1*99cd54f3SPankaj Gupta# 2*99cd54f3SPankaj Gupta# Copyright 2020 NXP 3*99cd54f3SPankaj Gupta# 4*99cd54f3SPankaj Gupta# SPDX-License-Identifier: BSD-3-Clause 5*99cd54f3SPankaj Gupta# 6*99cd54f3SPankaj Gupta 7*99cd54f3SPankaj Gupta# For TRUSTED_BOARD_BOOT platforms need to include this makefile 8*99cd54f3SPankaj Gupta# Following definations are to be provided by platform.mk file or 9*99cd54f3SPankaj Gupta# by user - BL33_INPUT_FILE, BL32_INPUT_FILE, BL31_INPUT_FILE 10*99cd54f3SPankaj Gupta 11*99cd54f3SPankaj Guptaifeq ($(CHASSIS), 2) 12*99cd54f3SPankaj Guptainclude $(PLAT_DRIVERS_PATH)/csu/csu.mk 13*99cd54f3SPankaj GuptaCSF_FILE := input_blx_ch${CHASSIS} 14*99cd54f3SPankaj GuptaBL2_CSF_FILE := input_bl2_ch${CHASSIS} 15*99cd54f3SPankaj Guptaelse 16*99cd54f3SPankaj Guptaifeq ($(CHASSIS), 3_2) 17*99cd54f3SPankaj GuptaCSF_FILE := input_blx_ch3 18*99cd54f3SPankaj GuptaBL2_CSF_FILE := input_bl2_ch${CHASSIS} 19*99cd54f3SPankaj GuptaPBI_CSF_FILE := input_pbi_ch${CHASSIS} 20*99cd54f3SPankaj Gupta$(eval $(call add_define, CSF_HDR_CH3)) 21*99cd54f3SPankaj Guptaelse 22*99cd54f3SPankaj Gupta $(error -> CHASSIS not set!) 23*99cd54f3SPankaj Guptaendif 24*99cd54f3SPankaj Guptaendif 25*99cd54f3SPankaj Gupta 26*99cd54f3SPankaj GuptaPLAT_AUTH_PATH := $(PLAT_DRIVERS_PATH)/auth 27*99cd54f3SPankaj Gupta 28*99cd54f3SPankaj Gupta 29*99cd54f3SPankaj Guptaifeq (${BL2_INPUT_FILE},) 30*99cd54f3SPankaj Gupta BL2_INPUT_FILE := $(PLAT_AUTH_PATH)/csf_hdr_parser/${BL2_CSF_FILE} 31*99cd54f3SPankaj Guptaendif 32*99cd54f3SPankaj Gupta 33*99cd54f3SPankaj Guptaifeq (${PBI_INPUT_FILE},) 34*99cd54f3SPankaj Gupta PBI_INPUT_FILE := $(PLAT_AUTH_PATH)/csf_hdr_parser/${PBI_CSF_FILE} 35*99cd54f3SPankaj Guptaendif 36*99cd54f3SPankaj Gupta 37*99cd54f3SPankaj Gupta# If MBEDTLS_DIR is not specified, use CSF Header option 38*99cd54f3SPankaj Guptaifeq (${MBEDTLS_DIR},) 39*99cd54f3SPankaj Gupta # Generic image processing filters to prepend CSF header 40*99cd54f3SPankaj Gupta ifeq (${BL33_INPUT_FILE},) 41*99cd54f3SPankaj Gupta BL33_INPUT_FILE := $(PLAT_AUTH_PATH)/csf_hdr_parser/${CSF_FILE} 42*99cd54f3SPankaj Gupta endif 43*99cd54f3SPankaj Gupta 44*99cd54f3SPankaj Gupta ifeq (${BL31_INPUT_FILE},) 45*99cd54f3SPankaj Gupta BL31_INPUT_FILE := $(PLAT_AUTH_PATH)/csf_hdr_parser/${CSF_FILE} 46*99cd54f3SPankaj Gupta endif 47*99cd54f3SPankaj Gupta 48*99cd54f3SPankaj Gupta ifeq (${BL32_INPUT_FILE},) 49*99cd54f3SPankaj Gupta BL32_INPUT_FILE := $(PLAT_AUTH_PATH)/csf_hdr_parser/${CSF_FILE} 50*99cd54f3SPankaj Gupta endif 51*99cd54f3SPankaj Gupta 52*99cd54f3SPankaj Gupta ifeq (${FUSE_INPUT_FILE},) 53*99cd54f3SPankaj Gupta FUSE_INPUT_FILE := $(PLAT_AUTH_PATH)/csf_hdr_parser/${CSF_FILE} 54*99cd54f3SPankaj Gupta endif 55*99cd54f3SPankaj Gupta 56*99cd54f3SPankaj Gupta PLAT_INCLUDES += -I$(PLAT_DRIVERS_PATH)/sfp 57*99cd54f3SPankaj Gupta PLAT_TBBR_SOURCES += $(PLAT_AUTH_PATH)/csf_hdr_parser/cot.c \ 58*99cd54f3SPankaj Gupta $(PLAT_COMMON_PATH)/tbbr/csf_tbbr.c 59*99cd54f3SPankaj Gupta # IMG PARSER here is CSF header parser 60*99cd54f3SPankaj Gupta include $(PLAT_DRIVERS_PATH)/auth/csf_hdr_parser/csf_hdr.mk 61*99cd54f3SPankaj Gupta PLAT_TBBR_SOURCES += $(CSF_HDR_SOURCES) 62*99cd54f3SPankaj Gupta 63*99cd54f3SPankaj Gupta SCP_BL2_PRE_TOOL_FILTER := CST_SCP_BL2 64*99cd54f3SPankaj Gupta BL31_PRE_TOOL_FILTER := CST_BL31 65*99cd54f3SPankaj Gupta BL32_PRE_TOOL_FILTER := CST_BL32 66*99cd54f3SPankaj Gupta BL33_PRE_TOOL_FILTER := CST_BL33 67*99cd54f3SPankaj Guptaelse 68*99cd54f3SPankaj Gupta 69*99cd54f3SPankaj Gupta ifeq (${DISABLE_FUSE_WRITE}, 1) 70*99cd54f3SPankaj Gupta $(eval $(call add_define,DISABLE_FUSE_WRITE)) 71*99cd54f3SPankaj Gupta endif 72*99cd54f3SPankaj Gupta 73*99cd54f3SPankaj Gupta # For Mbedtls currently crypto is not supported via CAAM 74*99cd54f3SPankaj Gupta # enable it when that support is there 75*99cd54f3SPankaj Gupta CAAM_INTEG := 0 76*99cd54f3SPankaj Gupta KEY_ALG := rsa 77*99cd54f3SPankaj Gupta KEY_SIZE := 2048 78*99cd54f3SPankaj Gupta 79*99cd54f3SPankaj Gupta $(eval $(call add_define,MBEDTLS_X509)) 80*99cd54f3SPankaj Gupta ifeq (${PLAT_DDR_PHY},PHY_GEN2) 81*99cd54f3SPankaj Gupta $(eval $(call add_define,PLAT_DEF_OID)) 82*99cd54f3SPankaj Gupta endif 83*99cd54f3SPankaj Gupta include drivers/auth/mbedtls/mbedtls_x509.mk 84*99cd54f3SPankaj Gupta 85*99cd54f3SPankaj Gupta 86*99cd54f3SPankaj Gupta PLAT_TBBR_SOURCES += $(PLAT_AUTH_PATH)/tbbr/tbbr_cot.c \ 87*99cd54f3SPankaj Gupta $(PLAT_COMMON_PATH)/tbbr/nxp_rotpk.S \ 88*99cd54f3SPankaj Gupta $(PLAT_COMMON_PATH)/tbbr/x509_tbbr.c 89*99cd54f3SPankaj Gupta 90*99cd54f3SPankaj Gupta #ROTPK key is embedded in BL2 image 91*99cd54f3SPankaj Gupta ifeq (${ROT_KEY},) 92*99cd54f3SPankaj Gupta ROT_KEY = $(BUILD_PLAT)/rot_key.pem 93*99cd54f3SPankaj Gupta endif 94*99cd54f3SPankaj Gupta 95*99cd54f3SPankaj Gupta ifeq (${SAVE_KEYS},1) 96*99cd54f3SPankaj Gupta 97*99cd54f3SPankaj Gupta ifeq (${TRUSTED_WORLD_KEY},) 98*99cd54f3SPankaj Gupta TRUSTED_WORLD_KEY = ${BUILD_PLAT}/trusted.pem 99*99cd54f3SPankaj Gupta endif 100*99cd54f3SPankaj Gupta 101*99cd54f3SPankaj Gupta ifeq (${NON_TRUSTED_WORLD_KEY},) 102*99cd54f3SPankaj Gupta NON_TRUSTED_WORLD_KEY = ${BUILD_PLAT}/non-trusted.pem 103*99cd54f3SPankaj Gupta endif 104*99cd54f3SPankaj Gupta 105*99cd54f3SPankaj Gupta ifeq (${BL31_KEY},) 106*99cd54f3SPankaj Gupta BL31_KEY = ${BUILD_PLAT}/soc.pem 107*99cd54f3SPankaj Gupta endif 108*99cd54f3SPankaj Gupta 109*99cd54f3SPankaj Gupta ifeq (${BL32_KEY},) 110*99cd54f3SPankaj Gupta BL32_KEY = ${BUILD_PLAT}/trusted_os.pem 111*99cd54f3SPankaj Gupta endif 112*99cd54f3SPankaj Gupta 113*99cd54f3SPankaj Gupta ifeq (${BL33_KEY},) 114*99cd54f3SPankaj Gupta BL33_KEY = ${BUILD_PLAT}/non-trusted_os.pem 115*99cd54f3SPankaj Gupta endif 116*99cd54f3SPankaj Gupta 117*99cd54f3SPankaj Gupta endif 118*99cd54f3SPankaj Gupta 119*99cd54f3SPankaj Gupta ROTPK_HASH = $(BUILD_PLAT)/rotpk_sha256.bin 120*99cd54f3SPankaj Gupta 121*99cd54f3SPankaj Gupta $(eval $(call add_define_val,ROTPK_HASH,'"$(ROTPK_HASH)"')) 122*99cd54f3SPankaj Gupta 123*99cd54f3SPankaj Gupta $(BUILD_PLAT)/bl2/nxp_rotpk.o: $(ROTPK_HASH) 124*99cd54f3SPankaj Gupta 125*99cd54f3SPankaj Gupta certificates: $(ROT_KEY) 126*99cd54f3SPankaj Gupta $(ROT_KEY): | $(BUILD_PLAT) 127*99cd54f3SPankaj Gupta @echo " OPENSSL $@" 128*99cd54f3SPankaj Gupta @if [ ! -f $(ROT_KEY) ]; then \ 129*99cd54f3SPankaj Gupta openssl genrsa 2048 > $@ 2>/dev/null; \ 130*99cd54f3SPankaj Gupta fi 131*99cd54f3SPankaj Gupta 132*99cd54f3SPankaj Gupta $(ROTPK_HASH): $(ROT_KEY) 133*99cd54f3SPankaj Gupta @echo " OPENSSL $@" 134*99cd54f3SPankaj Gupta $(Q)openssl rsa -in $< -pubout -outform DER 2>/dev/null |\ 135*99cd54f3SPankaj Gupta openssl dgst -sha256 -binary > $@ 2>/dev/null 136*99cd54f3SPankaj Gupta 137*99cd54f3SPankaj Guptaendif #MBEDTLS_DIR 138*99cd54f3SPankaj Gupta 139*99cd54f3SPankaj GuptaPLAT_INCLUDES += -Iinclude/common/tbbr 140*99cd54f3SPankaj Gupta 141*99cd54f3SPankaj Gupta# Generic files for authentication framework 142*99cd54f3SPankaj GuptaTBBR_SOURCES += drivers/auth/auth_mod.c \ 143*99cd54f3SPankaj Gupta drivers/auth/crypto_mod.c \ 144*99cd54f3SPankaj Gupta drivers/auth/img_parser_mod.c \ 145*99cd54f3SPankaj Gupta plat/common/tbbr/plat_tbbr.c \ 146*99cd54f3SPankaj Gupta ${PLAT_TBBR_SOURCES} 147*99cd54f3SPankaj Gupta 148*99cd54f3SPankaj Gupta# If CAAM_INTEG is not defined (would be scenario with MBED TLS) 149*99cd54f3SPankaj Gupta# include mbedtls_crypto 150*99cd54f3SPankaj Guptaifeq (${CAAM_INTEG},0) 151*99cd54f3SPankaj Gupta include drivers/auth/mbedtls/mbedtls_crypto.mk 152*99cd54f3SPankaj Guptaelse 153*99cd54f3SPankaj Gupta include $(PLAT_DRIVERS_PATH)/crypto/caam/src/auth/auth.mk 154*99cd54f3SPankaj Gupta TBBR_SOURCES += ${AUTH_SOURCES} 155*99cd54f3SPankaj Guptaendif 156