1# 2# Copyright (c) 2013-2021, Arm Limited and Contributors. All rights reserved. 3# 4# SPDX-License-Identifier: BSD-3-Clause 5# 6 7# 8# Trusted Firmware Version 9# 10VERSION_MAJOR := 2 11VERSION_MINOR := 6 12 13# Default goal is build all images 14.DEFAULT_GOAL := all 15 16# Avoid any implicit propagation of command line variable definitions to 17# sub-Makefiles, like CFLAGS that we reserved for the firmware images' 18# usage. Other command line options like "-s" are still propagated as usual. 19MAKEOVERRIDES = 20 21MAKE_HELPERS_DIRECTORY := make_helpers/ 22include ${MAKE_HELPERS_DIRECTORY}build_macros.mk 23include ${MAKE_HELPERS_DIRECTORY}build_env.mk 24 25################################################################################ 26# Default values for build configurations, and their dependencies 27################################################################################ 28 29include ${MAKE_HELPERS_DIRECTORY}defaults.mk 30 31# Assertions enabled for DEBUG builds by default 32ENABLE_ASSERTIONS := ${DEBUG} 33ENABLE_PMF := ${ENABLE_RUNTIME_INSTRUMENTATION} 34PLAT := ${DEFAULT_PLAT} 35 36################################################################################ 37# Checkpatch script options 38################################################################################ 39 40CHECKCODE_ARGS := --no-patch 41# Do not check the coding style on imported library files or documentation files 42INC_ARM_DIRS_TO_CHECK := $(sort $(filter-out \ 43 include/drivers/arm/cryptocell, \ 44 $(wildcard include/drivers/arm/*))) 45INC_ARM_DIRS_TO_CHECK += include/drivers/arm/cryptocell/*.h 46INC_DRV_DIRS_TO_CHECK := $(sort $(filter-out \ 47 include/drivers/arm, \ 48 $(wildcard include/drivers/*))) 49INC_LIB_DIRS_TO_CHECK := $(sort $(filter-out \ 50 include/lib/libfdt \ 51 include/lib/libc, \ 52 $(wildcard include/lib/*))) 53INC_DIRS_TO_CHECK := $(sort $(filter-out \ 54 include/lib \ 55 include/drivers, \ 56 $(wildcard include/*))) 57LIB_DIRS_TO_CHECK := $(sort $(filter-out \ 58 lib/compiler-rt \ 59 lib/libfdt% \ 60 lib/libc, \ 61 $(wildcard lib/*))) 62ROOT_DIRS_TO_CHECK := $(sort $(filter-out \ 63 lib \ 64 include \ 65 docs \ 66 %.rst, \ 67 $(wildcard *))) 68CHECK_PATHS := ${ROOT_DIRS_TO_CHECK} \ 69 ${INC_DIRS_TO_CHECK} \ 70 ${INC_LIB_DIRS_TO_CHECK} \ 71 ${LIB_DIRS_TO_CHECK} \ 72 ${INC_DRV_DIRS_TO_CHECK} \ 73 ${INC_ARM_DIRS_TO_CHECK} 74 75 76################################################################################ 77# Process build options 78################################################################################ 79 80# Verbose flag 81ifeq (${V},0) 82 Q:=@ 83 ECHO:=@echo 84 CHECKCODE_ARGS += --no-summary --terse 85else 86 Q:= 87 ECHO:=$(ECHO_QUIET) 88endif 89 90ifneq ($(findstring s,$(filter-out --%,$(MAKEFLAGS))),) 91 Q:=@ 92 ECHO:=$(ECHO_QUIET) 93endif 94 95export Q ECHO 96 97# The cert_create tool cannot generate certificates individually, so we use the 98# target 'certificates' to create them all 99ifneq (${GENERATE_COT},0) 100 FIP_DEPS += certificates 101 FWU_FIP_DEPS += fwu_certificates 102endif 103 104# Process BRANCH_PROTECTION value and set 105# Pointer Authentication and Branch Target Identification flags 106ifeq (${BRANCH_PROTECTION},0) 107 # Default value turns off all types of branch protection 108 BP_OPTION := none 109else ifneq (${ARCH},aarch64) 110 $(error BRANCH_PROTECTION requires AArch64) 111else ifeq (${BRANCH_PROTECTION},1) 112 # Enables all types of branch protection features 113 BP_OPTION := standard 114 ENABLE_BTI := 1 115 ENABLE_PAUTH := 1 116else ifeq (${BRANCH_PROTECTION},2) 117 # Return address signing to its standard level 118 BP_OPTION := pac-ret 119 ENABLE_PAUTH := 1 120else ifeq (${BRANCH_PROTECTION},3) 121 # Extend the signing to include leaf functions 122 BP_OPTION := pac-ret+leaf 123 ENABLE_PAUTH := 1 124else ifeq (${BRANCH_PROTECTION},4) 125 # Turn on branch target identification mechanism 126 BP_OPTION := bti 127 ENABLE_BTI := 1 128else 129 $(error Unknown BRANCH_PROTECTION value ${BRANCH_PROTECTION}) 130endif 131 132# FEAT_RME 133ifeq (${ENABLE_RME},1) 134# RME doesn't support PIE 135ifneq (${ENABLE_PIE},0) 136 $(error ENABLE_RME does not support PIE) 137endif 138# RME requires AARCH64 139ifneq (${ARCH},aarch64) 140 $(error ENABLE_RME requires AArch64) 141endif 142# RME requires el2 context to be saved for now. 143CTX_INCLUDE_EL2_REGS := 1 144CTX_INCLUDE_AARCH32_REGS := 0 145ARM_ARCH_MAJOR := 8 146ARM_ARCH_MINOR := 6 147endif 148 149# USE_SPINLOCK_CAS requires AArch64 build 150ifeq (${USE_SPINLOCK_CAS},1) 151ifneq (${ARCH},aarch64) 152 $(error USE_SPINLOCK_CAS requires AArch64) 153endif 154endif 155 156# USE_DEBUGFS experimental feature recommended only in debug builds 157ifeq (${USE_DEBUGFS},1) 158ifeq (${DEBUG},1) 159 $(warning DEBUGFS experimental feature is enabled.) 160else 161 $(warning DEBUGFS experimental, recommended in DEBUG builds ONLY) 162endif 163endif 164 165ifneq (${DECRYPTION_SUPPORT},none) 166ENC_ARGS += -f ${FW_ENC_STATUS} 167ENC_ARGS += -k ${ENC_KEY} 168ENC_ARGS += -n ${ENC_NONCE} 169FIP_DEPS += enctool 170FWU_FIP_DEPS += enctool 171endif 172 173################################################################################ 174# Toolchain 175################################################################################ 176 177HOSTCC := gcc 178export HOSTCC 179 180CC := ${CROSS_COMPILE}gcc 181CPP := ${CROSS_COMPILE}cpp 182AS := ${CROSS_COMPILE}gcc 183AR := ${CROSS_COMPILE}ar 184LINKER := ${CROSS_COMPILE}ld 185OC := ${CROSS_COMPILE}objcopy 186OD := ${CROSS_COMPILE}objdump 187NM := ${CROSS_COMPILE}nm 188PP := ${CROSS_COMPILE}gcc -E 189DTC := dtc 190 191# Use ${LD}.bfd instead if it exists (as absolute path or together with $PATH). 192ifneq ($(strip $(wildcard ${LD}.bfd) \ 193 $(foreach dir,$(subst :, ,${PATH}),$(wildcard ${dir}/${LINKER}.bfd))),) 194LINKER := ${LINKER}.bfd 195endif 196 197ifeq (${ARM_ARCH_MAJOR},7) 198target32-directive = -target arm-none-eabi 199# Will set march32-directive from platform configuration 200else 201target32-directive = -target armv8a-none-eabi 202 203# Set the compiler's target architecture profile based on 204# ARM_ARCH_MAJOR ARM_ARCH_MINOR options 205ifeq (${ARM_ARCH_MINOR},0) 206march32-directive = -march=armv${ARM_ARCH_MAJOR}-a 207march64-directive = -march=armv${ARM_ARCH_MAJOR}-a 208else 209march32-directive = -march=armv${ARM_ARCH_MAJOR}.${ARM_ARCH_MINOR}-a 210march64-directive = -march=armv${ARM_ARCH_MAJOR}.${ARM_ARCH_MINOR}-a 211endif 212endif 213 214# Memory tagging is supported in architecture Armv8.5-A AArch64 and onwards 215ifeq ($(ARCH), aarch64) 216# Check if revision is greater than or equal to 8.5 217ifeq "8.5" "$(word 1, $(sort 8.5 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))" 218mem_tag_arch_support = yes 219endif 220endif 221 222# Get architecture feature modifiers 223arch-features = ${ARM_ARCH_FEATURE} 224 225# Enable required options for memory stack tagging. 226# Currently, these options are enabled only for clang and armclang compiler. 227ifeq (${SUPPORT_STACK_MEMTAG},yes) 228ifdef mem_tag_arch_support 229# Check for armclang and clang compilers 230ifneq ( ,$(filter $(notdir $(CC)),armclang clang)) 231# Add "memtag" architecture feature modifier if not specified 232ifeq ( ,$(findstring memtag,$(arch-features))) 233arch-features := $(arch-features)+memtag 234endif # memtag 235ifeq ($(notdir $(CC)),armclang) 236TF_CFLAGS += -mmemtag-stack 237else ifeq ($(notdir $(CC)),clang) 238TF_CFLAGS += -fsanitize=memtag 239endif # armclang 240endif # armclang clang 241else 242$(error "Error: stack memory tagging is not supported for architecture \ 243 ${ARCH},armv${ARM_ARCH_MAJOR}.${ARM_ARCH_MINOR}-a") 244endif # mem_tag_arch_support 245endif # SUPPORT_STACK_MEMTAG 246 247# Set the compiler's architecture feature modifiers 248ifneq ($(arch-features), none) 249# Strip "none+" from arch-features 250arch-features := $(subst none+,,$(arch-features)) 251ifeq ($(ARCH), aarch32) 252march32-directive := $(march32-directive)+$(arch-features) 253else 254march64-directive := $(march64-directive)+$(arch-features) 255endif 256# Print features 257$(info Arm Architecture Features specified: $(subst +, ,$(arch-features))) 258endif # arch-features 259 260# Determine if FEAT_RNG is supported 261ENABLE_FEAT_RNG = $(if $(findstring rng,${arch-features}),1,0) 262 263# Determine if FEAT_SB is supported 264ENABLE_FEAT_SB = $(if $(findstring sb,${arch-features}),1,0) 265 266ifeq "8.5" "$(word 1, $(sort 8.5 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))" 267ENABLE_FEAT_SB = 1 268endif 269 270ifneq ($(findstring armclang,$(notdir $(CC))),) 271TF_CFLAGS_aarch32 = -target arm-arm-none-eabi $(march32-directive) 272TF_CFLAGS_aarch64 = -target aarch64-arm-none-eabi $(march64-directive) 273LD = $(LINKER) 274AS = $(CC) -c -x assembler-with-cpp $(TF_CFLAGS_$(ARCH)) 275CPP = $(CC) -E $(TF_CFLAGS_$(ARCH)) 276PP = $(CC) -E $(TF_CFLAGS_$(ARCH)) 277else ifneq ($(findstring clang,$(notdir $(CC))),) 278CLANG_CCDIR = $(if $(filter-out ./,$(dir $(CC))),$(dir $(CC)),) 279TF_CFLAGS_aarch32 = $(target32-directive) $(march32-directive) 280TF_CFLAGS_aarch64 = -target aarch64-elf $(march64-directive) 281LD = $(CLANG_CCDIR)ld.lld 282ifeq (, $(shell which $(LD))) 283$(error "No $(LD) in PATH, make sure it is installed or set LD to a different linker") 284endif 285AS = $(CC) -c -x assembler-with-cpp $(TF_CFLAGS_$(ARCH)) 286CPP = $(CC) -E 287PP = $(CC) -E 288else ifneq ($(findstring gcc,$(notdir $(CC))),) 289TF_CFLAGS_aarch32 = $(march32-directive) 290TF_CFLAGS_aarch64 = $(march64-directive) 291ifeq ($(ENABLE_LTO),1) 292 # Enable LTO only for aarch64 293 ifeq (${ARCH},aarch64) 294 LTO_CFLAGS = -flto 295 # Use gcc as a wrapper for the ld, recommended for LTO 296 LINKER := ${CROSS_COMPILE}gcc 297 endif 298endif 299LD = $(LINKER) 300else 301TF_CFLAGS_aarch32 = $(march32-directive) 302TF_CFLAGS_aarch64 = $(march64-directive) 303LD = $(LINKER) 304endif 305 306# Process Debug flag 307$(eval $(call add_define,DEBUG)) 308ifneq (${DEBUG}, 0) 309 BUILD_TYPE := debug 310 TF_CFLAGS += -g 311 312 ifneq ($(findstring clang,$(notdir $(CC))),) 313 ASFLAGS += -g 314 else 315 ASFLAGS += -g -Wa,--gdwarf-2 316 endif 317 318 # Use LOG_LEVEL_INFO by default for debug builds 319 LOG_LEVEL := 40 320else 321 BUILD_TYPE := release 322 # Use LOG_LEVEL_NOTICE by default for release builds 323 LOG_LEVEL := 20 324endif 325 326# Default build string (git branch and commit) 327ifeq (${BUILD_STRING},) 328 BUILD_STRING := $(shell git describe --always --dirty --tags 2> /dev/null) 329endif 330VERSION_STRING := v${VERSION_MAJOR}.${VERSION_MINOR}(${BUILD_TYPE}):${BUILD_STRING} 331 332ifeq (${AARCH32_INSTRUCTION_SET},A32) 333TF_CFLAGS_aarch32 += -marm 334else ifeq (${AARCH32_INSTRUCTION_SET},T32) 335TF_CFLAGS_aarch32 += -mthumb 336else 337$(error Error: Unknown AArch32 instruction set ${AARCH32_INSTRUCTION_SET}) 338endif 339 340TF_CFLAGS_aarch32 += -mno-unaligned-access 341TF_CFLAGS_aarch64 += -mgeneral-regs-only -mstrict-align 342 343ifneq (${BP_OPTION},none) 344TF_CFLAGS_aarch64 += -mbranch-protection=${BP_OPTION} 345endif 346 347ASFLAGS_aarch32 = $(march32-directive) 348ASFLAGS_aarch64 = $(march64-directive) 349 350# General warnings 351WARNINGS := -Wall -Wmissing-include-dirs -Wunused \ 352 -Wdisabled-optimization -Wvla -Wshadow \ 353 -Wno-unused-parameter -Wredundant-decls 354 355# Additional warnings 356# Level 1 357WARNING1 := -Wextra 358WARNING1 += -Wmissing-format-attribute 359WARNING1 += -Wmissing-prototypes 360WARNING1 += -Wold-style-definition 361 362# Level 2 363WARNING2 := -Waggregate-return 364WARNING2 += -Wcast-align 365WARNING2 += -Wnested-externs 366 367WARNING3 := -Wbad-function-cast 368WARNING3 += -Wcast-qual 369WARNING3 += -Wconversion 370WARNING3 += -Wpacked 371WARNING3 += -Wpointer-arith 372WARNING3 += -Wswitch-default 373 374ifeq (${W},1) 375WARNINGS += $(WARNING1) 376else ifeq (${W},2) 377WARNINGS += $(WARNING1) $(WARNING2) 378else ifeq (${W},3) 379WARNINGS += $(WARNING1) $(WARNING2) $(WARNING3) 380endif 381 382# Compiler specific warnings 383ifeq ($(findstring clang,$(notdir $(CC))),) 384# not using clang 385WARNINGS += -Wunused-but-set-variable -Wmaybe-uninitialized \ 386 -Wpacked-bitfield-compat -Wshift-overflow=2 \ 387 -Wlogical-op 388else 389# using clang 390WARNINGS += -Wshift-overflow -Wshift-sign-overflow \ 391 -Wlogical-op-parentheses 392endif 393 394ifneq (${E},0) 395ERRORS := -Werror 396endif 397 398CPPFLAGS = ${DEFINES} ${INCLUDES} ${MBEDTLS_INC} -nostdinc \ 399 $(ERRORS) $(WARNINGS) 400ASFLAGS += $(CPPFLAGS) $(ASFLAGS_$(ARCH)) \ 401 -ffreestanding -Wa,--fatal-warnings 402TF_CFLAGS += $(CPPFLAGS) $(TF_CFLAGS_$(ARCH)) \ 403 -ffunction-sections -fdata-sections \ 404 -ffreestanding -fno-builtin -fno-common \ 405 -Os -std=gnu99 406 407ifeq (${SANITIZE_UB},on) 408TF_CFLAGS += -fsanitize=undefined -fno-sanitize-recover 409endif 410ifeq (${SANITIZE_UB},trap) 411TF_CFLAGS += -fsanitize=undefined -fno-sanitize-recover \ 412 -fsanitize-undefined-trap-on-error 413endif 414 415GCC_V_OUTPUT := $(shell $(CC) -v 2>&1) 416 417# LD = armlink 418ifneq ($(findstring armlink,$(notdir $(LD))),) 419TF_LDFLAGS += --diag_error=warning --lto_level=O1 420TF_LDFLAGS += --remove --info=unused,unusedsymbols 421TF_LDFLAGS += $(TF_LDFLAGS_$(ARCH)) 422 423# LD = gcc (used when GCC LTO is enabled) 424else ifneq ($(findstring gcc,$(notdir $(LD))),) 425# Pass ld options with Wl or Xlinker switches 426TF_LDFLAGS += -Wl,--fatal-warnings -O1 427TF_LDFLAGS += -Wl,--gc-sections 428ifeq ($(ENABLE_LTO),1) 429 ifeq (${ARCH},aarch64) 430 TF_LDFLAGS += -flto -fuse-linker-plugin 431 endif 432endif 433# GCC automatically adds fix-cortex-a53-843419 flag when used to link 434# which breaks some builds, so disable if errata fix is not explicitly enabled 435ifneq (${ERRATA_A53_843419},1) 436 TF_LDFLAGS += -mno-fix-cortex-a53-843419 437endif 438TF_LDFLAGS += -nostdlib 439TF_LDFLAGS += $(subst --,-Xlinker --,$(TF_LDFLAGS_$(ARCH))) 440 441# LD = gcc-ld (ld) or llvm-ld (ld.lld) or other 442else 443TF_LDFLAGS += --fatal-warnings -O1 444TF_LDFLAGS += --gc-sections 445# ld.lld doesn't recognize the errata flags, 446# therefore don't add those in that case 447ifeq ($(findstring ld.lld,$(notdir $(LD))),) 448TF_LDFLAGS += $(TF_LDFLAGS_$(ARCH)) 449endif 450endif 451 452DTC_FLAGS += -I dts -O dtb 453DTC_CPPFLAGS += -P -nostdinc -Iinclude -Ifdts -undef \ 454 -x assembler-with-cpp $(DEFINES) 455 456ifeq ($(MEASURED_BOOT),1) 457DTC_CPPFLAGS += -DMEASURED_BOOT -DBL2_HASH_SIZE=${TCG_DIGEST_SIZE} 458endif 459 460################################################################################ 461# Common sources and include directories 462################################################################################ 463include lib/compiler-rt/compiler-rt.mk 464 465BL_COMMON_SOURCES += common/bl_common.c \ 466 common/tf_log.c \ 467 common/${ARCH}/debug.S \ 468 drivers/console/multi_console.c \ 469 lib/${ARCH}/cache_helpers.S \ 470 lib/${ARCH}/misc_helpers.S \ 471 plat/common/plat_bl_common.c \ 472 plat/common/plat_log_common.c \ 473 plat/common/${ARCH}/plat_common.c \ 474 plat/common/${ARCH}/platform_helpers.S \ 475 ${COMPILER_RT_SRCS} 476 477ifeq ($(notdir $(CC)),armclang) 478BL_COMMON_SOURCES += lib/${ARCH}/armclang_printf.S 479endif 480 481ifeq (${SANITIZE_UB},on) 482BL_COMMON_SOURCES += plat/common/ubsan.c 483endif 484 485INCLUDES += -Iinclude \ 486 -Iinclude/arch/${ARCH} \ 487 -Iinclude/lib/cpus/${ARCH} \ 488 -Iinclude/lib/el3_runtime/${ARCH} \ 489 ${PLAT_INCLUDES} \ 490 ${SPD_INCLUDES} 491 492include common/backtrace/backtrace.mk 493 494################################################################################ 495# Generic definitions 496################################################################################ 497 498include ${MAKE_HELPERS_DIRECTORY}plat_helpers.mk 499 500ifeq (${BUILD_BASE},) 501 BUILD_BASE := ./build 502endif 503BUILD_PLAT := $(abspath ${BUILD_BASE})/${PLAT}/${BUILD_TYPE} 504 505SPDS := $(sort $(filter-out none, $(patsubst services/spd/%,%,$(wildcard services/spd/*)))) 506 507# Platforms providing their own TBB makefile may override this value 508INCLUDE_TBBR_MK := 1 509 510 511################################################################################ 512# Include SPD Makefile if one has been specified 513################################################################################ 514 515ifneq (${SPD},none) 516 ifeq (${ARCH},aarch32) 517 $(error "Error: SPD is incompatible with AArch32.") 518 endif 519 520 ifdef EL3_PAYLOAD_BASE 521 $(warning "SPD and EL3_PAYLOAD_BASE are incompatible build options.") 522 $(warning "The SPD and its BL32 companion will be present but ignored.") 523 endif 524 525 ifeq (${SPD},spmd) 526 # SPMD is located in std_svc directory 527 SPD_DIR := std_svc 528 529 ifeq ($(SPMD_SPM_AT_SEL2),1) 530 ifeq ($(CTX_INCLUDE_EL2_REGS),0) 531 $(error SPMD with SPM at S-EL2 requires CTX_INCLUDE_EL2_REGS option) 532 endif 533 endif 534 535 ifeq ($(findstring optee_sp,$(ARM_SPMC_MANIFEST_DTS)),optee_sp) 536 DTC_CPPFLAGS += -DOPTEE_SP_FW_CONFIG 537 endif 538 539 ifeq ($(TS_SP_FW_CONFIG),1) 540 DTC_CPPFLAGS += -DTS_SP_FW_CONFIG 541 endif 542 543 ifneq ($(ARM_BL2_SP_LIST_DTS),) 544 DTC_CPPFLAGS += -DARM_BL2_SP_LIST_DTS=$(ARM_BL2_SP_LIST_DTS) 545 endif 546 547 ifneq ($(SP_LAYOUT_FILE),) 548 BL2_ENABLE_SP_LOAD := 1 549 endif 550 else 551 # All other SPDs in spd directory 552 SPD_DIR := spd 553 endif 554 555 # We expect to locate an spd.mk under the specified SPD directory 556 SPD_MAKE := $(wildcard services/${SPD_DIR}/${SPD}/${SPD}.mk) 557 558 ifeq (${SPD_MAKE},) 559 $(error Error: No services/${SPD_DIR}/${SPD}/${SPD}.mk located) 560 endif 561 $(info Including ${SPD_MAKE}) 562 include ${SPD_MAKE} 563 564 # If there's BL32 companion for the chosen SPD, we expect that the SPD's 565 # Makefile would set NEED_BL32 to "yes". In this case, the build system 566 # supports two mutually exclusive options: 567 # * BL32 is built from source: then BL32_SOURCES must contain the list 568 # of source files to build BL32 569 # * BL32 is a prebuilt binary: then BL32 must point to the image file 570 # that will be included in the FIP 571 # If both BL32_SOURCES and BL32 are defined, the binary takes precedence 572 # over the sources. 573endif 574 575################################################################################ 576# Include rmmd Makefile if RME is enabled 577################################################################################ 578 579ifneq (${ENABLE_RME},0) 580ifneq (${ARCH},aarch64) 581 $(error ENABLE_RME requires AArch64) 582endif 583include services/std_svc/rmmd/rmmd.mk 584$(warning "RME is an experimental feature") 585endif 586 587################################################################################ 588# Include the platform specific Makefile after the SPD Makefile (the platform 589# makefile may use all previous definitions in this file) 590################################################################################ 591 592include ${PLAT_MAKEFILE_FULL} 593 594$(eval $(call MAKE_PREREQ_DIR,${BUILD_PLAT})) 595 596ifeq (${ARM_ARCH_MAJOR},7) 597include make_helpers/armv7-a-cpus.mk 598endif 599 600PIE_FOUND := $(findstring --enable-default-pie,${GCC_V_OUTPUT}) 601ifneq ($(PIE_FOUND),) 602 TF_CFLAGS += -fno-PIE 603endif 604 605ifneq ($(findstring gcc,$(notdir $(LD))),) 606 PIE_LDFLAGS += -Wl,-pie -Wl,--no-dynamic-linker 607else 608 PIE_LDFLAGS += -pie --no-dynamic-linker 609endif 610 611ifeq ($(ENABLE_PIE),1) 612ifeq ($(BL2_AT_EL3),1) 613ifneq ($(BL2_IN_XIP_MEM),1) 614 BL2_CFLAGS += -fpie 615 BL2_LDFLAGS += $(PIE_LDFLAGS) 616endif 617endif 618 BL31_CFLAGS += -fpie 619 BL31_LDFLAGS += $(PIE_LDFLAGS) 620 BL32_CFLAGS += -fpie 621 BL32_LDFLAGS += $(PIE_LDFLAGS) 622endif 623 624ifeq (${ARCH},aarch64) 625BL1_CPPFLAGS += -DIMAGE_AT_EL3 626ifeq ($(BL2_AT_EL3),1) 627BL2_CPPFLAGS += -DIMAGE_AT_EL3 628else 629BL2_CPPFLAGS += -DIMAGE_AT_EL1 630endif 631BL2U_CPPFLAGS += -DIMAGE_AT_EL1 632BL31_CPPFLAGS += -DIMAGE_AT_EL3 633BL32_CPPFLAGS += -DIMAGE_AT_EL1 634endif 635 636# Include the CPU specific operations makefile, which provides default 637# values for all CPU errata workarounds and CPU specific optimisations. 638# This can be overridden by the platform. 639include lib/cpus/cpu-ops.mk 640 641ifeq (${ARCH},aarch32) 642NEED_BL32 := yes 643 644################################################################################ 645# Build `AARCH32_SP` as BL32 image for AArch32 646################################################################################ 647ifneq (${AARCH32_SP},none) 648# We expect to locate an sp.mk under the specified AARCH32_SP directory 649AARCH32_SP_MAKE := $(wildcard bl32/${AARCH32_SP}/${AARCH32_SP}.mk) 650 651ifeq (${AARCH32_SP_MAKE},) 652 $(error Error: No bl32/${AARCH32_SP}/${AARCH32_SP}.mk located) 653endif 654 655$(info Including ${AARCH32_SP_MAKE}) 656include ${AARCH32_SP_MAKE} 657endif 658 659endif 660 661################################################################################ 662# Include libc if not overridden 663################################################################################ 664ifeq (${OVERRIDE_LIBC},0) 665include lib/libc/libc.mk 666endif 667 668################################################################################ 669# Check incompatible options 670################################################################################ 671 672ifdef EL3_PAYLOAD_BASE 673 ifdef PRELOADED_BL33_BASE 674 $(warning "PRELOADED_BL33_BASE and EL3_PAYLOAD_BASE are \ 675 incompatible build options. EL3_PAYLOAD_BASE has priority.") 676 endif 677 ifneq (${GENERATE_COT},0) 678 $(error "GENERATE_COT and EL3_PAYLOAD_BASE are incompatible build options.") 679 endif 680 ifneq (${TRUSTED_BOARD_BOOT},0) 681 $(error "TRUSTED_BOARD_BOOT and EL3_PAYLOAD_BASE are incompatible build options.") 682 endif 683endif 684 685ifeq (${NEED_BL33},yes) 686 ifdef EL3_PAYLOAD_BASE 687 $(warning "BL33 image is not needed when option \ 688 BL33_PAYLOAD_BASE is used and won't be added to the FIP file.") 689 endif 690 ifdef PRELOADED_BL33_BASE 691 $(warning "BL33 image is not needed when option \ 692 PRELOADED_BL33_BASE is used and won't be added to the FIP \ 693 file.") 694 endif 695endif 696 697# When building for systems with hardware-assisted coherency, there's no need to 698# use USE_COHERENT_MEM. Require that USE_COHERENT_MEM must be set to 0 too. 699ifeq ($(HW_ASSISTED_COHERENCY)-$(USE_COHERENT_MEM),1-1) 700$(error USE_COHERENT_MEM cannot be enabled with HW_ASSISTED_COHERENCY) 701endif 702 703#For now, BL2_IN_XIP_MEM is only supported when BL2_AT_EL3 is 1. 704ifeq ($(BL2_AT_EL3)-$(BL2_IN_XIP_MEM),0-1) 705$(error "BL2_IN_XIP_MEM is only supported when BL2_AT_EL3 is enabled") 706endif 707 708# For RAS_EXTENSION, require that EAs are handled in EL3 first 709ifeq ($(RAS_EXTENSION),1) 710 ifneq ($(HANDLE_EA_EL3_FIRST),1) 711 $(error For RAS_EXTENSION, HANDLE_EA_EL3_FIRST must also be 1) 712 endif 713endif 714 715# When FAULT_INJECTION_SUPPORT is used, require that RAS_EXTENSION is enabled 716ifeq ($(FAULT_INJECTION_SUPPORT),1) 717 ifneq ($(RAS_EXTENSION),1) 718 $(error For FAULT_INJECTION_SUPPORT, RAS_EXTENSION must also be 1) 719 endif 720endif 721 722# DYN_DISABLE_AUTH can be set only when TRUSTED_BOARD_BOOT=1 723ifeq ($(DYN_DISABLE_AUTH), 1) 724 ifeq (${TRUSTED_BOARD_BOOT}, 0) 725 $(error "TRUSTED_BOARD_BOOT must be enabled for DYN_DISABLE_AUTH to be set.") 726 endif 727endif 728 729# SDEI_IN_FCONF is only supported when SDEI_SUPPORT is enabled. 730ifeq ($(SDEI_SUPPORT)-$(SDEI_IN_FCONF),0-1) 731$(error "SDEI_IN_FCONF is only supported when SDEI_SUPPORT is enabled") 732endif 733 734# If pointer authentication is used in the firmware, make sure that all the 735# registers associated to it are also saved and restored. 736# Not doing it would leak the value of the keys used by EL3 to EL1 and S-EL1. 737ifeq ($(ENABLE_PAUTH),1) 738 ifeq ($(CTX_INCLUDE_PAUTH_REGS),0) 739 $(error Pointer Authentication requires CTX_INCLUDE_PAUTH_REGS=1) 740 endif 741endif 742 743ifeq ($(CTX_INCLUDE_PAUTH_REGS),1) 744 ifneq (${ARCH},aarch64) 745 $(error CTX_INCLUDE_PAUTH_REGS requires AArch64) 746 endif 747endif 748 749ifeq ($(CTX_INCLUDE_MTE_REGS),1) 750 ifneq (${ARCH},aarch64) 751 $(error CTX_INCLUDE_MTE_REGS requires AArch64) 752 endif 753endif 754 755# Trusted Boot is a prerequisite for Measured Boot. It provides trust that the 756# code taking the measurements and recording them has not been tampered 757# with. This is referred to as the Root of Trust for Measurement. 758ifeq ($(MEASURED_BOOT),1) 759 ifneq (${TRUSTED_BOARD_BOOT},1) 760 $(error MEASURED_BOOT requires TRUSTED_BOARD_BOOT=1) 761 endif 762endif 763 764ifeq ($(PSA_FWU_SUPPORT),1) 765 $(info PSA_FWU_SUPPORT is an experimental feature) 766endif 767 768ifeq (${ARM_XLAT_TABLES_LIB_V1}, 1) 769 ifeq (${ALLOW_RO_XLAT_TABLES}, 1) 770 $(error "ALLOW_RO_XLAT_TABLES requires translation tables library v2") 771 endif 772endif 773 774ifneq (${DECRYPTION_SUPPORT},none) 775 ifeq (${TRUSTED_BOARD_BOOT}, 0) 776 $(error TRUSTED_BOARD_BOOT must be enabled for DECRYPTION_SUPPORT to be set) 777 endif 778endif 779 780# SME/SVE only supported on AArch64 781ifeq (${ARCH},aarch32) 782 ifeq (${ENABLE_SME_FOR_NS},1) 783 $(error "ENABLE_SME_FOR_NS cannot be used with ARCH=aarch32") 784 endif 785 ifeq (${ENABLE_SVE_FOR_NS},1) 786 # Warning instead of error due to CI dependency on this 787 $(warning "ENABLE_SVE_FOR_NS cannot be used with ARCH=aarch32") 788 $(warning "Forced ENABLE_SVE_FOR_NS=0") 789 override ENABLE_SVE_FOR_NS := 0 790 endif 791endif 792 793# Ensure ENABLE_RME is not used with SME 794ifeq (${ENABLE_RME},1) 795 ifeq (${ENABLE_SME_FOR_NS},1) 796 $(error "ENABLE_SME_FOR_NS cannot be used with ENABLE_RME") 797 endif 798endif 799 800# Secure SME/SVE requires the non-secure component as well 801ifeq (${ENABLE_SME_FOR_SWD},1) 802 ifeq (${ENABLE_SME_FOR_NS},0) 803 $(error "ENABLE_SME_FOR_SWD requires ENABLE_SME_FOR_NS") 804 endif 805endif 806ifeq (${ENABLE_SVE_FOR_SWD},1) 807 ifeq (${ENABLE_SVE_FOR_NS},0) 808 $(error "ENABLE_SVE_FOR_SWD requires ENABLE_SVE_FOR_NS") 809 endif 810endif 811 812# SVE and SME cannot be used with CTX_INCLUDE_FPREGS since secure manager does 813# its own context management including FPU registers. 814ifeq (${CTX_INCLUDE_FPREGS},1) 815 ifeq (${ENABLE_SME_FOR_NS},1) 816 $(error "ENABLE_SME_FOR_NS cannot be used with CTX_INCLUDE_FPREGS") 817 endif 818 ifeq (${ENABLE_SVE_FOR_NS},1) 819 # Warning instead of error due to CI dependency on this 820 $(warning "ENABLE_SVE_FOR_NS cannot be used with CTX_INCLUDE_FPREGS") 821 $(warning "Forced ENABLE_SVE_FOR_NS=0") 822 override ENABLE_SVE_FOR_NS := 0 823 endif 824endif 825 826################################################################################ 827# Process platform overrideable behaviour 828################################################################################ 829 830ifdef BL1_SOURCES 831NEED_BL1 := yes 832endif 833 834ifdef BL2_SOURCES 835 NEED_BL2 := yes 836 837 # Using BL2 implies that a BL33 image also needs to be supplied for the FIP and 838 # Certificate generation tools. This flag can be overridden by the platform. 839 ifdef EL3_PAYLOAD_BASE 840 # If booting an EL3 payload there is no need for a BL33 image 841 # in the FIP file. 842 NEED_BL33 := no 843 else 844 ifdef PRELOADED_BL33_BASE 845 # If booting a BL33 preloaded image there is no need of 846 # another one in the FIP file. 847 NEED_BL33 := no 848 else 849 NEED_BL33 ?= yes 850 endif 851 endif 852endif 853 854ifdef BL2U_SOURCES 855NEED_BL2U := yes 856endif 857 858# If SCP_BL2 is given, we always want FIP to include it. 859ifdef SCP_BL2 860 NEED_SCP_BL2 := yes 861endif 862 863# For AArch32, BL31 is not currently supported. 864ifneq (${ARCH},aarch32) 865 ifdef BL31_SOURCES 866 # When booting an EL3 payload, there is no need to compile the BL31 image nor 867 # put it in the FIP. 868 ifndef EL3_PAYLOAD_BASE 869 NEED_BL31 := yes 870 endif 871 endif 872endif 873 874# Process TBB related flags 875ifneq (${GENERATE_COT},0) 876 # Common cert_create options 877 ifneq (${CREATE_KEYS},0) 878 $(eval CRT_ARGS += -n) 879 $(eval FWU_CRT_ARGS += -n) 880 ifneq (${SAVE_KEYS},0) 881 $(eval CRT_ARGS += -k) 882 $(eval FWU_CRT_ARGS += -k) 883 endif 884 endif 885 # Include TBBR makefile (unless the platform indicates otherwise) 886 ifeq (${INCLUDE_TBBR_MK},1) 887 include make_helpers/tbbr/tbbr_tools.mk 888 endif 889endif 890 891ifneq (${FIP_ALIGN},0) 892FIP_ARGS += --align ${FIP_ALIGN} 893endif 894 895ifdef FDT_SOURCES 896NEED_FDT := yes 897endif 898 899################################################################################ 900# Include libraries' Makefile that are used in all BL 901################################################################################ 902 903include lib/stack_protector/stack_protector.mk 904 905################################################################################ 906# Auxiliary tools (fiptool, cert_create, etc) 907################################################################################ 908 909# Variables for use with Certificate Generation Tool 910CRTTOOLPATH ?= tools/cert_create 911CRTTOOL ?= ${CRTTOOLPATH}/cert_create${BIN_EXT} 912 913# Variables for use with Firmware Encryption Tool 914ENCTOOLPATH ?= tools/encrypt_fw 915ENCTOOL ?= ${ENCTOOLPATH}/encrypt_fw${BIN_EXT} 916 917# Variables for use with Firmware Image Package 918FIPTOOLPATH ?= tools/fiptool 919FIPTOOL ?= ${FIPTOOLPATH}/fiptool${BIN_EXT} 920 921# Variables for use with sptool 922SPTOOLPATH ?= tools/sptool 923SPTOOL ?= ${SPTOOLPATH}/sptool${BIN_EXT} 924SP_MK_GEN ?= ${SPTOOLPATH}/sp_mk_generator.py 925 926# Variables for use with ROMLIB 927ROMLIBPATH ?= lib/romlib 928 929# Variable for use with Python 930PYTHON ?= python3 931 932# Variables for use with PRINT_MEMORY_MAP 933PRINT_MEMORY_MAP_PATH ?= tools/memory 934PRINT_MEMORY_MAP ?= ${PRINT_MEMORY_MAP_PATH}/print_memory_map.py 935 936# Variables for use with documentation build using Sphinx tool 937DOCS_PATH ?= docs 938 939################################################################################ 940# Include BL specific makefiles 941################################################################################ 942 943ifeq (${NEED_BL1},yes) 944include bl1/bl1.mk 945endif 946 947ifeq (${NEED_BL2},yes) 948include bl2/bl2.mk 949endif 950 951ifeq (${NEED_BL2U},yes) 952include bl2u/bl2u.mk 953endif 954 955ifeq (${NEED_BL31},yes) 956include bl31/bl31.mk 957endif 958 959################################################################################ 960# Build options checks 961################################################################################ 962 963$(eval $(call assert_booleans,\ 964 $(sort \ 965 ALLOW_RO_XLAT_TABLES \ 966 BL2_ENABLE_SP_LOAD \ 967 COLD_BOOT_SINGLE_CPU \ 968 CREATE_KEYS \ 969 CTX_INCLUDE_AARCH32_REGS \ 970 CTX_INCLUDE_FPREGS \ 971 CTX_INCLUDE_PAUTH_REGS \ 972 CTX_INCLUDE_MTE_REGS \ 973 CTX_INCLUDE_EL2_REGS \ 974 CTX_INCLUDE_NEVE_REGS \ 975 DEBUG \ 976 DISABLE_MTPMU \ 977 DYN_DISABLE_AUTH \ 978 EL3_EXCEPTION_HANDLING \ 979 ENABLE_AMU \ 980 ENABLE_AMU_AUXILIARY_COUNTERS \ 981 ENABLE_AMU_FCONF \ 982 AMU_RESTRICT_COUNTERS \ 983 ENABLE_ASSERTIONS \ 984 ENABLE_MPAM_FOR_LOWER_ELS \ 985 ENABLE_PIE \ 986 ENABLE_PMF \ 987 ENABLE_PSCI_STAT \ 988 ENABLE_RME \ 989 ENABLE_RUNTIME_INSTRUMENTATION \ 990 ENABLE_SME_FOR_NS \ 991 ENABLE_SME_FOR_SWD \ 992 ENABLE_SPE_FOR_LOWER_ELS \ 993 ENABLE_SVE_FOR_NS \ 994 ENABLE_SVE_FOR_SWD \ 995 ERROR_DEPRECATED \ 996 FAULT_INJECTION_SUPPORT \ 997 GENERATE_COT \ 998 GICV2_G0_FOR_EL3 \ 999 HANDLE_EA_EL3_FIRST \ 1000 HW_ASSISTED_COHERENCY \ 1001 INVERTED_MEMMAP \ 1002 MEASURED_BOOT \ 1003 NS_TIMER_SWITCH \ 1004 OVERRIDE_LIBC \ 1005 PL011_GENERIC_UART \ 1006 PROGRAMMABLE_RESET_ADDRESS \ 1007 PSCI_EXTENDED_STATE_ID \ 1008 RAS_EXTENSION \ 1009 RESET_TO_BL31 \ 1010 SAVE_KEYS \ 1011 SEPARATE_CODE_AND_RODATA \ 1012 SEPARATE_NOBITS_REGION \ 1013 SPIN_ON_BL1_EXIT \ 1014 SPM_MM \ 1015 SPMD_SPM_AT_SEL2 \ 1016 TRUSTED_BOARD_BOOT \ 1017 USE_COHERENT_MEM \ 1018 USE_DEBUGFS \ 1019 ARM_IO_IN_DTB \ 1020 SDEI_IN_FCONF \ 1021 SEC_INT_DESC_IN_FCONF \ 1022 USE_ROMLIB \ 1023 USE_TBBR_DEFS \ 1024 WARMBOOT_ENABLE_DCACHE_EARLY \ 1025 BL2_AT_EL3 \ 1026 BL2_IN_XIP_MEM \ 1027 BL2_INV_DCACHE \ 1028 USE_SPINLOCK_CAS \ 1029 ENCRYPT_BL31 \ 1030 ENCRYPT_BL32 \ 1031 ERRATA_SPECULATIVE_AT \ 1032 RAS_TRAP_LOWER_EL_ERR_ACCESS \ 1033 COT_DESC_IN_DTB \ 1034 USE_SP804_TIMER \ 1035 ENABLE_FEAT_RNG \ 1036 ENABLE_FEAT_SB \ 1037 PSA_FWU_SUPPORT \ 1038 ENABLE_TRBE_FOR_NS \ 1039 ENABLE_SYS_REG_TRACE_FOR_NS \ 1040 ENABLE_TRF_FOR_NS \ 1041 ENABLE_FEAT_HCX \ 1042 ENABLE_MPMM \ 1043 ENABLE_MPMM_FCONF \ 1044))) 1045 1046$(eval $(call assert_numerics,\ 1047 $(sort \ 1048 ARM_ARCH_MAJOR \ 1049 ARM_ARCH_MINOR \ 1050 BRANCH_PROTECTION \ 1051 FW_ENC_STATUS \ 1052 NR_OF_FW_BANKS \ 1053 NR_OF_IMAGES_IN_FW_BANK \ 1054))) 1055 1056ifdef KEY_SIZE 1057 $(eval $(call assert_numeric,KEY_SIZE)) 1058endif 1059 1060ifeq ($(filter $(SANITIZE_UB), on off trap),) 1061 $(error "Invalid value for SANITIZE_UB: can be one of on, off, trap") 1062endif 1063 1064################################################################################ 1065# Add definitions to the cpp preprocessor based on the current build options. 1066# This is done after including the platform specific makefile to allow the 1067# platform to overwrite the default options 1068################################################################################ 1069 1070$(eval $(call add_defines,\ 1071 $(sort \ 1072 ALLOW_RO_XLAT_TABLES \ 1073 ARM_ARCH_MAJOR \ 1074 ARM_ARCH_MINOR \ 1075 BL2_ENABLE_SP_LOAD \ 1076 COLD_BOOT_SINGLE_CPU \ 1077 CTX_INCLUDE_AARCH32_REGS \ 1078 CTX_INCLUDE_FPREGS \ 1079 CTX_INCLUDE_PAUTH_REGS \ 1080 EL3_EXCEPTION_HANDLING \ 1081 CTX_INCLUDE_MTE_REGS \ 1082 CTX_INCLUDE_EL2_REGS \ 1083 CTX_INCLUDE_NEVE_REGS \ 1084 DECRYPTION_SUPPORT_${DECRYPTION_SUPPORT} \ 1085 DISABLE_MTPMU \ 1086 ENABLE_AMU \ 1087 ENABLE_AMU_AUXILIARY_COUNTERS \ 1088 ENABLE_AMU_FCONF \ 1089 AMU_RESTRICT_COUNTERS \ 1090 ENABLE_ASSERTIONS \ 1091 ENABLE_BTI \ 1092 ENABLE_MPAM_FOR_LOWER_ELS \ 1093 ENABLE_PAUTH \ 1094 ENABLE_PIE \ 1095 ENABLE_PMF \ 1096 ENABLE_PSCI_STAT \ 1097 ENABLE_RME \ 1098 ENABLE_RUNTIME_INSTRUMENTATION \ 1099 ENABLE_SME_FOR_NS \ 1100 ENABLE_SME_FOR_SWD \ 1101 ENABLE_SPE_FOR_LOWER_ELS \ 1102 ENABLE_SVE_FOR_NS \ 1103 ENABLE_SVE_FOR_SWD \ 1104 ENCRYPT_BL31 \ 1105 ENCRYPT_BL32 \ 1106 ERROR_DEPRECATED \ 1107 FAULT_INJECTION_SUPPORT \ 1108 GICV2_G0_FOR_EL3 \ 1109 HANDLE_EA_EL3_FIRST \ 1110 HW_ASSISTED_COHERENCY \ 1111 LOG_LEVEL \ 1112 MEASURED_BOOT \ 1113 NS_TIMER_SWITCH \ 1114 PL011_GENERIC_UART \ 1115 PLAT_${PLAT} \ 1116 PROGRAMMABLE_RESET_ADDRESS \ 1117 PSCI_EXTENDED_STATE_ID \ 1118 RAS_EXTENSION \ 1119 RESET_TO_BL31 \ 1120 SEPARATE_CODE_AND_RODATA \ 1121 SEPARATE_NOBITS_REGION \ 1122 RECLAIM_INIT_CODE \ 1123 SPD_${SPD} \ 1124 SPIN_ON_BL1_EXIT \ 1125 SPM_MM \ 1126 SPMD_SPM_AT_SEL2 \ 1127 TRUSTED_BOARD_BOOT \ 1128 TRNG_SUPPORT \ 1129 USE_COHERENT_MEM \ 1130 USE_DEBUGFS \ 1131 ARM_IO_IN_DTB \ 1132 SDEI_IN_FCONF \ 1133 SEC_INT_DESC_IN_FCONF \ 1134 USE_ROMLIB \ 1135 USE_TBBR_DEFS \ 1136 WARMBOOT_ENABLE_DCACHE_EARLY \ 1137 BL2_AT_EL3 \ 1138 BL2_IN_XIP_MEM \ 1139 BL2_INV_DCACHE \ 1140 USE_SPINLOCK_CAS \ 1141 ERRATA_SPECULATIVE_AT \ 1142 RAS_TRAP_LOWER_EL_ERR_ACCESS \ 1143 COT_DESC_IN_DTB \ 1144 USE_SP804_TIMER \ 1145 ENABLE_FEAT_RNG \ 1146 ENABLE_FEAT_SB \ 1147 NR_OF_FW_BANKS \ 1148 NR_OF_IMAGES_IN_FW_BANK \ 1149 PSA_FWU_SUPPORT \ 1150 ENABLE_TRBE_FOR_NS \ 1151 ENABLE_SYS_REG_TRACE_FOR_NS \ 1152 ENABLE_TRF_FOR_NS \ 1153 ENABLE_FEAT_HCX \ 1154 ENABLE_MPMM \ 1155 ENABLE_MPMM_FCONF \ 1156))) 1157 1158ifeq (${SANITIZE_UB},trap) 1159 $(eval $(call add_define,MONITOR_TRAPS)) 1160endif 1161 1162# Define the EL3_PAYLOAD_BASE flag only if it is provided. 1163ifdef EL3_PAYLOAD_BASE 1164 $(eval $(call add_define,EL3_PAYLOAD_BASE)) 1165else 1166 # Define the PRELOADED_BL33_BASE flag only if it is provided and 1167 # EL3_PAYLOAD_BASE is not defined, as it has priority. 1168 ifdef PRELOADED_BL33_BASE 1169 $(eval $(call add_define,PRELOADED_BL33_BASE)) 1170 endif 1171endif 1172 1173# Define the DYN_DISABLE_AUTH flag only if set. 1174ifeq (${DYN_DISABLE_AUTH},1) 1175$(eval $(call add_define,DYN_DISABLE_AUTH)) 1176endif 1177 1178ifneq ($(findstring armlink,$(notdir $(LD))),) 1179$(eval $(call add_define,USE_ARM_LINK)) 1180endif 1181 1182# Generate and include sp_gen.mk if SPD is spmd and SP_LAYOUT_FILE is defined 1183ifeq (${SPD},spmd) 1184ifdef SP_LAYOUT_FILE 1185 -include $(BUILD_PLAT)/sp_gen.mk 1186 FIP_DEPS += sp 1187 CRT_DEPS += sp 1188 NEED_SP_PKG := yes 1189else 1190 ifeq (${SPMD_SPM_AT_SEL2},1) 1191 $(error "SPMD with SPM at S-EL2 require SP_LAYOUT_FILE") 1192 endif 1193endif 1194endif 1195 1196################################################################################ 1197# Build targets 1198################################################################################ 1199 1200.PHONY: all msg_start clean realclean distclean cscope locate-checkpatch checkcodebase checkpatch fiptool sptool fip sp fwu_fip certtool dtbs memmap doc enctool 1201.SUFFIXES: 1202 1203all: msg_start 1204 1205msg_start: 1206 @echo "Building ${PLAT}" 1207 1208ifeq (${ERROR_DEPRECATED},0) 1209# Check if deprecated declarations and cpp warnings should be treated as error or not. 1210ifneq ($(findstring clang,$(notdir $(CC))),) 1211 CPPFLAGS += -Wno-error=deprecated-declarations 1212else 1213 CPPFLAGS += -Wno-error=deprecated-declarations -Wno-error=cpp 1214endif 1215endif # !ERROR_DEPRECATED 1216 1217$(eval $(call MAKE_LIB_DIRS)) 1218$(eval $(call MAKE_LIB,c)) 1219 1220# Expand build macros for the different images 1221ifeq (${NEED_BL1},yes) 1222BL1_SOURCES := $(sort ${BL1_SOURCES}) 1223 1224$(eval $(call MAKE_BL,bl1)) 1225endif 1226 1227ifeq (${NEED_BL2},yes) 1228ifeq (${BL2_AT_EL3}, 0) 1229FIP_BL2_ARGS := tb-fw 1230endif 1231 1232BL2_SOURCES := $(sort ${BL2_SOURCES}) 1233 1234$(if ${BL2}, $(eval $(call TOOL_ADD_IMG,bl2,--${FIP_BL2_ARGS})),\ 1235 $(eval $(call MAKE_BL,bl2,${FIP_BL2_ARGS}))) 1236endif 1237 1238ifeq (${NEED_SCP_BL2},yes) 1239$(eval $(call TOOL_ADD_IMG,scp_bl2,--scp-fw)) 1240endif 1241 1242ifeq (${NEED_BL31},yes) 1243BL31_SOURCES += ${SPD_SOURCES} 1244# Sort BL31 source files to remove duplicates 1245BL31_SOURCES := $(sort ${BL31_SOURCES}) 1246ifneq (${DECRYPTION_SUPPORT},none) 1247$(if ${BL31}, $(eval $(call TOOL_ADD_IMG,bl31,--soc-fw,,$(ENCRYPT_BL31))),\ 1248 $(eval $(call MAKE_BL,bl31,soc-fw,,$(ENCRYPT_BL31)))) 1249else 1250$(if ${BL31}, $(eval $(call TOOL_ADD_IMG,bl31,--soc-fw)),\ 1251 $(eval $(call MAKE_BL,bl31,soc-fw))) 1252endif 1253endif 1254 1255# If a BL32 image is needed but neither BL32 nor BL32_SOURCES is defined, the 1256# build system will call TOOL_ADD_IMG to print a warning message and abort the 1257# process. Note that the dependency on BL32 applies to the FIP only. 1258ifeq (${NEED_BL32},yes) 1259# Sort BL32 source files to remove duplicates 1260BL32_SOURCES := $(sort ${BL32_SOURCES}) 1261BUILD_BL32 := $(if $(BL32),,$(if $(BL32_SOURCES),1)) 1262 1263ifneq (${DECRYPTION_SUPPORT},none) 1264$(if ${BUILD_BL32}, $(eval $(call MAKE_BL,bl32,tos-fw,,$(ENCRYPT_BL32))),\ 1265 $(eval $(call TOOL_ADD_IMG,bl32,--tos-fw,,$(ENCRYPT_BL32)))) 1266else 1267$(if ${BUILD_BL32}, $(eval $(call MAKE_BL,bl32,tos-fw)),\ 1268 $(eval $(call TOOL_ADD_IMG,bl32,--tos-fw))) 1269endif 1270endif 1271 1272# If RMM image is needed but RMM is not defined, Test Realm Payload (TRP) 1273# needs to be built from RMM_SOURCES. 1274ifeq (${NEED_RMM},yes) 1275# Sort RMM source files to remove duplicates 1276RMM_SOURCES := $(sort ${RMM_SOURCES}) 1277BUILD_RMM := $(if $(RMM),,$(if $(RMM_SOURCES),1)) 1278 1279$(if ${BUILD_RMM}, $(eval $(call MAKE_BL,rmm,rmm-fw)),\ 1280 $(eval $(call TOOL_ADD_IMG,rmm,--rmm-fw))) 1281endif 1282 1283# Add the BL33 image if required by the platform 1284ifeq (${NEED_BL33},yes) 1285$(eval $(call TOOL_ADD_IMG,bl33,--nt-fw)) 1286endif 1287 1288ifeq (${NEED_BL2U},yes) 1289$(if ${BL2U}, $(eval $(call TOOL_ADD_IMG,bl2u,--ap-fwu-cfg,FWU_)),\ 1290 $(eval $(call MAKE_BL,bl2u,ap-fwu-cfg,FWU_))) 1291endif 1292 1293# Expand build macros for the different images 1294ifeq (${NEED_FDT},yes) 1295 $(eval $(call MAKE_DTBS,$(BUILD_PLAT)/fdts,$(FDT_SOURCES))) 1296endif 1297 1298# Add Secure Partition packages 1299ifeq (${NEED_SP_PKG},yes) 1300$(BUILD_PLAT)/sp_gen.mk: ${SP_MK_GEN} ${SP_LAYOUT_FILE} | ${BUILD_PLAT} 1301 ${Q}${PYTHON} "$<" "$@" $(filter-out $<,$^) $(BUILD_PLAT) ${COT} 1302sp: $(SPTOOL) $(DTBS) $(BUILD_PLAT)/sp_gen.mk 1303 ${Q}$(SPTOOL) $(SPTOOL_ARGS) 1304 @${ECHO_BLANK_LINE} 1305 @echo "Built SP Images successfully" 1306 @${ECHO_BLANK_LINE} 1307endif 1308 1309locate-checkpatch: 1310ifndef CHECKPATCH 1311 $(error "Please set CHECKPATCH to point to the Linux checkpatch.pl file, eg: CHECKPATCH=../linux/scripts/checkpatch.pl") 1312else 1313ifeq (,$(wildcard ${CHECKPATCH})) 1314 $(error "The file CHECKPATCH points to cannot be found, use eg: CHECKPATCH=../linux/scripts/checkpatch.pl") 1315endif 1316endif 1317 1318clean: 1319 @echo " CLEAN" 1320 $(call SHELL_REMOVE_DIR,${BUILD_PLAT}) 1321ifdef UNIX_MK 1322 ${Q}${MAKE} --no-print-directory -C ${FIPTOOLPATH} clean 1323else 1324# Clear the MAKEFLAGS as we do not want 1325# to pass the gnumake flags to nmake. 1326 ${Q}set MAKEFLAGS= && ${MSVC_NMAKE} /nologo /f ${FIPTOOLPATH}/Makefile.msvc FIPTOOLPATH=$(subst /,\,$(FIPTOOLPATH)) FIPTOOL=$(subst /,\,$(FIPTOOL)) clean 1327endif 1328 ${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${CRTTOOLPATH} clean 1329 ${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${ENCTOOLPATH} clean 1330 ${Q}${MAKE} --no-print-directory -C ${ROMLIBPATH} clean 1331 1332realclean distclean: 1333 @echo " REALCLEAN" 1334 $(call SHELL_REMOVE_DIR,${BUILD_BASE}) 1335 $(call SHELL_DELETE_ALL, ${CURDIR}/cscope.*) 1336ifdef UNIX_MK 1337 ${Q}${MAKE} --no-print-directory -C ${FIPTOOLPATH} clean 1338else 1339# Clear the MAKEFLAGS as we do not want 1340# to pass the gnumake flags to nmake. 1341 ${Q}set MAKEFLAGS= && ${MSVC_NMAKE} /nologo /f ${FIPTOOLPATH}/Makefile.msvc FIPTOOLPATH=$(subst /,\,$(FIPTOOLPATH)) FIPTOOL=$(subst /,\,$(FIPTOOL)) realclean 1342endif 1343 ${Q}${MAKE} --no-print-directory -C ${SPTOOLPATH} clean 1344 ${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${CRTTOOLPATH} clean 1345 ${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${ENCTOOLPATH} realclean 1346 ${Q}${MAKE} --no-print-directory -C ${ROMLIBPATH} clean 1347 1348checkcodebase: locate-checkpatch 1349 @echo " CHECKING STYLE" 1350 @if test -d .git ; then \ 1351 git ls-files | grep -E -v 'libfdt|libc|docs|\.rst' | \ 1352 while read GIT_FILE ; \ 1353 do ${CHECKPATCH} ${CHECKCODE_ARGS} -f $$GIT_FILE ; \ 1354 done ; \ 1355 else \ 1356 find . -type f -not -iwholename "*.git*" \ 1357 -not -iwholename "*build*" \ 1358 -not -iwholename "*libfdt*" \ 1359 -not -iwholename "*libc*" \ 1360 -not -iwholename "*docs*" \ 1361 -not -iwholename "*.rst" \ 1362 -exec ${CHECKPATCH} ${CHECKCODE_ARGS} -f {} \; ; \ 1363 fi 1364 1365checkpatch: locate-checkpatch 1366 @echo " CHECKING STYLE" 1367 @if test -n "${CHECKPATCH_OPTS}"; then \ 1368 echo " with ${CHECKPATCH_OPTS} option(s)"; \ 1369 fi 1370 ${Q}COMMON_COMMIT=$$(git merge-base HEAD ${BASE_COMMIT}); \ 1371 for commit in `git rev-list --no-merges $$COMMON_COMMIT..HEAD`; \ 1372 do \ 1373 printf "\n[*] Checking style of '$$commit'\n\n"; \ 1374 git log --format=email "$$commit~..$$commit" \ 1375 -- ${CHECK_PATHS} | \ 1376 ${CHECKPATCH} ${CHECKPATCH_OPTS} - || true; \ 1377 git diff --format=email "$$commit~..$$commit" \ 1378 -- ${CHECK_PATHS} | \ 1379 ${CHECKPATCH} ${CHECKPATCH_OPTS} - || true; \ 1380 done 1381 1382certtool: ${CRTTOOL} 1383 1384${CRTTOOL}: FORCE 1385 ${Q}${MAKE} PLAT=${PLAT} USE_TBBR_DEFS=${USE_TBBR_DEFS} COT=${COT} OPENSSL_DIR=${OPENSSL_DIR} CRTTOOL=${CRTTOOL} --no-print-directory -C ${CRTTOOLPATH} 1386 @${ECHO_BLANK_LINE} 1387 @echo "Built $@ successfully" 1388 @${ECHO_BLANK_LINE} 1389 1390ifneq (${GENERATE_COT},0) 1391certificates: ${CRT_DEPS} ${CRTTOOL} 1392 ${Q}${CRTTOOL} ${CRT_ARGS} 1393 @${ECHO_BLANK_LINE} 1394 @echo "Built $@ successfully" 1395 @echo "Certificates can be found in ${BUILD_PLAT}" 1396 @${ECHO_BLANK_LINE} 1397endif 1398 1399${BUILD_PLAT}/${FIP_NAME}: ${FIP_DEPS} ${FIPTOOL} 1400 $(eval ${CHECK_FIP_CMD}) 1401 ${Q}${FIPTOOL} create ${FIP_ARGS} $@ 1402 ${Q}${FIPTOOL} info $@ 1403 @${ECHO_BLANK_LINE} 1404 @echo "Built $@ successfully" 1405 @${ECHO_BLANK_LINE} 1406 1407ifneq (${GENERATE_COT},0) 1408fwu_certificates: ${FWU_CRT_DEPS} ${CRTTOOL} 1409 ${Q}${CRTTOOL} ${FWU_CRT_ARGS} 1410 @${ECHO_BLANK_LINE} 1411 @echo "Built $@ successfully" 1412 @echo "FWU certificates can be found in ${BUILD_PLAT}" 1413 @${ECHO_BLANK_LINE} 1414endif 1415 1416${BUILD_PLAT}/${FWU_FIP_NAME}: ${FWU_FIP_DEPS} ${FIPTOOL} 1417 $(eval ${CHECK_FWU_FIP_CMD}) 1418 ${Q}${FIPTOOL} create ${FWU_FIP_ARGS} $@ 1419 ${Q}${FIPTOOL} info $@ 1420 @${ECHO_BLANK_LINE} 1421 @echo "Built $@ successfully" 1422 @${ECHO_BLANK_LINE} 1423 1424fiptool: ${FIPTOOL} 1425fip: ${BUILD_PLAT}/${FIP_NAME} 1426fwu_fip: ${BUILD_PLAT}/${FWU_FIP_NAME} 1427 1428${FIPTOOL}: FORCE 1429ifdef UNIX_MK 1430 ${Q}${MAKE} CPPFLAGS="-DVERSION='\"${VERSION_STRING}\"'" FIPTOOL=${FIPTOOL} --no-print-directory -C ${FIPTOOLPATH} 1431else 1432# Clear the MAKEFLAGS as we do not want 1433# to pass the gnumake flags to nmake. 1434 ${Q}set MAKEFLAGS= && ${MSVC_NMAKE} /nologo /f ${FIPTOOLPATH}/Makefile.msvc FIPTOOLPATH=$(subst /,\,$(FIPTOOLPATH)) FIPTOOL=$(subst /,\,$(FIPTOOL)) 1435endif 1436 1437sptool: ${SPTOOL} 1438${SPTOOL}: FORCE 1439 ${Q}${MAKE} CPPFLAGS="-DVERSION='\"${VERSION_STRING}\"'" SPTOOL=${SPTOOL} --no-print-directory -C ${SPTOOLPATH} 1440 1441romlib.bin: libraries FORCE 1442 ${Q}${MAKE} PLAT_DIR=${PLAT_DIR} BUILD_PLAT=${BUILD_PLAT} ENABLE_BTI=${ENABLE_BTI} ARM_ARCH_MINOR=${ARM_ARCH_MINOR} INCLUDES='${INCLUDES}' DEFINES='${DEFINES}' --no-print-directory -C ${ROMLIBPATH} all 1443 1444# Call print_memory_map tool 1445memmap: all 1446 ${Q}${PYTHON} ${PRINT_MEMORY_MAP} ${BUILD_PLAT} ${INVERTED_MEMMAP} 1447 1448doc: 1449 @echo " BUILD DOCUMENTATION" 1450 ${Q}${MAKE} --no-print-directory -C ${DOCS_PATH} html 1451 1452enctool: ${ENCTOOL} 1453 1454${ENCTOOL}: FORCE 1455 ${Q}${MAKE} PLAT=${PLAT} BUILD_INFO=0 OPENSSL_DIR=${OPENSSL_DIR} ENCTOOL=${ENCTOOL} --no-print-directory -C ${ENCTOOLPATH} 1456 @${ECHO_BLANK_LINE} 1457 @echo "Built $@ successfully" 1458 @${ECHO_BLANK_LINE} 1459 1460cscope: 1461 @echo " CSCOPE" 1462 ${Q}find ${CURDIR} -name "*.[chsS]" > cscope.files 1463 ${Q}cscope -b -q -k 1464 1465help: 1466 @echo "usage: ${MAKE} [PLAT=<platform>] [OPTIONS] [TARGET]" 1467 @echo "" 1468 @echo "PLAT is used to specify which platform you wish to build." 1469 @echo "If no platform is specified, PLAT defaults to: ${DEFAULT_PLAT}" 1470 @echo "" 1471 @echo "platform = ${PLATFORM_LIST}" 1472 @echo "" 1473 @echo "Please refer to the User Guide for a list of all supported options." 1474 @echo "Note that the build system doesn't track dependencies for build " 1475 @echo "options. Therefore, if any of the build options are changed " 1476 @echo "from a previous build, a clean build must be performed." 1477 @echo "" 1478 @echo "Supported Targets:" 1479 @echo " all Build all individual bootloader binaries" 1480 @echo " bl1 Build the BL1 binary" 1481 @echo " bl2 Build the BL2 binary" 1482 @echo " bl2u Build the BL2U binary" 1483 @echo " bl31 Build the BL31 binary" 1484 @echo " bl32 Build the BL32 binary. If ARCH=aarch32, then " 1485 @echo " this builds secure payload specified by AARCH32_SP" 1486 @echo " certificates Build the certificates (requires 'GENERATE_COT=1')" 1487 @echo " fip Build the Firmware Image Package (FIP)" 1488 @echo " fwu_fip Build the FWU Firmware Image Package (FIP)" 1489 @echo " checkcodebase Check the coding style of the entire source tree" 1490 @echo " checkpatch Check the coding style on changes in the current" 1491 @echo " branch against BASE_COMMIT (default origin/master)" 1492 @echo " clean Clean the build for the selected platform" 1493 @echo " cscope Generate cscope index" 1494 @echo " distclean Remove all build artifacts for all platforms" 1495 @echo " certtool Build the Certificate generation tool" 1496 @echo " enctool Build the Firmware encryption tool" 1497 @echo " fiptool Build the Firmware Image Package (FIP) creation tool" 1498 @echo " sp Build the Secure Partition Packages" 1499 @echo " sptool Build the Secure Partition Package creation tool" 1500 @echo " dtbs Build the Device Tree Blobs (if required for the platform)" 1501 @echo " memmap Print the memory map of the built binaries" 1502 @echo " doc Build html based documentation using Sphinx tool" 1503 @echo "" 1504 @echo "Note: most build targets require PLAT to be set to a specific platform." 1505 @echo "" 1506 @echo "example: build all targets for the FVP platform:" 1507 @echo " CROSS_COMPILE=aarch64-none-elf- make PLAT=fvp all" 1508 1509.PHONY: FORCE 1510FORCE:; 1511