1# 2# Copyright (c) 2015-2021, ARM Limited and Contributors. All rights reserved. 3# 4# SPDX-License-Identifier: BSD-3-Clause 5# 6 7include common/fdt_wrappers.mk 8 9ifeq (${ARCH}, aarch64) 10 # On ARM standard platorms, the TSP can execute from Trusted SRAM, Trusted 11 # DRAM (if available) or the TZC secured area of DRAM. 12 # TZC secured DRAM is the default. 13 14 ARM_TSP_RAM_LOCATION ?= dram 15 16 ifeq (${ARM_TSP_RAM_LOCATION}, tsram) 17 ARM_TSP_RAM_LOCATION_ID = ARM_TRUSTED_SRAM_ID 18 else ifeq (${ARM_TSP_RAM_LOCATION}, tdram) 19 ARM_TSP_RAM_LOCATION_ID = ARM_TRUSTED_DRAM_ID 20 else ifeq (${ARM_TSP_RAM_LOCATION}, dram) 21 ARM_TSP_RAM_LOCATION_ID = ARM_DRAM_ID 22 else 23 $(error "Unsupported ARM_TSP_RAM_LOCATION value") 24 endif 25 26 # Process flags 27 # Process ARM_BL31_IN_DRAM flag 28 ARM_BL31_IN_DRAM := 0 29 $(eval $(call assert_boolean,ARM_BL31_IN_DRAM)) 30 $(eval $(call add_define,ARM_BL31_IN_DRAM)) 31else 32 ARM_TSP_RAM_LOCATION_ID = ARM_TRUSTED_SRAM_ID 33endif 34 35$(eval $(call add_define,ARM_TSP_RAM_LOCATION_ID)) 36 37 38# For the original power-state parameter format, the State-ID can be encoded 39# according to the recommended encoding or zero. This flag determines which 40# State-ID encoding to be parsed. 41ARM_RECOM_STATE_ID_ENC := 0 42 43# If the PSCI_EXTENDED_STATE_ID is set, then ARM_RECOM_STATE_ID_ENC need to 44# be set. Else throw a build error. 45ifeq (${PSCI_EXTENDED_STATE_ID}, 1) 46 ifeq (${ARM_RECOM_STATE_ID_ENC}, 0) 47 $(error Build option ARM_RECOM_STATE_ID_ENC needs to be set if \ 48 PSCI_EXTENDED_STATE_ID is set for ARM platforms) 49 endif 50endif 51 52# Process ARM_RECOM_STATE_ID_ENC flag 53$(eval $(call assert_boolean,ARM_RECOM_STATE_ID_ENC)) 54$(eval $(call add_define,ARM_RECOM_STATE_ID_ENC)) 55 56# Process ARM_DISABLE_TRUSTED_WDOG flag 57# By default, Trusted Watchdog is always enabled unless 58# SPIN_ON_BL1_EXIT or ENABLE_RME is set 59ARM_DISABLE_TRUSTED_WDOG := 0 60ifneq ($(filter 1,${SPIN_ON_BL1_EXIT} ${ENABLE_RME}),) 61ARM_DISABLE_TRUSTED_WDOG := 1 62endif 63$(eval $(call assert_boolean,ARM_DISABLE_TRUSTED_WDOG)) 64$(eval $(call add_define,ARM_DISABLE_TRUSTED_WDOG)) 65 66# Process ARM_CONFIG_CNTACR 67ARM_CONFIG_CNTACR := 1 68$(eval $(call assert_boolean,ARM_CONFIG_CNTACR)) 69$(eval $(call add_define,ARM_CONFIG_CNTACR)) 70 71# Process ARM_BL31_IN_DRAM flag 72ARM_BL31_IN_DRAM := 0 73$(eval $(call assert_boolean,ARM_BL31_IN_DRAM)) 74$(eval $(call add_define,ARM_BL31_IN_DRAM)) 75 76# Process ARM_PLAT_MT flag 77ARM_PLAT_MT := 0 78$(eval $(call assert_boolean,ARM_PLAT_MT)) 79$(eval $(call add_define,ARM_PLAT_MT)) 80 81# Use translation tables library v2 by default 82ARM_XLAT_TABLES_LIB_V1 := 0 83$(eval $(call assert_boolean,ARM_XLAT_TABLES_LIB_V1)) 84$(eval $(call add_define,ARM_XLAT_TABLES_LIB_V1)) 85 86# Don't have the Linux kernel as a BL33 image by default 87ARM_LINUX_KERNEL_AS_BL33 := 0 88$(eval $(call assert_boolean,ARM_LINUX_KERNEL_AS_BL33)) 89$(eval $(call add_define,ARM_LINUX_KERNEL_AS_BL33)) 90 91ifeq (${ARM_LINUX_KERNEL_AS_BL33},1) 92 ifneq (${ARCH},aarch64) 93 ifneq (${RESET_TO_SP_MIN},1) 94 $(error "ARM_LINUX_KERNEL_AS_BL33 is only available if RESET_TO_SP_MIN=1.") 95 endif 96 endif 97 ifndef PRELOADED_BL33_BASE 98 $(error "PRELOADED_BL33_BASE must be set if ARM_LINUX_KERNEL_AS_BL33 is used.") 99 endif 100 ifeq (${RESET_TO_BL31},1) 101 ifndef ARM_PRELOADED_DTB_BASE 102 $(error "ARM_PRELOADED_DTB_BASE must be set if ARM_LINUX_KERNEL_AS_BL33 is 103 used with RESET_TO_BL31.") 104 endif 105 $(eval $(call add_define,ARM_PRELOADED_DTB_BASE)) 106 endif 107endif 108 109# Arm Ethos-N NPU SiP service 110ARM_ETHOSN_NPU_DRIVER := 0 111$(eval $(call assert_boolean,ARM_ETHOSN_NPU_DRIVER)) 112$(eval $(call add_define,ARM_ETHOSN_NPU_DRIVER)) 113 114# Use an implementation of SHA-256 with a smaller memory footprint but reduced 115# speed. 116$(eval $(call add_define,MBEDTLS_SHA256_SMALLER)) 117 118# Add the build options to pack Trusted OS Extra1 and Trusted OS Extra2 images 119# in the FIP if the platform requires. 120ifneq ($(BL32_EXTRA1),) 121$(eval $(call TOOL_ADD_IMG,bl32_extra1,--tos-fw-extra1)) 122endif 123ifneq ($(BL32_EXTRA2),) 124$(eval $(call TOOL_ADD_IMG,bl32_extra2,--tos-fw-extra2)) 125endif 126 127# Enable PSCI_STAT_COUNT/RESIDENCY APIs on ARM platforms 128ENABLE_PSCI_STAT := 1 129ENABLE_PMF := 1 130 131# Override the standard libc with optimised libc_asm 132OVERRIDE_LIBC := 1 133ifeq (${OVERRIDE_LIBC},1) 134 include lib/libc/libc_asm.mk 135endif 136 137# On ARM platforms, separate the code and read-only data sections to allow 138# mapping the former as executable and the latter as execute-never. 139SEPARATE_CODE_AND_RODATA := 1 140 141# On ARM platforms, disable SEPARATE_NOBITS_REGION by default. Both PROGBITS 142# and NOBITS sections of BL31 image are adjacent to each other and loaded 143# into Trusted SRAM. 144SEPARATE_NOBITS_REGION := 0 145 146# In order to support SEPARATE_NOBITS_REGION for Arm platforms, we need to load 147# BL31 PROGBITS into secure DRAM space and BL31 NOBITS into SRAM. Hence mandate 148# the build to require that ARM_BL31_IN_DRAM is enabled as well. 149ifeq ($(SEPARATE_NOBITS_REGION),1) 150 ifneq ($(ARM_BL31_IN_DRAM),1) 151 $(error For SEPARATE_NOBITS_REGION, ARM_BL31_IN_DRAM must be enabled) 152 endif 153 ifneq ($(RECLAIM_INIT_CODE),0) 154 $(error For SEPARATE_NOBITS_REGION, RECLAIM_INIT_CODE cannot be supported) 155 endif 156endif 157 158# Disable ARM Cryptocell by default 159ARM_CRYPTOCELL_INTEG := 0 160$(eval $(call assert_boolean,ARM_CRYPTOCELL_INTEG)) 161$(eval $(call add_define,ARM_CRYPTOCELL_INTEG)) 162 163# Enable PIE support for RESET_TO_BL31/RESET_TO_SP_MIN case 164ifneq ($(filter 1,${RESET_TO_BL31} ${RESET_TO_SP_MIN}),) 165 ENABLE_PIE := 1 166endif 167 168# CryptoCell integration relies on coherent buffers for passing data from 169# the AP CPU to the CryptoCell 170ifeq (${ARM_CRYPTOCELL_INTEG},1) 171 ifeq (${USE_COHERENT_MEM},0) 172 $(error "ARM_CRYPTOCELL_INTEG needs USE_COHERENT_MEM to be set.") 173 endif 174endif 175 176# Disable GPT parser support, use FIP image by default 177ARM_GPT_SUPPORT := 0 178$(eval $(call assert_boolean,ARM_GPT_SUPPORT)) 179$(eval $(call add_define,ARM_GPT_SUPPORT)) 180 181# Include necessary sources to parse GPT image 182ifeq (${ARM_GPT_SUPPORT}, 1) 183 BL2_SOURCES += drivers/partition/gpt.c \ 184 drivers/partition/partition.c 185endif 186 187# Enable CRC instructions via extension for ARMv8-A CPUs. 188# For ARMv8.1-A, and onwards CRC instructions are default enabled. 189# Enable HW computed CRC support unconditionally in BL2 component. 190ifeq (${ARM_ARCH_MINOR},0) 191 BL2_CPPFLAGS += -march=armv8-a+crc 192endif 193 194ifeq ($(PSA_FWU_SUPPORT),1) 195 # GPT support is recommended as per PSA FWU specification hence 196 # PSA FWU implementation is tightly coupled with GPT support, 197 # and it does not support other formats. 198 ifneq ($(ARM_GPT_SUPPORT),1) 199 $(error For PSA_FWU_SUPPORT, ARM_GPT_SUPPORT must be enabled) 200 endif 201 FWU_MK := drivers/fwu/fwu.mk 202 $(info Including ${FWU_MK}) 203 include ${FWU_MK} 204endif 205 206ifeq (${ARCH}, aarch64) 207PLAT_INCLUDES += -Iinclude/plat/arm/common/aarch64 208endif 209 210PLAT_BL_COMMON_SOURCES += plat/arm/common/${ARCH}/arm_helpers.S \ 211 plat/arm/common/arm_common.c \ 212 plat/arm/common/arm_console.c 213 214ifeq (${ARM_XLAT_TABLES_LIB_V1}, 1) 215PLAT_BL_COMMON_SOURCES += lib/xlat_tables/xlat_tables_common.c \ 216 lib/xlat_tables/${ARCH}/xlat_tables.c 217else 218ifeq (${XLAT_MPU_LIB_V1}, 1) 219include lib/xlat_mpu/xlat_mpu.mk 220PLAT_BL_COMMON_SOURCES += ${XLAT_MPU_LIB_V1_SRCS} 221else 222include lib/xlat_tables_v2/xlat_tables.mk 223PLAT_BL_COMMON_SOURCES += ${XLAT_TABLES_LIB_SRCS} 224endif 225endif 226 227ARM_IO_SOURCES += plat/arm/common/arm_io_storage.c \ 228 plat/arm/common/fconf/arm_fconf_io.c 229ifeq (${SPD},spmd) 230 ifeq (${BL2_ENABLE_SP_LOAD},1) 231 ARM_IO_SOURCES += plat/arm/common/fconf/arm_fconf_sp.c 232 endif 233endif 234 235BL1_SOURCES += drivers/io/io_fip.c \ 236 drivers/io/io_memmap.c \ 237 drivers/io/io_storage.c \ 238 plat/arm/common/arm_bl1_setup.c \ 239 plat/arm/common/arm_err.c \ 240 ${ARM_IO_SOURCES} 241 242ifdef EL3_PAYLOAD_BASE 243# Need the plat_arm_program_trusted_mailbox() function to release secondary CPUs from 244# their holding pen 245BL1_SOURCES += plat/arm/common/arm_pm.c 246endif 247 248BL2_SOURCES += drivers/delay_timer/delay_timer.c \ 249 drivers/delay_timer/generic_delay_timer.c \ 250 drivers/io/io_fip.c \ 251 drivers/io/io_memmap.c \ 252 drivers/io/io_storage.c \ 253 plat/arm/common/arm_bl2_setup.c \ 254 plat/arm/common/arm_err.c \ 255 common/tf_crc32.c \ 256 ${ARM_IO_SOURCES} 257 258# Firmware Configuration Framework sources 259include lib/fconf/fconf.mk 260 261BL1_SOURCES += ${FCONF_SOURCES} ${FCONF_DYN_SOURCES} 262BL2_SOURCES += ${FCONF_SOURCES} ${FCONF_DYN_SOURCES} 263 264# Add `libfdt` and Arm common helpers required for Dynamic Config 265include lib/libfdt/libfdt.mk 266 267DYN_CFG_SOURCES += plat/arm/common/arm_dyn_cfg.c \ 268 plat/arm/common/arm_dyn_cfg_helpers.c \ 269 common/uuid.c 270 271DYN_CFG_SOURCES += ${FDT_WRAPPERS_SOURCES} 272 273BL1_SOURCES += ${DYN_CFG_SOURCES} 274BL2_SOURCES += ${DYN_CFG_SOURCES} 275 276ifeq (${BL2_AT_EL3},1) 277BL2_SOURCES += plat/arm/common/arm_bl2_el3_setup.c 278endif 279 280# Because BL1/BL2 execute in AArch64 mode but BL32 in AArch32 we need to use 281# the AArch32 descriptors. 282ifeq (${JUNO_AARCH32_EL3_RUNTIME},1) 283BL2_SOURCES += plat/arm/common/aarch32/arm_bl2_mem_params_desc.c 284else 285ifeq ($(filter ${TARGET_PLATFORM}, fpga fvp),) 286BL2_SOURCES += plat/arm/common/${ARCH}/arm_bl2_mem_params_desc.c 287endif 288endif 289BL2_SOURCES += plat/arm/common/arm_image_load.c \ 290 common/desc_image_load.c 291ifeq (${SPD},opteed) 292BL2_SOURCES += lib/optee/optee_utils.c 293endif 294 295BL2U_SOURCES += drivers/delay_timer/delay_timer.c \ 296 drivers/delay_timer/generic_delay_timer.c \ 297 plat/arm/common/arm_bl2u_setup.c 298 299BL31_SOURCES += plat/arm/common/arm_bl31_setup.c \ 300 plat/arm/common/arm_pm.c \ 301 plat/arm/common/arm_topology.c \ 302 plat/common/plat_psci_common.c 303 304ifneq ($(filter 1,${ENABLE_PMF} ${ARM_ETHOSN_NPU_DRIVER}),) 305ARM_SVC_HANDLER_SRCS := 306 307ifeq (${ENABLE_PMF},1) 308ARM_SVC_HANDLER_SRCS += lib/pmf/pmf_smc.c 309endif 310 311ifeq (${ARM_ETHOSN_NPU_DRIVER},1) 312ARM_SVC_HANDLER_SRCS += plat/arm/common/fconf/fconf_ethosn_getter.c \ 313 drivers/delay_timer/delay_timer.c \ 314 drivers/arm/ethosn/ethosn_smc.c 315endif 316 317ifeq (${ARCH}, aarch64) 318BL31_SOURCES += plat/arm/common/aarch64/execution_state_switch.c\ 319 plat/arm/common/arm_sip_svc.c \ 320 ${ARM_SVC_HANDLER_SRCS} 321else 322BL32_SOURCES += plat/arm/common/arm_sip_svc.c \ 323 ${ARM_SVC_HANDLER_SRCS} 324endif 325endif 326 327ifeq (${EL3_EXCEPTION_HANDLING},1) 328BL31_SOURCES += plat/common/aarch64/plat_ehf.c 329endif 330 331ifeq (${SDEI_SUPPORT},1) 332BL31_SOURCES += plat/arm/common/aarch64/arm_sdei.c 333ifeq (${SDEI_IN_FCONF},1) 334BL31_SOURCES += plat/arm/common/fconf/fconf_sdei_getter.c 335endif 336endif 337 338# RAS sources 339ifeq (${RAS_EXTENSION},1) 340BL31_SOURCES += lib/extensions/ras/std_err_record.c \ 341 lib/extensions/ras/ras_common.c 342endif 343 344# Pointer Authentication sources 345ifeq (${ENABLE_PAUTH}, 1) 346PLAT_BL_COMMON_SOURCES += plat/arm/common/aarch64/arm_pauth.c \ 347 lib/extensions/pauth/pauth_helpers.S 348endif 349 350ifeq (${SPD},spmd) 351BL31_SOURCES += plat/common/plat_spmd_manifest.c \ 352 common/uuid.c \ 353 ${LIBFDT_SRCS} 354 355BL31_SOURCES += ${FDT_WRAPPERS_SOURCES} 356endif 357 358ifneq (${TRUSTED_BOARD_BOOT},0) 359 360 # Include common TBB sources 361 AUTH_SOURCES := drivers/auth/auth_mod.c \ 362 drivers/auth/crypto_mod.c \ 363 drivers/auth/img_parser_mod.c \ 364 lib/fconf/fconf_tbbr_getter.c 365 366 # Include the selected chain of trust sources. 367 ifeq (${COT},tbbr) 368 BL1_SOURCES += drivers/auth/tbbr/tbbr_cot_common.c \ 369 drivers/auth/tbbr/tbbr_cot_bl1.c 370 ifneq (${COT_DESC_IN_DTB},0) 371 BL2_SOURCES += lib/fconf/fconf_cot_getter.c 372 else 373 BL2_SOURCES += drivers/auth/tbbr/tbbr_cot_common.c \ 374 drivers/auth/tbbr/tbbr_cot_bl2.c 375 endif 376 else ifeq (${COT},dualroot) 377 AUTH_SOURCES += drivers/auth/dualroot/cot.c 378 else 379 $(error Unknown chain of trust ${COT}) 380 endif 381 382 BL1_SOURCES += ${AUTH_SOURCES} \ 383 bl1/tbbr/tbbr_img_desc.c \ 384 plat/arm/common/arm_bl1_fwu.c \ 385 plat/common/tbbr/plat_tbbr.c 386 387 BL2_SOURCES += ${AUTH_SOURCES} \ 388 plat/common/tbbr/plat_tbbr.c 389 390 $(eval $(call TOOL_ADD_IMG,ns_bl2u,--fwu,FWU_)) 391 392 # We expect to locate the *.mk files under the directories specified below 393ifeq (${ARM_CRYPTOCELL_INTEG},0) 394 CRYPTO_LIB_MK := drivers/auth/mbedtls/mbedtls_crypto.mk 395else 396 CRYPTO_LIB_MK := drivers/auth/cryptocell/cryptocell_crypto.mk 397endif 398 IMG_PARSER_LIB_MK := drivers/auth/mbedtls/mbedtls_x509.mk 399 400 $(info Including ${CRYPTO_LIB_MK}) 401 include ${CRYPTO_LIB_MK} 402 403 $(info Including ${IMG_PARSER_LIB_MK}) 404 include ${IMG_PARSER_LIB_MK} 405 406endif 407 408ifeq (${RECLAIM_INIT_CODE}, 1) 409 ifeq (${ARM_XLAT_TABLES_LIB_V1}, 1) 410 $(error "To reclaim init code xlat tables v2 must be used") 411 endif 412endif 413 414ifeq (${MEASURED_BOOT},1) 415 MEASURED_BOOT_MK := drivers/measured_boot/event_log/event_log.mk 416 $(info Including ${MEASURED_BOOT_MK}) 417 include ${MEASURED_BOOT_MK} 418endif 419