1*54fd6939SJiyong Park# 2*54fd6939SJiyong Park# Copyright 2020 NXP 3*54fd6939SJiyong Park# 4*54fd6939SJiyong Park# SPDX-License-Identifier: BSD-3-Clause 5*54fd6939SJiyong Park# 6*54fd6939SJiyong Park 7*54fd6939SJiyong Park# For TRUSTED_BOARD_BOOT platforms need to include this makefile 8*54fd6939SJiyong Park# Following definations are to be provided by platform.mk file or 9*54fd6939SJiyong Park# by user - BL33_INPUT_FILE, BL32_INPUT_FILE, BL31_INPUT_FILE 10*54fd6939SJiyong Park 11*54fd6939SJiyong Parkifeq ($(CHASSIS), 2) 12*54fd6939SJiyong Parkinclude $(PLAT_DRIVERS_PATH)/csu/csu.mk 13*54fd6939SJiyong ParkCSF_FILE := input_blx_ch${CHASSIS} 14*54fd6939SJiyong ParkBL2_CSF_FILE := input_bl2_ch${CHASSIS} 15*54fd6939SJiyong Parkelse 16*54fd6939SJiyong Parkifeq ($(CHASSIS), 3_2) 17*54fd6939SJiyong ParkCSF_FILE := input_blx_ch3 18*54fd6939SJiyong ParkBL2_CSF_FILE := input_bl2_ch${CHASSIS} 19*54fd6939SJiyong ParkPBI_CSF_FILE := input_pbi_ch${CHASSIS} 20*54fd6939SJiyong Park$(eval $(call add_define, CSF_HDR_CH3)) 21*54fd6939SJiyong Parkelse 22*54fd6939SJiyong Park $(error -> CHASSIS not set!) 23*54fd6939SJiyong Parkendif 24*54fd6939SJiyong Parkendif 25*54fd6939SJiyong Park 26*54fd6939SJiyong ParkPLAT_AUTH_PATH := $(PLAT_DRIVERS_PATH)/auth 27*54fd6939SJiyong Park 28*54fd6939SJiyong Park 29*54fd6939SJiyong Parkifeq (${BL2_INPUT_FILE},) 30*54fd6939SJiyong Park BL2_INPUT_FILE := $(PLAT_AUTH_PATH)/csf_hdr_parser/${BL2_CSF_FILE} 31*54fd6939SJiyong Parkendif 32*54fd6939SJiyong Park 33*54fd6939SJiyong Parkifeq (${PBI_INPUT_FILE},) 34*54fd6939SJiyong Park PBI_INPUT_FILE := $(PLAT_AUTH_PATH)/csf_hdr_parser/${PBI_CSF_FILE} 35*54fd6939SJiyong Parkendif 36*54fd6939SJiyong Park 37*54fd6939SJiyong Park# If MBEDTLS_DIR is not specified, use CSF Header option 38*54fd6939SJiyong Parkifeq (${MBEDTLS_DIR},) 39*54fd6939SJiyong Park # Generic image processing filters to prepend CSF header 40*54fd6939SJiyong Park ifeq (${BL33_INPUT_FILE},) 41*54fd6939SJiyong Park BL33_INPUT_FILE := $(PLAT_AUTH_PATH)/csf_hdr_parser/${CSF_FILE} 42*54fd6939SJiyong Park endif 43*54fd6939SJiyong Park 44*54fd6939SJiyong Park ifeq (${BL31_INPUT_FILE},) 45*54fd6939SJiyong Park BL31_INPUT_FILE := $(PLAT_AUTH_PATH)/csf_hdr_parser/${CSF_FILE} 46*54fd6939SJiyong Park endif 47*54fd6939SJiyong Park 48*54fd6939SJiyong Park ifeq (${BL32_INPUT_FILE},) 49*54fd6939SJiyong Park BL32_INPUT_FILE := $(PLAT_AUTH_PATH)/csf_hdr_parser/${CSF_FILE} 50*54fd6939SJiyong Park endif 51*54fd6939SJiyong Park 52*54fd6939SJiyong Park ifeq (${FUSE_INPUT_FILE},) 53*54fd6939SJiyong Park FUSE_INPUT_FILE := $(PLAT_AUTH_PATH)/csf_hdr_parser/${CSF_FILE} 54*54fd6939SJiyong Park endif 55*54fd6939SJiyong Park 56*54fd6939SJiyong Park PLAT_INCLUDES += -I$(PLAT_DRIVERS_PATH)/sfp 57*54fd6939SJiyong Park PLAT_TBBR_SOURCES += $(PLAT_AUTH_PATH)/csf_hdr_parser/cot.c \ 58*54fd6939SJiyong Park $(PLAT_COMMON_PATH)/tbbr/csf_tbbr.c 59*54fd6939SJiyong Park # IMG PARSER here is CSF header parser 60*54fd6939SJiyong Park include $(PLAT_DRIVERS_PATH)/auth/csf_hdr_parser/csf_hdr.mk 61*54fd6939SJiyong Park PLAT_TBBR_SOURCES += $(CSF_HDR_SOURCES) 62*54fd6939SJiyong Park 63*54fd6939SJiyong Park SCP_BL2_PRE_TOOL_FILTER := CST_SCP_BL2 64*54fd6939SJiyong Park BL31_PRE_TOOL_FILTER := CST_BL31 65*54fd6939SJiyong Park BL32_PRE_TOOL_FILTER := CST_BL32 66*54fd6939SJiyong Park BL33_PRE_TOOL_FILTER := CST_BL33 67*54fd6939SJiyong Parkelse 68*54fd6939SJiyong Park 69*54fd6939SJiyong Park ifeq (${DISABLE_FUSE_WRITE}, 1) 70*54fd6939SJiyong Park $(eval $(call add_define,DISABLE_FUSE_WRITE)) 71*54fd6939SJiyong Park endif 72*54fd6939SJiyong Park 73*54fd6939SJiyong Park # For Mbedtls currently crypto is not supported via CAAM 74*54fd6939SJiyong Park # enable it when that support is there 75*54fd6939SJiyong Park CAAM_INTEG := 0 76*54fd6939SJiyong Park KEY_ALG := rsa 77*54fd6939SJiyong Park KEY_SIZE := 2048 78*54fd6939SJiyong Park 79*54fd6939SJiyong Park $(eval $(call add_define,MBEDTLS_X509)) 80*54fd6939SJiyong Park ifeq (${PLAT_DDR_PHY},PHY_GEN2) 81*54fd6939SJiyong Park $(eval $(call add_define,PLAT_DEF_OID)) 82*54fd6939SJiyong Park endif 83*54fd6939SJiyong Park include drivers/auth/mbedtls/mbedtls_x509.mk 84*54fd6939SJiyong Park 85*54fd6939SJiyong Park 86*54fd6939SJiyong Park PLAT_TBBR_SOURCES += $(PLAT_AUTH_PATH)/tbbr/tbbr_cot.c \ 87*54fd6939SJiyong Park $(PLAT_COMMON_PATH)/tbbr/nxp_rotpk.S \ 88*54fd6939SJiyong Park $(PLAT_COMMON_PATH)/tbbr/x509_tbbr.c 89*54fd6939SJiyong Park 90*54fd6939SJiyong Park #ROTPK key is embedded in BL2 image 91*54fd6939SJiyong Park ifeq (${ROT_KEY},) 92*54fd6939SJiyong Park ROT_KEY = $(BUILD_PLAT)/rot_key.pem 93*54fd6939SJiyong Park endif 94*54fd6939SJiyong Park 95*54fd6939SJiyong Park ifeq (${SAVE_KEYS},1) 96*54fd6939SJiyong Park 97*54fd6939SJiyong Park ifeq (${TRUSTED_WORLD_KEY},) 98*54fd6939SJiyong Park TRUSTED_WORLD_KEY = ${BUILD_PLAT}/trusted.pem 99*54fd6939SJiyong Park endif 100*54fd6939SJiyong Park 101*54fd6939SJiyong Park ifeq (${NON_TRUSTED_WORLD_KEY},) 102*54fd6939SJiyong Park NON_TRUSTED_WORLD_KEY = ${BUILD_PLAT}/non-trusted.pem 103*54fd6939SJiyong Park endif 104*54fd6939SJiyong Park 105*54fd6939SJiyong Park ifeq (${BL31_KEY},) 106*54fd6939SJiyong Park BL31_KEY = ${BUILD_PLAT}/soc.pem 107*54fd6939SJiyong Park endif 108*54fd6939SJiyong Park 109*54fd6939SJiyong Park ifeq (${BL32_KEY},) 110*54fd6939SJiyong Park BL32_KEY = ${BUILD_PLAT}/trusted_os.pem 111*54fd6939SJiyong Park endif 112*54fd6939SJiyong Park 113*54fd6939SJiyong Park ifeq (${BL33_KEY},) 114*54fd6939SJiyong Park BL33_KEY = ${BUILD_PLAT}/non-trusted_os.pem 115*54fd6939SJiyong Park endif 116*54fd6939SJiyong Park 117*54fd6939SJiyong Park endif 118*54fd6939SJiyong Park 119*54fd6939SJiyong Park ROTPK_HASH = $(BUILD_PLAT)/rotpk_sha256.bin 120*54fd6939SJiyong Park 121*54fd6939SJiyong Park $(eval $(call add_define_val,ROTPK_HASH,'"$(ROTPK_HASH)"')) 122*54fd6939SJiyong Park 123*54fd6939SJiyong Park $(BUILD_PLAT)/bl2/nxp_rotpk.o: $(ROTPK_HASH) 124*54fd6939SJiyong Park 125*54fd6939SJiyong Park certificates: $(ROT_KEY) 126*54fd6939SJiyong Park $(ROT_KEY): | $(BUILD_PLAT) 127*54fd6939SJiyong Park @echo " OPENSSL $@" 128*54fd6939SJiyong Park @if [ ! -f $(ROT_KEY) ]; then \ 129*54fd6939SJiyong Park openssl genrsa 2048 > $@ 2>/dev/null; \ 130*54fd6939SJiyong Park fi 131*54fd6939SJiyong Park 132*54fd6939SJiyong Park $(ROTPK_HASH): $(ROT_KEY) 133*54fd6939SJiyong Park @echo " OPENSSL $@" 134*54fd6939SJiyong Park $(Q)openssl rsa -in $< -pubout -outform DER 2>/dev/null |\ 135*54fd6939SJiyong Park openssl dgst -sha256 -binary > $@ 2>/dev/null 136*54fd6939SJiyong Park 137*54fd6939SJiyong Parkendif #MBEDTLS_DIR 138*54fd6939SJiyong Park 139*54fd6939SJiyong ParkPLAT_INCLUDES += -Iinclude/common/tbbr 140*54fd6939SJiyong Park 141*54fd6939SJiyong Park# Generic files for authentication framework 142*54fd6939SJiyong ParkTBBR_SOURCES += drivers/auth/auth_mod.c \ 143*54fd6939SJiyong Park drivers/auth/crypto_mod.c \ 144*54fd6939SJiyong Park drivers/auth/img_parser_mod.c \ 145*54fd6939SJiyong Park plat/common/tbbr/plat_tbbr.c \ 146*54fd6939SJiyong Park ${PLAT_TBBR_SOURCES} 147*54fd6939SJiyong Park 148*54fd6939SJiyong Park# If CAAM_INTEG is not defined (would be scenario with MBED TLS) 149*54fd6939SJiyong Park# include mbedtls_crypto 150*54fd6939SJiyong Parkifeq (${CAAM_INTEG},0) 151*54fd6939SJiyong Park include drivers/auth/mbedtls/mbedtls_crypto.mk 152*54fd6939SJiyong Parkelse 153*54fd6939SJiyong Park include $(PLAT_DRIVERS_PATH)/crypto/caam/src/auth/auth.mk 154*54fd6939SJiyong Park TBBR_SOURCES += ${AUTH_SOURCES} 155*54fd6939SJiyong Parkendif 156