Introduce COT build option
Allows to select the chain of trust to use when the Trusted Boot feature
is enabled. This affects both the cert_create tool and the firmware
itself.
Right now, the only available CoT is TBBR.
Change-Id: I7ab54e66508a1416cb3fcd3dfb0f055696763b3d
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
diff --git a/Makefile b/Makefile
index bd52c0b..249a486 100644
--- a/Makefile
+++ b/Makefile
@@ -1009,7 +1009,7 @@
.PHONY: ${CRTTOOL}
${CRTTOOL}:
- ${Q}${MAKE} PLAT=${PLAT} USE_TBBR_DEFS=${USE_TBBR_DEFS} --no-print-directory -C ${CRTTOOLPATH}
+ ${Q}${MAKE} PLAT=${PLAT} USE_TBBR_DEFS=${USE_TBBR_DEFS} COT=${COT} --no-print-directory -C ${CRTTOOLPATH}
@${ECHO_BLANK_LINE}
@echo "Built $@ successfully"
@${ECHO_BLANK_LINE}
diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst
index fc45455..f4e8cbe 100644
--- a/docs/getting_started/build-options.rst
+++ b/docs/getting_started/build-options.rst
@@ -128,6 +128,9 @@
``plat_secondary_cold_boot_setup()`` platform porting interfaces do not need
to be implemented in this case.
+- ``COT``: When Trusted Boot is enabled, selects the desired chain of trust.
+ Defaults to ``tbbr``.
+
- ``CRASH_REPORTING``: A non-zero value enables a console dump of processor
register state when an unexpected exception occurs during execution of
BL31. This option defaults to the value of ``DEBUG`` - i.e. by default
diff --git a/make_helpers/defaults.mk b/make_helpers/defaults.mk
index 53832c5..a211f66 100644
--- a/make_helpers/defaults.mk
+++ b/make_helpers/defaults.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2016-2019, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2016-2020, ARM Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -201,6 +201,9 @@
# Build option to choose whether Trusted Firmware uses library at ROM
USE_ROMLIB := 0
+# Chain of trust.
+COT := tbbr
+
# Use tbbr_oid.h instead of platform_oid.h
USE_TBBR_DEFS := 1
diff --git a/plat/arm/common/arm_common.mk b/plat/arm/common/arm_common.mk
index 9d4f05e..c8b7ab4 100644
--- a/plat/arm/common/arm_common.mk
+++ b/plat/arm/common/arm_common.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -254,7 +254,13 @@
AUTH_SOURCES := drivers/auth/auth_mod.c \
drivers/auth/crypto_mod.c \
drivers/auth/img_parser_mod.c \
- drivers/auth/tbbr/tbbr_cot.c \
+
+ # Include the selected chain of trust sources.
+ ifeq (${COT},tbbr)
+ AUTH_SOURCES += drivers/auth/tbbr/tbbr_cot.c
+ else
+ $(error Unknown chain of trust ${COT})
+ endif
BL1_SOURCES += ${AUTH_SOURCES} \
bl1/tbbr/tbbr_img_desc.c \