1# 2# Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved. 3# 4# SPDX-License-Identifier: BSD-3-Clause 5# 6 7# 8# Trusted Firmware Version 9# 10VERSION_MAJOR := 2 11VERSION_MINOR := 7 12 13# Default goal is build all images 14.DEFAULT_GOAL := all 15 16# Avoid any implicit propagation of command line variable definitions to 17# sub-Makefiles, like CFLAGS that we reserved for the firmware images' 18# usage. Other command line options like "-s" are still propagated as usual. 19MAKEOVERRIDES = 20 21MAKE_HELPERS_DIRECTORY := make_helpers/ 22include ${MAKE_HELPERS_DIRECTORY}build_macros.mk 23include ${MAKE_HELPERS_DIRECTORY}build_env.mk 24 25################################################################################ 26# Default values for build configurations, and their dependencies 27################################################################################ 28 29include ${MAKE_HELPERS_DIRECTORY}defaults.mk 30 31# Assertions enabled for DEBUG builds by default 32ENABLE_ASSERTIONS := ${DEBUG} 33ENABLE_PMF := ${ENABLE_RUNTIME_INSTRUMENTATION} 34PLAT := ${DEFAULT_PLAT} 35 36################################################################################ 37# Checkpatch script options 38################################################################################ 39 40CHECKCODE_ARGS := --no-patch 41# Do not check the coding style on imported library files or documentation files 42INC_ARM_DIRS_TO_CHECK := $(sort $(filter-out \ 43 include/drivers/arm/cryptocell, \ 44 $(wildcard include/drivers/arm/*))) 45INC_ARM_DIRS_TO_CHECK += include/drivers/arm/cryptocell/*.h 46INC_DRV_DIRS_TO_CHECK := $(sort $(filter-out \ 47 include/drivers/arm, \ 48 $(wildcard include/drivers/*))) 49INC_LIB_DIRS_TO_CHECK := $(sort $(filter-out \ 50 include/lib/libfdt \ 51 include/lib/libc, \ 52 $(wildcard include/lib/*))) 53INC_DIRS_TO_CHECK := $(sort $(filter-out \ 54 include/lib \ 55 include/drivers, \ 56 $(wildcard include/*))) 57LIB_DIRS_TO_CHECK := $(sort $(filter-out \ 58 lib/compiler-rt \ 59 lib/libfdt% \ 60 lib/libc, \ 61 $(wildcard lib/*))) 62ROOT_DIRS_TO_CHECK := $(sort $(filter-out \ 63 lib \ 64 include \ 65 docs \ 66 %.rst, \ 67 $(wildcard *))) 68CHECK_PATHS := ${ROOT_DIRS_TO_CHECK} \ 69 ${INC_DIRS_TO_CHECK} \ 70 ${INC_LIB_DIRS_TO_CHECK} \ 71 ${LIB_DIRS_TO_CHECK} \ 72 ${INC_DRV_DIRS_TO_CHECK} \ 73 ${INC_ARM_DIRS_TO_CHECK} 74 75 76################################################################################ 77# Process build options 78################################################################################ 79 80# Verbose flag 81ifeq (${V},0) 82 Q:=@ 83 ECHO:=@echo 84 CHECKCODE_ARGS += --no-summary --terse 85else 86 Q:= 87 ECHO:=$(ECHO_QUIET) 88endif 89 90ifneq ($(findstring s,$(filter-out --%,$(MAKEFLAGS))),) 91 Q:=@ 92 ECHO:=$(ECHO_QUIET) 93endif 94 95export Q ECHO 96 97# The cert_create tool cannot generate certificates individually, so we use the 98# target 'certificates' to create them all 99ifneq (${GENERATE_COT},0) 100 FIP_DEPS += certificates 101 FWU_FIP_DEPS += fwu_certificates 102endif 103 104# Process BRANCH_PROTECTION value and set 105# Pointer Authentication and Branch Target Identification flags 106ifeq (${BRANCH_PROTECTION},0) 107 # Default value turns off all types of branch protection 108 BP_OPTION := none 109else ifneq (${ARCH},aarch64) 110 $(error BRANCH_PROTECTION requires AArch64) 111else ifeq (${BRANCH_PROTECTION},1) 112 # Enables all types of branch protection features 113 BP_OPTION := standard 114 ENABLE_BTI := 1 115 ENABLE_PAUTH := 1 116else ifeq (${BRANCH_PROTECTION},2) 117 # Return address signing to its standard level 118 BP_OPTION := pac-ret 119 ENABLE_PAUTH := 1 120else ifeq (${BRANCH_PROTECTION},3) 121 # Extend the signing to include leaf functions 122 BP_OPTION := pac-ret+leaf 123 ENABLE_PAUTH := 1 124else ifeq (${BRANCH_PROTECTION},4) 125 # Turn on branch target identification mechanism 126 BP_OPTION := bti 127 ENABLE_BTI := 1 128else 129 $(error Unknown BRANCH_PROTECTION value ${BRANCH_PROTECTION}) 130endif 131 132# FEAT_RME 133ifeq (${ENABLE_RME},1) 134# RME doesn't support PIE 135ifneq (${ENABLE_PIE},0) 136 $(error ENABLE_RME does not support PIE) 137endif 138# RME doesn't support BRBE 139ifneq (${ENABLE_BRBE_FOR_NS},0) 140 $(error ENABLE_RME does not support BRBE.) 141endif 142# RME requires AARCH64 143ifneq (${ARCH},aarch64) 144 $(error ENABLE_RME requires AArch64) 145endif 146# RME requires el2 context to be saved for now. 147CTX_INCLUDE_EL2_REGS := 1 148CTX_INCLUDE_AARCH32_REGS := 0 149ARM_ARCH_MAJOR := 8 150ARM_ARCH_MINOR := 6 151endif 152 153# USE_SPINLOCK_CAS requires AArch64 build 154ifeq (${USE_SPINLOCK_CAS},1) 155ifneq (${ARCH},aarch64) 156 $(error USE_SPINLOCK_CAS requires AArch64) 157endif 158endif 159 160# USE_DEBUGFS experimental feature recommended only in debug builds 161ifeq (${USE_DEBUGFS},1) 162ifeq (${DEBUG},1) 163 $(warning DEBUGFS experimental feature is enabled.) 164else 165 $(warning DEBUGFS experimental, recommended in DEBUG builds ONLY) 166endif 167endif 168 169ifneq (${DECRYPTION_SUPPORT},none) 170ENC_ARGS += -f ${FW_ENC_STATUS} 171ENC_ARGS += -k ${ENC_KEY} 172ENC_ARGS += -n ${ENC_NONCE} 173FIP_DEPS += enctool 174FWU_FIP_DEPS += enctool 175endif 176 177################################################################################ 178# Toolchain 179################################################################################ 180 181HOSTCC := gcc 182export HOSTCC 183 184CC := ${CROSS_COMPILE}gcc 185CPP := ${CROSS_COMPILE}cpp 186AS := ${CROSS_COMPILE}gcc 187AR := ${CROSS_COMPILE}ar 188LINKER := ${CROSS_COMPILE}ld 189OC := ${CROSS_COMPILE}objcopy 190OD := ${CROSS_COMPILE}objdump 191NM := ${CROSS_COMPILE}nm 192PP := ${CROSS_COMPILE}gcc -E 193DTC := dtc 194 195# Use ${LD}.bfd instead if it exists (as absolute path or together with $PATH). 196ifneq ($(strip $(wildcard ${LD}.bfd) \ 197 $(foreach dir,$(subst :, ,${PATH}),$(wildcard ${dir}/${LINKER}.bfd))),) 198LINKER := ${LINKER}.bfd 199endif 200 201ifeq (${ARM_ARCH_MAJOR},7) 202target32-directive = -target arm-none-eabi 203# Will set march32-directive from platform configuration 204else 205target32-directive = -target armv8a-none-eabi 206 207# Set the compiler's target architecture profile based on 208# ARM_ARCH_MAJOR ARM_ARCH_MINOR options 209ifeq (${ARM_ARCH_MINOR},0) 210march32-directive = -march=armv${ARM_ARCH_MAJOR}-a 211march64-directive = -march=armv${ARM_ARCH_MAJOR}-a 212else 213march32-directive = -march=armv${ARM_ARCH_MAJOR}.${ARM_ARCH_MINOR}-a 214march64-directive = -march=armv${ARM_ARCH_MAJOR}.${ARM_ARCH_MINOR}-a 215endif 216endif 217 218# Memory tagging is supported in architecture Armv8.5-A AArch64 and onwards 219ifeq ($(ARCH), aarch64) 220# Check if revision is greater than or equal to 8.5 221ifeq "8.5" "$(word 1, $(sort 8.5 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))" 222mem_tag_arch_support = yes 223endif 224endif 225 226# Get architecture feature modifiers 227arch-features = ${ARM_ARCH_FEATURE} 228 229# Enable required options for memory stack tagging. 230# Currently, these options are enabled only for clang and armclang compiler. 231ifeq (${SUPPORT_STACK_MEMTAG},yes) 232ifdef mem_tag_arch_support 233# Check for armclang and clang compilers 234ifneq ( ,$(filter $(notdir $(CC)),armclang clang)) 235# Add "memtag" architecture feature modifier if not specified 236ifeq ( ,$(findstring memtag,$(arch-features))) 237arch-features := $(arch-features)+memtag 238endif # memtag 239ifeq ($(notdir $(CC)),armclang) 240TF_CFLAGS += -mmemtag-stack 241else ifeq ($(notdir $(CC)),clang) 242TF_CFLAGS += -fsanitize=memtag 243endif # armclang 244endif # armclang clang 245else 246$(error "Error: stack memory tagging is not supported for architecture \ 247 ${ARCH},armv${ARM_ARCH_MAJOR}.${ARM_ARCH_MINOR}-a") 248endif # mem_tag_arch_support 249endif # SUPPORT_STACK_MEMTAG 250 251# Set the compiler's architecture feature modifiers 252ifneq ($(arch-features), none) 253# Strip "none+" from arch-features 254arch-features := $(subst none+,,$(arch-features)) 255ifeq ($(ARCH), aarch32) 256march32-directive := $(march32-directive)+$(arch-features) 257else 258march64-directive := $(march64-directive)+$(arch-features) 259endif 260# Print features 261$(info Arm Architecture Features specified: $(subst +, ,$(arch-features))) 262endif # arch-features 263 264# Determine if FEAT_RNG is supported 265ENABLE_FEAT_RNG = $(if $(findstring rng,${arch-features}),1,0) 266 267# Determine if FEAT_SB is supported 268ENABLE_FEAT_SB = $(if $(findstring sb,${arch-features}),1,0) 269 270ifneq ($(findstring clang,$(notdir $(CC))),) 271 ifneq ($(findstring armclang,$(notdir $(CC))),) 272 TF_CFLAGS_aarch32 := -target arm-arm-none-eabi $(march32-directive) 273 TF_CFLAGS_aarch64 := -target aarch64-arm-none-eabi $(march64-directive) 274 LD := $(LINKER) 275 else 276 TF_CFLAGS_aarch32 := $(target32-directive) $(march32-directive) 277 TF_CFLAGS_aarch64 := -target aarch64-elf $(march64-directive) 278 LD := $(shell $(CC) --print-prog-name ld.lld) 279 280 AR := $(shell $(CC) --print-prog-name llvm-ar) 281 OD := $(shell $(CC) --print-prog-name llvm-objdump) 282 OC := $(shell $(CC) --print-prog-name llvm-objcopy) 283 endif 284 285 CPP := $(CC) -E $(TF_CFLAGS_$(ARCH)) 286 PP := $(CC) -E $(TF_CFLAGS_$(ARCH)) 287 AS := $(CC) -c -x assembler-with-cpp $(TF_CFLAGS_$(ARCH)) 288else ifneq ($(findstring gcc,$(notdir $(CC))),) 289TF_CFLAGS_aarch32 = $(march32-directive) 290TF_CFLAGS_aarch64 = $(march64-directive) 291ifeq ($(ENABLE_LTO),1) 292 # Enable LTO only for aarch64 293 ifeq (${ARCH},aarch64) 294 LTO_CFLAGS = -flto 295 # Use gcc as a wrapper for the ld, recommended for LTO 296 LINKER := ${CROSS_COMPILE}gcc 297 endif 298endif 299LD = $(LINKER) 300else 301TF_CFLAGS_aarch32 = $(march32-directive) 302TF_CFLAGS_aarch64 = $(march64-directive) 303LD = $(LINKER) 304endif 305 306# Process Debug flag 307$(eval $(call add_define,DEBUG)) 308ifneq (${DEBUG}, 0) 309 BUILD_TYPE := debug 310 TF_CFLAGS += -g -gdwarf-4 311 ASFLAGS += -g -Wa,-gdwarf-4 312 313 # Use LOG_LEVEL_INFO by default for debug builds 314 LOG_LEVEL := 40 315else 316 BUILD_TYPE := release 317 # Use LOG_LEVEL_NOTICE by default for release builds 318 LOG_LEVEL := 20 319endif 320 321# Default build string (git branch and commit) 322ifeq (${BUILD_STRING},) 323 BUILD_STRING := $(shell git describe --always --dirty --tags 2> /dev/null) 324endif 325VERSION_STRING := v${VERSION_MAJOR}.${VERSION_MINOR}(${BUILD_TYPE}):${BUILD_STRING} 326 327ifeq (${AARCH32_INSTRUCTION_SET},A32) 328TF_CFLAGS_aarch32 += -marm 329else ifeq (${AARCH32_INSTRUCTION_SET},T32) 330TF_CFLAGS_aarch32 += -mthumb 331else 332$(error Error: Unknown AArch32 instruction set ${AARCH32_INSTRUCTION_SET}) 333endif 334 335TF_CFLAGS_aarch32 += -mno-unaligned-access 336TF_CFLAGS_aarch64 += -mgeneral-regs-only -mstrict-align 337 338ifneq (${BP_OPTION},none) 339TF_CFLAGS_aarch64 += -mbranch-protection=${BP_OPTION} 340endif 341 342ASFLAGS_aarch32 = $(march32-directive) 343ASFLAGS_aarch64 = $(march64-directive) 344 345# General warnings 346WARNINGS := -Wall -Wmissing-include-dirs -Wunused \ 347 -Wdisabled-optimization -Wvla -Wshadow \ 348 -Wno-unused-parameter -Wredundant-decls 349 350# Additional warnings 351# Level 1 352WARNING1 := -Wextra 353WARNING1 += -Wmissing-format-attribute 354WARNING1 += -Wmissing-prototypes 355WARNING1 += -Wold-style-definition 356 357# Level 2 358WARNING2 := -Waggregate-return 359WARNING2 += -Wcast-align 360WARNING2 += -Wnested-externs 361 362WARNING3 := -Wbad-function-cast 363WARNING3 += -Wcast-qual 364WARNING3 += -Wconversion 365WARNING3 += -Wpacked 366WARNING3 += -Wpointer-arith 367WARNING3 += -Wswitch-default 368 369ifeq (${W},1) 370WARNINGS += $(WARNING1) 371else ifeq (${W},2) 372WARNINGS += $(WARNING1) $(WARNING2) 373else ifeq (${W},3) 374WARNINGS += $(WARNING1) $(WARNING2) $(WARNING3) 375endif 376 377# Compiler specific warnings 378ifeq ($(findstring clang,$(notdir $(CC))),) 379# not using clang 380WARNINGS += -Wunused-but-set-variable -Wmaybe-uninitialized \ 381 -Wpacked-bitfield-compat -Wshift-overflow=2 \ 382 -Wlogical-op 383else 384# using clang 385WARNINGS += -Wshift-overflow -Wshift-sign-overflow \ 386 -Wlogical-op-parentheses 387endif 388 389ifneq (${E},0) 390ERRORS := -Werror 391endif 392 393CPPFLAGS = ${DEFINES} ${INCLUDES} ${MBEDTLS_INC} -nostdinc \ 394 $(ERRORS) $(WARNINGS) 395ASFLAGS += $(CPPFLAGS) $(ASFLAGS_$(ARCH)) \ 396 -ffreestanding -Wa,--fatal-warnings 397TF_CFLAGS += $(CPPFLAGS) $(TF_CFLAGS_$(ARCH)) \ 398 -ffunction-sections -fdata-sections \ 399 -ffreestanding -fno-builtin -fno-common \ 400 -Os -std=gnu99 401 402ifeq (${SANITIZE_UB},on) 403TF_CFLAGS += -fsanitize=undefined -fno-sanitize-recover 404endif 405ifeq (${SANITIZE_UB},trap) 406TF_CFLAGS += -fsanitize=undefined -fno-sanitize-recover \ 407 -fsanitize-undefined-trap-on-error 408endif 409 410GCC_V_OUTPUT := $(shell $(CC) -v 2>&1) 411 412# LD = armlink 413ifneq ($(findstring armlink,$(notdir $(LD))),) 414TF_LDFLAGS += --diag_error=warning --lto_level=O1 415TF_LDFLAGS += --remove --info=unused,unusedsymbols 416TF_LDFLAGS += $(TF_LDFLAGS_$(ARCH)) 417 418# LD = gcc (used when GCC LTO is enabled) 419else ifneq ($(findstring gcc,$(notdir $(LD))),) 420# Pass ld options with Wl or Xlinker switches 421TF_LDFLAGS += -Wl,--fatal-warnings -O1 422TF_LDFLAGS += -Wl,--gc-sections 423ifeq ($(ENABLE_LTO),1) 424 ifeq (${ARCH},aarch64) 425 TF_LDFLAGS += -flto -fuse-linker-plugin 426 endif 427endif 428# GCC automatically adds fix-cortex-a53-843419 flag when used to link 429# which breaks some builds, so disable if errata fix is not explicitly enabled 430ifneq (${ERRATA_A53_843419},1) 431 TF_LDFLAGS += -mno-fix-cortex-a53-843419 432endif 433TF_LDFLAGS += -nostdlib 434TF_LDFLAGS += $(subst --,-Xlinker --,$(TF_LDFLAGS_$(ARCH))) 435 436# LD = gcc-ld (ld) or llvm-ld (ld.lld) or other 437else 438TF_LDFLAGS += --fatal-warnings -O1 439TF_LDFLAGS += --gc-sections 440# ld.lld doesn't recognize the errata flags, 441# therefore don't add those in that case 442ifeq ($(findstring ld.lld,$(notdir $(LD))),) 443TF_LDFLAGS += $(TF_LDFLAGS_$(ARCH)) 444endif 445endif 446 447DTC_FLAGS += -I dts -O dtb 448DTC_CPPFLAGS += -P -nostdinc -Iinclude -Ifdts -undef \ 449 -x assembler-with-cpp $(DEFINES) 450 451################################################################################ 452# Common sources and include directories 453################################################################################ 454include ${MAKE_HELPERS_DIRECTORY}arch_features.mk 455include lib/compiler-rt/compiler-rt.mk 456 457BL_COMMON_SOURCES += common/bl_common.c \ 458 common/tf_log.c \ 459 common/${ARCH}/debug.S \ 460 drivers/console/multi_console.c \ 461 lib/${ARCH}/cache_helpers.S \ 462 lib/${ARCH}/misc_helpers.S \ 463 plat/common/plat_bl_common.c \ 464 plat/common/plat_log_common.c \ 465 plat/common/${ARCH}/plat_common.c \ 466 plat/common/${ARCH}/platform_helpers.S \ 467 ${COMPILER_RT_SRCS} 468 469ifeq ($(notdir $(CC)),armclang) 470BL_COMMON_SOURCES += lib/${ARCH}/armclang_printf.S 471endif 472 473ifeq (${SANITIZE_UB},on) 474BL_COMMON_SOURCES += plat/common/ubsan.c 475endif 476 477INCLUDES += -Iinclude \ 478 -Iinclude/arch/${ARCH} \ 479 -Iinclude/lib/cpus/${ARCH} \ 480 -Iinclude/lib/el3_runtime/${ARCH} \ 481 ${PLAT_INCLUDES} \ 482 ${SPD_INCLUDES} 483 484include common/backtrace/backtrace.mk 485 486################################################################################ 487# Generic definitions 488################################################################################ 489 490include ${MAKE_HELPERS_DIRECTORY}plat_helpers.mk 491 492ifeq (${BUILD_BASE},) 493 BUILD_BASE := ./build 494endif 495BUILD_PLAT := $(abspath ${BUILD_BASE})/${PLAT}/${BUILD_TYPE} 496 497SPDS := $(sort $(filter-out none, $(patsubst services/spd/%,%,$(wildcard services/spd/*)))) 498 499# Platforms providing their own TBB makefile may override this value 500INCLUDE_TBBR_MK := 1 501 502 503################################################################################ 504# Include SPD Makefile if one has been specified 505################################################################################ 506 507ifneq (${SPD},none) 508 ifeq (${ARCH},aarch32) 509 $(error "Error: SPD is incompatible with AArch32.") 510 endif 511 512 ifdef EL3_PAYLOAD_BASE 513 $(warning "SPD and EL3_PAYLOAD_BASE are incompatible build options.") 514 $(warning "The SPD and its BL32 companion will be present but ignored.") 515 endif 516 517 ifeq (${SPD},spmd) 518 # SPMD is located in std_svc directory 519 SPD_DIR := std_svc 520 521 ifeq ($(SPMD_SPM_AT_SEL2),1) 522 ifeq ($(CTX_INCLUDE_EL2_REGS),0) 523 $(error SPMD with SPM at S-EL2 requires CTX_INCLUDE_EL2_REGS option) 524 endif 525 ifeq ($(SPMC_AT_EL3),1) 526 $(error SPM cannot be enabled in both S-EL2 and EL3.) 527 endif 528 endif 529 530 ifeq ($(findstring optee_sp,$(ARM_SPMC_MANIFEST_DTS)),optee_sp) 531 DTC_CPPFLAGS += -DOPTEE_SP_FW_CONFIG 532 endif 533 534 ifeq ($(TS_SP_FW_CONFIG),1) 535 DTC_CPPFLAGS += -DTS_SP_FW_CONFIG 536 endif 537 538 ifneq ($(ARM_BL2_SP_LIST_DTS),) 539 DTC_CPPFLAGS += -DARM_BL2_SP_LIST_DTS=$(ARM_BL2_SP_LIST_DTS) 540 endif 541 542 ifneq ($(SP_LAYOUT_FILE),) 543 BL2_ENABLE_SP_LOAD := 1 544 endif 545 else 546 # All other SPDs in spd directory 547 SPD_DIR := spd 548 endif 549 550 # We expect to locate an spd.mk under the specified SPD directory 551 SPD_MAKE := $(wildcard services/${SPD_DIR}/${SPD}/${SPD}.mk) 552 553 ifeq (${SPD_MAKE},) 554 $(error Error: No services/${SPD_DIR}/${SPD}/${SPD}.mk located) 555 endif 556 $(info Including ${SPD_MAKE}) 557 include ${SPD_MAKE} 558 559 # If there's BL32 companion for the chosen SPD, we expect that the SPD's 560 # Makefile would set NEED_BL32 to "yes". In this case, the build system 561 # supports two mutually exclusive options: 562 # * BL32 is built from source: then BL32_SOURCES must contain the list 563 # of source files to build BL32 564 # * BL32 is a prebuilt binary: then BL32 must point to the image file 565 # that will be included in the FIP 566 # If both BL32_SOURCES and BL32 are defined, the binary takes precedence 567 # over the sources. 568endif 569 570################################################################################ 571# Include rmmd Makefile if RME is enabled 572################################################################################ 573 574ifneq (${ENABLE_RME},0) 575ifneq (${ARCH},aarch64) 576 $(error ENABLE_RME requires AArch64) 577endif 578ifeq ($(SPMC_AT_EL3),1) 579 $(error SPMC_AT_EL3 and ENABLE_RME cannot both be enabled.) 580endif 581include services/std_svc/rmmd/rmmd.mk 582$(warning "RME is an experimental feature") 583endif 584 585################################################################################ 586# Include the platform specific Makefile after the SPD Makefile (the platform 587# makefile may use all previous definitions in this file) 588################################################################################ 589 590include ${PLAT_MAKEFILE_FULL} 591 592$(eval $(call MAKE_PREREQ_DIR,${BUILD_PLAT})) 593 594ifeq (${ARM_ARCH_MAJOR},7) 595include make_helpers/armv7-a-cpus.mk 596endif 597 598PIE_FOUND := $(findstring --enable-default-pie,${GCC_V_OUTPUT}) 599ifneq ($(PIE_FOUND),) 600 TF_CFLAGS += -fno-PIE 601endif 602 603ifneq ($(findstring gcc,$(notdir $(LD))),) 604 PIE_LDFLAGS += -Wl,-pie -Wl,--no-dynamic-linker 605else 606 PIE_LDFLAGS += -pie --no-dynamic-linker 607endif 608 609ifeq ($(ENABLE_PIE),1) 610ifeq ($(BL2_AT_EL3),1) 611ifneq ($(BL2_IN_XIP_MEM),1) 612 BL2_CFLAGS += -fpie 613 BL2_LDFLAGS += $(PIE_LDFLAGS) 614endif 615endif 616 BL31_CFLAGS += -fpie 617 BL31_LDFLAGS += $(PIE_LDFLAGS) 618 BL32_CFLAGS += -fpie 619 BL32_LDFLAGS += $(PIE_LDFLAGS) 620endif 621 622ifeq (${ARCH},aarch64) 623BL1_CPPFLAGS += -DIMAGE_AT_EL3 624ifeq ($(BL2_AT_EL3),1) 625BL2_CPPFLAGS += -DIMAGE_AT_EL3 626else 627BL2_CPPFLAGS += -DIMAGE_AT_EL1 628endif 629BL2U_CPPFLAGS += -DIMAGE_AT_EL1 630BL31_CPPFLAGS += -DIMAGE_AT_EL3 631BL32_CPPFLAGS += -DIMAGE_AT_EL1 632endif 633 634# Include the CPU specific operations makefile, which provides default 635# values for all CPU errata workarounds and CPU specific optimisations. 636# This can be overridden by the platform. 637include lib/cpus/cpu-ops.mk 638 639ifeq (${ARCH},aarch32) 640NEED_BL32 := yes 641 642################################################################################ 643# Build `AARCH32_SP` as BL32 image for AArch32 644################################################################################ 645ifneq (${AARCH32_SP},none) 646# We expect to locate an sp.mk under the specified AARCH32_SP directory 647AARCH32_SP_MAKE := $(wildcard bl32/${AARCH32_SP}/${AARCH32_SP}.mk) 648 649ifeq (${AARCH32_SP_MAKE},) 650 $(error Error: No bl32/${AARCH32_SP}/${AARCH32_SP}.mk located) 651endif 652 653$(info Including ${AARCH32_SP_MAKE}) 654include ${AARCH32_SP_MAKE} 655endif 656 657endif 658 659################################################################################ 660# Include libc if not overridden 661################################################################################ 662ifeq (${OVERRIDE_LIBC},0) 663include lib/libc/libc.mk 664endif 665 666################################################################################ 667# Check incompatible options 668################################################################################ 669 670ifdef EL3_PAYLOAD_BASE 671 ifdef PRELOADED_BL33_BASE 672 $(warning "PRELOADED_BL33_BASE and EL3_PAYLOAD_BASE are \ 673 incompatible build options. EL3_PAYLOAD_BASE has priority.") 674 endif 675 ifneq (${GENERATE_COT},0) 676 $(error "GENERATE_COT and EL3_PAYLOAD_BASE are incompatible build options.") 677 endif 678 ifneq (${TRUSTED_BOARD_BOOT},0) 679 $(error "TRUSTED_BOARD_BOOT and EL3_PAYLOAD_BASE are incompatible build options.") 680 endif 681endif 682 683ifeq (${NEED_BL33},yes) 684 ifdef EL3_PAYLOAD_BASE 685 $(warning "BL33 image is not needed when option \ 686 BL33_PAYLOAD_BASE is used and won't be added to the FIP file.") 687 endif 688 ifdef PRELOADED_BL33_BASE 689 $(warning "BL33 image is not needed when option \ 690 PRELOADED_BL33_BASE is used and won't be added to the FIP \ 691 file.") 692 endif 693endif 694 695# When building for systems with hardware-assisted coherency, there's no need to 696# use USE_COHERENT_MEM. Require that USE_COHERENT_MEM must be set to 0 too. 697ifeq ($(HW_ASSISTED_COHERENCY)-$(USE_COHERENT_MEM),1-1) 698$(error USE_COHERENT_MEM cannot be enabled with HW_ASSISTED_COHERENCY) 699endif 700 701#For now, BL2_IN_XIP_MEM is only supported when BL2_AT_EL3 is 1. 702ifeq ($(BL2_AT_EL3)-$(BL2_IN_XIP_MEM),0-1) 703$(error "BL2_IN_XIP_MEM is only supported when BL2_AT_EL3 is enabled") 704endif 705 706# For RAS_EXTENSION, require that EAs are handled in EL3 first 707ifeq ($(RAS_EXTENSION),1) 708 ifneq ($(HANDLE_EA_EL3_FIRST),1) 709 $(error For RAS_EXTENSION, HANDLE_EA_EL3_FIRST must also be 1) 710 endif 711endif 712 713# When FAULT_INJECTION_SUPPORT is used, require that RAS_EXTENSION is enabled 714ifeq ($(FAULT_INJECTION_SUPPORT),1) 715 ifneq ($(RAS_EXTENSION),1) 716 $(error For FAULT_INJECTION_SUPPORT, RAS_EXTENSION must also be 1) 717 endif 718endif 719 720# DYN_DISABLE_AUTH can be set only when TRUSTED_BOARD_BOOT=1 721ifeq ($(DYN_DISABLE_AUTH), 1) 722 ifeq (${TRUSTED_BOARD_BOOT}, 0) 723 $(error "TRUSTED_BOARD_BOOT must be enabled for DYN_DISABLE_AUTH to be set.") 724 endif 725endif 726 727ifneq ($(filter 1,${MEASURED_BOOT} ${TRUSTED_BOARD_BOOT}),) 728 CRYPTO_SUPPORT := 1 729else 730 CRYPTO_SUPPORT := 0 731endif 732 733# SDEI_IN_FCONF is only supported when SDEI_SUPPORT is enabled. 734ifeq ($(SDEI_SUPPORT)-$(SDEI_IN_FCONF),0-1) 735$(error "SDEI_IN_FCONF is only supported when SDEI_SUPPORT is enabled") 736endif 737 738# If pointer authentication is used in the firmware, make sure that all the 739# registers associated to it are also saved and restored. 740# Not doing it would leak the value of the keys used by EL3 to EL1 and S-EL1. 741ifeq ($(ENABLE_PAUTH),1) 742 ifeq ($(CTX_INCLUDE_PAUTH_REGS),0) 743 $(error Pointer Authentication requires CTX_INCLUDE_PAUTH_REGS=1) 744 endif 745endif 746 747ifeq ($(CTX_INCLUDE_PAUTH_REGS),1) 748 ifneq (${ARCH},aarch64) 749 $(error CTX_INCLUDE_PAUTH_REGS requires AArch64) 750 endif 751endif 752 753ifeq ($(CTX_INCLUDE_MTE_REGS),1) 754 ifneq (${ARCH},aarch64) 755 $(error CTX_INCLUDE_MTE_REGS requires AArch64) 756 endif 757endif 758 759ifeq ($(PSA_FWU_SUPPORT),1) 760 $(info PSA_FWU_SUPPORT is an experimental feature) 761endif 762 763ifeq ($(FEATURE_DETECTION),1) 764 $(info FEATURE_DETECTION is an experimental feature) 765endif 766 767ifeq (${ARM_XLAT_TABLES_LIB_V1}, 1) 768 ifeq (${ALLOW_RO_XLAT_TABLES}, 1) 769 $(error "ALLOW_RO_XLAT_TABLES requires translation tables library v2") 770 endif 771endif 772 773ifneq (${DECRYPTION_SUPPORT},none) 774 ifeq (${TRUSTED_BOARD_BOOT}, 0) 775 $(error TRUSTED_BOARD_BOOT must be enabled for DECRYPTION_SUPPORT to be set) 776 endif 777endif 778 779# Ensure that no Aarch64-only features are enabled in Aarch32 build 780ifeq (${ARCH},aarch32) 781 782 # SME/SVE only supported on AArch64 783 ifeq (${ENABLE_SME_FOR_NS},1) 784 $(error "ENABLE_SME_FOR_NS cannot be used with ARCH=aarch32") 785 endif 786 ifeq (${ENABLE_SVE_FOR_NS},1) 787 # Warning instead of error due to CI dependency on this 788 $(error "ENABLE_SVE_FOR_NS cannot be used with ARCH=aarch32") 789 endif 790 791 # BRBE is not supported in AArch32 792 ifeq (${ENABLE_BRBE_FOR_NS},1) 793 $(error "ENABLE_BRBE_FOR_NS cannot be used with ARCH=aarch32") 794 endif 795 796 # FEAT_RNG_TRAP is not supported in AArch32 797 ifeq (${ENABLE_FEAT_RNG_TRAP},1) 798 $(error "ENABLE_FEAT_RNG_TRAP cannot be used with ARCH=aarch32") 799 endif 800endif 801 802# Ensure ENABLE_RME is not used with SME 803ifeq (${ENABLE_RME},1) 804 ifeq (${ENABLE_SME_FOR_NS},1) 805 $(error "ENABLE_SME_FOR_NS cannot be used with ENABLE_RME") 806 endif 807endif 808 809# Secure SME/SVE requires the non-secure component as well 810ifeq (${ENABLE_SME_FOR_SWD},1) 811 ifeq (${ENABLE_SME_FOR_NS},0) 812 $(error "ENABLE_SME_FOR_SWD requires ENABLE_SME_FOR_NS") 813 endif 814endif 815ifeq (${ENABLE_SVE_FOR_SWD},1) 816 ifeq (${ENABLE_SVE_FOR_NS},0) 817 $(error "ENABLE_SVE_FOR_SWD requires ENABLE_SVE_FOR_NS") 818 endif 819endif 820 821# SVE and SME cannot be used with CTX_INCLUDE_FPREGS since secure manager does 822# its own context management including FPU registers. 823ifeq (${CTX_INCLUDE_FPREGS},1) 824 ifeq (${ENABLE_SME_FOR_NS},1) 825 $(error "ENABLE_SME_FOR_NS cannot be used with CTX_INCLUDE_FPREGS") 826 endif 827 ifeq (${ENABLE_SVE_FOR_NS},1) 828 # Warning instead of error due to CI dependency on this 829 $(warning "ENABLE_SVE_FOR_NS cannot be used with CTX_INCLUDE_FPREGS") 830 $(warning "Forced ENABLE_SVE_FOR_NS=0") 831 override ENABLE_SVE_FOR_NS := 0 832 endif 833endif 834 835ifeq ($(DRTM_SUPPORT),1) 836 $(info DRTM_SUPPORT is an experimental feature) 837endif 838 839################################################################################ 840# Process platform overrideable behaviour 841################################################################################ 842 843ifdef BL1_SOURCES 844NEED_BL1 := yes 845endif 846 847ifdef BL2_SOURCES 848 NEED_BL2 := yes 849 850 # Using BL2 implies that a BL33 image also needs to be supplied for the FIP and 851 # Certificate generation tools. This flag can be overridden by the platform. 852 ifdef EL3_PAYLOAD_BASE 853 # If booting an EL3 payload there is no need for a BL33 image 854 # in the FIP file. 855 NEED_BL33 := no 856 else 857 ifdef PRELOADED_BL33_BASE 858 # If booting a BL33 preloaded image there is no need of 859 # another one in the FIP file. 860 NEED_BL33 := no 861 else 862 NEED_BL33 ?= yes 863 endif 864 endif 865endif 866 867ifdef BL2U_SOURCES 868NEED_BL2U := yes 869endif 870 871# If SCP_BL2 is given, we always want FIP to include it. 872ifdef SCP_BL2 873 NEED_SCP_BL2 := yes 874endif 875 876# For AArch32, BL31 is not currently supported. 877ifneq (${ARCH},aarch32) 878 ifdef BL31_SOURCES 879 # When booting an EL3 payload, there is no need to compile the BL31 image nor 880 # put it in the FIP. 881 ifndef EL3_PAYLOAD_BASE 882 NEED_BL31 := yes 883 endif 884 endif 885endif 886 887# Process TBB related flags 888ifneq (${GENERATE_COT},0) 889 # Common cert_create options 890 ifneq (${CREATE_KEYS},0) 891 $(eval CRT_ARGS += -n) 892 $(eval FWU_CRT_ARGS += -n) 893 ifneq (${SAVE_KEYS},0) 894 $(eval CRT_ARGS += -k) 895 $(eval FWU_CRT_ARGS += -k) 896 endif 897 endif 898 # Include TBBR makefile (unless the platform indicates otherwise) 899 ifeq (${INCLUDE_TBBR_MK},1) 900 include make_helpers/tbbr/tbbr_tools.mk 901 endif 902endif 903 904ifneq (${FIP_ALIGN},0) 905FIP_ARGS += --align ${FIP_ALIGN} 906endif 907 908ifdef FDT_SOURCES 909NEED_FDT := yes 910endif 911 912################################################################################ 913# Include libraries' Makefile that are used in all BL 914################################################################################ 915 916include lib/stack_protector/stack_protector.mk 917 918################################################################################ 919# Auxiliary tools (fiptool, cert_create, etc) 920################################################################################ 921 922# Variables for use with Certificate Generation Tool 923CRTTOOLPATH ?= tools/cert_create 924CRTTOOL ?= ${CRTTOOLPATH}/cert_create${BIN_EXT} 925 926# Variables for use with Firmware Encryption Tool 927ENCTOOLPATH ?= tools/encrypt_fw 928ENCTOOL ?= ${ENCTOOLPATH}/encrypt_fw${BIN_EXT} 929 930# Variables for use with Firmware Image Package 931FIPTOOLPATH ?= tools/fiptool 932FIPTOOL ?= ${FIPTOOLPATH}/fiptool${BIN_EXT} 933 934# Variables for use with sptool 935SPTOOLPATH ?= tools/sptool 936SPTOOL ?= ${SPTOOLPATH}/sptool.py 937SP_MK_GEN ?= ${SPTOOLPATH}/sp_mk_generator.py 938 939# Variables for use with ROMLIB 940ROMLIBPATH ?= lib/romlib 941 942# Variable for use with Python 943PYTHON ?= python3 944 945# Variables for use with PRINT_MEMORY_MAP 946PRINT_MEMORY_MAP_PATH ?= tools/memory 947PRINT_MEMORY_MAP ?= ${PRINT_MEMORY_MAP_PATH}/print_memory_map.py 948 949# Variables for use with documentation build using Sphinx tool 950DOCS_PATH ?= docs 951 952# Defination of SIMICS flag 953SIMICS_BUILD ?= 0 954 955################################################################################ 956# Include BL specific makefiles 957################################################################################ 958 959ifeq (${NEED_BL1},yes) 960include bl1/bl1.mk 961endif 962 963ifeq (${NEED_BL2},yes) 964include bl2/bl2.mk 965endif 966 967ifeq (${NEED_BL2U},yes) 968include bl2u/bl2u.mk 969endif 970 971ifeq (${NEED_BL31},yes) 972include bl31/bl31.mk 973endif 974 975################################################################################ 976# Build options checks 977################################################################################ 978 979$(eval $(call assert_booleans,\ 980 $(sort \ 981 ALLOW_RO_XLAT_TABLES \ 982 BL2_ENABLE_SP_LOAD \ 983 COLD_BOOT_SINGLE_CPU \ 984 CREATE_KEYS \ 985 CTX_INCLUDE_AARCH32_REGS \ 986 CTX_INCLUDE_FPREGS \ 987 CTX_INCLUDE_EL2_REGS \ 988 DEBUG \ 989 DISABLE_MTPMU \ 990 DYN_DISABLE_AUTH \ 991 EL3_EXCEPTION_HANDLING \ 992 ENABLE_AMU \ 993 ENABLE_AMU_AUXILIARY_COUNTERS \ 994 ENABLE_AMU_FCONF \ 995 AMU_RESTRICT_COUNTERS \ 996 ENABLE_ASSERTIONS \ 997 ENABLE_PIE \ 998 ENABLE_PMF \ 999 ENABLE_PSCI_STAT \ 1000 ENABLE_RUNTIME_INSTRUMENTATION \ 1001 ENABLE_SME_FOR_NS \ 1002 ENABLE_SME_FOR_SWD \ 1003 ENABLE_SPE_FOR_LOWER_ELS \ 1004 ENABLE_SVE_FOR_NS \ 1005 ENABLE_SVE_FOR_SWD \ 1006 ERROR_DEPRECATED \ 1007 FAULT_INJECTION_SUPPORT \ 1008 GENERATE_COT \ 1009 GICV2_G0_FOR_EL3 \ 1010 HANDLE_EA_EL3_FIRST \ 1011 HW_ASSISTED_COHERENCY \ 1012 INVERTED_MEMMAP \ 1013 MEASURED_BOOT \ 1014 DRTM_SUPPORT \ 1015 NS_TIMER_SWITCH \ 1016 OVERRIDE_LIBC \ 1017 PL011_GENERIC_UART \ 1018 PLAT_RSS_NOT_SUPPORTED \ 1019 PROGRAMMABLE_RESET_ADDRESS \ 1020 PSCI_EXTENDED_STATE_ID \ 1021 RESET_TO_BL31 \ 1022 RESET_TO_BL31_WITH_PARAMS \ 1023 SAVE_KEYS \ 1024 SEPARATE_CODE_AND_RODATA \ 1025 SEPARATE_BL2_NOLOAD_REGION \ 1026 SEPARATE_NOBITS_REGION \ 1027 SPIN_ON_BL1_EXIT \ 1028 SPM_MM \ 1029 SPMC_AT_EL3 \ 1030 SPMD_SPM_AT_SEL2 \ 1031 TRUSTED_BOARD_BOOT \ 1032 CRYPTO_SUPPORT \ 1033 USE_COHERENT_MEM \ 1034 USE_DEBUGFS \ 1035 ARM_IO_IN_DTB \ 1036 SDEI_IN_FCONF \ 1037 SEC_INT_DESC_IN_FCONF \ 1038 USE_ROMLIB \ 1039 USE_TBBR_DEFS \ 1040 WARMBOOT_ENABLE_DCACHE_EARLY \ 1041 BL2_AT_EL3 \ 1042 BL2_IN_XIP_MEM \ 1043 BL2_INV_DCACHE \ 1044 USE_SPINLOCK_CAS \ 1045 ENCRYPT_BL31 \ 1046 ENCRYPT_BL32 \ 1047 ERRATA_SPECULATIVE_AT \ 1048 RAS_TRAP_LOWER_EL_ERR_ACCESS \ 1049 COT_DESC_IN_DTB \ 1050 USE_SP804_TIMER \ 1051 PSA_FWU_SUPPORT \ 1052 ENABLE_SYS_REG_TRACE_FOR_NS \ 1053 ENABLE_MPMM \ 1054 ENABLE_MPMM_FCONF \ 1055 SIMICS_BUILD \ 1056 FEATURE_DETECTION \ 1057))) 1058 1059$(eval $(call assert_numerics,\ 1060 $(sort \ 1061 ARM_ARCH_MAJOR \ 1062 ARM_ARCH_MINOR \ 1063 BRANCH_PROTECTION \ 1064 CTX_INCLUDE_PAUTH_REGS \ 1065 CTX_INCLUDE_MTE_REGS \ 1066 CTX_INCLUDE_NEVE_REGS \ 1067 ENABLE_BRBE_FOR_NS \ 1068 ENABLE_TRBE_FOR_NS \ 1069 ENABLE_BTI \ 1070 ENABLE_PAUTH \ 1071 ENABLE_FEAT_AMUv1 \ 1072 ENABLE_FEAT_AMUv1p1 \ 1073 ENABLE_FEAT_CSV2_2 \ 1074 ENABLE_FEAT_DIT \ 1075 ENABLE_FEAT_ECV \ 1076 ENABLE_FEAT_FGT \ 1077 ENABLE_FEAT_HCX \ 1078 ENABLE_FEAT_PAN \ 1079 ENABLE_FEAT_RNG \ 1080 ENABLE_FEAT_RNG_TRAP \ 1081 ENABLE_FEAT_SB \ 1082 ENABLE_FEAT_SEL2 \ 1083 ENABLE_FEAT_VHE \ 1084 ENABLE_MPAM_FOR_LOWER_ELS \ 1085 ENABLE_RME \ 1086 ENABLE_TRF_FOR_NS \ 1087 FW_ENC_STATUS \ 1088 NR_OF_FW_BANKS \ 1089 NR_OF_IMAGES_IN_FW_BANK \ 1090 RAS_EXTENSION \ 1091 TWED_DELAY \ 1092 ENABLE_FEAT_TWED \ 1093))) 1094 1095ifdef KEY_SIZE 1096 $(eval $(call assert_numeric,KEY_SIZE)) 1097endif 1098 1099ifeq ($(filter $(SANITIZE_UB), on off trap),) 1100 $(error "Invalid value for SANITIZE_UB: can be one of on, off, trap") 1101endif 1102 1103################################################################################ 1104# Add definitions to the cpp preprocessor based on the current build options. 1105# This is done after including the platform specific makefile to allow the 1106# platform to overwrite the default options 1107################################################################################ 1108 1109$(eval $(call add_defines,\ 1110 $(sort \ 1111 ALLOW_RO_XLAT_TABLES \ 1112 ARM_ARCH_MAJOR \ 1113 ARM_ARCH_MINOR \ 1114 BL2_ENABLE_SP_LOAD \ 1115 COLD_BOOT_SINGLE_CPU \ 1116 CTX_INCLUDE_AARCH32_REGS \ 1117 CTX_INCLUDE_FPREGS \ 1118 CTX_INCLUDE_PAUTH_REGS \ 1119 EL3_EXCEPTION_HANDLING \ 1120 CTX_INCLUDE_MTE_REGS \ 1121 CTX_INCLUDE_EL2_REGS \ 1122 CTX_INCLUDE_NEVE_REGS \ 1123 DECRYPTION_SUPPORT_${DECRYPTION_SUPPORT} \ 1124 DISABLE_MTPMU \ 1125 ENABLE_AMU \ 1126 ENABLE_AMU_AUXILIARY_COUNTERS \ 1127 ENABLE_AMU_FCONF \ 1128 AMU_RESTRICT_COUNTERS \ 1129 ENABLE_ASSERTIONS \ 1130 ENABLE_BTI \ 1131 ENABLE_MPAM_FOR_LOWER_ELS \ 1132 ENABLE_PAUTH \ 1133 ENABLE_PIE \ 1134 ENABLE_PMF \ 1135 ENABLE_PSCI_STAT \ 1136 ENABLE_RME \ 1137 ENABLE_RUNTIME_INSTRUMENTATION \ 1138 ENABLE_SME_FOR_NS \ 1139 ENABLE_SME_FOR_SWD \ 1140 ENABLE_SPE_FOR_LOWER_ELS \ 1141 ENABLE_SVE_FOR_NS \ 1142 ENABLE_SVE_FOR_SWD \ 1143 ENCRYPT_BL31 \ 1144 ENCRYPT_BL32 \ 1145 ERROR_DEPRECATED \ 1146 FAULT_INJECTION_SUPPORT \ 1147 GICV2_G0_FOR_EL3 \ 1148 HANDLE_EA_EL3_FIRST \ 1149 HW_ASSISTED_COHERENCY \ 1150 LOG_LEVEL \ 1151 MEASURED_BOOT \ 1152 DRTM_SUPPORT \ 1153 NS_TIMER_SWITCH \ 1154 PL011_GENERIC_UART \ 1155 PLAT_${PLAT} \ 1156 PLAT_RSS_NOT_SUPPORTED \ 1157 PROGRAMMABLE_RESET_ADDRESS \ 1158 PSCI_EXTENDED_STATE_ID \ 1159 RAS_EXTENSION \ 1160 RESET_TO_BL31 \ 1161 RESET_TO_BL31_WITH_PARAMS \ 1162 SEPARATE_CODE_AND_RODATA \ 1163 SEPARATE_BL2_NOLOAD_REGION \ 1164 SEPARATE_NOBITS_REGION \ 1165 RECLAIM_INIT_CODE \ 1166 SPD_${SPD} \ 1167 SPIN_ON_BL1_EXIT \ 1168 SPM_MM \ 1169 SPMC_AT_EL3 \ 1170 SPMD_SPM_AT_SEL2 \ 1171 TRUSTED_BOARD_BOOT \ 1172 CRYPTO_SUPPORT \ 1173 TRNG_SUPPORT \ 1174 USE_COHERENT_MEM \ 1175 USE_DEBUGFS \ 1176 ARM_IO_IN_DTB \ 1177 SDEI_IN_FCONF \ 1178 SEC_INT_DESC_IN_FCONF \ 1179 USE_ROMLIB \ 1180 USE_TBBR_DEFS \ 1181 WARMBOOT_ENABLE_DCACHE_EARLY \ 1182 BL2_AT_EL3 \ 1183 BL2_IN_XIP_MEM \ 1184 BL2_INV_DCACHE \ 1185 USE_SPINLOCK_CAS \ 1186 ERRATA_SPECULATIVE_AT \ 1187 RAS_TRAP_LOWER_EL_ERR_ACCESS \ 1188 COT_DESC_IN_DTB \ 1189 USE_SP804_TIMER \ 1190 ENABLE_FEAT_RNG \ 1191 ENABLE_FEAT_RNG_TRAP \ 1192 ENABLE_FEAT_SB \ 1193 ENABLE_FEAT_DIT \ 1194 NR_OF_FW_BANKS \ 1195 NR_OF_IMAGES_IN_FW_BANK \ 1196 PSA_FWU_SUPPORT \ 1197 ENABLE_BRBE_FOR_NS \ 1198 ENABLE_TRBE_FOR_NS \ 1199 ENABLE_SYS_REG_TRACE_FOR_NS \ 1200 ENABLE_TRF_FOR_NS \ 1201 ENABLE_FEAT_HCX \ 1202 ENABLE_MPMM \ 1203 ENABLE_MPMM_FCONF \ 1204 ENABLE_FEAT_FGT \ 1205 ENABLE_FEAT_AMUv1 \ 1206 ENABLE_FEAT_ECV \ 1207 SIMICS_BUILD \ 1208 ENABLE_FEAT_AMUv1p1 \ 1209 ENABLE_FEAT_SEL2 \ 1210 ENABLE_FEAT_VHE \ 1211 ENABLE_FEAT_CSV2_2 \ 1212 ENABLE_FEAT_PAN \ 1213 FEATURE_DETECTION \ 1214 TWED_DELAY \ 1215 ENABLE_FEAT_TWED \ 1216))) 1217 1218ifeq (${SANITIZE_UB},trap) 1219 $(eval $(call add_define,MONITOR_TRAPS)) 1220endif 1221 1222# Define the EL3_PAYLOAD_BASE flag only if it is provided. 1223ifdef EL3_PAYLOAD_BASE 1224 $(eval $(call add_define,EL3_PAYLOAD_BASE)) 1225else 1226 # Define the PRELOADED_BL33_BASE flag only if it is provided and 1227 # EL3_PAYLOAD_BASE is not defined, as it has priority. 1228 ifdef PRELOADED_BL33_BASE 1229 $(eval $(call add_define,PRELOADED_BL33_BASE)) 1230 endif 1231endif 1232 1233# Define the DYN_DISABLE_AUTH flag only if set. 1234ifeq (${DYN_DISABLE_AUTH},1) 1235$(eval $(call add_define,DYN_DISABLE_AUTH)) 1236endif 1237 1238ifneq ($(findstring armlink,$(notdir $(LD))),) 1239$(eval $(call add_define,USE_ARM_LINK)) 1240endif 1241 1242# Generate and include sp_gen.mk if SPD is spmd and SP_LAYOUT_FILE is defined 1243ifeq (${SPD},spmd) 1244ifdef SP_LAYOUT_FILE 1245 -include $(BUILD_PLAT)/sp_gen.mk 1246 FIP_DEPS += sp 1247 CRT_DEPS += sp 1248 NEED_SP_PKG := yes 1249else 1250 ifeq (${SPMD_SPM_AT_SEL2},1) 1251 $(error "SPMD with SPM at S-EL2 require SP_LAYOUT_FILE") 1252 endif 1253endif 1254endif 1255 1256################################################################################ 1257# Build targets 1258################################################################################ 1259 1260.PHONY: all msg_start clean realclean distclean cscope locate-checkpatch checkcodebase checkpatch fiptool sptool fip sp fwu_fip certtool dtbs memmap doc enctool 1261.SUFFIXES: 1262 1263all: msg_start 1264 1265msg_start: 1266 @echo "Building ${PLAT}" 1267 1268ifeq (${ERROR_DEPRECATED},0) 1269# Check if deprecated declarations and cpp warnings should be treated as error or not. 1270ifneq ($(findstring clang,$(notdir $(CC))),) 1271 CPPFLAGS += -Wno-error=deprecated-declarations 1272else 1273 CPPFLAGS += -Wno-error=deprecated-declarations -Wno-error=cpp 1274endif 1275endif # !ERROR_DEPRECATED 1276 1277$(eval $(call MAKE_LIB_DIRS)) 1278$(eval $(call MAKE_LIB,c)) 1279 1280# Expand build macros for the different images 1281ifeq (${NEED_BL1},yes) 1282BL1_SOURCES := $(sort ${BL1_SOURCES}) 1283 1284$(eval $(call MAKE_BL,bl1)) 1285endif 1286 1287ifeq (${NEED_BL2},yes) 1288ifeq (${BL2_AT_EL3}, 0) 1289FIP_BL2_ARGS := tb-fw 1290endif 1291 1292BL2_SOURCES := $(sort ${BL2_SOURCES}) 1293 1294$(if ${BL2}, $(eval $(call TOOL_ADD_IMG,bl2,--${FIP_BL2_ARGS})),\ 1295 $(eval $(call MAKE_BL,bl2,${FIP_BL2_ARGS}))) 1296endif 1297 1298ifeq (${NEED_SCP_BL2},yes) 1299$(eval $(call TOOL_ADD_IMG,scp_bl2,--scp-fw)) 1300endif 1301 1302ifeq (${NEED_BL31},yes) 1303BL31_SOURCES += ${SPD_SOURCES} 1304# Sort BL31 source files to remove duplicates 1305BL31_SOURCES := $(sort ${BL31_SOURCES}) 1306ifneq (${DECRYPTION_SUPPORT},none) 1307$(if ${BL31}, $(eval $(call TOOL_ADD_IMG,bl31,--soc-fw,,$(ENCRYPT_BL31))),\ 1308 $(eval $(call MAKE_BL,bl31,soc-fw,,$(ENCRYPT_BL31)))) 1309else 1310$(if ${BL31}, $(eval $(call TOOL_ADD_IMG,bl31,--soc-fw)),\ 1311 $(eval $(call MAKE_BL,bl31,soc-fw))) 1312endif 1313endif 1314 1315# If a BL32 image is needed but neither BL32 nor BL32_SOURCES is defined, the 1316# build system will call TOOL_ADD_IMG to print a warning message and abort the 1317# process. Note that the dependency on BL32 applies to the FIP only. 1318ifeq (${NEED_BL32},yes) 1319# Sort BL32 source files to remove duplicates 1320BL32_SOURCES := $(sort ${BL32_SOURCES}) 1321BUILD_BL32 := $(if $(BL32),,$(if $(BL32_SOURCES),1)) 1322 1323ifneq (${DECRYPTION_SUPPORT},none) 1324$(if ${BUILD_BL32}, $(eval $(call MAKE_BL,bl32,tos-fw,,$(ENCRYPT_BL32))),\ 1325 $(eval $(call TOOL_ADD_IMG,bl32,--tos-fw,,$(ENCRYPT_BL32)))) 1326else 1327$(if ${BUILD_BL32}, $(eval $(call MAKE_BL,bl32,tos-fw)),\ 1328 $(eval $(call TOOL_ADD_IMG,bl32,--tos-fw))) 1329endif 1330endif 1331 1332# If RMM image is needed but RMM is not defined, Test Realm Payload (TRP) 1333# needs to be built from RMM_SOURCES. 1334ifeq (${NEED_RMM},yes) 1335# Sort RMM source files to remove duplicates 1336RMM_SOURCES := $(sort ${RMM_SOURCES}) 1337BUILD_RMM := $(if $(RMM),,$(if $(RMM_SOURCES),1)) 1338 1339$(if ${BUILD_RMM}, $(eval $(call MAKE_BL,rmm,rmm-fw)),\ 1340 $(eval $(call TOOL_ADD_IMG,rmm,--rmm-fw))) 1341endif 1342 1343# Add the BL33 image if required by the platform 1344ifeq (${NEED_BL33},yes) 1345$(eval $(call TOOL_ADD_IMG,bl33,--nt-fw)) 1346endif 1347 1348ifeq (${NEED_BL2U},yes) 1349$(if ${BL2U}, $(eval $(call TOOL_ADD_IMG,bl2u,--ap-fwu-cfg,FWU_)),\ 1350 $(eval $(call MAKE_BL,bl2u,ap-fwu-cfg,FWU_))) 1351endif 1352 1353# Expand build macros for the different images 1354ifeq (${NEED_FDT},yes) 1355 $(eval $(call MAKE_DTBS,$(BUILD_PLAT)/fdts,$(FDT_SOURCES))) 1356endif 1357 1358# Add Secure Partition packages 1359ifeq (${NEED_SP_PKG},yes) 1360$(BUILD_PLAT)/sp_gen.mk: ${SP_MK_GEN} ${SP_LAYOUT_FILE} | ${BUILD_PLAT} 1361 ${Q}${PYTHON} "$<" "$@" $(filter-out $<,$^) $(BUILD_PLAT) ${COT} 1362sp: $(DTBS) $(BUILD_PLAT)/sp_gen.mk $(SP_PKGS) 1363 @${ECHO_BLANK_LINE} 1364 @echo "Built SP Images successfully" 1365 @${ECHO_BLANK_LINE} 1366endif 1367 1368locate-checkpatch: 1369ifndef CHECKPATCH 1370 $(error "Please set CHECKPATCH to point to the Linux checkpatch.pl file, eg: CHECKPATCH=../linux/scripts/checkpatch.pl") 1371else 1372ifeq (,$(wildcard ${CHECKPATCH})) 1373 $(error "The file CHECKPATCH points to cannot be found, use eg: CHECKPATCH=../linux/scripts/checkpatch.pl") 1374endif 1375endif 1376 1377clean: 1378 @echo " CLEAN" 1379 $(call SHELL_REMOVE_DIR,${BUILD_PLAT}) 1380ifdef UNIX_MK 1381 ${Q}${MAKE} --no-print-directory -C ${FIPTOOLPATH} clean 1382else 1383# Clear the MAKEFLAGS as we do not want 1384# to pass the gnumake flags to nmake. 1385 ${Q}set MAKEFLAGS= && ${MSVC_NMAKE} /nologo /f ${FIPTOOLPATH}/Makefile.msvc FIPTOOLPATH=$(subst /,\,$(FIPTOOLPATH)) FIPTOOL=$(subst /,\,$(FIPTOOL)) clean 1386endif 1387 ${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${CRTTOOLPATH} clean 1388 ${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${ENCTOOLPATH} clean 1389 ${Q}${MAKE} --no-print-directory -C ${ROMLIBPATH} clean 1390 1391realclean distclean: 1392 @echo " REALCLEAN" 1393 $(call SHELL_REMOVE_DIR,${BUILD_BASE}) 1394 $(call SHELL_DELETE_ALL, ${CURDIR}/cscope.*) 1395ifdef UNIX_MK 1396 ${Q}${MAKE} --no-print-directory -C ${FIPTOOLPATH} clean 1397else 1398# Clear the MAKEFLAGS as we do not want 1399# to pass the gnumake flags to nmake. 1400 ${Q}set MAKEFLAGS= && ${MSVC_NMAKE} /nologo /f ${FIPTOOLPATH}/Makefile.msvc FIPTOOLPATH=$(subst /,\,$(FIPTOOLPATH)) FIPTOOL=$(subst /,\,$(FIPTOOL)) realclean 1401endif 1402 ${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${CRTTOOLPATH} realclean 1403 ${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${ENCTOOLPATH} realclean 1404 ${Q}${MAKE} --no-print-directory -C ${ROMLIBPATH} clean 1405 1406checkcodebase: locate-checkpatch 1407 @echo " CHECKING STYLE" 1408 @if test -d .git ; then \ 1409 git ls-files | grep -E -v 'libfdt|libc|docs|\.rst' | \ 1410 while read GIT_FILE ; \ 1411 do ${CHECKPATCH} ${CHECKCODE_ARGS} -f $$GIT_FILE ; \ 1412 done ; \ 1413 else \ 1414 find . -type f -not -iwholename "*.git*" \ 1415 -not -iwholename "*build*" \ 1416 -not -iwholename "*libfdt*" \ 1417 -not -iwholename "*libc*" \ 1418 -not -iwholename "*docs*" \ 1419 -not -iwholename "*.rst" \ 1420 -exec ${CHECKPATCH} ${CHECKCODE_ARGS} -f {} \; ; \ 1421 fi 1422 1423checkpatch: locate-checkpatch 1424 @echo " CHECKING STYLE" 1425 @if test -n "${CHECKPATCH_OPTS}"; then \ 1426 echo " with ${CHECKPATCH_OPTS} option(s)"; \ 1427 fi 1428 ${Q}COMMON_COMMIT=$$(git merge-base HEAD ${BASE_COMMIT}); \ 1429 for commit in `git rev-list --no-merges $$COMMON_COMMIT..HEAD`; \ 1430 do \ 1431 printf "\n[*] Checking style of '$$commit'\n\n"; \ 1432 git log --format=email "$$commit~..$$commit" \ 1433 -- ${CHECK_PATHS} | \ 1434 ${CHECKPATCH} ${CHECKPATCH_OPTS} - || true; \ 1435 git diff --format=email "$$commit~..$$commit" \ 1436 -- ${CHECK_PATHS} | \ 1437 ${CHECKPATCH} ${CHECKPATCH_OPTS} - || true; \ 1438 done 1439 1440certtool: ${CRTTOOL} 1441 1442${CRTTOOL}: FORCE 1443 ${Q}${MAKE} PLAT=${PLAT} USE_TBBR_DEFS=${USE_TBBR_DEFS} COT=${COT} OPENSSL_DIR=${OPENSSL_DIR} CRTTOOL=${CRTTOOL} --no-print-directory -C ${CRTTOOLPATH} 1444 @${ECHO_BLANK_LINE} 1445 @echo "Built $@ successfully" 1446 @${ECHO_BLANK_LINE} 1447 1448ifneq (${GENERATE_COT},0) 1449certificates: ${CRT_DEPS} ${CRTTOOL} 1450 ${Q}${CRTTOOL} ${CRT_ARGS} 1451 @${ECHO_BLANK_LINE} 1452 @echo "Built $@ successfully" 1453 @echo "Certificates can be found in ${BUILD_PLAT}" 1454 @${ECHO_BLANK_LINE} 1455endif 1456 1457${BUILD_PLAT}/${FIP_NAME}: ${FIP_DEPS} ${FIPTOOL} 1458 $(eval ${CHECK_FIP_CMD}) 1459 ${Q}${FIPTOOL} create ${FIP_ARGS} $@ 1460 ${Q}${FIPTOOL} info $@ 1461 @${ECHO_BLANK_LINE} 1462 @echo "Built $@ successfully" 1463 @${ECHO_BLANK_LINE} 1464 1465ifneq (${GENERATE_COT},0) 1466fwu_certificates: ${FWU_CRT_DEPS} ${CRTTOOL} 1467 ${Q}${CRTTOOL} ${FWU_CRT_ARGS} 1468 @${ECHO_BLANK_LINE} 1469 @echo "Built $@ successfully" 1470 @echo "FWU certificates can be found in ${BUILD_PLAT}" 1471 @${ECHO_BLANK_LINE} 1472endif 1473 1474${BUILD_PLAT}/${FWU_FIP_NAME}: ${FWU_FIP_DEPS} ${FIPTOOL} 1475 $(eval ${CHECK_FWU_FIP_CMD}) 1476 ${Q}${FIPTOOL} create ${FWU_FIP_ARGS} $@ 1477 ${Q}${FIPTOOL} info $@ 1478 @${ECHO_BLANK_LINE} 1479 @echo "Built $@ successfully" 1480 @${ECHO_BLANK_LINE} 1481 1482fiptool: ${FIPTOOL} 1483fip: ${BUILD_PLAT}/${FIP_NAME} 1484fwu_fip: ${BUILD_PLAT}/${FWU_FIP_NAME} 1485 1486${FIPTOOL}: FORCE 1487ifdef UNIX_MK 1488 ${Q}${MAKE} CPPFLAGS="-DVERSION='\"${VERSION_STRING}\"'" FIPTOOL=${FIPTOOL} OPENSSL_DIR=${OPENSSL_DIR} --no-print-directory -C ${FIPTOOLPATH} 1489else 1490# Clear the MAKEFLAGS as we do not want 1491# to pass the gnumake flags to nmake. 1492 ${Q}set MAKEFLAGS= && ${MSVC_NMAKE} /nologo /f ${FIPTOOLPATH}/Makefile.msvc FIPTOOLPATH=$(subst /,\,$(FIPTOOLPATH)) FIPTOOL=$(subst /,\,$(FIPTOOL)) 1493endif 1494 1495romlib.bin: libraries FORCE 1496 ${Q}${MAKE} PLAT_DIR=${PLAT_DIR} BUILD_PLAT=${BUILD_PLAT} ENABLE_BTI=${ENABLE_BTI} ARM_ARCH_MINOR=${ARM_ARCH_MINOR} INCLUDES='${INCLUDES}' DEFINES='${DEFINES}' --no-print-directory -C ${ROMLIBPATH} all 1497 1498# Call print_memory_map tool 1499memmap: all 1500 ${Q}${PYTHON} ${PRINT_MEMORY_MAP} ${BUILD_PLAT} ${INVERTED_MEMMAP} 1501 1502doc: 1503 @echo " BUILD DOCUMENTATION" 1504 ${Q}${MAKE} --no-print-directory -C ${DOCS_PATH} html 1505 1506enctool: ${ENCTOOL} 1507 1508${ENCTOOL}: FORCE 1509 ${Q}${MAKE} PLAT=${PLAT} BUILD_INFO=0 OPENSSL_DIR=${OPENSSL_DIR} ENCTOOL=${ENCTOOL} --no-print-directory -C ${ENCTOOLPATH} 1510 @${ECHO_BLANK_LINE} 1511 @echo "Built $@ successfully" 1512 @${ECHO_BLANK_LINE} 1513 1514cscope: 1515 @echo " CSCOPE" 1516 ${Q}find ${CURDIR} -name "*.[chsS]" > cscope.files 1517 ${Q}cscope -b -q -k 1518 1519help: 1520 @echo "usage: ${MAKE} [PLAT=<platform>] [OPTIONS] [TARGET]" 1521 @echo "" 1522 @echo "PLAT is used to specify which platform you wish to build." 1523 @echo "If no platform is specified, PLAT defaults to: ${DEFAULT_PLAT}" 1524 @echo "" 1525 @echo "platform = ${PLATFORM_LIST}" 1526 @echo "" 1527 @echo "Please refer to the User Guide for a list of all supported options." 1528 @echo "Note that the build system doesn't track dependencies for build " 1529 @echo "options. Therefore, if any of the build options are changed " 1530 @echo "from a previous build, a clean build must be performed." 1531 @echo "" 1532 @echo "Supported Targets:" 1533 @echo " all Build all individual bootloader binaries" 1534 @echo " bl1 Build the BL1 binary" 1535 @echo " bl2 Build the BL2 binary" 1536 @echo " bl2u Build the BL2U binary" 1537 @echo " bl31 Build the BL31 binary" 1538 @echo " bl32 Build the BL32 binary. If ARCH=aarch32, then " 1539 @echo " this builds secure payload specified by AARCH32_SP" 1540 @echo " certificates Build the certificates (requires 'GENERATE_COT=1')" 1541 @echo " fip Build the Firmware Image Package (FIP)" 1542 @echo " fwu_fip Build the FWU Firmware Image Package (FIP)" 1543 @echo " checkcodebase Check the coding style of the entire source tree" 1544 @echo " checkpatch Check the coding style on changes in the current" 1545 @echo " branch against BASE_COMMIT (default origin/master)" 1546 @echo " clean Clean the build for the selected platform" 1547 @echo " cscope Generate cscope index" 1548 @echo " distclean Remove all build artifacts for all platforms" 1549 @echo " certtool Build the Certificate generation tool" 1550 @echo " enctool Build the Firmware encryption tool" 1551 @echo " fiptool Build the Firmware Image Package (FIP) creation tool" 1552 @echo " sp Build the Secure Partition Packages" 1553 @echo " sptool Build the Secure Partition Package creation tool" 1554 @echo " dtbs Build the Device Tree Blobs (if required for the platform)" 1555 @echo " memmap Print the memory map of the built binaries" 1556 @echo " doc Build html based documentation using Sphinx tool" 1557 @echo "" 1558 @echo "Note: most build targets require PLAT to be set to a specific platform." 1559 @echo "" 1560 @echo "example: build all targets for the FVP platform:" 1561 @echo " CROSS_COMPILE=aarch64-none-elf- make PLAT=fvp all" 1562 1563.PHONY: FORCE 1564FORCE:; 1565