1# 2# Copyright (c) 2013-2025, Arm Limited and Contributors. All rights reserved. 3# 4# SPDX-License-Identifier: BSD-3-Clause 5# 6 7PLAT_QEMU_PATH := plat/qemu/qemu 8PLAT_QEMU_COMMON_PATH := plat/qemu/common 9 10SEPARATE_CODE_AND_RODATA := 1 11ENABLE_STACK_PROTECTOR := 0 12 13include plat/qemu/common/common.mk 14 15# Use the GICv2 driver on QEMU by default 16QEMU_USE_GIC_DRIVER := QEMU_GICV2 17 18ifeq (${ARM_ARCH_MAJOR},7) 19# ARMv7 Qemu support in trusted firmware expects the Cortex-A15 model. 20# Qemu Cortex-A15 model does not implement the virtualization extension. 21# For this reason, we cannot set ARM_CORTEX_A15=yes and must define all 22# the ARMv7 build directives. 23MARCH_DIRECTIVE := -mcpu=cortex-a15 24$(eval $(call add_define,ARMV7_SUPPORTS_LARGE_PAGE_ADDRESSING)) 25$(eval $(call add_define,ARMV7_SUPPORTS_GENERIC_TIMER)) 26$(eval $(call add_define,ARMV7_SUPPORTS_VFP)) 27# Qemu expects a BL32 boot stage. 28NEED_BL32 := yes 29endif # ARMv7 30 31ifeq (${SPD},opteed) 32add-lib-optee := yes 33endif 34ifeq ($(AARCH32_SP),optee) 35add-lib-optee := yes 36endif 37ifeq ($(SPMC_OPTEE),1) 38$(eval $(call add_define,SPMC_OPTEE)) 39add-lib-optee := yes 40endif 41 42ifeq ($(NEED_BL32),yes) 43$(eval $(call add_define,QEMU_LOAD_BL32)) 44endif 45 46ifneq (${TRUSTED_BOARD_BOOT},0) 47 48 AUTH_MK := drivers/auth/auth.mk 49 $(info Including ${AUTH_MK}) 50 include ${AUTH_MK} 51 52 AUTH_SOURCES += drivers/auth/tbbr/tbbr_cot_common.c 53 54 BL1_SOURCES += ${AUTH_SOURCES} \ 55 bl1/tbbr/tbbr_img_desc.c \ 56 plat/common/tbbr/plat_tbbr.c \ 57 ${PLAT_QEMU_COMMON_PATH}/qemu_trusted_boot.c \ 58 $(PLAT_QEMU_COMMON_PATH)/qemu_rotpk.S \ 59 drivers/auth/tbbr/tbbr_cot_bl1.c 60 61 BL2_SOURCES += ${AUTH_SOURCES} \ 62 plat/common/tbbr/plat_tbbr.c \ 63 ${PLAT_QEMU_COMMON_PATH}/qemu_trusted_boot.c \ 64 $(PLAT_QEMU_COMMON_PATH)/qemu_rotpk.S \ 65 drivers/auth/tbbr/tbbr_cot_bl2.c 66 67 include drivers/auth/mbedtls/mbedtls_x509.mk 68 69 ROT_KEY = $(BUILD_PLAT)/rot_key.pem 70 ROTPK_HASH = $(BUILD_PLAT)/rotpk_sha256.bin 71 72 $(eval $(call add_define_val,ROTPK_HASH,'"$(ROTPK_HASH)"')) 73 74 $(BUILD_PLAT)/bl1/qemu_rotpk.o: $(ROTPK_HASH) 75 $(BUILD_PLAT)/bl2/qemu_rotpk.o: $(ROTPK_HASH) 76 77 certificates: $(ROT_KEY) 78 79 $(ROT_KEY): | $$(@D)/ 80 $(s)echo " OPENSSL $@" 81 $(q)${OPENSSL_BIN_PATH}/openssl genrsa 2048 > $@ 2>/dev/null 82 83 $(ROTPK_HASH): $(ROT_KEY) | $$(@D)/ 84 $(s)echo " OPENSSL $@" 85 $(q)${OPENSSL_BIN_PATH}/openssl rsa -in $< -pubout -outform DER 2>/dev/null |\ 86 ${OPENSSL_BIN_PATH}/openssl dgst -sha256 -binary > $@ 2>/dev/null 87endif 88 89# Include Measured Boot makefile before any Crypto library makefile. 90# Crypto library makefile may need default definitions of Measured Boot build 91# flags present in Measured Boot makefile. 92ifeq (${MEASURED_BOOT},1) 93 MEASURED_BOOT_MK := drivers/measured_boot/event_log/event_log.mk 94 $(info Including ${MEASURED_BOOT_MK}) 95 include ${MEASURED_BOOT_MK} 96 97 BL2_SOURCES += plat/qemu/qemu/qemu_measured_boot.c \ 98 plat/qemu/qemu/qemu_helpers.c \ 99 common/measured_boot_helpers.c 100 101 BL2_LIBS += $(LIBEVLOG_LIBS) 102 BL2_INCLUDE_DIRS += $(LIBEVLOG_INCLUDE_DIRS) 103 104 BL1_LIBS += $(LIBEVLOG_LIBS) 105 BL1_INCLUDE_DIRS += $(LIBEVLOG_INCLUDE_DIRS) 106 107 BL1_SOURCES += plat/qemu/qemu/qemu_bl1_measured_boot.c \ 108 common/measured_boot_helpers.c 109 110endif 111 112ifeq (${MEASURED_BOOT},1) 113ifeq (${TRUSTED_BOARD_BOOT},0) 114 CRYPTO_SOURCES := drivers/auth/crypto_mod.c 115 116 BL1_SOURCES += ${CRYPTO_SOURCES} 117 BL2_SOURCES += ${CRYPTO_SOURCES} 118endif 119endif 120 121ifneq ($(filter 1,${MEASURED_BOOT} ${TRUSTED_BOARD_BOOT}),) 122 # We expect to locate the *.mk files under the directories specified below 123 # 124 include drivers/auth/mbedtls/mbedtls_crypto.mk 125endif 126 127BL2_SOURCES += common/uuid.c 128 129ifeq ($(add-lib-optee),yes) 130BL2_SOURCES += lib/optee/optee_utils.c 131endif 132 133ifneq (${DECRYPTION_SUPPORT},none) 134BL1_SOURCES += drivers/io/io_encrypted.c 135BL2_SOURCES += drivers/io/io_encrypted.c 136endif 137 138# Include GICv2 driver files 139include drivers/arm/gic/v2/gicv2.mk 140QEMU_GICV2_SOURCES := ${GICV2_SOURCES} \ 141 plat/common/plat_gicv2.c \ 142 ${PLAT_QEMU_COMMON_PATH}/qemu_gicv2.c 143 144# Include GICv3 driver files 145include drivers/arm/gic/v3/gicv3.mk 146 147QEMU_GICV3_SOURCES := ${GICV3_SOURCES} \ 148 plat/common/plat_gicv3.c \ 149 ${PLAT_QEMU_COMMON_PATH}/qemu_gicv3.c 150 151ifeq (${QEMU_USE_GIC_DRIVER}, QEMU_GICV2) 152QEMU_GIC_SOURCES := ${QEMU_GICV2_SOURCES} 153else ifeq (${QEMU_USE_GIC_DRIVER}, QEMU_GICV3) 154QEMU_GIC_SOURCES := ${QEMU_GICV3_SOURCES} 155else 156$(error "Incorrect GIC driver chosen for QEMU platform") 157endif 158 159ifeq (${ARCH},aarch64) 160BL31_SOURCES += drivers/arm/pl061/pl061_gpio.c \ 161 drivers/gpio/gpio.c \ 162 ${PLAT_QEMU_COMMON_PATH}/qemu_pm.c \ 163 ${PLAT_QEMU_COMMON_PATH}/topology.c 164 165ifeq (${SDEI_SUPPORT}, 1) 166BL31_SOURCES += plat/qemu/common/qemu_sdei.c 167endif 168 169ifeq (${SPD},spmd) 170BL31_SOURCES += plat/common/plat_spmd_manifest.c \ 171 common/uuid.c \ 172 ${LIBFDT_SRCS} \ 173 ${FDT_WRAPPERS_SOURCES} 174endif 175endif 176 177# Add the build options to pack Trusted OS Extra1 and Trusted OS Extra2 images 178# in the FIP if the platform requires. 179ifneq ($(BL32_EXTRA1),) 180ifneq (${DECRYPTION_SUPPORT},none) 181$(eval $(call TOOL_ADD_IMG,bl32_extra1,--tos-fw-extra1,,$(ENCRYPT_BL32))) 182else 183$(eval $(call TOOL_ADD_IMG,bl32_extra1,--tos-fw-extra1)) 184endif 185endif 186ifneq ($(BL32_EXTRA2),) 187ifneq (${DECRYPTION_SUPPORT},none) 188$(eval $(call TOOL_ADD_IMG,bl32_extra2,--tos-fw-extra2,,$(ENCRYPT_BL32))) 189else 190$(eval $(call TOOL_ADD_IMG,bl32_extra2,--tos-fw-extra2)) 191endif 192endif 193 194ifneq ($(QEMU_TB_FW_CONFIG_DTS),) 195FDT_SOURCES += ${QEMU_TB_FW_CONFIG_DTS} 196QEMU_TB_FW_CONFIG := ${BUILD_PLAT}/fdts/$(notdir $(basename ${QEMU_TB_FW_CONFIG_DTS})).dtb 197# Add the TB_FW_CONFIG to FIP 198$(eval $(call TOOL_ADD_PAYLOAD,${QEMU_TB_FW_CONFIG},--tb-fw-config,${QEMU_TB_FW_CONFIG})) 199endif 200 201ifneq ($(QEMU_TOS_FW_CONFIG_DTS),) 202FDT_SOURCES += ${QEMU_TOS_FW_CONFIG_DTS} 203QEMU_TOS_FW_CONFIG := ${BUILD_PLAT}/fdts/$(notdir $(basename ${QEMU_TOS_FW_CONFIG_DTS})).dtb 204# Add the TOS_FW_CONFIG to FIP 205$(eval $(call TOOL_ADD_PAYLOAD,${QEMU_TOS_FW_CONFIG},--tos-fw-config,${QEMU_TOS_FW_CONFIG})) 206endif 207 208BL32_RAM_LOCATION := tdram 209ifeq (${BL32_RAM_LOCATION}, tsram) 210 BL32_RAM_LOCATION_ID = SEC_SRAM_ID 211 ifeq (${ENABLE_RME},1) 212 # Avoid overlap between BL2 and BL32 to ease GPT partition 213 $(error "With RME, BL32 must use secure DRAM") 214 endif 215else ifeq (${BL32_RAM_LOCATION}, tdram) 216 BL32_RAM_LOCATION_ID = SEC_DRAM_ID 217else 218 $(error "Unsupported BL32_RAM_LOCATION value") 219endif 220 221# Process flags 222$(eval $(call add_define,BL32_RAM_LOCATION_ID)) 223 224# Don't have the Linux kernel as a BL33 image by default 225ARM_LINUX_KERNEL_AS_BL33 := 0 226$(eval $(call assert_boolean,ARM_LINUX_KERNEL_AS_BL33)) 227$(eval $(call add_define,ARM_LINUX_KERNEL_AS_BL33)) 228 229ARM_PRELOADED_DTB_BASE := PLAT_QEMU_DT_BASE 230$(eval $(call add_define,ARM_PRELOADED_DTB_BASE)) 231 232qemu_fw.bios: bl1 fip 233 $(s)echo " DD $@" 234 $(q)cp ${BUILD_PLAT}/bl1.bin ${BUILD_PLAT}/$@ 235 $(q)dd if=${BUILD_PLAT}/fip.bin of=${BUILD_PLAT}/$@ bs=64k seek=4 status=none 236 237qemu_fw.rom: qemu_fw.bios 238 $(s)echo " DD $@" 239 $(q)cp ${BUILD_PLAT}/$^ ${BUILD_PLAT}/$@ 240 $(q)dd if=/dev/zero of=${BUILD_PLAT}/$@ bs=1M seek=64 count=0 status=none 241 242ifneq (${BL33},) 243all: qemu_fw.bios qemu_fw.rom 244endif 245 246ifeq (${EL3_EXCEPTION_HANDLING},1) 247BL31_SOURCES += plat/common/aarch64/plat_ehf.c 248endif 249