1# 2# Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved. 3# 4# SPDX-License-Identifier: BSD-3-Clause 5# 6 7include common/fdt_wrappers.mk 8 9ifeq (${ARCH},aarch32) 10 ifeq (${AARCH32_SP},none) 11 $(error Variable AARCH32_SP has to be set for AArch32) 12 endif 13endif 14 15ifeq (${ARCH}, aarch64) 16 # On ARM standard platorms, the TSP can execute from Trusted SRAM, Trusted 17 # DRAM (if available) or the TZC secured area of DRAM. 18 # TZC secured DRAM is the default. 19 20 ARM_TSP_RAM_LOCATION ?= dram 21 22 ifeq (${ARM_TSP_RAM_LOCATION}, tsram) 23 ARM_TSP_RAM_LOCATION_ID = ARM_TRUSTED_SRAM_ID 24 else ifeq (${ARM_TSP_RAM_LOCATION}, tdram) 25 ARM_TSP_RAM_LOCATION_ID = ARM_TRUSTED_DRAM_ID 26 else ifeq (${ARM_TSP_RAM_LOCATION}, dram) 27 ARM_TSP_RAM_LOCATION_ID = ARM_DRAM_ID 28 else 29 $(error Unsupported ARM_TSP_RAM_LOCATION value) 30 endif 31 32 # Process flags 33 # Process ARM_BL31_IN_DRAM flag 34 ARM_BL31_IN_DRAM := 0 35 $(eval $(call assert_boolean,ARM_BL31_IN_DRAM)) 36 $(eval $(call add_define,ARM_BL31_IN_DRAM)) 37else 38 ARM_TSP_RAM_LOCATION_ID = ARM_TRUSTED_SRAM_ID 39endif 40 41$(eval $(call add_define,ARM_TSP_RAM_LOCATION_ID)) 42 43 44# For the original power-state parameter format, the State-ID can be encoded 45# according to the recommended encoding or zero. This flag determines which 46# State-ID encoding to be parsed. 47ARM_RECOM_STATE_ID_ENC := 0 48 49# If the PSCI_EXTENDED_STATE_ID is set, then ARM_RECOM_STATE_ID_ENC need to 50# be set. Else throw a build error. 51ifeq (${PSCI_EXTENDED_STATE_ID}, 1) 52 ifeq (${ARM_RECOM_STATE_ID_ENC}, 0) 53 $(error Build option ARM_RECOM_STATE_ID_ENC needs to be set if \ 54 PSCI_EXTENDED_STATE_ID is set for ARM platforms) 55 endif 56endif 57 58# Process ARM_RECOM_STATE_ID_ENC flag 59$(eval $(call assert_boolean,ARM_RECOM_STATE_ID_ENC)) 60$(eval $(call add_define,ARM_RECOM_STATE_ID_ENC)) 61 62# Process ARM_DISABLE_TRUSTED_WDOG flag 63# By default, Trusted Watchdog is always enabled unless 64# SPIN_ON_BL1_EXIT or ENABLE_RME is set 65ARM_DISABLE_TRUSTED_WDOG := 0 66ifneq ($(filter 1,${SPIN_ON_BL1_EXIT} ${ENABLE_RME}),) 67ARM_DISABLE_TRUSTED_WDOG := 1 68endif 69$(eval $(call assert_boolean,ARM_DISABLE_TRUSTED_WDOG)) 70$(eval $(call add_define,ARM_DISABLE_TRUSTED_WDOG)) 71 72# Process ARM_CONFIG_CNTACR 73ARM_CONFIG_CNTACR := 1 74$(eval $(call assert_boolean,ARM_CONFIG_CNTACR)) 75$(eval $(call add_define,ARM_CONFIG_CNTACR)) 76 77# Process ARM_BL31_IN_DRAM flag 78ARM_BL31_IN_DRAM := 0 79$(eval $(call assert_boolean,ARM_BL31_IN_DRAM)) 80$(eval $(call add_define,ARM_BL31_IN_DRAM)) 81 82# As per CCA security model, all root firmware must execute from on-chip secure 83# memory. This means we must not run BL31 from TZC-protected DRAM. 84ifeq (${ARM_BL31_IN_DRAM},1) 85 ifeq (${ENABLE_RME},1) 86 $(error BL31 must not run from DRAM on RME-systems. Please set ARM_BL31_IN_DRAM to 0) 87 endif 88endif 89 90# Process ARM_PLAT_MT flag 91ARM_PLAT_MT := 0 92$(eval $(call assert_boolean,ARM_PLAT_MT)) 93$(eval $(call add_define,ARM_PLAT_MT)) 94 95# Use translation tables library v2 by default 96ARM_XLAT_TABLES_LIB_V1 := 0 97$(eval $(call assert_boolean,ARM_XLAT_TABLES_LIB_V1)) 98$(eval $(call add_define,ARM_XLAT_TABLES_LIB_V1)) 99 100# Don't have the Linux kernel as a BL33 image by default 101ARM_LINUX_KERNEL_AS_BL33 := 0 102$(eval $(call assert_boolean,ARM_LINUX_KERNEL_AS_BL33)) 103$(eval $(call add_define,ARM_LINUX_KERNEL_AS_BL33)) 104 105ifeq (${ARM_LINUX_KERNEL_AS_BL33},1) 106 ifneq (${ARCH},aarch64) 107 ifneq (${RESET_TO_SP_MIN},1) 108 $(error ARM_LINUX_KERNEL_AS_BL33 is only available if RESET_TO_SP_MIN=1.) 109 endif 110 endif 111 ifndef PRELOADED_BL33_BASE 112 $(error PRELOADED_BL33_BASE must be set if ARM_LINUX_KERNEL_AS_BL33 is used.) 113 endif 114 ifeq (${RESET_TO_BL31},1) 115 ifndef ARM_PRELOADED_DTB_BASE 116 $(error ARM_PRELOADED_DTB_BASE must be set if ARM_LINUX_KERNEL_AS_BL33 is used with RESET_TO_BL31.) 117 endif 118 $(eval $(call add_define,ARM_PRELOADED_DTB_BASE)) 119 endif 120endif 121 122# Add the build options to pack Trusted OS Extra1 and Trusted OS Extra2 images 123# in the FIP if the platform requires. 124ifneq ($(BL32_EXTRA1),) 125$(eval $(call TOOL_ADD_IMG,bl32_extra1,--tos-fw-extra1)) 126endif 127ifneq ($(BL32_EXTRA2),) 128$(eval $(call TOOL_ADD_IMG,bl32_extra2,--tos-fw-extra2)) 129endif 130 131# Enable PSCI_STAT_COUNT/RESIDENCY APIs on ARM platforms 132ENABLE_PSCI_STAT := 1 133ENABLE_PMF := 1 134 135# Override the standard libc with optimised libc_asm 136OVERRIDE_LIBC := 1 137ifeq (${OVERRIDE_LIBC},1) 138 include lib/libc/libc_asm.mk 139endif 140 141# On ARM platforms, separate the code and read-only data sections to allow 142# mapping the former as executable and the latter as execute-never. 143SEPARATE_CODE_AND_RODATA := 1 144 145# On ARM platforms, disable SEPARATE_NOBITS_REGION by default. Both PROGBITS 146# and NOBITS sections of BL31 image are adjacent to each other and loaded 147# into Trusted SRAM. 148SEPARATE_NOBITS_REGION := 0 149 150# In order to support SEPARATE_NOBITS_REGION for Arm platforms, we need to load 151# BL31 PROGBITS into secure DRAM space and BL31 NOBITS into SRAM. Hence mandate 152# the build to require that ARM_BL31_IN_DRAM is enabled as well. 153ifeq ($(SEPARATE_NOBITS_REGION),1) 154 ifneq ($(ARM_BL31_IN_DRAM),1) 155 $(error For SEPARATE_NOBITS_REGION, ARM_BL31_IN_DRAM must be enabled) 156 endif 157 ifneq ($(RECLAIM_INIT_CODE),0) 158 $(error For SEPARATE_NOBITS_REGION, RECLAIM_INIT_CODE cannot be supported) 159 endif 160endif 161 162# Enable PIE support for RESET_TO_BL31/RESET_TO_SP_MIN case 163ifneq ($(filter 1,${RESET_TO_BL31} ${RESET_TO_SP_MIN}),) 164 ENABLE_PIE := 1 165endif 166 167# On Arm platform, disable ARM_FW_CONFIG_LOAD_ENABLE by default. 168ARM_FW_CONFIG_LOAD_ENABLE := 0 169$(eval $(call assert_boolean,ARM_FW_CONFIG_LOAD_ENABLE)) 170$(eval $(call add_define,ARM_FW_CONFIG_LOAD_ENABLE)) 171 172# In order to enable ARM_FW_CONFIG_LOAD_ENABLE for the Arm platform, the 173# platform should be reset to BL2 (RESET_TO_BL2=1), and FW_CONFIG must be 174# specified. 175ifeq (${ARM_FW_CONFIG_LOAD_ENABLE},1) 176 ifneq (${RESET_TO_BL2},1) 177 $(error RESET_TO_BL2 must be enabled when ARM_FW_CONFIG_LOAD_ENABLE \ 178 is enabled) 179 endif 180 ifeq (${FW_CONFIG},) 181 $(error FW_CONFIG must be specified when ARM_FW_CONFIG_LOAD_ENABLE \ 182 is enabled) 183 endif 184endif 185 186# Disable GPT parser support, use FIP image by default 187ARM_GPT_SUPPORT := 0 188$(eval $(call assert_boolean,ARM_GPT_SUPPORT)) 189$(eval $(call add_define,ARM_GPT_SUPPORT)) 190 191# Include necessary sources to parse GPT image 192ifeq (${ARM_GPT_SUPPORT}, 1) 193 BL2_SOURCES += drivers/partition/gpt.c \ 194 drivers/partition/partition.c 195endif 196 197# Enable CRC instructions via extension for ARMv8-A CPUs. 198# For ARMv8.1-A, and onwards CRC instructions are default enabled. 199# Enable HW computed CRC support unconditionally in BL2 component. 200ifeq (${ARM_ARCH_MAJOR},8) 201 ifeq (${ARM_ARCH_MINOR},0) 202 BL2_CPPFLAGS += -march=armv8-a+crc 203 endif 204endif 205 206ifeq ($(PSA_FWU_SUPPORT),1) 207 # GPT support is recommended as per PSA FWU specification hence 208 # PSA FWU implementation is tightly coupled with GPT support, 209 # and it does not support other formats. 210 ifneq ($(ARM_GPT_SUPPORT),1) 211 $(error For PSA_FWU_SUPPORT, ARM_GPT_SUPPORT must be enabled) 212 endif 213 FWU_MK := drivers/fwu/fwu.mk 214 $(info Including ${FWU_MK}) 215 include ${FWU_MK} 216endif 217 218ifeq (${ARCH}, aarch64) 219PLAT_INCLUDES += -Iinclude/plat/arm/common/aarch64 220endif 221 222PLAT_BL_COMMON_SOURCES += plat/arm/common/${ARCH}/arm_helpers.S \ 223 plat/arm/common/arm_common.c \ 224 plat/arm/common/arm_console.c 225 226ifeq (${ARM_XLAT_TABLES_LIB_V1}, 1) 227PLAT_BL_COMMON_SOURCES += lib/xlat_tables/xlat_tables_common.c \ 228 lib/xlat_tables/${ARCH}/xlat_tables.c 229else 230ifeq (${XLAT_MPU_LIB_V1}, 1) 231include lib/xlat_mpu/xlat_mpu.mk 232PLAT_BL_COMMON_SOURCES += ${XLAT_MPU_LIB_V1_SRCS} 233else 234include lib/xlat_tables_v2/xlat_tables.mk 235PLAT_BL_COMMON_SOURCES += ${XLAT_TABLES_LIB_SRCS} 236endif 237endif 238 239ARM_IO_SOURCES += plat/arm/common/arm_io_storage.c \ 240 plat/arm/common/fconf/arm_fconf_io.c 241ifeq (${SPD},spmd) 242 ifeq (${BL2_ENABLE_SP_LOAD},1) 243 ARM_IO_SOURCES += plat/arm/common/fconf/arm_fconf_sp.c 244 endif 245endif 246 247BL1_SOURCES += drivers/io/io_fip.c \ 248 drivers/io/io_memmap.c \ 249 drivers/io/io_storage.c \ 250 plat/arm/common/arm_bl1_setup.c \ 251 plat/arm/common/arm_err.c \ 252 ${ARM_IO_SOURCES} 253 254ifdef EL3_PAYLOAD_BASE 255# Need the plat_arm_program_trusted_mailbox() function to release secondary CPUs from 256# their holding pen 257BL1_SOURCES += plat/arm/common/arm_pm.c 258endif 259 260BL2_SOURCES += drivers/delay_timer/delay_timer.c \ 261 drivers/delay_timer/generic_delay_timer.c \ 262 drivers/io/io_fip.c \ 263 drivers/io/io_memmap.c \ 264 drivers/io/io_storage.c \ 265 plat/arm/common/arm_bl2_setup.c \ 266 plat/arm/common/arm_err.c \ 267 common/tf_crc32.c \ 268 ${ARM_IO_SOURCES} 269 270# Firmware Configuration Framework sources 271include lib/fconf/fconf.mk 272 273BL1_SOURCES += ${FCONF_SOURCES} ${FCONF_DYN_SOURCES} 274BL2_SOURCES += ${FCONF_SOURCES} ${FCONF_DYN_SOURCES} 275 276# Add `libfdt` and Arm common helpers required for Dynamic Config 277include lib/libfdt/libfdt.mk 278 279DYN_CFG_SOURCES += plat/arm/common/arm_dyn_cfg.c \ 280 plat/arm/common/arm_dyn_cfg_helpers.c \ 281 common/uuid.c 282 283DYN_CFG_SOURCES += ${FDT_WRAPPERS_SOURCES} 284 285BL1_SOURCES += ${DYN_CFG_SOURCES} 286BL2_SOURCES += ${DYN_CFG_SOURCES} 287 288ifeq (${RESET_TO_BL2},1) 289BL2_SOURCES += plat/arm/common/arm_bl2_el3_setup.c 290endif 291 292# Because BL1/BL2 execute in AArch64 mode but BL32 in AArch32 we need to use 293# the AArch32 descriptors. 294ifeq (${JUNO_AARCH32_EL3_RUNTIME},1) 295BL2_SOURCES += plat/arm/common/aarch32/arm_bl2_mem_params_desc.c 296else 297ifeq ($(filter $(PLAT), corstone1000 rd1ae),) 298BL2_SOURCES += plat/arm/common/${ARCH}/arm_bl2_mem_params_desc.c 299endif 300endif 301BL2_SOURCES += plat/arm/common/arm_image_load.c \ 302 common/desc_image_load.c 303ifeq (${SPD},opteed) 304BL2_SOURCES += lib/optee/optee_utils.c 305endif 306 307BL2U_SOURCES += drivers/delay_timer/delay_timer.c \ 308 drivers/delay_timer/generic_delay_timer.c \ 309 plat/arm/common/arm_bl2u_setup.c 310 311BL31_SOURCES += plat/arm/common/arm_bl31_setup.c \ 312 plat/arm/common/arm_pm.c \ 313 plat/arm/common/arm_topology.c \ 314 plat/common/plat_psci_common.c 315 316ifeq (${TRANSFER_LIST}, 1) 317 TRANSFER_LIST_SOURCES += plat/arm/common/arm_transfer_list.c 318endif 319 320ifneq ($(filter 1,${ENABLE_PMF} ${ETHOSN_NPU_DRIVER}),) 321ARM_SVC_HANDLER_SRCS := 322 323ifeq (${ENABLE_PMF},1) 324ARM_SVC_HANDLER_SRCS += lib/pmf/pmf_smc.c 325endif 326 327ifeq (${ETHOSN_NPU_DRIVER},1) 328ARM_SVC_HANDLER_SRCS += plat/arm/common/fconf/fconf_ethosn_getter.c \ 329 drivers/delay_timer/delay_timer.c \ 330 drivers/arm/ethosn/ethosn_smc.c 331ifeq (${ETHOSN_NPU_TZMP1},1) 332ARM_SVC_HANDLER_SRCS += drivers/arm/ethosn/ethosn_big_fw.c 333endif 334endif 335 336ifeq (${ARCH}, aarch64) 337BL31_SOURCES += plat/arm/common/aarch64/execution_state_switch.c\ 338 plat/arm/common/arm_sip_svc.c \ 339 plat/arm/common/plat_arm_sip_svc.c \ 340 ${ARM_SVC_HANDLER_SRCS} 341else 342BL32_SOURCES += plat/arm/common/arm_sip_svc.c \ 343 plat/arm/common/plat_arm_sip_svc.c \ 344 ${ARM_SVC_HANDLER_SRCS} 345endif 346endif 347 348ifeq (${EL3_EXCEPTION_HANDLING},1) 349BL31_SOURCES += plat/common/aarch64/plat_ehf.c 350endif 351 352ifeq (${SDEI_SUPPORT},1) 353BL31_SOURCES += plat/arm/common/aarch64/arm_sdei.c 354ifeq (${SDEI_IN_FCONF},1) 355BL31_SOURCES += plat/arm/common/fconf/fconf_sdei_getter.c 356endif 357endif 358 359# RAS sources 360ifeq (${ENABLE_FEAT_RAS}-${HANDLE_EA_EL3_FIRST_NS},1-1) 361BL31_SOURCES += lib/extensions/ras/std_err_record.c \ 362 lib/extensions/ras/ras_common.c 363endif 364 365# Pointer Authentication sources 366ifeq (${ENABLE_PAUTH}, 1) 367PLAT_BL_COMMON_SOURCES += plat/arm/common/aarch64/arm_pauth.c 368endif 369 370ifeq (${SPD},spmd) 371BL31_SOURCES += plat/common/plat_spmd_manifest.c \ 372 common/uuid.c \ 373 ${LIBFDT_SRCS} 374 375BL31_SOURCES += ${FDT_WRAPPERS_SOURCES} 376endif 377 378ifeq (${DRTM_SUPPORT},1) 379BL31_SOURCES += plat/arm/common/arm_err.c 380endif 381 382ifneq ($(filter 1,${MEASURED_BOOT} ${TRUSTED_BOARD_BOOT} ${DRTM_SUPPORT}),) 383 PLAT_INCLUDES += -Iplat/arm/common \ 384 -Iinclude/drivers/auth/mbedtls 385 # Specify mbed TLS configuration file 386 ifeq (${PSA_CRYPTO},1) 387 MBEDTLS_CONFIG_FILE ?= "<plat_arm_psa_mbedtls_config.h>" 388 else 389 MBEDTLS_CONFIG_FILE ?= "<plat_arm_mbedtls_config.h>" 390 endif 391endif 392 393ifneq (${TRUSTED_BOARD_BOOT},0) 394 395 # Include common TBB sources 396 AUTH_SOURCES := drivers/auth/auth_mod.c \ 397 drivers/auth/img_parser_mod.c 398 399 # Include the selected chain of trust sources. 400 ifeq (${COT},tbbr) 401 BL1_SOURCES += drivers/auth/tbbr/tbbr_cot_common.c \ 402 drivers/auth/tbbr/tbbr_cot_bl1.c 403 ifneq (${COT_DESC_IN_DTB},0) 404 BL2_SOURCES += lib/fconf/fconf_cot_getter.c 405 else 406 # Juno has its own TBBR CoT file for BL2 407 ifeq (${PLAT},juno) 408 BL2_SOURCES += drivers/auth/tbbr/tbbr_cot_common.c 409 endif 410 endif 411 else ifeq (${COT},dualroot) 412 BL1_SOURCES += drivers/auth/dualroot/bl1_cot.c 413 ifneq (${COT_DESC_IN_DTB},0) 414 BL2_SOURCES += lib/fconf/fconf_cot_getter.c 415 endif 416 else ifeq (${COT},cca) 417 BL1_SOURCES += drivers/auth/cca/bl1_cot.c 418 ifneq (${COT_DESC_IN_DTB},0) 419 BL2_SOURCES += lib/fconf/fconf_cot_getter.c 420 endif 421 else 422 $(error Unknown chain of trust ${COT}) 423 endif 424 425 ifeq (${COT_DESC_IN_DTB},0) 426 ifeq (${COT},dualroot) 427 COTDTPATH := fdts/dualroot_cot_descriptors.dtsi 428 else ifeq (${COT},cca) 429 COTDTPATH := fdts/cca_cot_descriptors.dtsi 430 else ifeq (${COT},tbbr) 431 ifneq (${PLAT},juno) 432 COTDTPATH := fdts/tbbr_cot_descriptors.dtsi 433 endif 434 endif 435 endif 436 437 BL1_SOURCES += ${AUTH_SOURCES} \ 438 bl1/tbbr/tbbr_img_desc.c \ 439 plat/arm/common/arm_bl1_fwu.c \ 440 plat/common/tbbr/plat_tbbr.c 441 442 BL2_SOURCES += ${AUTH_SOURCES} \ 443 plat/common/tbbr/plat_tbbr.c 444 445 $(eval $(call TOOL_ADD_IMG,ns_bl2u,--fwu,FWU_)) 446 447 IMG_PARSER_LIB_MK := drivers/auth/mbedtls/mbedtls_x509.mk 448 449 $(info Including ${IMG_PARSER_LIB_MK}) 450 include ${IMG_PARSER_LIB_MK} 451endif 452 453# Include Measured Boot makefile before any Crypto library makefile. 454# Crypto library makefile may need default definitions of Measured Boot build 455# flags present in Measured Boot makefile. 456ifneq ($(filter 1,${MEASURED_BOOT} ${DRTM_SUPPORT}),) 457 MEASURED_BOOT_MK := drivers/measured_boot/event_log/event_log.mk 458 $(info Including ${MEASURED_BOOT_MK}) 459 include ${MEASURED_BOOT_MK} 460 461 ifeq (${MEASURED_BOOT},1) 462 BL1_SOURCES += ${EVENT_LOG_SOURCES} 463 BL2_SOURCES += ${EVENT_LOG_SOURCES} 464 endif 465 466 ifeq (${DRTM_SUPPORT},1) 467 BL31_SOURCES += ${EVENT_LOG_SOURCES} 468 endif 469endif 470 471ifneq ($(filter 1,${MEASURED_BOOT} ${TRUSTED_BOARD_BOOT} ${DRTM_SUPPORT}),) 472 CRYPTO_SOURCES := drivers/auth/crypto_mod.c \ 473 lib/fconf/fconf_tbbr_getter.c 474 BL1_SOURCES += ${CRYPTO_SOURCES} 475 BL2_SOURCES += ${CRYPTO_SOURCES} 476 BL31_SOURCES += drivers/auth/crypto_mod.c 477 478 # We expect to locate the *.mk files under the directories specified below 479 CRYPTO_LIB_MK := drivers/auth/mbedtls/mbedtls_crypto.mk 480 481 $(info Including ${CRYPTO_LIB_MK}) 482 include ${CRYPTO_LIB_MK} 483endif 484 485ifeq (${RECLAIM_INIT_CODE}, 1) 486 ifeq (${ARM_XLAT_TABLES_LIB_V1}, 1) 487 $(error To reclaim init code xlat tables v2 must be used) 488 endif 489endif 490 491ifneq ($(COTDTPATH),) 492 cot-dt-defines = IMAGE_BL2 $(BL2_DEFINES) $(PLAT_BL_COMMON_DEFINES) 493 cot-dt-include-dirs = $(BL2_INCLUDE_DIRS) $(PLAT_BL_COMMON_INCLUDE_DIRS) 494 495 cot-dt-cpp-flags = $(cot-dt-defines:%=-D%) 496 cot-dt-cpp-flags += $(cot-dt-include-dirs:%=-I%) 497 498 cot-dt-cpp-flags += $(BL2_CPPFLAGS) $(PLAT_BL_COMMON_CPPFLAGS) 499 cot-dt-cpp-flags += $(CPPFLAGS) $(BL_CPPFLAGS) $(TF_CFLAGS_$(ARCH)) 500 cot-dt-cpp-flags += -c -x assembler-with-cpp -E -P -o $@ $< 501 502 $(BUILD_PLAT)/$(COTDTPATH:.dtsi=.dts): $(COTDTPATH) | $$(@D)/ 503 $(q)$($(ARCH)-cpp) $(cot-dt-cpp-flags) 504 505 $(BUILD_PLAT)/$(COTDTPATH:.dtsi=.c): $(BUILD_PLAT)/$(COTDTPATH:.dtsi=.dts) | $$(@D)/ 506 $(if $(host-poetry),$(q)poetry -q install) 507 $(q)$(if $(host-poetry),poetry run )cot-dt2c convert-to-c $< $@ 508 509 BL2_SOURCES += $(BUILD_PLAT)/$(COTDTPATH:.dtsi=.c) 510endif 511