diff options
Diffstat (limited to 'plat/arm/common/arm_common.mk')
-rw-r--r-- | plat/arm/common/arm_common.mk | 190 |
1 files changed, 126 insertions, 64 deletions
diff --git a/plat/arm/common/arm_common.mk b/plat/arm/common/arm_common.mk index 5faf9f9078..5084ea95e8 100644 --- a/plat/arm/common/arm_common.mk +++ b/plat/arm/common/arm_common.mk @@ -1,9 +1,17 @@ # -# Copyright (c) 2015-2021, ARM Limited and Contributors. All rights reserved. +# Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved. # # SPDX-License-Identifier: BSD-3-Clause # +include common/fdt_wrappers.mk + +ifeq (${ARCH},aarch32) + ifeq (${AARCH32_SP},none) + $(error Variable AARCH32_SP has to be set for AArch32) + endif +endif + ifeq (${ARCH}, aarch64) # On ARM standard platorms, the TSP can execute from Trusted SRAM, Trusted # DRAM (if available) or the TZC secured area of DRAM. @@ -52,9 +60,10 @@ $(eval $(call assert_boolean,ARM_RECOM_STATE_ID_ENC)) $(eval $(call add_define,ARM_RECOM_STATE_ID_ENC)) # Process ARM_DISABLE_TRUSTED_WDOG flag -# By default, Trusted Watchdog is always enabled unless SPIN_ON_BL1_EXIT is set +# By default, Trusted Watchdog is always enabled unless +# SPIN_ON_BL1_EXIT or ENABLE_RME is set ARM_DISABLE_TRUSTED_WDOG := 0 -ifeq (${SPIN_ON_BL1_EXIT}, 1) +ifneq ($(filter 1,${SPIN_ON_BL1_EXIT} ${ENABLE_RME}),) ARM_DISABLE_TRUSTED_WDOG := 1 endif $(eval $(call assert_boolean,ARM_DISABLE_TRUSTED_WDOG)) @@ -70,6 +79,14 @@ ARM_BL31_IN_DRAM := 0 $(eval $(call assert_boolean,ARM_BL31_IN_DRAM)) $(eval $(call add_define,ARM_BL31_IN_DRAM)) +# As per CCA security model, all root firmware must execute from on-chip secure +# memory. This means we must not run BL31 from TZC-protected DRAM. +ifeq (${ARM_BL31_IN_DRAM},1) + ifeq (${ENABLE_RME},1) + $(error "BL31 must not run from DRAM on RME-systems. Please set ARM_BL31_IN_DRAM to 0") + endif +endif + # Process ARM_PLAT_MT flag ARM_PLAT_MT := 0 $(eval $(call assert_boolean,ARM_PLAT_MT)) @@ -94,17 +111,15 @@ ifeq (${ARM_LINUX_KERNEL_AS_BL33},1) ifndef PRELOADED_BL33_BASE $(error "PRELOADED_BL33_BASE must be set if ARM_LINUX_KERNEL_AS_BL33 is used.") endif - ifndef ARM_PRELOADED_DTB_BASE - $(error "ARM_PRELOADED_DTB_BASE must be set if ARM_LINUX_KERNEL_AS_BL33 is used.") + ifeq (${RESET_TO_BL31},1) + ifndef ARM_PRELOADED_DTB_BASE + $(error "ARM_PRELOADED_DTB_BASE must be set if ARM_LINUX_KERNEL_AS_BL33 is + used with RESET_TO_BL31.") + endif + $(eval $(call add_define,ARM_PRELOADED_DTB_BASE)) endif - $(eval $(call add_define,ARM_PRELOADED_DTB_BASE)) endif -# Arm Ethos-N NPU SiP service -ARM_ETHOSN_NPU_DRIVER := 0 -$(eval $(call assert_boolean,ARM_ETHOSN_NPU_DRIVER)) -$(eval $(call add_define,ARM_ETHOSN_NPU_DRIVER)) - # Use an implementation of SHA-256 with a smaller memory footprint but reduced # speed. $(eval $(call add_define,MBEDTLS_SHA256_SMALLER)) @@ -149,22 +164,9 @@ ifeq ($(SEPARATE_NOBITS_REGION),1) endif endif -# Disable ARM Cryptocell by default -ARM_CRYPTOCELL_INTEG := 0 -$(eval $(call assert_boolean,ARM_CRYPTOCELL_INTEG)) -$(eval $(call add_define,ARM_CRYPTOCELL_INTEG)) - -# Enable PIE support for RESET_TO_BL31 case -ifeq (${RESET_TO_BL31},1) - ENABLE_PIE := 1 -endif - -# CryptoCell integration relies on coherent buffers for passing data from -# the AP CPU to the CryptoCell -ifeq (${ARM_CRYPTOCELL_INTEG},1) - ifeq (${USE_COHERENT_MEM},0) - $(error "ARM_CRYPTOCELL_INTEG needs USE_COHERENT_MEM to be set.") - endif +# Enable PIE support for RESET_TO_BL31/RESET_TO_SP_MIN case +ifneq ($(filter 1,${RESET_TO_BL31} ${RESET_TO_SP_MIN}),) + ENABLE_PIE := 1 endif # Disable GPT parser support, use FIP image by default @@ -181,8 +183,22 @@ endif # Enable CRC instructions via extension for ARMv8-A CPUs. # For ARMv8.1-A, and onwards CRC instructions are default enabled. # Enable HW computed CRC support unconditionally in BL2 component. -ifeq (${ARM_ARCH_MINOR},0) - BL2_CPPFLAGS += -march=armv8-a+crc +ifeq (${ARM_ARCH_MAJOR},8) + ifeq (${ARM_ARCH_MINOR},0) + BL2_CPPFLAGS += -march=armv8-a+crc + endif +endif + +ifeq ($(PSA_FWU_SUPPORT),1) + # GPT support is recommended as per PSA FWU specification hence + # PSA FWU implementation is tightly coupled with GPT support, + # and it does not support other formats. + ifneq ($(ARM_GPT_SUPPORT),1) + $(error For PSA_FWU_SUPPORT, ARM_GPT_SUPPORT must be enabled) + endif + FWU_MK := drivers/fwu/fwu.mk + $(info Including ${FWU_MK}) + include ${FWU_MK} endif ifeq (${ARCH}, aarch64) @@ -194,18 +210,22 @@ PLAT_BL_COMMON_SOURCES += plat/arm/common/${ARCH}/arm_helpers.S \ plat/arm/common/arm_console.c ifeq (${ARM_XLAT_TABLES_LIB_V1}, 1) -PLAT_BL_COMMON_SOURCES += lib/xlat_tables/xlat_tables_common.c \ +PLAT_BL_COMMON_SOURCES += lib/xlat_tables/xlat_tables_common.c \ lib/xlat_tables/${ARCH}/xlat_tables.c else +ifeq (${XLAT_MPU_LIB_V1}, 1) +include lib/xlat_mpu/xlat_mpu.mk +PLAT_BL_COMMON_SOURCES += ${XLAT_MPU_LIB_V1_SRCS} +else include lib/xlat_tables_v2/xlat_tables.mk - -PLAT_BL_COMMON_SOURCES += ${XLAT_TABLES_LIB_SRCS} +PLAT_BL_COMMON_SOURCES += ${XLAT_TABLES_LIB_SRCS} +endif endif ARM_IO_SOURCES += plat/arm/common/arm_io_storage.c \ plat/arm/common/fconf/arm_fconf_io.c ifeq (${SPD},spmd) - ifeq (${SPMD_SPM_AT_SEL2},1) + ifeq (${BL2_ENABLE_SP_LOAD},1) ARM_IO_SOURCES += plat/arm/common/fconf/arm_fconf_sp.c endif endif @@ -230,24 +250,28 @@ BL2_SOURCES += drivers/delay_timer/delay_timer.c \ drivers/io/io_storage.c \ plat/arm/common/arm_bl2_setup.c \ plat/arm/common/arm_err.c \ - common/hw_crc32.c \ + common/tf_crc32.c \ ${ARM_IO_SOURCES} # Firmware Configuration Framework sources include lib/fconf/fconf.mk +BL1_SOURCES += ${FCONF_SOURCES} ${FCONF_DYN_SOURCES} +BL2_SOURCES += ${FCONF_SOURCES} ${FCONF_DYN_SOURCES} + # Add `libfdt` and Arm common helpers required for Dynamic Config include lib/libfdt/libfdt.mk DYN_CFG_SOURCES += plat/arm/common/arm_dyn_cfg.c \ plat/arm/common/arm_dyn_cfg_helpers.c \ - common/fdt_wrappers.c \ common/uuid.c +DYN_CFG_SOURCES += ${FDT_WRAPPERS_SOURCES} + BL1_SOURCES += ${DYN_CFG_SOURCES} BL2_SOURCES += ${DYN_CFG_SOURCES} -ifeq (${BL2_AT_EL3},1) +ifeq (${RESET_TO_BL2},1) BL2_SOURCES += plat/arm/common/arm_bl2_el3_setup.c endif @@ -256,8 +280,10 @@ endif ifeq (${JUNO_AARCH32_EL3_RUNTIME},1) BL2_SOURCES += plat/arm/common/aarch32/arm_bl2_mem_params_desc.c else +ifneq (${PLAT}, corstone1000) BL2_SOURCES += plat/arm/common/${ARCH}/arm_bl2_mem_params_desc.c endif +endif BL2_SOURCES += plat/arm/common/arm_image_load.c \ common/desc_image_load.c ifeq (${SPD},opteed) @@ -273,25 +299,30 @@ BL31_SOURCES += plat/arm/common/arm_bl31_setup.c \ plat/arm/common/arm_topology.c \ plat/common/plat_psci_common.c -ifneq ($(filter 1,${ENABLE_PMF} ${ARM_ETHOSN_NPU_DRIVER}),) +ifneq ($(filter 1,${ENABLE_PMF} ${ETHOSN_NPU_DRIVER}),) ARM_SVC_HANDLER_SRCS := ifeq (${ENABLE_PMF},1) ARM_SVC_HANDLER_SRCS += lib/pmf/pmf_smc.c endif -ifeq (${ARM_ETHOSN_NPU_DRIVER},1) +ifeq (${ETHOSN_NPU_DRIVER},1) ARM_SVC_HANDLER_SRCS += plat/arm/common/fconf/fconf_ethosn_getter.c \ drivers/delay_timer/delay_timer.c \ drivers/arm/ethosn/ethosn_smc.c +ifeq (${ETHOSN_NPU_TZMP1},1) +ARM_SVC_HANDLER_SRCS += drivers/arm/ethosn/ethosn_big_fw.c +endif endif ifeq (${ARCH}, aarch64) BL31_SOURCES += plat/arm/common/aarch64/execution_state_switch.c\ plat/arm/common/arm_sip_svc.c \ + plat/arm/common/plat_arm_sip_svc.c \ ${ARM_SVC_HANDLER_SRCS} else BL32_SOURCES += plat/arm/common/arm_sip_svc.c \ + plat/arm/common/plat_arm_sip_svc.c \ ${ARM_SVC_HANDLER_SRCS} endif endif @@ -308,45 +339,56 @@ endif endif # RAS sources -ifeq (${RAS_EXTENSION},1) +ifeq (${ENABLE_FEAT_RAS}-${HANDLE_EA_EL3_FIRST_NS},1-1) BL31_SOURCES += lib/extensions/ras/std_err_record.c \ lib/extensions/ras/ras_common.c endif # Pointer Authentication sources ifeq (${ENABLE_PAUTH}, 1) -PLAT_BL_COMMON_SOURCES += plat/arm/common/aarch64/arm_pauth.c \ - lib/extensions/pauth/pauth_helpers.S +PLAT_BL_COMMON_SOURCES += plat/arm/common/aarch64/arm_pauth.c endif ifeq (${SPD},spmd) BL31_SOURCES += plat/common/plat_spmd_manifest.c \ - common/fdt_wrappers.c \ common/uuid.c \ ${LIBFDT_SRCS} +BL31_SOURCES += ${FDT_WRAPPERS_SOURCES} +endif + +ifeq (${DRTM_SUPPORT},1) +BL31_SOURCES += plat/arm/common/arm_err.c endif ifneq (${TRUSTED_BOARD_BOOT},0) # Include common TBB sources - AUTH_SOURCES := drivers/auth/auth_mod.c \ - drivers/auth/crypto_mod.c \ - drivers/auth/img_parser_mod.c \ - lib/fconf/fconf_tbbr_getter.c + AUTH_SOURCES := drivers/auth/auth_mod.c \ + drivers/auth/img_parser_mod.c # Include the selected chain of trust sources. ifeq (${COT},tbbr) - BL1_SOURCES += drivers/auth/tbbr/tbbr_cot_common.c \ + BL1_SOURCES += drivers/auth/tbbr/tbbr_cot_common.c \ drivers/auth/tbbr/tbbr_cot_bl1.c ifneq (${COT_DESC_IN_DTB},0) BL2_SOURCES += lib/fconf/fconf_cot_getter.c else - BL2_SOURCES += drivers/auth/tbbr/tbbr_cot_common.c \ - drivers/auth/tbbr/tbbr_cot_bl2.c + BL2_SOURCES += drivers/auth/tbbr/tbbr_cot_common.c + # Juno has its own TBBR CoT file for BL2 + ifneq (${PLAT},juno) + BL2_SOURCES += drivers/auth/tbbr/tbbr_cot_bl2.c + endif endif else ifeq (${COT},dualroot) AUTH_SOURCES += drivers/auth/dualroot/cot.c + else ifeq (${COT},cca) + BL1_SOURCES += drivers/auth/cca/cot.c + ifneq (${COT_DESC_IN_DTB},0) + BL2_SOURCES += lib/fconf/fconf_cot_getter.c + else + BL2_SOURCES += drivers/auth/cca/cot.c + endif else $(error Unknown chain of trust ${COT}) endif @@ -361,20 +403,46 @@ ifneq (${TRUSTED_BOARD_BOOT},0) $(eval $(call TOOL_ADD_IMG,ns_bl2u,--fwu,FWU_)) - # We expect to locate the *.mk files under the directories specified below -ifeq (${ARM_CRYPTOCELL_INTEG},0) - CRYPTO_LIB_MK := drivers/auth/mbedtls/mbedtls_crypto.mk -else - CRYPTO_LIB_MK := drivers/auth/cryptocell/cryptocell_crypto.mk -endif IMG_PARSER_LIB_MK := drivers/auth/mbedtls/mbedtls_x509.mk - $(info Including ${CRYPTO_LIB_MK}) - include ${CRYPTO_LIB_MK} - $(info Including ${IMG_PARSER_LIB_MK}) include ${IMG_PARSER_LIB_MK} +endif + +# Include Measured Boot makefile before any Crypto library makefile. +# Crypto library makefile may need default definitions of Measured Boot build +# flags present in Measured Boot makefile. +ifneq ($(filter 1,${MEASURED_BOOT} ${DRTM_SUPPORT}),) + MEASURED_BOOT_MK := drivers/measured_boot/event_log/event_log.mk + $(info Including ${MEASURED_BOOT_MK}) + include ${MEASURED_BOOT_MK} + + ifneq (${MBOOT_EL_HASH_ALG}, sha256) + $(eval $(call add_define,TF_MBEDTLS_MBOOT_USE_SHA512)) + endif + + ifeq (${MEASURED_BOOT},1) + BL1_SOURCES += ${EVENT_LOG_SOURCES} + BL2_SOURCES += ${EVENT_LOG_SOURCES} + endif + ifeq (${DRTM_SUPPORT},1) + BL31_SOURCES += ${EVENT_LOG_SOURCES} + endif +endif + +ifneq ($(filter 1,${MEASURED_BOOT} ${TRUSTED_BOARD_BOOT} ${DRTM_SUPPORT}),) + CRYPTO_SOURCES := drivers/auth/crypto_mod.c \ + lib/fconf/fconf_tbbr_getter.c + BL1_SOURCES += ${CRYPTO_SOURCES} + BL2_SOURCES += ${CRYPTO_SOURCES} + BL31_SOURCES += drivers/auth/crypto_mod.c + + # We expect to locate the *.mk files under the directories specified below + CRYPTO_LIB_MK := drivers/auth/mbedtls/mbedtls_crypto.mk + + $(info Including ${CRYPTO_LIB_MK}) + include ${CRYPTO_LIB_MK} endif ifeq (${RECLAIM_INIT_CODE}, 1) @@ -382,9 +450,3 @@ ifeq (${RECLAIM_INIT_CODE}, 1) $(error "To reclaim init code xlat tables v2 must be used") endif endif - -ifeq (${MEASURED_BOOT},1) - MEASURED_BOOT_MK := drivers/measured_boot/measured_boot.mk - $(info Including ${MEASURED_BOOT_MK}) - include ${MEASURED_BOOT_MK} -endif |