199cd54f3SPankaj Gupta# 29550ce9dSBiwen Li# Copyright 2020-2022 NXP 399cd54f3SPankaj Gupta# 499cd54f3SPankaj Gupta# SPDX-License-Identifier: BSD-3-Clause 599cd54f3SPankaj Gupta# 699cd54f3SPankaj Gupta 799cd54f3SPankaj Gupta# For TRUSTED_BOARD_BOOT platforms need to include this makefile 899cd54f3SPankaj Gupta# Following definations are to be provided by platform.mk file or 999cd54f3SPankaj Gupta# by user - BL33_INPUT_FILE, BL32_INPUT_FILE, BL31_INPUT_FILE 1099cd54f3SPankaj Gupta 1199cd54f3SPankaj Guptaifeq ($(CHASSIS), 2) 1299cd54f3SPankaj Guptainclude $(PLAT_DRIVERS_PATH)/csu/csu.mk 1399cd54f3SPankaj GuptaCSF_FILE := input_blx_ch${CHASSIS} 1499cd54f3SPankaj GuptaBL2_CSF_FILE := input_bl2_ch${CHASSIS} 1599cd54f3SPankaj Guptaelse 169550ce9dSBiwen Liifeq ($(CHASSIS), 3) 179550ce9dSBiwen LiCSF_FILE := input_blx_ch${CHASSIS} 189550ce9dSBiwen LiBL2_CSF_FILE := input_bl2_ch${CHASSIS} 199550ce9dSBiwen LiPBI_CSF_FILE := input_pbi_ch${CHASSIS} 209550ce9dSBiwen Li$(eval $(call add_define, CSF_HDR_CH3)) 219550ce9dSBiwen Lielse 2299cd54f3SPankaj Guptaifeq ($(CHASSIS), 3_2) 2399cd54f3SPankaj GuptaCSF_FILE := input_blx_ch3 2499cd54f3SPankaj GuptaBL2_CSF_FILE := input_bl2_ch${CHASSIS} 2599cd54f3SPankaj GuptaPBI_CSF_FILE := input_pbi_ch${CHASSIS} 2699cd54f3SPankaj Gupta$(eval $(call add_define, CSF_HDR_CH3)) 2799cd54f3SPankaj Guptaelse 2899cd54f3SPankaj Gupta $(error -> CHASSIS not set!) 2999cd54f3SPankaj Guptaendif 3099cd54f3SPankaj Guptaendif 319550ce9dSBiwen Liendif 3299cd54f3SPankaj Gupta 3399cd54f3SPankaj GuptaPLAT_AUTH_PATH := $(PLAT_DRIVERS_PATH)/auth 3499cd54f3SPankaj Gupta 3599cd54f3SPankaj Gupta 3699cd54f3SPankaj Guptaifeq (${BL2_INPUT_FILE},) 3799cd54f3SPankaj Gupta BL2_INPUT_FILE := $(PLAT_AUTH_PATH)/csf_hdr_parser/${BL2_CSF_FILE} 3899cd54f3SPankaj Guptaendif 3999cd54f3SPankaj Gupta 4099cd54f3SPankaj Guptaifeq (${PBI_INPUT_FILE},) 4199cd54f3SPankaj Gupta PBI_INPUT_FILE := $(PLAT_AUTH_PATH)/csf_hdr_parser/${PBI_CSF_FILE} 4299cd54f3SPankaj Guptaendif 4399cd54f3SPankaj Gupta 4499cd54f3SPankaj Gupta# If MBEDTLS_DIR is not specified, use CSF Header option 4599cd54f3SPankaj Guptaifeq (${MBEDTLS_DIR},) 4699cd54f3SPankaj Gupta # Generic image processing filters to prepend CSF header 4799cd54f3SPankaj Gupta ifeq (${BL33_INPUT_FILE},) 4899cd54f3SPankaj Gupta BL33_INPUT_FILE := $(PLAT_AUTH_PATH)/csf_hdr_parser/${CSF_FILE} 4999cd54f3SPankaj Gupta endif 5099cd54f3SPankaj Gupta 5199cd54f3SPankaj Gupta ifeq (${BL31_INPUT_FILE},) 5299cd54f3SPankaj Gupta BL31_INPUT_FILE := $(PLAT_AUTH_PATH)/csf_hdr_parser/${CSF_FILE} 5399cd54f3SPankaj Gupta endif 5499cd54f3SPankaj Gupta 5599cd54f3SPankaj Gupta ifeq (${BL32_INPUT_FILE},) 5699cd54f3SPankaj Gupta BL32_INPUT_FILE := $(PLAT_AUTH_PATH)/csf_hdr_parser/${CSF_FILE} 5799cd54f3SPankaj Gupta endif 5899cd54f3SPankaj Gupta 5999cd54f3SPankaj Gupta ifeq (${FUSE_INPUT_FILE},) 6099cd54f3SPankaj Gupta FUSE_INPUT_FILE := $(PLAT_AUTH_PATH)/csf_hdr_parser/${CSF_FILE} 6199cd54f3SPankaj Gupta endif 6299cd54f3SPankaj Gupta 6399cd54f3SPankaj Gupta PLAT_INCLUDES += -I$(PLAT_DRIVERS_PATH)/sfp 6499cd54f3SPankaj Gupta PLAT_TBBR_SOURCES += $(PLAT_AUTH_PATH)/csf_hdr_parser/cot.c \ 6599cd54f3SPankaj Gupta $(PLAT_COMMON_PATH)/tbbr/csf_tbbr.c 6699cd54f3SPankaj Gupta # IMG PARSER here is CSF header parser 6799cd54f3SPankaj Gupta include $(PLAT_DRIVERS_PATH)/auth/csf_hdr_parser/csf_hdr.mk 6899cd54f3SPankaj Gupta PLAT_TBBR_SOURCES += $(CSF_HDR_SOURCES) 6999cd54f3SPankaj Gupta 7099cd54f3SPankaj Gupta SCP_BL2_PRE_TOOL_FILTER := CST_SCP_BL2 7199cd54f3SPankaj Gupta BL31_PRE_TOOL_FILTER := CST_BL31 7299cd54f3SPankaj Gupta BL32_PRE_TOOL_FILTER := CST_BL32 7399cd54f3SPankaj Gupta BL33_PRE_TOOL_FILTER := CST_BL33 7499cd54f3SPankaj Guptaelse 7599cd54f3SPankaj Gupta 7699cd54f3SPankaj Gupta ifeq (${DISABLE_FUSE_WRITE}, 1) 7799cd54f3SPankaj Gupta $(eval $(call add_define,DISABLE_FUSE_WRITE)) 7899cd54f3SPankaj Gupta endif 7999cd54f3SPankaj Gupta 8099cd54f3SPankaj Gupta # For Mbedtls currently crypto is not supported via CAAM 8199cd54f3SPankaj Gupta # enable it when that support is there 8299cd54f3SPankaj Gupta CAAM_INTEG := 0 8399cd54f3SPankaj Gupta KEY_ALG := rsa 8499cd54f3SPankaj Gupta KEY_SIZE := 2048 8599cd54f3SPankaj Gupta 8699cd54f3SPankaj Gupta $(eval $(call add_define,MBEDTLS_X509)) 8799cd54f3SPankaj Gupta ifeq (${PLAT_DDR_PHY},PHY_GEN2) 8899cd54f3SPankaj Gupta $(eval $(call add_define,PLAT_DEF_OID)) 8999cd54f3SPankaj Gupta endif 9099cd54f3SPankaj Gupta include drivers/auth/mbedtls/mbedtls_x509.mk 9199cd54f3SPankaj Gupta 9299cd54f3SPankaj Gupta 9399cd54f3SPankaj Gupta PLAT_TBBR_SOURCES += $(PLAT_AUTH_PATH)/tbbr/tbbr_cot.c \ 9499cd54f3SPankaj Gupta $(PLAT_COMMON_PATH)/tbbr/nxp_rotpk.S \ 9599cd54f3SPankaj Gupta $(PLAT_COMMON_PATH)/tbbr/x509_tbbr.c 9699cd54f3SPankaj Gupta 9799cd54f3SPankaj Gupta #ROTPK key is embedded in BL2 image 9899cd54f3SPankaj Gupta ifeq (${ROT_KEY},) 9999cd54f3SPankaj Gupta ROT_KEY = $(BUILD_PLAT)/rot_key.pem 10099cd54f3SPankaj Gupta endif 10199cd54f3SPankaj Gupta 10299cd54f3SPankaj Gupta ifeq (${SAVE_KEYS},1) 10399cd54f3SPankaj Gupta 10499cd54f3SPankaj Gupta ifeq (${TRUSTED_WORLD_KEY},) 10599cd54f3SPankaj Gupta TRUSTED_WORLD_KEY = ${BUILD_PLAT}/trusted.pem 10699cd54f3SPankaj Gupta endif 10799cd54f3SPankaj Gupta 10899cd54f3SPankaj Gupta ifeq (${NON_TRUSTED_WORLD_KEY},) 10999cd54f3SPankaj Gupta NON_TRUSTED_WORLD_KEY = ${BUILD_PLAT}/non-trusted.pem 11099cd54f3SPankaj Gupta endif 11199cd54f3SPankaj Gupta 11299cd54f3SPankaj Gupta ifeq (${BL31_KEY},) 11399cd54f3SPankaj Gupta BL31_KEY = ${BUILD_PLAT}/soc.pem 11499cd54f3SPankaj Gupta endif 11599cd54f3SPankaj Gupta 11699cd54f3SPankaj Gupta ifeq (${BL32_KEY},) 11799cd54f3SPankaj Gupta BL32_KEY = ${BUILD_PLAT}/trusted_os.pem 11899cd54f3SPankaj Gupta endif 11999cd54f3SPankaj Gupta 12099cd54f3SPankaj Gupta ifeq (${BL33_KEY},) 12199cd54f3SPankaj Gupta BL33_KEY = ${BUILD_PLAT}/non-trusted_os.pem 12299cd54f3SPankaj Gupta endif 12399cd54f3SPankaj Gupta 12499cd54f3SPankaj Gupta endif 12599cd54f3SPankaj Gupta 12699cd54f3SPankaj Gupta ROTPK_HASH = $(BUILD_PLAT)/rotpk_sha256.bin 12799cd54f3SPankaj Gupta 12899cd54f3SPankaj Gupta $(eval $(call add_define_val,ROTPK_HASH,'"$(ROTPK_HASH)"')) 12999cd54f3SPankaj Gupta 13099cd54f3SPankaj Gupta $(BUILD_PLAT)/bl2/nxp_rotpk.o: $(ROTPK_HASH) 13199cd54f3SPankaj Gupta 13299cd54f3SPankaj Gupta certificates: $(ROT_KEY) 1337a95759fSChris Kay $(ROT_KEY): | $$(@D)/ 1347c4e1eeaSChris Kay $(s)echo " OPENSSL $@" 1357c4e1eeaSChris Kay $(q)if [ ! -f $(ROT_KEY) ]; then \ 136e95abc4cSSalome Thirot ${OPENSSL_BIN_PATH}/openssl genrsa 2048 > $@ 2>/dev/null; \ 13799cd54f3SPankaj Gupta fi 13899cd54f3SPankaj Gupta 1397a95759fSChris Kay $(ROTPK_HASH): $(ROT_KEY) | $$(@D)/ 1407c4e1eeaSChris Kay $(s)echo " OPENSSL $@" 1417c4e1eeaSChris Kay $(q)${OPENSSL_BIN_PATH}/openssl rsa -in $< -pubout -outform DER 2>/dev/null |\ 142e95abc4cSSalome Thirot ${OPENSSL_BIN_PATH}/openssl dgst -sha256 -binary > $@ 2>/dev/null 14399cd54f3SPankaj Gupta 14499cd54f3SPankaj Guptaendif #MBEDTLS_DIR 14599cd54f3SPankaj Gupta 14699cd54f3SPankaj GuptaPLAT_INCLUDES += -Iinclude/common/tbbr 14799cd54f3SPankaj Gupta 14899cd54f3SPankaj Gupta# Generic files for authentication framework 149*142ee34eSLauren WehrmeisterAUTH_MK := drivers/auth/auth.mk 150*142ee34eSLauren Wehrmeister$(info Including ${AUTH_MK}) 151*142ee34eSLauren Wehrmeisterinclude ${AUTH_MK} 152*142ee34eSLauren Wehrmeister 153*142ee34eSLauren WehrmeisterTBBR_SOURCES += ${AUTH_SOURCES} \ 15499cd54f3SPankaj Gupta plat/common/tbbr/plat_tbbr.c \ 15599cd54f3SPankaj Gupta ${PLAT_TBBR_SOURCES} 15699cd54f3SPankaj Gupta 15799cd54f3SPankaj Gupta# If CAAM_INTEG is not defined (would be scenario with MBED TLS) 15899cd54f3SPankaj Gupta# include mbedtls_crypto 15999cd54f3SPankaj Guptaifeq (${CAAM_INTEG},0) 16099cd54f3SPankaj Gupta include drivers/auth/mbedtls/mbedtls_crypto.mk 16199cd54f3SPankaj Guptaelse 16299cd54f3SPankaj Gupta include $(PLAT_DRIVERS_PATH)/crypto/caam/src/auth/auth.mk 16399cd54f3SPankaj Gupta TBBR_SOURCES += ${AUTH_SOURCES} 16499cd54f3SPankaj Guptaendif 165