1# 2# Copyright (c) 2013-2024, Arm Limited and Contributors. All rights reserved. 3# 4# SPDX-License-Identifier: BSD-3-Clause 5# 6 7include lib/libfdt/libfdt.mk 8include lib/xlat_tables_v2/xlat_tables.mk 9 10PLAT_INCLUDES := -Iplat/rpi/common/include \ 11 -Iplat/rpi/rpi3/include 12 13PLAT_BL_COMMON_SOURCES := drivers/ti/uart/aarch64/16550_console.S \ 14 drivers/arm/pl011/aarch64/pl011_console.S \ 15 drivers/gpio/gpio.c \ 16 drivers/delay_timer/delay_timer.c \ 17 drivers/rpi3/gpio/rpi3_gpio.c \ 18 plat/rpi/common/aarch64/plat_helpers.S \ 19 plat/rpi/common/rpi3_common.c \ 20 plat/rpi/common/rpi3_console_dual.c \ 21 ${XLAT_TABLES_LIB_SRCS} 22 23BL1_SOURCES += drivers/io/io_fip.c \ 24 drivers/io/io_memmap.c \ 25 drivers/io/io_storage.c \ 26 lib/cpus/aarch64/cortex_a53.S \ 27 plat/common/aarch64/platform_mp_stack.S \ 28 plat/rpi/rpi3/rpi3_bl1_setup.c \ 29 plat/rpi/common/rpi3_io_storage.c \ 30 drivers/rpi3/mailbox/rpi3_mbox.c \ 31 plat/rpi/rpi3/rpi_mbox_board.c 32 33BL2_SOURCES += common/desc_image_load.c \ 34 drivers/io/io_fip.c \ 35 drivers/io/io_memmap.c \ 36 drivers/io/io_storage.c \ 37 drivers/delay_timer/generic_delay_timer.c \ 38 drivers/io/io_block.c \ 39 drivers/mmc/mmc.c \ 40 drivers/rpi3/sdhost/rpi3_sdhost.c \ 41 plat/common/aarch64/platform_mp_stack.S \ 42 plat/rpi/rpi3/aarch64/rpi3_bl2_mem_params_desc.c \ 43 plat/rpi/rpi3/rpi3_bl2_setup.c \ 44 plat/rpi/common/rpi3_image_load.c \ 45 plat/rpi/common/rpi3_io_storage.c 46 47BL31_SOURCES += lib/cpus/aarch64/cortex_a53.S \ 48 plat/common/plat_gicv2.c \ 49 plat/common/plat_psci_common.c \ 50 plat/rpi/rpi3/rpi3_bl31_setup.c \ 51 plat/rpi/common/rpi3_pm.c \ 52 plat/rpi/common/rpi3_topology.c \ 53 ${LIBFDT_SRCS} 54 55# Tune compiler for Cortex-A53 56ifeq ($($(ARCH)-cc-id),arm-clang) 57 TF_CFLAGS_aarch64 += -mcpu=cortex-a53 58else ifneq ($(filter %-clang,$($(ARCH)-cc-id)),) 59 TF_CFLAGS_aarch64 += -mcpu=cortex-a53 60else 61 TF_CFLAGS_aarch64 += -mtune=cortex-a53 62endif 63 64# Platform Makefile target 65# ------------------------ 66 67RPI3_BL1_PAD_BIN := ${BUILD_PLAT}/bl1_pad.bin 68RPI3_ARMSTUB8_BIN := ${BUILD_PLAT}/armstub8.bin 69 70# Add new default target when compiling this platform 71all: armstub 72 73# This target concatenates BL1 and the FIP so that the base addresses match the 74# ones defined in the memory map 75armstub: bl1 fip 76 @echo " CAT $@" 77 ${Q}cp ${BUILD_PLAT}/bl1.bin ${RPI3_BL1_PAD_BIN} 78 ${Q}truncate --size=131072 ${RPI3_BL1_PAD_BIN} 79 ${Q}cat ${RPI3_BL1_PAD_BIN} ${BUILD_PLAT}/fip.bin > ${RPI3_ARMSTUB8_BIN} 80 @${ECHO_BLANK_LINE} 81 @echo "Built $@ successfully" 82 @${ECHO_BLANK_LINE} 83 84# Build config flags 85# ------------------ 86 87# Enable all errata workarounds for Cortex-A53 88ERRATA_A53_826319 := 1 89ERRATA_A53_835769 := 1 90ERRATA_A53_836870 := 1 91ERRATA_A53_843419 := 1 92ERRATA_A53_855873 := 1 93 94WORKAROUND_CVE_2017_5715 := 0 95 96# Disable stack protector by default 97ENABLE_STACK_PROTECTOR := 0 98 99# Reset to BL31 isn't supported 100RESET_TO_BL31 := 0 101 102# Have different sections for code and rodata 103SEPARATE_CODE_AND_RODATA := 1 104 105# Use Coherent memory 106USE_COHERENT_MEM := 1 107 108# Platform build flags 109# -------------------- 110 111# BL33 images are in AArch64 by default 112RPI3_BL33_IN_AARCH32 := 0 113 114# Assume that BL33 isn't the Linux kernel by default 115RPI3_DIRECT_LINUX_BOOT := 0 116 117# UART to use at runtime. -1 means the runtime UART is disabled. 118# Any other value means the default UART will be used. 119RPI3_RUNTIME_UART := -1 120 121# Use normal memory mapping for ROM, FIP, SRAM and DRAM 122RPI3_USE_UEFI_MAP := 0 123 124# BL32 location 125RPI3_BL32_RAM_LOCATION := tdram 126ifeq (${RPI3_BL32_RAM_LOCATION}, tsram) 127 RPI3_BL32_RAM_LOCATION_ID = SEC_SRAM_ID 128else ifeq (${RPI3_BL32_RAM_LOCATION}, tdram) 129 RPI3_BL32_RAM_LOCATION_ID = SEC_DRAM_ID 130else 131 $(error "Unsupported RPI3_BL32_RAM_LOCATION value") 132endif 133 134# Process platform flags 135# ---------------------- 136 137$(eval $(call add_define,RPI3_BL32_RAM_LOCATION_ID)) 138$(eval $(call add_define,RPI3_BL33_IN_AARCH32)) 139$(eval $(call add_define,RPI3_DIRECT_LINUX_BOOT)) 140ifdef RPI3_PRELOADED_DTB_BASE 141$(eval $(call add_define,RPI3_PRELOADED_DTB_BASE)) 142endif 143$(eval $(call add_define,RPI3_RUNTIME_UART)) 144$(eval $(call add_define,RPI3_USE_UEFI_MAP)) 145 146# Verify build config 147# ------------------- 148# 149ifneq (${RPI3_DIRECT_LINUX_BOOT}, 0) 150 ifndef RPI3_PRELOADED_DTB_BASE 151 $(error Error: RPI3_PRELOADED_DTB_BASE needed if RPI3_DIRECT_LINUX_BOOT=1) 152 endif 153endif 154 155ifneq (${RESET_TO_BL31}, 0) 156 $(error Error: rpi3 needs RESET_TO_BL31=0) 157endif 158 159ifeq (${ARCH},aarch32) 160 $(error Error: AArch32 not supported on rpi3) 161endif 162 163ifneq ($(ENABLE_STACK_PROTECTOR), 0) 164PLAT_BL_COMMON_SOURCES += drivers/rpi3/rng/rpi3_rng.c \ 165 plat/rpi/common/rpi3_stack_protector.c 166endif 167 168ifeq (${SPD},opteed) 169BL2_SOURCES += \ 170 lib/optee/optee_utils.c 171endif 172 173# Add the build options to pack Trusted OS Extra1 and Trusted OS Extra2 images 174# in the FIP if the platform requires. 175ifneq ($(BL32_EXTRA1),) 176$(eval $(call TOOL_ADD_IMG,BL32_EXTRA1,--tos-fw-extra1)) 177endif 178ifneq ($(BL32_EXTRA2),) 179$(eval $(call TOOL_ADD_IMG,BL32_EXTRA2,--tos-fw-extra2)) 180endif 181 182ifneq (${TRUSTED_BOARD_BOOT},0) 183 184 include drivers/auth/mbedtls/mbedtls_crypto.mk 185 include drivers/auth/mbedtls/mbedtls_x509.mk 186 187 AUTH_SOURCES := drivers/auth/auth_mod.c \ 188 drivers/auth/crypto_mod.c \ 189 drivers/auth/img_parser_mod.c \ 190 drivers/auth/tbbr/tbbr_cot_common.c 191 192 BL1_SOURCES += ${AUTH_SOURCES} \ 193 bl1/tbbr/tbbr_img_desc.c \ 194 plat/common/tbbr/plat_tbbr.c \ 195 plat/rpi/common/rpi3_trusted_boot.c \ 196 plat/rpi/common/rpi3_rotpk.S \ 197 drivers/auth/tbbr/tbbr_cot_bl1.c 198 199 BL2_SOURCES += ${AUTH_SOURCES} \ 200 plat/common/tbbr/plat_tbbr.c \ 201 plat/rpi/common/rpi3_trusted_boot.c \ 202 plat/rpi/common/rpi3_rotpk.S \ 203 drivers/auth/tbbr/tbbr_cot_bl2.c 204 205 ROT_KEY = $(BUILD_PLAT)/rot_key.pem 206 ROTPK_HASH = $(BUILD_PLAT)/rotpk_sha256.bin 207 208 $(eval $(call add_define_val,ROTPK_HASH,'"$(ROTPK_HASH)"')) 209 210 $(BUILD_PLAT)/bl1/rpi3_rotpk.o: $(ROTPK_HASH) 211 $(BUILD_PLAT)/bl2/rpi3_rotpk.o: $(ROTPK_HASH) 212 213 certificates: $(ROT_KEY) 214 215 $(ROT_KEY): | $(BUILD_PLAT) 216 @echo " OPENSSL $@" 217 $(Q)${OPENSSL_BIN_PATH}/openssl genrsa 2048 > $@ 2>/dev/null 218 219 $(ROTPK_HASH): $(ROT_KEY) 220 @echo " OPENSSL $@" 221 $(Q)${OPENSSL_BIN_PATH}/openssl rsa -in $< -pubout -outform DER 2>/dev/null |\ 222 ${OPENSSL_BIN_PATH}/openssl dgst -sha256 -binary > $@ 2>/dev/null 223endif 224