1# 2# Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved. 3# 4# SPDX-License-Identifier: BSD-3-Clause 5# 6 7PLAT_BL_COMMON_SOURCES += drivers/arm/pl011/${ARCH}/pl011_console.S \ 8 plat/arm/board/common/${ARCH}/board_arm_helpers.S 9 10BL1_SOURCES += drivers/cfi/v2m/v2m_flash.c 11 12BL2_SOURCES += drivers/cfi/v2m/v2m_flash.c 13 14ifneq (${TRUSTED_BOARD_BOOT},0) 15ARM_ROTPK_S = plat/arm/board/common/rotpk/arm_dev_rotpk.S 16ifneq (${ARM_CRYPTOCELL_INTEG}, 1) 17# ROTPK hash location 18ifeq (${ARM_ROTPK_LOCATION}, regs) 19 ARM_ROTPK_LOCATION_ID = ARM_ROTPK_REGS_ID 20else ifeq (${ARM_ROTPK_LOCATION}, devel_rsa) 21 CRYPTO_ALG=rsa 22 ARM_ROTPK_LOCATION_ID = ARM_ROTPK_DEVEL_RSA_ID 23 ARM_ROTPK_HASH = plat/arm/board/common/rotpk/arm_rotpk_rsa_sha256.bin 24$(eval $(call add_define_val,ARM_ROTPK_HASH,'"$(ARM_ROTPK_HASH)"')) 25$(BUILD_PLAT)/bl2/arm_dev_rotpk.o : $(ARM_ROTPK_HASH) 26$(warning Development keys support for FVP is deprecated. Use `regs` \ 27option instead) 28else ifeq (${ARM_ROTPK_LOCATION}, devel_ecdsa) 29 CRYPTO_ALG=ec 30 ARM_ROTPK_LOCATION_ID = ARM_ROTPK_DEVEL_ECDSA_ID 31 ARM_ROTPK_HASH = plat/arm/board/common/rotpk/arm_rotpk_ecdsa_sha256.bin 32$(eval $(call add_define_val,ARM_ROTPK_HASH,'"$(ARM_ROTPK_HASH)"')) 33$(BUILD_PLAT)/bl2/arm_dev_rotpk.o : $(ARM_ROTPK_HASH) 34$(warning Development keys support for FVP is deprecated. Use `regs` \ 35option instead) 36else ifeq (${ARM_ROTPK_LOCATION}, devel_full_dev_rsa_key) 37 CRYPTO_ALG=rsa 38 ARM_ROTPK_LOCATION_ID = ARM_ROTPK_DEVEL_FULL_DEV_RSA_KEY_ID 39 ARM_ROTPK_S = plat/arm/board/common/rotpk/arm_full_dev_rsa_rotpk.S 40$(warning Development keys support for FVP is deprecated. Use `regs` \ 41option instead) 42else ifeq (${ARM_ROTPK_LOCATION}, devel_full_dev_ecdsa_key) 43 CRYPTO_ALG=ec 44 ARM_ROTPK_LOCATION_ID = ARM_ROTPK_DEVEL_FULL_DEV_ECDSA_KEY_ID 45ifeq (${KEY_SIZE},384) 46 ARM_ROTPK_S = plat/arm/board/common/rotpk/arm_full_dev_ecdsa_p384_rotpk.S 47else 48 ARM_ROTPK_S = plat/arm/board/common/rotpk/arm_full_dev_ecdsa_p256_rotpk.S 49endif 50$(warning Development keys support for FVP is deprecated. Use `regs` \ 51option instead) 52else 53$(error "Unsupported ARM_ROTPK_LOCATION value") 54endif 55 56$(eval $(call add_define,ARM_ROTPK_LOCATION_ID)) 57 58ifeq (${ENABLE_RME}, 1) 59COT := cca 60endif 61 62# Force generation of the new hash if ROT_KEY is specified 63ifdef ROT_KEY 64 HASH_PREREQUISITES = $(ROT_KEY) FORCE 65endif 66 67$(ARM_ROTPK_HASH) : $(HASH_PREREQUISITES) 68ifndef ROT_KEY 69 $(error Cannot generate hash: no ROT_KEY defined) 70endif 71 ${OPENSSL_BIN_PATH}/openssl ${CRYPTO_ALG} -in $< -pubout -outform DER | \ 72 ${OPENSSL_BIN_PATH}/openssl dgst -sha256 -binary > $@ 73 74# Certificate NV-Counters. Use values corresponding to tied off values in 75# ARM development platforms 76TFW_NVCTR_VAL ?= 31 77NTFW_NVCTR_VAL ?= 223 78# The CCA Non-Volatile Counter only exists on some Arm development platforms. 79# On others, we mock it by aliasing it to the Trusted Firmware Non-Volatile counter, 80# hence we set both counters to the same default value. 81CCAFW_NVCTR_VAL ?= 31 82else 83# Certificate NV-Counters when CryptoCell is integrated. For development 84# platforms we set the counter to first valid value. 85TFW_NVCTR_VAL ?= 0 86NTFW_NVCTR_VAL ?= 0 87CCAFW_NVCTR_VAL ?= 0 88endif 89BL1_SOURCES += plat/arm/board/common/board_arm_trusted_boot.c \ 90 ${ARM_ROTPK_S} 91BL2_SOURCES += plat/arm/board/common/board_arm_trusted_boot.c \ 92 ${ARM_ROTPK_S} 93 94# Allows platform code to provide implementation variants depending on the 95# selected chain of trust. 96$(eval $(call add_define,ARM_COT_${COT})) 97 98ifeq (${COT},dualroot) 99# Platform Root of Trust key files. 100ARM_PROT_KEY := plat/arm/board/common/protpk/arm_protprivk_rsa.pem 101ARM_PROTPK_HASH := plat/arm/board/common/protpk/arm_protpk_rsa_sha256.bin 102 103# Provide the private key to cert_create tool. It needs it to sign the images. 104PROT_KEY := ${ARM_PROT_KEY} 105 106$(eval $(call add_define_val,ARM_PROTPK_HASH,'"$(ARM_PROTPK_HASH)"')) 107 108BL1_SOURCES += plat/arm/board/common/protpk/arm_dev_protpk.S 109BL2_SOURCES += plat/arm/board/common/protpk/arm_dev_protpk.S 110 111$(BUILD_PLAT)/bl1/arm_dev_protpk.o: $(ARM_PROTPK_HASH) 112$(BUILD_PLAT)/bl2/arm_dev_protpk.o: $(ARM_PROTPK_HASH) 113endif 114 115ifeq (${COT},cca) 116# Platform and Secure World Root of Trust key files. 117ARM_PROT_KEY := plat/arm/board/common/protpk/arm_protprivk_rsa.pem 118ARM_PROTPK_HASH := plat/arm/board/common/protpk/arm_protpk_rsa_sha256.bin 119ARM_SWD_ROT_KEY := plat/arm/board/common/swd_rotpk/arm_swd_rotprivk_rsa.pem 120ARM_SWD_ROTPK_HASH := plat/arm/board/common/swd_rotpk/arm_swd_rotpk_rsa_sha256.bin 121 122# Provide the private keys to cert_create tool. It needs them to sign the images. 123PROT_KEY := ${ARM_PROT_KEY} 124SWD_ROT_KEY := ${ARM_SWD_ROT_KEY} 125 126$(eval $(call add_define_val,ARM_PROTPK_HASH,'"$(ARM_PROTPK_HASH)"')) 127$(eval $(call add_define_val,ARM_SWD_ROTPK_HASH,'"$(ARM_SWD_ROTPK_HASH)"')) 128 129BL1_SOURCES += plat/arm/board/common/protpk/arm_dev_protpk.S \ 130 plat/arm/board/common/swd_rotpk/arm_dev_swd_rotpk.S 131BL2_SOURCES += plat/arm/board/common/protpk/arm_dev_protpk.S \ 132 plat/arm/board/common/swd_rotpk/arm_dev_swd_rotpk.S 133 134$(BUILD_PLAT)/bl1/arm_dev_protpk.o: $(ARM_PROTPK_HASH) 135$(BUILD_PLAT)/bl1/arm_dev_swd_rotpk.o: $(ARM_SWD_ROTPK_HASH) 136$(BUILD_PLAT)/bl2/arm_dev_protpk.o: $(ARM_PROTPK_HASH) 137$(BUILD_PLAT)/bl2/arm_dev_swd_rotpk.o: $(ARM_SWD_ROTPK_HASH) 138endif 139 140endif 141