aboutsummaryrefslogtreecommitdiff
path: root/plat/arm/common/arm_common.mk
diff options
context:
space:
mode:
Diffstat (limited to 'plat/arm/common/arm_common.mk')
-rw-r--r--plat/arm/common/arm_common.mk190
1 files changed, 126 insertions, 64 deletions
diff --git a/plat/arm/common/arm_common.mk b/plat/arm/common/arm_common.mk
index 5faf9f9078..5084ea95e8 100644
--- a/plat/arm/common/arm_common.mk
+++ b/plat/arm/common/arm_common.mk
@@ -1,9 +1,17 @@
#
-# Copyright (c) 2015-2021, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
+include common/fdt_wrappers.mk
+
+ifeq (${ARCH},aarch32)
+ ifeq (${AARCH32_SP},none)
+ $(error Variable AARCH32_SP has to be set for AArch32)
+ endif
+endif
+
ifeq (${ARCH}, aarch64)
# On ARM standard platorms, the TSP can execute from Trusted SRAM, Trusted
# DRAM (if available) or the TZC secured area of DRAM.
@@ -52,9 +60,10 @@ $(eval $(call assert_boolean,ARM_RECOM_STATE_ID_ENC))
$(eval $(call add_define,ARM_RECOM_STATE_ID_ENC))
# Process ARM_DISABLE_TRUSTED_WDOG flag
-# By default, Trusted Watchdog is always enabled unless SPIN_ON_BL1_EXIT is set
+# By default, Trusted Watchdog is always enabled unless
+# SPIN_ON_BL1_EXIT or ENABLE_RME is set
ARM_DISABLE_TRUSTED_WDOG := 0
-ifeq (${SPIN_ON_BL1_EXIT}, 1)
+ifneq ($(filter 1,${SPIN_ON_BL1_EXIT} ${ENABLE_RME}),)
ARM_DISABLE_TRUSTED_WDOG := 1
endif
$(eval $(call assert_boolean,ARM_DISABLE_TRUSTED_WDOG))
@@ -70,6 +79,14 @@ ARM_BL31_IN_DRAM := 0
$(eval $(call assert_boolean,ARM_BL31_IN_DRAM))
$(eval $(call add_define,ARM_BL31_IN_DRAM))
+# As per CCA security model, all root firmware must execute from on-chip secure
+# memory. This means we must not run BL31 from TZC-protected DRAM.
+ifeq (${ARM_BL31_IN_DRAM},1)
+ ifeq (${ENABLE_RME},1)
+ $(error "BL31 must not run from DRAM on RME-systems. Please set ARM_BL31_IN_DRAM to 0")
+ endif
+endif
+
# Process ARM_PLAT_MT flag
ARM_PLAT_MT := 0
$(eval $(call assert_boolean,ARM_PLAT_MT))
@@ -94,17 +111,15 @@ ifeq (${ARM_LINUX_KERNEL_AS_BL33},1)
ifndef PRELOADED_BL33_BASE
$(error "PRELOADED_BL33_BASE must be set if ARM_LINUX_KERNEL_AS_BL33 is used.")
endif
- ifndef ARM_PRELOADED_DTB_BASE
- $(error "ARM_PRELOADED_DTB_BASE must be set if ARM_LINUX_KERNEL_AS_BL33 is used.")
+ ifeq (${RESET_TO_BL31},1)
+ ifndef ARM_PRELOADED_DTB_BASE
+ $(error "ARM_PRELOADED_DTB_BASE must be set if ARM_LINUX_KERNEL_AS_BL33 is
+ used with RESET_TO_BL31.")
+ endif
+ $(eval $(call add_define,ARM_PRELOADED_DTB_BASE))
endif
- $(eval $(call add_define,ARM_PRELOADED_DTB_BASE))
endif
-# Arm Ethos-N NPU SiP service
-ARM_ETHOSN_NPU_DRIVER := 0
-$(eval $(call assert_boolean,ARM_ETHOSN_NPU_DRIVER))
-$(eval $(call add_define,ARM_ETHOSN_NPU_DRIVER))
-
# Use an implementation of SHA-256 with a smaller memory footprint but reduced
# speed.
$(eval $(call add_define,MBEDTLS_SHA256_SMALLER))
@@ -149,22 +164,9 @@ ifeq ($(SEPARATE_NOBITS_REGION),1)
endif
endif
-# Disable ARM Cryptocell by default
-ARM_CRYPTOCELL_INTEG := 0
-$(eval $(call assert_boolean,ARM_CRYPTOCELL_INTEG))
-$(eval $(call add_define,ARM_CRYPTOCELL_INTEG))
-
-# Enable PIE support for RESET_TO_BL31 case
-ifeq (${RESET_TO_BL31},1)
- ENABLE_PIE := 1
-endif
-
-# CryptoCell integration relies on coherent buffers for passing data from
-# the AP CPU to the CryptoCell
-ifeq (${ARM_CRYPTOCELL_INTEG},1)
- ifeq (${USE_COHERENT_MEM},0)
- $(error "ARM_CRYPTOCELL_INTEG needs USE_COHERENT_MEM to be set.")
- endif
+# Enable PIE support for RESET_TO_BL31/RESET_TO_SP_MIN case
+ifneq ($(filter 1,${RESET_TO_BL31} ${RESET_TO_SP_MIN}),)
+ ENABLE_PIE := 1
endif
# Disable GPT parser support, use FIP image by default
@@ -181,8 +183,22 @@ endif
# Enable CRC instructions via extension for ARMv8-A CPUs.
# For ARMv8.1-A, and onwards CRC instructions are default enabled.
# Enable HW computed CRC support unconditionally in BL2 component.
-ifeq (${ARM_ARCH_MINOR},0)
- BL2_CPPFLAGS += -march=armv8-a+crc
+ifeq (${ARM_ARCH_MAJOR},8)
+ ifeq (${ARM_ARCH_MINOR},0)
+ BL2_CPPFLAGS += -march=armv8-a+crc
+ endif
+endif
+
+ifeq ($(PSA_FWU_SUPPORT),1)
+ # GPT support is recommended as per PSA FWU specification hence
+ # PSA FWU implementation is tightly coupled with GPT support,
+ # and it does not support other formats.
+ ifneq ($(ARM_GPT_SUPPORT),1)
+ $(error For PSA_FWU_SUPPORT, ARM_GPT_SUPPORT must be enabled)
+ endif
+ FWU_MK := drivers/fwu/fwu.mk
+ $(info Including ${FWU_MK})
+ include ${FWU_MK}
endif
ifeq (${ARCH}, aarch64)
@@ -194,18 +210,22 @@ PLAT_BL_COMMON_SOURCES += plat/arm/common/${ARCH}/arm_helpers.S \
plat/arm/common/arm_console.c
ifeq (${ARM_XLAT_TABLES_LIB_V1}, 1)
-PLAT_BL_COMMON_SOURCES += lib/xlat_tables/xlat_tables_common.c \
+PLAT_BL_COMMON_SOURCES += lib/xlat_tables/xlat_tables_common.c \
lib/xlat_tables/${ARCH}/xlat_tables.c
else
+ifeq (${XLAT_MPU_LIB_V1}, 1)
+include lib/xlat_mpu/xlat_mpu.mk
+PLAT_BL_COMMON_SOURCES += ${XLAT_MPU_LIB_V1_SRCS}
+else
include lib/xlat_tables_v2/xlat_tables.mk
-
-PLAT_BL_COMMON_SOURCES += ${XLAT_TABLES_LIB_SRCS}
+PLAT_BL_COMMON_SOURCES += ${XLAT_TABLES_LIB_SRCS}
+endif
endif
ARM_IO_SOURCES += plat/arm/common/arm_io_storage.c \
plat/arm/common/fconf/arm_fconf_io.c
ifeq (${SPD},spmd)
- ifeq (${SPMD_SPM_AT_SEL2},1)
+ ifeq (${BL2_ENABLE_SP_LOAD},1)
ARM_IO_SOURCES += plat/arm/common/fconf/arm_fconf_sp.c
endif
endif
@@ -230,24 +250,28 @@ BL2_SOURCES += drivers/delay_timer/delay_timer.c \
drivers/io/io_storage.c \
plat/arm/common/arm_bl2_setup.c \
plat/arm/common/arm_err.c \
- common/hw_crc32.c \
+ common/tf_crc32.c \
${ARM_IO_SOURCES}
# Firmware Configuration Framework sources
include lib/fconf/fconf.mk
+BL1_SOURCES += ${FCONF_SOURCES} ${FCONF_DYN_SOURCES}
+BL2_SOURCES += ${FCONF_SOURCES} ${FCONF_DYN_SOURCES}
+
# Add `libfdt` and Arm common helpers required for Dynamic Config
include lib/libfdt/libfdt.mk
DYN_CFG_SOURCES += plat/arm/common/arm_dyn_cfg.c \
plat/arm/common/arm_dyn_cfg_helpers.c \
- common/fdt_wrappers.c \
common/uuid.c
+DYN_CFG_SOURCES += ${FDT_WRAPPERS_SOURCES}
+
BL1_SOURCES += ${DYN_CFG_SOURCES}
BL2_SOURCES += ${DYN_CFG_SOURCES}
-ifeq (${BL2_AT_EL3},1)
+ifeq (${RESET_TO_BL2},1)
BL2_SOURCES += plat/arm/common/arm_bl2_el3_setup.c
endif
@@ -256,8 +280,10 @@ endif
ifeq (${JUNO_AARCH32_EL3_RUNTIME},1)
BL2_SOURCES += plat/arm/common/aarch32/arm_bl2_mem_params_desc.c
else
+ifneq (${PLAT}, corstone1000)
BL2_SOURCES += plat/arm/common/${ARCH}/arm_bl2_mem_params_desc.c
endif
+endif
BL2_SOURCES += plat/arm/common/arm_image_load.c \
common/desc_image_load.c
ifeq (${SPD},opteed)
@@ -273,25 +299,30 @@ BL31_SOURCES += plat/arm/common/arm_bl31_setup.c \
plat/arm/common/arm_topology.c \
plat/common/plat_psci_common.c
-ifneq ($(filter 1,${ENABLE_PMF} ${ARM_ETHOSN_NPU_DRIVER}),)
+ifneq ($(filter 1,${ENABLE_PMF} ${ETHOSN_NPU_DRIVER}),)
ARM_SVC_HANDLER_SRCS :=
ifeq (${ENABLE_PMF},1)
ARM_SVC_HANDLER_SRCS += lib/pmf/pmf_smc.c
endif
-ifeq (${ARM_ETHOSN_NPU_DRIVER},1)
+ifeq (${ETHOSN_NPU_DRIVER},1)
ARM_SVC_HANDLER_SRCS += plat/arm/common/fconf/fconf_ethosn_getter.c \
drivers/delay_timer/delay_timer.c \
drivers/arm/ethosn/ethosn_smc.c
+ifeq (${ETHOSN_NPU_TZMP1},1)
+ARM_SVC_HANDLER_SRCS += drivers/arm/ethosn/ethosn_big_fw.c
+endif
endif
ifeq (${ARCH}, aarch64)
BL31_SOURCES += plat/arm/common/aarch64/execution_state_switch.c\
plat/arm/common/arm_sip_svc.c \
+ plat/arm/common/plat_arm_sip_svc.c \
${ARM_SVC_HANDLER_SRCS}
else
BL32_SOURCES += plat/arm/common/arm_sip_svc.c \
+ plat/arm/common/plat_arm_sip_svc.c \
${ARM_SVC_HANDLER_SRCS}
endif
endif
@@ -308,45 +339,56 @@ endif
endif
# RAS sources
-ifeq (${RAS_EXTENSION},1)
+ifeq (${ENABLE_FEAT_RAS}-${HANDLE_EA_EL3_FIRST_NS},1-1)
BL31_SOURCES += lib/extensions/ras/std_err_record.c \
lib/extensions/ras/ras_common.c
endif
# Pointer Authentication sources
ifeq (${ENABLE_PAUTH}, 1)
-PLAT_BL_COMMON_SOURCES += plat/arm/common/aarch64/arm_pauth.c \
- lib/extensions/pauth/pauth_helpers.S
+PLAT_BL_COMMON_SOURCES += plat/arm/common/aarch64/arm_pauth.c
endif
ifeq (${SPD},spmd)
BL31_SOURCES += plat/common/plat_spmd_manifest.c \
- common/fdt_wrappers.c \
common/uuid.c \
${LIBFDT_SRCS}
+BL31_SOURCES += ${FDT_WRAPPERS_SOURCES}
+endif
+
+ifeq (${DRTM_SUPPORT},1)
+BL31_SOURCES += plat/arm/common/arm_err.c
endif
ifneq (${TRUSTED_BOARD_BOOT},0)
# Include common TBB sources
- AUTH_SOURCES := drivers/auth/auth_mod.c \
- drivers/auth/crypto_mod.c \
- drivers/auth/img_parser_mod.c \
- lib/fconf/fconf_tbbr_getter.c
+ AUTH_SOURCES := drivers/auth/auth_mod.c \
+ drivers/auth/img_parser_mod.c
# Include the selected chain of trust sources.
ifeq (${COT},tbbr)
- BL1_SOURCES += drivers/auth/tbbr/tbbr_cot_common.c \
+ BL1_SOURCES += drivers/auth/tbbr/tbbr_cot_common.c \
drivers/auth/tbbr/tbbr_cot_bl1.c
ifneq (${COT_DESC_IN_DTB},0)
BL2_SOURCES += lib/fconf/fconf_cot_getter.c
else
- BL2_SOURCES += drivers/auth/tbbr/tbbr_cot_common.c \
- drivers/auth/tbbr/tbbr_cot_bl2.c
+ BL2_SOURCES += drivers/auth/tbbr/tbbr_cot_common.c
+ # Juno has its own TBBR CoT file for BL2
+ ifneq (${PLAT},juno)
+ BL2_SOURCES += drivers/auth/tbbr/tbbr_cot_bl2.c
+ endif
endif
else ifeq (${COT},dualroot)
AUTH_SOURCES += drivers/auth/dualroot/cot.c
+ else ifeq (${COT},cca)
+ BL1_SOURCES += drivers/auth/cca/cot.c
+ ifneq (${COT_DESC_IN_DTB},0)
+ BL2_SOURCES += lib/fconf/fconf_cot_getter.c
+ else
+ BL2_SOURCES += drivers/auth/cca/cot.c
+ endif
else
$(error Unknown chain of trust ${COT})
endif
@@ -361,20 +403,46 @@ ifneq (${TRUSTED_BOARD_BOOT},0)
$(eval $(call TOOL_ADD_IMG,ns_bl2u,--fwu,FWU_))
- # We expect to locate the *.mk files under the directories specified below
-ifeq (${ARM_CRYPTOCELL_INTEG},0)
- CRYPTO_LIB_MK := drivers/auth/mbedtls/mbedtls_crypto.mk
-else
- CRYPTO_LIB_MK := drivers/auth/cryptocell/cryptocell_crypto.mk
-endif
IMG_PARSER_LIB_MK := drivers/auth/mbedtls/mbedtls_x509.mk
- $(info Including ${CRYPTO_LIB_MK})
- include ${CRYPTO_LIB_MK}
-
$(info Including ${IMG_PARSER_LIB_MK})
include ${IMG_PARSER_LIB_MK}
+endif
+
+# Include Measured Boot makefile before any Crypto library makefile.
+# Crypto library makefile may need default definitions of Measured Boot build
+# flags present in Measured Boot makefile.
+ifneq ($(filter 1,${MEASURED_BOOT} ${DRTM_SUPPORT}),)
+ MEASURED_BOOT_MK := drivers/measured_boot/event_log/event_log.mk
+ $(info Including ${MEASURED_BOOT_MK})
+ include ${MEASURED_BOOT_MK}
+
+ ifneq (${MBOOT_EL_HASH_ALG}, sha256)
+ $(eval $(call add_define,TF_MBEDTLS_MBOOT_USE_SHA512))
+ endif
+
+ ifeq (${MEASURED_BOOT},1)
+ BL1_SOURCES += ${EVENT_LOG_SOURCES}
+ BL2_SOURCES += ${EVENT_LOG_SOURCES}
+ endif
+ ifeq (${DRTM_SUPPORT},1)
+ BL31_SOURCES += ${EVENT_LOG_SOURCES}
+ endif
+endif
+
+ifneq ($(filter 1,${MEASURED_BOOT} ${TRUSTED_BOARD_BOOT} ${DRTM_SUPPORT}),)
+ CRYPTO_SOURCES := drivers/auth/crypto_mod.c \
+ lib/fconf/fconf_tbbr_getter.c
+ BL1_SOURCES += ${CRYPTO_SOURCES}
+ BL2_SOURCES += ${CRYPTO_SOURCES}
+ BL31_SOURCES += drivers/auth/crypto_mod.c
+
+ # We expect to locate the *.mk files under the directories specified below
+ CRYPTO_LIB_MK := drivers/auth/mbedtls/mbedtls_crypto.mk
+
+ $(info Including ${CRYPTO_LIB_MK})
+ include ${CRYPTO_LIB_MK}
endif
ifeq (${RECLAIM_INIT_CODE}, 1)
@@ -382,9 +450,3 @@ ifeq (${RECLAIM_INIT_CODE}, 1)
$(error "To reclaim init code xlat tables v2 must be used")
endif
endif
-
-ifeq (${MEASURED_BOOT},1)
- MEASURED_BOOT_MK := drivers/measured_boot/measured_boot.mk
- $(info Including ${MEASURED_BOOT_MK})
- include ${MEASURED_BOOT_MK}
-endif