1# 2# Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved. 3# 4# SPDX-License-Identifier: BSD-3-Clause 5# 6 7PLAT_BL_COMMON_SOURCES += drivers/arm/pl011/${ARCH}/pl011_console.S \ 8 plat/arm/board/common/${ARCH}/board_arm_helpers.S 9 10BL1_SOURCES += drivers/cfi/v2m/v2m_flash.c 11 12BL2_SOURCES += drivers/cfi/v2m/v2m_flash.c 13 14ifneq (${TRUSTED_BOARD_BOOT},0) 15ifneq (${ARM_CRYPTOCELL_INTEG}, 1) 16# ROTPK hash location 17ifeq (${ARM_ROTPK_LOCATION}, regs) 18 ARM_ROTPK_LOCATION_ID = ARM_ROTPK_REGS_ID 19else ifeq (${ARM_ROTPK_LOCATION}, devel_rsa) 20 CRYPTO_ALG=rsa 21 ARM_ROTPK_LOCATION_ID = ARM_ROTPK_DEVEL_RSA_ID 22 ARM_ROTPK_HASH = plat/arm/board/common/rotpk/arm_rotpk_rsa_sha256.bin 23$(eval $(call add_define_val,ARM_ROTPK_HASH,'"$(ARM_ROTPK_HASH)"')) 24$(BUILD_PLAT)/bl2/arm_dev_rotpk.o : $(ARM_ROTPK_HASH) 25$(warning Development keys support for FVP is deprecated. Use `regs` \ 26option instead) 27else ifeq (${ARM_ROTPK_LOCATION}, devel_ecdsa) 28 CRYPTO_ALG=ec 29 ARM_ROTPK_LOCATION_ID = ARM_ROTPK_DEVEL_ECDSA_ID 30 ARM_ROTPK_HASH = plat/arm/board/common/rotpk/arm_rotpk_ecdsa_sha256.bin 31$(eval $(call add_define_val,ARM_ROTPK_HASH,'"$(ARM_ROTPK_HASH)"')) 32$(BUILD_PLAT)/bl2/arm_dev_rotpk.o : $(ARM_ROTPK_HASH) 33$(warning Development keys support for FVP is deprecated. Use `regs` \ 34option instead) 35else 36 $(error "Unsupported ARM_ROTPK_LOCATION value") 37endif 38 39$(eval $(call add_define,ARM_ROTPK_LOCATION_ID)) 40 41# Force generation of the new hash if ROT_KEY is specified 42ifdef ROT_KEY 43 HASH_PREREQUISITES = $(ROT_KEY) FORCE 44FORCE: 45else 46 HASH_PREREQUISITES = $(ROT_KEY) 47endif 48 49$(ARM_ROTPK_HASH) : $(HASH_PREREQUISITES) 50ifndef ROT_KEY 51 $(error Cannot generate hash: no ROT_KEY defined) 52endif 53 openssl ${CRYPTO_ALG} -in $< -pubout -outform DER | openssl dgst \ 54 -sha256 -binary > $@ 55 56# Certificate NV-Counters. Use values corresponding to tied off values in 57# ARM development platforms 58TFW_NVCTR_VAL ?= 31 59NTFW_NVCTR_VAL ?= 223 60else 61# Certificate NV-Counters when CryptoCell is integrated. For development 62# platforms we set the counter to first valid value. 63TFW_NVCTR_VAL ?= 0 64NTFW_NVCTR_VAL ?= 0 65endif 66BL1_SOURCES += plat/arm/board/common/board_arm_trusted_boot.c \ 67 plat/arm/board/common/rotpk/arm_dev_rotpk.S 68BL2_SOURCES += plat/arm/board/common/board_arm_trusted_boot.c \ 69 plat/arm/board/common/rotpk/arm_dev_rotpk.S 70 71# Allows platform code to provide implementation variants depending on the 72# selected chain of trust. 73$(eval $(call add_define,ARM_COT_${COT})) 74 75ifeq (${COT},dualroot) 76# Platform Root of Trust key files. 77ARM_PROT_KEY := plat/arm/board/common/protpk/arm_protprivk_rsa.pem 78ARM_PROTPK_HASH := plat/arm/board/common/protpk/arm_protpk_rsa_sha256.bin 79 80# Provide the private key to cert_create tool. It needs it to sign the images. 81PROT_KEY := ${ARM_PROT_KEY} 82 83$(eval $(call add_define_val,ARM_PROTPK_HASH,'"$(ARM_PROTPK_HASH)"')) 84 85BL1_SOURCES += plat/arm/board/common/protpk/arm_dev_protpk.S 86BL2_SOURCES += plat/arm/board/common/protpk/arm_dev_protpk.S 87 88$(BUILD_PLAT)/bl1/arm_dev_protpk.o: $(ARM_PROTPK_HASH) 89$(BUILD_PLAT)/bl2/arm_dev_protpk.o: $(ARM_PROTPK_HASH) 90endif 91 92endif 93