1# 2# Copyright (c) 2013-2025, Arm Limited and Contributors. All rights reserved. 3# 4# SPDX-License-Identifier: BSD-3-Clause 5# 6 7include lib/libfdt/libfdt.mk 8include lib/xlat_tables_v2/xlat_tables.mk 9 10PLAT_INCLUDES := -Iplat/rpi/common/include \ 11 -Iplat/rpi/rpi3/include \ 12 -Ilib/libfdt 13 14PLAT_BL_COMMON_SOURCES := drivers/ti/uart/aarch64/16550_console.S \ 15 drivers/arm/pl011/aarch64/pl011_console.S \ 16 drivers/gpio/gpio.c \ 17 drivers/delay_timer/delay_timer.c \ 18 drivers/rpi3/gpio/rpi3_gpio.c \ 19 plat/rpi/common/aarch64/plat_helpers.S \ 20 plat/rpi/common/rpi3_common.c \ 21 plat/rpi/common/rpi3_console_dual.c \ 22 ${XLAT_TABLES_LIB_SRCS} 23 24ifeq (${DISCRETE_TPM},1) 25TPM2_MK := drivers/tpm/tpm2.mk 26$(info Including ${TPM2_MK}) 27include ${TPM2_MK} 28endif 29 30ifeq (${TPM_INTERFACE},FIFO_SPI) 31PLAT_BL_COMMON_SOURCES += drivers/gpio/gpio_spi.c \ 32 drivers/tpm/tpm2_slb9670/slb9670_gpio.c 33endif 34 35ifeq (${MEASURED_BOOT},1) 36MEASURED_BOOT_MK := drivers/measured_boot/event_log/event_log.mk 37$(info Including ${MEASURED_BOOT_MK}) 38include ${MEASURED_BOOT_MK} 39 40PLAT_BL_COMMON_SOURCES += $(TPM2_SOURCES) \ 41 common/measured_boot_helpers.c 42 43BL1_LIBS += $(LIBEVLOG_LIBS) 44BL1_INCLUDE_DIRS += $(LIBEVLOG_INCLUDE_DIRS) 45 46BL2_LIBS += $(LIBEVLOG_LIBS) 47BL2_INCLUDE_DIRS += $(LIBEVLOG_INCLUDE_DIRS) 48 49BL31_LIBS += $(LIBEVLOG_LIBS) 50BL31_INCLUDE_DIRS += $(LIBEVLOG_INCLUDE_DIRS) 51 52BL32_LIBS += $(LIBEVLOG_LIBS) 53BL32_INCLUDE_DIRS += $(LIBEVLOG_INCLUDE_DIRS) 54 55BL1_SOURCES += plat/rpi/rpi3/rpi3_bl1_mboot.c \ 56 plat/rpi/rpi3/rpi3_common_mboot.c 57 58BL2_SOURCES += plat/rpi/rpi3/rpi3_bl2_mboot.c \ 59 plat/rpi/rpi3/rpi3_common_mboot.c \ 60 plat/rpi/rpi3/rpi3_dyn_cfg_helpers.c \ 61 common/fdt_wrappers.c \ 62 common/fdt_fixup.c 63 64CRYPTO_SOURCES := drivers/auth/crypto_mod.c 65 66BL1_SOURCES += ${CRYPTO_SOURCES} 67BL2_SOURCES += ${CRYPTO_SOURCES} 68 69include drivers/auth/mbedtls/mbedtls_crypto.mk 70 71endif 72 73BL1_SOURCES += drivers/io/io_fip.c \ 74 drivers/io/io_memmap.c \ 75 drivers/io/io_storage.c \ 76 drivers/delay_timer/generic_delay_timer.c \ 77 lib/cpus/aarch64/cortex_a53.S \ 78 plat/common/aarch64/platform_mp_stack.S \ 79 plat/rpi/rpi3/rpi3_bl1_setup.c \ 80 plat/rpi/common/rpi3_io_storage.c \ 81 drivers/rpi3/mailbox/rpi3_mbox.c \ 82 plat/rpi/rpi3/rpi_mbox_board.c 83 84BL2_SOURCES += common/desc_image_load.c \ 85 drivers/io/io_fip.c \ 86 drivers/io/io_memmap.c \ 87 drivers/io/io_storage.c \ 88 drivers/delay_timer/generic_delay_timer.c \ 89 drivers/io/io_block.c \ 90 drivers/mmc/mmc.c \ 91 drivers/rpi3/sdhost/rpi3_sdhost.c \ 92 plat/common/aarch64/platform_mp_stack.S \ 93 plat/rpi/rpi3/aarch64/rpi3_bl2_mem_params_desc.c \ 94 plat/rpi/rpi3/rpi3_bl2_setup.c \ 95 plat/rpi/common/rpi3_image_load.c \ 96 plat/rpi/common/rpi3_io_storage.c 97 98BL31_SOURCES += lib/cpus/aarch64/cortex_a53.S \ 99 plat/common/plat_gicv2.c \ 100 plat/common/plat_psci_common.c \ 101 plat/rpi/rpi3/rpi3_bl31_setup.c \ 102 plat/rpi/common/rpi3_pm.c \ 103 plat/rpi/common/rpi3_topology.c \ 104 ${LIBFDT_SRCS} 105 106# Tune compiler for Cortex-A53 107ifeq ($($(ARCH)-cc-id),arm-clang) 108 TF_CFLAGS_aarch64 += -mcpu=cortex-a53 109else ifneq ($(filter %-clang,$($(ARCH)-cc-id)),) 110 TF_CFLAGS_aarch64 += -mcpu=cortex-a53 111else 112 TF_CFLAGS_aarch64 += -mtune=cortex-a53 113endif 114 115# Platform Makefile target 116# ------------------------ 117 118RPI3_BL1_PAD_BIN := ${BUILD_PLAT}/bl1_pad.bin 119RPI3_ARMSTUB8_BIN := ${BUILD_PLAT}/armstub8.bin 120 121# Add new default target when compiling this platform 122all: armstub 123 124# This target concatenates BL1 and the FIP so that the base addresses match the 125# ones defined in the memory map 126armstub: bl1 fip 127 $(s)echo " CAT $@" 128 $(q)cp ${BUILD_PLAT}/bl1.bin ${RPI3_BL1_PAD_BIN} 129 $(q)truncate --size=131072 ${RPI3_BL1_PAD_BIN} 130 $(q)cat ${RPI3_BL1_PAD_BIN} ${BUILD_PLAT}/fip.bin > ${RPI3_ARMSTUB8_BIN} 131 $(s)echo 132 $(s)echo "Built $@ successfully" 133 $(s)echo 134 135# Build config flags 136# ------------------ 137 138# Enable all errata workarounds for Cortex-A53 139ERRATA_A53_826319 := 1 140ERRATA_A53_835769 := 1 141ERRATA_A53_836870 := 1 142ERRATA_A53_843419 := 1 143ERRATA_A53_855873 := 1 144 145WORKAROUND_CVE_2017_5715 := 0 146 147# Disable stack protector by default 148ENABLE_STACK_PROTECTOR := 0 149 150# Reset to BL31 isn't supported 151RESET_TO_BL31 := 0 152 153# Have different sections for code and rodata 154SEPARATE_CODE_AND_RODATA := 1 155 156# Use Coherent memory 157USE_COHERENT_MEM := 1 158 159# Platform build flags 160# -------------------- 161 162# BL33 images are in AArch64 by default 163RPI3_BL33_IN_AARCH32 := 0 164 165# Assume that BL33 isn't the Linux kernel by default 166RPI3_DIRECT_LINUX_BOOT := 0 167 168# UART to use at runtime. -1 means the runtime UART is disabled. 169# Any other value means the default UART will be used. 170RPI3_RUNTIME_UART := -1 171 172# Use normal memory mapping for ROM, FIP, SRAM and DRAM 173RPI3_USE_UEFI_MAP := 0 174 175# BL32 location 176RPI3_BL32_RAM_LOCATION := tdram 177ifeq (${RPI3_BL32_RAM_LOCATION}, tsram) 178 RPI3_BL32_RAM_LOCATION_ID = SEC_SRAM_ID 179else ifeq (${RPI3_BL32_RAM_LOCATION}, tdram) 180 RPI3_BL32_RAM_LOCATION_ID = SEC_DRAM_ID 181else 182 $(error "Unsupported RPI3_BL32_RAM_LOCATION value") 183endif 184 185# Process platform flags 186# ---------------------- 187 188$(eval $(call add_define,RPI3_BL32_RAM_LOCATION_ID)) 189$(eval $(call add_define,RPI3_BL33_IN_AARCH32)) 190$(eval $(call add_define,RPI3_DIRECT_LINUX_BOOT)) 191ifdef RPI3_PRELOADED_DTB_BASE 192$(eval $(call add_define,RPI3_PRELOADED_DTB_BASE)) 193endif 194$(eval $(call add_define,RPI3_RUNTIME_UART)) 195$(eval $(call add_define,RPI3_USE_UEFI_MAP)) 196 197# Verify build config 198# ------------------- 199# 200ifneq (${RPI3_DIRECT_LINUX_BOOT}, 0) 201 ifndef RPI3_PRELOADED_DTB_BASE 202 $(error Error: RPI3_PRELOADED_DTB_BASE needed if RPI3_DIRECT_LINUX_BOOT=1) 203 endif 204endif 205 206ifneq (${RESET_TO_BL31}, 0) 207 $(error Error: rpi3 needs RESET_TO_BL31=0) 208endif 209 210ifeq (${ARCH},aarch32) 211 $(error Error: AArch32 not supported on rpi3) 212endif 213 214ifneq ($(ENABLE_STACK_PROTECTOR), 0) 215PLAT_BL_COMMON_SOURCES += drivers/rpi3/rng/rpi3_rng.c \ 216 plat/rpi/common/rpi3_stack_protector.c 217endif 218 219ifeq (${SPD},opteed) 220BL2_SOURCES += \ 221 lib/optee/optee_utils.c 222endif 223 224# Add the build options to pack Trusted OS Extra1 and Trusted OS Extra2 images 225# in the FIP if the platform requires. 226ifneq ($(BL32_EXTRA1),) 227$(eval $(call TOOL_ADD_IMG,BL32_EXTRA1,--tos-fw-extra1)) 228endif 229ifneq ($(BL32_EXTRA2),) 230$(eval $(call TOOL_ADD_IMG,BL32_EXTRA2,--tos-fw-extra2)) 231endif 232 233ifneq (${TRUSTED_BOARD_BOOT},0) 234 235 include drivers/auth/mbedtls/mbedtls_crypto.mk 236 include drivers/auth/mbedtls/mbedtls_x509.mk 237 238 AUTH_MK := drivers/auth/auth.mk 239 $(info Including ${AUTH_MK}) 240 include ${AUTH_MK} 241 242 AUTH_SOURCES += drivers/auth/tbbr/tbbr_cot_common.c 243 244 BL1_SOURCES += ${AUTH_SOURCES} \ 245 bl1/tbbr/tbbr_img_desc.c \ 246 plat/common/tbbr/plat_tbbr.c \ 247 plat/rpi/common/rpi3_trusted_boot.c \ 248 plat/rpi/common/rpi3_rotpk.S \ 249 drivers/auth/tbbr/tbbr_cot_bl1.c 250 251 BL2_SOURCES += ${AUTH_SOURCES} \ 252 plat/common/tbbr/plat_tbbr.c \ 253 plat/rpi/common/rpi3_trusted_boot.c \ 254 plat/rpi/common/rpi3_rotpk.S \ 255 drivers/auth/tbbr/tbbr_cot_bl2.c 256 257 ROT_KEY = $(BUILD_PLAT)/rot_key.pem 258 ROTPK_HASH = $(BUILD_PLAT)/rotpk_sha256.bin 259 260 $(eval $(call add_define_val,ROTPK_HASH,'"$(ROTPK_HASH)"')) 261 262 $(BUILD_PLAT)/bl1/rpi3_rotpk.o: $(ROTPK_HASH) 263 $(BUILD_PLAT)/bl2/rpi3_rotpk.o: $(ROTPK_HASH) 264 265 certificates: $(ROT_KEY) 266 267 $(ROT_KEY): | $$(@D)/ 268 $(s)echo " OPENSSL $@" 269 $(q)${OPENSSL_BIN_PATH}/openssl genrsa 2048 > $@ 2>/dev/null 270 271 $(ROTPK_HASH): $(ROT_KEY) | $$(@D)/ 272 $(s)echo " OPENSSL $@" 273 $(q)${OPENSSL_BIN_PATH}/openssl rsa -in $< -pubout -outform DER 2>/dev/null |\ 274 ${OPENSSL_BIN_PATH}/openssl dgst -sha256 -binary > $@ 2>/dev/null 275endif 276