1# 2# Copyright (c) 2015-2023, ARM Limited and Contributors. All rights reserved. 3# 4# Copyright (c) 2017-2023 Nuvoton Ltd. 5# 6# SPDX-License-Identifier: BSD-3-Clause 7# 8 9# This is a debug flag for bring-up. It allows reducing CPU numbers 10# SECONDARY_BRINGUP := 1 11RESET_TO_BL31 := 1 12PMD_SPM_AT_SEL2 := 0 13#temporary until the RAM size is reduced 14USE_COHERENT_MEM := 1 15 16 17$(eval $(call add_define,RESET_TO_BL31)) 18 19ifeq (${ARCH}, aarch64) 20# On ARM standard platorms, the TSP can execute from Trusted SRAM, 21# Trusted DRAM (if available) or the TZC secured area of DRAM. 22# TZC secured DRAM is the default. 23 24ARM_TSP_RAM_LOCATION ?= dram 25 26ifeq (${ARM_TSP_RAM_LOCATION}, tsram) 27ARM_TSP_RAM_LOCATION_ID = ARM_TRUSTED_SRAM_ID 28else ifeq (${ARM_TSP_RAM_LOCATION}, tdram) 29ARM_TSP_RAM_LOCATION_ID = ARM_TRUSTED_DRAM_ID 30else ifeq (${ARM_TSP_RAM_LOCATION}, dram) 31ARM_TSP_RAM_LOCATION_ID = ARM_DRAM_ID 32else 33$(error "Unsupported ARM_TSP_RAM_LOCATION value") 34endif 35 36# Process flags 37# Process ARM_BL31_IN_DRAM flag 38ARM_BL31_IN_DRAM := 0 39$(eval $(call assert_boolean,ARM_BL31_IN_DRAM)) 40$(eval $(call add_define,ARM_BL31_IN_DRAM)) 41else 42ARM_TSP_RAM_LOCATION_ID = ARM_TRUSTED_SRAM_ID 43endif 44 45$(eval $(call add_define,ARM_TSP_RAM_LOCATION_ID)) 46 47# For the original power-state parameter format, the State-ID can be encoded 48# according to the recommended encoding or zero. This flag determines which 49# State-ID encoding to be parsed. 50ARM_RECOM_STATE_ID_ENC := 0 51 52# If the PSCI_EXTENDED_STATE_ID is set, then ARM_RECOM_STATE_ID_ENC 53# need to be set. Else throw a build error. 54ifeq (${PSCI_EXTENDED_STATE_ID}, 1) 55ifeq (${ARM_RECOM_STATE_ID_ENC}, 0) 56$(error Build option ARM_RECOM_STATE_ID_ENC needs to be set if \ 57 PSCI_EXTENDED_STATE_ID is set for ARM platforms) 58endif 59endif 60 61# Process ARM_RECOM_STATE_ID_ENC flag 62$(eval $(call assert_boolean,ARM_RECOM_STATE_ID_ENC)) 63$(eval $(call add_define,ARM_RECOM_STATE_ID_ENC)) 64 65# Process ARM_DISABLE_TRUSTED_WDOG flag 66# By default, Trusted Watchdog is always enabled unless SPIN_ON_BL1_EXIT is set 67ARM_DISABLE_TRUSTED_WDOG := 0 68ifeq (${SPIN_ON_BL1_EXIT}, 1) 69ARM_DISABLE_TRUSTED_WDOG := 1 70endif 71$(eval $(call assert_boolean,ARM_DISABLE_TRUSTED_WDOG)) 72$(eval $(call add_define,ARM_DISABLE_TRUSTED_WDOG)) 73 74# Process ARM_CONFIG_CNTACR 75ARM_CONFIG_CNTACR := 1 76$(eval $(call assert_boolean,ARM_CONFIG_CNTACR)) 77$(eval $(call add_define,ARM_CONFIG_CNTACR)) 78 79# Process ARM_BL31_IN_DRAM flag 80ARM_BL31_IN_DRAM := 0 81$(eval $(call assert_boolean,ARM_BL31_IN_DRAM)) 82$(eval $(call add_define,ARM_BL31_IN_DRAM)) 83 84# Process ARM_PLAT_MT flag 85ARM_PLAT_MT := 0 86$(eval $(call assert_boolean,ARM_PLAT_MT)) 87$(eval $(call add_define,ARM_PLAT_MT)) 88 89# Use translation tables library v2 by default 90ARM_XLAT_TABLES_LIB_V1 := 0 91$(eval $(call assert_boolean,ARM_XLAT_TABLES_LIB_V1)) 92$(eval $(call add_define,ARM_XLAT_TABLES_LIB_V1)) 93 94# Don't have the Linux kernel as a BL33 image by default 95ARM_LINUX_KERNEL_AS_BL33 := 0 96$(eval $(call assert_boolean,ARM_LINUX_KERNEL_AS_BL33)) 97$(eval $(call add_define,ARM_LINUX_KERNEL_AS_BL33)) 98 99ifeq (${ARM_LINUX_KERNEL_AS_BL33},1) 100ifeq (${ARCH},aarch64) 101ifneq (${RESET_TO_BL31},1) 102$(error "ARM_LINUX_KERNEL_AS_BL33 is only available if RESET_TO_BL31=1.") 103endif 104else 105ifneq (${RESET_TO_SP_MIN},1) 106$(error "ARM_LINUX_KERNEL_AS_BL33 is only available if RESET_TO_SP_MIN=1.") 107endif 108endif 109 110ifndef PRELOADED_BL33_BASE 111$(error "PRELOADED_BL33_BASE must be set if ARM_LINUX_KERNEL_AS_BL33 is used.") 112endif 113 114ifndef ARM_PRELOADED_DTB_BASE 115$(error "ARM_PRELOADED_DTB_BASE must be set if ARM_LINUX_KERNEL_AS_BL33 is used.") 116endif 117 118$(eval $(call add_define,ARM_PRELOADED_DTB_BASE)) 119endif 120 121# Use an implementation of SHA-256 with a smaller memory footprint 122# but reduced speed. 123$(eval $(call add_define,MBEDTLS_SHA256_SMALLER)) 124 125# Add the build options to pack Trusted OS Extra1 and Trusted OS Extra2 images 126# in the FIP if the platform requires. 127ifneq ($(BL32_EXTRA1),) 128$(eval $(call TOOL_ADD_IMG,bl32_extra1,--tos-fw-extra1)) 129endif 130ifneq ($(BL32_EXTRA2),) 131$(eval $(call TOOL_ADD_IMG,bl32_extra2,--tos-fw-extra2)) 132endif 133 134# Enable PSCI_STAT_COUNT/RESIDENCY APIs on ARM platforms 135ENABLE_PSCI_STAT := 1 136ENABLE_PMF := 1 137 138# On ARM platforms, separate the code and read-only data sections to allow 139# mapping the former as executable and the latter as execute-never. 140SEPARATE_CODE_AND_RODATA := 1 141 142# On ARM platforms, disable SEPARATE_NOBITS_REGION by default. Both PROGBITS 143# and NOBITS sections of BL31 image are adjacent to each other and loaded 144# into Trusted SRAM. 145SEPARATE_NOBITS_REGION := 0 146 147# In order to support SEPARATE_NOBITS_REGION for Arm platforms, we need to load 148# BL31 PROGBITS into secure DRAM space and BL31 NOBITS into SRAM. Hence mandate 149# the build to require that ARM_BL31_IN_DRAM is enabled as well. 150ifeq ($(SEPARATE_NOBITS_REGION),1) 151ifneq ($(ARM_BL31_IN_DRAM),1) 152$(error For SEPARATE_NOBITS_REGION, ARM_BL31_IN_DRAM must be enabled) 153endif 154 155ifneq ($(RECLAIM_INIT_CODE),0) 156$(error For SEPARATE_NOBITS_REGION, RECLAIM_INIT_CODE cannot be supported) 157endif 158endif 159 160# Disable ARM Cryptocell by default 161ARM_CRYPTOCELL_INTEG := 0 162$(eval $(call assert_boolean,ARM_CRYPTOCELL_INTEG)) 163$(eval $(call add_define,ARM_CRYPTOCELL_INTEG)) 164 165# Enable PIE support for RESET_TO_BL31 case 166ifeq (${RESET_TO_BL31},1) 167ENABLE_PIE := 1 168endif 169 170# CryptoCell integration relies on coherent buffers for passing data from 171# the AP CPU to the CryptoCell 172 173ifeq (${ARM_CRYPTOCELL_INTEG},1) 174ifeq (${USE_COHERENT_MEM},0) 175$(error "ARM_CRYPTOCELL_INTEG needs USE_COHERENT_MEM to be set.") 176endif 177endif 178 179PLAT_INCLUDES := -Iinclude/plat/nuvoton/npcm845x \ 180 -Iinclude/plat/nuvoton/common \ 181 -Iinclude/drivers/nuvoton/npcm845x \ 182 183ifeq (${ARCH}, aarch64) 184PLAT_INCLUDES += -Iinclude/plat/arm/common/aarch64 185endif 186 187# Include GICv3 driver files 188include drivers/arm/gic/v2/gicv2.mk 189 190NPCM850_GIC_SOURCES := ${GICV2_SOURCES} 191 192BL31_SOURCES +=lib/cpus/aarch64/cortex_a35.S \ 193 plat/common/plat_psci_common.c \ 194 drivers/ti/uart/aarch64/16550_console.S \ 195 plat/nuvoton/npcm845x/npcm845x_psci.c \ 196 plat/nuvoton/npcm845x/npcm845x_serial_port.c \ 197 plat/nuvoton/common/nuvoton_topology.c \ 198 plat/nuvoton/npcm845x/npcm845x_bl31_setup.c 199 200PLAT_BL_COMMON_SOURCES := drivers/delay_timer/delay_timer.c \ 201 drivers/delay_timer/generic_delay_timer.c \ 202 plat/common/plat_gicv2.c \ 203 plat/arm/common/arm_gicv2.c \ 204 plat/nuvoton/common/plat_nuvoton_gic.c \ 205 ${NPCM850_GIC_SOURCES} \ 206 plat/nuvoton/npcm845x/npcm845x_common.c \ 207 plat/nuvoton/common/nuvoton_helpers.S \ 208 lib/semihosting/semihosting.c \ 209 lib/semihosting/${ARCH}/semihosting_call.S \ 210 plat/arm/common/arm_common.c \ 211 plat/arm/common/arm_console.c 212 213ifeq (${ARM_XLAT_TABLES_LIB_V1}, 1) 214PLAT_BL_COMMON_SOURCES += lib/xlat_tables/xlat_tables_common.c \ 215 lib/xlat_tables/${ARCH}/xlat_tables.c 216else 217include lib/xlat_tables_v2/xlat_tables.mk 218 219PLAT_BL_COMMON_SOURCES += ${XLAT_TABLES_LIB_SRCS} 220endif 221 222ARM_IO_SOURCES += plat/arm/common/arm_io_storage.c \ 223 plat/arm/common/fconf/arm_fconf_io.c 224 225ifeq (${SPD},spmd) 226ifeq (${SPMD_SPM_AT_SEL2},1) 227ARM_IO_SOURCES += plat/arm/common/fconf/arm_fconf_sp.c 228endif 229endif 230 231BL1_SOURCES += drivers/io/io_fip.c \ 232 drivers/io/io_memmap.c \ 233 drivers/io/io_storage.c \ 234 plat/arm/common/arm_bl1_setup.c \ 235 plat/arm/common/arm_err.c \ 236 ${ARM_IO_SOURCES} 237 238ifdef EL3_PAYLOAD_BASE 239# Need the plat_arm_program_trusted_mailbox() function to release secondary CPUs 240# from their holding pen 241BL1_SOURCES += plat/arm/common/arm_pm.c 242endif 243 244BL2_SOURCES += drivers/delay_timer/delay_timer.c \ 245 drivers/delay_timer/generic_delay_timer.c \ 246 drivers/io/io_fip.c \ 247 drivers/io/io_memmap.c \ 248 drivers/io/io_storage.c \ 249 plat/arm/common/arm_bl2_setup.c \ 250 plat/arm/common/arm_err.c \ 251 ${ARM_IO_SOURCES} 252 253# Firmware Configuration Framework sources 254include lib/fconf/fconf.mk 255 256# Add `libfdt` and Arm common helpers required for Dynamic Config 257include lib/libfdt/libfdt.mk 258 259DYN_CFG_SOURCES += plat/arm/common/arm_dyn_cfg.c \ 260 plat/arm/common/arm_dyn_cfg_helpers.c \ 261 common/fdt_wrappers.c 262 263BL1_SOURCES += ${DYN_CFG_SOURCES} 264BL2_SOURCES += ${DYN_CFG_SOURCES} 265 266ifeq (${BL2_AT_EL3},1) 267BL2_SOURCES += plat/arm/common/arm_bl2_el3_setup.c 268endif 269 270# Because BL1/BL2 execute in AArch64 mode but BL32 in AArch32 we need to use 271# the AArch32 descriptors. 272BL2_SOURCES += plat/arm/common/${ARCH}/arm_bl2_mem_params_desc.c 273BL2_SOURCES += plat/arm/common/arm_image_load.c \ 274 common/desc_image_load.c 275 276ifeq (${SPD},opteed) 277BL2_SOURCES += lib/optee/optee_utils.c 278endif 279 280BL2U_SOURCES += drivers/delay_timer/delay_timer.c \ 281 drivers/delay_timer/generic_delay_timer.c \ 282 plat/arm/common/arm_bl2u_setup.c 283 284BL31_SOURCES += plat/arm/common/arm_bl31_setup.c \ 285 plat/nuvoton/common/nuvoton_pm.c \ 286 plat/nuvoton/common/nuvoton_topology.c \ 287 plat/common/plat_psci_common.c 288 289ifeq (${ENABLE_PMF}, 1) 290ifeq (${ARCH}, aarch64) 291BL31_SOURCES += plat/arm/common/aarch64/execution_state_switch.c \ 292 plat/arm/common/arm_sip_svc.c \ 293 lib/pmf/pmf_smc.c 294else 295BL32_SOURCES += plat/arm/common/arm_sip_svc.c \ 296 lib/pmf/pmf_smc.c 297endif 298endif 299 300ifeq (${EL3_EXCEPTION_HANDLING},1) 301BL31_SOURCES += plat/arm/common/aarch64/arm_ehf.c 302endif 303 304ifeq (${SDEI_SUPPORT},1) 305BL31_SOURCES += plat/arm/common/aarch64/arm_sdei.c 306ifeq (${SDEI_IN_FCONF},1) 307BL31_SOURCES += plat/arm/common/fconf/fconf_sdei_getter.c 308endif 309endif 310 311# RAS sources 312ifeq (${RAS_EXTENSION},1) 313BL31_SOURCES += lib/extensions/ras/std_err_record.c \ 314 lib/extensions/ras/ras_common.c 315endif 316 317# Pointer Authentication sources 318ifeq (${ENABLE_PAUTH}, 1) 319PLAT_BL_COMMON_SOURCES += plat/arm/common/aarch64/arm_pauth.c \ 320 lib/extensions/pauth/pauth_helpers.S 321endif 322 323ifeq (${SPD},spmd) 324BL31_SOURCES += plat/common/plat_spmd_manifest.c \ 325 common/fdt_wrappers.c \ 326 ${LIBFDT_SRCS} 327endif 328 329ifneq (${TRUSTED_BOARD_BOOT},0) 330# Include common TBB sources 331AUTH_SOURCES := drivers/auth/auth_mod.c \ 332 drivers/auth/crypto_mod.c \ 333 drivers/auth/img_parser_mod.c \ 334 lib/fconf/fconf_tbbr_getter.c 335 336# Include the selected chain of trust sources. 337ifeq (${COT},tbbr) 338AUTH_SOURCES += drivers/auth/tbbr/tbbr_cot_common.c 339BL1_SOURCES += drivers/auth/tbbr/tbbr_cot_bl1.c 340BL2_SOURCES += drivers/auth/tbbr/tbbr_cot_bl2.c 341else ifeq (${COT},dualroot) 342AUTH_SOURCES += drivers/auth/dualroot/cot.c 343else 344$(error Unknown chain of trust ${COT}) 345endif 346 347BL1_SOURCES += ${AUTH_SOURCES} \ 348 bl1/tbbr/tbbr_img_desc.c \ 349 plat/arm/common/arm_bl1_fwu.c \ 350 plat/common/tbbr/plat_tbbr.c 351 352BL2_SOURCES += ${AUTH_SOURCES} \ 353 plat/common/tbbr/plat_tbbr.c 354 355$(eval $(call TOOL_ADD_IMG,ns_bl2u,--fwu,FWU_)) 356 357# We expect to locate the *.mk files under the directories specified below 358ifeq (${ARM_CRYPTOCELL_INTEG},0) 359CRYPTO_LIB_MK := drivers/auth/mbedtls/mbedtls_crypto.mk 360else 361CRYPTO_LIB_MK := drivers/auth/cryptocell/cryptocell_crypto.mk 362endif 363 364IMG_PARSER_LIB_MK := drivers/auth/mbedtls/mbedtls_x509.mk 365 366$(info Including ${CRYPTO_LIB_MK}) 367include ${CRYPTO_LIB_MK} 368 369$(info Including ${IMG_PARSER_LIB_MK}) 370include ${IMG_PARSER_LIB_MK} 371endif 372 373ifeq (${RECLAIM_INIT_CODE}, 1) 374ifeq (${ARM_XLAT_TABLES_LIB_V1}, 1) 375$(error "To reclaim init code xlat tables v2 must be used") 376endif 377endif 378 379ifeq (${MEASURED_BOOT},1) 380MEASURED_BOOT_MK := drivers/measured_boot/measured_boot.mk 381$(info Including ${MEASURED_BOOT_MK}) 382include ${MEASURED_BOOT_MK} 383endif 384 385ifeq (${EL3_EXCEPTION_HANDLING},1) 386BL31_SOURCES += plat/arm/common/aarch64/arm_ehf.c 387endif 388 389BL1_SOURCES := 390BL2_SOURCES := 391BL2U_SOURCES := 392 393DEBUG_CONSOLE ?= 0 394$(eval $(call add_define,DEBUG_CONSOLE)) 395 396$(eval $(call add_define,ARM_TSP_RAM_LOCATION_ID)) 397 398