refactor(build): cleanup Makefile to handle build flags precisely
Presently, Makefile is unsystematic with no precise ordering
of configuration and commands.
This patch addresses this issue, by sorting and arranging the related
sections in an order, which helps in maintaining it precisely.
Further, this assists developers in identifying the concerned section
and add related changes appropriately with ease.
Additionally, SIMICS build option linked to Intel platform, has been
removed, as there is no platform specific support to utilise it.
[https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/16737]
Change-Id: I72c09905334f94f803cdfd85f56e2c9572f9b3ef
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
diff --git a/Makefile b/Makefile
index 3ac31a5..2b2f79e 100644
--- a/Makefile
+++ b/Makefile
@@ -74,37 +74,85 @@
${INC_DRV_DIRS_TO_CHECK} \
${INC_ARM_DIRS_TO_CHECK}
-
################################################################################
# Process build options
################################################################################
# Verbose flag
ifeq (${V},0)
- Q:=@
- ECHO:=@echo
- CHECKCODE_ARGS += --no-summary --terse
+ Q:=@
+ ECHO:=@echo
+ CHECKCODE_ARGS += --no-summary --terse
else
- Q:=
- ECHO:=$(ECHO_QUIET)
+ Q:=
+ ECHO:=$(ECHO_QUIET)
endif
ifneq ($(findstring s,$(filter-out --%,$(MAKEFLAGS))),)
- Q:=@
- ECHO:=$(ECHO_QUIET)
+ Q:=@
+ ECHO:=$(ECHO_QUIET)
endif
export Q ECHO
-# The cert_create tool cannot generate certificates individually, so we use the
-# target 'certificates' to create them all
-ifneq (${GENERATE_COT},0)
- FIP_DEPS += certificates
- FWU_FIP_DEPS += fwu_certificates
+################################################################################
+# Toolchain
+################################################################################
+
+HOSTCC := gcc
+export HOSTCC
+
+CC := ${CROSS_COMPILE}gcc
+CPP := ${CROSS_COMPILE}cpp
+AS := ${CROSS_COMPILE}gcc
+AR := ${CROSS_COMPILE}ar
+LINKER := ${CROSS_COMPILE}ld
+OC := ${CROSS_COMPILE}objcopy
+OD := ${CROSS_COMPILE}objdump
+NM := ${CROSS_COMPILE}nm
+PP := ${CROSS_COMPILE}gcc -E
+DTC := dtc
+
+# Use ${LD}.bfd instead if it exists (as absolute path or together with $PATH).
+ifneq ($(strip $(wildcard ${LD}.bfd) \
+ $(foreach dir,$(subst :, ,${PATH}),$(wildcard ${dir}/${LINKER}.bfd))),)
+LINKER := ${LINKER}.bfd
endif
+################################################################################
+# Auxiliary tools (fiptool, cert_create, etc)
+################################################################################
+
+# Variables for use with Certificate Generation Tool
+CRTTOOLPATH ?= tools/cert_create
+CRTTOOL ?= ${CRTTOOLPATH}/cert_create${BIN_EXT}
+
+# Variables for use with Firmware Encryption Tool
+ENCTOOLPATH ?= tools/encrypt_fw
+ENCTOOL ?= ${ENCTOOLPATH}/encrypt_fw${BIN_EXT}
+
+# Variables for use with Firmware Image Package
+FIPTOOLPATH ?= tools/fiptool
+FIPTOOL ?= ${FIPTOOLPATH}/fiptool${BIN_EXT}
+
+# Variables for use with sptool
+SPTOOLPATH ?= tools/sptool
+SPTOOL ?= ${SPTOOLPATH}/sptool.py
+SP_MK_GEN ?= ${SPTOOLPATH}/sp_mk_generator.py
+
+# Variables for use with ROMLIB
+ROMLIBPATH ?= lib/romlib
+
+# Variable for use with Python
+PYTHON ?= python3
+
+# Variables for use with documentation build using Sphinx tool
+DOCS_PATH ?= docs
+
+################################################################################
# Process BRANCH_PROTECTION value and set
# Pointer Authentication and Branch Target Identification flags
+################################################################################
ifeq (${BRANCH_PROTECTION},0)
# Default value turns off all types of branch protection
BP_OPTION := none
@@ -129,151 +177,111 @@
ENABLE_BTI := 1
else
$(error Unknown BRANCH_PROTECTION value ${BRANCH_PROTECTION})
-endif
+endif #(BRANCH_PROTECTION)
+################################################################################
+# RME dependent flags configuration
+################################################################################
# FEAT_RME
ifeq (${ENABLE_RME},1)
-# RME doesn't support PIE
-ifneq (${ENABLE_PIE},0)
- $(error ENABLE_RME does not support PIE)
-endif
-# RME doesn't support BRBE
-ifneq (${ENABLE_BRBE_FOR_NS},0)
- $(error ENABLE_RME does not support BRBE.)
-endif
-# RME requires AARCH64
-ifneq (${ARCH},aarch64)
- $(error ENABLE_RME requires AArch64)
-endif
-# RME requires el2 context to be saved for now.
-CTX_INCLUDE_EL2_REGS := 1
-CTX_INCLUDE_AARCH32_REGS := 0
-ARM_ARCH_MAJOR := 8
-ARM_ARCH_MINOR := 5
-ENABLE_FEAT_ECV = 1
-ENABLE_FEAT_FGT = 1
-CTX_INCLUDE_PAUTH_REGS := 1
-# RME enables CSV2_2 extension by default.
-ENABLE_FEAT_CSV2_2 = 1
+ # RME doesn't support PIE
+ ifneq (${ENABLE_PIE},0)
+ $(error ENABLE_RME does not support PIE)
+ endif
-endif
+ # RME doesn't support BRBE
+ ifneq (${ENABLE_BRBE_FOR_NS},0)
+ $(error ENABLE_RME does not support BRBE.)
+ endif
-# USE_SPINLOCK_CAS requires AArch64 build
-ifeq (${USE_SPINLOCK_CAS},1)
-ifneq (${ARCH},aarch64)
- $(error USE_SPINLOCK_CAS requires AArch64)
-endif
-endif
+ # RME requires AARCH64
+ ifneq (${ARCH},aarch64)
+ $(error ENABLE_RME requires AArch64)
+ endif
-# USE_DEBUGFS experimental feature recommended only in debug builds
-ifeq (${USE_DEBUGFS},1)
-ifeq (${DEBUG},1)
- $(warning DEBUGFS experimental feature is enabled.)
-else
- $(warning DEBUGFS experimental, recommended in DEBUG builds ONLY)
-endif
-endif
+ # RME requires el2 context to be saved for now.
+ CTX_INCLUDE_EL2_REGS := 1
+ CTX_INCLUDE_AARCH32_REGS := 0
+ ARM_ARCH_MAJOR := 8
+ ARM_ARCH_MINOR := 5
+ ENABLE_FEAT_ECV = 1
+ ENABLE_FEAT_FGT = 1
+ CTX_INCLUDE_PAUTH_REGS := 1
-ifneq (${DECRYPTION_SUPPORT},none)
-ENC_ARGS += -f ${FW_ENC_STATUS}
-ENC_ARGS += -k ${ENC_KEY}
-ENC_ARGS += -n ${ENC_NONCE}
-FIP_DEPS += enctool
-FWU_FIP_DEPS += enctool
-endif
+ # RME enables CSV2_2 extension by default.
+ ENABLE_FEAT_CSV2_2 = 1
+endif #(FEAT_RME)
################################################################################
-# Toolchain
+# Compiler Configuration based on ARCH_MAJOR and ARCH_MINOR flags
################################################################################
-
-HOSTCC := gcc
-export HOSTCC
-
-CC := ${CROSS_COMPILE}gcc
-CPP := ${CROSS_COMPILE}cpp
-AS := ${CROSS_COMPILE}gcc
-AR := ${CROSS_COMPILE}ar
-LINKER := ${CROSS_COMPILE}ld
-OC := ${CROSS_COMPILE}objcopy
-OD := ${CROSS_COMPILE}objdump
-NM := ${CROSS_COMPILE}nm
-PP := ${CROSS_COMPILE}gcc -E
-DTC := dtc
-
-# Use ${LD}.bfd instead if it exists (as absolute path or together with $PATH).
-ifneq ($(strip $(wildcard ${LD}.bfd) \
- $(foreach dir,$(subst :, ,${PATH}),$(wildcard ${dir}/${LINKER}.bfd))),)
-LINKER := ${LINKER}.bfd
-endif
-
ifeq (${ARM_ARCH_MAJOR},7)
-target32-directive = -target arm-none-eabi
+ target32-directive = -target arm-none-eabi
# Will set march32-directive from platform configuration
else
-target32-directive = -target armv8a-none-eabi
+ target32-directive = -target armv8a-none-eabi
# Set the compiler's target architecture profile based on
# ARM_ARCH_MAJOR ARM_ARCH_MINOR options
-ifeq (${ARM_ARCH_MINOR},0)
-march32-directive = -march=armv${ARM_ARCH_MAJOR}-a
-march64-directive = -march=armv${ARM_ARCH_MAJOR}-a
-else
-march32-directive = -march=armv${ARM_ARCH_MAJOR}.${ARM_ARCH_MINOR}-a
-march64-directive = -march=armv${ARM_ARCH_MAJOR}.${ARM_ARCH_MINOR}-a
-endif
-endif
+ ifeq (${ARM_ARCH_MINOR},0)
+ march32-directive = -march=armv${ARM_ARCH_MAJOR}-a
+ march64-directive = -march=armv${ARM_ARCH_MAJOR}-a
+ else
+ march32-directive = -march=armv${ARM_ARCH_MAJOR}.${ARM_ARCH_MINOR}-a
+ march64-directive = -march=armv${ARM_ARCH_MAJOR}.${ARM_ARCH_MINOR}-a
+ endif #(ARM_ARCH_MINOR)
+endif #(ARM_ARCH_MAJOR)
+
+################################################################################
+# Get Architecture Feature Modifiers
+################################################################################
+arch-features = ${ARM_ARCH_FEATURE}
+
+####################################################
+# Enable required options for Memory Stack Tagging.
+####################################################
# Memory tagging is supported in architecture Armv8.5-A AArch64 and onwards
ifeq ($(ARCH), aarch64)
-# Check if revision is greater than or equal to 8.5
-ifeq "8.5" "$(word 1, $(sort 8.5 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
-mem_tag_arch_support = yes
-endif
-endif
-
-# Get architecture feature modifiers
-arch-features = ${ARM_ARCH_FEATURE}
+ # Check if revision is greater than or equal to 8.5
+ ifeq "8.5" "$(word 1, $(sort 8.5 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
+ mem_tag_arch_support = yes
+ endif
+endif #(ARCH=aarch64)
-# Enable required options for memory stack tagging.
# Currently, these options are enabled only for clang and armclang compiler.
ifeq (${SUPPORT_STACK_MEMTAG},yes)
-ifdef mem_tag_arch_support
-# Check for armclang and clang compilers
-ifneq ( ,$(filter $(notdir $(CC)),armclang clang))
-# Add "memtag" architecture feature modifier if not specified
-ifeq ( ,$(findstring memtag,$(arch-features)))
-arch-features := $(arch-features)+memtag
-endif # memtag
-ifeq ($(notdir $(CC)),armclang)
-TF_CFLAGS += -mmemtag-stack
-else ifeq ($(notdir $(CC)),clang)
-TF_CFLAGS += -fsanitize=memtag
-endif # armclang
-endif # armclang clang
-else
-$(error "Error: stack memory tagging is not supported for architecture \
- ${ARCH},armv${ARM_ARCH_MAJOR}.${ARM_ARCH_MINOR}-a")
-endif # mem_tag_arch_support
-endif # SUPPORT_STACK_MEMTAG
+ ifdef mem_tag_arch_support
+ # Check for armclang and clang compilers
+ ifneq ( ,$(filter $(notdir $(CC)),armclang clang))
+ # Add "memtag" architecture feature modifier if not specified
+ ifeq ( ,$(findstring memtag,$(arch-features)))
+ arch-features := $(arch-features)+memtag
+ endif # memtag
+ ifeq ($(notdir $(CC)),armclang)
+ TF_CFLAGS += -mmemtag-stack
+ else ifeq ($(notdir $(CC)),clang)
+ TF_CFLAGS += -fsanitize=memtag
+ endif # armclang
+ endif
+ else
+ $(error "Error: stack memory tagging is not supported for \
+ architecture ${ARCH},armv${ARM_ARCH_MAJOR}.${ARM_ARCH_MINOR}-a")
+ endif #(mem_tag_arch_support)
+endif #(SUPPORT_STACK_MEMTAG)
# Set the compiler's architecture feature modifiers
ifneq ($(arch-features), none)
-# Strip "none+" from arch-features
-arch-features := $(subst none+,,$(arch-features))
-ifeq ($(ARCH), aarch32)
-march32-directive := $(march32-directive)+$(arch-features)
-else
-march64-directive := $(march64-directive)+$(arch-features)
-endif
+ # Strip "none+" from arch-features
+ arch-features := $(subst none+,,$(arch-features))
+ ifeq ($(ARCH), aarch32)
+ march32-directive := $(march32-directive)+$(arch-features)
+ else
+ march64-directive := $(march64-directive)+$(arch-features)
+ endif
# Print features
-$(info Arm Architecture Features specified: $(subst +, ,$(arch-features)))
-endif # arch-features
-
-# Determine if FEAT_RNG is supported
-ENABLE_FEAT_RNG = $(if $(findstring rng,${arch-features}),1,0)
-
-# Determine if FEAT_SB is supported
-ENABLE_FEAT_SB = $(if $(findstring sb,${arch-features}),1,0)
+ $(info Arm Architecture Features specified: $(subst +, ,$(arch-features)))
+endif #(arch-features)
ifneq ($(findstring clang,$(notdir $(CC))),)
ifneq ($(findstring armclang,$(notdir $(CC))),)
@@ -294,62 +302,65 @@
PP := $(CC) -E $(TF_CFLAGS_$(ARCH))
AS := $(CC) -c -x assembler-with-cpp $(TF_CFLAGS_$(ARCH))
else ifneq ($(findstring gcc,$(notdir $(CC))),)
-TF_CFLAGS_aarch32 = $(march32-directive)
-TF_CFLAGS_aarch64 = $(march64-directive)
-ifeq ($(ENABLE_LTO),1)
- # Enable LTO only for aarch64
- ifeq (${ARCH},aarch64)
- LTO_CFLAGS = -flto
- # Use gcc as a wrapper for the ld, recommended for LTO
- LINKER := ${CROSS_COMPILE}gcc
+ TF_CFLAGS_aarch32 = $(march32-directive)
+ TF_CFLAGS_aarch64 = $(march64-directive)
+ ifeq ($(ENABLE_LTO),1)
+ # Enable LTO only for aarch64
+ ifeq (${ARCH},aarch64)
+ LTO_CFLAGS = -flto
+ # Use gcc as a wrapper for the ld, recommended for LTO
+ LINKER := ${CROSS_COMPILE}gcc
+ endif
endif
-endif
-LD = $(LINKER)
+ LD = $(LINKER)
else
-TF_CFLAGS_aarch32 = $(march32-directive)
-TF_CFLAGS_aarch64 = $(march64-directive)
-LD = $(LINKER)
-endif
+ TF_CFLAGS_aarch32 = $(march32-directive)
+ TF_CFLAGS_aarch64 = $(march64-directive)
+ LD = $(LINKER)
+endif #(clang)
# Process Debug flag
$(eval $(call add_define,DEBUG))
ifneq (${DEBUG}, 0)
- BUILD_TYPE := debug
- TF_CFLAGS += -g -gdwarf-4
- ASFLAGS += -g -Wa,-gdwarf-4
+ BUILD_TYPE := debug
+ TF_CFLAGS += -g -gdwarf-4
+ ASFLAGS += -g -Wa,-gdwarf-4
- # Use LOG_LEVEL_INFO by default for debug builds
- LOG_LEVEL := 40
+ # Use LOG_LEVEL_INFO by default for debug builds
+ LOG_LEVEL := 40
else
- BUILD_TYPE := release
- # Use LOG_LEVEL_NOTICE by default for release builds
- LOG_LEVEL := 20
-endif
+ BUILD_TYPE := release
+ # Use LOG_LEVEL_NOTICE by default for release builds
+ LOG_LEVEL := 20
+endif #(Debug)
# Default build string (git branch and commit)
ifeq (${BUILD_STRING},)
- BUILD_STRING := $(shell git describe --always --dirty --tags 2> /dev/null)
+ BUILD_STRING := $(shell git describe --always --dirty --tags 2> /dev/null)
endif
VERSION_STRING := v${VERSION}(${BUILD_TYPE}):${BUILD_STRING}
ifeq (${AARCH32_INSTRUCTION_SET},A32)
-TF_CFLAGS_aarch32 += -marm
+ TF_CFLAGS_aarch32 += -marm
else ifeq (${AARCH32_INSTRUCTION_SET},T32)
-TF_CFLAGS_aarch32 += -mthumb
+ TF_CFLAGS_aarch32 += -mthumb
else
-$(error Error: Unknown AArch32 instruction set ${AARCH32_INSTRUCTION_SET})
-endif
+ $(error Error: Unknown AArch32 instruction set ${AARCH32_INSTRUCTION_SET})
+endif #(AARCH32_INSTRUCTION_SET)
TF_CFLAGS_aarch32 += -mno-unaligned-access
TF_CFLAGS_aarch64 += -mgeneral-regs-only -mstrict-align
ifneq (${BP_OPTION},none)
-TF_CFLAGS_aarch64 += -mbranch-protection=${BP_OPTION}
-endif
+ TF_CFLAGS_aarch64 += -mbranch-protection=${BP_OPTION}
+endif #(BP_OPTION)
ASFLAGS_aarch32 = $(march32-directive)
ASFLAGS_aarch64 = $(march64-directive)
+##############################################################################
+# WARNINGS Configuration
+###############################################################################
# General warnings
WARNINGS := -Wall -Wmissing-include-dirs -Wunused \
-Wdisabled-optimization -Wvla -Wshadow \
@@ -395,18 +406,18 @@
# outside of the contributor's control. Don't fail the build on them so warnings
# can be seen and hopefully addressed
ifdef W
-ifneq (${W},0)
-E ?= 0
-endif
+ ifneq (${W},0)
+ E ?= 0
+ endif
endif
ifeq (${W},1)
-WARNINGS += $(WARNING1)
+ WARNINGS += $(WARNING1)
else ifeq (${W},2)
-WARNINGS += $(WARNING1) $(WARNING2)
+ WARNINGS += $(WARNING1) $(WARNING2)
else ifeq (${W},3)
-WARNINGS += $(WARNING1) $(WARNING2) $(WARNING3)
-endif
+ WARNINGS += $(WARNING1) $(WARNING2) $(WARNING3)
+endif #(W)
# Compiler specific warnings
ifeq ($(findstring clang,$(notdir $(CC))),)
@@ -422,12 +433,15 @@
# using clang
WARNINGS += -Wshift-overflow -Wshift-sign-overflow \
-Wlogical-op-parentheses
-endif
+endif #(Clang Warning)
ifneq (${E},0)
-ERRORS := -Werror
-endif
+ ERRORS := -Werror
+endif #(E)
+################################################################################
+# Compiler and Linker Directives
+################################################################################
CPPFLAGS = ${DEFINES} ${INCLUDES} ${MBEDTLS_INC} -nostdinc \
$(ERRORS) $(WARNINGS)
ASFLAGS += $(CPPFLAGS) $(ASFLAGS_$(ARCH)) \
@@ -437,15 +451,14 @@
-ffreestanding -fno-builtin -fno-common \
-Os -std=gnu99
-$(eval $(call add_define,SVE_VECTOR_LEN))
-
ifeq (${SANITIZE_UB},on)
-TF_CFLAGS += -fsanitize=undefined -fno-sanitize-recover
-endif
+ TF_CFLAGS += -fsanitize=undefined -fno-sanitize-recover
+endif #(${SANITIZE_UB},on)
+
ifeq (${SANITIZE_UB},trap)
-TF_CFLAGS += -fsanitize=undefined -fno-sanitize-recover \
+ TF_CFLAGS += -fsanitize=undefined -fno-sanitize-recover \
-fsanitize-undefined-trap-on-error
-endif
+endif #(${SANITIZE_UB},trap)
GCC_V_OUTPUT := $(shell $(CC) -v 2>&1)
@@ -453,51 +466,53 @@
# LD = armlink
ifneq ($(findstring armlink,$(notdir $(LD))),)
-TF_LDFLAGS += --diag_error=warning --lto_level=O1
-TF_LDFLAGS += --remove --info=unused,unusedsymbols
-TF_LDFLAGS += $(TF_LDFLAGS_$(ARCH))
+ TF_LDFLAGS += --diag_error=warning --lto_level=O1
+ TF_LDFLAGS += --remove --info=unused,unusedsymbols
+ TF_LDFLAGS += $(TF_LDFLAGS_$(ARCH))
# LD = gcc (used when GCC LTO is enabled)
else ifneq ($(findstring gcc,$(notdir $(LD))),)
-# Pass ld options with Wl or Xlinker switches
-TF_LDFLAGS += -Wl,--fatal-warnings -O1
-TF_LDFLAGS += -Wl,--gc-sections
+ # Pass ld options with Wl or Xlinker switches
+ TF_LDFLAGS += -Wl,--fatal-warnings -O1
+ TF_LDFLAGS += -Wl,--gc-sections
-TF_LDFLAGS += -Wl,-z,common-page-size=4096 # Configure page size constants
-TF_LDFLAGS += -Wl,-z,max-page-size=4096
+ TF_LDFLAGS += -Wl,-z,common-page-size=4096 #Configure page size constants
+ TF_LDFLAGS += -Wl,-z,max-page-size=4096
-ifeq ($(ENABLE_LTO),1)
- ifeq (${ARCH},aarch64)
- TF_LDFLAGS += -flto -fuse-linker-plugin
- endif
-endif
+ ifeq ($(ENABLE_LTO),1)
+ ifeq (${ARCH},aarch64)
+ TF_LDFLAGS += -flto -fuse-linker-plugin
+ endif
+ endif #(ENABLE_LTO)
+
# GCC automatically adds fix-cortex-a53-843419 flag when used to link
# which breaks some builds, so disable if errata fix is not explicitly enabled
-ifneq (${ERRATA_A53_843419},1)
- TF_LDFLAGS += -mno-fix-cortex-a53-843419
-endif
-TF_LDFLAGS += -nostdlib
-TF_LDFLAGS += $(subst --,-Xlinker --,$(TF_LDFLAGS_$(ARCH)))
+ ifneq (${ERRATA_A53_843419},1)
+ TF_LDFLAGS += -mno-fix-cortex-a53-843419
+ endif
+ TF_LDFLAGS += -nostdlib
+ TF_LDFLAGS += $(subst --,-Xlinker --,$(TF_LDFLAGS_$(ARCH)))
# LD = gcc-ld (ld) or llvm-ld (ld.lld) or other
else
# With ld.bfd version 2.39 and newer new warnings are added. Skip those since we
# are not loaded by a elf loader.
-TF_LDFLAGS += $(call ld_option, --no-warn-rwx-segments)
-TF_LDFLAGS += -O1
-TF_LDFLAGS += --gc-sections
+ TF_LDFLAGS += $(call ld_option, --no-warn-rwx-segments)
+ TF_LDFLAGS += -O1
+ TF_LDFLAGS += --gc-sections
-TF_LDFLAGS += -z common-page-size=4096 # Configure page size constants
-TF_LDFLAGS += -z max-page-size=4096
+ TF_LDFLAGS += -z common-page-size=4096 # Configure page size constants
+ TF_LDFLAGS += -z max-page-size=4096
# ld.lld doesn't recognize the errata flags,
# therefore don't add those in that case.
# ld.lld reports section type mismatch warnings,
# therefore don't add --fatal-warnings to it.
-ifeq ($(findstring ld.lld,$(notdir $(LD))),)
-TF_LDFLAGS += $(TF_LDFLAGS_$(ARCH)) --fatal-warnings
-endif
-endif
+ ifeq ($(findstring ld.lld,$(notdir $(LD))),)
+ TF_LDFLAGS += $(TF_LDFLAGS_$(ARCH)) --fatal-warnings
+ endif
+
+endif #(LD = armlink)
DTC_FLAGS += -I dts -O dtb
DTC_CPPFLAGS += -P -nostdinc -Iinclude -Ifdts -undef \
@@ -525,15 +540,15 @@
ifeq (${ENABLE_PAUTH}, 1)
# arm/common/aarch64/arm_pauth.c contains a sample platform hook to complete the
# Pauth support. As it's not secure, it must be reimplemented for real platforms
-BL_COMMON_SOURCES += lib/extensions/pauth/pauth_helpers.S
+ BL_COMMON_SOURCES += lib/extensions/pauth/pauth_helpers.S
endif
ifeq ($(notdir $(CC)),armclang)
-BL_COMMON_SOURCES += lib/${ARCH}/armclang_printf.S
+ BL_COMMON_SOURCES += lib/${ARCH}/armclang_printf.S
endif
ifeq (${SANITIZE_UB},on)
-BL_COMMON_SOURCES += plat/common/ubsan.c
+ BL_COMMON_SOURCES += plat/common/ubsan.c
endif
INCLUDES += -Iinclude \
@@ -548,7 +563,6 @@
################################################################################
# Generic definitions
################################################################################
-
include ${MAKE_HELPERS_DIRECTORY}plat_helpers.mk
ifeq (${BUILD_BASE},)
@@ -561,96 +575,97 @@
# Platforms providing their own TBB makefile may override this value
INCLUDE_TBBR_MK := 1
-
################################################################################
# Include SPD Makefile if one has been specified
################################################################################
ifneq (${SPD},none)
- ifeq (${ARCH},aarch32)
- $(error "Error: SPD is incompatible with AArch32.")
- endif
+ ifeq (${ARCH},aarch32)
+ $(error "Error: SPD is incompatible with AArch32.")
+ endif
- ifdef EL3_PAYLOAD_BASE
- $(warning "SPD and EL3_PAYLOAD_BASE are incompatible build options.")
- $(warning "The SPD and its BL32 companion will be present but ignored.")
- endif
+ ifdef EL3_PAYLOAD_BASE
+ $(warning "SPD and EL3_PAYLOAD_BASE are incompatible build options.")
+ $(warning "The SPD and its BL32 companion will be present but \
+ ignored.")
+ endif
- ifeq (${SPD},spmd)
- # SPMD is located in std_svc directory
- SPD_DIR := std_svc
+ ifeq (${SPD},spmd)
+ # SPMD is located in std_svc directory
+ SPD_DIR := std_svc
- ifeq ($(SPMD_SPM_AT_SEL2),1)
- CTX_INCLUDE_EL2_REGS := 1
- ifeq ($(SPMC_AT_EL3),1)
- $(error SPM cannot be enabled in both S-EL2 and EL3.)
- endif
- endif
+ ifeq ($(SPMD_SPM_AT_SEL2),1)
+ CTX_INCLUDE_EL2_REGS := 1
+ ifeq ($(SPMC_AT_EL3),1)
+ $(error SPM cannot be enabled in both S-EL2 and EL3.)
+ endif
+ endif
- ifeq ($(findstring optee_sp,$(ARM_SPMC_MANIFEST_DTS)),optee_sp)
- DTC_CPPFLAGS += -DOPTEE_SP_FW_CONFIG
- endif
+ ifeq ($(findstring optee_sp,$(ARM_SPMC_MANIFEST_DTS)),optee_sp)
+ DTC_CPPFLAGS += -DOPTEE_SP_FW_CONFIG
+ endif
- ifeq ($(TS_SP_FW_CONFIG),1)
- DTC_CPPFLAGS += -DTS_SP_FW_CONFIG
- endif
+ ifeq ($(TS_SP_FW_CONFIG),1)
+ DTC_CPPFLAGS += -DTS_SP_FW_CONFIG
+ endif
- ifneq ($(ARM_BL2_SP_LIST_DTS),)
- DTC_CPPFLAGS += -DARM_BL2_SP_LIST_DTS=$(ARM_BL2_SP_LIST_DTS)
- endif
+ ifneq ($(ARM_BL2_SP_LIST_DTS),)
+ DTC_CPPFLAGS += -DARM_BL2_SP_LIST_DTS=$(ARM_BL2_SP_LIST_DTS)
+ endif
- ifneq ($(SP_LAYOUT_FILE),)
- BL2_ENABLE_SP_LOAD := 1
- endif
- else
- # All other SPDs in spd directory
- SPD_DIR := spd
- endif
+ ifneq ($(SP_LAYOUT_FILE),)
+ BL2_ENABLE_SP_LOAD := 1
+ endif
+ else
+ # All other SPDs in spd directory
+ SPD_DIR := spd
+ endif #(SPD)
- # We expect to locate an spd.mk under the specified SPD directory
- SPD_MAKE := $(wildcard services/${SPD_DIR}/${SPD}/${SPD}.mk)
+ # We expect to locate an spd.mk under the specified SPD directory
+ SPD_MAKE := $(wildcard services/${SPD_DIR}/${SPD}/${SPD}.mk)
- ifeq (${SPD_MAKE},)
- $(error Error: No services/${SPD_DIR}/${SPD}/${SPD}.mk located)
- endif
- $(info Including ${SPD_MAKE})
- include ${SPD_MAKE}
+ ifeq (${SPD_MAKE},)
+ $(error Error: No services/${SPD_DIR}/${SPD}/${SPD}.mk located)
+ endif
+ $(info Including ${SPD_MAKE})
+ include ${SPD_MAKE}
- # If there's BL32 companion for the chosen SPD, we expect that the SPD's
- # Makefile would set NEED_BL32 to "yes". In this case, the build system
- # supports two mutually exclusive options:
- # * BL32 is built from source: then BL32_SOURCES must contain the list
- # of source files to build BL32
- # * BL32 is a prebuilt binary: then BL32 must point to the image file
- # that will be included in the FIP
- # If both BL32_SOURCES and BL32 are defined, the binary takes precedence
- # over the sources.
-endif
+ # If there's BL32 companion for the chosen SPD, we expect that the SPD's
+ # Makefile would set NEED_BL32 to "yes". In this case, the build system
+ # supports two mutually exclusive options:
+ # * BL32 is built from source: then BL32_SOURCES must contain the list
+ # of source files to build BL32
+ # * BL32 is a prebuilt binary: then BL32 must point to the image file
+ # that will be included in the FIP
+ # If both BL32_SOURCES and BL32 are defined, the binary takes precedence
+ # over the sources.
+endif #(SPD=none)
ifeq (${CTX_INCLUDE_EL2_REGS}, 1)
-ifeq (${SPD},none)
-ifeq (${ENABLE_RME},0)
- $(error CTX_INCLUDE_EL2_REGS is available only when SPD or RME is enabled)
-endif
-endif
+ ifeq (${SPD},none)
+ ifeq (${ENABLE_RME},0)
+ $(error CTX_INCLUDE_EL2_REGS is available only when SPD \
+ or RME is enabled)
+ endif
+ endif
endif
################################################################################
# Include rmmd Makefile if RME is enabled
################################################################################
-
ifneq (${ENABLE_RME},0)
-ifneq (${ARCH},aarch64)
- $(error ENABLE_RME requires AArch64)
-endif
-ifeq ($(SPMC_AT_EL3),1)
- $(error SPMC_AT_EL3 and ENABLE_RME cannot both be enabled.)
-endif
-ifneq (${SPD}, none)
-ifneq (${SPD}, spmd)
- $(error ENABLE_RME is incompatible with SPD=${SPD}. Use SPD=spmd)
-endif
-endif
+ ifneq (${ARCH},aarch64)
+ $(error ENABLE_RME requires AArch64)
+ endif
+ ifeq ($(SPMC_AT_EL3),1)
+ $(error SPMC_AT_EL3 and ENABLE_RME cannot both be enabled.)
+ endif
+
+ ifneq (${SPD}, none)
+ ifneq (${SPD}, spmd)
+ $(error ENABLE_RME is incompatible with SPD=${SPD}. Use SPD=spmd)
+ endif
+ endif
include services/std_svc/rmmd/rmmd.mk
$(warning "RME is an experimental feature")
endif
@@ -669,9 +684,10 @@
ifeq (${RESET_TO_BL2},1)
BL2_RUNS_AT_EL3 := 1
- ifeq (${ENABLE_RME},1)
- $(error RESET_TO_BL2=1 and ENABLE_RME=1 configuration is not supported at the moment.)
- endif
+ ifeq (${ENABLE_RME},1)
+ $(error RESET_TO_BL2=1 and ENABLE_RME=1 configuration is not \
+ supported at the moment.)
+ endif
else ifeq (${ENABLE_RME},1)
BL2_RUNS_AT_EL3 := 1
else
@@ -690,7 +706,7 @@
ifneq ($(findstring gcc,$(notdir $(LD))),)
TF_LDFLAGS += -no-pie
endif
-endif
+endif #(PIE_FOUND)
ifneq ($(findstring gcc,$(notdir $(LD))),)
PIE_LDFLAGS += -Wl,-pie -Wl,--no-dynamic-linker
@@ -699,13 +715,13 @@
endif
ifeq ($(ENABLE_PIE),1)
-ifeq ($(RESET_TO_BL2),1)
-ifneq ($(BL2_IN_XIP_MEM),1)
- BL2_CPPFLAGS += -fpie
- BL2_CFLAGS += -fpie
- BL2_LDFLAGS += $(PIE_LDFLAGS)
-endif
-endif
+ ifeq ($(RESET_TO_BL2),1)
+ ifneq ($(BL2_IN_XIP_MEM),1)
+ BL2_CPPFLAGS += -fpie
+ BL2_CFLAGS += -fpie
+ BL2_LDFLAGS += $(PIE_LDFLAGS)
+ endif #(BL2_IN_XIP_MEM)
+ endif #(RESET_TO_BL2)
BL31_CPPFLAGS += -fpie
BL31_CFLAGS += -fpie
BL31_LDFLAGS += $(PIE_LDFLAGS)
@@ -713,7 +729,7 @@
BL32_CPPFLAGS += -fpie
BL32_CFLAGS += -fpie
BL32_LDFLAGS += $(PIE_LDFLAGS)
-endif
+endif #(ENABLE_PIE)
BL1_CPPFLAGS += -DREPORT_ERRATA=${DEBUG}
BL31_CPPFLAGS += -DREPORT_ERRATA=${DEBUG}
@@ -721,17 +737,17 @@
BL1_CPPFLAGS += -DIMAGE_AT_EL3
ifeq ($(RESET_TO_BL2),1)
-BL2_CPPFLAGS += -DIMAGE_AT_EL3
+ BL2_CPPFLAGS += -DIMAGE_AT_EL3
else
-BL2_CPPFLAGS += -DIMAGE_AT_EL1
-endif
+ BL2_CPPFLAGS += -DIMAGE_AT_EL1
+endif #(RESET_TO_BL2)
ifeq (${ARCH},aarch64)
-BL2U_CPPFLAGS += -DIMAGE_AT_EL1
-BL31_CPPFLAGS += -DIMAGE_AT_EL3
-BL32_CPPFLAGS += -DIMAGE_AT_EL1
+ BL2U_CPPFLAGS += -DIMAGE_AT_EL1
+ BL31_CPPFLAGS += -DIMAGE_AT_EL3
+ BL32_CPPFLAGS += -DIMAGE_AT_EL1
else
-BL32_CPPFLAGS += -DIMAGE_AT_EL3
+ BL32_CPPFLAGS += -DIMAGE_AT_EL3
endif
# Include the CPU specific operations makefile, which provides default
@@ -739,25 +755,23 @@
# This can be overridden by the platform.
include lib/cpus/cpu-ops.mk
-ifeq (${ARCH},aarch32)
-NEED_BL32 := yes
-
################################################################################
# Build `AARCH32_SP` as BL32 image for AArch32
################################################################################
-ifneq (${AARCH32_SP},none)
-# We expect to locate an sp.mk under the specified AARCH32_SP directory
-AARCH32_SP_MAKE := $(wildcard bl32/${AARCH32_SP}/${AARCH32_SP}.mk)
-
-ifeq (${AARCH32_SP_MAKE},)
- $(error Error: No bl32/${AARCH32_SP}/${AARCH32_SP}.mk located)
-endif
+ifeq (${ARCH},aarch32)
+ NEED_BL32 := yes
-$(info Including ${AARCH32_SP_MAKE})
-include ${AARCH32_SP_MAKE}
-endif
+ ifneq (${AARCH32_SP},none)
+ # We expect to locate an sp.mk under the specified AARCH32_SP directory
+ AARCH32_SP_MAKE := $(wildcard bl32/${AARCH32_SP}/${AARCH32_SP}.mk)
-endif
+ ifeq (${AARCH32_SP_MAKE},)
+ $(error Error: No bl32/${AARCH32_SP}/${AARCH32_SP}.mk located)
+ endif
+ $(info Including ${AARCH32_SP_MAKE})
+ include ${AARCH32_SP_MAKE}
+ endif
+endif #(ARCH=aarch32)
################################################################################
# Include libc if not overridden
@@ -767,226 +781,275 @@
endif
################################################################################
-# Check incompatible options
+# Check incompatible options and dependencies
################################################################################
-ifdef EL3_PAYLOAD_BASE
- ifdef PRELOADED_BL33_BASE
- $(warning "PRELOADED_BL33_BASE and EL3_PAYLOAD_BASE are \
- incompatible build options. EL3_PAYLOAD_BASE has priority.")
- endif
- ifneq (${GENERATE_COT},0)
- $(error "GENERATE_COT and EL3_PAYLOAD_BASE are incompatible build options.")
+# USE_DEBUGFS experimental feature recommended only in debug builds
+ifeq (${USE_DEBUGFS},1)
+ ifeq (${DEBUG},1)
+ $(warning DEBUGFS experimental feature is enabled.)
+ else
+ $(warning DEBUGFS experimental, recommended in DEBUG builds ONLY)
endif
- ifneq (${TRUSTED_BOARD_BOOT},0)
- $(error "TRUSTED_BOARD_BOOT and EL3_PAYLOAD_BASE are incompatible build options.")
+endif #(USE_DEBUGFS)
+
+# USE_SPINLOCK_CAS requires AArch64 build
+ifeq (${USE_SPINLOCK_CAS},1)
+ ifneq (${ARCH},aarch64)
+ $(error USE_SPINLOCK_CAS requires AArch64)
endif
+endif #(USE_SPINLOCK_CAS)
+
+# The cert_create tool cannot generate certificates individually, so we use the
+# target 'certificates' to create them all
+ifneq (${GENERATE_COT},0)
+ FIP_DEPS += certificates
+ FWU_FIP_DEPS += fwu_certificates
endif
+ifneq (${DECRYPTION_SUPPORT},none)
+ ENC_ARGS += -f ${FW_ENC_STATUS}
+ ENC_ARGS += -k ${ENC_KEY}
+ ENC_ARGS += -n ${ENC_NONCE}
+ FIP_DEPS += enctool
+ FWU_FIP_DEPS += enctool
+endif #(DECRYPTION_SUPPORT)
+
+ifdef EL3_PAYLOAD_BASE
+ ifdef PRELOADED_BL33_BASE
+ $(warning "PRELOADED_BL33_BASE and EL3_PAYLOAD_BASE are \
+ incompatible build options. EL3_PAYLOAD_BASE has priority.")
+ endif
+ ifneq (${GENERATE_COT},0)
+ $(error "GENERATE_COT and EL3_PAYLOAD_BASE are incompatible \
+ build options.")
+ endif
+ ifneq (${TRUSTED_BOARD_BOOT},0)
+ $(error "TRUSTED_BOARD_BOOT and EL3_PAYLOAD_BASE are \
+ incompatible \ build options.")
+ endif
+endif #(EL3_PAYLOAD_BASE)
+
ifeq (${NEED_BL33},yes)
- ifdef EL3_PAYLOAD_BASE
+ ifdef EL3_PAYLOAD_BASE
$(warning "BL33 image is not needed when option \
BL33_PAYLOAD_BASE is used and won't be added to the FIP file.")
- endif
- ifdef PRELOADED_BL33_BASE
+ endif
+ ifdef PRELOADED_BL33_BASE
$(warning "BL33 image is not needed when option \
- PRELOADED_BL33_BASE is used and won't be added to the FIP \
- file.")
- endif
-endif
+ PRELOADED_BL33_BASE is used and won't be added to the FIP file.")
+ endif
+endif #(NEED_BL33)
# When building for systems with hardware-assisted coherency, there's no need to
# use USE_COHERENT_MEM. Require that USE_COHERENT_MEM must be set to 0 too.
ifeq ($(HW_ASSISTED_COHERENCY)-$(USE_COHERENT_MEM),1-1)
-$(error USE_COHERENT_MEM cannot be enabled with HW_ASSISTED_COHERENCY)
+ $(error USE_COHERENT_MEM cannot be enabled with HW_ASSISTED_COHERENCY)
endif
#For now, BL2_IN_XIP_MEM is only supported when RESET_TO_BL2 is 1.
ifeq ($(RESET_TO_BL2)-$(BL2_IN_XIP_MEM),0-1)
-$(error "BL2_IN_XIP_MEM is only supported when RESET_TO_BL2 is enabled")
+ $(error "BL2_IN_XIP_MEM is only supported when RESET_TO_BL2 is enabled")
endif
# RAS_EXTENSION is deprecated, provide alternate build options
ifeq ($(RAS_EXTENSION),1)
- $(error "RAS_EXTENSION is now deprecated, please use ENABLE_FEAT_RAS and RAS_FFH_SUPPORT instead")
+ $(error "RAS_EXTENSION is now deprecated, please use ENABLE_FEAT_RAS \
+ and RAS_FFH_SUPPORT instead")
endif
+
# RAS firmware first handling requires that EAs are handled in EL3 first
ifeq ($(RAS_FFH_SUPPORT),1)
- ifneq ($(ENABLE_FEAT_RAS),1)
- $(error For RAS_FFH_SUPPORT, ENABLE_FEAT_RAS must also be 1)
- endif
- ifneq ($(HANDLE_EA_EL3_FIRST_NS),1)
- $(error For RAS_FFH_SUPPORT, HANDLE_EA_EL3_FIRST_NS must also be 1)
- endif
-endif
+ ifneq ($(ENABLE_FEAT_RAS),1)
+ $(error For RAS_FFH_SUPPORT, ENABLE_FEAT_RAS must also be 1)
+ endif
+ ifneq ($(HANDLE_EA_EL3_FIRST_NS),1)
+ $(error For RAS_FFH_SUPPORT, HANDLE_EA_EL3_FIRST_NS must also be 1)
+ endif
+endif #(RAS_FFH_SUPPORT)
+
# When FAULT_INJECTION_SUPPORT is used, require that FEAT_RAS is enabled
ifeq ($(FAULT_INJECTION_SUPPORT),1)
- ifeq ($(ENABLE_FEAT_RAS),0)
- $(error For FAULT_INJECTION_SUPPORT, ENABLE_FEAT_RAS must not be 0)
- endif
-endif
+ ifeq ($(ENABLE_FEAT_RAS),0)
+ $(error For FAULT_INJECTION_SUPPORT, ENABLE_FEAT_RAS must not be 0)
+ endif
+endif #(FAULT_INJECTION_SUPPORT)
# DYN_DISABLE_AUTH can be set only when TRUSTED_BOARD_BOOT=1
ifeq ($(DYN_DISABLE_AUTH), 1)
- ifeq (${TRUSTED_BOARD_BOOT}, 0)
- $(error "TRUSTED_BOARD_BOOT must be enabled for DYN_DISABLE_AUTH to be set.")
- endif
-endif
+ ifeq (${TRUSTED_BOARD_BOOT}, 0)
+ $(error "TRUSTED_BOARD_BOOT must be enabled for DYN_DISABLE_AUTH \
+ to be set.")
+ endif
+endif #(DYN_DISABLE_AUTH)
ifeq ($(MEASURED_BOOT)-$(TRUSTED_BOARD_BOOT),1-1)
# Support authentication verification and hash calculation
- CRYPTO_SUPPORT := 3
+ CRYPTO_SUPPORT := 3
else ifeq ($(DRTM_SUPPORT)-$(TRUSTED_BOARD_BOOT),1-1)
# Support authentication verification and hash calculation
- CRYPTO_SUPPORT := 3
+ CRYPTO_SUPPORT := 3
else ifneq ($(filter 1,${MEASURED_BOOT} ${DRTM_SUPPORT}),)
# Support hash calculation only
- CRYPTO_SUPPORT := 2
+ CRYPTO_SUPPORT := 2
else ifeq (${TRUSTED_BOARD_BOOT},1)
# Support authentication verification only
- CRYPTO_SUPPORT := 1
+ CRYPTO_SUPPORT := 1
else
- CRYPTO_SUPPORT := 0
-endif
+ CRYPTO_SUPPORT := 0
+endif #($(MEASURED_BOOT)-$(TRUSTED_BOARD_BOOT))
# SDEI_IN_FCONF is only supported when SDEI_SUPPORT is enabled.
ifeq ($(SDEI_SUPPORT)-$(SDEI_IN_FCONF),0-1)
-$(error "SDEI_IN_FCONF is only supported when SDEI_SUPPORT is enabled")
+ $(error "SDEI_IN_FCONF is only supported when SDEI_SUPPORT is enabled")
endif
# If pointer authentication is used in the firmware, make sure that all the
# registers associated to it are also saved and restored.
# Not doing it would leak the value of the keys used by EL3 to EL1 and S-EL1.
ifeq ($(ENABLE_PAUTH),1)
- ifeq ($(CTX_INCLUDE_PAUTH_REGS),0)
- $(error Pointer Authentication requires CTX_INCLUDE_PAUTH_REGS=1)
- endif
-endif
+ ifeq ($(CTX_INCLUDE_PAUTH_REGS),0)
+ $(error Pointer Authentication requires CTX_INCLUDE_PAUTH_REGS=1)
+ endif
+endif #(ENABLE_PAUTH)
ifeq ($(CTX_INCLUDE_PAUTH_REGS),1)
- ifneq (${ARCH},aarch64)
- $(error CTX_INCLUDE_PAUTH_REGS requires AArch64)
- endif
-endif
+ ifneq (${ARCH},aarch64)
+ $(error CTX_INCLUDE_PAUTH_REGS requires AArch64)
+ endif
+endif #(CTX_INCLUDE_PAUTH_REGS)
ifeq ($(CTX_INCLUDE_MTE_REGS),1)
- ifneq (${ARCH},aarch64)
- $(error CTX_INCLUDE_MTE_REGS requires AArch64)
- endif
-endif
+ ifneq (${ARCH},aarch64)
+ $(error CTX_INCLUDE_MTE_REGS requires AArch64)
+ endif
+endif #(CTX_INCLUDE_MTE_REGS)
ifeq ($(PSA_FWU_SUPPORT),1)
- $(info PSA_FWU_SUPPORT is an experimental feature)
-endif
+ $(info PSA_FWU_SUPPORT is an experimental feature)
+endif #(PSA_FWU_SUPPORT)
ifeq ($(FEATURE_DETECTION),1)
- $(info FEATURE_DETECTION is an experimental feature)
-endif
+ $(info FEATURE_DETECTION is an experimental feature)
+endif #(FEATURE_DETECTION)
ifneq ($(ENABLE_SME2_FOR_NS), 0)
- ifeq (${ENABLE_SME_FOR_NS}, 0)
- $(warning "ENABLE_SME2_FOR_NS requires ENABLE_SME_FOR_NS also to be set")
- $(warning "Forced ENABLE_SME_FOR_NS=1")
- override ENABLE_SME_FOR_NS := 1
- endif
-endif
+ ifeq (${ENABLE_SME_FOR_NS}, 0)
+ $(warning "ENABLE_SME2_FOR_NS requires ENABLE_SME_FOR_NS also \
+ to be set")
+ $(warning "Forced ENABLE_SME_FOR_NS=1")
+ override ENABLE_SME_FOR_NS := 1
+ endif
+endif #(ENABLE_SME2_FOR_NS)
ifeq (${ARM_XLAT_TABLES_LIB_V1}, 1)
- ifeq (${ALLOW_RO_XLAT_TABLES}, 1)
- $(error "ALLOW_RO_XLAT_TABLES requires translation tables library v2")
- endif
-endif
+ ifeq (${ALLOW_RO_XLAT_TABLES}, 1)
+ $(error "ALLOW_RO_XLAT_TABLES requires translation tables \
+ library v2")
+ endif
+endif #(ARM_XLAT_TABLES_LIB_V1)
ifneq (${DECRYPTION_SUPPORT},none)
- ifeq (${TRUSTED_BOARD_BOOT}, 0)
- $(error TRUSTED_BOARD_BOOT must be enabled for DECRYPTION_SUPPORT to be set)
- endif
-endif
+ ifeq (${TRUSTED_BOARD_BOOT}, 0)
+ $(error TRUSTED_BOARD_BOOT must be enabled for DECRYPTION_SUPPORT \
+ to be set)
+ endif
+endif #(DECRYPTION_SUPPORT)
# Ensure that no Aarch64-only features are enabled in Aarch32 build
ifeq (${ARCH},aarch32)
- # SME/SVE only supported on AArch64
- ifneq (${ENABLE_SME_FOR_NS},0)
- $(error "ENABLE_SME_FOR_NS cannot be used with ARCH=aarch32")
- endif
+ # SME/SVE only supported on AArch64
+ ifneq (${ENABLE_SME_FOR_NS},0)
+ $(error "ENABLE_SME_FOR_NS cannot be used with ARCH=aarch32")
+ endif
- ifeq (${ENABLE_SVE_FOR_NS},1)
- # Warning instead of error due to CI dependency on this
- $(error "ENABLE_SVE_FOR_NS cannot be used with ARCH=aarch32")
- endif
+ ifeq (${ENABLE_SVE_FOR_NS},1)
+ # Warning instead of error due to CI dependency on this
+ $(error "ENABLE_SVE_FOR_NS cannot be used with ARCH=aarch32")
+ endif
- # BRBE is not supported in AArch32
- ifeq (${ENABLE_BRBE_FOR_NS},1)
- $(error "ENABLE_BRBE_FOR_NS cannot be used with ARCH=aarch32")
- endif
+ # BRBE is not supported in AArch32
+ ifeq (${ENABLE_BRBE_FOR_NS},1)
+ $(error "ENABLE_BRBE_FOR_NS cannot be used with ARCH=aarch32")
+ endif
- # FEAT_RNG_TRAP is not supported in AArch32
- ifeq (${ENABLE_FEAT_RNG_TRAP},1)
- $(error "ENABLE_FEAT_RNG_TRAP cannot be used with ARCH=aarch32")
- endif
-endif
+ # FEAT_RNG_TRAP is not supported in AArch32
+ ifeq (${ENABLE_FEAT_RNG_TRAP},1)
+ $(error "ENABLE_FEAT_RNG_TRAP cannot be used with ARCH=aarch32")
+ endif
+endif #(ARCH=aarch32)
# Ensure ENABLE_RME is not used with SME
ifeq (${ENABLE_RME},1)
- ifneq (${ENABLE_SME_FOR_NS},0)
- $(error "ENABLE_SME_FOR_NS cannot be used with ENABLE_RME")
- endif
+ ifneq (${ENABLE_SME_FOR_NS},0)
+ $(error "ENABLE_SME_FOR_NS cannot be used with ENABLE_RME")
+ endif
endif
ifneq (${ENABLE_SME_FOR_NS},0)
- ifeq (${ENABLE_SVE_FOR_NS},0)
- $(error "ENABLE_SME_FOR_NS requires ENABLE_SVE_FOR_NS")
- endif
-endif
+ ifeq (${ENABLE_SVE_FOR_NS},0)
+ $(error "ENABLE_SME_FOR_NS requires ENABLE_SVE_FOR_NS")
+ endif
+endif #(ENABLE_SME_FOR_NS)
# Secure SME/SVE requires the non-secure component as well
ifeq (${ENABLE_SME_FOR_SWD},1)
- ifeq (${ENABLE_SME_FOR_NS},0)
- $(error "ENABLE_SME_FOR_SWD requires ENABLE_SME_FOR_NS")
- endif
- ifeq (${ENABLE_SVE_FOR_SWD},0)
- $(error "ENABLE_SME_FOR_SWD requires ENABLE_SVE_FOR_SWD")
- endif
-endif
+ ifeq (${ENABLE_SME_FOR_NS},0)
+ $(error "ENABLE_SME_FOR_SWD requires ENABLE_SME_FOR_NS")
+ endif
+ ifeq (${ENABLE_SVE_FOR_SWD},0)
+ $(error "ENABLE_SME_FOR_SWD requires ENABLE_SVE_FOR_SWD")
+ endif
+endif #(ENABLE_SME_FOR_SWD)
+
ifeq (${ENABLE_SVE_FOR_SWD},1)
- ifeq (${ENABLE_SVE_FOR_NS},0)
- $(error "ENABLE_SVE_FOR_SWD requires ENABLE_SVE_FOR_NS")
- endif
-endif
+ ifeq (${ENABLE_SVE_FOR_NS},0)
+ $(error "ENABLE_SVE_FOR_SWD requires ENABLE_SVE_FOR_NS")
+ endif
+endif #(ENABLE_SVE_FOR_SWD)
# SVE and SME cannot be used with CTX_INCLUDE_FPREGS since secure manager does
# its own context management including FPU registers.
ifeq (${CTX_INCLUDE_FPREGS},1)
- ifneq (${ENABLE_SME_FOR_NS},0)
- $(error "ENABLE_SME_FOR_NS cannot be used with CTX_INCLUDE_FPREGS")
- endif
+ ifneq (${ENABLE_SME_FOR_NS},0)
+ $(error "ENABLE_SME_FOR_NS cannot be used with CTX_INCLUDE_FPREGS")
+ endif
- ifeq (${ENABLE_SVE_FOR_NS},1)
- # Warning instead of error due to CI dependency on this
- $(warning "ENABLE_SVE_FOR_NS cannot be used with CTX_INCLUDE_FPREGS")
- $(warning "Forced ENABLE_SVE_FOR_NS=0")
- override ENABLE_SVE_FOR_NS := 0
- endif
-endif
+ ifeq (${ENABLE_SVE_FOR_NS},1)
+ # Warning instead of error due to CI dependency on this
+ $(warning "ENABLE_SVE_FOR_NS cannot be used with CTX_INCLUDE_FPREGS")
+ $(warning "Forced ENABLE_SVE_FOR_NS=0")
+ override ENABLE_SVE_FOR_NS := 0
+ endif
+endif #(CTX_INCLUDE_FPREGS)
ifeq ($(DRTM_SUPPORT),1)
- $(info DRTM_SUPPORT is an experimental feature)
+ $(info DRTM_SUPPORT is an experimental feature)
endif
ifeq (${ENABLE_RME},1)
- ifneq (${SEPARATE_CODE_AND_RODATA},1)
- $(error `ENABLE_RME=1` requires `SEPARATE_CODE_AND_RODATA=1`)
- endif
+ ifneq (${SEPARATE_CODE_AND_RODATA},1)
+ $(error `ENABLE_RME=1` requires `SEPARATE_CODE_AND_RODATA=1`)
+ endif
endif
+# Determine if FEAT_RNG is supported
+ENABLE_FEAT_RNG = $(if $(findstring rng,${arch-features}),1,0)
+
+# Determine if FEAT_SB is supported
+ENABLE_FEAT_SB = $(if $(findstring sb,${arch-features}),1,0)
+
+#SVE_VECTOR_LEN
+$(eval $(call add_define,SVE_VECTOR_LEN))
+
################################################################################
# Process platform overrideable behaviour
################################################################################
ifdef BL1_SOURCES
-NEED_BL1 := yes
-endif
+ NEED_BL1 := yes
+endif #(BL1_SOURCES)
ifdef BL2_SOURCES
NEED_BL2 := yes
@@ -994,64 +1057,64 @@
# Using BL2 implies that a BL33 image also needs to be supplied for the FIP and
# Certificate generation tools. This flag can be overridden by the platform.
ifdef EL3_PAYLOAD_BASE
- # If booting an EL3 payload there is no need for a BL33 image
- # in the FIP file.
- NEED_BL33 := no
- else
- ifdef PRELOADED_BL33_BASE
- # If booting a BL33 preloaded image there is no need of
- # another one in the FIP file.
- NEED_BL33 := no
- else
- NEED_BL33 ?= yes
- endif
- endif
-endif
+ # If booting an EL3 payload there is no need for a BL33 image
+ # in the FIP file.
+ NEED_BL33 := no
+ else
+ ifdef PRELOADED_BL33_BASE
+ # If booting a BL33 preloaded image there is no need of
+ # another one in the FIP file.
+ NEED_BL33 := no
+ else
+ NEED_BL33 ?= yes
+ endif
+ endif
+endif #(BL2_SOURCES)
ifdef BL2U_SOURCES
-NEED_BL2U := yes
-endif
+ NEED_BL2U := yes
+endif #(BL2U_SOURCES)
# If SCP_BL2 is given, we always want FIP to include it.
ifdef SCP_BL2
- NEED_SCP_BL2 := yes
-endif
+ NEED_SCP_BL2 := yes
+endif #(SCP_BL2)
# For AArch32, BL31 is not currently supported.
ifneq (${ARCH},aarch32)
- ifdef BL31_SOURCES
- # When booting an EL3 payload, there is no need to compile the BL31 image nor
- # put it in the FIP.
- ifndef EL3_PAYLOAD_BASE
- NEED_BL31 := yes
- endif
- endif
-endif
+ ifdef BL31_SOURCES
+ # When booting an EL3 payload, there is no need to compile the BL31
+ # image nor put it in the FIP.
+ ifndef EL3_PAYLOAD_BASE
+ NEED_BL31 := yes
+ endif
+ endif
+endif #(ARCH=aarch64)
# Process TBB related flags
ifneq (${GENERATE_COT},0)
- # Common cert_create options
- ifneq (${CREATE_KEYS},0)
+ # Common cert_create options
+ ifneq (${CREATE_KEYS},0)
$(eval CRT_ARGS += -n)
$(eval FWU_CRT_ARGS += -n)
- ifneq (${SAVE_KEYS},0)
+ ifneq (${SAVE_KEYS},0)
$(eval CRT_ARGS += -k)
$(eval FWU_CRT_ARGS += -k)
- endif
- endif
- # Include TBBR makefile (unless the platform indicates otherwise)
- ifeq (${INCLUDE_TBBR_MK},1)
+ endif
+ endif
+ # Include TBBR makefile (unless the platform indicates otherwise)
+ ifeq (${INCLUDE_TBBR_MK},1)
include make_helpers/tbbr/tbbr_tools.mk
- endif
-endif
+ endif
+endif #(GENERATE_COT)
ifneq (${FIP_ALIGN},0)
-FIP_ARGS += --align ${FIP_ALIGN}
-endif
+ FIP_ARGS += --align ${FIP_ALIGN}
+endif #(FIP_ALIGN)
ifdef FDT_SOURCES
-NEED_FDT := yes
-endif
+ NEED_FDT := yes
+endif #(FDT_SOURCES)
################################################################################
# Include libraries' Makefile that are used in all BL
@@ -1060,39 +1123,6 @@
include lib/stack_protector/stack_protector.mk
################################################################################
-# Auxiliary tools (fiptool, cert_create, etc)
-################################################################################
-
-# Variables for use with Certificate Generation Tool
-CRTTOOLPATH ?= tools/cert_create
-CRTTOOL ?= ${CRTTOOLPATH}/cert_create${BIN_EXT}
-
-# Variables for use with Firmware Encryption Tool
-ENCTOOLPATH ?= tools/encrypt_fw
-ENCTOOL ?= ${ENCTOOLPATH}/encrypt_fw${BIN_EXT}
-
-# Variables for use with Firmware Image Package
-FIPTOOLPATH ?= tools/fiptool
-FIPTOOL ?= ${FIPTOOLPATH}/fiptool${BIN_EXT}
-
-# Variables for use with sptool
-SPTOOLPATH ?= tools/sptool
-SPTOOL ?= ${SPTOOLPATH}/sptool.py
-SP_MK_GEN ?= ${SPTOOLPATH}/sp_mk_generator.py
-
-# Variables for use with ROMLIB
-ROMLIBPATH ?= lib/romlib
-
-# Variable for use with Python
-PYTHON ?= python3
-
-# Variables for use with documentation build using Sphinx tool
-DOCS_PATH ?= docs
-
-# Defination of SIMICS flag
-SIMICS_BUILD ?= 0
-
-################################################################################
# Include BL specific makefiles
################################################################################
@@ -1116,78 +1146,78 @@
# Build options checks
################################################################################
+# Boolean_Flags
$(eval $(call assert_booleans,\
$(sort \
- ALLOW_RO_XLAT_TABLES \
- BL2_ENABLE_SP_LOAD \
- COLD_BOOT_SINGLE_CPU \
- CREATE_KEYS \
- CTX_INCLUDE_AARCH32_REGS \
- CTX_INCLUDE_FPREGS \
- CTX_INCLUDE_EL2_REGS \
- DEBUG \
- DISABLE_MTPMU \
- DYN_DISABLE_AUTH \
- EL3_EXCEPTION_HANDLING \
- ENABLE_AMU_AUXILIARY_COUNTERS \
- ENABLE_AMU_FCONF \
- AMU_RESTRICT_COUNTERS \
- ENABLE_ASSERTIONS \
- ENABLE_FEAT_SB \
- ENABLE_PIE \
- ENABLE_PMF \
- ENABLE_PSCI_STAT \
- ENABLE_RUNTIME_INSTRUMENTATION \
- ENABLE_SME_FOR_SWD \
- ENABLE_SVE_FOR_SWD \
- ERROR_DEPRECATED \
- FAULT_INJECTION_SUPPORT \
- GENERATE_COT \
- GICV2_G0_FOR_EL3 \
- HANDLE_EA_EL3_FIRST_NS \
- HW_ASSISTED_COHERENCY \
- MEASURED_BOOT \
- DRTM_SUPPORT \
- NS_TIMER_SWITCH \
- OVERRIDE_LIBC \
- PL011_GENERIC_UART \
- PLAT_RSS_NOT_SUPPORTED \
- PROGRAMMABLE_RESET_ADDRESS \
- PSCI_EXTENDED_STATE_ID \
- PSCI_OS_INIT_MODE \
- RESET_TO_BL31 \
- SAVE_KEYS \
- SEPARATE_CODE_AND_RODATA \
- SEPARATE_BL2_NOLOAD_REGION \
- SEPARATE_NOBITS_REGION \
- SPIN_ON_BL1_EXIT \
- SPM_MM \
- SPMC_AT_EL3 \
- SPMD_SPM_AT_SEL2 \
- TRUSTED_BOARD_BOOT \
- USE_COHERENT_MEM \
- USE_DEBUGFS \
- ARM_IO_IN_DTB \
- SDEI_IN_FCONF \
- SEC_INT_DESC_IN_FCONF \
- USE_ROMLIB \
- USE_TBBR_DEFS \
- WARMBOOT_ENABLE_DCACHE_EARLY \
- RESET_TO_BL2 \
- BL2_IN_XIP_MEM \
- BL2_INV_DCACHE \
- USE_SPINLOCK_CAS \
- ENCRYPT_BL31 \
- ENCRYPT_BL32 \
- ERRATA_SPECULATIVE_AT \
- RAS_TRAP_NS_ERR_REC_ACCESS \
- COT_DESC_IN_DTB \
- USE_SP804_TIMER \
- PSA_FWU_SUPPORT \
- ENABLE_MPMM \
- ENABLE_MPMM_FCONF \
- SIMICS_BUILD \
- FEATURE_DETECTION \
+ ALLOW_RO_XLAT_TABLES \
+ BL2_ENABLE_SP_LOAD \
+ COLD_BOOT_SINGLE_CPU \
+ CREATE_KEYS \
+ CTX_INCLUDE_AARCH32_REGS \
+ CTX_INCLUDE_FPREGS \
+ CTX_INCLUDE_EL2_REGS \
+ DEBUG \
+ DISABLE_MTPMU \
+ DYN_DISABLE_AUTH \
+ EL3_EXCEPTION_HANDLING \
+ ENABLE_AMU_AUXILIARY_COUNTERS \
+ ENABLE_AMU_FCONF \
+ AMU_RESTRICT_COUNTERS \
+ ENABLE_ASSERTIONS \
+ ENABLE_FEAT_SB \
+ ENABLE_PIE \
+ ENABLE_PMF \
+ ENABLE_PSCI_STAT \
+ ENABLE_RUNTIME_INSTRUMENTATION \
+ ENABLE_SME_FOR_SWD \
+ ENABLE_SVE_FOR_SWD \
+ ERROR_DEPRECATED \
+ FAULT_INJECTION_SUPPORT \
+ GENERATE_COT \
+ GICV2_G0_FOR_EL3 \
+ HANDLE_EA_EL3_FIRST_NS \
+ HW_ASSISTED_COHERENCY \
+ MEASURED_BOOT \
+ DRTM_SUPPORT \
+ NS_TIMER_SWITCH \
+ OVERRIDE_LIBC \
+ PL011_GENERIC_UART \
+ PLAT_RSS_NOT_SUPPORTED \
+ PROGRAMMABLE_RESET_ADDRESS \
+ PSCI_EXTENDED_STATE_ID \
+ PSCI_OS_INIT_MODE \
+ RESET_TO_BL31 \
+ SAVE_KEYS \
+ SEPARATE_CODE_AND_RODATA \
+ SEPARATE_BL2_NOLOAD_REGION \
+ SEPARATE_NOBITS_REGION \
+ SPIN_ON_BL1_EXIT \
+ SPM_MM \
+ SPMC_AT_EL3 \
+ SPMD_SPM_AT_SEL2 \
+ TRUSTED_BOARD_BOOT \
+ USE_COHERENT_MEM \
+ USE_DEBUGFS \
+ ARM_IO_IN_DTB \
+ SDEI_IN_FCONF \
+ SEC_INT_DESC_IN_FCONF \
+ USE_ROMLIB \
+ USE_TBBR_DEFS \
+ WARMBOOT_ENABLE_DCACHE_EARLY \
+ RESET_TO_BL2 \
+ BL2_IN_XIP_MEM \
+ BL2_INV_DCACHE \
+ USE_SPINLOCK_CAS \
+ ENCRYPT_BL31 \
+ ENCRYPT_BL32 \
+ ERRATA_SPECULATIVE_AT \
+ RAS_TRAP_NS_ERR_REC_ACCESS \
+ COT_DESC_IN_DTB \
+ USE_SP804_TIMER \
+ PSA_FWU_SUPPORT \
+ ENABLE_MPMM \
+ ENABLE_MPMM_FCONF \
+ FEATURE_DETECTION \
TRNG_SUPPORT \
ERRATA_ABI_SUPPORT \
ERRATA_NON_ARM_INTERCONNECT \
@@ -1195,52 +1225,53 @@
RAS_FFH_SUPPORT \
)))
+# Numeric_Flags
$(eval $(call assert_numerics,\
$(sort \
- ARM_ARCH_MAJOR \
- ARM_ARCH_MINOR \
- BRANCH_PROTECTION \
- CTX_INCLUDE_PAUTH_REGS \
- CTX_INCLUDE_MTE_REGS \
- CTX_INCLUDE_NEVE_REGS \
- CRYPTO_SUPPORT \
- ENABLE_BRBE_FOR_NS \
- ENABLE_TRBE_FOR_NS \
- ENABLE_BTI \
- ENABLE_PAUTH \
- ENABLE_FEAT_AMU \
- ENABLE_FEAT_AMUv1p1 \
- ENABLE_FEAT_CSV2_2 \
- ENABLE_FEAT_RAS \
- ENABLE_FEAT_DIT \
- ENABLE_FEAT_ECV \
- ENABLE_FEAT_FGT \
- ENABLE_FEAT_HCX \
- ENABLE_FEAT_PAN \
- ENABLE_FEAT_RNG \
- ENABLE_FEAT_RNG_TRAP \
- ENABLE_FEAT_SEL2 \
- ENABLE_FEAT_TCR2 \
- ENABLE_FEAT_S2PIE \
- ENABLE_FEAT_S1PIE \
- ENABLE_FEAT_S2POE \
- ENABLE_FEAT_S1POE \
- ENABLE_FEAT_GCS \
- ENABLE_FEAT_VHE \
- ENABLE_MPAM_FOR_LOWER_ELS \
- ENABLE_RME \
- ENABLE_SPE_FOR_NS \
- ENABLE_SYS_REG_TRACE_FOR_NS \
- ENABLE_SME_FOR_NS \
- ENABLE_SME2_FOR_NS \
- ENABLE_SVE_FOR_NS \
- ENABLE_TRF_FOR_NS \
- FW_ENC_STATUS \
- NR_OF_FW_BANKS \
- NR_OF_IMAGES_IN_FW_BANK \
- TWED_DELAY \
- ENABLE_FEAT_TWED \
- SVE_VECTOR_LEN \
+ ARM_ARCH_MAJOR \
+ ARM_ARCH_MINOR \
+ BRANCH_PROTECTION \
+ CTX_INCLUDE_PAUTH_REGS \
+ CTX_INCLUDE_MTE_REGS \
+ CTX_INCLUDE_NEVE_REGS \
+ CRYPTO_SUPPORT \
+ ENABLE_BRBE_FOR_NS \
+ ENABLE_TRBE_FOR_NS \
+ ENABLE_BTI \
+ ENABLE_PAUTH \
+ ENABLE_FEAT_AMU \
+ ENABLE_FEAT_AMUv1p1 \
+ ENABLE_FEAT_CSV2_2 \
+ ENABLE_FEAT_RAS \
+ ENABLE_FEAT_DIT \
+ ENABLE_FEAT_ECV \
+ ENABLE_FEAT_FGT \
+ ENABLE_FEAT_HCX \
+ ENABLE_FEAT_PAN \
+ ENABLE_FEAT_RNG \
+ ENABLE_FEAT_RNG_TRAP \
+ ENABLE_FEAT_SEL2 \
+ ENABLE_FEAT_TCR2 \
+ ENABLE_FEAT_S2PIE \
+ ENABLE_FEAT_S1PIE \
+ ENABLE_FEAT_S2POE \
+ ENABLE_FEAT_S1POE \
+ ENABLE_FEAT_GCS \
+ ENABLE_FEAT_VHE \
+ ENABLE_MPAM_FOR_LOWER_ELS \
+ ENABLE_RME \
+ ENABLE_SPE_FOR_NS \
+ ENABLE_SYS_REG_TRACE_FOR_NS \
+ ENABLE_SME_FOR_NS \
+ ENABLE_SME2_FOR_NS \
+ ENABLE_SVE_FOR_NS \
+ ENABLE_TRF_FOR_NS \
+ FW_ENC_STATUS \
+ NR_OF_FW_BANKS \
+ NR_OF_IMAGES_IN_FW_BANK \
+ TWED_DELAY \
+ ENABLE_FEAT_TWED \
+ SVE_VECTOR_LEN \
IMPDEF_SYSREG_TRAP \
)))
@@ -1260,162 +1291,161 @@
$(eval $(call add_defines,\
$(sort \
- ALLOW_RO_XLAT_TABLES \
- ARM_ARCH_MAJOR \
- ARM_ARCH_MINOR \
- BL2_ENABLE_SP_LOAD \
- COLD_BOOT_SINGLE_CPU \
- CTX_INCLUDE_AARCH32_REGS \
- CTX_INCLUDE_FPREGS \
- CTX_INCLUDE_PAUTH_REGS \
- EL3_EXCEPTION_HANDLING \
- CTX_INCLUDE_MTE_REGS \
- CTX_INCLUDE_EL2_REGS \
- CTX_INCLUDE_NEVE_REGS \
- DECRYPTION_SUPPORT_${DECRYPTION_SUPPORT} \
- DISABLE_MTPMU \
- ENABLE_FEAT_AMU \
- ENABLE_AMU_AUXILIARY_COUNTERS \
- ENABLE_AMU_FCONF \
- AMU_RESTRICT_COUNTERS \
- ENABLE_ASSERTIONS \
- ENABLE_BTI \
- ENABLE_MPAM_FOR_LOWER_ELS \
- ENABLE_PAUTH \
- ENABLE_PIE \
- ENABLE_PMF \
- ENABLE_PSCI_STAT \
- ENABLE_RME \
- ENABLE_RUNTIME_INSTRUMENTATION \
- ENABLE_SME_FOR_NS \
- ENABLE_SME2_FOR_NS \
- ENABLE_SME_FOR_SWD \
- ENABLE_SPE_FOR_NS \
- ENABLE_SVE_FOR_NS \
- ENABLE_SVE_FOR_SWD \
- ENCRYPT_BL31 \
- ENCRYPT_BL32 \
- ERROR_DEPRECATED \
- FAULT_INJECTION_SUPPORT \
- GICV2_G0_FOR_EL3 \
- HANDLE_EA_EL3_FIRST_NS \
- HW_ASSISTED_COHERENCY \
- LOG_LEVEL \
- MEASURED_BOOT \
- DRTM_SUPPORT \
- NS_TIMER_SWITCH \
- PL011_GENERIC_UART \
- PLAT_${PLAT} \
- PLAT_RSS_NOT_SUPPORTED \
- PROGRAMMABLE_RESET_ADDRESS \
- PSCI_EXTENDED_STATE_ID \
- PSCI_OS_INIT_MODE \
- ENABLE_FEAT_RAS \
- RAS_FFH_SUPPORT \
- RESET_TO_BL31 \
- SEPARATE_CODE_AND_RODATA \
- SEPARATE_BL2_NOLOAD_REGION \
- SEPARATE_NOBITS_REGION \
- RECLAIM_INIT_CODE \
- SPD_${SPD} \
- SPIN_ON_BL1_EXIT \
- SPM_MM \
- SPMC_AT_EL3 \
- SPMD_SPM_AT_SEL2 \
- TRUSTED_BOARD_BOOT \
- CRYPTO_SUPPORT \
- TRNG_SUPPORT \
- ERRATA_ABI_SUPPORT \
+ ALLOW_RO_XLAT_TABLES \
+ ARM_ARCH_MAJOR \
+ ARM_ARCH_MINOR \
+ BL2_ENABLE_SP_LOAD \
+ COLD_BOOT_SINGLE_CPU \
+ CTX_INCLUDE_AARCH32_REGS \
+ CTX_INCLUDE_FPREGS \
+ CTX_INCLUDE_PAUTH_REGS \
+ EL3_EXCEPTION_HANDLING \
+ CTX_INCLUDE_MTE_REGS \
+ CTX_INCLUDE_EL2_REGS \
+ CTX_INCLUDE_NEVE_REGS \
+ DECRYPTION_SUPPORT_${DECRYPTION_SUPPORT} \
+ DISABLE_MTPMU \
+ ENABLE_FEAT_AMU \
+ ENABLE_AMU_AUXILIARY_COUNTERS \
+ ENABLE_AMU_FCONF \
+ AMU_RESTRICT_COUNTERS \
+ ENABLE_ASSERTIONS \
+ ENABLE_BTI \
+ ENABLE_MPAM_FOR_LOWER_ELS \
+ ENABLE_PAUTH \
+ ENABLE_PIE \
+ ENABLE_PMF \
+ ENABLE_PSCI_STAT \
+ ENABLE_RME \
+ ENABLE_RUNTIME_INSTRUMENTATION \
+ ENABLE_SME_FOR_NS \
+ ENABLE_SME2_FOR_NS \
+ ENABLE_SME_FOR_SWD \
+ ENABLE_SPE_FOR_NS \
+ ENABLE_SVE_FOR_NS \
+ ENABLE_SVE_FOR_SWD \
+ ENCRYPT_BL31 \
+ ENCRYPT_BL32 \
+ ERROR_DEPRECATED \
+ FAULT_INJECTION_SUPPORT \
+ GICV2_G0_FOR_EL3 \
+ HANDLE_EA_EL3_FIRST_NS \
+ HW_ASSISTED_COHERENCY \
+ LOG_LEVEL \
+ MEASURED_BOOT \
+ DRTM_SUPPORT \
+ NS_TIMER_SWITCH \
+ PL011_GENERIC_UART \
+ PLAT_${PLAT} \
+ PLAT_RSS_NOT_SUPPORTED \
+ PROGRAMMABLE_RESET_ADDRESS \
+ PSCI_EXTENDED_STATE_ID \
+ PSCI_OS_INIT_MODE \
+ ENABLE_FEAT_RAS \
+ RAS_FFH_SUPPORT \
+ RESET_TO_BL31 \
+ SEPARATE_CODE_AND_RODATA \
+ SEPARATE_BL2_NOLOAD_REGION \
+ SEPARATE_NOBITS_REGION \
+ RECLAIM_INIT_CODE \
+ SPD_${SPD} \
+ SPIN_ON_BL1_EXIT \
+ SPM_MM \
+ SPMC_AT_EL3 \
+ SPMD_SPM_AT_SEL2 \
+ TRUSTED_BOARD_BOOT \
+ CRYPTO_SUPPORT \
+ TRNG_SUPPORT \
+ ERRATA_ABI_SUPPORT \
ERRATA_NON_ARM_INTERCONNECT \
- USE_COHERENT_MEM \
- USE_DEBUGFS \
- ARM_IO_IN_DTB \
- SDEI_IN_FCONF \
- SEC_INT_DESC_IN_FCONF \
- USE_ROMLIB \
- USE_TBBR_DEFS \
- WARMBOOT_ENABLE_DCACHE_EARLY \
- RESET_TO_BL2 \
- BL2_RUNS_AT_EL3 \
- BL2_IN_XIP_MEM \
- BL2_INV_DCACHE \
- USE_SPINLOCK_CAS \
- ERRATA_SPECULATIVE_AT \
- RAS_TRAP_NS_ERR_REC_ACCESS \
- COT_DESC_IN_DTB \
- USE_SP804_TIMER \
- ENABLE_FEAT_RNG \
- ENABLE_FEAT_RNG_TRAP \
- ENABLE_FEAT_SB \
- ENABLE_FEAT_DIT \
- NR_OF_FW_BANKS \
- NR_OF_IMAGES_IN_FW_BANK \
- PSA_FWU_SUPPORT \
- ENABLE_BRBE_FOR_NS \
- ENABLE_TRBE_FOR_NS \
- ENABLE_SYS_REG_TRACE_FOR_NS \
- ENABLE_TRF_FOR_NS \
- ENABLE_FEAT_HCX \
- ENABLE_MPMM \
- ENABLE_MPMM_FCONF \
- ENABLE_FEAT_FGT \
- ENABLE_FEAT_ECV \
- SIMICS_BUILD \
- ENABLE_FEAT_AMUv1p1 \
- ENABLE_FEAT_SEL2 \
- ENABLE_FEAT_VHE \
- ENABLE_FEAT_CSV2_2 \
- ENABLE_FEAT_PAN \
- ENABLE_FEAT_TCR2 \
- ENABLE_FEAT_S2PIE \
- ENABLE_FEAT_S1PIE \
- ENABLE_FEAT_S2POE \
- ENABLE_FEAT_S1POE \
- ENABLE_FEAT_GCS \
- FEATURE_DETECTION \
- TWED_DELAY \
- ENABLE_FEAT_TWED \
+ USE_COHERENT_MEM \
+ USE_DEBUGFS \
+ ARM_IO_IN_DTB \
+ SDEI_IN_FCONF \
+ SEC_INT_DESC_IN_FCONF \
+ USE_ROMLIB \
+ USE_TBBR_DEFS \
+ WARMBOOT_ENABLE_DCACHE_EARLY \
+ RESET_TO_BL2 \
+ BL2_RUNS_AT_EL3 \
+ BL2_IN_XIP_MEM \
+ BL2_INV_DCACHE \
+ USE_SPINLOCK_CAS \
+ ERRATA_SPECULATIVE_AT \
+ RAS_TRAP_NS_ERR_REC_ACCESS \
+ COT_DESC_IN_DTB \
+ USE_SP804_TIMER \
+ ENABLE_FEAT_RNG \
+ ENABLE_FEAT_RNG_TRAP \
+ ENABLE_FEAT_SB \
+ ENABLE_FEAT_DIT \
+ NR_OF_FW_BANKS \
+ NR_OF_IMAGES_IN_FW_BANK \
+ PSA_FWU_SUPPORT \
+ ENABLE_BRBE_FOR_NS \
+ ENABLE_TRBE_FOR_NS \
+ ENABLE_SYS_REG_TRACE_FOR_NS \
+ ENABLE_TRF_FOR_NS \
+ ENABLE_FEAT_HCX \
+ ENABLE_MPMM \
+ ENABLE_MPMM_FCONF \
+ ENABLE_FEAT_FGT \
+ ENABLE_FEAT_ECV \
+ ENABLE_FEAT_AMUv1p1 \
+ ENABLE_FEAT_SEL2 \
+ ENABLE_FEAT_VHE \
+ ENABLE_FEAT_CSV2_2 \
+ ENABLE_FEAT_PAN \
+ ENABLE_FEAT_TCR2 \
+ ENABLE_FEAT_S2PIE \
+ ENABLE_FEAT_S1PIE \
+ ENABLE_FEAT_S2POE \
+ ENABLE_FEAT_S1POE \
+ ENABLE_FEAT_GCS \
+ FEATURE_DETECTION \
+ TWED_DELAY \
+ ENABLE_FEAT_TWED \
CONDITIONAL_CMO \
IMPDEF_SYSREG_TRAP \
)))
ifeq (${SANITIZE_UB},trap)
$(eval $(call add_define,MONITOR_TRAPS))
-endif
+endif #(SANITIZE_UB)
# Define the EL3_PAYLOAD_BASE flag only if it is provided.
ifdef EL3_PAYLOAD_BASE
$(eval $(call add_define,EL3_PAYLOAD_BASE))
else
- # Define the PRELOADED_BL33_BASE flag only if it is provided and
- # EL3_PAYLOAD_BASE is not defined, as it has priority.
- ifdef PRELOADED_BL33_BASE
+# Define the PRELOADED_BL33_BASE flag only if it is provided and
+# EL3_PAYLOAD_BASE is not defined, as it has priority.
+ ifdef PRELOADED_BL33_BASE
$(eval $(call add_define,PRELOADED_BL33_BASE))
- endif
-endif
+ endif
+endif #(EL3_PAYLOAD_BASE)
# Define the DYN_DISABLE_AUTH flag only if set.
ifeq (${DYN_DISABLE_AUTH},1)
-$(eval $(call add_define,DYN_DISABLE_AUTH))
+ $(eval $(call add_define,DYN_DISABLE_AUTH))
endif
ifneq ($(findstring armlink,$(notdir $(LD))),)
-$(eval $(call add_define,USE_ARM_LINK))
+ $(eval $(call add_define,USE_ARM_LINK))
endif
# Generate and include sp_gen.mk if SPD is spmd and SP_LAYOUT_FILE is defined
ifeq (${SPD},spmd)
ifdef SP_LAYOUT_FILE
- -include $(BUILD_PLAT)/sp_gen.mk
- FIP_DEPS += sp
- CRT_DEPS += sp
- NEED_SP_PKG := yes
+ -include $(BUILD_PLAT)/sp_gen.mk
+ FIP_DEPS += sp
+ CRT_DEPS += sp
+ NEED_SP_PKG := yes
else
- ifeq (${SPMD_SPM_AT_SEL2},1)
- $(error "SPMD with SPM at S-EL2 require SP_LAYOUT_FILE")
- endif
-endif
-endif
+ ifeq (${SPMD_SPM_AT_SEL2},1)
+ $(error "SPMD with SPM at S-EL2 require SP_LAYOUT_FILE")
+ endif
+endif #(SP_LAYOUT_FILE)
+endif #(SPD)
################################################################################
# Build targets
@@ -1436,7 +1466,7 @@
else
CPPFLAGS += -Wno-error=deprecated-declarations -Wno-error=cpp
endif
-endif # !ERROR_DEPRECATED
+endif #(!ERROR_DEPRECATED)
$(eval $(call MAKE_LIB_DIRS))
$(eval $(call MAKE_LIB,c))
@@ -1444,11 +1474,11 @@
# Expand build macros for the different images
ifeq (${NEED_BL1},yes)
BL1_SOURCES := $(sort ${BL1_SOURCES})
-
$(eval $(call MAKE_BL,bl1))
-endif
+endif #(NEED_BL1)
ifeq (${NEED_BL2},yes)
+
ifeq (${RESET_TO_BL2}, 0)
FIP_BL2_ARGS := tb-fw
endif
@@ -1457,11 +1487,12 @@
$(if ${BL2}, $(eval $(call TOOL_ADD_IMG,bl2,--${FIP_BL2_ARGS})),\
$(eval $(call MAKE_BL,bl2,${FIP_BL2_ARGS})))
-endif
+
+endif #(NEED_BL2)
ifeq (${NEED_SCP_BL2},yes)
$(eval $(call TOOL_ADD_IMG,scp_bl2,--scp-fw))
-endif
+endif #(NEED_SCP_BL2)
ifeq (${NEED_BL31},yes)
BL31_SOURCES += ${SPD_SOURCES}
@@ -1473,8 +1504,8 @@
else
$(if ${BL31}, $(eval $(call TOOL_ADD_IMG,bl31,--soc-fw)),\
$(eval $(call MAKE_BL,bl31,soc-fw)))
-endif
-endif
+endif #(DECRYPTION_SUPPORT)
+endif #(NEED_BL31)
# If a BL32 image is needed but neither BL32 nor BL32_SOURCES is defined, the
# build system will call TOOL_ADD_IMG to print a warning message and abort the
@@ -1490,8 +1521,8 @@
else
$(if ${BUILD_BL32}, $(eval $(call MAKE_BL,bl32,tos-fw)),\
$(eval $(call TOOL_ADD_IMG,bl32,--tos-fw)))
-endif
-endif
+endif #(DECRYPTION_SUPPORT)
+endif #(NEED_BL32)
# If RMM image is needed but RMM is not defined, Test Realm Payload (TRP)
# needs to be built from RMM_SOURCES.
@@ -1501,23 +1532,23 @@
BUILD_RMM := $(if $(RMM),,$(if $(RMM_SOURCES),1))
$(if ${BUILD_RMM}, $(eval $(call MAKE_BL,rmm,rmm-fw)),\
- $(eval $(call TOOL_ADD_IMG,rmm,--rmm-fw)))
-endif
+ $(eval $(call TOOL_ADD_IMG,rmm,--rmm-fw)))
+endif #(NEED_RMM)
# Add the BL33 image if required by the platform
ifeq (${NEED_BL33},yes)
$(eval $(call TOOL_ADD_IMG,bl33,--nt-fw))
-endif
+endif #(NEED_BL33)
ifeq (${NEED_BL2U},yes)
$(if ${BL2U}, $(eval $(call TOOL_ADD_IMG,bl2u,--ap-fwu-cfg,FWU_)),\
$(eval $(call MAKE_BL,bl2u,ap-fwu-cfg,FWU_)))
-endif
+endif #(NEED_BL2U)
# Expand build macros for the different images
ifeq (${NEED_FDT},yes)
$(eval $(call MAKE_DTBS,$(BUILD_PLAT)/fdts,$(FDT_SOURCES)))
-endif
+endif #(NEED_FDT)
# Add Secure Partition packages
ifeq (${NEED_SP_PKG},yes)
@@ -1527,7 +1558,7 @@
@${ECHO_BLANK_LINE}
@echo "Built SP Images successfully"
@${ECHO_BLANK_LINE}
-endif
+endif #(NEED_SP_PKG)
locate-checkpatch:
ifndef CHECKPATCH
@@ -1536,7 +1567,7 @@
ifeq (,$(wildcard ${CHECKPATCH}))
$(error "The file CHECKPATCH points to cannot be found, use eg: CHECKPATCH=../linux/scripts/checkpatch.pl")
endif
-endif
+endif #(CHECKPATCH)
clean:
@echo " CLEAN"
@@ -1547,7 +1578,7 @@
# Clear the MAKEFLAGS as we do not want
# to pass the gnumake flags to nmake.
${Q}set MAKEFLAGS= && ${MSVC_NMAKE} /nologo /f ${FIPTOOLPATH}/Makefile.msvc FIPTOOLPATH=$(subst /,\,$(FIPTOOLPATH)) FIPTOOL=$(subst /,\,$(FIPTOOL)) clean
-endif
+endif #(UNIX_MK)
${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${CRTTOOLPATH} clean
${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${ENCTOOLPATH} clean
${Q}${MAKE} --no-print-directory -C ${ROMLIBPATH} clean
@@ -1562,7 +1593,7 @@
# Clear the MAKEFLAGS as we do not want
# to pass the gnumake flags to nmake.
${Q}set MAKEFLAGS= && ${MSVC_NMAKE} /nologo /f ${FIPTOOLPATH}/Makefile.msvc FIPTOOLPATH=$(subst /,\,$(FIPTOOLPATH)) FIPTOOL=$(subst /,\,$(FIPTOOL)) realclean
-endif
+endif #(UNIX_MK)
${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${CRTTOOLPATH} realclean
${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${ENCTOOLPATH} realclean
${Q}${MAKE} --no-print-directory -C ${ROMLIBPATH} clean
@@ -1616,7 +1647,7 @@
@echo "Built $@ successfully"
@echo "Certificates can be found in ${BUILD_PLAT}"
@${ECHO_BLANK_LINE}
-endif
+endif #(GENERATE_COT)
${BUILD_PLAT}/${FIP_NAME}: ${FIP_DEPS} ${FIPTOOL}
$(eval ${CHECK_FIP_CMD})
@@ -1633,7 +1664,7 @@
@echo "Built $@ successfully"
@echo "FWU certificates can be found in ${BUILD_PLAT}"
@${ECHO_BLANK_LINE}
-endif
+endif #(GENERATE_COT)
${BUILD_PLAT}/${FWU_FIP_NAME}: ${FWU_FIP_DEPS} ${FIPTOOL}
$(eval ${CHECK_FWU_FIP_CMD})
@@ -1654,7 +1685,7 @@
# Clear the MAKEFLAGS as we do not want
# to pass the gnumake flags to nmake.
${Q}set MAKEFLAGS= && ${MSVC_NMAKE} /nologo /f ${FIPTOOLPATH}/Makefile.msvc FIPTOOLPATH=$(subst /,\,$(FIPTOOLPATH)) FIPTOOL=$(subst /,\,$(FIPTOOL))
-endif
+endif #(UNIX_MK)
romlib.bin: libraries FORCE
${Q}${MAKE} PLAT_DIR=${PLAT_DIR} BUILD_PLAT=${BUILD_PLAT} ENABLE_BTI=${ENABLE_BTI} ARM_ARCH_MINOR=${ARM_ARCH_MINOR} INCLUDES='${INCLUDES}' DEFINES='${DEFINES}' --no-print-directory -C ${ROMLIBPATH} all