1# 2# Copyright (c) 2015-2025, Arm Limited and Contributors. All rights reserved. 3# 4# SPDX-License-Identifier: BSD-3-Clause 5# 6 7PLAT_BL_COMMON_SOURCES += drivers/arm/pl011/${ARCH}/pl011_console.S \ 8 plat/arm/board/common/${ARCH}/board_arm_helpers.S 9 10BL1_SOURCES += drivers/cfi/v2m/v2m_flash.c 11 12BL2_SOURCES += drivers/cfi/v2m/v2m_flash.c 13 14ifneq (${TRUSTED_BOARD_BOOT},0) 15ARM_ROTPK_S = plat/arm/board/common/rotpk/arm_dev_rotpk.S 16ARM_ROTPK = $(BUILD_PLAT)/arm_rotpk.bin 17ARM_ROTPK_IS_HASH := 1 18$(eval $(call add_define_val,ARM_ROTPK,'"$(ARM_ROTPK)"')) 19 20# ROTPK hash location 21ifeq (${ARM_ROTPK_LOCATION}, regs) 22 ARM_ROTPK_LOCATION_ID = ARM_ROTPK_REGS_ID 23else 24# The ROTPK is a development key 25ifeq (${ARM_ROTPK_LOCATION}, devel_rsa) 26 CRYPTO_ALG=rsa 27 ARM_ROTPK_LOCATION_ID = ARM_ROTPK_DEVEL_RSA_ID 28 ROT_KEY ?= plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem 29$(warning Development keys support for FVP is deprecated. Use `regs` \ 30option instead) 31else ifeq (${ARM_ROTPK_LOCATION}, devel_ecdsa) 32 CRYPTO_ALG=ec 33 ARM_ROTPK_LOCATION_ID = ARM_ROTPK_DEVEL_ECDSA_ID 34 ROT_KEY ?= plat/arm/board/common/rotpk/arm_rotprivk_ecdsa.pem 35$(warning Development keys support for FVP is deprecated. Use `regs` \ 36option instead) 37else ifeq (${ARM_ROTPK_LOCATION}, devel_full_dev_rsa_key) 38 CRYPTO_ALG=rsa 39 ARM_ROTPK_LOCATION_ID = ARM_ROTPK_DEVEL_FULL_DEV_RSA_KEY_ID 40 ROT_KEY ?= plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem 41 ARM_ROTPK_IS_HASH = 0 42$(warning Development keys support for FVP is deprecated. Use `regs` \ 43option instead) 44else ifeq (${ARM_ROTPK_LOCATION}, devel_full_dev_ecdsa_key) 45 CRYPTO_ALG=ec 46 ARM_ROTPK_LOCATION_ID = ARM_ROTPK_DEVEL_FULL_DEV_ECDSA_KEY_ID 47 ROT_KEY ?= plat/arm/board/common/rotpk/arm_rotprivk_ecdsa.pem 48 ARM_ROTPK_IS_HASH = 0 49$(warning Development keys support for FVP is deprecated. Use `regs` \ 50option instead) 51else 52$(error "Unsupported ARM_ROTPK_LOCATION value") 53endif 54$(BUILD_PLAT)/bl1/arm_dev_rotpk.o : $(ARM_ROTPK) 55$(BUILD_PLAT)/bl2/arm_dev_rotpk.o : $(ARM_ROTPK) 56endif 57 58$(eval $(call add_define,ARM_ROTPK_LOCATION_ID)) 59$(eval $(call add_define,ARM_ROTPK_IS_HASH)) 60 61ifeq (${ENABLE_RME}, 1) 62COT := cca 63endif 64 65# Force generation of the ROT public key if ROT_KEY is specified 66ifdef ROT_KEY 67 PK_PREREQUISITES = $(ROT_KEY) FORCE 68endif 69 70$(ARM_ROTPK) : $(PK_PREREQUISITES) | $$(@D)/ 71ifndef ROT_KEY 72 $(error Cannot generate public key: no ROT_KEY defined) 73endif 74ifeq ($(ARM_ROTPK_IS_HASH), 1) 75 ${OPENSSL_BIN_PATH}/openssl ${CRYPTO_ALG} -in $< -pubout -outform DER | \ 76 ${OPENSSL_BIN_PATH}/openssl dgst -${HASH_ALG} -binary -out $@ 77else 78 ${OPENSSL_BIN_PATH}/openssl ${CRYPTO_ALG} -in $< -pubout -outform DER -out $@ 79endif 80 81# Certificate NV-Counters. Use values corresponding to tied off values in 82# ARM development platforms 83TFW_NVCTR_VAL ?= 31 84NTFW_NVCTR_VAL ?= 223 85# The CCA Non-Volatile Counter only exists on some Arm development platforms. 86# On others, we mock it by aliasing it to the Trusted Firmware Non-Volatile counter, 87# hence we set both counters to the same default value. 88CCAFW_NVCTR_VAL ?= 31 89 90BL1_SOURCES += plat/arm/board/common/board_arm_trusted_boot.c \ 91 ${ARM_ROTPK_S} 92BL2_SOURCES += plat/arm/board/common/board_arm_trusted_boot.c \ 93 ${ARM_ROTPK_S} 94 95ifeq ($(CRYPTO_ALG), ec) 96ifeq ($(KEY_SIZE), 384) 97ARM_PROT_KEY := plat/arm/board/common/protpk/arm_protprivk_ecdsa_secp384r1.pem 98ARM_SWD_ROT_KEY := plat/arm/board/common/swd_rotpk/arm_swd_rotprivk_ecdsa_secp384r1.pem 99else 100ARM_PROT_KEY := plat/arm/board/common/protpk/arm_protprivk_ecdsa.pem 101ARM_SWD_ROT_KEY := plat/arm/board/common/swd_rotpk/arm_swd_rotprivk_ecdsa.pem 102endif 103else 104ARM_PROT_KEY := plat/arm/board/common/protpk/arm_protprivk_rsa.pem 105ARM_SWD_ROT_KEY := plat/arm/board/common/swd_rotpk/arm_swd_rotprivk_rsa.pem 106endif 107 108# Allows platform code to provide implementation variants depending on the 109# selected chain of trust. 110$(eval $(call add_define,ARM_COT_${COT})) 111 112ifeq (${COT},dualroot) 113# Platform Root of Trust key files. 114ARM_PROTPK := $(BUILD_PLAT)/arm_protpk.bin 115 116# Provide the private key to cert_create tool. It needs it to sign the images. 117PROT_KEY := ${ARM_PROT_KEY} 118 119$(eval $(call add_define_val,ARM_PROTPK,'"$(ARM_PROTPK)"')) 120 121BL1_SOURCES += plat/arm/board/common/protpk/arm_dev_protpk.S 122BL2_SOURCES += plat/arm/board/common/protpk/arm_dev_protpk.S 123 124$(BUILD_PLAT)/bl1/arm_dev_protpk.o: $(ARM_PROTPK) 125$(BUILD_PLAT)/bl2/arm_dev_protpk.o: $(ARM_PROTPK) 126endif 127 128ifeq (${COT},cca) 129# Platform and Secure World Root of Trust key files. 130ARM_PROTPK := $(BUILD_PLAT)/arm_protpk.bin 131ARM_SWD_ROTPK := $(BUILD_PLAT)/arm_swd_rotpk.bin 132 133# Provide the private keys to cert_create tool. It needs them to sign the images. 134PROT_KEY := ${ARM_PROT_KEY} 135SWD_ROT_KEY := ${ARM_SWD_ROT_KEY} 136 137$(eval $(call add_define_val,ARM_PROTPK,'"$(ARM_PROTPK)"')) 138$(eval $(call add_define_val,ARM_SWD_ROTPK,'"$(ARM_SWD_ROTPK)"')) 139 140BL1_SOURCES += plat/arm/board/common/protpk/arm_dev_protpk.S \ 141 plat/arm/board/common/swd_rotpk/arm_dev_swd_rotpk.S 142BL2_SOURCES += plat/arm/board/common/protpk/arm_dev_protpk.S \ 143 plat/arm/board/common/swd_rotpk/arm_dev_swd_rotpk.S 144 145$(BUILD_PLAT)/bl1/arm_dev_protpk.o: $(ARM_PROTPK) 146$(BUILD_PLAT)/bl1/arm_dev_swd_rotpk.o: $(ARM_SWD_ROTPK) 147$(BUILD_PLAT)/bl2/arm_dev_protpk.o: $(ARM_PROTPK) 148$(BUILD_PLAT)/bl2/arm_dev_swd_rotpk.o: $(ARM_SWD_ROTPK) 149endif 150 151$(ARM_PROTPK): $(ARM_PROT_KEY) | $$(@D)/ 152ifndef ARM_PROT_KEY 153 $(error Cannot generate hash: no PROT_KEY defined) 154endif 155 ${OPENSSL_BIN_PATH}/openssl ${CRYPTO_ALG} -in ${ARM_PROT_KEY} -pubout -outform DER | \ 156 ${OPENSSL_BIN_PATH}/openssl dgst -${HASH_ALG} -binary -out $@ 157 158$(ARM_SWD_ROTPK): $(ARM_SWD_ROT_KEY) | $$(@D)/ 159ifndef ARM_SWD_ROT_KEY 160 $(error Cannot generate hash: no SWD_KEY defined) 161endif 162 ${OPENSSL_BIN_PATH}/openssl ${CRYPTO_ALG} -in ${ARM_SWD_ROT_KEY} -pubout -outform DER | \ 163 ${OPENSSL_BIN_PATH}/openssl dgst -${HASH_ALG} -binary -out $@ 164endif 165