aboutsummaryrefslogtreecommitdiff
path: root/Makefile
AgeCommit message (Collapse)Author
2021-02-25Enable v8.6 AMU enhancements (FEAT_AMUv1p1)johpow01
ARMv8.6 adds virtual offset registers to support virtualization of the event counters in EL1 and EL0. This patch enables support for this feature in EL3 firmware. Signed-off-by: John Powell <john.powell@arm.com> Change-Id: I7ee1f3d9f554930bf5ef6f3d492e932e6d95b217
2021-02-05Add TRNG Firmware Interface serviceJimmy Brisson
This adds the TRNG Firmware Interface Service to the standard service dispatcher. This includes a method for dispatching entropy requests to platforms and includes an entropy pool implementation to avoid dropping any entropy requested from the platform. Change-Id: I71cadb3cb377a507652eca9e0d68714c973026e9 Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com> Signed-off-by: Andre Przywara <andre.przywara@arm.com>
2021-01-26Merge changes from topic "tp-feat-rng" into integrationSandrine Bailleux
* changes: plat/qemu: Use RNDR in stack protector Makefile: Add FEAT_RNG support define Define registers for FEAT_RNG support
2021-01-15Makefile: Add FEAT_RNG support defineTomas Pilar
Define ENABLE_FEAT_RNG that describes whether the armv8.5 FEAT_RNG is supported in this build. This allows conditional inclusion of code targetting RNDR and RNDRRS registers. Signed-off-by: Tomas Pilar <tomas@nuviainc.com> Change-Id: Idd632f8b9bc20ea3d8793f55ead88fa12cb08821
2021-01-08Makefile: Fix ${FIP_NAME} to be rebuilt only when neededPali Rohár
Currently ${FIP_DEPS} as prerequisite for ${BUILD_PLAT}/${FIP_NAME} contains .PHONY targets check_$(1) and therefore ${BUILD_PLAT}/${FIP_NAME} is always rebuilt even when other file target prerequisites are not changed. These changes fix above issue and ${BUILD_PLAT}/${FIP_NAME} target is rebuilt only when its prerequisites are changed. There are 3 changes: Content of check_$(1) target is moved into check_$(1)_cmd variable so it can be easily reused. .PHONY check_$(1) targets are not put into ${FIP_DEPS} and ${FWU_FIP_DEPS} dependencies anymore and required checks which are in ${CHECK_FIP_CMD} and ${CHECK_FWU_FIP_CMD} variables are executed as part of targets ${BUILD_PLAT}/${FIP_NAME} and ${BUILD_PLAT}/${FWU_FIP_NAME} itself. To ensure that ${BUILD_PLAT}/${FIP_NAME} and ${BUILD_PLAT}/${FWU_FIP_NAME} are rebuilt even when additional dependency file image added by TOOL_ADD_IMG is changed, this file image (if exists) is added as file dependency to ${FIP_DEPS} and ${FWU_FIP_DEPS}. If it does not exist then FORCE target is added to ensure that FIP/FWU_FIP is rebuilt. Command ${CHECK_FIP_CMD}/${CHECK_FWU_FIP_CMD} will then thrown an error message if the file is required but not present. So this change ensures that if BL33 image is updated then final FIP image is updated too. And if BL33 image is not specified or does not exist and is required to be present then check_$(1)_cmd call from ${CHECK_FIP_CMD} would ensure that error message is thrown during build. Signed-off-by: Pali Rohár <pali@kernel.org> Change-Id: I635cf82e2b667ff57e2af83500d4aca71d235e3e
2021-01-07Makefile: Do not mark file targets as .PHONY targetPali Rohár
Only non-file targets should be set a .PHONY. Otherwise if file target is set as .PHONY then targets which depends on those file .PHONY targets would be always rebuilt even when their prerequisites are not changed. File target which needs to be always rebuilt can be specified in Make system via having a prerequisite on some .PHONY target, instead of marking whole target as .PHONY. In Makefile projects it is common to create empty .PHONY target named FORCE for this purpose. This patch changes all file targets which are set as .PHONY to depends on new .PHONY target FORCE, to ensure that these file targets are always rebuilt (as before). Basically they are those targets which calls external make subprocess. After FORCE target is specified in main Makefile, remove it from other Makefile files to prevent duplicate definitions. Signed-off-by: Pali Rohár <pali@kernel.org> Change-Id: Iee3b4e0de93879b95eb29a1745a041538412e69e
2020-12-15Merge "Add support for FEAT_MTPMU for Armv8.6" into integrationMark Dykes
2020-12-11Add support for FEAT_MTPMU for Armv8.6Javier Almansa Sobrino
If FEAT_PMUv3 is implemented and PMEVTYPER<n>(_EL0).MT bit is implemented as well, it is possible to control whether PMU counters take into account events happening on other threads. If FEAT_MTPMU is implemented, EL3 (or EL2) can override the MT bit leaving it to effective state of 0 regardless of any write to it. This patch introduces the DISABLE_MTPMU flag, which allows to diable multithread event count from EL3 (or EL2). The flag is disabled by default so the behavior is consistent with those architectures that do not implement FEAT_MTPMU. Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com> Change-Id: Iee3a8470ae8ba13316af1bd40c8d4aa86e0cb85e
2020-12-10TF-A: Add build option for Arm Feature ModifiersAlexei Fedorov
This patch adds a new ARM_ARCH_FEATURE build option to add support for compiler's feature modifiers. It has the form '[no]feature+...' and defaults to 'none'. This option translates into compiler option '-march=armvX[.Y]-a+[no]feature+...'. Change-Id: I37742f270a898f5d6968e146cbcc04cbf53ef2ad Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
2020-11-17Makefile: Update the minor version to indicate 2.4 releaseManish V Badarkhe
Updated the minor version to '4' to indicate 2.4 release Change-Id: Ib142fa15baeb43025fae371c7649199b8121c18f Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
2020-10-20lib: el3_runtime: Conditionally save/restore EL2 NEVE registersArunachalam Ganapathy
Include EL2 registers related to Nested Virtualization in EL2 context save/restore routines if architecture supports it and platform wants to use these features in Secure world. Change-Id: If006ab83bbc2576488686f5ffdff88b91adced5c Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
2020-10-12Makefile: Remove unused macroManish V Badarkhe
Removed unused macro AARCH32 and AARCH64 from makefile Change-Id: I6729e300f18d66dd7c6978d3bbd5a88937839c31 Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
2020-10-12Remove deprecated macro from TF-A codeManish V Badarkhe
Removed '__ASSEMBLY__' deprecated macro from TF-A code Change-Id: I9082a568b695acb5b903f509db11c8672b62d9d0 Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
2020-09-21Merge "build_macros.mk: include assert and define loop macros" into integrationOlivier Deprez
2020-09-14build_macros.mk: include assert and define loop macrosLeonardo Sandoval
Loop macros make it easier for developers to include new variables to assert or define and also help code code readability on makefiles. Change-Id: I0d21d6e67b3eca8976c4d856ac8ccc02c8bb5ffa Signed-off-by: Leonardo Sandoval <leonardo.sandoval@linaro.org>
2020-09-14Update makefile to build fiptool for WindowsSami Mujawar
Although support for building fiptool on a Windows host was present, the binary was not built when the top level makefile was invoked. This patch makes the necessary changes to the to support building of fiptool on a Windows host PC from the main makefile. Change-Id: I0c01ba237fa3010a027a1b324201131210cf4d7c Signed-off-by: Sami Mujawar <sami.mujawar@arm.com>
2020-08-23tools: Get the tool's binary name from the main makefileManish V Badarkhe
Currently, the tool's makefile override the tool's binary name which is already been defined in the main makefile. Hence fix is provided so that the tool's makefile get the tool's binary name from the main makefile instead of overriding it. Change-Id: I8af2bd391a96bba2dbcddef711338a94ebf5f038 Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
2020-08-17Merge "plat/arm: Use common build flag for using generic sp804 driver" into ↵Mark Dykes
integration
2020-08-17plat/arm: Use common build flag for using generic sp804 driverMadhukar Pappireddy
SP804 TIMER is not platform specific, and current code base adds multiple defines to use this driver. Like FVP_USE_SP804_TIMER and FVP_VE_USE_SP804_TIMER. This patch removes platform specific build flag and adds generic flag `USE_SP804_TIMER` to be set to 1 by platform if needed. Change-Id: I5ab792c189885fd1b98ddd187f3a38ebdd0baba2 Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
2020-08-14SPM: Alter sp_gen.mk entry depending on owner of partitionRuari Phipps
With recently introduced dualroot CoT for SPs where they are owned either by SiP or by Platform. SiP owned SPs index starts at SP_PKG1_ID while Plat owned SPs index starts at SP_PKG5_ID. This patch modifies SP makefile generator script to take CoT as an argument and if it is "dualroot" then generates SP_PKG in order mentioned above, otherwise generates it sequentially. Signed-off-by: Ruari Phipps <ruari.phipps@arm.com> Change-Id: Iffad1131787be650a9462f6f8cc09b603cddb3b8
2020-08-05Merge "Use abspath to dereference $BUILD_BASE" into integrationAlexei Fedorov
2020-08-04Use abspath to dereference $BUILD_BASEGrant Likely
If the user tries to change BUILD_BASE to put the build products outside the build tree the compile will fail due to hard coded assumptions that $BUILD_BASE is a relative path. Fix by using $(abspath $(BUILD_BASE)) to rationalize to an absolute path every time and remove the relative path assumptions. This patch also adds documentation that BUILD_BASE can be specified by the user. Signed-off-by: Grant Likely <grant.likely@arm.com> Signed-off-by: Manish Pandey <manish.pandey2@arm.com> Change-Id: Ib1af874de658484aaffc672f30029b852d2489c8
2020-08-04Merge "SPM: build OP-TEE as an S-EL1 Secure Partition" into integrationManish Pandey
2020-07-30SPM: build OP-TEE as an S-EL1 Secure PartitionOlivier Deprez
Provide manifest and build options to boot OP-TEE as a guest S-EL1 Secure Partition on top of Hafnium in S-EL2. Increase ARM_SP_MAX_SIZE to cope with OP-TEE debug build image. Signed-off-by: Olivier Deprez <olivier.deprez@arm.com> Change-Id: Idd2686fa689a78fe2d05ed92b1d23c65e2edd4cb
2020-07-30Makefile, doc: Make OPENSSL_DIR variable as build option for toolsManish V Badarkhe
Openssl directory path is hardcoded to '/usr' in the makefile of certificate generation and firmware encryption tool using 'OPENSSL_DIR' variable. Hence changes are done to make 'OPENSSL_DIR' variable as a build option so that user can provide openssl directory path while building the certificate generation and firmware encryption tool. Also, updated the document for this newly created build option Change-Id: Ib1538370d2c59263417f5db3746d1087ee1c1339 Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
2020-07-09make, doc: Add build option to create chain of trust at runtimeManish V Badarkhe
Added a build option 'COT_DESC_IN_DTB' to create chain of trust at runtime using fconf. Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com> Change-Id: I92b257ac4ece8bbf56f05a41d1e4056e2422ab89
2020-06-29Fix makefile to build on a Windows host PCSami Mujawar
The TF-A firmware build system is capable of building on both Unix like and Windows host PCs. The commit ID 7ff088 "Enable MTE support" updated the Makefile to conditionally enable the MTE support if the AArch64 architecture revision was greater than 8.5. However, the Makefile changes were dependent on shell commands that are only available on unix shells, resulting in build failures on a Windows host PC. This patch fixes the Makefile by using a more portable approach for comparing the architecture revision. Change-Id: Icb56cbecd8af5b0b9056d105970ff4a6edd1755a Signed-off-by: Sami Mujawar <sami.mujawar@arm.com>
2020-06-19TF-A: Add ARMv8.5 'bti' build optionAlexei Fedorov
This patch adds BRANCH_PROTECTION = 4 'bti' build option which turns on branch target identification mechanism. Change-Id: I32464a6b51726a100519f449a95aea5331f0e82d Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
2020-06-12Prevent RAS register access from lower ELsVarun Wadekar
This patch adds a build config 'RAS_TRAP_LOWER_EL_ERR_ACCESS' to set SCR_EL3.TERR during CPU boot. This bit enables trapping RAS register accesses from EL1 or EL2 to EL3. RAS_TRAP_LOWER_EL_ERR_ACCESS is disabled by default. Signed-off-by: Varun Wadekar <vwadekar@nvidia.com> Change-Id: Ifb0fb0afedea7dd2a29a0b0491a1161ecd241438
2020-06-09Merge changes from topic "sp_secure_boot" into integrationManish Pandey
* changes: dualroot: add chain of trust for secure partitions sptool: append cert_tool arguments. cert_create: add SiP owned secure partitions support
2020-06-09plat/fvp: Add support for dynamic description of secure interruptsMadhukar Pappireddy
Using the fconf framework, the Group 0 and Group 1 secure interrupt descriptors are moved to device tree and retrieved in runtime. This feature is enabled by the build flag SEC_INT_DESC_IN_FCONF. Change-Id: I360c63a83286c7ecc2426cd1ff1b4746d61e633c Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
2020-06-08sptool: append cert_tool arguments.Manish Pandey
To support secure boot of SP's update cert tool arguments while generating sp_gen.mk which in turn is consumed by build system. Signed-off-by: Manish Pandey <manish.pandey2@arm.com> Change-Id: I2293cee9b7c684c27d387aba18e0294c701fb1cc
2020-05-15plat/arm/fvp: Support performing SDEI platform setup in runtimeBalint Dobszay
This patch introduces dynamic configuration for SDEI setup and is supported when the new build flag SDEI_IN_FCONF is enabled. Instead of using C arrays and processing the configuration at compile time, the config is moved to dts files. It will be retrieved at runtime during SDEI init, using the fconf layer. Change-Id: If5c35a7517ba00a9f258d7f3e7c8c20cee169a31 Signed-off-by: Balint Dobszay <balint.dobszay@arm.com> Co-authored-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
2020-05-14Implement workaround for AT speculative behaviourManish V Badarkhe
During context switching from higher EL (EL2 or higher) to lower EL can cause incorrect translation in TLB due to speculative execution of AT instruction using out-of-context translation regime. Workaround is implemented as below during EL's (EL1 or EL2) "context_restore" operation: 1. Disable page table walk using SCTLR.M and TCR.EPD0 & EPD1 bits for EL1 or EL2 (stage1 and stage2 disabled) 2. Save all system registers except TCR and SCTLR (for EL1 and EL2) 3. Do memory barrier operation (isb) to ensure all system register writes are done. 4. Restore TCR and SCTLR registers (for EL1 and EL2) Errata details are available for various CPUs as below: Cortex-A76: 1165522 Cortex-A72: 1319367 Cortex-A57: 1319537 Cortex-A55: 1530923 Cortex-A53: 1530924 More details can be found in mail-chain: https://lists.trustedfirmware.org/pipermail/tf-a/2020-April/000445.html Currently, Workaround is implemented as build option which is default disabled. Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com> Change-Id: If8545e61f782cb0c2dda7ffbaf50681c825bd2f0
2020-04-25Fix build type is empty in version stringPeiyuan Song
Signed-off-by: Peiyuan Song <squallatf@gmail.com> Change-Id: I97c2e6f8c12ecf828605811019d47a24293c1ebb
2020-04-20Incrementing the minor version to reflect upcoming v2.3 releaseMadhukar Pappireddy
Change-Id: I27f7d92988fc16f68041c2ddaa8dd3a60362ddd1 Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
2020-04-02Merge changes from topic "macro-cleanup" into integrationMark Dykes
* changes: plat: remove redundant =1 from -D option Pass more -D options to BL*_CPPFLAGS instead of BL*_CFLAGS
2020-04-02Pass more -D options to BL*_CPPFLAGS instead of BL*_CFLAGSMasahiro Yamada
Commit d5e97a1d2c79 ("Build: define IMAGE_AT_EL1 or IMAGE_AT_EL3 globally for C files") does not have commit 848a7e8ce1d9 ("Build: introduce per-BL CPPFLAGS and ASFLAGS") as an ancestor because they were pulled almost at the same time. This is a follow-up conversion to be consistent with commit 11a3c5ee7325 ("plat: pass -D option to BL*_CPPFLAGS instead of BL*_CFLAGS"). With this change, the command line option, IMAGE_AT_EL3, will be passed to .S files as well. I remove the definition in include/lib/cpus/aarch64/cpu_macros.S Otherwise, the following error would happen. include/lib/cpus/aarch64/cpu_macros.S:29:0: error: "IMAGE_AT_EL3" redefined [-Werror] Change-Id: I943c8f22356483c2ae3c57b515c69243a8fa6889 Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
2020-04-01cryptocell: add support for Cryptocell 713Gilad Ben-Yossef
Add Crypto 713 support as crypto module and NVM counter provider. As files under include/drivers/arm/cryptocell/713/ are copied verbatim from the CryptoCell SBROM lib project they are filtered from checkpatch coding style check. Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com> Change-Id: I7c361772f00ca7d96481f81ac6cbb2704467e52c
2020-04-01Enable MTE supportManish V Badarkhe
Enable MTE support by adding memory tag option in Makefile This option is available only when ARMv8.5-MemTag is implemented MTE options are added in latest clang and armclang compiler which support below options: for clang <version 11.0.0> 1. -march=arm8.5-a+memtag 2. -fsanitize=memtag for armclang <version 6.12> 1. -march=arm8.5-a+memtag 2. -mmemtag-stack Set the option SUPPORT_STACK_MEMTAG=yes to enable memory stack tagging. Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com> Change-Id: I4e0bbde4e9769ce03ead6f550158e22f32c1c413
2020-03-31Merge "Build: define IMAGE_AT_EL1 or IMAGE_AT_EL3 globally for C files" into ↵Mark Dykes
integration
2020-03-31Makefile: don't use $(CC) before value is explicit setAhmad Fatoum
Unless specified in the environment, $(CC) expands to some generic host C compiler like cc or c99. We set our own value for $(CC), but only few lines later. Move the first use of the $(CC) variable behind the definition to correct this. Change-Id: I45344e063d21ddfe22b7ad77954e85c1c46087bd Fixes: 1684b8733 ("Use clang assembler when clang compiler is used") Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
2020-03-31Build: define IMAGE_AT_EL1 or IMAGE_AT_EL3 globally for C filesMasahiro Yamada
The build system defines the IMAGE_BL* macro when compiling each image. This is useful to distinguish which image the current file is being built for by using #if defined(IMAGE_BL2) or #if defined(IMAGE_BL31), or whatever. There are some cases where we are more interested in which exception level the current file is being built for. include/lib/cpus/{aarch32,aarch64}/cpu_macros.S defines IMAGE_AT_EL3, but we do not have it globally. Pass IMAGE_AT_EL1 or IMAGE_AT_EL3 to BL*_CFLAGS so that it is available from all C code. The library code (libc.a, libmbedtls.a, etc.) is exceptional cases, where the code can be shared between BL images. Other than that, we know the exception level at the build time, and this macro will be useful in the shared code. Change-Id: I7c8a1da10726906adfba981cfe8464dff111d6b0 Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
2020-03-25FVP: Add BL2 hash calculation in BL1Alexei Fedorov
This patch provides support for measured boot by adding calculation of BL2 image hash in BL1 and writing these data in TB_FW_CONFIG DTB. Change-Id: Ic074a7ed19b14956719c271c805b35d147b7cec1 Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
2020-03-24Merge "fconf: Clean Arm IO" into integrationMark Dykes
2020-03-23spmd: skip loading of secure partitions on pre-v8.4 platformsOlivier Deprez
When SPD=spmd and SPMD_SPM_AT_SEL2=0, that is SPMC sits at S-EL1 then there is no need for TF-A to load secure partitions individually. In this configuration, SPMC handles secure partition loading at S-EL1/EL0 levels. Signed-off-by: Olivier Deprez <olivier.deprez@arm.com> Signed-off-by: Manish Pandey <manish.pandey2@arm.com> Change-Id: I06a0d88a4811274a8c347ce57b56bb5f64e345df
2020-03-16fconf: Clean Arm IOLouis Mayencourt
Merge the previously introduced arm_fconf_io_storage into arm_io_storage. This removes the duplicate io_policies and functions definition. This patch: - replace arm_io_storage.c with the content of arm_fconf_io_storage.c - rename the USE_FCONF_BASED_IO option into ARM_IO_IN_DTB. - use the ARM_IO_IN_DTB option to compile out io_policies moved in dtb. - propagate DEFINES when parsing dts. - use ARM_IO_IN_DTB to include or not uuid nodes in fw_config dtb. - set the ARM_IO_IN_DTB to 0 by default for fvp. This ensure that the behavior of fvp stays the same as it was before the introduction of fconf. Change-Id: Ia774a96d1d3a2bccad29f7ce2e2b4c21b26c080e Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
2020-03-11fconf: necessary modifications to support fconf in BL31 & SP_MINMadhukar Pappireddy
Necessary infrastructure added to integrate fconf framework in BL31 & SP_MIN. Created few populator() functions which parse HW_CONFIG device tree and registered them with fconf framework. Many of the changes are only applicable for fvp platform. This patch: 1. Adds necessary symbols and sections in BL31, SP_MIN linker script 2. Adds necessary memory map entry for translation in BL31, SP_MIN 3. Creates an abstraction layer for hardware configuration based on fconf framework 4. Adds necessary changes to build flow (makefiles) 5. Minimal callback to read hw_config dtb for capturing properties related to GIC(interrupt-controller node) 6. updates the fconf documentation Change-Id: Ib6292071f674ef093962b9e8ba0d322b7bf919af Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
2020-03-06Makefile: Add support to optionally encrypt BL31 and BL32Sumit Garg
Following build flags have been added to support optional firmware encryption: - FW_ENC_STATUS: Top level firmware's encryption numeric flag, values: 0: Encryption is done with Secret Symmetric Key (SSK) which is common for a class of devices. 1: Encryption is done with Binding Secret Symmetric Key (BSSK) which is unique per device. - ENC_KEY: A 32-byte (256-bit) symmetric key in hex string format. It could be SSK or BSSK depending on FW_ENC_STATUS flag. - ENC_NONCE: A 12-byte (96-bit) encryption nonce or Initialization Vector (IV) in hex string format. - ENCRYPT_BL31: Binary flag to enable encryption of BL31 firmware. - ENCRYPT_BL32: Binary flag to enable encryption of Secure BL32 payload. Similar flags can be added to encrypt other firmwares as well depending on use-cases. Signed-off-by: Sumit Garg <sumit.garg@linaro.org> Change-Id: I94374d6830ad5908df557f63823e58383d8ad670
2020-03-06tools: Add firmware authenticated encryption toolSumit Garg
Add firmware authenticated encryption tool which utilizes OpenSSL library to encrypt firmwares using a key provided via cmdline. Currently this tool supports AES-GCM as an authenticated encryption algorithm. Signed-off-by: Sumit Garg <sumit.garg@linaro.org> Change-Id: I60e296af1b98f1912a19d5f91066be7ea85836e4