1#
2# Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
3#
4# SPDX-License-Identifier: BSD-3-Clause
5#
6
7ifeq (${ARCH}, aarch64)
8  # On ARM standard platorms, the TSP can execute from Trusted SRAM, Trusted
9  # DRAM (if available) or the TZC secured area of DRAM.
10  # TZC secured DRAM is the default.
11
12  ARM_TSP_RAM_LOCATION	?=	dram
13
14  ifeq (${ARM_TSP_RAM_LOCATION}, tsram)
15    ARM_TSP_RAM_LOCATION_ID = ARM_TRUSTED_SRAM_ID
16  else ifeq (${ARM_TSP_RAM_LOCATION}, tdram)
17    ARM_TSP_RAM_LOCATION_ID = ARM_TRUSTED_DRAM_ID
18  else ifeq (${ARM_TSP_RAM_LOCATION}, dram)
19    ARM_TSP_RAM_LOCATION_ID = ARM_DRAM_ID
20  else
21    $(error "Unsupported ARM_TSP_RAM_LOCATION value")
22  endif
23
24  # Process flags
25  # Process ARM_BL31_IN_DRAM flag
26  ARM_BL31_IN_DRAM		:=	0
27  $(eval $(call assert_boolean,ARM_BL31_IN_DRAM))
28  $(eval $(call add_define,ARM_BL31_IN_DRAM))
29else
30  ARM_TSP_RAM_LOCATION_ID = ARM_TRUSTED_SRAM_ID
31endif
32
33$(eval $(call add_define,ARM_TSP_RAM_LOCATION_ID))
34
35
36# For the original power-state parameter format, the State-ID can be encoded
37# according to the recommended encoding or zero. This flag determines which
38# State-ID encoding to be parsed.
39ARM_RECOM_STATE_ID_ENC := 0
40
41# If the PSCI_EXTENDED_STATE_ID is set, then ARM_RECOM_STATE_ID_ENC need to
42# be set. Else throw a build error.
43ifeq (${PSCI_EXTENDED_STATE_ID}, 1)
44  ifeq (${ARM_RECOM_STATE_ID_ENC}, 0)
45    $(error Build option ARM_RECOM_STATE_ID_ENC needs to be set if \
46            PSCI_EXTENDED_STATE_ID is set for ARM platforms)
47  endif
48endif
49
50# Process ARM_RECOM_STATE_ID_ENC flag
51$(eval $(call assert_boolean,ARM_RECOM_STATE_ID_ENC))
52$(eval $(call add_define,ARM_RECOM_STATE_ID_ENC))
53
54# Process ARM_DISABLE_TRUSTED_WDOG flag
55# By default, Trusted Watchdog is always enabled unless SPIN_ON_BL1_EXIT is set
56ARM_DISABLE_TRUSTED_WDOG	:=	0
57ifeq (${SPIN_ON_BL1_EXIT}, 1)
58ARM_DISABLE_TRUSTED_WDOG	:=	1
59endif
60$(eval $(call assert_boolean,ARM_DISABLE_TRUSTED_WDOG))
61$(eval $(call add_define,ARM_DISABLE_TRUSTED_WDOG))
62
63# Process ARM_CONFIG_CNTACR
64ARM_CONFIG_CNTACR		:=	1
65$(eval $(call assert_boolean,ARM_CONFIG_CNTACR))
66$(eval $(call add_define,ARM_CONFIG_CNTACR))
67
68# Process ARM_BL31_IN_DRAM flag
69ARM_BL31_IN_DRAM		:=	0
70$(eval $(call assert_boolean,ARM_BL31_IN_DRAM))
71$(eval $(call add_define,ARM_BL31_IN_DRAM))
72
73# Process ARM_PLAT_MT flag
74ARM_PLAT_MT			:=	0
75$(eval $(call assert_boolean,ARM_PLAT_MT))
76$(eval $(call add_define,ARM_PLAT_MT))
77
78# Use translation tables library v2 by default
79ARM_XLAT_TABLES_LIB_V1		:=	0
80$(eval $(call assert_boolean,ARM_XLAT_TABLES_LIB_V1))
81$(eval $(call add_define,ARM_XLAT_TABLES_LIB_V1))
82
83# Don't have the Linux kernel as a BL33 image by default
84ARM_LINUX_KERNEL_AS_BL33	:=	0
85$(eval $(call assert_boolean,ARM_LINUX_KERNEL_AS_BL33))
86$(eval $(call add_define,ARM_LINUX_KERNEL_AS_BL33))
87
88ifeq (${ARM_LINUX_KERNEL_AS_BL33},1)
89  ifeq (${ARCH},aarch64)
90    ifneq (${RESET_TO_BL31},1)
91      $(error "ARM_LINUX_KERNEL_AS_BL33 is only available if RESET_TO_BL31=1.")
92    endif
93  else
94    ifneq (${RESET_TO_SP_MIN},1)
95      $(error "ARM_LINUX_KERNEL_AS_BL33 is only available if RESET_TO_SP_MIN=1.")
96    endif
97  endif
98  ifndef PRELOADED_BL33_BASE
99    $(error "PRELOADED_BL33_BASE must be set if ARM_LINUX_KERNEL_AS_BL33 is used.")
100  endif
101  ifndef ARM_PRELOADED_DTB_BASE
102    $(error "ARM_PRELOADED_DTB_BASE must be set if ARM_LINUX_KERNEL_AS_BL33 is used.")
103  endif
104  $(eval $(call add_define,ARM_PRELOADED_DTB_BASE))
105endif
106
107# Use an implementation of SHA-256 with a smaller memory footprint but reduced
108# speed.
109$(eval $(call add_define,MBEDTLS_SHA256_SMALLER))
110
111# Add the build options to pack Trusted OS Extra1 and Trusted OS Extra2 images
112# in the FIP if the platform requires.
113ifneq ($(BL32_EXTRA1),)
114$(eval $(call TOOL_ADD_IMG,bl32_extra1,--tos-fw-extra1))
115endif
116ifneq ($(BL32_EXTRA2),)
117$(eval $(call TOOL_ADD_IMG,bl32_extra2,--tos-fw-extra2))
118endif
119
120# Enable PSCI_STAT_COUNT/RESIDENCY APIs on ARM platforms
121ENABLE_PSCI_STAT		:=	1
122ENABLE_PMF			:=	1
123
124# Override the standard libc with optimised libc_asm
125OVERRIDE_LIBC			:=	1
126ifeq (${OVERRIDE_LIBC},1)
127    include lib/libc/libc_asm.mk
128endif
129
130# On ARM platforms, separate the code and read-only data sections to allow
131# mapping the former as executable and the latter as execute-never.
132SEPARATE_CODE_AND_RODATA	:=	1
133
134# On ARM platforms, disable SEPARATE_NOBITS_REGION by default. Both PROGBITS
135# and NOBITS sections of BL31 image are adjacent to each other and loaded
136# into Trusted SRAM.
137SEPARATE_NOBITS_REGION		:=	0
138
139# In order to support SEPARATE_NOBITS_REGION for Arm platforms, we need to load
140# BL31 PROGBITS into secure DRAM space and BL31 NOBITS into SRAM. Hence mandate
141# the build to require that ARM_BL31_IN_DRAM is enabled as well.
142ifeq ($(SEPARATE_NOBITS_REGION),1)
143    ifneq ($(ARM_BL31_IN_DRAM),1)
144         $(error For SEPARATE_NOBITS_REGION, ARM_BL31_IN_DRAM must be enabled)
145    endif
146    ifneq ($(RECLAIM_INIT_CODE),0)
147          $(error For SEPARATE_NOBITS_REGION, RECLAIM_INIT_CODE cannot be supported)
148    endif
149endif
150
151# Disable ARM Cryptocell by default
152ARM_CRYPTOCELL_INTEG		:=	0
153$(eval $(call assert_boolean,ARM_CRYPTOCELL_INTEG))
154$(eval $(call add_define,ARM_CRYPTOCELL_INTEG))
155
156# Enable PIE support for RESET_TO_BL31 case
157ifeq (${RESET_TO_BL31},1)
158    ENABLE_PIE			:=	1
159endif
160
161# CryptoCell integration relies on coherent buffers for passing data from
162# the AP CPU to the CryptoCell
163ifeq (${ARM_CRYPTOCELL_INTEG},1)
164    ifeq (${USE_COHERENT_MEM},0)
165        $(error "ARM_CRYPTOCELL_INTEG needs USE_COHERENT_MEM to be set.")
166    endif
167endif
168
169ifeq (${ARCH}, aarch64)
170PLAT_INCLUDES		+=	-Iinclude/plat/arm/common/aarch64
171endif
172
173PLAT_BL_COMMON_SOURCES	+=	plat/arm/common/${ARCH}/arm_helpers.S		\
174				plat/arm/common/arm_common.c			\
175				plat/arm/common/arm_console.c
176
177ifeq (${ARM_XLAT_TABLES_LIB_V1}, 1)
178PLAT_BL_COMMON_SOURCES	+=	lib/xlat_tables/xlat_tables_common.c		\
179				lib/xlat_tables/${ARCH}/xlat_tables.c
180else
181include lib/xlat_tables_v2/xlat_tables.mk
182
183PLAT_BL_COMMON_SOURCES	+=	${XLAT_TABLES_LIB_SRCS}
184endif
185
186ARM_IO_SOURCES		+=	plat/arm/common/arm_io_storage.c		\
187				plat/arm/common/fconf/arm_fconf_io.c
188ifeq (${SPD},spmd)
189    ifeq (${SPMD_SPM_AT_SEL2},1)
190         ARM_IO_SOURCES		+=	plat/arm/common/fconf/arm_fconf_sp.c
191    endif
192endif
193
194BL1_SOURCES		+=	drivers/io/io_fip.c				\
195				drivers/io/io_memmap.c				\
196				drivers/io/io_storage.c				\
197				plat/arm/common/arm_bl1_setup.c			\
198				plat/arm/common/arm_err.c			\
199				${ARM_IO_SOURCES}
200
201ifdef EL3_PAYLOAD_BASE
202# Need the plat_arm_program_trusted_mailbox() function to release secondary CPUs from
203# their holding pen
204BL1_SOURCES		+=	plat/arm/common/arm_pm.c
205endif
206
207BL2_SOURCES		+=	drivers/delay_timer/delay_timer.c		\
208				drivers/delay_timer/generic_delay_timer.c	\
209				drivers/io/io_fip.c				\
210				drivers/io/io_memmap.c				\
211				drivers/io/io_storage.c				\
212				plat/arm/common/arm_bl2_setup.c			\
213				plat/arm/common/arm_err.c			\
214				${ARM_IO_SOURCES}
215
216# Firmware Configuration Framework sources
217include lib/fconf/fconf.mk
218
219# Add `libfdt` and Arm common helpers required for Dynamic Config
220include lib/libfdt/libfdt.mk
221
222DYN_CFG_SOURCES		+=	plat/arm/common/arm_dyn_cfg.c		\
223				plat/arm/common/arm_dyn_cfg_helpers.c	\
224				common/fdt_wrappers.c
225
226BL1_SOURCES		+=	${DYN_CFG_SOURCES}
227BL2_SOURCES		+=	${DYN_CFG_SOURCES}
228
229ifeq (${BL2_AT_EL3},1)
230BL2_SOURCES		+=	plat/arm/common/arm_bl2_el3_setup.c
231endif
232
233# Because BL1/BL2 execute in AArch64 mode but BL32 in AArch32 we need to use
234# the AArch32 descriptors.
235ifeq (${JUNO_AARCH32_EL3_RUNTIME},1)
236BL2_SOURCES		+=	plat/arm/common/aarch32/arm_bl2_mem_params_desc.c
237else
238BL2_SOURCES		+=	plat/arm/common/${ARCH}/arm_bl2_mem_params_desc.c
239endif
240BL2_SOURCES		+=	plat/arm/common/arm_image_load.c		\
241				common/desc_image_load.c
242ifeq (${SPD},opteed)
243BL2_SOURCES		+=	lib/optee/optee_utils.c
244endif
245
246BL2U_SOURCES		+=	drivers/delay_timer/delay_timer.c		\
247				drivers/delay_timer/generic_delay_timer.c	\
248				plat/arm/common/arm_bl2u_setup.c
249
250BL31_SOURCES		+=	plat/arm/common/arm_bl31_setup.c		\
251				plat/arm/common/arm_pm.c			\
252				plat/arm/common/arm_topology.c			\
253				plat/common/plat_psci_common.c
254
255ifeq (${ENABLE_PMF}, 1)
256ifeq (${ARCH}, aarch64)
257BL31_SOURCES		+=	plat/arm/common/aarch64/execution_state_switch.c\
258				plat/arm/common/arm_sip_svc.c			\
259				lib/pmf/pmf_smc.c
260else
261BL32_SOURCES		+=	plat/arm/common/arm_sip_svc.c			\
262				lib/pmf/pmf_smc.c
263endif
264endif
265
266ifeq (${EL3_EXCEPTION_HANDLING},1)
267BL31_SOURCES		+=	plat/common/aarch64/plat_ehf.c
268endif
269
270ifeq (${SDEI_SUPPORT},1)
271BL31_SOURCES		+=	plat/arm/common/aarch64/arm_sdei.c
272ifeq (${SDEI_IN_FCONF},1)
273BL31_SOURCES		+=	plat/arm/common/fconf/fconf_sdei_getter.c
274endif
275endif
276
277# RAS sources
278ifeq (${RAS_EXTENSION},1)
279BL31_SOURCES		+=	lib/extensions/ras/std_err_record.c		\
280				lib/extensions/ras/ras_common.c
281endif
282
283# Pointer Authentication sources
284ifeq (${ENABLE_PAUTH}, 1)
285PLAT_BL_COMMON_SOURCES	+=	plat/arm/common/aarch64/arm_pauth.c	\
286				lib/extensions/pauth/pauth_helpers.S
287endif
288
289ifeq (${SPD},spmd)
290BL31_SOURCES		+=	plat/common/plat_spmd_manifest.c	\
291				common/fdt_wrappers.c			\
292				${LIBFDT_SRCS}
293
294endif
295
296ifneq (${TRUSTED_BOARD_BOOT},0)
297
298    # Include common TBB sources
299    AUTH_SOURCES	:=	drivers/auth/auth_mod.c				\
300				drivers/auth/crypto_mod.c			\
301				drivers/auth/img_parser_mod.c			\
302				lib/fconf/fconf_tbbr_getter.c
303
304    # Include the selected chain of trust sources.
305    ifeq (${COT},tbbr)
306	BL1_SOURCES     +=      drivers/auth/tbbr/tbbr_cot_common.c		\
307				drivers/auth/tbbr/tbbr_cot_bl1.c
308        ifneq (${COT_DESC_IN_DTB},0)
309            BL2_SOURCES	+=	lib/fconf/fconf_cot_getter.c
310        else
311            BL2_SOURCES	+=	drivers/auth/tbbr/tbbr_cot_common.c	\
312				drivers/auth/tbbr/tbbr_cot_bl2.c
313        endif
314    else ifeq (${COT},dualroot)
315        AUTH_SOURCES	+=	drivers/auth/dualroot/cot.c
316    else
317        $(error Unknown chain of trust ${COT})
318    endif
319
320    BL1_SOURCES		+=	${AUTH_SOURCES}					\
321				bl1/tbbr/tbbr_img_desc.c			\
322				plat/arm/common/arm_bl1_fwu.c			\
323				plat/common/tbbr/plat_tbbr.c
324
325    BL2_SOURCES		+=	${AUTH_SOURCES}					\
326				plat/common/tbbr/plat_tbbr.c
327
328    $(eval $(call TOOL_ADD_IMG,ns_bl2u,--fwu,FWU_))
329
330    # We expect to locate the *.mk files under the directories specified below
331ifeq (${ARM_CRYPTOCELL_INTEG},0)
332    CRYPTO_LIB_MK := drivers/auth/mbedtls/mbedtls_crypto.mk
333else
334    CRYPTO_LIB_MK := drivers/auth/cryptocell/cryptocell_crypto.mk
335endif
336    IMG_PARSER_LIB_MK := drivers/auth/mbedtls/mbedtls_x509.mk
337
338    $(info Including ${CRYPTO_LIB_MK})
339    include ${CRYPTO_LIB_MK}
340
341    $(info Including ${IMG_PARSER_LIB_MK})
342    include ${IMG_PARSER_LIB_MK}
343
344endif
345
346ifeq (${RECLAIM_INIT_CODE}, 1)
347    ifeq (${ARM_XLAT_TABLES_LIB_V1}, 1)
348        $(error "To reclaim init code xlat tables v2 must be used")
349    endif
350endif
351
352ifeq (${MEASURED_BOOT},1)
353    MEASURED_BOOT_MK := drivers/measured_boot/measured_boot.mk
354    $(info Including ${MEASURED_BOOT_MK})
355    include ${MEASURED_BOOT_MK}
356endif
357