS as we do not want 1577# to pass the gnumake flags to nmake. 1578 ${Q}set MAKEFLAGS= && ${MSVC_NMAKE} /nologo /f ${FIPTOOLPATH}/Makefile.msvc FIPTOOLPATH=$(subst /,\,$(FIPTOOLPATH)) FIPTOOL=$(subst /,\,$(FIPTOOL)) 1579endif 1580 1581romlib.bin: libraries FORCE 1582 ${Q}${MAKE} PLAT_DIR=${PLAT_DIR} BUILD_PLAT=${BUILD_PLAT} ENABLE_BTI=${ENABLE_BTI} ARM_ARCH_MINOR=${ARM_ARCH_MINOR} INCLUDES='${INCLUDES}' DEFINES='${DEFINES}' --no-print-directory -C ${ROMLIBPATH} all 1583 1584# Call print_memory_map tool 1585memmap: all 1586 ${Q}${PYTHON} ${PRINT_MEMORY_MAP} ${BUILD_PLAT} ${INVERTED_MEMMAP} 1587 1588doc: 1589 @echo " BUILD DOCUMENTATION" 1590 ${Q}${MAKE} --no-print-directory -C ${DOCS_PATH} html 1591 1592enctool: ${ENCTOOL} 1593 1594${ENCTOOL}: FORCE 1595 ${Q}${MAKE} PLAT=${PLAT} BUILD_INFO=0 OPENSSL_DIR=${OPENSSL_DIR} ENCTOOL=${ENCTOOL} DEBUG=${DEBUG} V=${V} --no-print-directory -C ${ENCTOOLPATH} all 1596 @${ECHO_BLANK_LINE} 1597 @echo "Built $@ successfully" 1598 @${ECHO_BLANK_LINE} 1599 1600cscope: 1601 @echo " CSCOPE" 1602 ${Q}find ${CURDIR} -name "*.[chsS]" > cscope.files 1603 ${Q}cscope -b -q -k 1604 1605help: 1606 @echo "usage: ${MAKE} [PLAT=<platform>] [OPTIONS] [TARGET]" 1607 @echo "" 1608 @echo "PLAT is used to specify which platform you wish to build." 1609 @echo "If no platform is specified, PLAT defaults to: ${DEFAULT_PLAT}" 1610 @echo "" 1611 @echo "platform = ${PLATFORM_LIST}" 1612 @echo "" 1613 @echo "Please refer to the User Guide for a list of all supported options." 1614 @echo "Note that the build system doesn't track dependencies for build " 1615 @echo "options. Therefore, if any of the build options are changed " 1616 @echo "from a previous build, a clean build must be performed." 1617 @echo "" 1618 @echo "Supported Targets:" 1619 @echo " all Build all individual bootloader binaries" 1620 @echo " bl1 Build the BL1 binary" 1621 @echo " bl2 Build the BL2 binary" 1622 @echo " bl2u Build the BL2U binary" 1623 @echo " bl31 Build the BL31 binary" 1624 @echo " bl32 Build the BL32 binary. If ARCH=aarch32, then " 1625 @echo " this builds secure payload specified by AARCH32_SP" 1626 @echo " certificates Build the certificates (requires 'GENERATE_COT=1')" 1627 @echo " fip Build the Firmware Image Package (FIP)" 1628 @echo " fwu_fip Build the FWU Firmware Image Package (FIP)" 1629 @echo " checkcodebase Check the coding style of the entire source tree" 1630 @echo " checkpatch Check the coding style on changes in the current" 1631 @echo " branch against BASE_COMMIT (default origin/master)" 1632 @echo " clean Clean the build for the selected platform" 1633 @echo " cscope Generate cscope index" 1634 @echo " distclean Remove all build artifacts for all platforms" 1635 @echo " certtool Build the Certificate generation tool" 1636 @echo " enctool Build the Firmware encryption tool" 1637 @echo " fiptool Build the Firmware Image Package (FIP) creation tool" 1638 @echo " sp Build the Secure Partition Packages" 1639 @echo " sptool Build the Secure Partition Package creation tool" 1640 @echo " dtbs Build the Device Tree Blobs (if required for the platform)" 1641 @echo " memmap Print the memory map of the built binaries" 1642 @echo " doc Build html based documentation using Sphinx tool" 1643 @echo "" 1644 @echo "Note: most build targets require PLAT to be set to a specific platform." 1645 @echo "" 1646 @echo "example: build all targets for the FVP platform:" 1647 @echo " CROSS_COMPILE=aarch64-none-elf- make PLAT=fvp all" 1648 1649.PHONY: FORCE 1650FORCE:; 1651