1# 2# Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved. 3# 4# SPDX-License-Identifier: BSD-3-Clause 5# 6 7PLAT_BL_COMMON_SOURCES += drivers/arm/pl011/${ARCH}/pl011_console.S \ 8 plat/arm/board/common/${ARCH}/board_arm_helpers.S 9 10BL1_SOURCES += drivers/cfi/v2m/v2m_flash.c 11 12BL2_SOURCES += drivers/cfi/v2m/v2m_flash.c 13 14ifneq (${TRUSTED_BOARD_BOOT},0) 15ifneq (${ARM_CRYPTOCELL_INTEG}, 1) 16# ROTPK hash location 17ifeq (${ARM_ROTPK_LOCATION}, regs) 18 ARM_ROTPK_LOCATION_ID = ARM_ROTPK_REGS_ID 19else ifeq (${ARM_ROTPK_LOCATION}, devel_rsa) 20 CRYPTO_ALG=rsa 21 ARM_ROTPK_LOCATION_ID = ARM_ROTPK_DEVEL_RSA_ID 22 ARM_ROTPK_HASH = plat/arm/board/common/rotpk/arm_rotpk_rsa_sha256.bin 23$(eval $(call add_define_val,ARM_ROTPK_HASH,'"$(ARM_ROTPK_HASH)"')) 24$(BUILD_PLAT)/bl2/arm_dev_rotpk.o : $(ARM_ROTPK_HASH) 25$(warning Development keys support for FVP is deprecated. Use `regs` \ 26option instead) 27else ifeq (${ARM_ROTPK_LOCATION}, devel_ecdsa) 28 CRYPTO_ALG=ec 29 ARM_ROTPK_LOCATION_ID = ARM_ROTPK_DEVEL_ECDSA_ID 30 ARM_ROTPK_HASH = plat/arm/board/common/rotpk/arm_rotpk_ecdsa_sha256.bin 31$(eval $(call add_define_val,ARM_ROTPK_HASH,'"$(ARM_ROTPK_HASH)"')) 32$(BUILD_PLAT)/bl2/arm_dev_rotpk.o : $(ARM_ROTPK_HASH) 33$(warning Development keys support for FVP is deprecated. Use `regs` \ 34option instead) 35else 36$(error "Unsupported ARM_ROTPK_LOCATION value") 37endif 38 39$(eval $(call add_define,ARM_ROTPK_LOCATION_ID)) 40 41# Force generation of the new hash if ROT_KEY is specified 42ifdef ROT_KEY 43 HASH_PREREQUISITES = $(ROT_KEY) FORCE 44else 45 HASH_PREREQUISITES = $(ROT_KEY) 46endif 47 48$(ARM_ROTPK_HASH) : $(HASH_PREREQUISITES) 49ifndef ROT_KEY 50 $(error Cannot generate hash: no ROT_KEY defined) 51endif 52 openssl ${CRYPTO_ALG} -in $< -pubout -outform DER | openssl dgst \ 53 -sha256 -binary > $@ 54 55# Certificate NV-Counters. Use values corresponding to tied off values in 56# ARM development platforms 57TFW_NVCTR_VAL ?= 31 58NTFW_NVCTR_VAL ?= 223 59else 60# Certificate NV-Counters when CryptoCell is integrated. For development 61# platforms we set the counter to first valid value. 62TFW_NVCTR_VAL ?= 0 63NTFW_NVCTR_VAL ?= 0 64endif 65BL1_SOURCES += plat/arm/board/common/board_arm_trusted_boot.c \ 66 plat/arm/board/common/rotpk/arm_dev_rotpk.S 67BL2_SOURCES += plat/arm/board/common/board_arm_trusted_boot.c \ 68 plat/arm/board/common/rotpk/arm_dev_rotpk.S 69 70# Allows platform code to provide implementation variants depending on the 71# selected chain of trust. 72$(eval $(call add_define,ARM_COT_${COT})) 73 74ifeq (${COT},dualroot) 75# Platform Root of Trust key files. 76ARM_PROT_KEY := plat/arm/board/common/protpk/arm_protprivk_rsa.pem 77ARM_PROTPK_HASH := plat/arm/board/common/protpk/arm_protpk_rsa_sha256.bin 78 79# Provide the private key to cert_create tool. It needs it to sign the images. 80PROT_KEY := ${ARM_PROT_KEY} 81 82$(eval $(call add_define_val,ARM_PROTPK_HASH,'"$(ARM_PROTPK_HASH)"')) 83 84BL1_SOURCES += plat/arm/board/common/protpk/arm_dev_protpk.S 85BL2_SOURCES += plat/arm/board/common/protpk/arm_dev_protpk.S 86 87$(BUILD_PLAT)/bl1/arm_dev_protpk.o: $(ARM_PROTPK_HASH) 88$(BUILD_PLAT)/bl2/arm_dev_protpk.o: $(ARM_PROTPK_HASH) 89endif 90 91endif 92