1#
2# Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
3#
4# SPDX-License-Identifier: BSD-3-Clause
5#
6
7PLAT_BL_COMMON_SOURCES	+=	drivers/arm/pl011/${ARCH}/pl011_console.S	\
8				plat/arm/board/common/${ARCH}/board_arm_helpers.S
9
10BL1_SOURCES		+=	drivers/cfi/v2m/v2m_flash.c
11
12BL2_SOURCES		+=	drivers/cfi/v2m/v2m_flash.c
13
14ifneq (${TRUSTED_BOARD_BOOT},0)
15ifneq (${ARM_CRYPTOCELL_INTEG}, 1)
16# ROTPK hash location
17ifeq (${ARM_ROTPK_LOCATION}, regs)
18	ARM_ROTPK_LOCATION_ID = ARM_ROTPK_REGS_ID
19else ifeq (${ARM_ROTPK_LOCATION}, devel_rsa)
20	CRYPTO_ALG=rsa
21	ARM_ROTPK_LOCATION_ID = ARM_ROTPK_DEVEL_RSA_ID
22	ARM_ROTPK_HASH = plat/arm/board/common/rotpk/arm_rotpk_rsa_sha256.bin
23$(eval $(call add_define_val,ARM_ROTPK_HASH,'"$(ARM_ROTPK_HASH)"'))
24$(BUILD_PLAT)/bl2/arm_dev_rotpk.o : $(ARM_ROTPK_HASH)
25$(warning Development keys support for FVP is deprecated. Use `regs` \
26option instead)
27else ifeq (${ARM_ROTPK_LOCATION}, devel_ecdsa)
28	CRYPTO_ALG=ec
29	ARM_ROTPK_LOCATION_ID = ARM_ROTPK_DEVEL_ECDSA_ID
30	ARM_ROTPK_HASH = plat/arm/board/common/rotpk/arm_rotpk_ecdsa_sha256.bin
31$(eval $(call add_define_val,ARM_ROTPK_HASH,'"$(ARM_ROTPK_HASH)"'))
32$(BUILD_PLAT)/bl2/arm_dev_rotpk.o : $(ARM_ROTPK_HASH)
33$(warning Development keys support for FVP is deprecated. Use `regs` \
34option instead)
35else
36$(error "Unsupported ARM_ROTPK_LOCATION value")
37endif
38
39$(eval $(call add_define,ARM_ROTPK_LOCATION_ID))
40
41# Force generation of the new hash if ROT_KEY is specified
42ifdef ROT_KEY
43	HASH_PREREQUISITES = $(ROT_KEY) FORCE
44else
45	HASH_PREREQUISITES = $(ROT_KEY)
46endif
47
48$(ARM_ROTPK_HASH) : $(HASH_PREREQUISITES)
49ifndef ROT_KEY
50	$(error Cannot generate hash: no ROT_KEY defined)
51endif
52	openssl ${CRYPTO_ALG} -in $< -pubout -outform DER | openssl dgst \
53		-sha256 -binary > $@
54
55# Certificate NV-Counters. Use values corresponding to tied off values in
56# ARM development platforms
57TFW_NVCTR_VAL	?=	31
58NTFW_NVCTR_VAL	?=	223
59else
60# Certificate NV-Counters when CryptoCell is integrated. For development
61# platforms we set the counter to first valid value.
62TFW_NVCTR_VAL	?=	0
63NTFW_NVCTR_VAL	?=	0
64endif
65BL1_SOURCES		+=	plat/arm/board/common/board_arm_trusted_boot.c \
66				plat/arm/board/common/rotpk/arm_dev_rotpk.S
67BL2_SOURCES		+=	plat/arm/board/common/board_arm_trusted_boot.c \
68				plat/arm/board/common/rotpk/arm_dev_rotpk.S
69
70# Allows platform code to provide implementation variants depending on the
71# selected chain of trust.
72$(eval $(call add_define,ARM_COT_${COT}))
73
74ifeq (${COT},dualroot)
75# Platform Root of Trust key files.
76ARM_PROT_KEY		:=	plat/arm/board/common/protpk/arm_protprivk_rsa.pem
77ARM_PROTPK_HASH		:=	plat/arm/board/common/protpk/arm_protpk_rsa_sha256.bin
78
79# Provide the private key to cert_create tool. It needs it to sign the images.
80PROT_KEY		:=	${ARM_PROT_KEY}
81
82$(eval $(call add_define_val,ARM_PROTPK_HASH,'"$(ARM_PROTPK_HASH)"'))
83
84BL1_SOURCES		+=	plat/arm/board/common/protpk/arm_dev_protpk.S
85BL2_SOURCES		+=	plat/arm/board/common/protpk/arm_dev_protpk.S
86
87$(BUILD_PLAT)/bl1/arm_dev_protpk.o: $(ARM_PROTPK_HASH)
88$(BUILD_PLAT)/bl2/arm_dev_protpk.o: $(ARM_PROTPK_HASH)
89endif
90
91endif
92