1*54fd6939SJiyong Park# 2*54fd6939SJiyong Park# Copyright (c) 2013-2020, ARM Limited and Contributors. All rights reserved. 3*54fd6939SJiyong Park# 4*54fd6939SJiyong Park# SPDX-License-Identifier: BSD-3-Clause 5*54fd6939SJiyong Park# 6*54fd6939SJiyong Park 7*54fd6939SJiyong Parkinclude lib/libfdt/libfdt.mk 8*54fd6939SJiyong Parkinclude lib/xlat_tables_v2/xlat_tables.mk 9*54fd6939SJiyong Park 10*54fd6939SJiyong ParkPLAT_INCLUDES := -Iplat/rpi/common/include \ 11*54fd6939SJiyong Park -Iplat/rpi/rpi3/include 12*54fd6939SJiyong Park 13*54fd6939SJiyong ParkPLAT_BL_COMMON_SOURCES := drivers/ti/uart/aarch64/16550_console.S \ 14*54fd6939SJiyong Park drivers/arm/pl011/aarch64/pl011_console.S \ 15*54fd6939SJiyong Park drivers/gpio/gpio.c \ 16*54fd6939SJiyong Park drivers/delay_timer/delay_timer.c \ 17*54fd6939SJiyong Park drivers/rpi3/gpio/rpi3_gpio.c \ 18*54fd6939SJiyong Park plat/rpi/common/aarch64/plat_helpers.S \ 19*54fd6939SJiyong Park plat/rpi/common/rpi3_common.c \ 20*54fd6939SJiyong Park ${XLAT_TABLES_LIB_SRCS} 21*54fd6939SJiyong Park 22*54fd6939SJiyong ParkBL1_SOURCES += drivers/io/io_fip.c \ 23*54fd6939SJiyong Park drivers/io/io_memmap.c \ 24*54fd6939SJiyong Park drivers/io/io_storage.c \ 25*54fd6939SJiyong Park lib/cpus/aarch64/cortex_a53.S \ 26*54fd6939SJiyong Park plat/common/aarch64/platform_mp_stack.S \ 27*54fd6939SJiyong Park plat/rpi/rpi3/rpi3_bl1_setup.c \ 28*54fd6939SJiyong Park plat/rpi/common/rpi3_io_storage.c \ 29*54fd6939SJiyong Park drivers/rpi3/mailbox/rpi3_mbox.c \ 30*54fd6939SJiyong Park plat/rpi/rpi3/rpi_mbox_board.c 31*54fd6939SJiyong Park 32*54fd6939SJiyong ParkBL2_SOURCES += common/desc_image_load.c \ 33*54fd6939SJiyong Park drivers/io/io_fip.c \ 34*54fd6939SJiyong Park drivers/io/io_memmap.c \ 35*54fd6939SJiyong Park drivers/io/io_storage.c \ 36*54fd6939SJiyong Park drivers/delay_timer/generic_delay_timer.c \ 37*54fd6939SJiyong Park drivers/io/io_block.c \ 38*54fd6939SJiyong Park drivers/mmc/mmc.c \ 39*54fd6939SJiyong Park drivers/rpi3/sdhost/rpi3_sdhost.c \ 40*54fd6939SJiyong Park plat/common/aarch64/platform_mp_stack.S \ 41*54fd6939SJiyong Park plat/rpi/rpi3/aarch64/rpi3_bl2_mem_params_desc.c \ 42*54fd6939SJiyong Park plat/rpi/rpi3/rpi3_bl2_setup.c \ 43*54fd6939SJiyong Park plat/rpi/common/rpi3_image_load.c \ 44*54fd6939SJiyong Park plat/rpi/common/rpi3_io_storage.c 45*54fd6939SJiyong Park 46*54fd6939SJiyong ParkBL31_SOURCES += lib/cpus/aarch64/cortex_a53.S \ 47*54fd6939SJiyong Park plat/common/plat_psci_common.c \ 48*54fd6939SJiyong Park plat/rpi/rpi3/rpi3_bl31_setup.c \ 49*54fd6939SJiyong Park plat/rpi/common/rpi3_pm.c \ 50*54fd6939SJiyong Park plat/rpi/common/rpi3_topology.c \ 51*54fd6939SJiyong Park ${LIBFDT_SRCS} 52*54fd6939SJiyong Park 53*54fd6939SJiyong Park# Tune compiler for Cortex-A53 54*54fd6939SJiyong Parkifeq ($(notdir $(CC)),armclang) 55*54fd6939SJiyong Park TF_CFLAGS_aarch64 += -mcpu=cortex-a53 56*54fd6939SJiyong Parkelse ifneq ($(findstring clang,$(notdir $(CC))),) 57*54fd6939SJiyong Park TF_CFLAGS_aarch64 += -mcpu=cortex-a53 58*54fd6939SJiyong Parkelse 59*54fd6939SJiyong Park TF_CFLAGS_aarch64 += -mtune=cortex-a53 60*54fd6939SJiyong Parkendif 61*54fd6939SJiyong Park 62*54fd6939SJiyong Park# Platform Makefile target 63*54fd6939SJiyong Park# ------------------------ 64*54fd6939SJiyong Park 65*54fd6939SJiyong ParkRPI3_BL1_PAD_BIN := ${BUILD_PLAT}/bl1_pad.bin 66*54fd6939SJiyong ParkRPI3_ARMSTUB8_BIN := ${BUILD_PLAT}/armstub8.bin 67*54fd6939SJiyong Park 68*54fd6939SJiyong Park# Add new default target when compiling this platform 69*54fd6939SJiyong Parkall: armstub 70*54fd6939SJiyong Park 71*54fd6939SJiyong Park# This target concatenates BL1 and the FIP so that the base addresses match the 72*54fd6939SJiyong Park# ones defined in the memory map 73*54fd6939SJiyong Parkarmstub: bl1 fip 74*54fd6939SJiyong Park @echo " CAT $@" 75*54fd6939SJiyong Park ${Q}cp ${BUILD_PLAT}/bl1.bin ${RPI3_BL1_PAD_BIN} 76*54fd6939SJiyong Park ${Q}truncate --size=131072 ${RPI3_BL1_PAD_BIN} 77*54fd6939SJiyong Park ${Q}cat ${RPI3_BL1_PAD_BIN} ${BUILD_PLAT}/fip.bin > ${RPI3_ARMSTUB8_BIN} 78*54fd6939SJiyong Park @${ECHO_BLANK_LINE} 79*54fd6939SJiyong Park @echo "Built $@ successfully" 80*54fd6939SJiyong Park @${ECHO_BLANK_LINE} 81*54fd6939SJiyong Park 82*54fd6939SJiyong Park# Build config flags 83*54fd6939SJiyong Park# ------------------ 84*54fd6939SJiyong Park 85*54fd6939SJiyong Park# Enable all errata workarounds for Cortex-A53 86*54fd6939SJiyong ParkERRATA_A53_826319 := 1 87*54fd6939SJiyong ParkERRATA_A53_835769 := 1 88*54fd6939SJiyong ParkERRATA_A53_836870 := 1 89*54fd6939SJiyong ParkERRATA_A53_843419 := 1 90*54fd6939SJiyong ParkERRATA_A53_855873 := 1 91*54fd6939SJiyong Park 92*54fd6939SJiyong ParkWORKAROUND_CVE_2017_5715 := 0 93*54fd6939SJiyong Park 94*54fd6939SJiyong Park# Disable stack protector by default 95*54fd6939SJiyong ParkENABLE_STACK_PROTECTOR := 0 96*54fd6939SJiyong Park 97*54fd6939SJiyong Park# Reset to BL31 isn't supported 98*54fd6939SJiyong ParkRESET_TO_BL31 := 0 99*54fd6939SJiyong Park 100*54fd6939SJiyong Park# Have different sections for code and rodata 101*54fd6939SJiyong ParkSEPARATE_CODE_AND_RODATA := 1 102*54fd6939SJiyong Park 103*54fd6939SJiyong Park# Use Coherent memory 104*54fd6939SJiyong ParkUSE_COHERENT_MEM := 1 105*54fd6939SJiyong Park 106*54fd6939SJiyong Park# Platform build flags 107*54fd6939SJiyong Park# -------------------- 108*54fd6939SJiyong Park 109*54fd6939SJiyong Park# BL33 images are in AArch64 by default 110*54fd6939SJiyong ParkRPI3_BL33_IN_AARCH32 := 0 111*54fd6939SJiyong Park 112*54fd6939SJiyong Park# Assume that BL33 isn't the Linux kernel by default 113*54fd6939SJiyong ParkRPI3_DIRECT_LINUX_BOOT := 0 114*54fd6939SJiyong Park 115*54fd6939SJiyong Park# UART to use at runtime. -1 means the runtime UART is disabled. 116*54fd6939SJiyong Park# Any other value means the default UART will be used. 117*54fd6939SJiyong ParkRPI3_RUNTIME_UART := -1 118*54fd6939SJiyong Park 119*54fd6939SJiyong Park# Use normal memory mapping for ROM, FIP, SRAM and DRAM 120*54fd6939SJiyong ParkRPI3_USE_UEFI_MAP := 0 121*54fd6939SJiyong Park 122*54fd6939SJiyong Park# BL32 location 123*54fd6939SJiyong ParkRPI3_BL32_RAM_LOCATION := tdram 124*54fd6939SJiyong Parkifeq (${RPI3_BL32_RAM_LOCATION}, tsram) 125*54fd6939SJiyong Park RPI3_BL32_RAM_LOCATION_ID = SEC_SRAM_ID 126*54fd6939SJiyong Parkelse ifeq (${RPI3_BL32_RAM_LOCATION}, tdram) 127*54fd6939SJiyong Park RPI3_BL32_RAM_LOCATION_ID = SEC_DRAM_ID 128*54fd6939SJiyong Parkelse 129*54fd6939SJiyong Park $(error "Unsupported RPI3_BL32_RAM_LOCATION value") 130*54fd6939SJiyong Parkendif 131*54fd6939SJiyong Park 132*54fd6939SJiyong Park# Process platform flags 133*54fd6939SJiyong Park# ---------------------- 134*54fd6939SJiyong Park 135*54fd6939SJiyong Park$(eval $(call add_define,RPI3_BL32_RAM_LOCATION_ID)) 136*54fd6939SJiyong Park$(eval $(call add_define,RPI3_BL33_IN_AARCH32)) 137*54fd6939SJiyong Park$(eval $(call add_define,RPI3_DIRECT_LINUX_BOOT)) 138*54fd6939SJiyong Parkifdef RPI3_PRELOADED_DTB_BASE 139*54fd6939SJiyong Park$(eval $(call add_define,RPI3_PRELOADED_DTB_BASE)) 140*54fd6939SJiyong Parkendif 141*54fd6939SJiyong Park$(eval $(call add_define,RPI3_RUNTIME_UART)) 142*54fd6939SJiyong Park$(eval $(call add_define,RPI3_USE_UEFI_MAP)) 143*54fd6939SJiyong Park 144*54fd6939SJiyong Park# Verify build config 145*54fd6939SJiyong Park# ------------------- 146*54fd6939SJiyong Park# 147*54fd6939SJiyong Parkifneq (${RPI3_DIRECT_LINUX_BOOT}, 0) 148*54fd6939SJiyong Park ifndef RPI3_PRELOADED_DTB_BASE 149*54fd6939SJiyong Park $(error Error: RPI3_PRELOADED_DTB_BASE needed if RPI3_DIRECT_LINUX_BOOT=1) 150*54fd6939SJiyong Park endif 151*54fd6939SJiyong Parkendif 152*54fd6939SJiyong Park 153*54fd6939SJiyong Parkifneq (${RESET_TO_BL31}, 0) 154*54fd6939SJiyong Park $(error Error: rpi3 needs RESET_TO_BL31=0) 155*54fd6939SJiyong Parkendif 156*54fd6939SJiyong Park 157*54fd6939SJiyong Parkifeq (${ARCH},aarch32) 158*54fd6939SJiyong Park $(error Error: AArch32 not supported on rpi3) 159*54fd6939SJiyong Parkendif 160*54fd6939SJiyong Park 161*54fd6939SJiyong Parkifneq ($(ENABLE_STACK_PROTECTOR), 0) 162*54fd6939SJiyong ParkPLAT_BL_COMMON_SOURCES += drivers/rpi3/rng/rpi3_rng.c \ 163*54fd6939SJiyong Park plat/rpi/common/rpi3_stack_protector.c 164*54fd6939SJiyong Parkendif 165*54fd6939SJiyong Park 166*54fd6939SJiyong Parkifeq (${SPD},opteed) 167*54fd6939SJiyong ParkBL2_SOURCES += \ 168*54fd6939SJiyong Park lib/optee/optee_utils.c 169*54fd6939SJiyong Parkendif 170*54fd6939SJiyong Park 171*54fd6939SJiyong Park# Add the build options to pack Trusted OS Extra1 and Trusted OS Extra2 images 172*54fd6939SJiyong Park# in the FIP if the platform requires. 173*54fd6939SJiyong Parkifneq ($(BL32_EXTRA1),) 174*54fd6939SJiyong Park$(eval $(call TOOL_ADD_IMG,BL32_EXTRA1,--tos-fw-extra1)) 175*54fd6939SJiyong Parkendif 176*54fd6939SJiyong Parkifneq ($(BL32_EXTRA2),) 177*54fd6939SJiyong Park$(eval $(call TOOL_ADD_IMG,BL32_EXTRA2,--tos-fw-extra2)) 178*54fd6939SJiyong Parkendif 179*54fd6939SJiyong Park 180*54fd6939SJiyong Parkifneq (${TRUSTED_BOARD_BOOT},0) 181*54fd6939SJiyong Park 182*54fd6939SJiyong Park include drivers/auth/mbedtls/mbedtls_crypto.mk 183*54fd6939SJiyong Park include drivers/auth/mbedtls/mbedtls_x509.mk 184*54fd6939SJiyong Park 185*54fd6939SJiyong Park AUTH_SOURCES := drivers/auth/auth_mod.c \ 186*54fd6939SJiyong Park drivers/auth/crypto_mod.c \ 187*54fd6939SJiyong Park drivers/auth/img_parser_mod.c \ 188*54fd6939SJiyong Park drivers/auth/tbbr/tbbr_cot_common.c 189*54fd6939SJiyong Park 190*54fd6939SJiyong Park BL1_SOURCES += ${AUTH_SOURCES} \ 191*54fd6939SJiyong Park bl1/tbbr/tbbr_img_desc.c \ 192*54fd6939SJiyong Park plat/common/tbbr/plat_tbbr.c \ 193*54fd6939SJiyong Park plat/rpi/common/rpi3_trusted_boot.c \ 194*54fd6939SJiyong Park plat/rpi/common/rpi3_rotpk.S \ 195*54fd6939SJiyong Park drivers/auth/tbbr/tbbr_cot_bl1.c 196*54fd6939SJiyong Park 197*54fd6939SJiyong Park BL2_SOURCES += ${AUTH_SOURCES} \ 198*54fd6939SJiyong Park plat/common/tbbr/plat_tbbr.c \ 199*54fd6939SJiyong Park plat/rpi/common/rpi3_trusted_boot.c \ 200*54fd6939SJiyong Park plat/rpi/common/rpi3_rotpk.S \ 201*54fd6939SJiyong Park drivers/auth/tbbr/tbbr_cot_bl2.c 202*54fd6939SJiyong Park 203*54fd6939SJiyong Park ROT_KEY = $(BUILD_PLAT)/rot_key.pem 204*54fd6939SJiyong Park ROTPK_HASH = $(BUILD_PLAT)/rotpk_sha256.bin 205*54fd6939SJiyong Park 206*54fd6939SJiyong Park $(eval $(call add_define_val,ROTPK_HASH,'"$(ROTPK_HASH)"')) 207*54fd6939SJiyong Park 208*54fd6939SJiyong Park $(BUILD_PLAT)/bl1/rpi3_rotpk.o: $(ROTPK_HASH) 209*54fd6939SJiyong Park $(BUILD_PLAT)/bl2/rpi3_rotpk.o: $(ROTPK_HASH) 210*54fd6939SJiyong Park 211*54fd6939SJiyong Park certificates: $(ROT_KEY) 212*54fd6939SJiyong Park 213*54fd6939SJiyong Park $(ROT_KEY): | $(BUILD_PLAT) 214*54fd6939SJiyong Park @echo " OPENSSL $@" 215*54fd6939SJiyong Park $(Q)openssl genrsa 2048 > $@ 2>/dev/null 216*54fd6939SJiyong Park 217*54fd6939SJiyong Park $(ROTPK_HASH): $(ROT_KEY) 218*54fd6939SJiyong Park @echo " OPENSSL $@" 219*54fd6939SJiyong Park $(Q)openssl rsa -in $< -pubout -outform DER 2>/dev/null |\ 220*54fd6939SJiyong Park openssl dgst -sha256 -binary > $@ 2>/dev/null 221*54fd6939SJiyong Parkendif 222