1# 2# Copyright (c) 2013-2025, Arm Limited and Contributors. All rights reserved. 3# 4# SPDX-License-Identifier: BSD-3-Clause 5# 6 7# 8# Trusted Firmware Version 9# 10VERSION_MAJOR := 2 11VERSION_MINOR := 13 12# VERSION_PATCH is only used for LTS releases 13VERSION_PATCH := 0 14VERSION := ${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH} 15 16# Default goal is build all images 17.DEFAULT_GOAL := all 18 19# Avoid any implicit propagation of command line variable definitions to 20# sub-Makefiles, like CFLAGS that we reserved for the firmware images' 21# usage. Other command line options like "-s" are still propagated as usual. 22MAKEOVERRIDES = 23 24MAKE_HELPERS_DIRECTORY := make_helpers/ 25include ${MAKE_HELPERS_DIRECTORY}build_macros.mk 26include ${MAKE_HELPERS_DIRECTORY}build-rules.mk 27include ${MAKE_HELPERS_DIRECTORY}common.mk 28 29################################################################################ 30# Default values for build configurations, and their dependencies 31################################################################################ 32 33include ${MAKE_HELPERS_DIRECTORY}defaults.mk 34PLAT := ${DEFAULT_PLAT} 35include ${MAKE_HELPERS_DIRECTORY}plat_helpers.mk 36 37# To be able to set platform specific defaults 38ifneq ($(PLAT_DEFAULTS_MAKEFILE_FULL),) 39include ${PLAT_DEFAULTS_MAKEFILE_FULL} 40endif 41 42################################################################################ 43# Configure the toolchains used to build TF-A and its tools 44################################################################################ 45 46include ${MAKE_HELPERS_DIRECTORY}toolchain.mk 47 48# Assertions enabled for DEBUG builds by default 49ENABLE_ASSERTIONS := ${DEBUG} 50ENABLE_PMF := ${ENABLE_RUNTIME_INSTRUMENTATION} 51 52################################################################################ 53# Checkpatch script options 54################################################################################ 55 56CHECKCODE_ARGS := --no-patch 57# Do not check the coding style on imported library files or documentation files 58INC_DRV_DIRS_TO_CHECK := $(sort $(filter-out \ 59 include/drivers/arm, \ 60 $(wildcard include/drivers/*))) 61INC_LIB_DIRS_TO_CHECK := $(sort $(filter-out \ 62 include/lib/libfdt \ 63 include/lib/libc, \ 64 $(wildcard include/lib/*))) 65INC_DIRS_TO_CHECK := $(sort $(filter-out \ 66 include/lib \ 67 include/drivers, \ 68 $(wildcard include/*))) 69LIB_DIRS_TO_CHECK := $(sort $(filter-out \ 70 lib/compiler-rt \ 71 lib/libfdt% \ 72 lib/libc, \ 73 lib/zlib \ 74 $(wildcard lib/*))) 75ROOT_DIRS_TO_CHECK := $(sort $(filter-out \ 76 lib \ 77 include \ 78 docs \ 79 %.rst, \ 80 $(wildcard *))) 81CHECK_PATHS := ${ROOT_DIRS_TO_CHECK} \ 82 ${INC_DIRS_TO_CHECK} \ 83 ${INC_LIB_DIRS_TO_CHECK} \ 84 ${LIB_DIRS_TO_CHECK} \ 85 ${INC_DRV_DIRS_TO_CHECK} \ 86 ${INC_ARM_DIRS_TO_CHECK} 87 88################################################################################ 89# Process build options 90################################################################################ 91 92ifeq ($(verbose),) 93 CHECKCODE_ARGS += --no-summary --terse 94endif 95 96################################################################################ 97# Auxiliary tools (fiptool, cert_create, etc) 98################################################################################ 99 100# Variables for use with Certificate Generation Tool 101CRTTOOLPATH ?= tools/cert_create 102CRTTOOL ?= ${BUILD_PLAT}/${CRTTOOLPATH}/cert_create$(.exe) 103 104# Variables for use with Firmware Encryption Tool 105ENCTOOLPATH ?= tools/encrypt_fw 106ENCTOOL ?= ${BUILD_PLAT}/${ENCTOOLPATH}/encrypt_fw$(.exe) 107 108# Variables for use with Firmware Image Package 109FIPTOOLPATH ?= tools/fiptool 110FIPTOOL ?= ${BUILD_PLAT}/${FIPTOOLPATH}/fiptool$(.exe) 111 112# Variables for use with sptool 113SPTOOLPATH ?= tools/sptool 114SPTOOL ?= ${SPTOOLPATH}/sptool.py 115SP_MK_GEN ?= ${SPTOOLPATH}/sp_mk_generator.py 116SP_DTS_LIST_FRAGMENT ?= ${BUILD_PLAT}/sp_list_fragment.dts 117 118# Variables for use with sptool 119TLCTOOL ?= poetry run tlc 120 121# Variables for use with ROMLIB 122ROMLIBPATH ?= lib/romlib 123 124# Variable for use with Python 125PYTHON ?= python3 126 127# Variables for use with documentation build using Sphinx tool 128DOCS_PATH ?= docs 129 130################################################################################ 131# Compiler Configuration based on ARCH_MAJOR and ARCH_MINOR flags 132################################################################################ 133ifeq (${ARM_ARCH_MAJOR},7) 134 target32-directive = -target arm-none-eabi 135# Will set march-directive from platform configuration 136else 137 target32-directive = -target armv8a-none-eabi 138endif #(ARM_ARCH_MAJOR) 139 140ifneq ($(filter %-clang,$($(ARCH)-cc-id)),) 141 ifeq ($($(ARCH)-cc-id),arm-clang) 142 TF_CFLAGS_aarch32 := -target arm-arm-none-eabi 143 TF_CFLAGS_aarch64 := -target aarch64-arm-none-eabi 144 else 145 TF_CFLAGS_aarch32 = $(target32-directive) 146 TF_CFLAGS_aarch64 := -target aarch64-unknown-none-elf 147 endif 148 149else ifeq ($($(ARCH)-cc-id),gnu-gcc) 150 # Enable LTO only for aarch64 151 LTO_CFLAGS = $(if $(filter-out 0,$(ENABLE_LTO)),-flto) 152endif #(clang) 153 154# Process Debug flag 155ifneq (${DEBUG}, 0) 156 BUILD_TYPE := debug 157 TF_CFLAGS += -g -gdwarf-4 158 ASFLAGS += -g -Wa,-gdwarf-4 159 160 # Use LOG_LEVEL_INFO by default for debug builds 161 LOG_LEVEL := 40 162else 163 BUILD_TYPE := release 164 # Use LOG_LEVEL_NOTICE by default for release builds 165 LOG_LEVEL := 20 166endif #(Debug) 167 168# Default build string (git branch and commit) 169ifeq (${BUILD_STRING},) 170 BUILD_STRING := $(shell git describe --always --dirty --tags 2> /dev/null) 171endif 172VERSION_STRING := v${VERSION}(${BUILD_TYPE}):${BUILD_STRING} 173 174ifeq (${AARCH32_INSTRUCTION_SET},A32) 175 TF_CFLAGS_aarch32 += -marm 176else ifeq (${AARCH32_INSTRUCTION_SET},T32) 177 TF_CFLAGS_aarch32 += -mthumb 178endif #(AARCH32_INSTRUCTION_SET) 179 180TF_CFLAGS_aarch32 += -mno-unaligned-access 181TF_CFLAGS_aarch64 += -mgeneral-regs-only -mstrict-align 182 183############################################################################## 184# WARNINGS Configuration 185############################################################################### 186# General warnings 187WARNINGS := -Wall -Wmissing-include-dirs -Wunused \ 188 -Wdisabled-optimization -Wvla -Wshadow \ 189 -Wredundant-decls 190# stricter warnings 191WARNINGS += -Wextra -Wno-trigraphs 192# too verbose for generic build 193WARNINGS += -Wno-missing-field-initializers \ 194 -Wno-type-limits -Wno-sign-compare \ 195# on clang this flag gets reset if -Wextra is set after it. No difference on gcc 196WARNINGS += -Wno-unused-parameter 197 198# Additional warnings 199# Level 1 - infrequent warnings we should have none of 200# full -Wextra 201WARNING1 += -Wsign-compare 202WARNING1 += -Wtype-limits 203WARNING1 += -Wmissing-field-initializers 204 205# Level 2 - problematic warnings that we want 206# zlib, compiler-rt, coreboot, and mbdedtls blow up with these 207# TODO: disable just for them and move into default build 208WARNING2 += -Wold-style-definition 209WARNING2 += -Wmissing-prototypes 210WARNING2 += -Wmissing-format-attribute 211# TF-A aims to comply with this eventually. Effort too large at present 212WARNING2 += -Wundef 213# currently very involved and many platforms set this off 214WARNING2 += -Wunused-const-variable=2 215 216# Level 3 - very pedantic, frequently ignored 217WARNING3 := -Wbad-function-cast 218WARNING3 += -Waggregate-return 219WARNING3 += -Wnested-externs 220WARNING3 += -Wcast-align 221WARNING3 += -Wcast-qual 222WARNING3 += -Wconversion 223WARNING3 += -Wpacked 224WARNING3 += -Wpointer-arith 225WARNING3 += -Wswitch-default 226 227# Setting W is quite verbose and most warnings will be pre-existing issues 228# outside of the contributor's control. Don't fail the build on them so warnings 229# can be seen and hopefully addressed 230ifdef W 231 ifneq (${W},0) 232 E ?= 0 233 endif 234endif 235 236ifeq (${W},1) 237 WARNINGS += $(WARNING1) 238else ifeq (${W},2) 239 WARNINGS += $(WARNING1) $(WARNING2) 240else ifeq (${W},3) 241 WARNINGS += $(WARNING1) $(WARNING2) $(WARNING3) 242endif #(W) 243 244# Compiler specific warnings 245ifeq ($(filter %-clang,$($(ARCH)-cc-id)),) 246# not using clang 247WARNINGS += -Wunused-but-set-variable -Wmaybe-uninitialized \ 248 -Wpacked-bitfield-compat -Wshift-overflow=2 \ 249 -Wlogical-op 250 251# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105523 252TF_CFLAGS_MIN_PAGE_SIZE := $(call cc_option, --param=min-pagesize=0) 253TF_CFLAGS += $(TF_CFLAGS_MIN_PAGE_SIZE) 254 255ifeq ($(HARDEN_SLS), 1) 256 TF_CFLAGS_MHARDEN_SLS := $(call cc_option, -mharden-sls=all) 257 TF_CFLAGS_aarch64 += $(TF_CFLAGS_MHARDEN_SLS) 258endif 259 260else 261# using clang 262WARNINGS += -Wshift-overflow -Wshift-sign-overflow \ 263 -Wlogical-op-parentheses 264endif #(Clang Warning) 265 266ifneq (${E},0) 267 ERRORS := -Werror 268endif #(E) 269 270################################################################################ 271# Compiler and Linker Directives 272################################################################################ 273CPPFLAGS = ${DEFINES} ${INCLUDES} ${MBEDTLS_INC} -nostdinc \ 274 $(ERRORS) $(WARNINGS) 275ASFLAGS += $(CPPFLAGS) \ 276 -ffreestanding -Wa,--fatal-warnings 277TF_CFLAGS += $(CPPFLAGS) $(TF_CFLAGS_$(ARCH)) \ 278 -ffunction-sections -fdata-sections \ 279 -ffreestanding -fno-common \ 280 -Os -std=gnu99 281 282ifeq (${SANITIZE_UB},on) 283 TF_CFLAGS += -fsanitize=undefined -fno-sanitize-recover 284endif #(${SANITIZE_UB},on) 285 286ifeq (${SANITIZE_UB},trap) 287 TF_CFLAGS += -fsanitize=undefined -fno-sanitize-recover \ 288 -fsanitize-undefined-trap-on-error 289endif #(${SANITIZE_UB},trap) 290 291GCC_V_OUTPUT := $(if $($(ARCH)-cc),$(shell $($(ARCH)-cc) -v 2>&1)) 292 293TF_LDFLAGS += -z noexecstack 294 295# LD = armlink 296ifeq ($($(ARCH)-ld-id),arm-link) 297 TF_LDFLAGS += --diag_error=warning --lto_level=O1 298 TF_LDFLAGS += --remove --info=unused,unusedsymbols 299 TF_LDFLAGS += $(TF_LDFLAGS_$(ARCH)) 300 301# LD = gcc (used when GCC LTO is enabled) 302else ifeq ($($(ARCH)-ld-id),gnu-gcc) 303 # Pass ld options with Wl or Xlinker switches 304 TF_LDFLAGS += $(call ld_option,-Xlinker --no-warn-rwx-segments) 305 TF_LDFLAGS += -Wl,--fatal-warnings -O1 306 TF_LDFLAGS += -Wl,--gc-sections 307 308 TF_LDFLAGS += -Wl,-z,common-page-size=4096 #Configure page size constants 309 TF_LDFLAGS += -Wl,-z,max-page-size=4096 310 TF_LDFLAGS += -Wl,--build-id=none 311 312 ifeq ($(ENABLE_LTO),1) 313 TF_LDFLAGS += -flto -fuse-linker-plugin 314 TF_LDFLAGS += -flto-partition=one 315 endif #(ENABLE_LTO) 316 317# GCC automatically adds fix-cortex-a53-843419 flag when used to link 318# which breaks some builds, so disable if errata fix is not explicitly enabled 319 ifeq (${ARCH},aarch64) 320 ifneq (${ERRATA_A53_843419},1) 321 TF_LDFLAGS += -mno-fix-cortex-a53-843419 322 endif 323 endif 324 TF_LDFLAGS += -nostdlib 325 TF_LDFLAGS += $(subst --,-Xlinker --,$(TF_LDFLAGS_$(ARCH))) 326 327# LD = gcc-ld (ld) or llvm-ld (ld.lld) or other 328else 329# With ld.bfd version 2.39 and newer new warnings are added. Skip those since we 330# are not loaded by a elf loader. 331 TF_LDFLAGS += $(call ld_option, --no-warn-rwx-segments) 332 TF_LDFLAGS += -O1 333 TF_LDFLAGS += --gc-sections 334 335 TF_LDFLAGS += -z common-page-size=4096 # Configure page size constants 336 TF_LDFLAGS += -z max-page-size=4096 337 TF_LDFLAGS += --build-id=none 338 339# ld.lld doesn't recognize the errata flags, 340# therefore don't add those in that case. 341# ld.lld reports section type mismatch warnings, 342# therefore don't add --fatal-warnings to it. 343 ifneq ($($(ARCH)-ld-id),llvm-lld) 344 TF_LDFLAGS += $(TF_LDFLAGS_$(ARCH)) --fatal-warnings 345 endif 346 347endif #(LD = armlink) 348 349################################################################################ 350# Setup ARCH_MAJOR/MINOR before parsing arch_features. 351################################################################################ 352ifeq (${ENABLE_RME},1) 353 ARM_ARCH_MAJOR := 9 354 ARM_ARCH_MINOR := 2 355endif 356 357################################################################################ 358# Common sources and include directories 359################################################################################ 360include lib/compiler-rt/compiler-rt.mk 361 362# Allow overriding the timestamp, for example for reproducible builds, or to 363# synchronize timestamps across multiple projects. 364# This must be set to a C string (including quotes where applicable). 365BUILD_MESSAGE_TIMESTAMP ?= __TIME__", "__DATE__ 366 367DEFINES += -DBUILD_MESSAGE_TIMESTAMP='$(BUILD_MESSAGE_TIMESTAMP)' 368DEFINES += -DBUILD_MESSAGE_VERSION_STRING='"$(VERSION_STRING)"' 369DEFINES += -DBUILD_MESSAGE_VERSION='"$(VERSION)"' 370 371BL_COMMON_SOURCES += common/bl_common.c \ 372 common/tf_log.c \ 373 common/${ARCH}/debug.S \ 374 drivers/console/multi_console.c \ 375 lib/${ARCH}/cache_helpers.S \ 376 lib/${ARCH}/misc_helpers.S \ 377 lib/extensions/pmuv3/${ARCH}/pmuv3.c \ 378 plat/common/plat_bl_common.c \ 379 plat/common/plat_log_common.c \ 380 plat/common/${ARCH}/plat_common.c \ 381 plat/common/${ARCH}/platform_helpers.S \ 382 ${COMPILER_RT_SRCS} 383 384ifeq ($($(ARCH)-cc-id),arm-clang) 385 BL_COMMON_SOURCES += lib/${ARCH}/armclang_printf.S 386endif 387 388ifeq (${SANITIZE_UB},on) 389 BL_COMMON_SOURCES += plat/common/ubsan.c 390endif 391 392INCLUDES += -Iinclude \ 393 -Iinclude/arch/${ARCH} \ 394 -Iinclude/lib/cpus/${ARCH} \ 395 -Iinclude/lib/el3_runtime/${ARCH} \ 396 ${PLAT_INCLUDES} \ 397 ${SPD_INCLUDES} 398 399DTC_FLAGS += -I dts -O dtb 400DTC_CPPFLAGS += -P -nostdinc $(INCLUDES) -Ifdts -undef \ 401 -x assembler-with-cpp $(DEFINES) 402 403include common/backtrace/backtrace.mk 404 405################################################################################ 406# Generic definitions 407################################################################################ 408 409ifeq (${BUILD_BASE},) 410 BUILD_BASE := ./build 411endif 412BUILD_PLAT := $(abspath ${BUILD_BASE})/${PLAT}/${BUILD_TYPE} 413 414SPDS := $(sort $(filter-out none, $(patsubst services/spd/%,%,$(wildcard services/spd/*)))) 415 416# Platforms providing their own TBB makefile may override this value 417INCLUDE_TBBR_MK := 1 418 419################################################################################ 420# Include SPD Makefile if one has been specified 421################################################################################ 422 423ifneq (${SPD},none) 424 ifeq (${SPD},spmd) 425 # SPMD is located in std_svc directory 426 SPD_DIR := std_svc 427 428 ifeq ($(SPMD_SPM_AT_SEL2),1) 429 CTX_INCLUDE_EL2_REGS := 1 430 endif 431 432 ifeq ($(findstring optee_sp,$(ARM_SPMC_MANIFEST_DTS)),optee_sp) 433 DTC_CPPFLAGS += -DOPTEE_SP_FW_CONFIG 434 endif 435 436 ifeq ($(findstring trusty_sp,$(ARM_SPMC_MANIFEST_DTS)),trusty_sp) 437 DTC_CPPFLAGS += -DTRUSTY_SP_FW_CONFIG 438 endif 439 440 ifeq ($(TS_SP_FW_CONFIG),1) 441 DTC_CPPFLAGS += -DTS_SP_FW_CONFIG 442 endif 443 444 ifneq ($(ARM_BL2_SP_LIST_DTS),) 445 DTC_CPPFLAGS += -DARM_BL2_SP_LIST_DTS=$(ARM_BL2_SP_LIST_DTS) 446 endif 447 448 ifneq ($(SP_LAYOUT_FILE),) 449 BL2_ENABLE_SP_LOAD := 1 450 endif 451 else 452 # All other SPDs in spd directory 453 SPD_DIR := spd 454 endif #(SPD) 455 456 # We expect to locate an spd.mk under the specified SPD directory 457 SPD_MAKE := $(wildcard services/${SPD_DIR}/${SPD}/${SPD}.mk) 458 459 ifeq (${SPD_MAKE},) 460 $(error Error: No services/${SPD_DIR}/${SPD}/${SPD}.mk located) 461 endif 462 $(info Including ${SPD_MAKE}) 463 include ${SPD_MAKE} 464 465 # If there's BL32 companion for the chosen SPD, we expect that the SPD's 466 # Makefile would set NEED_BL32 to "yes". In this case, the build system 467 # supports two mutually exclusive options: 468 # * BL32 is built from source: then BL32_SOURCES must contain the list 469 # of source files to build BL32 470 # * BL32 is a prebuilt binary: then BL32 must point to the image file 471 # that will be included in the FIP 472 # If both BL32_SOURCES and BL32 are defined, the binary takes precedence 473 # over the sources. 474endif #(SPD=none) 475 476################################################################################ 477# Include the platform specific Makefile after the SPD Makefile (the platform 478# makefile may use all previous definitions in this file) 479################################################################################ 480include ${PLAT_MAKEFILE_FULL} 481 482################################################################################ 483# Setup arch_features based on ARM_ARCH_MAJOR, ARM_ARCH_MINOR provided from 484# platform. 485################################################################################ 486 487include ${MAKE_HELPERS_DIRECTORY}arch_features.mk 488################################################################################ 489# Process BRANCH_PROTECTION value and set 490# Pointer Authentication and Branch Target Identification flags 491################################################################################ 492ifeq (${BRANCH_PROTECTION},0) 493 # Default value turns off all types of branch protection 494 BP_OPTION := none 495else ifneq (${ARCH},aarch64) 496 $(error BRANCH_PROTECTION requires AArch64) 497else ifeq (${BRANCH_PROTECTION},1) 498 # Enables all types of branch protection features 499 BP_OPTION := standard 500 ENABLE_BTI := 1 501 ENABLE_PAUTH := 1 502else ifeq (${BRANCH_PROTECTION},2) 503 # Return address signing to its standard level 504 BP_OPTION := pac-ret 505 ENABLE_PAUTH := 1 506else ifeq (${BRANCH_PROTECTION},3) 507 # Extend the signing to include leaf functions 508 BP_OPTION := pac-ret+leaf 509 ENABLE_PAUTH := 1 510else ifeq (${BRANCH_PROTECTION},4) 511 # Turn on branch target identification mechanism 512 BP_OPTION := bti 513 ENABLE_BTI := 1 514else ifeq (${BRANCH_PROTECTION},5) 515 # Turn on branch target identification mechanism 516 BP_OPTION := standard 517 ENABLE_BTI := 2 518 ENABLE_PAUTH := 2 519else 520 $(error Unknown BRANCH_PROTECTION value ${BRANCH_PROTECTION}) 521endif #(BRANCH_PROTECTION) 522 523ifneq ($(ENABLE_PAUTH),0) 524 CTX_INCLUDE_PAUTH_REGS := ${ENABLE_PAUTH} 525endif 526ifneq (${BP_OPTION},none) 527 TF_CFLAGS_aarch64 += -mbranch-protection=${BP_OPTION} 528endif #(BP_OPTION) 529 530# Pointer Authentication sources 531ifneq (${ENABLE_PAUTH},0) 532# arm/common/aarch64/arm_pauth.c contains a sample platform hook to complete the 533# Pauth support. As it's not secure, it must be reimplemented for real platforms 534 BL_COMMON_SOURCES += lib/extensions/pauth/pauth.c 535endif 536# 537ifneq (${ENABLE_FEAT_PAUTH_LR},0) 538# Currently, FEAT_PAUTH_LR is only supported by arm/clang compilers 539# TODO implement for GCC when support is added 540ifeq ($($(ARCH)-cc-id),arm-clang) 541 arch-features := $(arch-features)+pauth-lr 542else 543 $(error Error: ENABLE_FEAT_PAUTH_LR not supported for GCC compiler) 544endif 545endif 546 547################################################################################ 548# RME dependent flags configuration, Enable optional features for RME. 549################################################################################ 550# FEAT_RME 551ifeq (${ENABLE_RME},1) 552 # RME requires el2 context to be saved for now. 553 CTX_INCLUDE_EL2_REGS := 1 554 CTX_INCLUDE_AARCH32_REGS := 0 555 CTX_INCLUDE_PAUTH_REGS := 1 556 557 ifneq ($(ENABLE_FEAT_MPAM), 0) 558 CTX_INCLUDE_MPAM_REGS := 1 559 endif 560 561 # RME enables CSV2_2 extension by default. 562 ENABLE_FEAT_CSV2_2 = 1 563endif #(FEAT_RME) 564 565################################################################################ 566# Include rmmd Makefile if RME is enabled 567################################################################################ 568ifneq (${ENABLE_RME},0) 569include services/std_svc/rmmd/rmmd.mk 570$(warning "RME is an experimental feature") 571endif 572 573################################################################################ 574# Make 128-Bit sysreg read/writes availabe when FEAT_D128 is enabled. 575################################################################################ 576ifneq (${ENABLE_FEAT_D128}, 0) 577 BL_COMMON_SOURCES += lib/extensions/sysreg128/sysreg128.S 578endif 579 580################################################################################ 581# Platform specific Makefile might provide us ARCH_MAJOR/MINOR use that to come 582# up with appropriate march values for compiler. 583################################################################################ 584include ${MAKE_HELPERS_DIRECTORY}march.mk 585 586TF_CFLAGS += $(march-directive) 587ASFLAGS += $(march-directive) 588 589# This internal flag is common option which is set to 1 for scenarios 590# when the BL2 is running in EL3 level. This occurs in two scenarios - 591# 4 world system running BL2 at EL3 and two world system without BL1 running 592# BL2 in EL3 593 594ifeq (${RESET_TO_BL2},1) 595 BL2_RUNS_AT_EL3 := 1 596 ifeq (${ENABLE_RME},1) 597 $(error RESET_TO_BL2=1 and ENABLE_RME=1 configuration is not \ 598 supported at the moment.) 599 endif 600else ifeq (${ENABLE_RME},1) 601 BL2_RUNS_AT_EL3 := 1 602else 603 BL2_RUNS_AT_EL3 := 0 604endif 605 606# This internal flag is set to 1 when Firmware First handling of External aborts 607# is required by lowe ELs. Currently only NS requires this support. 608ifeq ($(HANDLE_EA_EL3_FIRST_NS),1) 609 FFH_SUPPORT := 1 610else 611 FFH_SUPPORT := 0 612endif 613 614ifeq (${ARM_ARCH_MAJOR},7) 615include make_helpers/armv7-a-cpus.mk 616endif 617 618PIE_FOUND := $(findstring --enable-default-pie,${GCC_V_OUTPUT}) 619ifneq ($(PIE_FOUND),) 620 TF_CFLAGS += -fno-PIE 621ifeq ($($(ARCH)-ld-id),gnu-gcc) 622 TF_LDFLAGS += -no-pie 623endif 624endif #(PIE_FOUND) 625 626ifeq ($($(ARCH)-ld-id),gnu-gcc) 627 PIE_LDFLAGS += -Wl,-pie -Wl,--no-dynamic-linker 628else 629 PIE_LDFLAGS += -pie --no-dynamic-linker 630endif 631 632ifeq ($(ENABLE_PIE),1) 633 ifeq ($(RESET_TO_BL2),1) 634 ifneq ($(BL2_IN_XIP_MEM),1) 635 BL2_CPPFLAGS += -fpie 636 BL2_CFLAGS += -fpie 637 BL2_LDFLAGS += $(PIE_LDFLAGS) 638 endif #(BL2_IN_XIP_MEM) 639 endif #(RESET_TO_BL2) 640 BL31_CPPFLAGS += -fpie 641 BL31_CFLAGS += -fpie 642 BL31_LDFLAGS += $(PIE_LDFLAGS) 643 644 BL32_CPPFLAGS += -fpie 645 BL32_CFLAGS += -fpie 646 BL32_LDFLAGS += $(PIE_LDFLAGS) 647endif #(ENABLE_PIE) 648 649BL1_CPPFLAGS += -DREPORT_ERRATA=${DEBUG} 650BL31_CPPFLAGS += -DREPORT_ERRATA=${DEBUG} 651BL32_CPPFLAGS += -DREPORT_ERRATA=${DEBUG} 652 653BL1_CPPFLAGS += -DIMAGE_AT_EL3 654ifeq ($(RESET_TO_BL2),1) 655 BL2_CPPFLAGS += -DIMAGE_AT_EL3 656else 657 BL2_CPPFLAGS += -DIMAGE_AT_EL1 658endif #(RESET_TO_BL2) 659 660ifeq (${ARCH},aarch64) 661 BL2U_CPPFLAGS += -DIMAGE_AT_EL1 662 BL31_CPPFLAGS += -DIMAGE_AT_EL3 663 BL32_CPPFLAGS += -DIMAGE_AT_EL1 664else 665 BL32_CPPFLAGS += -DIMAGE_AT_EL3 666endif 667 668# Include the CPU specific operations makefile, which provides default 669# values for all CPU errata workarounds and CPU specific optimisations. 670# This can be overridden by the platform. 671include lib/cpus/cpu-ops.mk 672 673################################################################################ 674# Build `AARCH32_SP` as BL32 image for AArch32 675################################################################################ 676ifeq (${ARCH},aarch32) 677 NEED_BL32 := yes 678 679 ifneq (${AARCH32_SP},none) 680 # We expect to locate an sp.mk under the specified AARCH32_SP directory 681 AARCH32_SP_MAKE := $(wildcard bl32/${AARCH32_SP}/${AARCH32_SP}.mk) 682 683 ifeq (${AARCH32_SP_MAKE},) 684 $(error Error: No bl32/${AARCH32_SP}/${AARCH32_SP}.mk located) 685 endif 686 $(info Including ${AARCH32_SP_MAKE}) 687 include ${AARCH32_SP_MAKE} 688 endif 689endif #(ARCH=aarch32) 690 691################################################################################ 692# Include libc if not overridden 693################################################################################ 694ifeq (${OVERRIDE_LIBC},0) 695include lib/libc/libc.mk 696endif 697 698ifneq (${USE_GIC_DRIVER},0) 699include drivers/arm/gic/gic.mk 700endif 701 702################################################################################ 703# Check incompatible options and dependencies 704################################################################################ 705include ${MAKE_HELPERS_DIRECTORY}constraints.mk 706 707# The cert_create tool cannot generate certificates individually, so we use the 708# target 'certificates' to create them all 709ifneq (${GENERATE_COT},0) 710 FIP_DEPS += certificates 711 FWU_FIP_DEPS += fwu_certificates 712endif 713 714ifneq (${DECRYPTION_SUPPORT},none) 715 ENC_ARGS += -f ${FW_ENC_STATUS} 716 ENC_ARGS += -k ${ENC_KEY} 717 ENC_ARGS += -n ${ENC_NONCE} 718 FIP_DEPS += enctool 719 FWU_FIP_DEPS += enctool 720endif #(DECRYPTION_SUPPORT) 721 722ifeq ($(MEASURED_BOOT)-$(TRUSTED_BOARD_BOOT),1-1) 723# Support authentication verification and hash calculation 724 CRYPTO_SUPPORT := 3 725else ifeq ($(DRTM_SUPPORT)-$(TRUSTED_BOARD_BOOT),1-1) 726# Support authentication verification and hash calculation 727 CRYPTO_SUPPORT := 3 728else ifneq ($(filter 1,${MEASURED_BOOT} ${DRTM_SUPPORT}),) 729# Support hash calculation only 730 CRYPTO_SUPPORT := 2 731else ifeq (${TRUSTED_BOARD_BOOT},1) 732# Support authentication verification only 733 CRYPTO_SUPPORT := 1 734else 735 CRYPTO_SUPPORT := 0 736endif #($(MEASURED_BOOT)-$(TRUSTED_BOARD_BOOT)) 737 738ifneq ($(filter 1 2 3,$(CRYPTO_SUPPORT)),) 739CRYPTO_LIB := $(BUILD_PLAT)/lib/libmbedtls.a 740endif 741 742################################################################################ 743# Process platform overrideable behaviour 744################################################################################ 745 746ifdef BL1_SOURCES 747 NEED_BL1 := yes 748endif #(BL1_SOURCES) 749 750ifdef BL2_SOURCES 751 NEED_BL2 := yes 752 753 # Using BL2 implies that a BL33 image also needs to be supplied for the FIP and 754 # Certificate generation tools. This flag can be overridden by the platform. 755 ifdef EL3_PAYLOAD_BASE 756 # If booting an EL3 payload there is no need for a BL33 image 757 # in the FIP file. 758 NEED_BL33 := no 759 else 760 ifdef PRELOADED_BL33_BASE 761 # If booting a BL33 preloaded image there is no need of 762 # another one in the FIP file. 763 NEED_BL33 := no 764 else 765 NEED_BL33 ?= yes 766 endif 767 endif 768endif #(BL2_SOURCES) 769 770ifdef BL2U_SOURCES 771 NEED_BL2U := yes 772endif #(BL2U_SOURCES) 773 774# If SCP_BL2 is given, we always want FIP to include it. 775ifdef SCP_BL2 776 NEED_SCP_BL2 := yes 777endif #(SCP_BL2) 778 779# For AArch32, BL31 is not currently supported. 780ifneq (${ARCH},aarch32) 781 ifdef BL31_SOURCES 782 # When booting an EL3 payload, there is no need to compile the BL31 783 # image nor put it in the FIP. 784 ifndef EL3_PAYLOAD_BASE 785 NEED_BL31 := yes 786 endif 787 endif 788endif #(ARCH=aarch64) 789 790# Process TBB related flags 791ifneq (${GENERATE_COT},0) 792 # Common cert_create options 793 ifneq (${CREATE_KEYS},0) 794 $(eval CRT_ARGS += -n) 795 $(eval FWU_CRT_ARGS += -n) 796 ifneq (${SAVE_KEYS},0) 797 $(eval CRT_ARGS += -k) 798 $(eval FWU_CRT_ARGS += -k) 799 endif 800 endif 801 # Include TBBR makefile (unless the platform indicates otherwise) 802 ifeq (${INCLUDE_TBBR_MK},1) 803 include make_helpers/tbbr/tbbr_tools.mk 804 endif 805endif #(GENERATE_COT) 806 807ifneq (${FIP_ALIGN},0) 808 FIP_ARGS += --align ${FIP_ALIGN} 809endif #(FIP_ALIGN) 810 811ifdef FDT_SOURCES 812 NEED_FDT := yes 813endif #(FDT_SOURCES) 814 815################################################################################ 816# Include libraries' Makefile that are used in all BL 817################################################################################ 818 819include lib/stack_protector/stack_protector.mk 820 821################################################################################ 822# Include BL specific makefiles 823################################################################################ 824 825ifeq (${NEED_BL1},yes) 826include bl1/bl1.mk 827endif 828 829ifeq (${NEED_BL2},yes) 830include bl2/bl2.mk 831endif 832 833ifeq (${NEED_BL2U},yes) 834include bl2u/bl2u.mk 835endif 836 837ifeq (${NEED_BL31},yes) 838include bl31/bl31.mk 839endif 840 841################################################################################ 842# Build options checks 843################################################################################ 844 845# Boolean_Flags 846$(eval $(call assert_booleans,\ 847 $(sort \ 848 ALLOW_RO_XLAT_TABLES \ 849 BL2_ENABLE_SP_LOAD \ 850 COLD_BOOT_SINGLE_CPU \ 851 CREATE_KEYS \ 852 CTX_INCLUDE_AARCH32_REGS \ 853 CTX_INCLUDE_FPREGS \ 854 CTX_INCLUDE_SVE_REGS \ 855 CTX_INCLUDE_EL2_REGS \ 856 CTX_INCLUDE_MPAM_REGS \ 857 DEBUG \ 858 DYN_DISABLE_AUTH \ 859 EL3_EXCEPTION_HANDLING \ 860 ENABLE_AMU_AUXILIARY_COUNTERS \ 861 AMU_RESTRICT_COUNTERS \ 862 ENABLE_ASSERTIONS \ 863 ENABLE_PIE \ 864 ENABLE_PMF \ 865 ENABLE_PSCI_STAT \ 866 ENABLE_RUNTIME_INSTRUMENTATION \ 867 ENABLE_SME_FOR_SWD \ 868 ENABLE_SVE_FOR_SWD \ 869 ENABLE_FEAT_GCIE \ 870 ENABLE_FEAT_RAS \ 871 FFH_SUPPORT \ 872 ERROR_DEPRECATED \ 873 FAULT_INJECTION_SUPPORT \ 874 GENERATE_COT \ 875 GICV2_G0_FOR_EL3 \ 876 HANDLE_EA_EL3_FIRST_NS \ 877 HARDEN_SLS \ 878 HW_ASSISTED_COHERENCY \ 879 MEASURED_BOOT \ 880 DISCRETE_TPM \ 881 DICE_PROTECTION_ENVIRONMENT \ 882 RMMD_ENABLE_EL3_TOKEN_SIGN \ 883 RMMD_ENABLE_IDE_KEY_PROG \ 884 DRTM_SUPPORT \ 885 NS_TIMER_SWITCH \ 886 OVERRIDE_LIBC \ 887 PL011_GENERIC_UART \ 888 PROGRAMMABLE_RESET_ADDRESS \ 889 PSCI_EXTENDED_STATE_ID \ 890 PSCI_OS_INIT_MODE \ 891 ARCH_FEATURE_AVAILABILITY \ 892 RESET_TO_BL31 \ 893 SAVE_KEYS \ 894 SEPARATE_CODE_AND_RODATA \ 895 SEPARATE_BL2_NOLOAD_REGION \ 896 SEPARATE_NOBITS_REGION \ 897 SEPARATE_RWDATA_REGION \ 898 SEPARATE_SIMD_SECTION \ 899 SPIN_ON_BL1_EXIT \ 900 SPM_MM \ 901 SPMC_AT_EL3 \ 902 SPMC_AT_EL3_SEL0_SP \ 903 SPMD_SPM_AT_SEL2 \ 904 ENABLE_SPMD_LP \ 905 TRANSFER_LIST \ 906 TRUSTED_BOARD_BOOT \ 907 USE_COHERENT_MEM \ 908 USE_DEBUGFS \ 909 ARM_IO_IN_DTB \ 910 SDEI_IN_FCONF \ 911 SEC_INT_DESC_IN_FCONF \ 912 USE_ROMLIB \ 913 USE_TBBR_DEFS \ 914 WARMBOOT_ENABLE_DCACHE_EARLY \ 915 RESET_TO_BL2 \ 916 BL2_IN_XIP_MEM \ 917 BL2_INV_DCACHE \ 918 USE_SPINLOCK_CAS \ 919 ENCRYPT_BL31 \ 920 ENCRYPT_BL32 \ 921 ERRATA_SPECULATIVE_AT \ 922 ERRATA_SME_POWER_DOWN \ 923 RAS_TRAP_NS_ERR_REC_ACCESS \ 924 COT_DESC_IN_DTB \ 925 USE_SP804_TIMER \ 926 PSA_FWU_SUPPORT \ 927 PSA_FWU_METADATA_FW_STORE_DESC \ 928 ENABLE_MPMM \ 929 FEAT_PABANDON \ 930 FEATURE_DETECTION \ 931 TRNG_SUPPORT \ 932 ENABLE_ERRATA_ALL \ 933 ERRATA_ABI_SUPPORT \ 934 ERRATA_NON_ARM_INTERCONNECT \ 935 CONDITIONAL_CMO \ 936 PSA_CRYPTO \ 937 ENABLE_CONSOLE_GETC \ 938 INIT_UNUSED_NS_EL2 \ 939 PLATFORM_REPORT_CTX_MEM_USE \ 940 EARLY_CONSOLE \ 941 PRESERVE_DSU_PMU_REGS \ 942 HOB_LIST \ 943 LFA_SUPPORT \ 944))) 945 946# Numeric_Flags 947$(eval $(call assert_numerics,\ 948 $(sort \ 949 ARM_ARCH_MAJOR \ 950 ARM_ARCH_MINOR \ 951 BRANCH_PROTECTION \ 952 CTX_INCLUDE_PAUTH_REGS \ 953 CTX_INCLUDE_NEVE_REGS \ 954 CRYPTO_SUPPORT \ 955 DISABLE_MTPMU \ 956 ENABLE_BRBE_FOR_NS \ 957 ENABLE_TRBE_FOR_NS \ 958 ENABLE_BTI \ 959 ENABLE_PAUTH \ 960 ENABLE_FEAT_PAUTH_LR \ 961 ENABLE_FEAT_AMU \ 962 ENABLE_FEAT_AMUv1p1 \ 963 ENABLE_FEAT_CSV2_2 \ 964 ENABLE_FEAT_CSV2_3 \ 965 ENABLE_FEAT_DEBUGV8P9 \ 966 ENABLE_FEAT_DIT \ 967 ENABLE_FEAT_ECV \ 968 ENABLE_FEAT_FGT \ 969 ENABLE_FEAT_FGT2 \ 970 ENABLE_FEAT_FGWTE3 \ 971 ENABLE_FEAT_FPMR \ 972 ENABLE_FEAT_HCX \ 973 ENABLE_FEAT_LS64_ACCDATA \ 974 ENABLE_FEAT_MEC \ 975 ENABLE_FEAT_MOPS \ 976 ENABLE_FEAT_MTE2 \ 977 ENABLE_FEAT_PAN \ 978 ENABLE_FEAT_RNG \ 979 ENABLE_FEAT_RNG_TRAP \ 980 ENABLE_FEAT_SEL2 \ 981 ENABLE_FEAT_TCR2 \ 982 ENABLE_FEAT_THE \ 983 ENABLE_FEAT_SB \ 984 ENABLE_FEAT_S2PIE \ 985 ENABLE_FEAT_S1PIE \ 986 ENABLE_FEAT_S2POE \ 987 ENABLE_FEAT_S1POE \ 988 ENABLE_FEAT_SCTLR2 \ 989 ENABLE_FEAT_D128 \ 990 ENABLE_FEAT_GCS \ 991 ENABLE_FEAT_VHE \ 992 ENABLE_FEAT_MPAM \ 993 ENABLE_RME \ 994 ENABLE_SPE_FOR_NS \ 995 ENABLE_SYS_REG_TRACE_FOR_NS \ 996 ENABLE_SME_FOR_NS \ 997 ENABLE_SME2_FOR_NS \ 998 ENABLE_SVE_FOR_NS \ 999 ENABLE_TRF_FOR_NS \ 1000 FW_ENC_STATUS \ 1001 NR_OF_FW_BANKS \ 1002 NR_OF_IMAGES_IN_FW_BANK \ 1003 TWED_DELAY \ 1004 ENABLE_FEAT_TWED \ 1005 SVE_VECTOR_LEN \ 1006 IMPDEF_SYSREG_TRAP \ 1007 W \ 1008))) 1009 1010ifdef KEY_SIZE 1011 $(eval $(call assert_numeric,KEY_SIZE)) 1012endif 1013 1014ifeq ($(filter $(SANITIZE_UB), on off trap),) 1015 $(error "Invalid value for SANITIZE_UB: can be one of on, off, trap") 1016endif 1017 1018################################################################################ 1019# Add definitions to the cpp preprocessor based on the current build options. 1020# This is done after including the platform specific makefile to allow the 1021# platform to overwrite the default options 1022################################################################################ 1023 1024$(eval $(call add_defines,\ 1025 $(sort \ 1026 ALLOW_RO_XLAT_TABLES \ 1027 ARM_ARCH_MAJOR \ 1028 ARM_ARCH_MINOR \ 1029 BL2_ENABLE_SP_LOAD \ 1030 COLD_BOOT_SINGLE_CPU \ 1031 CTX_INCLUDE_AARCH32_REGS \ 1032 CTX_INCLUDE_FPREGS \ 1033 CTX_INCLUDE_SVE_REGS \ 1034 CTX_INCLUDE_PAUTH_REGS \ 1035 CTX_INCLUDE_MPAM_REGS \ 1036 EL3_EXCEPTION_HANDLING \ 1037 CTX_INCLUDE_EL2_REGS \ 1038 CTX_INCLUDE_NEVE_REGS \ 1039 DEBUG \ 1040 DECRYPTION_SUPPORT_${DECRYPTION_SUPPORT} \ 1041 DISABLE_MTPMU \ 1042 ENABLE_FEAT_AMU \ 1043 ENABLE_AMU_AUXILIARY_COUNTERS \ 1044 AMU_RESTRICT_COUNTERS \ 1045 ENABLE_ASSERTIONS \ 1046 ENABLE_BTI \ 1047 ENABLE_FEAT_DEBUGV8P9 \ 1048 ENABLE_FEAT_MPAM \ 1049 ENABLE_PAUTH \ 1050 ENABLE_FEAT_PAUTH_LR \ 1051 ENABLE_PIE \ 1052 ENABLE_PMF \ 1053 ENABLE_PSCI_STAT \ 1054 ENABLE_RME \ 1055 RMMD_ENABLE_EL3_TOKEN_SIGN \ 1056 RMMD_ENABLE_IDE_KEY_PROG \ 1057 ENABLE_RUNTIME_INSTRUMENTATION \ 1058 ENABLE_SME_FOR_NS \ 1059 ENABLE_SME2_FOR_NS \ 1060 ENABLE_SME_FOR_SWD \ 1061 ENABLE_SPE_FOR_NS \ 1062 ENABLE_SVE_FOR_NS \ 1063 ENABLE_SVE_FOR_SWD \ 1064 ENABLE_FEAT_RAS \ 1065 FFH_SUPPORT \ 1066 ENCRYPT_BL31 \ 1067 ENCRYPT_BL32 \ 1068 ERROR_DEPRECATED \ 1069 FAULT_INJECTION_SUPPORT \ 1070 GICV2_G0_FOR_EL3 \ 1071 HANDLE_EA_EL3_FIRST_NS \ 1072 HW_ASSISTED_COHERENCY \ 1073 LOG_LEVEL \ 1074 MEASURED_BOOT \ 1075 DISCRETE_TPM \ 1076 DICE_PROTECTION_ENVIRONMENT \ 1077 DRTM_SUPPORT \ 1078 NS_TIMER_SWITCH \ 1079 PL011_GENERIC_UART \ 1080 PLAT_${PLAT} \ 1081 PROGRAMMABLE_RESET_ADDRESS \ 1082 PSCI_EXTENDED_STATE_ID \ 1083 PSCI_OS_INIT_MODE \ 1084 ARCH_FEATURE_AVAILABILITY \ 1085 RESET_TO_BL31 \ 1086 RME_GPT_BITLOCK_BLOCK \ 1087 RME_GPT_MAX_BLOCK \ 1088 SEPARATE_CODE_AND_RODATA \ 1089 SEPARATE_BL2_NOLOAD_REGION \ 1090 SEPARATE_NOBITS_REGION \ 1091 SEPARATE_RWDATA_REGION \ 1092 SEPARATE_SIMD_SECTION \ 1093 RECLAIM_INIT_CODE \ 1094 SPD_${SPD} \ 1095 SPIN_ON_BL1_EXIT \ 1096 SPM_MM \ 1097 SPMC_AT_EL3 \ 1098 SPMC_AT_EL3_SEL0_SP \ 1099 SPMD_SPM_AT_SEL2 \ 1100 TRANSFER_LIST \ 1101 TRUSTED_BOARD_BOOT \ 1102 CRYPTO_SUPPORT \ 1103 TRNG_SUPPORT \ 1104 ERRATA_ABI_SUPPORT \ 1105 ERRATA_NON_ARM_INTERCONNECT \ 1106 USE_COHERENT_MEM \ 1107 USE_DEBUGFS \ 1108 ARM_IO_IN_DTB \ 1109 SDEI_IN_FCONF \ 1110 SEC_INT_DESC_IN_FCONF \ 1111 USE_ROMLIB \ 1112 USE_TBBR_DEFS \ 1113 WARMBOOT_ENABLE_DCACHE_EARLY \ 1114 RESET_TO_BL2 \ 1115 BL2_RUNS_AT_EL3 \ 1116 BL2_IN_XIP_MEM \ 1117 BL2_INV_DCACHE \ 1118 USE_SPINLOCK_CAS \ 1119 ERRATA_SPECULATIVE_AT \ 1120 ERRATA_SME_POWER_DOWN \ 1121 RAS_TRAP_NS_ERR_REC_ACCESS \ 1122 COT_DESC_IN_DTB \ 1123 USE_SP804_TIMER \ 1124 ENABLE_FEAT_RNG \ 1125 ENABLE_FEAT_RNG_TRAP \ 1126 ENABLE_FEAT_SB \ 1127 ENABLE_FEAT_DIT \ 1128 NR_OF_FW_BANKS \ 1129 NR_OF_IMAGES_IN_FW_BANK \ 1130 PSA_FWU_SUPPORT \ 1131 PSA_FWU_METADATA_FW_STORE_DESC \ 1132 ENABLE_BRBE_FOR_NS \ 1133 ENABLE_TRBE_FOR_NS \ 1134 ENABLE_SYS_REG_TRACE_FOR_NS \ 1135 ENABLE_TRF_FOR_NS \ 1136 ENABLE_FEAT_HCX \ 1137 ENABLE_MPMM \ 1138 FEAT_PABANDON \ 1139 ENABLE_FEAT_FGT \ 1140 ENABLE_FEAT_FGT2 \ 1141 ENABLE_FEAT_FGWTE3 \ 1142 ENABLE_FEAT_FPMR \ 1143 ENABLE_FEAT_ECV \ 1144 ENABLE_FEAT_AMUv1p1 \ 1145 ENABLE_FEAT_SEL2 \ 1146 ENABLE_FEAT_VHE \ 1147 ENABLE_FEAT_CSV2_2 \ 1148 ENABLE_FEAT_CSV2_3 \ 1149 ENABLE_FEAT_LS64_ACCDATA \ 1150 ENABLE_FEAT_MEC \ 1151 ENABLE_FEAT_PAN \ 1152 ENABLE_FEAT_TCR2 \ 1153 ENABLE_FEAT_THE \ 1154 ENABLE_FEAT_S2PIE \ 1155 ENABLE_FEAT_S1PIE \ 1156 ENABLE_FEAT_S2POE \ 1157 ENABLE_FEAT_S1POE \ 1158 ENABLE_FEAT_SCTLR2 \ 1159 ENABLE_FEAT_D128 \ 1160 ENABLE_FEAT_GCS \ 1161 ENABLE_FEAT_MOPS \ 1162 ENABLE_FEAT_GCIE \ 1163 ENABLE_FEAT_MTE2 \ 1164 FEATURE_DETECTION \ 1165 TWED_DELAY \ 1166 ENABLE_FEAT_TWED \ 1167 CONDITIONAL_CMO \ 1168 IMPDEF_SYSREG_TRAP \ 1169 SVE_VECTOR_LEN \ 1170 ENABLE_SPMD_LP \ 1171 PSA_CRYPTO \ 1172 ENABLE_CONSOLE_GETC \ 1173 INIT_UNUSED_NS_EL2 \ 1174 PLATFORM_REPORT_CTX_MEM_USE \ 1175 EARLY_CONSOLE \ 1176 PRESERVE_DSU_PMU_REGS \ 1177 HOB_LIST \ 1178 LFA_SUPPORT \ 1179))) 1180 1181ifeq (${PLATFORM_REPORT_CTX_MEM_USE}, 1) 1182ifeq (${DEBUG}, 0) 1183 $(warning "PLATFORM_REPORT_CTX_MEM_USE can be applied when DEBUG=1 only") 1184 override PLATFORM_REPORT_CTX_MEM_USE := 0 1185endif 1186endif 1187 1188ifeq (${SANITIZE_UB},trap) 1189 $(eval $(call add_define,MONITOR_TRAPS)) 1190endif #(SANITIZE_UB) 1191 1192# Define the EL3_PAYLOAD_BASE flag only if it is provided. 1193ifdef EL3_PAYLOAD_BASE 1194 $(eval $(call add_define,EL3_PAYLOAD_BASE)) 1195else 1196# Define the PRELOADED_BL33_BASE flag only if it is provided and 1197# EL3_PAYLOAD_BASE is not defined, as it has priority. 1198 ifdef PRELOADED_BL33_BASE 1199 $(eval $(call add_define,PRELOADED_BL33_BASE)) 1200 endif 1201endif #(EL3_PAYLOAD_BASE) 1202 1203# Define the DYN_DISABLE_AUTH flag only if set. 1204ifeq (${DYN_DISABLE_AUTH},1) 1205 $(eval $(call add_define,DYN_DISABLE_AUTH)) 1206endif 1207 1208ifeq ($($(ARCH)-ld-id),arm-link) 1209 $(eval $(call add_define,USE_ARM_LINK)) 1210endif 1211 1212# Generate and include sp_gen.mk if SPD is spmd and SP_LAYOUT_FILE is defined 1213ifeq (${SPD},spmd) 1214ifdef SP_LAYOUT_FILE 1215 -include $(BUILD_PLAT)/sp_gen.mk 1216 FIP_DEPS += sp 1217 CRT_DEPS += sp 1218 NEED_SP_PKG := yes 1219else 1220 ifeq (${SPMD_SPM_AT_SEL2},1) 1221 $(error "SPMD with SPM at S-EL2 require SP_LAYOUT_FILE") 1222 endif 1223endif #(SP_LAYOUT_FILE) 1224endif #(SPD) 1225 1226################################################################################ 1227# Build targets 1228################################################################################ 1229 1230.PHONY: all msg_start clean realclean distclean cscope locate-checkpatch checkcodebase checkpatch fiptool sptool fip sp tl fwu_fip certtool dtbs memmap doc enctool 1231 1232all: msg_start 1233 1234msg_start: 1235 $(s)echo "Building ${PLAT}" 1236 1237ifeq (${ERROR_DEPRECATED},0) 1238# Check if deprecated declarations and cpp warnings should be treated as error or not. 1239ifneq ($(filter %-clang,$($(ARCH)-cc-id)),) 1240 CPPFLAGS += -Wno-error=deprecated-declarations 1241else 1242 CPPFLAGS += -Wno-error=deprecated-declarations -Wno-error=cpp 1243endif 1244endif #(!ERROR_DEPRECATED) 1245 1246$(eval $(call MAKE_LIB,c)) 1247 1248# Expand build macros for the different images 1249ifeq (${NEED_BL1},yes) 1250BL1_SOURCES := $(sort ${BL1_SOURCES}) 1251$(eval $(call MAKE_BL,bl1)) 1252endif #(NEED_BL1) 1253 1254ifeq (${NEED_BL2},yes) 1255 1256ifeq (${RESET_TO_BL2}, 0) 1257FIP_BL2_ARGS := tb-fw 1258endif 1259 1260BL2_SOURCES := $(sort ${BL2_SOURCES}) 1261 1262$(if ${BL2}, $(eval $(call TOOL_ADD_IMG,bl2,--${FIP_BL2_ARGS})),\ 1263 $(eval $(call MAKE_BL,bl2,${FIP_BL2_ARGS}))) 1264 1265endif #(NEED_BL2) 1266 1267ifeq (${NEED_SCP_BL2},yes) 1268$(eval $(call TOOL_ADD_IMG,scp_bl2,--scp-fw)) 1269endif #(NEED_SCP_BL2) 1270 1271ifeq (${NEED_BL31},yes) 1272BL31_SOURCES += ${SPD_SOURCES} 1273# Sort BL31 source files to remove duplicates 1274BL31_SOURCES := $(sort ${BL31_SOURCES}) 1275ifneq (${DECRYPTION_SUPPORT},none) 1276$(if ${BL31}, $(eval $(call TOOL_ADD_IMG,bl31,--soc-fw,,$(ENCRYPT_BL31))),\ 1277 $(eval $(call MAKE_BL,bl31,soc-fw,,$(ENCRYPT_BL31)))) 1278else 1279$(if ${BL31}, $(eval $(call TOOL_ADD_IMG,bl31,--soc-fw)),\ 1280 $(eval $(call MAKE_BL,bl31,soc-fw))) 1281endif #(DECRYPTION_SUPPORT) 1282endif #(NEED_BL31) 1283 1284# If a BL32 image is needed but neither BL32 nor BL32_SOURCES is defined, the 1285# build system will call TOOL_ADD_IMG to print a warning message and abort the 1286# process. Note that the dependency on BL32 applies to the FIP only. 1287ifeq (${NEED_BL32},yes) 1288# Sort BL32 source files to remove duplicates 1289BL32_SOURCES := $(sort ${BL32_SOURCES}) 1290BUILD_BL32 := $(if $(BL32),,$(if $(BL32_SOURCES),1)) 1291 1292ifneq (${DECRYPTION_SUPPORT},none) 1293$(if ${BUILD_BL32}, $(eval $(call MAKE_BL,bl32,tos-fw,,$(ENCRYPT_BL32))),\ 1294 $(eval $(call TOOL_ADD_IMG,bl32,--tos-fw,,$(ENCRYPT_BL32)))) 1295else 1296$(if ${BUILD_BL32}, $(eval $(call MAKE_BL,bl32,tos-fw)),\ 1297 $(eval $(call TOOL_ADD_IMG,bl32,--tos-fw))) 1298endif #(DECRYPTION_SUPPORT) 1299endif #(NEED_BL32) 1300 1301# If RMM image is needed but RMM is not defined, Test Realm Payload (TRP) 1302# needs to be built from RMM_SOURCES. 1303ifeq (${NEED_RMM},yes) 1304# Sort RMM source files to remove duplicates 1305RMM_SOURCES := $(sort ${RMM_SOURCES}) 1306BUILD_RMM := $(if $(RMM),,$(if $(RMM_SOURCES),1)) 1307 1308$(if ${BUILD_RMM}, $(eval $(call MAKE_BL,rmm,rmm-fw)),\ 1309 $(eval $(call TOOL_ADD_IMG,rmm,--rmm-fw))) 1310endif #(NEED_RMM) 1311 1312# Add the BL33 image if required by the platform 1313ifeq (${NEED_BL33},yes) 1314$(eval $(call TOOL_ADD_IMG,bl33,--nt-fw)) 1315endif #(NEED_BL33) 1316 1317ifeq (${NEED_BL2U},yes) 1318$(if ${BL2U}, $(eval $(call TOOL_ADD_IMG,bl2u,--ap-fwu-cfg,FWU_)),\ 1319 $(eval $(call MAKE_BL,bl2u,ap-fwu-cfg,FWU_))) 1320endif #(NEED_BL2U) 1321 1322# Expand build macros for the different images 1323ifeq (${NEED_FDT},yes) 1324 $(eval $(call MAKE_DTBS,$(BUILD_PLAT)/fdts,$(FDT_SOURCES))) 1325 1326 ifneq (${INITRD_SIZE}${INITRD_PATH},) 1327 ifndef INITRD_BASE 1328 $(error INITRD_BASE must be set when inserting initrd properties to the DTB.) 1329 endif 1330 1331 INITRD_SIZE ?= $(shell printf "0x%x\n" $$(stat -Lc %s $(INITRD_PATH))) 1332 initrd_end = $(shell printf "0x%x\n" $$(expr $$(($(INITRD_BASE) + $(INITRD_SIZE))))) 1333 1334 define $(HW_CONFIG)-after += 1335 $(s)echo " INITRD $(HW_CONFIG)" 1336 $(q)fdtput -t x $@ /chosen linux,initrd-start $(INITRD_BASE) 1337 $(q)fdtput -t x $@ /chosen linux,initrd-end $(initrd_end) 1338 endef 1339 endif 1340endif #(NEED_FDT) 1341 1342# Add Secure Partition packages 1343ifeq (${NEED_SP_PKG},yes) 1344$(BUILD_PLAT)/sp_gen.mk: ${SP_MK_GEN} ${SP_LAYOUT_FILE} | $$(@D)/ 1345 $(if $(host-poetry),$(q)poetry -q install --no-root) 1346 $(q)$(if $(host-poetry),poetry run )${PYTHON} "$<" "$@" $(filter-out $<,$^) $(BUILD_PLAT) ${COT} ${SP_DTS_LIST_FRAGMENT} 1347sp: $(DTBS) $(BUILD_PLAT)/sp_gen.mk $(SP_PKGS) 1348 $(s)echo 1349 $(s)echo "Built SP Images successfully" 1350 $(s)echo 1351endif #(NEED_SP_PKG) 1352 1353locate-checkpatch: 1354ifndef CHECKPATCH 1355 $(error "Please set CHECKPATCH to point to the Linux checkpatch.pl file, eg: CHECKPATCH=../linux/scripts/checkpatch.pl") 1356else 1357ifeq (,$(wildcard ${CHECKPATCH})) 1358 $(error "The file CHECKPATCH points to cannot be found, use eg: CHECKPATCH=../linux/scripts/checkpatch.pl") 1359endif 1360endif #(CHECKPATCH) 1361 1362clean: 1363 $(s)echo " CLEAN" 1364 $(q)rm -rf $(BUILD_PLAT) 1365 $(q)${MAKE} PLAT=${PLAT} BUILD_PLAT=${BUILD_PLAT} --no-print-directory -C ${FIPTOOLPATH} clean 1366 $(q)rm -rf ${FIPTOOLPATH}/fiptool 1367 $(q)${MAKE} PLAT=${PLAT} BUILD_PLAT=${BUILD_PLAT} --no-print-directory -C ${CRTTOOLPATH} clean 1368 $(q)rm -rf ${CRTTOOLPATH}/cert_create 1369 $(q)${MAKE} PLAT=${PLAT} BUILD_PLAT=${BUILD_PLAT} --no-print-directory -C ${ENCTOOLPATH} clean 1370 $(q)${MAKE} --no-print-directory -C ${ROMLIBPATH} clean 1371 1372realclean distclean: 1373 $(s)echo " REALCLEAN" 1374 $(q)rm -rf $(BUILD_BASE) 1375 $(q)rm -rf $(CURDIR)/cscope.* 1376 $(q)${MAKE} PLAT=${PLAT} BUILD_PLAT=${BUILD_PLAT} --no-print-directory -C ${FIPTOOLPATH} clean 1377 $(q)rm -rf ${FIPTOOLPATH}/fiptool 1378 $(q)${MAKE} PLAT=${PLAT} BUILD_PLAT=${BUILD_PLAT} --no-print-directory -C ${CRTTOOLPATH} clean 1379 $(q)rm -rf ${CRTTOOLPATH}/cert_create 1380 $(q)${MAKE} PLAT=${PLAT} BUILD_PLAT=${BUILD_PLAT} --no-print-directory -C ${ENCTOOLPATH} clean 1381 $(q)${MAKE} --no-print-directory -C ${ROMLIBPATH} clean 1382 1383checkcodebase: locate-checkpatch 1384 $(s)echo " CHECKING STYLE" 1385 $(q)if test -d .git ; then \ 1386 git ls-files | grep -E -v 'libfdt|libc|docs|\.rst' | \ 1387 while read GIT_FILE ; \ 1388 do ${CHECKPATCH} ${CHECKCODE_ARGS} -f $$GIT_FILE ; \ 1389 done ; \ 1390 else \ 1391 find . -type f -not -iwholename "*.git*" \ 1392 -not -iwholename "*build*" \ 1393 -not -iwholename "*libfdt*" \ 1394 -not -iwholename "*libc*" \ 1395 -not -iwholename "*docs*" \ 1396 -not -iwholename "*.rst" \ 1397 -exec ${CHECKPATCH} ${CHECKCODE_ARGS} -f {} \; ; \ 1398 fi 1399 1400checkpatch: locate-checkpatch 1401 $(s)echo " CHECKING STYLE" 1402 $(q)if test -n "${CHECKPATCH_OPTS}"; then \ 1403 echo " with ${CHECKPATCH_OPTS} option(s)"; \ 1404 fi 1405 $(q)COMMON_COMMIT=$$(git merge-base HEAD ${BASE_COMMIT}); \ 1406 for commit in `git rev-list --no-merges $$COMMON_COMMIT..HEAD`; \ 1407 do \ 1408 printf "\n[*] Checking style of '$$commit'\n\n"; \ 1409 ( git log --format=email "$$commit~..$$commit" \ 1410 -- ${CHECK_PATHS} ; \ 1411 git diff --format=email "$$commit~..$$commit" \ 1412 -- ${CHECK_PATHS}; ) | \ 1413 ${CHECKPATCH} ${CHECKPATCH_OPTS} - || true; \ 1414 done 1415 1416certtool: ${CRTTOOL} 1417 1418${CRTTOOL}: FORCE 1419 $(q)${MAKE} PLAT=${PLAT} BUILD_PLAT=$(abspath ${BUILD_PLAT}) USE_TBBR_DEFS=${USE_TBBR_DEFS} COT=${COT} OPENSSL_DIR=${OPENSSL_DIR} DEBUG=${DEBUG} --no-print-directory -C ${CRTTOOLPATH} all 1420 $(q)ln -sf ${CRTTOOL} ${CRTTOOLPATH}/cert_create 1421 $(s)echo 1422 $(s)echo "Built $@ successfully" 1423 $(s)echo 1424 1425ifneq (${GENERATE_COT},0) 1426certificates: ${CRT_DEPS} ${CRTTOOL} ${DTBS} 1427 $(q)${CRTTOOL} ${CRT_ARGS} 1428 $(s)echo 1429 $(s)echo "Built $@ successfully" 1430 $(s)echo "Certificates can be found in ${BUILD_PLAT}" 1431 $(s)echo 1432endif #(GENERATE_COT) 1433 1434${BUILD_PLAT}/${FIP_NAME}: ${FIP_DEPS} ${FIPTOOL} 1435 $(eval ${CHECK_FIP_CMD}) 1436 $(q)${FIPTOOL} create ${FIP_ARGS} $@ 1437 $(q)${FIPTOOL} info $@ 1438 $(s)echo 1439 $(s)echo "Built $@ successfully" 1440 $(s)echo 1441 1442ifneq (${GENERATE_COT},0) 1443fwu_certificates: ${FWU_CRT_DEPS} ${CRTTOOL} 1444 $(q)${CRTTOOL} ${FWU_CRT_ARGS} 1445 $(s)echo 1446 $(s)echo "Built $@ successfully" 1447 $(s)echo "FWU certificates can be found in ${BUILD_PLAT}" 1448 $(s)echo 1449endif #(GENERATE_COT) 1450 1451${BUILD_PLAT}/${FWU_FIP_NAME}: ${FWU_FIP_DEPS} ${FIPTOOL} 1452 $(eval ${CHECK_FWU_FIP_CMD}) 1453 $(q)${FIPTOOL} create ${FWU_FIP_ARGS} $@ 1454 $(q)${FIPTOOL} info $@ 1455 $(s)echo 1456 $(s)echo "Built $@ successfully" 1457 $(s)echo 1458 1459fiptool: ${FIPTOOL} 1460fip: ${BUILD_PLAT}/${FIP_NAME} 1461fwu_fip: ${BUILD_PLAT}/${FWU_FIP_NAME} 1462 1463# symlink for compatibility before tools were in the build directory 1464${FIPTOOL}: FORCE 1465 $(q)${MAKE} PLAT=${PLAT} BUILD_PLAT=$(abspath ${BUILD_PLAT}) CPPFLAGS="-DVERSION='\"${VERSION_STRING}\"'" OPENSSL_DIR=${OPENSSL_DIR} DEBUG=${DEBUG} --no-print-directory -C ${FIPTOOLPATH} all 1466 $(q)ln -sf ${FIPTOOL} ${FIPTOOLPATH}/fiptool 1467 1468$(BUILD_PLAT)/romlib/romlib.bin $(BUILD_PLAT)/lib/libwrappers.a $&: $(BUILD_PLAT)/lib/libfdt.a $(BUILD_PLAT)/lib/libc.a $(CRYPTO_LIB) 1469 $(q)${MAKE} PLAT_DIR=${PLAT_DIR} BUILD_PLAT=${BUILD_PLAT} ENABLE_BTI=${ENABLE_BTI} CRYPTO_SUPPORT=${CRYPTO_SUPPORT} ARM_ARCH_MINOR=${ARM_ARCH_MINOR} INCLUDES=$(call escape-shell,$(INCLUDES)) DEFINES=$(call escape-shell,$(DEFINES)) --no-print-directory -C ${ROMLIBPATH} all 1470 1471memmap: all 1472 $(if $(host-poetry),$(q)poetry -q install --no-root) 1473 $(q)$(if $(host-poetry),poetry run )memory symbols --root ${BUILD_PLAT} 1474 1475tl: ${BUILD_PLAT}/tl.bin 1476${BUILD_PLAT}/tl.bin: ${HW_CONFIG} 1477 $(if $(host-poetry),$(q)poetry -q install --no-root) 1478 $(q)$(if $(host-poetry),poetry run )tlc create --fdt $< -s ${FW_HANDOFF_SIZE} $@ 1479 1480doc: 1481 $(s)echo " BUILD DOCUMENTATION" 1482 $(if $(host-poetry),$(q)poetry -q install --with docs --no-root) 1483 $(q)$(if $(host-poetry),poetry run )${MAKE} --no-print-directory -C ${DOCS_PATH} html 1484 1485enctool: ${ENCTOOL} 1486 1487${ENCTOOL}: FORCE 1488 $(q)${MAKE} PLAT=${PLAT} BUILD_PLAT=$(abspath ${BUILD_PLAT}) BUILD_INFO=0 OPENSSL_DIR=${OPENSSL_DIR} DEBUG=${DEBUG} --no-print-directory -C ${ENCTOOLPATH} all 1489 $(s)echo 1490 $(s)echo "Built $@ successfully" 1491 $(s)echo 1492 1493cscope: 1494 $(s)echo " CSCOPE" 1495 $(q)find ${CURDIR} -name "*.[chsS]" > cscope.files 1496 $(q)cscope -b -q -k 1497 1498help: 1499 $(s)echo "usage: ${MAKE} [PLAT=<platform>] [OPTIONS] [TARGET]" 1500 $(s)echo "" 1501 $(s)echo "PLAT is used to specify which platform you wish to build." 1502 $(s)echo "If no platform is specified, PLAT defaults to: ${DEFAULT_PLAT}" 1503 $(s)echo "" 1504 $(s)echo "platform = ${PLATFORM_LIST}" 1505 $(s)echo "" 1506 $(s)echo "Please refer to the User Guide for a list of all supported options." 1507 $(s)echo "Note that the build system doesn't track dependencies for build " 1508 $(s)echo "options. Therefore, if any of the build options are changed " 1509 $(s)echo "from a previous build, a clean build must be performed." 1510 $(s)echo "" 1511 $(s)echo "Supported Targets:" 1512 $(s)echo " all Build all individual bootloader binaries" 1513 $(s)echo " bl1 Build the BL1 binary" 1514 $(s)echo " bl2 Build the BL2 binary" 1515 $(s)echo " bl2u Build the BL2U binary" 1516 $(s)echo " bl31 Build the BL31 binary" 1517 $(s)echo " bl32 Build the BL32 binary. If ARCH=aarch32, then " 1518 $(s)echo " this builds secure payload specified by AARCH32_SP" 1519 $(s)echo " certificates Build the certificates (requires 'GENERATE_COT=1')" 1520 $(s)echo " fip Build the Firmware Image Package (FIP)" 1521 $(s)echo " fwu_fip Build the FWU Firmware Image Package (FIP)" 1522 $(s)echo " checkcodebase Check the coding style of the entire source tree" 1523 $(s)echo " checkpatch Check the coding style on changes in the current" 1524 $(s)echo " branch against BASE_COMMIT (default origin/master)" 1525 $(s)echo " clean Clean the build for the selected platform" 1526 $(s)echo " cscope Generate cscope index" 1527 $(s)echo " distclean Remove all build artifacts for all platforms" 1528 $(s)echo " certtool Build the Certificate generation tool" 1529 $(s)echo " enctool Build the Firmware encryption tool" 1530 $(s)echo " fiptool Build the Firmware Image Package (FIP) creation tool" 1531 $(s)echo " sp Build the Secure Partition Packages" 1532 $(s)echo " sptool Build the Secure Partition Package creation tool" 1533 $(s)echo " dtbs Build the Device Tree Blobs (if required for the platform)" 1534 $(s)echo " memmap Print the memory map of the built binaries" 1535 $(s)echo " doc Build html based documentation using Sphinx tool" 1536 $(s)echo "" 1537 $(s)echo "Note: most build targets require PLAT to be set to a specific platform." 1538 $(s)echo "" 1539 $(s)echo "example: build all targets for the FVP platform:" 1540 $(s)echo " CROSS_COMPILE=aarch64-none-elf- make PLAT=fvp all" 1541 1542.PHONY: FORCE 1543FORCE:; 1544