TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / OP-TEE / build / 58b2bf906d9b3ecab04f7e9cb3fdb89b38994f1a / . / fvp-psa-sp.mk
blob: 29139b5c6d7004d061a925fa7e04c3231711b781 [file] [log] [blame]
Balint Dobszay1bf41f52022-05-30 12:56:38 +0200[diff] [blame]1FVP_VIRTFS_ENABLE ?= y
2FVP_VIRTFS_AUTOMOUNT ?= y
3MEASURED_BOOT ?= y
4MEASURED_BOOT_FTPM ?= n
5TS_SMM_GATEWAY ?= y
Gabor Ambrus557af272023-08-16 12:59:55 +0200[diff] [blame]6TS_LOGGING_SP ?= y
7TS_LOGGING_SP_LOG ?= "trusted-services-logs.txt"
Imre Kiscef118b2023-01-11 18:01:46 +0100[diff] [blame]8TS_UEFI_TESTS ?= n
Gyorgy Szing08d69742023-04-05 07:30:08 +0000[diff] [blame]9TS_FW_UPDATE ?= n
Gabor Totha95b5812023-11-09 19:10:36 +0100[diff] [blame]10TS_UEFI_AUTH_VAR ?= y
Gabor Tothab319782023-12-14 08:52:28 +0100[diff] [blame]11TS_UEFI_INTERNAL_CRYPTO ?= n
Balint Dobszaya59865b2022-09-13 16:47:27 +0200[diff] [blame]12# Supported values: embedded, fip
13SP_PACKAGING_METHOD ?= embedded
Imre Kiscef118b2023-01-11 18:01:46 +0100[diff] [blame]14SPMC_TESTS ?= n
Sudeep Holla68f7beb2024-05-23 17:21:55 +0100[diff] [blame]15SPMC_AT_EL ?= 1
Balint Dobszay1bf41f52022-05-30 12:56:38 +0200[diff] [blame]16
Gabor Totha95b5812023-11-09 19:10:36 +0100[diff] [blame]17ifneq ($(TS_UEFI_AUTH_VAR)-$(TS_SMM_GATEWAY),y-y)
18SP_SMM_GATEWAY_EXTRA_FLAGS += -DUEFI_AUTH_VAR=OFF
19TS_APP_UEFI_TEST_EXTRA_FLAGS += -DUEFI_AUTH_VAR=OFF
20endif
21
Gabor Tothab319782023-12-14 08:52:28 +0100[diff] [blame]22ifeq ($(TS_UEFI_INTERNAL_CRYPTO),y)
23SP_SMM_GATEWAY_EXTRA_FLAGS += -DUEFI_INTERNAL_CRYPTO=ON
24endif
25
Balint Dobszay6c7dfb22023-03-16 14:48:33 +0100[diff] [blame]26# Enable the "HArdware Volatile Entropy Gathering and Expansion" daemon to
27# overcome low-entropy conditions in the FVP
28BR2_PACKAGE_HAVEGED ?= y
Balint Dobszay2e792b32023-06-05 18:07:32 +0200[diff] [blame]29
30# Disable packages not used by this configuration
31BR2_PACKAGE_HOST_E2FSPROGS ?= n
32BR2_PACKAGE_KEYUTILS ?= n
33BR2_PACKAGE_MMC_UTILS ?= n
34BR2_PACKAGE_OPENSC ?= n
35BR2_PACKAGE_OPTEE_EXAMPLES_EXT ?= n
36BR2_PACKAGE_STRACE ?= n
37
38# Building xtest is not necessary if we don't want to run the SPMC tests
39ifneq ($(SPMC_TESTS),y)
40BR2_PACKAGE_OPTEE_TEST_EXT ?= n
41BR2_PACKAGE_LIBOPENSSL ?= n
42BR2_PACKAGE_OPENSSL ?= n
43endif
44
Imre Kis874a2dd2023-01-09 17:01:22 +0100[diff] [blame]45# TS SP configurations
46DEFAULT_SP_CONFIG ?= default-opteesp
47SP_BLOCK_STORAGE_CONFIG ?= $(DEFAULT_SP_CONFIG)
48SP_PSA_ITS_CONFIG ?= $(DEFAULT_SP_CONFIG)
49SP_PSA_PS_CONFIG ?= $(DEFAULT_SP_CONFIG)
50SP_PSA_CRYPTO_CONFIG ?= $(DEFAULT_SP_CONFIG)
51SP_PSA_ATTESTATION_CONFIG ?= $(DEFAULT_SP_CONFIG)
52SP_SMM_GATEWAY_CONFIG ?= $(DEFAULT_SP_CONFIG)
Gyorgy Szing08d69742023-04-05 07:30:08 +0000[diff] [blame]53SP_FWU_CONFIG ?= $(DEFAULT_SP_CONFIG)
Gabor Ambrus557af272023-08-16 12:59:55 +0200[diff] [blame]54SP_LOGGING_CONFIG ?= $(DEFAULT_SP_CONFIG)
Imre Kis874a2dd2023-01-09 17:01:22 +0100[diff] [blame]55
Balint Dobszay3730e012023-06-02 11:40:41 +0200[diff] [blame]56LINUX_DEFCONFIG_COMMON_FILES ?= $(CURDIR)/kconfigs/fvp_trusted-services.conf
57
Balint Dobszay1bf41f52022-05-30 12:56:38 +0200[diff] [blame]58include fvp.mk
59include trusted-services.mk
60
Imre Kisefd2ece2023-04-05 13:35:28 +0200[diff] [blame]61# The macros used in bl2_sp_list.dts and spmc_manifest.dts has to be passed to
62# TF-A because it handles the preprocessing of these files.
63define add-dtc-define
64DTC_CPPFLAGS+=-D$1=$(subst y,1,$(subst n,0,$($1)))
65endef
66
67ifeq ($(SP_PACKAGING_METHOD),fip)
68$(eval $(call add-dtc-define,SPMC_TESTS))
69$(eval $(call add-dtc-define,TS_SMM_GATEWAY))
Gyorgy Szing08d69742023-04-05 07:30:08 +0000[diff] [blame]70$(eval $(call add-dtc-define,TS_FW_UPDATE))
Gabor Ambrus557af272023-08-16 12:59:55 +0200[diff] [blame]71$(eval $(call add-dtc-define,TS_LOGGING_SP))
Imre Kisefd2ece2023-04-05 13:35:28 +0200[diff] [blame]72
73TF_A_EXPORTS += DTC_CPPFLAGS="$(DTC_CPPFLAGS)"
74endif
75
Balint Dobszay1bf41f52022-05-30 12:56:38 +0200[diff] [blame]76OPTEE_OS_COMMON_EXTRA_FLAGS += \
77 CFG_SECURE_PARTITION=y \
78 CFG_CORE_SEL1_SPMC=y \
79 CFG_CORE_HEAP_SIZE=131072 \
80 CFG_DT=y \
81 CFG_MAP_EXT_DT_SECURE=y
82
Jelle Sels3a937c52023-02-01 09:25:52 +0100[diff] [blame]83
Balint Dobszay1bf41f52022-05-30 12:56:38 +0200[diff] [blame]84# The boot order of the SPs is determined by the order of calls here. This is
85# due to the SPMC not (yet) supporting the boot order field of the SP manifest.
Imre Kis0dbd3df2023-04-05 13:31:22 +0200[diff] [blame]86ifeq ($(SPMC_TESTS),n)
Gabor Ambrus557af272023-08-16 12:59:55 +0200[diff] [blame]87# LOGGING SP
88ifeq ($(TS_LOGGING_SP),y)
89$(eval $(call build-sp,logging,config/$(SP_LOGGING_CONFIG),da9dffbd-d590-40ed-975f-19c65a3d52d3,$(SP_LOGGING_EXTRA_FLAGS)))
90endif
Imre Kis0dbd3df2023-04-05 13:31:22 +0200[diff] [blame]91# PSA SPs
Imre Kis874a2dd2023-01-09 17:01:22 +0100[diff] [blame]92$(eval $(call build-sp,block-storage,config/$(SP_BLOCK_STORAGE_CONFIG),63646e80-eb52-462f-ac4f-8cdf3987519c,$(SP_BLOCK_STORAGE_EXTRA_FLAGS)))
93$(eval $(call build-sp,internal-trusted-storage,config/$(SP_PSA_ITS_CONFIG),dc1eef48-b17a-4ccf-ac8b-dfcff7711b14,$(SP_PSA_ITS_EXTRA_FLAGS)))
94$(eval $(call build-sp,protected-storage,config/$(SP_PSA_PS_CONFIG),751bf801-3dde-4768-a514-0f10aeed1790,$(SP_PSA_PS_EXTRA_FLAGS)))
95$(eval $(call build-sp,crypto,config/$(SP_PSA_CRYPTO_CONFIG),d9df52d5-16a2-4bb2-9aa4-d26d3b84e8c0,$(SP_PSA_CRYPTO_EXTRA_FLAGS)))
Balint Dobszay1bf41f52022-05-30 12:56:38 +0200[diff] [blame]96ifeq ($(MEASURED_BOOT),y)
Imre Kis874a2dd2023-01-09 17:01:22 +0100[diff] [blame]97$(eval $(call build-sp,attestation,config/$(SP_PSA_ATTESTATION_CONFIG),a1baf155-8876-4695-8f7c-54955e8db974,$(SP_PSA_ATTESTATION_EXTRA_FLAGS)))
Balint Dobszay1bf41f52022-05-30 12:56:38 +0200[diff] [blame]98endif
99ifeq ($(TS_SMM_GATEWAY),y)
Imre Kis874a2dd2023-01-09 17:01:22 +0100[diff] [blame]100$(eval $(call build-sp,smm-gateway,config/$(SP_SMM_GATEWAY_CONFIG),ed32d533-99e6-4209-9cc0-2d72cdd998a7,$(SP_SMM_GATEWAY_EXTRA_FLAGS)))
Balint Dobszay1bf41f52022-05-30 12:56:38 +0200[diff] [blame]101endif
Gyorgy Szing08d69742023-04-05 07:30:08 +0000[diff] [blame]102ifeq ($(TS_FW_UPDATE),y)
103$(eval $(call build-sp,fwu,config/$(SP_FWU_CONFIG),6823a838-1b06-470e-9774-0cce8bfb53fd,$(SP_FWU_EXTRA_FLAGS)))
104endif
Imre Kis0dbd3df2023-04-05 13:31:22 +0200[diff] [blame]105else
106# SPMC test SPs
107OPTEE_OS_COMMON_EXTRA_FLAGS += CFG_SPMC_TESTS=y
108$(eval $(call build-sp,spm-test1,opteesp,5c9edbc3-7b3a-4367-9f83-7c191ae86a37,$(SP_SPMC_TEST_EXTRA_FLAGS)))
109$(eval $(call build-sp,spm-test2,opteesp,7817164c-c40c-4d1a-867a-9bb2278cf41a,$(SP_SPMC_TEST_EXTRA_FLAGS)))
110$(eval $(call build-sp,spm-test3,opteesp,23eb0100-e32a-4497-9052-2f11e584afa6,$(SP_SPMC_TEST_EXTRA_FLAGS)))
111$(eval $(call build-sp,spm-test4,opteesp,423762ed-7772-406f-99d8-0c27da0abbf8,$(SP_SPMC_TEST_EXTRA_FLAGS)))
112endif
Balint Dobszayc0b8fdf2022-06-02 14:41:54 +0200[diff] [blame]113
Imre Kis0dbd3df2023-04-05 13:31:22 +0200[diff] [blame]114# Linux user space applications
115ifeq ($(SPMC_TESTS),n)
Gabor Toth22d70632023-11-09 19:05:17 +0100[diff] [blame]116$(eval $(call build-ts-app,libts,$(TS_APP_LIBTS_EXTRA_FLAGS)))
117$(eval $(call build-ts-app,ts-service-test,$(TS_APP_TS_SERVICE_TEST_EXTRA_FLAGS)))
118$(eval $(call build-ts-app,psa-api-test/internal_trusted_storage,$(TS_APP_PSA_ITS_EXTRA_FLAGS)))
119$(eval $(call build-ts-app,psa-api-test/protected_storage,$(TS_APP_PSA_PS_EXTRA_FLAGS)))
120$(eval $(call build-ts-app,psa-api-test/crypto,$(TS_APP_PSA_CRYPTO_EXTRA_FLAGS)))
Balint Dobszayc0b8fdf2022-06-02 14:41:54 +0200[diff] [blame]121ifeq ($(MEASURED_BOOT),y)
Gabor Toth22d70632023-11-09 19:05:17 +0100[diff] [blame]122$(eval $(call build-ts-app,psa-api-test/initial_attestation,$(TS_APP_PSA_IAT_EXTRA_FLAGS)))
Balint Dobszayc0b8fdf2022-06-02 14:41:54 +0200[diff] [blame]123endif
124ifeq ($(TS_UEFI_TESTS),y)
Gabor Toth22d70632023-11-09 19:05:17 +0100[diff] [blame]125$(eval $(call build-ts-app,uefi-test,$(TS_APP_UEFI_TEST_EXTRA_FLAGS)))
Imre Kiscad793f2023-09-08 15:53:31 +0200[diff] [blame]126
127# uefi-test uses MM Communicate via the arm-ffa-user driver and the message
128# payload is forwarded in a carveout memory area. Adding reserved-memory node to
129# the device tree to prevent Linux from using the carveout area for other
130# purposes.
131
132ORIGINAL_DTB := $(FVP_LINUX_DTB)
133CARVEOUT_ENTRY = $(ROOT)/build/fvp/mm_communicate_carveout.dtsi
134FVP_LINUX_DTB = $(ROOT)/out/fvp_with_mm_carveout.dtb
135
136$(FVP_LINUX_DTB): $(CARVEOUT_ENTRY) | linux
137 { dtc -Idtb -Odts $(ORIGINAL_DTB); cat $(CARVEOUT_ENTRY); } | dtc -Idts -Odtb -o $(FVP_LINUX_DTB)
138
139boot-img: $(FVP_LINUX_DTB)
140
141.PHONY: carveout-dtb-clean
142carveout-dtb-clean:
143 rm -f $(FVP_LINUX_DTB)
144
145boot-img-clean: carveout-dtb-clean
Balint Dobszayc0b8fdf2022-06-02 14:41:54 +0200[diff] [blame]146endif
Gyorgy Szing08d69742023-04-05 07:30:08 +0000[diff] [blame]147
148ifeq ($(TS_FW_UPDATE),y)
149
150# TODO: the fwu-tool is currently not needed.
Gabor Toth22d70632023-11-09 19:05:17 +0100[diff] [blame]151$(eval $(call build-ts-host-app,fwu-tool,$(TS_HOST_UEFI_TEST_EXTRA_FLAGS)))
Gyorgy Szing08d69742023-04-05 07:30:08 +0000[diff] [blame]152
153ffa-fwu-sp: ts-host-fwu-tool
154
155# Copy the disk image used by FWU to the build directory to allow the FVP binary to find it.
156$(BINARIES_PATH)/secure-flash.img:
157 mkdir -p $(BINARIES_PATH)
158 cp $(ROOT)/trusted-services/components/media/disk/disk_images/multi_location_fw.img $(BINARIES_PATH)/secure-flash.img
159
160# Add a shortcut to help manually doing the copy.
161ffa-fwu-fash-img: $(BINARIES_PATH)/secure-flash.img
162
163ffa-fwu-sp: $(BINARIES_PATH)/secure-flash.img
164
165endif
166
167ffa-fwu-fash-img-clean:
168 rm -f $(BINARIES_PATH)/secure-flash.img
169
170clean: ffa-fwu-fash-img-clean
171
Balint Dobszay58b2bf92024-07-10 12:51:17 +0200[diff] [blame^]172clean: ts-host-all-clean ffa-test-all-clean ffa-sp-all-clean linux-arm-ffa-user-clean
Gyorgy Szing9715e9d2023-04-05 11:04:12 +0000[diff] [blame]173
Jelle Selsbb5a5362022-07-18 17:07:05 +0200[diff] [blame]174endif