1# 2# Copyright (c) 2013-2025, Arm Limited and Contributors. All rights reserved. 3# 4# SPDX-License-Identifier: BSD-3-Clause 5# 6 7# 8# Trusted Firmware Version 9# 10VERSION_MAJOR := 2 11VERSION_MINOR := 13 12# VERSION_PATCH is only used for LTS releases 13VERSION_PATCH := 0 14VERSION := ${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH} 15 16# Default goal is build all images 17.DEFAULT_GOAL := all 18 19# Avoid any implicit propagation of command line variable definitions to 20# sub-Makefiles, like CFLAGS that we reserved for the firmware images' 21# usage. Other command line options like "-s" are still propagated as usual. 22MAKEOVERRIDES = 23 24MAKE_HELPERS_DIRECTORY := make_helpers/ 25include ${MAKE_HELPERS_DIRECTORY}build_macros.mk 26include ${MAKE_HELPERS_DIRECTORY}build-rules.mk 27include ${MAKE_HELPERS_DIRECTORY}common.mk 28 29################################################################################ 30# Default values for build configurations, and their dependencies 31################################################################################ 32 33include ${MAKE_HELPERS_DIRECTORY}defaults.mk 34PLAT := ${DEFAULT_PLAT} 35include ${MAKE_HELPERS_DIRECTORY}plat_helpers.mk 36 37# To be able to set platform specific defaults 38ifneq ($(PLAT_DEFAULTS_MAKEFILE_FULL),) 39include ${PLAT_DEFAULTS_MAKEFILE_FULL} 40endif 41 42################################################################################ 43# Configure the toolchains used to build TF-A and its tools 44################################################################################ 45 46include ${MAKE_HELPERS_DIRECTORY}toolchain.mk 47 48# Assertions enabled for DEBUG builds by default 49ENABLE_ASSERTIONS := ${DEBUG} 50ENABLE_PMF := ${ENABLE_RUNTIME_INSTRUMENTATION} 51 52################################################################################ 53# Checkpatch script options 54################################################################################ 55 56CHECKCODE_ARGS := --no-patch 57# Do not check the coding style on imported library files or documentation files 58INC_DRV_DIRS_TO_CHECK := $(sort $(filter-out \ 59 include/drivers/arm, \ 60 $(wildcard include/drivers/*))) 61INC_LIB_DIRS_TO_CHECK := $(sort $(filter-out \ 62 include/lib/libfdt \ 63 include/lib/libc, \ 64 $(wildcard include/lib/*))) 65INC_DIRS_TO_CHECK := $(sort $(filter-out \ 66 include/lib \ 67 include/drivers, \ 68 $(wildcard include/*))) 69LIB_DIRS_TO_CHECK := $(sort $(filter-out \ 70 lib/compiler-rt \ 71 lib/libfdt% \ 72 lib/libc, \ 73 lib/zlib \ 74 $(wildcard lib/*))) 75ROOT_DIRS_TO_CHECK := $(sort $(filter-out \ 76 lib \ 77 include \ 78 docs \ 79 %.rst, \ 80 $(wildcard *))) 81CHECK_PATHS := ${ROOT_DIRS_TO_CHECK} \ 82 ${INC_DIRS_TO_CHECK} \ 83 ${INC_LIB_DIRS_TO_CHECK} \ 84 ${LIB_DIRS_TO_CHECK} \ 85 ${INC_DRV_DIRS_TO_CHECK} \ 86 ${INC_ARM_DIRS_TO_CHECK} 87 88################################################################################ 89# Process build options 90################################################################################ 91 92ifeq ($(verbose),) 93 CHECKCODE_ARGS += --no-summary --terse 94endif 95 96################################################################################ 97# Auxiliary tools (fiptool, cert_create, etc) 98################################################################################ 99 100# Variables for use with Certificate Generation Tool 101CRTTOOLPATH ?= tools/cert_create 102CRTTOOL ?= ${CRTTOOLPATH}/cert_create$(.exe) 103 104# Variables for use with Firmware Encryption Tool 105ENCTOOLPATH ?= tools/encrypt_fw 106ENCTOOL ?= ${ENCTOOLPATH}/encrypt_fw$(.exe) 107 108# Variables for use with Firmware Image Package 109FIPTOOLPATH ?= tools/fiptool 110FIPTOOL ?= ${FIPTOOLPATH}/fiptool$(.exe) 111 112# Variables for use with sptool 113SPTOOLPATH ?= tools/sptool 114SPTOOL ?= ${SPTOOLPATH}/sptool.py 115SP_MK_GEN ?= ${SPTOOLPATH}/sp_mk_generator.py 116SP_DTS_LIST_FRAGMENT ?= ${BUILD_PLAT}/sp_list_fragment.dts 117 118# Variables for use with sptool 119TLCTOOL ?= poetry run tlc 120 121# Variables for use with ROMLIB 122ROMLIBPATH ?= lib/romlib 123 124# Variable for use with Python 125PYTHON ?= python3 126 127# Variables for use with documentation build using Sphinx tool 128DOCS_PATH ?= docs 129 130################################################################################ 131# Compiler Configuration based on ARCH_MAJOR and ARCH_MINOR flags 132################################################################################ 133ifeq (${ARM_ARCH_MAJOR},7) 134 target32-directive = -target arm-none-eabi 135# Will set march-directive from platform configuration 136else 137 target32-directive = -target armv8a-none-eabi 138endif #(ARM_ARCH_MAJOR) 139 140################################################################################ 141# Get Architecture Feature Modifiers 142################################################################################ 143arch-features = ${ARM_ARCH_FEATURE} 144 145ifneq ($(filter %-clang,$($(ARCH)-cc-id)),) 146 ifeq ($($(ARCH)-cc-id),arm-clang) 147 TF_CFLAGS_aarch32 := -target arm-arm-none-eabi 148 TF_CFLAGS_aarch64 := -target aarch64-arm-none-eabi 149 else 150 TF_CFLAGS_aarch32 = $(target32-directive) 151 TF_CFLAGS_aarch64 := -target aarch64-unknown-none-elf 152 endif 153 154else ifeq ($($(ARCH)-cc-id),gnu-gcc) 155 # Enable LTO only for aarch64 156 ifeq (${ARCH},aarch64) 157 LTO_CFLAGS = $(if $(filter-out 0,$(ENABLE_LTO)),-flto) 158 endif 159endif #(clang) 160 161# Process Debug flag 162$(eval $(call add_define,DEBUG)) 163ifneq (${DEBUG}, 0) 164 BUILD_TYPE := debug 165 TF_CFLAGS += -g -gdwarf-4 166 ASFLAGS += -g -Wa,-gdwarf-4 167 168 # Use LOG_LEVEL_INFO by default for debug builds 169 LOG_LEVEL := 40 170else 171 BUILD_TYPE := release 172 # Use LOG_LEVEL_NOTICE by default for release builds 173 LOG_LEVEL := 20 174endif #(Debug) 175 176# Default build string (git branch and commit) 177ifeq (${BUILD_STRING},) 178 BUILD_STRING := $(shell git describe --always --dirty --tags 2> /dev/null) 179endif 180VERSION_STRING := v${VERSION}(${BUILD_TYPE}):${BUILD_STRING} 181 182ifeq (${AARCH32_INSTRUCTION_SET},A32) 183 TF_CFLAGS_aarch32 += -marm 184else ifeq (${AARCH32_INSTRUCTION_SET},T32) 185 TF_CFLAGS_aarch32 += -mthumb 186endif #(AARCH32_INSTRUCTION_SET) 187 188TF_CFLAGS_aarch32 += -mno-unaligned-access 189TF_CFLAGS_aarch64 += -mgeneral-regs-only -mstrict-align 190 191############################################################################## 192# WARNINGS Configuration 193############################################################################### 194# General warnings 195WARNINGS := -Wall -Wmissing-include-dirs -Wunused \ 196 -Wdisabled-optimization -Wvla -Wshadow \ 197 -Wredundant-decls 198# stricter warnings 199WARNINGS += -Wextra -Wno-trigraphs 200# too verbose for generic build 201WARNINGS += -Wno-missing-field-initializers \ 202 -Wno-type-limits -Wno-sign-compare \ 203# on clang this flag gets reset if -Wextra is set after it. No difference on gcc 204WARNINGS += -Wno-unused-parameter 205 206# Additional warnings 207# Level 1 - infrequent warnings we should have none of 208# full -Wextra 209WARNING1 += -Wsign-compare 210WARNING1 += -Wtype-limits 211WARNING1 += -Wmissing-field-initializers 212 213# Level 2 - problematic warnings that we want 214# zlib, compiler-rt, coreboot, and mbdedtls blow up with these 215# TODO: disable just for them and move into default build 216WARNING2 += -Wold-style-definition 217WARNING2 += -Wmissing-prototypes 218WARNING2 += -Wmissing-format-attribute 219# TF-A aims to comply with this eventually. Effort too large at present 220WARNING2 += -Wundef 221# currently very involved and many platforms set this off 222WARNING2 += -Wunused-const-variable=2 223 224# Level 3 - very pedantic, frequently ignored 225WARNING3 := -Wbad-function-cast 226WARNING3 += -Waggregate-return 227WARNING3 += -Wnested-externs 228WARNING3 += -Wcast-align 229WARNING3 += -Wcast-qual 230WARNING3 += -Wconversion 231WARNING3 += -Wpacked 232WARNING3 += -Wpointer-arith 233WARNING3 += -Wswitch-default 234 235# Setting W is quite verbose and most warnings will be pre-existing issues 236# outside of the contributor's control. Don't fail the build on them so warnings 237# can be seen and hopefully addressed 238ifdef W 239 ifneq (${W},0) 240 E ?= 0 241 endif 242endif 243 244ifeq (${W},1) 245 WARNINGS += $(WARNING1) 246else ifeq (${W},2) 247 WARNINGS += $(WARNING1) $(WARNING2) 248else ifeq (${W},3) 249 WARNINGS += $(WARNING1) $(WARNING2) $(WARNING3) 250endif #(W) 251 252# Compiler specific warnings 253ifeq ($(filter %-clang,$($(ARCH)-cc-id)),) 254# not using clang 255WARNINGS += -Wunused-but-set-variable -Wmaybe-uninitialized \ 256 -Wpacked-bitfield-compat -Wshift-overflow=2 \ 257 -Wlogical-op 258 259# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105523 260TF_CFLAGS_MIN_PAGE_SIZE := $(call cc_option, --param=min-pagesize=0) 261TF_CFLAGS += $(TF_CFLAGS_MIN_PAGE_SIZE) 262 263ifeq ($(HARDEN_SLS), 1) 264 TF_CFLAGS_MHARDEN_SLS := $(call cc_option, -mharden-sls=all) 265 TF_CFLAGS_aarch64 += $(TF_CFLAGS_MHARDEN_SLS) 266endif 267 268else 269# using clang 270WARNINGS += -Wshift-overflow -Wshift-sign-overflow \ 271 -Wlogical-op-parentheses 272endif #(Clang Warning) 273 274ifneq (${E},0) 275 ERRORS := -Werror 276endif #(E) 277 278################################################################################ 279# Compiler and Linker Directives 280################################################################################ 281CPPFLAGS = ${DEFINES} ${INCLUDES} ${MBEDTLS_INC} -nostdinc \ 282 $(ERRORS) $(WARNINGS) 283ASFLAGS += $(CPPFLAGS) \ 284 -ffreestanding -Wa,--fatal-warnings 285TF_CFLAGS += $(CPPFLAGS) $(TF_CFLAGS_$(ARCH)) \ 286 -ffunction-sections -fdata-sections \ 287 -ffreestanding -fno-common \ 288 -Os -std=gnu99 289 290ifeq (${SANITIZE_UB},on) 291 TF_CFLAGS += -fsanitize=undefined -fno-sanitize-recover 292endif #(${SANITIZE_UB},on) 293 294ifeq (${SANITIZE_UB},trap) 295 TF_CFLAGS += -fsanitize=undefined -fno-sanitize-recover \ 296 -fsanitize-undefined-trap-on-error 297endif #(${SANITIZE_UB},trap) 298 299GCC_V_OUTPUT := $(if $($(ARCH)-cc),$(shell $($(ARCH)-cc) -v 2>&1)) 300 301TF_LDFLAGS += -z noexecstack 302 303# LD = armlink 304ifeq ($($(ARCH)-ld-id),arm-link) 305 TF_LDFLAGS += --diag_error=warning --lto_level=O1 306 TF_LDFLAGS += --remove --info=unused,unusedsymbols 307 TF_LDFLAGS += $(TF_LDFLAGS_$(ARCH)) 308 309# LD = gcc (used when GCC LTO is enabled) 310else ifeq ($($(ARCH)-ld-id),gnu-gcc) 311 # Pass ld options with Wl or Xlinker switches 312 TF_LDFLAGS += $(call ld_option,-Xlinker --no-warn-rwx-segments) 313 TF_LDFLAGS += -Wl,--fatal-warnings -O1 314 TF_LDFLAGS += -Wl,--gc-sections 315 316 TF_LDFLAGS += -Wl,-z,common-page-size=4096 #Configure page size constants 317 TF_LDFLAGS += -Wl,-z,max-page-size=4096 318 TF_LDFLAGS += -Wl,--build-id=none 319 320 ifeq ($(ENABLE_LTO),1) 321 ifeq (${ARCH},aarch64) 322 TF_LDFLAGS += -flto -fuse-linker-plugin 323 TF_LDFLAGS += -flto-partition=one 324 endif 325 endif #(ENABLE_LTO) 326 327# GCC automatically adds fix-cortex-a53-843419 flag when used to link 328# which breaks some builds, so disable if errata fix is not explicitly enabled 329 ifeq (${ARCH},aarch64) 330 ifneq (${ERRATA_A53_843419},1) 331 TF_LDFLAGS += -mno-fix-cortex-a53-843419 332 endif 333 endif 334 TF_LDFLAGS += -nostdlib 335 TF_LDFLAGS += $(subst --,-Xlinker --,$(TF_LDFLAGS_$(ARCH))) 336 337# LD = gcc-ld (ld) or llvm-ld (ld.lld) or other 338else 339# With ld.bfd version 2.39 and newer new warnings are added. Skip those since we 340# are not loaded by a elf loader. 341 TF_LDFLAGS += $(call ld_option, --no-warn-rwx-segments) 342 TF_LDFLAGS += -O1 343 TF_LDFLAGS += --gc-sections 344 345 TF_LDFLAGS += -z common-page-size=4096 # Configure page size constants 346 TF_LDFLAGS += -z max-page-size=4096 347 TF_LDFLAGS += --build-id=none 348 349# ld.lld doesn't recognize the errata flags, 350# therefore don't add those in that case. 351# ld.lld reports section type mismatch warnings, 352# therefore don't add --fatal-warnings to it. 353 ifneq ($($(ARCH)-ld-id),llvm-lld) 354 TF_LDFLAGS += $(TF_LDFLAGS_$(ARCH)) --fatal-warnings 355 endif 356 357endif #(LD = armlink) 358 359################################################################################ 360# Setup ARCH_MAJOR/MINOR before parsing arch_features. 361################################################################################ 362ifeq (${ENABLE_RME},1) 363 ARM_ARCH_MAJOR := 9 364 ARM_ARCH_MINOR := 2 365endif 366 367################################################################################ 368# Common sources and include directories 369################################################################################ 370include lib/compiler-rt/compiler-rt.mk 371 372# Allow overriding the timestamp, for example for reproducible builds, or to 373# synchronize timestamps across multiple projects. 374# This must be set to a C string (including quotes where applicable). 375BUILD_MESSAGE_TIMESTAMP ?= __TIME__", "__DATE__ 376 377DEFINES += -DBUILD_MESSAGE_TIMESTAMP='$(BUILD_MESSAGE_TIMESTAMP)' 378DEFINES += -DBUILD_MESSAGE_VERSION_STRING='"$(VERSION_STRING)"' 379DEFINES += -DBUILD_MESSAGE_VERSION='"$(VERSION)"' 380 381BL_COMMON_SOURCES += common/bl_common.c \ 382 common/tf_log.c \ 383 common/${ARCH}/debug.S \ 384 drivers/console/multi_console.c \ 385 lib/${ARCH}/cache_helpers.S \ 386 lib/${ARCH}/misc_helpers.S \ 387 lib/extensions/pmuv3/${ARCH}/pmuv3.c \ 388 plat/common/plat_bl_common.c \ 389 plat/common/plat_log_common.c \ 390 plat/common/${ARCH}/plat_common.c \ 391 plat/common/${ARCH}/platform_helpers.S \ 392 ${COMPILER_RT_SRCS} 393 394ifeq ($($(ARCH)-cc-id),arm-clang) 395 BL_COMMON_SOURCES += lib/${ARCH}/armclang_printf.S 396endif 397 398ifeq (${SANITIZE_UB},on) 399 BL_COMMON_SOURCES += plat/common/ubsan.c 400endif 401 402INCLUDES += -Iinclude \ 403 -Iinclude/arch/${ARCH} \ 404 -Iinclude/lib/cpus/${ARCH} \ 405 -Iinclude/lib/el3_runtime/${ARCH} \ 406 ${PLAT_INCLUDES} \ 407 ${SPD_INCLUDES} 408 409DTC_FLAGS += -I dts -O dtb 410DTC_CPPFLAGS += -P -nostdinc $(INCLUDES) -Ifdts -undef \ 411 -x assembler-with-cpp $(DEFINES) 412 413include common/backtrace/backtrace.mk 414 415################################################################################ 416# Generic definitions 417################################################################################ 418 419ifeq (${BUILD_BASE},) 420 BUILD_BASE := ./build 421endif 422BUILD_PLAT := $(abspath ${BUILD_BASE})/${PLAT}/${BUILD_TYPE} 423 424SPDS := $(sort $(filter-out none, $(patsubst services/spd/%,%,$(wildcard services/spd/*)))) 425 426# Platforms providing their own TBB makefile may override this value 427INCLUDE_TBBR_MK := 1 428 429################################################################################ 430# Include SPD Makefile if one has been specified 431################################################################################ 432 433ifneq (${SPD},none) 434 ifeq (${SPD},spmd) 435 # SPMD is located in std_svc directory 436 SPD_DIR := std_svc 437 438 ifeq ($(SPMD_SPM_AT_SEL2),1) 439 CTX_INCLUDE_EL2_REGS := 1 440 endif 441 442 ifeq ($(findstring optee_sp,$(ARM_SPMC_MANIFEST_DTS)),optee_sp) 443 DTC_CPPFLAGS += -DOPTEE_SP_FW_CONFIG 444 endif 445 446 ifeq ($(findstring trusty_sp,$(ARM_SPMC_MANIFEST_DTS)),trusty_sp) 447 DTC_CPPFLAGS += -DTRUSTY_SP_FW_CONFIG 448 endif 449 450 ifeq ($(TS_SP_FW_CONFIG),1) 451 DTC_CPPFLAGS += -DTS_SP_FW_CONFIG 452 endif 453 454 ifneq ($(ARM_BL2_SP_LIST_DTS),) 455 DTC_CPPFLAGS += -DARM_BL2_SP_LIST_DTS=$(ARM_BL2_SP_LIST_DTS) 456 endif 457 458 ifneq ($(SP_LAYOUT_FILE),) 459 BL2_ENABLE_SP_LOAD := 1 460 endif 461 else 462 # All other SPDs in spd directory 463 SPD_DIR := spd 464 endif #(SPD) 465 466 # We expect to locate an spd.mk under the specified SPD directory 467 SPD_MAKE := $(wildcard services/${SPD_DIR}/${SPD}/${SPD}.mk) 468 469 ifeq (${SPD_MAKE},) 470 $(error Error: No services/${SPD_DIR}/${SPD}/${SPD}.mk located) 471 endif 472 $(info Including ${SPD_MAKE}) 473 include ${SPD_MAKE} 474 475 # If there's BL32 companion for the chosen SPD, we expect that the SPD's 476 # Makefile would set NEED_BL32 to "yes". In this case, the build system 477 # supports two mutually exclusive options: 478 # * BL32 is built from source: then BL32_SOURCES must contain the list 479 # of source files to build BL32 480 # * BL32 is a prebuilt binary: then BL32 must point to the image file 481 # that will be included in the FIP 482 # If both BL32_SOURCES and BL32 are defined, the binary takes precedence 483 # over the sources. 484endif #(SPD=none) 485 486################################################################################ 487# Include the platform specific Makefile after the SPD Makefile (the platform 488# makefile may use all previous definitions in this file) 489################################################################################ 490include ${PLAT_MAKEFILE_FULL} 491 492################################################################################ 493# Setup arch_features based on ARM_ARCH_MAJOR, ARM_ARCH_MINOR provided from 494# platform. 495################################################################################ 496 497include ${MAKE_HELPERS_DIRECTORY}arch_features.mk 498################################################################################ 499# Process BRANCH_PROTECTION value and set 500# Pointer Authentication and Branch Target Identification flags 501################################################################################ 502ifeq (${BRANCH_PROTECTION},0) 503 # Default value turns off all types of branch protection 504 BP_OPTION := none 505else ifneq (${ARCH},aarch64) 506 $(error BRANCH_PROTECTION requires AArch64) 507else ifeq (${BRANCH_PROTECTION},1) 508 # Enables all types of branch protection features 509 BP_OPTION := standard 510 ENABLE_BTI := 1 511 ENABLE_PAUTH := 1 512else ifeq (${BRANCH_PROTECTION},2) 513 # Return address signing to its standard level 514 BP_OPTION := pac-ret 515 ENABLE_PAUTH := 1 516else ifeq (${BRANCH_PROTECTION},3) 517 # Extend the signing to include leaf functions 518 BP_OPTION := pac-ret+leaf 519 ENABLE_PAUTH := 1 520else ifeq (${BRANCH_PROTECTION},4) 521 # Turn on branch target identification mechanism 522 BP_OPTION := bti 523 ENABLE_BTI := 1 524else ifeq (${BRANCH_PROTECTION},5) 525 # Turn on branch target identification mechanism 526 BP_OPTION := standard 527 ENABLE_BTI := 2 528 ENABLE_PAUTH := 2 529else 530 $(error Unknown BRANCH_PROTECTION value ${BRANCH_PROTECTION}) 531endif #(BRANCH_PROTECTION) 532 533ifneq ($(ENABLE_PAUTH),0) 534 CTX_INCLUDE_PAUTH_REGS := ${ENABLE_PAUTH} 535endif 536ifneq (${BP_OPTION},none) 537 TF_CFLAGS_aarch64 += -mbranch-protection=${BP_OPTION} 538endif #(BP_OPTION) 539 540# Pointer Authentication sources 541ifneq (${ENABLE_PAUTH},0) 542# arm/common/aarch64/arm_pauth.c contains a sample platform hook to complete the 543# Pauth support. As it's not secure, it must be reimplemented for real platforms 544 BL_COMMON_SOURCES += lib/extensions/pauth/pauth.c 545endif 546# 547ifneq (${ENABLE_FEAT_PAUTH_LR},0) 548# Currently, FEAT_PAUTH_LR is only supported by arm/clang compilers 549# TODO implement for GCC when support is added 550ifeq ($($(ARCH)-cc-id),arm-clang) 551 arch-features := $(arch-features)+pauth-lr 552else 553 $(error Error: ENABLE_FEAT_PAUTH_LR not supported for GCC compiler) 554endif 555endif 556 557################################################################################ 558# RME dependent flags configuration, Enable optional features for RME. 559################################################################################ 560# FEAT_RME 561ifeq (${ENABLE_RME},1) 562 # RME requires el2 context to be saved for now. 563 CTX_INCLUDE_EL2_REGS := 1 564 CTX_INCLUDE_AARCH32_REGS := 0 565 CTX_INCLUDE_PAUTH_REGS := 1 566 567 ifneq ($(ENABLE_FEAT_MPAM), 0) 568 CTX_INCLUDE_MPAM_REGS := 1 569 endif 570 571 # RME enables CSV2_2 extension by default. 572 ENABLE_FEAT_CSV2_2 = 1 573endif #(FEAT_RME) 574 575################################################################################ 576# Include rmmd Makefile if RME is enabled 577################################################################################ 578ifneq (${ENABLE_RME},0) 579include services/std_svc/rmmd/rmmd.mk 580$(warning "RME is an experimental feature") 581endif 582 583################################################################################ 584# Make 128-Bit sysreg read/writes availabe when FEAT_D128 is enabled. 585################################################################################ 586ifneq (${ENABLE_FEAT_D128}, 0) 587 BL_COMMON_SOURCES += lib/extensions/sysreg128/sysreg128.S 588endif 589 590################################################################################ 591# Platform specific Makefile might provide us ARCH_MAJOR/MINOR use that to come 592# up with appropriate march values for compiler. 593################################################################################ 594include ${MAKE_HELPERS_DIRECTORY}march.mk 595 596TF_CFLAGS += $(march-directive) 597ASFLAGS += $(march-directive) 598 599# This internal flag is common option which is set to 1 for scenarios 600# when the BL2 is running in EL3 level. This occurs in two scenarios - 601# 4 world system running BL2 at EL3 and two world system without BL1 running 602# BL2 in EL3 603 604ifeq (${RESET_TO_BL2},1) 605 BL2_RUNS_AT_EL3 := 1 606 ifeq (${ENABLE_RME},1) 607 $(error RESET_TO_BL2=1 and ENABLE_RME=1 configuration is not \ 608 supported at the moment.) 609 endif 610else ifeq (${ENABLE_RME},1) 611 BL2_RUNS_AT_EL3 := 1 612else 613 BL2_RUNS_AT_EL3 := 0 614endif 615 616# This internal flag is set to 1 when Firmware First handling of External aborts 617# is required by lowe ELs. Currently only NS requires this support. 618ifeq ($(HANDLE_EA_EL3_FIRST_NS),1) 619 FFH_SUPPORT := 1 620else 621 FFH_SUPPORT := 0 622endif 623 624ifeq (${ARM_ARCH_MAJOR},7) 625include make_helpers/armv7-a-cpus.mk 626endif 627 628PIE_FOUND := $(findstring --enable-default-pie,${GCC_V_OUTPUT}) 629ifneq ($(PIE_FOUND),) 630 TF_CFLAGS += -fno-PIE 631ifeq ($($(ARCH)-ld-id),gnu-gcc) 632 TF_LDFLAGS += -no-pie 633endif 634endif #(PIE_FOUND) 635 636ifeq ($($(ARCH)-ld-id),gnu-gcc) 637 PIE_LDFLAGS += -Wl,-pie -Wl,--no-dynamic-linker 638else 639 PIE_LDFLAGS += -pie --no-dynamic-linker 640endif 641 642ifeq ($(ENABLE_PIE),1) 643 ifeq ($(RESET_TO_BL2),1) 644 ifneq ($(BL2_IN_XIP_MEM),1) 645 BL2_CPPFLAGS += -fpie 646 BL2_CFLAGS += -fpie 647 BL2_LDFLAGS += $(PIE_LDFLAGS) 648 endif #(BL2_IN_XIP_MEM) 649 endif #(RESET_TO_BL2) 650 BL31_CPPFLAGS += -fpie 651 BL31_CFLAGS += -fpie 652 BL31_LDFLAGS += $(PIE_LDFLAGS) 653 654 BL32_CPPFLAGS += -fpie 655 BL32_CFLAGS += -fpie 656 BL32_LDFLAGS += $(PIE_LDFLAGS) 657endif #(ENABLE_PIE) 658 659BL1_CPPFLAGS += -DREPORT_ERRATA=${DEBUG} 660BL31_CPPFLAGS += -DREPORT_ERRATA=${DEBUG} 661BL32_CPPFLAGS += -DREPORT_ERRATA=${DEBUG} 662 663BL1_CPPFLAGS += -DIMAGE_AT_EL3 664ifeq ($(RESET_TO_BL2),1) 665 BL2_CPPFLAGS += -DIMAGE_AT_EL3 666else 667 BL2_CPPFLAGS += -DIMAGE_AT_EL1 668endif #(RESET_TO_BL2) 669 670ifeq (${ARCH},aarch64) 671 BL2U_CPPFLAGS += -DIMAGE_AT_EL1 672 BL31_CPPFLAGS += -DIMAGE_AT_EL3 673 BL32_CPPFLAGS += -DIMAGE_AT_EL1 674else 675 BL32_CPPFLAGS += -DIMAGE_AT_EL3 676endif 677 678# Include the CPU specific operations makefile, which provides default 679# values for all CPU errata workarounds and CPU specific optimisations. 680# This can be overridden by the platform. 681include lib/cpus/cpu-ops.mk 682 683################################################################################ 684# Build `AARCH32_SP` as BL32 image for AArch32 685################################################################################ 686ifeq (${ARCH},aarch32) 687 NEED_BL32 := yes 688 689 ifneq (${AARCH32_SP},none) 690 # We expect to locate an sp.mk under the specified AARCH32_SP directory 691 AARCH32_SP_MAKE := $(wildcard bl32/${AARCH32_SP}/${AARCH32_SP}.mk) 692 693 ifeq (${AARCH32_SP_MAKE},) 694 $(error Error: No bl32/${AARCH32_SP}/${AARCH32_SP}.mk located) 695 endif 696 $(info Including ${AARCH32_SP_MAKE}) 697 include ${AARCH32_SP_MAKE} 698 endif 699endif #(ARCH=aarch32) 700 701################################################################################ 702# Include libc if not overridden 703################################################################################ 704ifeq (${OVERRIDE_LIBC},0) 705include lib/libc/libc.mk 706endif 707 708ifneq (${USE_GIC_DRIVER},0) 709include drivers/arm/gic/gic.mk 710endif 711 712################################################################################ 713# Check incompatible options and dependencies 714################################################################################ 715include ${MAKE_HELPERS_DIRECTORY}constraints.mk 716 717# The cert_create tool cannot generate certificates individually, so we use the 718# target 'certificates' to create them all 719ifneq (${GENERATE_COT},0) 720 FIP_DEPS += certificates 721 FWU_FIP_DEPS += fwu_certificates 722endif 723 724ifneq (${DECRYPTION_SUPPORT},none) 725 ENC_ARGS += -f ${FW_ENC_STATUS} 726 ENC_ARGS += -k ${ENC_KEY} 727 ENC_ARGS += -n ${ENC_NONCE} 728 FIP_DEPS += enctool 729 FWU_FIP_DEPS += enctool 730endif #(DECRYPTION_SUPPORT) 731 732ifeq ($(MEASURED_BOOT)-$(TRUSTED_BOARD_BOOT),1-1) 733# Support authentication verification and hash calculation 734 CRYPTO_SUPPORT := 3 735else ifeq ($(DRTM_SUPPORT)-$(TRUSTED_BOARD_BOOT),1-1) 736# Support authentication verification and hash calculation 737 CRYPTO_SUPPORT := 3 738else ifneq ($(filter 1,${MEASURED_BOOT} ${DRTM_SUPPORT}),) 739# Support hash calculation only 740 CRYPTO_SUPPORT := 2 741else ifeq (${TRUSTED_BOARD_BOOT},1) 742# Support authentication verification only 743 CRYPTO_SUPPORT := 1 744else 745 CRYPTO_SUPPORT := 0 746endif #($(MEASURED_BOOT)-$(TRUSTED_BOARD_BOOT)) 747 748ifneq ($(filter 1 2 3,$(CRYPTO_SUPPORT)),) 749CRYPTO_LIB := $(BUILD_PLAT)/lib/libmbedtls.a 750endif 751 752################################################################################ 753# Process platform overrideable behaviour 754################################################################################ 755 756ifdef BL1_SOURCES 757 NEED_BL1 := yes 758endif #(BL1_SOURCES) 759 760ifdef BL2_SOURCES 761 NEED_BL2 := yes 762 763 # Using BL2 implies that a BL33 image also needs to be supplied for the FIP and 764 # Certificate generation tools. This flag can be overridden by the platform. 765 ifdef EL3_PAYLOAD_BASE 766 # If booting an EL3 payload there is no need for a BL33 image 767 # in the FIP file. 768 NEED_BL33 := no 769 else 770 ifdef PRELOADED_BL33_BASE 771 # If booting a BL33 preloaded image there is no need of 772 # another one in the FIP file. 773 NEED_BL33 := no 774 else 775 NEED_BL33 ?= yes 776 endif 777 endif 778endif #(BL2_SOURCES) 779 780ifdef BL2U_SOURCES 781 NEED_BL2U := yes 782endif #(BL2U_SOURCES) 783 784# If SCP_BL2 is given, we always want FIP to include it. 785ifdef SCP_BL2 786 NEED_SCP_BL2 := yes 787endif #(SCP_BL2) 788 789# For AArch32, BL31 is not currently supported. 790ifneq (${ARCH},aarch32) 791 ifdef BL31_SOURCES 792 # When booting an EL3 payload, there is no need to compile the BL31 793 # image nor put it in the FIP. 794 ifndef EL3_PAYLOAD_BASE 795 NEED_BL31 := yes 796 endif 797 endif 798endif #(ARCH=aarch64) 799 800# Process TBB related flags 801ifneq (${GENERATE_COT},0) 802 # Common cert_create options 803 ifneq (${CREATE_KEYS},0) 804 $(eval CRT_ARGS += -n) 805 $(eval FWU_CRT_ARGS += -n) 806 ifneq (${SAVE_KEYS},0) 807 $(eval CRT_ARGS += -k) 808 $(eval FWU_CRT_ARGS += -k) 809 endif 810 endif 811 # Include TBBR makefile (unless the platform indicates otherwise) 812 ifeq (${INCLUDE_TBBR_MK},1) 813 include make_helpers/tbbr/tbbr_tools.mk 814 endif 815endif #(GENERATE_COT) 816 817ifneq (${FIP_ALIGN},0) 818 FIP_ARGS += --align ${FIP_ALIGN} 819endif #(FIP_ALIGN) 820 821ifdef FDT_SOURCES 822 NEED_FDT := yes 823endif #(FDT_SOURCES) 824 825################################################################################ 826# Include libraries' Makefile that are used in all BL 827################################################################################ 828 829include lib/stack_protector/stack_protector.mk 830 831################################################################################ 832# Include BL specific makefiles 833################################################################################ 834 835ifeq (${NEED_BL1},yes) 836include bl1/bl1.mk 837endif 838 839ifeq (${NEED_BL2},yes) 840include bl2/bl2.mk 841endif 842 843ifeq (${NEED_BL2U},yes) 844include bl2u/bl2u.mk 845endif 846 847ifeq (${NEED_BL31},yes) 848include bl31/bl31.mk 849endif 850 851################################################################################ 852# Build options checks 853################################################################################ 854 855# Boolean_Flags 856$(eval $(call assert_booleans,\ 857 $(sort \ 858 ALLOW_RO_XLAT_TABLES \ 859 BL2_ENABLE_SP_LOAD \ 860 COLD_BOOT_SINGLE_CPU \ 861 CREATE_KEYS \ 862 CTX_INCLUDE_AARCH32_REGS \ 863 CTX_INCLUDE_FPREGS \ 864 CTX_INCLUDE_SVE_REGS \ 865 CTX_INCLUDE_EL2_REGS \ 866 CTX_INCLUDE_MPAM_REGS \ 867 DEBUG \ 868 DYN_DISABLE_AUTH \ 869 EL3_EXCEPTION_HANDLING \ 870 ENABLE_AMU_AUXILIARY_COUNTERS \ 871 AMU_RESTRICT_COUNTERS \ 872 ENABLE_ASSERTIONS \ 873 ENABLE_PIE \ 874 ENABLE_PMF \ 875 ENABLE_PSCI_STAT \ 876 ENABLE_RUNTIME_INSTRUMENTATION \ 877 ENABLE_SME_FOR_SWD \ 878 ENABLE_SVE_FOR_SWD \ 879 ENABLE_FEAT_GCIE \ 880 ENABLE_FEAT_RAS \ 881 FFH_SUPPORT \ 882 ERROR_DEPRECATED \ 883 FAULT_INJECTION_SUPPORT \ 884 GENERATE_COT \ 885 GICV2_G0_FOR_EL3 \ 886 HANDLE_EA_EL3_FIRST_NS \ 887 HARDEN_SLS \ 888 HW_ASSISTED_COHERENCY \ 889 MEASURED_BOOT \ 890 DISCRETE_TPM \ 891 DICE_PROTECTION_ENVIRONMENT \ 892 RMMD_ENABLE_EL3_TOKEN_SIGN \ 893 RMMD_ENABLE_IDE_KEY_PROG \ 894 DRTM_SUPPORT \ 895 NS_TIMER_SWITCH \ 896 OVERRIDE_LIBC \ 897 PL011_GENERIC_UART \ 898 PROGRAMMABLE_RESET_ADDRESS \ 899 PSCI_EXTENDED_STATE_ID \ 900 PSCI_OS_INIT_MODE \ 901 ARCH_FEATURE_AVAILABILITY \ 902 RESET_TO_BL31 \ 903 SAVE_KEYS \ 904 SEPARATE_CODE_AND_RODATA \ 905 SEPARATE_BL2_NOLOAD_REGION \ 906 SEPARATE_NOBITS_REGION \ 907 SEPARATE_RWDATA_REGION \ 908 SEPARATE_SIMD_SECTION \ 909 SPIN_ON_BL1_EXIT \ 910 SPM_MM \ 911 SPMC_AT_EL3 \ 912 SPMC_AT_EL3_SEL0_SP \ 913 SPMD_SPM_AT_SEL2 \ 914 ENABLE_SPMD_LP \ 915 TRANSFER_LIST \ 916 TRUSTED_BOARD_BOOT \ 917 USE_COHERENT_MEM \ 918 USE_DEBUGFS \ 919 ARM_IO_IN_DTB \ 920 SDEI_IN_FCONF \ 921 SEC_INT_DESC_IN_FCONF \ 922 USE_ROMLIB \ 923 USE_TBBR_DEFS \ 924 WARMBOOT_ENABLE_DCACHE_EARLY \ 925 RESET_TO_BL2 \ 926 BL2_IN_XIP_MEM \ 927 BL2_INV_DCACHE \ 928 USE_SPINLOCK_CAS \ 929 ENCRYPT_BL31 \ 930 ENCRYPT_BL32 \ 931 ERRATA_SPECULATIVE_AT \ 932 ERRATA_SME_POWER_DOWN \ 933 RAS_TRAP_NS_ERR_REC_ACCESS \ 934 COT_DESC_IN_DTB \ 935 USE_SP804_TIMER \ 936 PSA_FWU_SUPPORT \ 937 PSA_FWU_METADATA_FW_STORE_DESC \ 938 ENABLE_MPMM \ 939 FEAT_PABANDON \ 940 FEATURE_DETECTION \ 941 TRNG_SUPPORT \ 942 ENABLE_ERRATA_ALL \ 943 ERRATA_ABI_SUPPORT \ 944 ERRATA_NON_ARM_INTERCONNECT \ 945 CONDITIONAL_CMO \ 946 PSA_CRYPTO \ 947 ENABLE_CONSOLE_GETC \ 948 INIT_UNUSED_NS_EL2 \ 949 PLATFORM_REPORT_CTX_MEM_USE \ 950 EARLY_CONSOLE \ 951 PRESERVE_DSU_PMU_REGS \ 952 HOB_LIST \ 953 LFA_SUPPORT \ 954))) 955 956# Numeric_Flags 957$(eval $(call assert_numerics,\ 958 $(sort \ 959 ARM_ARCH_MAJOR \ 960 ARM_ARCH_MINOR \ 961 BRANCH_PROTECTION \ 962 CTX_INCLUDE_PAUTH_REGS \ 963 CTX_INCLUDE_NEVE_REGS \ 964 CRYPTO_SUPPORT \ 965 DISABLE_MTPMU \ 966 ENABLE_BRBE_FOR_NS \ 967 ENABLE_TRBE_FOR_NS \ 968 ENABLE_BTI \ 969 ENABLE_PAUTH \ 970 ENABLE_FEAT_PAUTH_LR \ 971 ENABLE_FEAT_AMU \ 972 ENABLE_FEAT_AMUv1p1 \ 973 ENABLE_FEAT_CSV2_2 \ 974 ENABLE_FEAT_CSV2_3 \ 975 ENABLE_FEAT_DEBUGV8P9 \ 976 ENABLE_FEAT_DIT \ 977 ENABLE_FEAT_ECV \ 978 ENABLE_FEAT_FGT \ 979 ENABLE_FEAT_FGT2 \ 980 ENABLE_FEAT_FPMR \ 981 ENABLE_FEAT_HCX \ 982 ENABLE_FEAT_LS64_ACCDATA \ 983 ENABLE_FEAT_MEC \ 984 ENABLE_FEAT_MOPS \ 985 ENABLE_FEAT_MTE2 \ 986 ENABLE_FEAT_PAN \ 987 ENABLE_FEAT_RNG \ 988 ENABLE_FEAT_RNG_TRAP \ 989 ENABLE_FEAT_SEL2 \ 990 ENABLE_FEAT_TCR2 \ 991 ENABLE_FEAT_THE \ 992 ENABLE_FEAT_SB \ 993 ENABLE_FEAT_S2PIE \ 994 ENABLE_FEAT_S1PIE \ 995 ENABLE_FEAT_S2POE \ 996 ENABLE_FEAT_S1POE \ 997 ENABLE_FEAT_SCTLR2 \ 998 ENABLE_FEAT_D128 \ 999 ENABLE_FEAT_GCS \ 1000 ENABLE_FEAT_VHE \ 1001 ENABLE_FEAT_MPAM \ 1002 ENABLE_RME \ 1003 ENABLE_SPE_FOR_NS \ 1004 ENABLE_SYS_REG_TRACE_FOR_NS \ 1005 ENABLE_SME_FOR_NS \ 1006 ENABLE_SME2_FOR_NS \ 1007 ENABLE_SVE_FOR_NS \ 1008 ENABLE_TRF_FOR_NS \ 1009 FW_ENC_STATUS \ 1010 NR_OF_FW_BANKS \ 1011 NR_OF_IMAGES_IN_FW_BANK \ 1012 TWED_DELAY \ 1013 ENABLE_FEAT_TWED \ 1014 SVE_VECTOR_LEN \ 1015 IMPDEF_SYSREG_TRAP \ 1016))) 1017 1018ifdef KEY_SIZE 1019 $(eval $(call assert_numeric,KEY_SIZE)) 1020endif 1021 1022ifeq ($(filter $(SANITIZE_UB), on off trap),) 1023 $(error "Invalid value for SANITIZE_UB: can be one of on, off, trap") 1024endif 1025 1026################################################################################ 1027# Add definitions to the cpp preprocessor based on the current build options. 1028# This is done after including the platform specific makefile to allow the 1029# platform to overwrite the default options 1030################################################################################ 1031 1032$(eval $(call add_defines,\ 1033 $(sort \ 1034 ALLOW_RO_XLAT_TABLES \ 1035 ARM_ARCH_MAJOR \ 1036 ARM_ARCH_MINOR \ 1037 BL2_ENABLE_SP_LOAD \ 1038 COLD_BOOT_SINGLE_CPU \ 1039 CTX_INCLUDE_AARCH32_REGS \ 1040 CTX_INCLUDE_FPREGS \ 1041 CTX_INCLUDE_SVE_REGS \ 1042 CTX_INCLUDE_PAUTH_REGS \ 1043 CTX_INCLUDE_MPAM_REGS \ 1044 EL3_EXCEPTION_HANDLING \ 1045 CTX_INCLUDE_EL2_REGS \ 1046 CTX_INCLUDE_NEVE_REGS \ 1047 DECRYPTION_SUPPORT_${DECRYPTION_SUPPORT} \ 1048 DISABLE_MTPMU \ 1049 ENABLE_FEAT_AMU \ 1050 ENABLE_AMU_AUXILIARY_COUNTERS \ 1051 AMU_RESTRICT_COUNTERS \ 1052 ENABLE_ASSERTIONS \ 1053 ENABLE_BTI \ 1054 ENABLE_FEAT_DEBUGV8P9 \ 1055 ENABLE_FEAT_MPAM \ 1056 ENABLE_PAUTH \ 1057 ENABLE_FEAT_PAUTH_LR \ 1058 ENABLE_PIE \ 1059 ENABLE_PMF \ 1060 ENABLE_PSCI_STAT \ 1061 ENABLE_RME \ 1062 RMMD_ENABLE_EL3_TOKEN_SIGN \ 1063 RMMD_ENABLE_IDE_KEY_PROG \ 1064 ENABLE_RUNTIME_INSTRUMENTATION \ 1065 ENABLE_SME_FOR_NS \ 1066 ENABLE_SME2_FOR_NS \ 1067 ENABLE_SME_FOR_SWD \ 1068 ENABLE_SPE_FOR_NS \ 1069 ENABLE_SVE_FOR_NS \ 1070 ENABLE_SVE_FOR_SWD \ 1071 ENABLE_FEAT_RAS \ 1072 FFH_SUPPORT \ 1073 ENCRYPT_BL31 \ 1074 ENCRYPT_BL32 \ 1075 ERROR_DEPRECATED \ 1076 FAULT_INJECTION_SUPPORT \ 1077 GICV2_G0_FOR_EL3 \ 1078 HANDLE_EA_EL3_FIRST_NS \ 1079 HW_ASSISTED_COHERENCY \ 1080 LOG_LEVEL \ 1081 MEASURED_BOOT \ 1082 DISCRETE_TPM \ 1083 DICE_PROTECTION_ENVIRONMENT \ 1084 DRTM_SUPPORT \ 1085 NS_TIMER_SWITCH \ 1086 PL011_GENERIC_UART \ 1087 PLAT_${PLAT} \ 1088 PROGRAMMABLE_RESET_ADDRESS \ 1089 PSCI_EXTENDED_STATE_ID \ 1090 PSCI_OS_INIT_MODE \ 1091 ARCH_FEATURE_AVAILABILITY \ 1092 RESET_TO_BL31 \ 1093 RME_GPT_BITLOCK_BLOCK \ 1094 RME_GPT_MAX_BLOCK \ 1095 SEPARATE_CODE_AND_RODATA \ 1096 SEPARATE_BL2_NOLOAD_REGION \ 1097 SEPARATE_NOBITS_REGION \ 1098 SEPARATE_RWDATA_REGION \ 1099 SEPARATE_SIMD_SECTION \ 1100 RECLAIM_INIT_CODE \ 1101 SPD_${SPD} \ 1102 SPIN_ON_BL1_EXIT \ 1103 SPM_MM \ 1104 SPMC_AT_EL3 \ 1105 SPMC_AT_EL3_SEL0_SP \ 1106 SPMD_SPM_AT_SEL2 \ 1107 TRANSFER_LIST \ 1108 TRUSTED_BOARD_BOOT \ 1109 CRYPTO_SUPPORT \ 1110 TRNG_SUPPORT \ 1111 ERRATA_ABI_SUPPORT \ 1112 ERRATA_NON_ARM_INTERCONNECT \ 1113 USE_COHERENT_MEM \ 1114 USE_DEBUGFS \ 1115 ARM_IO_IN_DTB \ 1116 SDEI_IN_FCONF \ 1117 SEC_INT_DESC_IN_FCONF \ 1118 USE_ROMLIB \ 1119 USE_TBBR_DEFS \ 1120 WARMBOOT_ENABLE_DCACHE_EARLY \ 1121 RESET_TO_BL2 \ 1122 BL2_RUNS_AT_EL3 \ 1123 BL2_IN_XIP_MEM \ 1124 BL2_INV_DCACHE \ 1125 USE_SPINLOCK_CAS \ 1126 ERRATA_SPECULATIVE_AT \ 1127 ERRATA_SME_POWER_DOWN \ 1128 RAS_TRAP_NS_ERR_REC_ACCESS \ 1129 COT_DESC_IN_DTB \ 1130 USE_SP804_TIMER \ 1131 ENABLE_FEAT_RNG \ 1132 ENABLE_FEAT_RNG_TRAP \ 1133 ENABLE_FEAT_SB \ 1134 ENABLE_FEAT_DIT \ 1135 NR_OF_FW_BANKS \ 1136 NR_OF_IMAGES_IN_FW_BANK \ 1137 PSA_FWU_SUPPORT \ 1138 PSA_FWU_METADATA_FW_STORE_DESC \ 1139 ENABLE_BRBE_FOR_NS \ 1140 ENABLE_TRBE_FOR_NS \ 1141 ENABLE_SYS_REG_TRACE_FOR_NS \ 1142 ENABLE_TRF_FOR_NS \ 1143 ENABLE_FEAT_HCX \ 1144 ENABLE_MPMM \ 1145 FEAT_PABANDON \ 1146 ENABLE_FEAT_FGT \ 1147 ENABLE_FEAT_FGT2 \ 1148 ENABLE_FEAT_FPMR \ 1149 ENABLE_FEAT_ECV \ 1150 ENABLE_FEAT_AMUv1p1 \ 1151 ENABLE_FEAT_SEL2 \ 1152 ENABLE_FEAT_VHE \ 1153 ENABLE_FEAT_CSV2_2 \ 1154 ENABLE_FEAT_CSV2_3 \ 1155 ENABLE_FEAT_LS64_ACCDATA \ 1156 ENABLE_FEAT_MEC \ 1157 ENABLE_FEAT_PAN \ 1158 ENABLE_FEAT_TCR2 \ 1159 ENABLE_FEAT_THE \ 1160 ENABLE_FEAT_S2PIE \ 1161 ENABLE_FEAT_S1PIE \ 1162 ENABLE_FEAT_S2POE \ 1163 ENABLE_FEAT_S1POE \ 1164 ENABLE_FEAT_SCTLR2 \ 1165 ENABLE_FEAT_D128 \ 1166 ENABLE_FEAT_GCS \ 1167 ENABLE_FEAT_MOPS \ 1168 ENABLE_FEAT_GCIE \ 1169 ENABLE_FEAT_MTE2 \ 1170 FEATURE_DETECTION \ 1171 TWED_DELAY \ 1172 ENABLE_FEAT_TWED \ 1173 CONDITIONAL_CMO \ 1174 IMPDEF_SYSREG_TRAP \ 1175 SVE_VECTOR_LEN \ 1176 ENABLE_SPMD_LP \ 1177 PSA_CRYPTO \ 1178 ENABLE_CONSOLE_GETC \ 1179 INIT_UNUSED_NS_EL2 \ 1180 PLATFORM_REPORT_CTX_MEM_USE \ 1181 EARLY_CONSOLE \ 1182 PRESERVE_DSU_PMU_REGS \ 1183 HOB_LIST \ 1184 LFA_SUPPORT \ 1185))) 1186 1187ifeq (${PLATFORM_REPORT_CTX_MEM_USE}, 1) 1188ifeq (${DEBUG}, 0) 1189 $(warning "PLATFORM_REPORT_CTX_MEM_USE can be applied when DEBUG=1 only") 1190 override PLATFORM_REPORT_CTX_MEM_USE := 0 1191endif 1192endif 1193 1194ifeq (${SANITIZE_UB},trap) 1195 $(eval $(call add_define,MONITOR_TRAPS)) 1196endif #(SANITIZE_UB) 1197 1198# Define the EL3_PAYLOAD_BASE flag only if it is provided. 1199ifdef EL3_PAYLOAD_BASE 1200 $(eval $(call add_define,EL3_PAYLOAD_BASE)) 1201else 1202# Define the PRELOADED_BL33_BASE flag only if it is provided and 1203# EL3_PAYLOAD_BASE is not defined, as it has priority. 1204 ifdef PRELOADED_BL33_BASE 1205 $(eval $(call add_define,PRELOADED_BL33_BASE)) 1206 endif 1207endif #(EL3_PAYLOAD_BASE) 1208 1209# Define the DYN_DISABLE_AUTH flag only if set. 1210ifeq (${DYN_DISABLE_AUTH},1) 1211 $(eval $(call add_define,DYN_DISABLE_AUTH)) 1212endif 1213 1214ifeq ($($(ARCH)-ld-id),arm-link) 1215 $(eval $(call add_define,USE_ARM_LINK)) 1216endif 1217 1218# Generate and include sp_gen.mk if SPD is spmd and SP_LAYOUT_FILE is defined 1219ifeq (${SPD},spmd) 1220ifdef SP_LAYOUT_FILE 1221 -include $(BUILD_PLAT)/sp_gen.mk 1222 FIP_DEPS += sp 1223 CRT_DEPS += sp 1224 NEED_SP_PKG := yes 1225else 1226 ifeq (${SPMD_SPM_AT_SEL2},1) 1227 $(error "SPMD with SPM at S-EL2 require SP_LAYOUT_FILE") 1228 endif 1229endif #(SP_LAYOUT_FILE) 1230endif #(SPD) 1231 1232################################################################################ 1233# Build targets 1234################################################################################ 1235 1236.PHONY: all msg_start clean realclean distclean cscope locate-checkpatch checkcodebase checkpatch fiptool sptool fip sp tl fwu_fip certtool dtbs memmap doc enctool 1237 1238all: msg_start 1239 1240msg_start: 1241 $(s)echo "Building ${PLAT}" 1242 1243ifeq (${ERROR_DEPRECATED},0) 1244# Check if deprecated declarations and cpp warnings should be treated as error or not. 1245ifneq ($(filter %-clang,$($(ARCH)-cc-id)),) 1246 CPPFLAGS += -Wno-error=deprecated-declarations 1247else 1248 CPPFLAGS += -Wno-error=deprecated-declarations -Wno-error=cpp 1249endif 1250endif #(!ERROR_DEPRECATED) 1251 1252$(eval $(call MAKE_LIB,c)) 1253 1254# Expand build macros for the different images 1255ifeq (${NEED_BL1},yes) 1256BL1_SOURCES := $(sort ${BL1_SOURCES}) 1257$(eval $(call MAKE_BL,bl1)) 1258endif #(NEED_BL1) 1259 1260ifeq (${NEED_BL2},yes) 1261 1262ifeq (${RESET_TO_BL2}, 0) 1263FIP_BL2_ARGS := tb-fw 1264endif 1265 1266BL2_SOURCES := $(sort ${BL2_SOURCES}) 1267 1268$(if ${BL2}, $(eval $(call TOOL_ADD_IMG,bl2,--${FIP_BL2_ARGS})),\ 1269 $(eval $(call MAKE_BL,bl2,${FIP_BL2_ARGS}))) 1270 1271endif #(NEED_BL2) 1272 1273ifeq (${NEED_SCP_BL2},yes) 1274$(eval $(call TOOL_ADD_IMG,scp_bl2,--scp-fw)) 1275endif #(NEED_SCP_BL2) 1276 1277ifeq (${NEED_BL31},yes) 1278BL31_SOURCES += ${SPD_SOURCES} 1279# Sort BL31 source files to remove duplicates 1280BL31_SOURCES := $(sort ${BL31_SOURCES}) 1281ifneq (${DECRYPTION_SUPPORT},none) 1282$(if ${BL31}, $(eval $(call TOOL_ADD_IMG,bl31,--soc-fw,,$(ENCRYPT_BL31))),\ 1283 $(eval $(call MAKE_BL,bl31,soc-fw,,$(ENCRYPT_BL31)))) 1284else 1285$(if ${BL31}, $(eval $(call TOOL_ADD_IMG,bl31,--soc-fw)),\ 1286 $(eval $(call MAKE_BL,bl31,soc-fw))) 1287endif #(DECRYPTION_SUPPORT) 1288endif #(NEED_BL31) 1289 1290# If a BL32 image is needed but neither BL32 nor BL32_SOURCES is defined, the 1291# build system will call TOOL_ADD_IMG to print a warning message and abort the 1292# process. Note that the dependency on BL32 applies to the FIP only. 1293ifeq (${NEED_BL32},yes) 1294# Sort BL32 source files to remove duplicates 1295BL32_SOURCES := $(sort ${BL32_SOURCES}) 1296BUILD_BL32 := $(if $(BL32),,$(if $(BL32_SOURCES),1)) 1297 1298ifneq (${DECRYPTION_SUPPORT},none) 1299$(if ${BUILD_BL32}, $(eval $(call MAKE_BL,bl32,tos-fw,,$(ENCRYPT_BL32))),\ 1300 $(eval $(call TOOL_ADD_IMG,bl32,--tos-fw,,$(ENCRYPT_BL32)))) 1301else 1302$(if ${BUILD_BL32}, $(eval $(call MAKE_BL,bl32,tos-fw)),\ 1303 $(eval $(call TOOL_ADD_IMG,bl32,--tos-fw))) 1304endif #(DECRYPTION_SUPPORT) 1305endif #(NEED_BL32) 1306 1307# If RMM image is needed but RMM is not defined, Test Realm Payload (TRP) 1308# needs to be built from RMM_SOURCES. 1309ifeq (${NEED_RMM},yes) 1310# Sort RMM source files to remove duplicates 1311RMM_SOURCES := $(sort ${RMM_SOURCES}) 1312BUILD_RMM := $(if $(RMM),,$(if $(RMM_SOURCES),1)) 1313 1314$(if ${BUILD_RMM}, $(eval $(call MAKE_BL,rmm,rmm-fw)),\ 1315 $(eval $(call TOOL_ADD_IMG,rmm,--rmm-fw))) 1316endif #(NEED_RMM) 1317 1318# Add the BL33 image if required by the platform 1319ifeq (${NEED_BL33},yes) 1320$(eval $(call TOOL_ADD_IMG,bl33,--nt-fw)) 1321endif #(NEED_BL33) 1322 1323ifeq (${NEED_BL2U},yes) 1324$(if ${BL2U}, $(eval $(call TOOL_ADD_IMG,bl2u,--ap-fwu-cfg,FWU_)),\ 1325 $(eval $(call MAKE_BL,bl2u,ap-fwu-cfg,FWU_))) 1326endif #(NEED_BL2U) 1327 1328# Expand build macros for the different images 1329ifeq (${NEED_FDT},yes) 1330 $(eval $(call MAKE_DTBS,$(BUILD_PLAT)/fdts,$(FDT_SOURCES))) 1331 1332 ifneq (${INITRD_SIZE}${INITRD_PATH},) 1333 ifndef INITRD_BASE 1334 $(error INITRD_BASE must be set when inserting initrd properties to the DTB.) 1335 endif 1336 1337 INITRD_SIZE ?= $(shell printf "0x%x\n" $$(stat -Lc %s $(INITRD_PATH))) 1338 initrd_end = $(shell printf "0x%x\n" $$(expr $$(($(INITRD_BASE) + $(INITRD_SIZE))))) 1339 1340 define $(HW_CONFIG)-after += 1341 $(s)echo " INITRD $(HW_CONFIG)" 1342 $(q)fdtput -t x $@ /chosen linux,initrd-start $(INITRD_BASE) 1343 $(q)fdtput -t x $@ /chosen linux,initrd-end $(initrd_end) 1344 endef 1345 endif 1346endif #(NEED_FDT) 1347 1348# Add Secure Partition packages 1349ifeq (${NEED_SP_PKG},yes) 1350$(BUILD_PLAT)/sp_gen.mk: ${SP_MK_GEN} ${SP_LAYOUT_FILE} | $$(@D)/ 1351 $(if $(host-poetry),$(q)poetry -q install --no-root) 1352 $(q)$(if $(host-poetry),poetry run )${PYTHON} "$<" "$@" $(filter-out $<,$^) $(BUILD_PLAT) ${COT} ${SP_DTS_LIST_FRAGMENT} 1353sp: $(DTBS) $(BUILD_PLAT)/sp_gen.mk $(SP_PKGS) 1354 $(s)echo 1355 $(s)echo "Built SP Images successfully" 1356 $(s)echo 1357endif #(NEED_SP_PKG) 1358 1359locate-checkpatch: 1360ifndef CHECKPATCH 1361 $(error "Please set CHECKPATCH to point to the Linux checkpatch.pl file, eg: CHECKPATCH=../linux/scripts/checkpatch.pl") 1362else 1363ifeq (,$(wildcard ${CHECKPATCH})) 1364 $(error "The file CHECKPATCH points to cannot be found, use eg: CHECKPATCH=../linux/scripts/checkpatch.pl") 1365endif 1366endif #(CHECKPATCH) 1367 1368clean: 1369 $(s)echo " CLEAN" 1370 $(q)rm -rf $(BUILD_PLAT) 1371 $(q)${MAKE} --no-print-directory -C ${FIPTOOLPATH} clean 1372 $(q)${MAKE} PLAT=${PLAT} --no-print-directory -C ${CRTTOOLPATH} clean 1373 $(q)${MAKE} PLAT=${PLAT} --no-print-directory -C ${ENCTOOLPATH} clean 1374 $(q)${MAKE} --no-print-directory -C ${ROMLIBPATH} clean 1375 1376realclean distclean: 1377 $(s)echo " REALCLEAN" 1378 $(q)rm -rf $(BUILD_BASE) 1379 $(q)rm -rf $(CURDIR)/cscope.* 1380 $(q)${MAKE} --no-print-directory -C ${FIPTOOLPATH} clean 1381 $(q)${MAKE} PLAT=${PLAT} --no-print-directory -C ${CRTTOOLPATH} realclean 1382 $(q)${MAKE} PLAT=${PLAT} --no-print-directory -C ${ENCTOOLPATH} realclean 1383 $(q)${MAKE} --no-print-directory -C ${ROMLIBPATH} clean 1384 1385checkcodebase: locate-checkpatch 1386 $(s)echo " CHECKING STYLE" 1387 $(q)if test -d .git ; then \ 1388 git ls-files | grep -E -v 'libfdt|libc|docs|\.rst' | \ 1389 while read GIT_FILE ; \ 1390 do ${CHECKPATCH} ${CHECKCODE_ARGS} -f $$GIT_FILE ; \ 1391 done ; \ 1392 else \ 1393 find . -type f -not -iwholename "*.git*" \ 1394 -not -iwholename "*build*" \ 1395 -not -iwholename "*libfdt*" \ 1396 -not -iwholename "*libc*" \ 1397 -not -iwholename "*docs*" \ 1398 -not -iwholename "*.rst" \ 1399 -exec ${CHECKPATCH} ${CHECKCODE_ARGS} -f {} \; ; \ 1400 fi 1401 1402checkpatch: locate-checkpatch 1403 $(s)echo " CHECKING STYLE" 1404 $(q)if test -n "${CHECKPATCH_OPTS}"; then \ 1405 echo " with ${CHECKPATCH_OPTS} option(s)"; \ 1406 fi 1407 $(q)COMMON_COMMIT=$$(git merge-base HEAD ${BASE_COMMIT}); \ 1408 for commit in `git rev-list --no-merges $$COMMON_COMMIT..HEAD`; \ 1409 do \ 1410 printf "\n[*] Checking style of '$$commit'\n\n"; \ 1411 ( git log --format=email "$$commit~..$$commit" \ 1412 -- ${CHECK_PATHS} ; \ 1413 git diff --format=email "$$commit~..$$commit" \ 1414 -- ${CHECK_PATHS}; ) | \ 1415 ${CHECKPATCH} ${CHECKPATCH_OPTS} - || true; \ 1416 done 1417 1418certtool: ${CRTTOOL} 1419 1420${CRTTOOL}: FORCE 1421 $(q)${MAKE} PLAT=${PLAT} USE_TBBR_DEFS=${USE_TBBR_DEFS} COT=${COT} OPENSSL_DIR=${OPENSSL_DIR} CRTTOOL=${CRTTOOL} DEBUG=${DEBUG} --no-print-directory -C ${CRTTOOLPATH} all 1422 $(s)echo 1423 $(s)echo "Built $@ successfully" 1424 $(s)echo 1425 1426ifneq (${GENERATE_COT},0) 1427certificates: ${CRT_DEPS} ${CRTTOOL} 1428 $(q)${CRTTOOL} ${CRT_ARGS} 1429 $(s)echo 1430 $(s)echo "Built $@ successfully" 1431 $(s)echo "Certificates can be found in ${BUILD_PLAT}" 1432 $(s)echo 1433endif #(GENERATE_COT) 1434 1435${BUILD_PLAT}/${FIP_NAME}: ${FIP_DEPS} ${FIPTOOL} 1436 $(eval ${CHECK_FIP_CMD}) 1437 $(q)${FIPTOOL} create ${FIP_ARGS} $@ 1438 $(q)${FIPTOOL} info $@ 1439 $(s)echo 1440 $(s)echo "Built $@ successfully" 1441 $(s)echo 1442 1443ifneq (${GENERATE_COT},0) 1444fwu_certificates: ${FWU_CRT_DEPS} ${CRTTOOL} 1445 $(q)${CRTTOOL} ${FWU_CRT_ARGS} 1446 $(s)echo 1447 $(s)echo "Built $@ successfully" 1448 $(s)echo "FWU certificates can be found in ${BUILD_PLAT}" 1449 $(s)echo 1450endif #(GENERATE_COT) 1451 1452${BUILD_PLAT}/${FWU_FIP_NAME}: ${FWU_FIP_DEPS} ${FIPTOOL} 1453 $(eval ${CHECK_FWU_FIP_CMD}) 1454 $(q)${FIPTOOL} create ${FWU_FIP_ARGS} $@ 1455 $(q)${FIPTOOL} info $@ 1456 $(s)echo 1457 $(s)echo "Built $@ successfully" 1458 $(s)echo 1459 1460fiptool: ${FIPTOOL} 1461fip: ${BUILD_PLAT}/${FIP_NAME} 1462fwu_fip: ${BUILD_PLAT}/${FWU_FIP_NAME} 1463 1464${FIPTOOL}: FORCE 1465 $(q)${MAKE} PLAT=${PLAT} CPPFLAGS="-DVERSION='\"${VERSION_STRING}\"'" FIPTOOL=${FIPTOOL} OPENSSL_DIR=${OPENSSL_DIR} DEBUG=${DEBUG} --no-print-directory -C ${FIPTOOLPATH} all 1466 1467$(BUILD_PLAT)/romlib/romlib.bin $(BUILD_PLAT)/lib/libwrappers.a $&: $(BUILD_PLAT)/lib/libfdt.a $(BUILD_PLAT)/lib/libc.a $(CRYPTO_LIB) 1468 $(q)${MAKE} PLAT_DIR=${PLAT_DIR} BUILD_PLAT=${BUILD_PLAT} ENABLE_BTI=${ENABLE_BTI} CRYPTO_SUPPORT=${CRYPTO_SUPPORT} ARM_ARCH_MINOR=${ARM_ARCH_MINOR} INCLUDES=$(call escape-shell,$(INCLUDES)) DEFINES=$(call escape-shell,$(DEFINES)) --no-print-directory -C ${ROMLIBPATH} all 1469 1470memmap: all 1471 $(if $(host-poetry),$(q)poetry -q install --no-root) 1472 $(q)$(if $(host-poetry),poetry run )memory symbols --root ${BUILD_PLAT} 1473 1474tl: ${BUILD_PLAT}/tl.bin 1475${BUILD_PLAT}/tl.bin: ${HW_CONFIG} 1476 $(if $(host-poetry),$(q)poetry -q install --no-root) 1477 $(q)$(if $(host-poetry),poetry run )tlc create --fdt $< -s ${FW_HANDOFF_SIZE} $@ 1478 1479doc: 1480 $(s)echo " BUILD DOCUMENTATION" 1481 $(if $(host-poetry),$(q)poetry -q install --with docs --no-root) 1482 $(q)$(if $(host-poetry),poetry run )${MAKE} --no-print-directory -C ${DOCS_PATH} html 1483 1484enctool: ${ENCTOOL} 1485 1486${ENCTOOL}: FORCE 1487 $(q)${MAKE} PLAT=${PLAT} BUILD_INFO=0 OPENSSL_DIR=${OPENSSL_DIR} ENCTOOL=${ENCTOOL} DEBUG=${DEBUG} --no-print-directory -C ${ENCTOOLPATH} all 1488 $(s)echo 1489 $(s)echo "Built $@ successfully" 1490 $(s)echo 1491 1492cscope: 1493 $(s)echo " CSCOPE" 1494 $(q)find ${CURDIR} -name "*.[chsS]" > cscope.files 1495 $(q)cscope -b -q -k 1496 1497help: 1498 $(s)echo "usage: ${MAKE} [PLAT=<platform>] [OPTIONS] [TARGET]" 1499 $(s)echo "" 1500 $(s)echo "PLAT is used to specify which platform you wish to build." 1501 $(s)echo "If no platform is specified, PLAT defaults to: ${DEFAULT_PLAT}" 1502 $(s)echo "" 1503 $(s)echo "platform = ${PLATFORM_LIST}" 1504 $(s)echo "" 1505 $(s)echo "Please refer to the User Guide for a list of all supported options." 1506 $(s)echo "Note that the build system doesn't track dependencies for build " 1507 $(s)echo "options. Therefore, if any of the build options are changed " 1508 $(s)echo "from a previous build, a clean build must be performed." 1509 $(s)echo "" 1510 $(s)echo "Supported Targets:" 1511 $(s)echo " all Build all individual bootloader binaries" 1512 $(s)echo " bl1 Build the BL1 binary" 1513 $(s)echo " bl2 Build the BL2 binary" 1514 $(s)echo " bl2u Build the BL2U binary" 1515 $(s)echo " bl31 Build the BL31 binary" 1516 $(s)echo " bl32 Build the BL32 binary. If ARCH=aarch32, then " 1517 $(s)echo " this builds secure payload specified by AARCH32_SP" 1518 $(s)echo " certificates Build the certificates (requires 'GENERATE_COT=1')" 1519 $(s)echo " fip Build the Firmware Image Package (FIP)" 1520 $(s)echo " fwu_fip Build the FWU Firmware Image Package (FIP)" 1521 $(s)echo " checkcodebase Check the coding style of the entire source tree" 1522 $(s)echo " checkpatch Check the coding style on changes in the current" 1523 $(s)echo " branch against BASE_COMMIT (default origin/master)" 1524 $(s)echo " clean Clean the build for the selected platform" 1525 $(s)echo " cscope Generate cscope index" 1526 $(s)echo " distclean Remove all build artifacts for all platforms" 1527 $(s)echo " certtool Build the Certificate generation tool" 1528 $(s)echo " enctool Build the Firmware encryption tool" 1529 $(s)echo " fiptool Build the Firmware Image Package (FIP) creation tool" 1530 $(s)echo " sp Build the Secure Partition Packages" 1531 $(s)echo " sptool Build the Secure Partition Package creation tool" 1532 $(s)echo " dtbs Build the Device Tree Blobs (if required for the platform)" 1533 $(s)echo " memmap Print the memory map of the built binaries" 1534 $(s)echo " doc Build html based documentation using Sphinx tool" 1535 $(s)echo "" 1536 $(s)echo "Note: most build targets require PLAT to be set to a specific platform." 1537 $(s)echo "" 1538 $(s)echo "example: build all targets for the FVP platform:" 1539 $(s)echo " CROSS_COMPILE=aarch64-none-elf- make PLAT=fvp all" 1540 1541.PHONY: FORCE 1542FORCE:; 1543