1# 2# Copyright (c) 2013-2025, Arm Limited and Contributors. All rights reserved. 3# 4# SPDX-License-Identifier: BSD-3-Clause 5# 6 7include lib/libfdt/libfdt.mk 8include lib/xlat_tables_v2/xlat_tables.mk 9 10PLAT_INCLUDES := -Iplat/rpi/common/include \ 11 -Iplat/rpi/rpi3/include \ 12 -Ilib/libfdt 13 14PLAT_BL_COMMON_SOURCES := drivers/ti/uart/aarch64/16550_console.S \ 15 drivers/arm/pl011/aarch64/pl011_console.S \ 16 drivers/gpio/gpio.c \ 17 drivers/delay_timer/delay_timer.c \ 18 drivers/rpi3/gpio/rpi3_gpio.c \ 19 plat/rpi/common/aarch64/plat_helpers.S \ 20 plat/rpi/common/rpi3_common.c \ 21 plat/rpi/common/rpi3_console_dual.c \ 22 ${XLAT_TABLES_LIB_SRCS} 23 24ifeq (${DISCRETE_TPM},1) 25TPM2_MK := drivers/tpm/tpm2.mk 26$(info Including ${TPM2_MK}) 27include ${TPM2_MK} 28endif 29 30ifeq (${TPM_INTERFACE},FIFO_SPI) 31PLAT_BL_COMMON_SOURCES += drivers/gpio/gpio_spi.c \ 32 drivers/tpm/tpm2_slb9670/slb9670_gpio.c 33endif 34 35ifeq (${MEASURED_BOOT},1) 36MEASURED_BOOT_MK := drivers/measured_boot/event_log/event_log.mk 37$(info Including ${MEASURED_BOOT_MK}) 38include ${MEASURED_BOOT_MK} 39 40PLAT_BL_COMMON_SOURCES += $(TPM2_SOURCES) 41 42BL1_LIBS += $(LIBEVLOG_LIBS) 43BL1_INCLUDE_DIRS += $(LIBEVLOG_INCLUDE_DIRS) 44 45BL2_LIBS += $(LIBEVLOG_LIBS) 46BL2_INCLUDE_DIRS += $(LIBEVLOG_INCLUDE_DIRS) 47 48BL31_LIBS += $(LIBEVLOG_LIBS) 49BL31_INCLUDE_DIRS += $(LIBEVLOG_INCLUDE_DIRS) 50 51BL32_LIBS += $(LIBEVLOG_LIBS) 52BL32_INCLUDE_DIRS += $(LIBEVLOG_INCLUDE_DIRS) 53 54BL1_SOURCES += plat/rpi/rpi3/rpi3_bl1_mboot.c 55BL2_SOURCES += plat/rpi/rpi3/rpi3_bl2_mboot.c \ 56 plat/rpi/rpi3/rpi3_dyn_cfg_helpers.c \ 57 common/fdt_wrappers.c \ 58 common/fdt_fixup.c 59 60CRYPTO_SOURCES := drivers/auth/crypto_mod.c 61 62BL1_SOURCES += ${CRYPTO_SOURCES} 63BL2_SOURCES += ${CRYPTO_SOURCES} 64 65include drivers/auth/mbedtls/mbedtls_crypto.mk 66 67endif 68 69BL1_SOURCES += drivers/io/io_fip.c \ 70 drivers/io/io_memmap.c \ 71 drivers/io/io_storage.c \ 72 drivers/delay_timer/generic_delay_timer.c \ 73 lib/cpus/aarch64/cortex_a53.S \ 74 plat/common/aarch64/platform_mp_stack.S \ 75 plat/rpi/rpi3/rpi3_bl1_setup.c \ 76 plat/rpi/common/rpi3_io_storage.c \ 77 drivers/rpi3/mailbox/rpi3_mbox.c \ 78 plat/rpi/rpi3/rpi_mbox_board.c 79 80BL2_SOURCES += common/desc_image_load.c \ 81 drivers/io/io_fip.c \ 82 drivers/io/io_memmap.c \ 83 drivers/io/io_storage.c \ 84 drivers/delay_timer/generic_delay_timer.c \ 85 drivers/io/io_block.c \ 86 drivers/mmc/mmc.c \ 87 drivers/rpi3/sdhost/rpi3_sdhost.c \ 88 plat/common/aarch64/platform_mp_stack.S \ 89 plat/rpi/rpi3/aarch64/rpi3_bl2_mem_params_desc.c \ 90 plat/rpi/rpi3/rpi3_bl2_setup.c \ 91 plat/rpi/common/rpi3_image_load.c \ 92 plat/rpi/common/rpi3_io_storage.c 93 94BL31_SOURCES += lib/cpus/aarch64/cortex_a53.S \ 95 plat/common/plat_gicv2.c \ 96 plat/common/plat_psci_common.c \ 97 plat/rpi/rpi3/rpi3_bl31_setup.c \ 98 plat/rpi/common/rpi3_pm.c \ 99 plat/rpi/common/rpi3_topology.c \ 100 ${LIBFDT_SRCS} 101 102# Tune compiler for Cortex-A53 103ifeq ($($(ARCH)-cc-id),arm-clang) 104 TF_CFLAGS_aarch64 += -mcpu=cortex-a53 105else ifneq ($(filter %-clang,$($(ARCH)-cc-id)),) 106 TF_CFLAGS_aarch64 += -mcpu=cortex-a53 107else 108 TF_CFLAGS_aarch64 += -mtune=cortex-a53 109endif 110 111# Platform Makefile target 112# ------------------------ 113 114RPI3_BL1_PAD_BIN := ${BUILD_PLAT}/bl1_pad.bin 115RPI3_ARMSTUB8_BIN := ${BUILD_PLAT}/armstub8.bin 116 117# Add new default target when compiling this platform 118all: armstub 119 120# This target concatenates BL1 and the FIP so that the base addresses match the 121# ones defined in the memory map 122armstub: bl1 fip 123 $(s)echo " CAT $@" 124 $(q)cp ${BUILD_PLAT}/bl1.bin ${RPI3_BL1_PAD_BIN} 125 $(q)truncate --size=131072 ${RPI3_BL1_PAD_BIN} 126 $(q)cat ${RPI3_BL1_PAD_BIN} ${BUILD_PLAT}/fip.bin > ${RPI3_ARMSTUB8_BIN} 127 $(s)echo 128 $(s)echo "Built $@ successfully" 129 $(s)echo 130 131# Build config flags 132# ------------------ 133 134# Enable all errata workarounds for Cortex-A53 135ERRATA_A53_826319 := 1 136ERRATA_A53_835769 := 1 137ERRATA_A53_836870 := 1 138ERRATA_A53_843419 := 1 139ERRATA_A53_855873 := 1 140 141WORKAROUND_CVE_2017_5715 := 0 142 143# Disable stack protector by default 144ENABLE_STACK_PROTECTOR := 0 145 146# Reset to BL31 isn't supported 147RESET_TO_BL31 := 0 148 149# Have different sections for code and rodata 150SEPARATE_CODE_AND_RODATA := 1 151 152# Use Coherent memory 153USE_COHERENT_MEM := 1 154 155# Platform build flags 156# -------------------- 157 158# BL33 images are in AArch64 by default 159RPI3_BL33_IN_AARCH32 := 0 160 161# Assume that BL33 isn't the Linux kernel by default 162RPI3_DIRECT_LINUX_BOOT := 0 163 164# UART to use at runtime. -1 means the runtime UART is disabled. 165# Any other value means the default UART will be used. 166RPI3_RUNTIME_UART := -1 167 168# Use normal memory mapping for ROM, FIP, SRAM and DRAM 169RPI3_USE_UEFI_MAP := 0 170 171# BL32 location 172RPI3_BL32_RAM_LOCATION := tdram 173ifeq (${RPI3_BL32_RAM_LOCATION}, tsram) 174 RPI3_BL32_RAM_LOCATION_ID = SEC_SRAM_ID 175else ifeq (${RPI3_BL32_RAM_LOCATION}, tdram) 176 RPI3_BL32_RAM_LOCATION_ID = SEC_DRAM_ID 177else 178 $(error "Unsupported RPI3_BL32_RAM_LOCATION value") 179endif 180 181# Process platform flags 182# ---------------------- 183 184$(eval $(call add_define,RPI3_BL32_RAM_LOCATION_ID)) 185$(eval $(call add_define,RPI3_BL33_IN_AARCH32)) 186$(eval $(call add_define,RPI3_DIRECT_LINUX_BOOT)) 187ifdef RPI3_PRELOADED_DTB_BASE 188$(eval $(call add_define,RPI3_PRELOADED_DTB_BASE)) 189endif 190$(eval $(call add_define,RPI3_RUNTIME_UART)) 191$(eval $(call add_define,RPI3_USE_UEFI_MAP)) 192 193# Verify build config 194# ------------------- 195# 196ifneq (${RPI3_DIRECT_LINUX_BOOT}, 0) 197 ifndef RPI3_PRELOADED_DTB_BASE 198 $(error Error: RPI3_PRELOADED_DTB_BASE needed if RPI3_DIRECT_LINUX_BOOT=1) 199 endif 200endif 201 202ifneq (${RESET_TO_BL31}, 0) 203 $(error Error: rpi3 needs RESET_TO_BL31=0) 204endif 205 206ifeq (${ARCH},aarch32) 207 $(error Error: AArch32 not supported on rpi3) 208endif 209 210ifneq ($(ENABLE_STACK_PROTECTOR), 0) 211PLAT_BL_COMMON_SOURCES += drivers/rpi3/rng/rpi3_rng.c \ 212 plat/rpi/common/rpi3_stack_protector.c 213endif 214 215ifeq (${SPD},opteed) 216BL2_SOURCES += \ 217 lib/optee/optee_utils.c 218endif 219 220# Add the build options to pack Trusted OS Extra1 and Trusted OS Extra2 images 221# in the FIP if the platform requires. 222ifneq ($(BL32_EXTRA1),) 223$(eval $(call TOOL_ADD_IMG,BL32_EXTRA1,--tos-fw-extra1)) 224endif 225ifneq ($(BL32_EXTRA2),) 226$(eval $(call TOOL_ADD_IMG,BL32_EXTRA2,--tos-fw-extra2)) 227endif 228 229ifneq (${TRUSTED_BOARD_BOOT},0) 230 231 include drivers/auth/mbedtls/mbedtls_crypto.mk 232 include drivers/auth/mbedtls/mbedtls_x509.mk 233 234 AUTH_MK := drivers/auth/auth.mk 235 $(info Including ${AUTH_MK}) 236 include ${AUTH_MK} 237 238 AUTH_SOURCES += drivers/auth/tbbr/tbbr_cot_common.c 239 240 BL1_SOURCES += ${AUTH_SOURCES} \ 241 bl1/tbbr/tbbr_img_desc.c \ 242 plat/common/tbbr/plat_tbbr.c \ 243 plat/rpi/common/rpi3_trusted_boot.c \ 244 plat/rpi/common/rpi3_rotpk.S \ 245 drivers/auth/tbbr/tbbr_cot_bl1.c 246 247 BL2_SOURCES += ${AUTH_SOURCES} \ 248 plat/common/tbbr/plat_tbbr.c \ 249 plat/rpi/common/rpi3_trusted_boot.c \ 250 plat/rpi/common/rpi3_rotpk.S \ 251 drivers/auth/tbbr/tbbr_cot_bl2.c 252 253 ROT_KEY = $(BUILD_PLAT)/rot_key.pem 254 ROTPK_HASH = $(BUILD_PLAT)/rotpk_sha256.bin 255 256 $(eval $(call add_define_val,ROTPK_HASH,'"$(ROTPK_HASH)"')) 257 258 $(BUILD_PLAT)/bl1/rpi3_rotpk.o: $(ROTPK_HASH) 259 $(BUILD_PLAT)/bl2/rpi3_rotpk.o: $(ROTPK_HASH) 260 261 certificates: $(ROT_KEY) 262 263 $(ROT_KEY): | $$(@D)/ 264 $(s)echo " OPENSSL $@" 265 $(q)${OPENSSL_BIN_PATH}/openssl genrsa 2048 > $@ 2>/dev/null 266 267 $(ROTPK_HASH): $(ROT_KEY) | $$(@D)/ 268 $(s)echo " OPENSSL $@" 269 $(q)${OPENSSL_BIN_PATH}/openssl rsa -in $< -pubout -outform DER 2>/dev/null |\ 270 ${OPENSSL_BIN_PATH}/openssl dgst -sha256 -binary > $@ 2>/dev/null 271endif 272