1# 2# Copyright (c) 2015-2021, ARM Limited and Contributors. All rights reserved. 3# 4# SPDX-License-Identifier: BSD-3-Clause 5# 6 7ifeq (${ARCH}, aarch64) 8 # On ARM standard platorms, the TSP can execute from Trusted SRAM, Trusted 9 # DRAM (if available) or the TZC secured area of DRAM. 10 # TZC secured DRAM is the default. 11 12 ARM_TSP_RAM_LOCATION ?= dram 13 14 ifeq (${ARM_TSP_RAM_LOCATION}, tsram) 15 ARM_TSP_RAM_LOCATION_ID = ARM_TRUSTED_SRAM_ID 16 else ifeq (${ARM_TSP_RAM_LOCATION}, tdram) 17 ARM_TSP_RAM_LOCATION_ID = ARM_TRUSTED_DRAM_ID 18 else ifeq (${ARM_TSP_RAM_LOCATION}, dram) 19 ARM_TSP_RAM_LOCATION_ID = ARM_DRAM_ID 20 else 21 $(error "Unsupported ARM_TSP_RAM_LOCATION value") 22 endif 23 24 # Process flags 25 # Process ARM_BL31_IN_DRAM flag 26 ARM_BL31_IN_DRAM := 0 27 $(eval $(call assert_boolean,ARM_BL31_IN_DRAM)) 28 $(eval $(call add_define,ARM_BL31_IN_DRAM)) 29else 30 ARM_TSP_RAM_LOCATION_ID = ARM_TRUSTED_SRAM_ID 31endif 32 33$(eval $(call add_define,ARM_TSP_RAM_LOCATION_ID)) 34 35 36# For the original power-state parameter format, the State-ID can be encoded 37# according to the recommended encoding or zero. This flag determines which 38# State-ID encoding to be parsed. 39ARM_RECOM_STATE_ID_ENC := 0 40 41# If the PSCI_EXTENDED_STATE_ID is set, then ARM_RECOM_STATE_ID_ENC need to 42# be set. Else throw a build error. 43ifeq (${PSCI_EXTENDED_STATE_ID}, 1) 44 ifeq (${ARM_RECOM_STATE_ID_ENC}, 0) 45 $(error Build option ARM_RECOM_STATE_ID_ENC needs to be set if \ 46 PSCI_EXTENDED_STATE_ID is set for ARM platforms) 47 endif 48endif 49 50# Process ARM_RECOM_STATE_ID_ENC flag 51$(eval $(call assert_boolean,ARM_RECOM_STATE_ID_ENC)) 52$(eval $(call add_define,ARM_RECOM_STATE_ID_ENC)) 53 54# Process ARM_DISABLE_TRUSTED_WDOG flag 55# By default, Trusted Watchdog is always enabled unless SPIN_ON_BL1_EXIT is set 56ARM_DISABLE_TRUSTED_WDOG := 0 57ifeq (${SPIN_ON_BL1_EXIT}, 1) 58ARM_DISABLE_TRUSTED_WDOG := 1 59endif 60$(eval $(call assert_boolean,ARM_DISABLE_TRUSTED_WDOG)) 61$(eval $(call add_define,ARM_DISABLE_TRUSTED_WDOG)) 62 63# Process ARM_CONFIG_CNTACR 64ARM_CONFIG_CNTACR := 1 65$(eval $(call assert_boolean,ARM_CONFIG_CNTACR)) 66$(eval $(call add_define,ARM_CONFIG_CNTACR)) 67 68# Process ARM_BL31_IN_DRAM flag 69ARM_BL31_IN_DRAM := 0 70$(eval $(call assert_boolean,ARM_BL31_IN_DRAM)) 71$(eval $(call add_define,ARM_BL31_IN_DRAM)) 72 73# Process ARM_PLAT_MT flag 74ARM_PLAT_MT := 0 75$(eval $(call assert_boolean,ARM_PLAT_MT)) 76$(eval $(call add_define,ARM_PLAT_MT)) 77 78# Use translation tables library v2 by default 79ARM_XLAT_TABLES_LIB_V1 := 0 80$(eval $(call assert_boolean,ARM_XLAT_TABLES_LIB_V1)) 81$(eval $(call add_define,ARM_XLAT_TABLES_LIB_V1)) 82 83# Don't have the Linux kernel as a BL33 image by default 84ARM_LINUX_KERNEL_AS_BL33 := 0 85$(eval $(call assert_boolean,ARM_LINUX_KERNEL_AS_BL33)) 86$(eval $(call add_define,ARM_LINUX_KERNEL_AS_BL33)) 87 88ifeq (${ARM_LINUX_KERNEL_AS_BL33},1) 89 ifneq (${ARCH},aarch64) 90 ifneq (${RESET_TO_SP_MIN},1) 91 $(error "ARM_LINUX_KERNEL_AS_BL33 is only available if RESET_TO_SP_MIN=1.") 92 endif 93 endif 94 ifndef PRELOADED_BL33_BASE 95 $(error "PRELOADED_BL33_BASE must be set if ARM_LINUX_KERNEL_AS_BL33 is used.") 96 endif 97 ifndef ARM_PRELOADED_DTB_BASE 98 $(error "ARM_PRELOADED_DTB_BASE must be set if ARM_LINUX_KERNEL_AS_BL33 is used.") 99 endif 100 $(eval $(call add_define,ARM_PRELOADED_DTB_BASE)) 101endif 102 103# Arm Ethos-N NPU SiP service 104ARM_ETHOSN_NPU_DRIVER := 0 105$(eval $(call assert_boolean,ARM_ETHOSN_NPU_DRIVER)) 106$(eval $(call add_define,ARM_ETHOSN_NPU_DRIVER)) 107 108# Use an implementation of SHA-256 with a smaller memory footprint but reduced 109# speed. 110$(eval $(call add_define,MBEDTLS_SHA256_SMALLER)) 111 112# Add the build options to pack Trusted OS Extra1 and Trusted OS Extra2 images 113# in the FIP if the platform requires. 114ifneq ($(BL32_EXTRA1),) 115$(eval $(call TOOL_ADD_IMG,bl32_extra1,--tos-fw-extra1)) 116endif 117ifneq ($(BL32_EXTRA2),) 118$(eval $(call TOOL_ADD_IMG,bl32_extra2,--tos-fw-extra2)) 119endif 120 121# Enable PSCI_STAT_COUNT/RESIDENCY APIs on ARM platforms 122ENABLE_PSCI_STAT := 1 123ENABLE_PMF := 1 124 125# Override the standard libc with optimised libc_asm 126OVERRIDE_LIBC := 1 127ifeq (${OVERRIDE_LIBC},1) 128 include lib/libc/libc_asm.mk 129endif 130 131# On ARM platforms, separate the code and read-only data sections to allow 132# mapping the former as executable and the latter as execute-never. 133SEPARATE_CODE_AND_RODATA := 1 134 135# On ARM platforms, disable SEPARATE_NOBITS_REGION by default. Both PROGBITS 136# and NOBITS sections of BL31 image are adjacent to each other and loaded 137# into Trusted SRAM. 138SEPARATE_NOBITS_REGION := 0 139 140# In order to support SEPARATE_NOBITS_REGION for Arm platforms, we need to load 141# BL31 PROGBITS into secure DRAM space and BL31 NOBITS into SRAM. Hence mandate 142# the build to require that ARM_BL31_IN_DRAM is enabled as well. 143ifeq ($(SEPARATE_NOBITS_REGION),1) 144 ifneq ($(ARM_BL31_IN_DRAM),1) 145 $(error For SEPARATE_NOBITS_REGION, ARM_BL31_IN_DRAM must be enabled) 146 endif 147 ifneq ($(RECLAIM_INIT_CODE),0) 148 $(error For SEPARATE_NOBITS_REGION, RECLAIM_INIT_CODE cannot be supported) 149 endif 150endif 151 152# Disable ARM Cryptocell by default 153ARM_CRYPTOCELL_INTEG := 0 154$(eval $(call assert_boolean,ARM_CRYPTOCELL_INTEG)) 155$(eval $(call add_define,ARM_CRYPTOCELL_INTEG)) 156 157# Enable PIE support for RESET_TO_BL31 case 158ifeq (${RESET_TO_BL31},1) 159 ENABLE_PIE := 1 160endif 161 162# CryptoCell integration relies on coherent buffers for passing data from 163# the AP CPU to the CryptoCell 164ifeq (${ARM_CRYPTOCELL_INTEG},1) 165 ifeq (${USE_COHERENT_MEM},0) 166 $(error "ARM_CRYPTOCELL_INTEG needs USE_COHERENT_MEM to be set.") 167 endif 168endif 169 170# Disable GPT parser support, use FIP image by default 171ARM_GPT_SUPPORT := 0 172$(eval $(call assert_boolean,ARM_GPT_SUPPORT)) 173$(eval $(call add_define,ARM_GPT_SUPPORT)) 174 175# Include necessary sources to parse GPT image 176ifeq (${ARM_GPT_SUPPORT}, 1) 177 BL2_SOURCES += drivers/partition/gpt.c \ 178 drivers/partition/partition.c 179endif 180 181ifeq (${ARCH}, aarch64) 182PLAT_INCLUDES += -Iinclude/plat/arm/common/aarch64 183endif 184 185PLAT_BL_COMMON_SOURCES += plat/arm/common/${ARCH}/arm_helpers.S \ 186 plat/arm/common/arm_common.c \ 187 plat/arm/common/arm_console.c 188 189ifeq (${ARM_XLAT_TABLES_LIB_V1}, 1) 190PLAT_BL_COMMON_SOURCES += lib/xlat_tables/xlat_tables_common.c \ 191 lib/xlat_tables/${ARCH}/xlat_tables.c 192else 193include lib/xlat_tables_v2/xlat_tables.mk 194 195PLAT_BL_COMMON_SOURCES += ${XLAT_TABLES_LIB_SRCS} 196endif 197 198ARM_IO_SOURCES += plat/arm/common/arm_io_storage.c \ 199 plat/arm/common/fconf/arm_fconf_io.c 200ifeq (${SPD},spmd) 201 ifeq (${SPMD_SPM_AT_SEL2},1) 202 ARM_IO_SOURCES += plat/arm/common/fconf/arm_fconf_sp.c 203 endif 204endif 205 206BL1_SOURCES += drivers/io/io_fip.c \ 207 drivers/io/io_memmap.c \ 208 drivers/io/io_storage.c \ 209 plat/arm/common/arm_bl1_setup.c \ 210 plat/arm/common/arm_err.c \ 211 ${ARM_IO_SOURCES} 212 213ifdef EL3_PAYLOAD_BASE 214# Need the plat_arm_program_trusted_mailbox() function to release secondary CPUs from 215# their holding pen 216BL1_SOURCES += plat/arm/common/arm_pm.c 217endif 218 219BL2_SOURCES += drivers/delay_timer/delay_timer.c \ 220 drivers/delay_timer/generic_delay_timer.c \ 221 drivers/io/io_fip.c \ 222 drivers/io/io_memmap.c \ 223 drivers/io/io_storage.c \ 224 plat/arm/common/arm_bl2_setup.c \ 225 plat/arm/common/arm_err.c \ 226 ${ARM_IO_SOURCES} 227 228# Firmware Configuration Framework sources 229include lib/fconf/fconf.mk 230 231# Add `libfdt` and Arm common helpers required for Dynamic Config 232include lib/libfdt/libfdt.mk 233 234DYN_CFG_SOURCES += plat/arm/common/arm_dyn_cfg.c \ 235 plat/arm/common/arm_dyn_cfg_helpers.c \ 236 common/fdt_wrappers.c \ 237 common/uuid.c 238 239BL1_SOURCES += ${DYN_CFG_SOURCES} 240BL2_SOURCES += ${DYN_CFG_SOURCES} 241 242ifeq (${BL2_AT_EL3},1) 243BL2_SOURCES += plat/arm/common/arm_bl2_el3_setup.c 244endif 245 246# Because BL1/BL2 execute in AArch64 mode but BL32 in AArch32 we need to use 247# the AArch32 descriptors. 248ifeq (${JUNO_AARCH32_EL3_RUNTIME},1) 249BL2_SOURCES += plat/arm/common/aarch32/arm_bl2_mem_params_desc.c 250else 251BL2_SOURCES += plat/arm/common/${ARCH}/arm_bl2_mem_params_desc.c 252endif 253BL2_SOURCES += plat/arm/common/arm_image_load.c \ 254 common/desc_image_load.c 255ifeq (${SPD},opteed) 256BL2_SOURCES += lib/optee/optee_utils.c 257endif 258 259BL2U_SOURCES += drivers/delay_timer/delay_timer.c \ 260 drivers/delay_timer/generic_delay_timer.c \ 261 plat/arm/common/arm_bl2u_setup.c 262 263BL31_SOURCES += plat/arm/common/arm_bl31_setup.c \ 264 plat/arm/common/arm_pm.c \ 265 plat/arm/common/arm_topology.c \ 266 plat/common/plat_psci_common.c 267 268ifneq ($(filter 1,${ENABLE_PMF} ${ARM_ETHOSN_NPU_DRIVER}),) 269ARM_SVC_HANDLER_SRCS := 270 271ifeq (${ENABLE_PMF},1) 272ARM_SVC_HANDLER_SRCS += lib/pmf/pmf_smc.c 273endif 274 275ifeq (${ARM_ETHOSN_NPU_DRIVER},1) 276ARM_SVC_HANDLER_SRCS += plat/arm/common/fconf/fconf_ethosn_getter.c \ 277 drivers/delay_timer/delay_timer.c \ 278 drivers/arm/ethosn/ethosn_smc.c 279endif 280 281ifeq (${ARCH}, aarch64) 282BL31_SOURCES += plat/arm/common/aarch64/execution_state_switch.c\ 283 plat/arm/common/arm_sip_svc.c \ 284 ${ARM_SVC_HANDLER_SRCS} 285else 286BL32_SOURCES += plat/arm/common/arm_sip_svc.c \ 287 ${ARM_SVC_HANDLER_SRCS} 288endif 289endif 290 291ifeq (${EL3_EXCEPTION_HANDLING},1) 292BL31_SOURCES += plat/common/aarch64/plat_ehf.c 293endif 294 295ifeq (${SDEI_SUPPORT},1) 296BL31_SOURCES += plat/arm/common/aarch64/arm_sdei.c 297ifeq (${SDEI_IN_FCONF},1) 298BL31_SOURCES += plat/arm/common/fconf/fconf_sdei_getter.c 299endif 300endif 301 302# RAS sources 303ifeq (${RAS_EXTENSION},1) 304BL31_SOURCES += lib/extensions/ras/std_err_record.c \ 305 lib/extensions/ras/ras_common.c 306endif 307 308# Pointer Authentication sources 309ifeq (${ENABLE_PAUTH}, 1) 310PLAT_BL_COMMON_SOURCES += plat/arm/common/aarch64/arm_pauth.c \ 311 lib/extensions/pauth/pauth_helpers.S 312endif 313 314ifeq (${SPD},spmd) 315BL31_SOURCES += plat/common/plat_spmd_manifest.c \ 316 common/fdt_wrappers.c \ 317 common/uuid.c \ 318 ${LIBFDT_SRCS} 319 320endif 321 322ifneq (${TRUSTED_BOARD_BOOT},0) 323 324 # Include common TBB sources 325 AUTH_SOURCES := drivers/auth/auth_mod.c \ 326 drivers/auth/crypto_mod.c \ 327 drivers/auth/img_parser_mod.c \ 328 lib/fconf/fconf_tbbr_getter.c 329 330 # Include the selected chain of trust sources. 331 ifeq (${COT},tbbr) 332 BL1_SOURCES += drivers/auth/tbbr/tbbr_cot_common.c \ 333 drivers/auth/tbbr/tbbr_cot_bl1.c 334 ifneq (${COT_DESC_IN_DTB},0) 335 BL2_SOURCES += lib/fconf/fconf_cot_getter.c 336 else 337 BL2_SOURCES += drivers/auth/tbbr/tbbr_cot_common.c \ 338 drivers/auth/tbbr/tbbr_cot_bl2.c 339 endif 340 else ifeq (${COT},dualroot) 341 AUTH_SOURCES += drivers/auth/dualroot/cot.c 342 else 343 $(error Unknown chain of trust ${COT}) 344 endif 345 346 BL1_SOURCES += ${AUTH_SOURCES} \ 347 bl1/tbbr/tbbr_img_desc.c \ 348 plat/arm/common/arm_bl1_fwu.c \ 349 plat/common/tbbr/plat_tbbr.c 350 351 BL2_SOURCES += ${AUTH_SOURCES} \ 352 plat/common/tbbr/plat_tbbr.c 353 354 $(eval $(call TOOL_ADD_IMG,ns_bl2u,--fwu,FWU_)) 355 356 # We expect to locate the *.mk files under the directories specified below 357ifeq (${ARM_CRYPTOCELL_INTEG},0) 358 CRYPTO_LIB_MK := drivers/auth/mbedtls/mbedtls_crypto.mk 359else 360 CRYPTO_LIB_MK := drivers/auth/cryptocell/cryptocell_crypto.mk 361endif 362 IMG_PARSER_LIB_MK := drivers/auth/mbedtls/mbedtls_x509.mk 363 364 $(info Including ${CRYPTO_LIB_MK}) 365 include ${CRYPTO_LIB_MK} 366 367 $(info Including ${IMG_PARSER_LIB_MK}) 368 include ${IMG_PARSER_LIB_MK} 369 370endif 371 372ifeq (${RECLAIM_INIT_CODE}, 1) 373 ifeq (${ARM_XLAT_TABLES_LIB_V1}, 1) 374 $(error "To reclaim init code xlat tables v2 must be used") 375 endif 376endif 377 378ifeq (${MEASURED_BOOT},1) 379 MEASURED_BOOT_MK := drivers/measured_boot/measured_boot.mk 380 $(info Including ${MEASURED_BOOT_MK}) 381 include ${MEASURED_BOOT_MK} 382endif 383