1# 2# Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved. 3# 4# SPDX-License-Identifier: BSD-3-Clause 5# 6 7PLAT_QEMU_PATH := plat/qemu/qemu 8PLAT_QEMU_COMMON_PATH := plat/qemu/common 9 10include plat/qemu/common/common.mk 11 12# Use the GICv2 driver on QEMU by default 13QEMU_USE_GIC_DRIVER := QEMU_GICV2 14 15ifeq (${ARM_ARCH_MAJOR},7) 16# ARMv7 Qemu support in trusted firmware expects the Cortex-A15 model. 17# Qemu Cortex-A15 model does not implement the virtualization extension. 18# For this reason, we cannot set ARM_CORTEX_A15=yes and must define all 19# the ARMv7 build directives. 20MARCH_DIRECTIVE := -mcpu=cortex-a15 21$(eval $(call add_define,ARMV7_SUPPORTS_LARGE_PAGE_ADDRESSING)) 22$(eval $(call add_define,ARMV7_SUPPORTS_GENERIC_TIMER)) 23$(eval $(call add_define,ARMV7_SUPPORTS_VFP)) 24# Qemu expects a BL32 boot stage. 25NEED_BL32 := yes 26else 27CTX_INCLUDE_AARCH32_REGS := 0 28ifeq (${CTX_INCLUDE_AARCH32_REGS}, 1) 29$(error "This is an AArch64-only port; CTX_INCLUDE_AARCH32_REGS must be disabled") 30endif 31 32# Treating this as a memory-constrained port for now 33USE_COHERENT_MEM := 0 34 35# This can be overridden depending on CPU(s) used in the QEMU image 36HW_ASSISTED_COHERENCY := 1 37endif # ARMv7 38 39ifeq (${SPD},opteed) 40add-lib-optee := yes 41endif 42ifeq ($(AARCH32_SP),optee) 43add-lib-optee := yes 44endif 45ifeq ($(SPMC_OPTEE),1) 46$(eval $(call add_define,SPMC_OPTEE)) 47add-lib-optee := yes 48endif 49 50ifeq ($(NEED_BL32),yes) 51$(eval $(call add_define,QEMU_LOAD_BL32)) 52endif 53 54ifneq (${TRUSTED_BOARD_BOOT},0) 55 56 AUTH_SOURCES := drivers/auth/auth_mod.c \ 57 drivers/auth/img_parser_mod.c \ 58 drivers/auth/tbbr/tbbr_cot_common.c 59 60 BL1_SOURCES += ${AUTH_SOURCES} \ 61 bl1/tbbr/tbbr_img_desc.c \ 62 plat/common/tbbr/plat_tbbr.c \ 63 ${PLAT_QEMU_COMMON_PATH}/qemu_trusted_boot.c \ 64 $(PLAT_QEMU_COMMON_PATH)/qemu_rotpk.S \ 65 drivers/auth/tbbr/tbbr_cot_bl1.c 66 67 BL2_SOURCES += ${AUTH_SOURCES} \ 68 plat/common/tbbr/plat_tbbr.c \ 69 ${PLAT_QEMU_COMMON_PATH}/qemu_trusted_boot.c \ 70 $(PLAT_QEMU_COMMON_PATH)/qemu_rotpk.S \ 71 drivers/auth/tbbr/tbbr_cot_bl2.c 72 73 include drivers/auth/mbedtls/mbedtls_x509.mk 74 75 ROT_KEY = $(BUILD_PLAT)/rot_key.pem 76 ROTPK_HASH = $(BUILD_PLAT)/rotpk_sha256.bin 77 78 $(eval $(call add_define_val,ROTPK_HASH,'"$(ROTPK_HASH)"')) 79 80 $(BUILD_PLAT)/bl1/qemu_rotpk.o: $(ROTPK_HASH) 81 $(BUILD_PLAT)/bl2/qemu_rotpk.o: $(ROTPK_HASH) 82 83 certificates: $(ROT_KEY) 84 85 $(ROT_KEY): | $(BUILD_PLAT) 86 @echo " OPENSSL $@" 87 $(Q)${OPENSSL_BIN_PATH}/openssl genrsa 2048 > $@ 2>/dev/null 88 89 $(ROTPK_HASH): $(ROT_KEY) 90 @echo " OPENSSL $@" 91 $(Q)${OPENSSL_BIN_PATH}/openssl rsa -in $< -pubout -outform DER 2>/dev/null |\ 92 ${OPENSSL_BIN_PATH}/openssl dgst -sha256 -binary > $@ 2>/dev/null 93endif 94 95# Include Measured Boot makefile before any Crypto library makefile. 96# Crypto library makefile may need default definitions of Measured Boot build 97# flags present in Measured Boot makefile. 98ifeq (${MEASURED_BOOT},1) 99 MEASURED_BOOT_MK := drivers/measured_boot/event_log/event_log.mk 100 $(info Including ${MEASURED_BOOT_MK}) 101 include ${MEASURED_BOOT_MK} 102 103 ifneq (${MBOOT_EL_HASH_ALG}, sha256) 104 $(eval $(call add_define,TF_MBEDTLS_MBOOT_USE_SHA512)) 105 endif 106 107 BL2_SOURCES += plat/qemu/qemu/qemu_measured_boot.c \ 108 plat/qemu/qemu/qemu_helpers.c \ 109 ${EVENT_LOG_SOURCES} 110 111 BL1_SOURCES += plat/qemu/qemu/qemu_bl1_measured_boot.c 112 113endif 114 115ifneq ($(filter 1,${MEASURED_BOOT} ${TRUSTED_BOARD_BOOT}),) 116 CRYPTO_SOURCES := drivers/auth/crypto_mod.c 117 118 BL1_SOURCES += ${CRYPTO_SOURCES} 119 BL2_SOURCES += ${CRYPTO_SOURCES} 120 121 # We expect to locate the *.mk files under the directories specified below 122 # 123 include drivers/auth/mbedtls/mbedtls_crypto.mk 124endif 125 126BL2_SOURCES += ${FDT_WRAPPERS_SOURCES} \ 127 common/uuid.c 128 129ifeq ($(add-lib-optee),yes) 130BL2_SOURCES += lib/optee/optee_utils.c 131endif 132 133ifneq (${DECRYPTION_SUPPORT},none) 134BL1_SOURCES += drivers/io/io_encrypted.c 135BL2_SOURCES += drivers/io/io_encrypted.c 136endif 137 138# Include GICv2 driver files 139include drivers/arm/gic/v2/gicv2.mk 140QEMU_GICV2_SOURCES := ${GICV2_SOURCES} \ 141 plat/common/plat_gicv2.c \ 142 ${PLAT_QEMU_COMMON_PATH}/qemu_gicv2.c 143 144# Include GICv3 driver files 145include drivers/arm/gic/v3/gicv3.mk 146 147QEMU_GICV3_SOURCES := ${GICV3_SOURCES} \ 148 plat/common/plat_gicv3.c \ 149 ${PLAT_QEMU_COMMON_PATH}/qemu_gicv3.c 150 151ifeq (${QEMU_USE_GIC_DRIVER}, QEMU_GICV2) 152QEMU_GIC_SOURCES := ${QEMU_GICV2_SOURCES} 153else ifeq (${QEMU_USE_GIC_DRIVER}, QEMU_GICV3) 154QEMU_GIC_SOURCES := ${QEMU_GICV3_SOURCES} 155else 156$(error "Incorrect GIC driver chosen for QEMU platform") 157endif 158 159ifeq (${ARCH},aarch64) 160BL31_SOURCES += drivers/arm/pl061/pl061_gpio.c \ 161 drivers/gpio/gpio.c \ 162 ${PLAT_QEMU_COMMON_PATH}/qemu_pm.c \ 163 ${PLAT_QEMU_COMMON_PATH}/topology.c 164 165ifeq (${SDEI_SUPPORT}, 1) 166BL31_SOURCES += plat/qemu/common/qemu_sdei.c 167endif 168 169# Pointer Authentication sources 170ifeq (${ENABLE_PAUTH}, 1) 171PLAT_BL_COMMON_SOURCES += plat/arm/common/aarch64/arm_pauth.c \ 172 lib/extensions/pauth/pauth_helpers.S 173endif 174 175ifeq (${SPD},spmd) 176BL31_SOURCES += plat/common/plat_spmd_manifest.c \ 177 common/uuid.c \ 178 ${LIBFDT_SRCS} \ 179 ${FDT_WRAPPERS_SOURCES} 180endif 181endif 182 183# Add the build options to pack Trusted OS Extra1 and Trusted OS Extra2 images 184# in the FIP if the platform requires. 185ifneq ($(BL32_EXTRA1),) 186ifneq (${DECRYPTION_SUPPORT},none) 187$(eval $(call TOOL_ADD_IMG,bl32_extra1,--tos-fw-extra1,,$(ENCRYPT_BL32))) 188else 189$(eval $(call TOOL_ADD_IMG,bl32_extra1,--tos-fw-extra1)) 190endif 191endif 192ifneq ($(BL32_EXTRA2),) 193ifneq (${DECRYPTION_SUPPORT},none) 194$(eval $(call TOOL_ADD_IMG,bl32_extra2,--tos-fw-extra2,,$(ENCRYPT_BL32))) 195else 196$(eval $(call TOOL_ADD_IMG,bl32_extra2,--tos-fw-extra2)) 197endif 198endif 199 200ifneq ($(QEMU_TB_FW_CONFIG_DTS),) 201FDT_SOURCES += ${QEMU_TB_FW_CONFIG_DTS} 202QEMU_TB_FW_CONFIG := ${BUILD_PLAT}/fdts/$(notdir $(basename ${QEMU_TB_FW_CONFIG_DTS})).dtb 203# Add the TB_FW_CONFIG to FIP 204$(eval $(call TOOL_ADD_PAYLOAD,${QEMU_TB_FW_CONFIG},--tb-fw-config,${QEMU_TB_FW_CONFIG})) 205endif 206 207ifneq ($(QEMU_TOS_FW_CONFIG_DTS),) 208FDT_SOURCES += ${QEMU_TOS_FW_CONFIG_DTS} 209QEMU_TOS_FW_CONFIG := ${BUILD_PLAT}/fdts/$(notdir $(basename ${QEMU_TOS_FW_CONFIG_DTS})).dtb 210# Add the TOS_FW_CONFIG to FIP 211$(eval $(call TOOL_ADD_PAYLOAD,${QEMU_TOS_FW_CONFIG},--tos-fw-config,${QEMU_TOS_FW_CONFIG})) 212endif 213 214SEPARATE_CODE_AND_RODATA := 1 215ENABLE_STACK_PROTECTOR := 0 216 217BL32_RAM_LOCATION := tdram 218ifeq (${BL32_RAM_LOCATION}, tsram) 219 BL32_RAM_LOCATION_ID = SEC_SRAM_ID 220else ifeq (${BL32_RAM_LOCATION}, tdram) 221 BL32_RAM_LOCATION_ID = SEC_DRAM_ID 222else 223 $(error "Unsupported BL32_RAM_LOCATION value") 224endif 225 226# Process flags 227$(eval $(call add_define,BL32_RAM_LOCATION_ID)) 228 229# Don't have the Linux kernel as a BL33 image by default 230ARM_LINUX_KERNEL_AS_BL33 := 0 231$(eval $(call assert_boolean,ARM_LINUX_KERNEL_AS_BL33)) 232$(eval $(call add_define,ARM_LINUX_KERNEL_AS_BL33)) 233 234ARM_PRELOADED_DTB_BASE := PLAT_QEMU_DT_BASE 235$(eval $(call add_define,ARM_PRELOADED_DTB_BASE)) 236 237qemu_fw.bios: bl1 fip 238 $(ECHO) " DD $@" 239 $(Q)cp ${BUILD_PLAT}/bl1.bin ${BUILD_PLAT}/$@ 240 $(Q)dd if=${BUILD_PLAT}/fip.bin of=${BUILD_PLAT}/$@ bs=64k seek=4 status=none 241 242qemu_fw.rom: qemu_fw.bios 243 $(ECHO) " DD $@" 244 $(Q)cp ${BUILD_PLAT}/$^ ${BUILD_PLAT}/$@ 245 $(Q)dd if=/dev/zero of=${BUILD_PLAT}/$@ bs=1M seek=64 count=0 status=none 246 247ifneq (${BL33},) 248all: qemu_fw.bios qemu_fw.rom 249endif 250 251ifeq (${EL3_EXCEPTION_HANDLING},1) 252BL31_SOURCES += plat/common/aarch64/plat_ehf.c 253endif 254