1#
2# Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
3#
4# SPDX-License-Identifier: BSD-3-Clause
5#
6
7PLAT_BL_COMMON_SOURCES	+=	drivers/arm/pl011/${ARCH}/pl011_console.S	\
8				plat/arm/board/common/${ARCH}/board_arm_helpers.S
9
10BL1_SOURCES		+=	drivers/cfi/v2m/v2m_flash.c
11
12BL2_SOURCES		+=	drivers/cfi/v2m/v2m_flash.c
13
14ifneq (${TRUSTED_BOARD_BOOT},0)
15ARM_ROTPK_S = plat/arm/board/common/rotpk/arm_dev_rotpk.S
16
17# ROTPK hash location
18ifeq (${ARM_ROTPK_LOCATION}, regs)
19	ARM_ROTPK_LOCATION_ID = ARM_ROTPK_REGS_ID
20else ifeq (${ARM_ROTPK_LOCATION}, devel_rsa)
21	CRYPTO_ALG=rsa
22	ARM_ROTPK_LOCATION_ID = ARM_ROTPK_DEVEL_RSA_ID
23	ARM_ROTPK_HASH = plat/arm/board/common/rotpk/arm_rotpk_rsa_sha256.bin
24$(eval $(call add_define_val,ARM_ROTPK_HASH,'"$(ARM_ROTPK_HASH)"'))
25$(BUILD_PLAT)/bl2/arm_dev_rotpk.o : $(ARM_ROTPK_HASH)
26$(warning Development keys support for FVP is deprecated. Use `regs` \
27option instead)
28else ifeq (${ARM_ROTPK_LOCATION}, devel_ecdsa)
29	CRYPTO_ALG=ec
30	ARM_ROTPK_LOCATION_ID = ARM_ROTPK_DEVEL_ECDSA_ID
31	ARM_ROTPK_HASH = plat/arm/board/common/rotpk/arm_rotpk_ecdsa_sha256.bin
32$(eval $(call add_define_val,ARM_ROTPK_HASH,'"$(ARM_ROTPK_HASH)"'))
33$(BUILD_PLAT)/bl2/arm_dev_rotpk.o : $(ARM_ROTPK_HASH)
34$(warning Development keys support for FVP is deprecated. Use `regs` \
35option instead)
36else ifeq (${ARM_ROTPK_LOCATION}, devel_full_dev_rsa_key)
37	CRYPTO_ALG=rsa
38	ARM_ROTPK_LOCATION_ID = ARM_ROTPK_DEVEL_FULL_DEV_RSA_KEY_ID
39	ARM_ROTPK_S = plat/arm/board/common/rotpk/arm_full_dev_rsa_rotpk.S
40$(warning Development keys support for FVP is deprecated. Use `regs` \
41option instead)
42else ifeq (${ARM_ROTPK_LOCATION}, devel_full_dev_ecdsa_key)
43	CRYPTO_ALG=ec
44	ARM_ROTPK_LOCATION_ID = ARM_ROTPK_DEVEL_FULL_DEV_ECDSA_KEY_ID
45ifeq (${KEY_SIZE},384)
46	ARM_ROTPK_S = plat/arm/board/common/rotpk/arm_full_dev_ecdsa_p384_rotpk.S
47else
48	ARM_ROTPK_S = plat/arm/board/common/rotpk/arm_full_dev_ecdsa_p256_rotpk.S
49endif
50$(warning Development keys support for FVP is deprecated. Use `regs` \
51option instead)
52else
53$(error "Unsupported ARM_ROTPK_LOCATION value")
54endif
55
56$(eval $(call add_define,ARM_ROTPK_LOCATION_ID))
57
58ifeq (${ENABLE_RME}, 1)
59COT	:=	cca
60endif
61
62# Force generation of the new hash if ROT_KEY is specified
63ifdef ROT_KEY
64	HASH_PREREQUISITES = $(ROT_KEY) FORCE
65endif
66
67$(ARM_ROTPK_HASH) : $(HASH_PREREQUISITES)
68ifndef ROT_KEY
69	$(error Cannot generate hash: no ROT_KEY defined)
70endif
71	${OPENSSL_BIN_PATH}/openssl ${CRYPTO_ALG} -in $< -pubout -outform DER | \
72	${OPENSSL_BIN_PATH}/openssl dgst -sha256 -binary > $@
73
74# Certificate NV-Counters. Use values corresponding to tied off values in
75# ARM development platforms
76TFW_NVCTR_VAL	?=	31
77NTFW_NVCTR_VAL	?=	223
78# The CCA Non-Volatile Counter only exists on some Arm development platforms.
79# On others, we mock it by aliasing it to the Trusted Firmware Non-Volatile counter,
80# hence we set both counters to the same default value.
81CCAFW_NVCTR_VAL	?=	31
82
83BL1_SOURCES		+=	plat/arm/board/common/board_arm_trusted_boot.c \
84				${ARM_ROTPK_S}
85BL2_SOURCES		+=	plat/arm/board/common/board_arm_trusted_boot.c \
86				${ARM_ROTPK_S}
87
88# Allows platform code to provide implementation variants depending on the
89# selected chain of trust.
90$(eval $(call add_define,ARM_COT_${COT}))
91
92ifeq (${COT},dualroot)
93# Platform Root of Trust key files.
94ARM_PROT_KEY		:=	plat/arm/board/common/protpk/arm_protprivk_rsa.pem
95ARM_PROTPK_HASH		:=	plat/arm/board/common/protpk/arm_protpk_rsa_sha256.bin
96
97# Provide the private key to cert_create tool. It needs it to sign the images.
98PROT_KEY		:=	${ARM_PROT_KEY}
99
100$(eval $(call add_define_val,ARM_PROTPK_HASH,'"$(ARM_PROTPK_HASH)"'))
101
102BL1_SOURCES		+=	plat/arm/board/common/protpk/arm_dev_protpk.S
103BL2_SOURCES		+=	plat/arm/board/common/protpk/arm_dev_protpk.S
104
105$(BUILD_PLAT)/bl1/arm_dev_protpk.o: $(ARM_PROTPK_HASH)
106$(BUILD_PLAT)/bl2/arm_dev_protpk.o: $(ARM_PROTPK_HASH)
107endif
108
109ifeq (${COT},cca)
110# Platform and Secure World Root of Trust key files.
111ARM_PROT_KEY		:=	plat/arm/board/common/protpk/arm_protprivk_rsa.pem
112ARM_PROTPK_HASH		:=	plat/arm/board/common/protpk/arm_protpk_rsa_sha256.bin
113ARM_SWD_ROT_KEY		:=	plat/arm/board/common/swd_rotpk/arm_swd_rotprivk_rsa.pem
114ARM_SWD_ROTPK_HASH	:=	plat/arm/board/common/swd_rotpk/arm_swd_rotpk_rsa_sha256.bin
115
116# Provide the private keys to cert_create tool. It needs them to sign the images.
117PROT_KEY		:=	${ARM_PROT_KEY}
118SWD_ROT_KEY		:=	${ARM_SWD_ROT_KEY}
119
120$(eval $(call add_define_val,ARM_PROTPK_HASH,'"$(ARM_PROTPK_HASH)"'))
121$(eval $(call add_define_val,ARM_SWD_ROTPK_HASH,'"$(ARM_SWD_ROTPK_HASH)"'))
122
123BL1_SOURCES		+=	plat/arm/board/common/protpk/arm_dev_protpk.S \
124				plat/arm/board/common/swd_rotpk/arm_dev_swd_rotpk.S
125BL2_SOURCES		+=	plat/arm/board/common/protpk/arm_dev_protpk.S \
126				plat/arm/board/common/swd_rotpk/arm_dev_swd_rotpk.S
127
128$(BUILD_PLAT)/bl1/arm_dev_protpk.o: $(ARM_PROTPK_HASH)
129$(BUILD_PLAT)/bl1/arm_dev_swd_rotpk.o: $(ARM_SWD_ROTPK_HASH)
130$(BUILD_PLAT)/bl2/arm_dev_protpk.o: $(ARM_PROTPK_HASH)
131$(BUILD_PLAT)/bl2/arm_dev_swd_rotpk.o: $(ARM_SWD_ROTPK_HASH)
132endif
133
134endif
135