Merge pull request #416 from davwan01/dw/css-common
Allow CSS to redefine function `plat_arm_calc_core_pos`
diff --git a/Makefile b/Makefile
index 050a76e..ac059e8 100644
--- a/Makefile
+++ b/Makefile
@@ -31,98 +31,155 @@
#
# Trusted Firmware Version
#
-VERSION_MAJOR := 1
-VERSION_MINOR := 1
+VERSION_MAJOR := 1
+VERSION_MINOR := 1
-#
+# Default goal is build all images
+.DEFAULT_GOAL := all
+
+include make_helpers/build_macros.mk
+
+################################################################################
# Default values for build configurations
-#
+################################################################################
# Build verbosity
-V := 0
+V := 0
# Debug build
-DEBUG := 0
+DEBUG := 0
# Build platform
-DEFAULT_PLAT := fvp
-PLAT := ${DEFAULT_PLAT}
+DEFAULT_PLAT := fvp
+PLAT := ${DEFAULT_PLAT}
# SPD choice
-SPD := none
+SPD := none
# Base commit to perform code check on
-BASE_COMMIT := origin/master
+BASE_COMMIT := origin/master
# NS timer register save and restore
-NS_TIMER_SWITCH := 0
+NS_TIMER_SWITCH := 0
# By default, Bl1 acts as the reset handler, not BL31
-RESET_TO_BL31 := 0
+RESET_TO_BL31 := 0
# Include FP registers in cpu context
CTX_INCLUDE_FPREGS := 0
# Determine the version of ARM GIC architecture to use for interrupt management
# in EL3. The platform port can change this value if needed.
-ARM_GIC_ARCH := 2
+ARM_GIC_ARCH := 2
# Determine the version of ARM CCI product used in the platform. The platform
# port can change this value if needed.
-ARM_CCI_PRODUCT_ID := 400
+ARM_CCI_PRODUCT_ID := 400
# Flag used to indicate if ASM_ASSERTION should be enabled for the build.
# This defaults to being present in DEBUG builds only.
-ASM_ASSERTION := ${DEBUG}
+ASM_ASSERTION := ${DEBUG}
# Build option to choose whether Trusted firmware uses Coherent memory or not.
-USE_COHERENT_MEM := 1
+USE_COHERENT_MEM := 1
# Flag used to choose the power state format viz Extended State-ID or the Original
# format.
-PSCI_EXTENDED_STATE_ID := 0
+PSCI_EXTENDED_STATE_ID := 0
# Default FIP file name
-FIP_NAME := fip.bin
+FIP_NAME := fip.bin
# By default, use the -pedantic option in the gcc command line
-DISABLE_PEDANTIC := 0
+DISABLE_PEDANTIC := 0
# Flags to generate the Chain of Trust
-GENERATE_COT := 0
-CREATE_KEYS := 1
-SAVE_KEYS := 0
+GENERATE_COT := 0
+CREATE_KEYS := 1
+SAVE_KEYS := 0
# Flags to build TF with Trusted Boot support
-TRUSTED_BOARD_BOOT := 0
+TRUSTED_BOARD_BOOT := 0
# By default, consider that the platform's reset address is not programmable.
# The platform Makefile is free to override this value.
PROGRAMMABLE_RESET_ADDRESS := 0
# Build flag to warn about usage of deprecated platform and framework APIs
-WARN_DEPRECATED := 0
+WARN_DEPRECATED := 0
-# Checkpatch ignores
-CHECK_IGNORE = --ignore COMPLEX_MACRO \
+
+################################################################################
+# Checkpatch script options
+################################################################################
+
+CHECK_IGNORE := --ignore COMPLEX_MACRO \
--ignore GERRIT_CHANGE_ID \
--ignore GIT_COMMIT_ID
-
-CHECKPATCH_ARGS = --no-tree --no-signoff ${CHECK_IGNORE}
-CHECKCODE_ARGS = --no-patch --no-tree --no-signoff ${CHECK_IGNORE}
+CHECKPATCH_ARGS := --no-tree --no-signoff ${CHECK_IGNORE}
+CHECKCODE_ARGS := --no-patch --no-tree --no-signoff ${CHECK_IGNORE}
# Do not check the coding style on C library files
-CHECK_PATHS = $(shell ls -I include -I lib) \
+CHECK_PATHS := $(shell ls -I include -I lib) \
$(addprefix include/,$(shell ls -I stdlib include)) \
$(addprefix lib/,$(shell ls -I stdlib lib))
+
+################################################################################
+# Process build options
+################################################################################
+
+# Verbose flag
ifeq (${V},0)
- Q=@
- CHECKCODE_ARGS += --no-summary --terse
+ Q=@
+ CHECKCODE_ARGS += --no-summary --terse
else
- Q=
+ Q=
endif
export Q
+# Process Debug flag
+$(eval $(call add_define,DEBUG))
ifneq (${DEBUG}, 0)
- BUILD_TYPE := debug
- # Use LOG_LEVEL_INFO by default for debug builds
- LOG_LEVEL := 40
+ BUILD_TYPE := debug
+ CFLAGS += -g
+ ASFLAGS += -g -Wa,--gdwarf-2
+ # Use LOG_LEVEL_INFO by default for debug builds
+ LOG_LEVEL := 40
else
- BUILD_TYPE := release
- # Use LOG_LEVEL_NOTICE by default for release builds
- LOG_LEVEL := 20
+ BUILD_TYPE := release
+ $(eval $(call add_define,NDEBUG))
+ # Use LOG_LEVEL_NOTICE by default for release builds
+ LOG_LEVEL := 20
endif
# Default build string (git branch and commit)
ifeq (${BUILD_STRING},)
- BUILD_STRING := $(shell git log -n 1 --pretty=format:"%h")
+ BUILD_STRING := $(shell git log -n 1 --pretty=format:"%h")
endif
-
VERSION_STRING := v${VERSION_MAJOR}.${VERSION_MINOR}(${BUILD_TYPE}):${BUILD_STRING}
+# The cert_create tool cannot generate certificates individually, so we use the
+# target 'certificates' to create them all
+ifneq (${GENERATE_COT},0)
+ FIP_DEPS += certificates
+endif
+
+
-BL_COMMON_SOURCES := common/bl_common.c \
+################################################################################
+# Toolchain
+################################################################################
+
+CC := ${CROSS_COMPILE}gcc
+CPP := ${CROSS_COMPILE}cpp
+AS := ${CROSS_COMPILE}gcc
+AR := ${CROSS_COMPILE}ar
+LD := ${CROSS_COMPILE}ld
+OC := ${CROSS_COMPILE}objcopy
+OD := ${CROSS_COMPILE}objdump
+NM := ${CROSS_COMPILE}nm
+PP := ${CROSS_COMPILE}gcc -E
+
+ASFLAGS += -nostdinc -ffreestanding -Wa,--fatal-warnings \
+ -Werror -Wmissing-include-dirs \
+ -mgeneral-regs-only -D__ASSEMBLY__ \
+ ${DEFINES} ${INCLUDES}
+CFLAGS += -nostdinc -ffreestanding -Wall \
+ -Werror -Wmissing-include-dirs \
+ -mgeneral-regs-only -std=c99 -c -Os \
+ ${DEFINES} ${INCLUDES}
+CFLAGS += -ffunction-sections -fdata-sections
+
+LDFLAGS += --fatal-warnings -O1
+LDFLAGS += --gc-sections
+
+
+################################################################################
+# Common sources and include directories
+################################################################################
+
+BL_COMMON_SOURCES += common/bl_common.c \
common/tf_printf.c \
common/aarch64/debug.S \
lib/aarch64/cache_helpers.S \
@@ -131,6 +188,28 @@
lib/stdlib/std.c \
plat/common/aarch64/platform_helpers.S
+INCLUDES += -Iinclude/bl31 \
+ -Iinclude/bl31/services \
+ -Iinclude/common \
+ -Iinclude/drivers \
+ -Iinclude/drivers/arm \
+ -Iinclude/drivers/auth \
+ -Iinclude/drivers/io \
+ -Iinclude/drivers/ti/uart \
+ -Iinclude/lib \
+ -Iinclude/lib/aarch64 \
+ -Iinclude/lib/cpus/aarch64 \
+ -Iinclude/plat/common \
+ -Iinclude/stdlib \
+ -Iinclude/stdlib/sys \
+ ${PLAT_INCLUDES} \
+ ${SPD_INCLUDES}
+
+
+################################################################################
+# Generic definitions
+################################################################################
+
BUILD_BASE := ./build
BUILD_PLAT := ${BUILD_BASE}/${PLAT}/${BUILD_TYPE}
@@ -143,233 +222,194 @@
sed -r 's/\|$$//')
SPDS := $(shell ls -I none services/spd)
+# Platforms providing their own TBB makefile may override this value
+INCLUDE_TBBR_MK := 1
+
-# Convenience function for adding build definitions
-# $(eval $(call add_define,FOO)) will have:
-# -DFOO if $(FOO) is empty; -DFOO=$(FOO) otherwise
-define add_define
-DEFINES += -D$(1)$(if $(value $(1)),=$(value $(1)),)
-endef
-# Convenience function for verifying option has a boolean value
-# $(eval $(call assert_boolean,FOO)) will assert FOO is 0 or 1
-define assert_boolean
-$(and $(patsubst 0,,$(value $(1))),$(patsubst 1,,$(value $(1))),$(error $(1) must be boolean))
-endef
+################################################################################
+# Include SPD Makefile if one has been specified
+################################################################################
+
+ifneq (${SPD},none)
+ # We expect to locate an spd.mk under the specified SPD directory
+ SPD_MAKE := $(shell m="services/spd/${SPD}/${SPD}.mk"; [ -f "$$m" ] && echo "$$m")
+
+ ifeq (${SPD_MAKE},)
+ $(error Error: No services/spd/${SPD}/${SPD}.mk located)
+ endif
+ $(info Including ${SPD_MAKE})
+ include ${SPD_MAKE}
+
+ # If there's BL3-2 companion for the chosen SPD, and the SPD wants to build the
+ # BL3-2 from source, we expect that the SPD's Makefile would set NEED_BL32
+ # variable to "yes". In case the BL3-2 is a binary which needs to be included in
+ # fip, then the NEED_BL32 needs to be set and BL3-2 would need to point to the bin.
+endif
+
+
+################################################################################
+# Include the platform specific Makefile after the SPD Makefile (the platform
+# makefile may use all previous definitions in this file)
+################################################################################
ifeq (${PLAT},)
- $(error "Error: Unknown platform. Please use PLAT=<platform name> to specify the platform")
+ $(error "Error: Unknown platform. Please use PLAT=<platform name> to specify the platform")
endif
PLAT_MAKEFILE_FULL := $(shell find plat/ -wholename '*/${PLAT}/${PLAT_MAKEFILE}')
ifeq ($(PLAT_MAKEFILE_FULL),)
- $(error "Error: Invalid platform. The following platforms are available: ${PLATFORMS}")
+ $(error "Error: Invalid platform. The following platforms are available: ${PLATFORMS}")
endif
-all: msg_start
-
-msg_start:
- @echo "Building ${PLAT}"
-
include ${PLAT_MAKEFILE_FULL}
-# If the platform has not defined ENABLE_PLAT_COMPAT, then enable it by default
-ifndef ENABLE_PLAT_COMPAT
-ENABLE_PLAT_COMPAT := 1
-endif
-
-# Include the platform compatibility helpers for PSCI
-ifneq (${ENABLE_PLAT_COMPAT}, 0)
-include plat/compat/plat_compat.mk
-endif
-
# Include the CPU specific operations makefile. By default all CPU errata
# workarounds and CPU specifc optimisations are disabled. This can be
# overridden by the platform.
include lib/cpus/cpu-ops.mk
-ifdef BL1_SOURCES
-NEED_BL1 := yes
-include bl1/bl1.mk
+
+################################################################################
+# Process platform overrideable behaviour
+################################################################################
+
+# Check if -pedantic option should be used
+ifeq (${DISABLE_PEDANTIC},0)
+ CFLAGS += -pedantic
endif
+# Using the ARM Trusted Firmware BL2 implies that a BL3-3 image also need to be
+# supplied for the FIP and Certificate generation tools. This flag can be
+# overridden by the platform.
ifdef BL2_SOURCES
-NEED_BL2 := yes
-include bl2/bl2.mk
-# Using the ARM Trusted Firmware BL2 implies that a BL3-3 image also need to be supplied for the FIP.
-# This flag can be overridden by the platform.
-NEED_BL33 ?= yes
+NEED_BL33 ?= yes
endif
-ifdef BL31_SOURCES
-NEED_BL31 := yes
-include bl31/bl31.mk
+# Process TBB related flags
+ifneq (${GENERATE_COT},0)
+ # Common cert_create options
+ ifneq (${CREATE_KEYS},0)
+ $(eval CRT_ARGS += -n)
+ ifneq (${SAVE_KEYS},0)
+ $(eval CRT_ARGS += -k)
+ endif
+ endif
+ # Include TBBR makefile (unless the platform indicates otherwise)
+ ifeq (${INCLUDE_TBBR_MK},1)
+ include make_helpers/tbbr/tbbr_tools.mk
+ endif
endif
-# Include SPD Makefile if one has been specified
-ifneq (${SPD},none)
- # We expect to locate an spd.mk under the specified SPD directory
- SPD_MAKE := $(shell m="services/spd/${SPD}/${SPD}.mk"; [ -f "$$m" ] && echo "$$m")
- ifeq (${SPD_MAKE},)
- $(error Error: No services/spd/${SPD}/${SPD}.mk located)
- endif
- $(info Including ${SPD_MAKE})
- include ${SPD_MAKE}
+################################################################################
+# Auxiliary tools (fip_create, cert_create, etc)
+################################################################################
- # If there's BL3-2 companion for the chosen SPD, and the SPD wants to build the
- # BL3-2 from source, we expect that the SPD's Makefile would set NEED_BL32
- # variable to "yes". In case the BL3-2 is a binary which needs to be included in
- # fip, then the NEED_BL32 needs to be set and BL3-2 would need to point to the bin.
-endif
+# Variables for use with Certificate Generation Tool
+CRTTOOLPATH ?= tools/cert_create
+CRTTOOL ?= ${CRTTOOLPATH}/cert_create
-.PHONY: all msg_start clean realclean distclean cscope locate-checkpatch checkcodebase checkpatch fiptool fip certtool
-.SUFFIXES:
+# Variables for use with Firmware Image Package
+FIPTOOLPATH ?= tools/fip_create
+FIPTOOL ?= ${FIPTOOLPATH}/fip_create
-INCLUDES += -Iinclude/bl31 \
- -Iinclude/bl31/services \
- -Iinclude/common \
- -Iinclude/drivers \
- -Iinclude/drivers/arm \
- -Iinclude/drivers/auth \
- -Iinclude/drivers/io \
- -Iinclude/drivers/ti/uart \
- -Iinclude/lib \
- -Iinclude/lib/aarch64 \
- -Iinclude/lib/cpus/aarch64 \
- -Iinclude/plat/common \
- -Iinclude/stdlib \
- -Iinclude/stdlib/sys \
- ${PLAT_INCLUDES} \
- ${SPD_INCLUDES}
-# Process DEBUG flag
+################################################################################
+# Build options checks
+################################################################################
+
$(eval $(call assert_boolean,DEBUG))
-$(eval $(call add_define,DEBUG))
-ifeq (${DEBUG},0)
- $(eval $(call add_define,NDEBUG))
-else
-CFLAGS += -g
-ASFLAGS += -g -Wa,--gdwarf-2
-endif
+$(eval $(call assert_boolean,NS_TIMER_SWITCH))
+$(eval $(call assert_boolean,RESET_TO_BL31))
+$(eval $(call assert_boolean,CTX_INCLUDE_FPREGS))
+$(eval $(call assert_boolean,ASM_ASSERTION))
+$(eval $(call assert_boolean,USE_COHERENT_MEM))
+$(eval $(call assert_boolean,DISABLE_PEDANTIC))
+$(eval $(call assert_boolean,GENERATE_COT))
+$(eval $(call assert_boolean,CREATE_KEYS))
+$(eval $(call assert_boolean,SAVE_KEYS))
+$(eval $(call assert_boolean,TRUSTED_BOARD_BOOT))
+$(eval $(call assert_boolean,PROGRAMMABLE_RESET_ADDRESS))
+$(eval $(call assert_boolean,PSCI_EXTENDED_STATE_ID))
+$(eval $(call assert_boolean,WARN_DEPRECATED))
-# Process PLAT flag
-$(eval $(call add_define,PLAT_${PLAT}))
-# Process NS_TIMER_SWITCH flag
-$(eval $(call assert_boolean,NS_TIMER_SWITCH))
-$(eval $(call add_define,NS_TIMER_SWITCH))
+################################################################################
+# Add definitions to the cpp preprocessor based on the current build options.
+# This is done after including the platform specific makefile to allow the
+# platform to overwrite the default options
+################################################################################
-# Process RESET_TO_BL31 flag
-$(eval $(call assert_boolean,RESET_TO_BL31))
+$(eval $(call add_define,PLAT_${PLAT}))
+$(eval $(call add_define,NS_TIMER_SWITCH))
$(eval $(call add_define,RESET_TO_BL31))
-
-# Process CTX_INCLUDE_FPREGS flag
-$(eval $(call assert_boolean,CTX_INCLUDE_FPREGS))
$(eval $(call add_define,CTX_INCLUDE_FPREGS))
-
-# Process ARM_GIC_ARCH flag
$(eval $(call add_define,ARM_GIC_ARCH))
-
-# Process ARM_CCI_PRODUCT_ID flag
$(eval $(call add_define,ARM_CCI_PRODUCT_ID))
-
-# Process ASM_ASSERTION flag
-$(eval $(call assert_boolean,ASM_ASSERTION))
$(eval $(call add_define,ASM_ASSERTION))
-
-# Process LOG_LEVEL flag
$(eval $(call add_define,LOG_LEVEL))
-
-# Process USE_COHERENT_MEM flag
-$(eval $(call assert_boolean,USE_COHERENT_MEM))
$(eval $(call add_define,USE_COHERENT_MEM))
-
-# Process PSCI_EXTENDED_STATE_ID flag
-$(eval $(call assert_boolean,PSCI_EXTENDED_STATE_ID))
+$(eval $(call add_define,TRUSTED_BOARD_BOOT))
+$(eval $(call add_define,PROGRAMMABLE_RESET_ADDRESS))
$(eval $(call add_define,PSCI_EXTENDED_STATE_ID))
-
-# Process Generate CoT flags
-$(eval $(call assert_boolean,GENERATE_COT))
-$(eval $(call assert_boolean,CREATE_KEYS))
-$(eval $(call assert_boolean,SAVE_KEYS))
+$(eval $(call add_define,WARN_DEPRECATED))
-# Process TRUSTED_BOARD_BOOT flag
-$(eval $(call assert_boolean,TRUSTED_BOARD_BOOT))
-$(eval $(call add_define,TRUSTED_BOARD_BOOT))
-# Process PROGRAMMABLE_RESET_ADDRESS flag
-$(eval $(call assert_boolean,PROGRAMMABLE_RESET_ADDRESS))
-$(eval $(call add_define,PROGRAMMABLE_RESET_ADDRESS))
+################################################################################
+# Include BL specific makefiles
+################################################################################
-# Process ENABLE_PLAT_COMPAT flag
-$(eval $(call assert_boolean,ENABLE_PLAT_COMPAT))
-$(eval $(call add_define,ENABLE_PLAT_COMPAT))
+ifdef BL1_SOURCES
+NEED_BL1 := yes
+include bl1/bl1.mk
+endif
-# Process WARN_DEPRECATED flag
-$(eval $(call assert_boolean,WARN_DEPRECATED))
-$(eval $(call add_define,WARN_DEPRECATED))
+ifdef BL2_SOURCES
+NEED_BL2 := yes
+include bl2/bl2.mk
+endif
-ASFLAGS += -nostdinc -ffreestanding -Wa,--fatal-warnings \
- -Werror -Wmissing-include-dirs \
- -mgeneral-regs-only -D__ASSEMBLY__ \
- ${DEFINES} ${INCLUDES}
-CFLAGS += -nostdinc -ffreestanding -Wall \
- -Werror -Wmissing-include-dirs \
- -mgeneral-regs-only -std=c99 -c -Os \
- ${DEFINES} ${INCLUDES}
-CFLAGS += -ffunction-sections -fdata-sections
+ifdef BL31_SOURCES
+NEED_BL31 := yes
+include bl31/bl31.mk
+endif
-LDFLAGS += --fatal-warnings -O1
-LDFLAGS += --gc-sections
+################################################################################
+# Build targets
+################################################################################
-CC := ${CROSS_COMPILE}gcc
-CPP := ${CROSS_COMPILE}cpp
-AS := ${CROSS_COMPILE}gcc
-AR := ${CROSS_COMPILE}ar
-LD := ${CROSS_COMPILE}ld
-OC := ${CROSS_COMPILE}objcopy
-OD := ${CROSS_COMPILE}objdump
-NM := ${CROSS_COMPILE}nm
-PP := ${CROSS_COMPILE}gcc -E ${CFLAGS}
+.PHONY: all msg_start clean realclean distclean cscope locate-checkpatch checkcodebase checkpatch fiptool fip certtool
+.SUFFIXES:
-# Variables for use with Firmware Image Package
-FIPTOOLPATH ?= tools/fip_create
-FIPTOOL ?= ${FIPTOOLPATH}/fip_create
-fiptool: ${FIPTOOL}
-fip: ${BUILD_PLAT}/${FIP_NAME}
+all: msg_start
-# Variables for use with Certificate Generation Tool
-CRTTOOLPATH ?= tools/cert_create
-CRTTOOL ?= ${CRTTOOLPATH}/cert_create
-certtool: ${CRTTOOL}
+msg_start:
+ @echo "Building ${PLAT}"
-# CoT generation tool default parameters
-TRUSTED_KEY_CERT := ${BUILD_PLAT}/trusted_key.crt
+# Expand build macros for the different images
+ifeq (${NEED_BL1},yes)
+$(eval $(call MAKE_BL,1))
+endif
-# Pass the private keys to the CoT generation tool in the command line
-# If CREATE_KEYS is set, the '-n' option will be added, indicating the tool to create new keys
-ifneq (${GENERATE_COT},0)
- $(eval CERTS := yes)
+ifeq (${NEED_BL2},yes)
+$(if ${BL2}, $(eval $(call MAKE_TOOL_ARGS,2,${BL2},in_fip)),\
+ $(eval $(call MAKE_BL,2,in_fip)))
+endif
- $(eval FIP_DEPS += certificates)
- $(eval FIP_ARGS += --trusted-key-cert ${TRUSTED_KEY_CERT})
+ifeq (${NEED_BL31},yes)
+BL31_SOURCES += ${SPD_SOURCES}
+$(if ${BL31}, $(eval $(call MAKE_TOOL_ARGS,31,${BL31},in_fip)),\
+ $(eval $(call MAKE_BL,31,in_fip)))
+endif
- ifneq (${CREATE_KEYS},0)
- $(eval CRT_ARGS += -n)
- ifneq (${SAVE_KEYS},0)
- $(eval CRT_ARGS += -k)
- endif
- endif
- $(eval CRT_ARGS += $(if ${ROT_KEY}, --rot-key ${ROT_KEY}))
- $(eval CRT_ARGS += $(if ${TRUSTED_WORLD_KEY}, --trusted-world-key ${TRUSTED_WORLD_KEY}))
- $(eval CRT_ARGS += $(if ${NON_TRUSTED_WORLD_KEY}, --non-trusted-world-key ${NON_TRUSTED_WORLD_KEY}))
- $(eval CRT_ARGS += --trusted-key-cert ${TRUSTED_KEY_CERT})
- $(eval CRT_ARGS += $(if ${KEY_ALG}, --key-alg ${KEY_ALG}))
+ifeq (${NEED_BL32},yes)
+$(if ${BL32}, $(eval $(call MAKE_TOOL_ARGS,32,${BL32},in_fip)),\
+ $(eval $(call MAKE_BL,32,in_fip)))
endif
-# Check if -pedantic option should be used
-ifeq (${DISABLE_PEDANTIC},0)
- CFLAGS += -pedantic
+# Add the BL33 image if required by the platform
+ifeq (${NEED_BL33},yes)
+$(eval $(call FIP_ADD_IMG,BL33,--bl33))
endif
locate-checkpatch:
@@ -382,282 +422,60 @@
endif
clean:
- @echo " CLEAN"
- ${Q}rm -rf ${BUILD_PLAT}
- ${Q}${MAKE} --no-print-directory -C ${FIPTOOLPATH} clean
- ${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${CRTTOOLPATH} clean
+ @echo " CLEAN"
+ ${Q}rm -rf ${BUILD_PLAT}
+ ${Q}${MAKE} --no-print-directory -C ${FIPTOOLPATH} clean
+ ${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${CRTTOOLPATH} clean
realclean distclean:
- @echo " REALCLEAN"
- ${Q}rm -rf ${BUILD_BASE}
- ${Q}rm -f ${CURDIR}/cscope.*
- ${Q}${MAKE} --no-print-directory -C ${FIPTOOLPATH} clean
- ${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${CRTTOOLPATH} clean
+ @echo " REALCLEAN"
+ ${Q}rm -rf ${BUILD_BASE}
+ ${Q}rm -f ${CURDIR}/cscope.*
+ ${Q}${MAKE} --no-print-directory -C ${FIPTOOLPATH} clean
+ ${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${CRTTOOLPATH} clean
checkcodebase: locate-checkpatch
- @echo " CHECKING STYLE"
- @if test -d .git ; then \
- git ls-files | grep -v stdlib | while read GIT_FILE ; do ${CHECKPATCH} ${CHECKCODE_ARGS} -f $$GIT_FILE ; done ; \
- else \
- find . -type f -not -iwholename "*.git*" -not -iwholename "*build*" -not -iwholename "*stdlib*" -exec ${CHECKPATCH} ${CHECKCODE_ARGS} -f {} \; ; \
- fi
+ @echo " CHECKING STYLE"
+ @if test -d .git ; then \
+ git ls-files | grep -v stdlib | while read GIT_FILE ; do ${CHECKPATCH} ${CHECKCODE_ARGS} -f $$GIT_FILE ; done ; \
+ else \
+ find . -type f -not -iwholename "*.git*" -not -iwholename "*build*" -not -iwholename "*stdlib*" -exec ${CHECKPATCH} ${CHECKCODE_ARGS} -f {} \; ; \
+ fi
checkpatch: locate-checkpatch
- @echo " CHECKING STYLE"
- ${Q}git log -p ${BASE_COMMIT}..HEAD -- ${CHECK_PATHS} | ${CHECKPATCH} ${CHECKPATCH_ARGS} - || true
+ @echo " CHECKING STYLE"
+ ${Q}git log -p ${BASE_COMMIT}..HEAD -- ${CHECK_PATHS} | ${CHECKPATCH} ${CHECKPATCH_ARGS} - || true
+
+certtool: ${CRTTOOL}
.PHONY: ${CRTTOOL}
${CRTTOOL}:
- ${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${CRTTOOLPATH}
- @echo
- @echo "Built $@ successfully"
- @echo
-
-.PHONY: ${FIPTOOL}
-${FIPTOOL}:
- ${Q}${MAKE} --no-print-directory -C ${FIPTOOLPATH}
-
-define match_goals
-$(strip $(foreach goal,$(1),$(filter $(goal),$(MAKECMDGOALS))))
-endef
-
-# List of rules that involve building things
-BUILD_TARGETS := all bl1 bl2 bl31 bl32 fip
-
-# Does the list of goals specified on the command line include a build target?
-ifneq ($(call match_goals,${BUILD_TARGETS}),)
-IS_ANYTHING_TO_BUILD := 1
-endif
-
-define MAKE_C
-
-$(eval OBJ := $(1)/$(patsubst %.c,%.o,$(notdir $(2))))
-$(eval PREREQUISITES := $(patsubst %.o,%.d,$(OBJ)))
-
-$(OBJ) : $(2)
- @echo " CC $$<"
- $$(Q)$$(CC) $$(CFLAGS) -DIMAGE_BL$(3) -c $$< -o $$@
-
-
-$(PREREQUISITES) : $(2)
- @echo " DEPS $$@"
- @mkdir -p $(1)
- $$(Q)$$(CC) $$(CFLAGS) -M -MT $(OBJ) -MF $$@ $$<
-
-ifdef IS_ANYTHING_TO_BUILD
--include $(PREREQUISITES)
-endif
-
-endef
-
-
-define MAKE_S
-
-$(eval OBJ := $(1)/$(patsubst %.S,%.o,$(notdir $(2))))
-$(eval PREREQUISITES := $(patsubst %.o,%.d,$(OBJ)))
-
-$(OBJ) : $(2)
- @echo " AS $$<"
- $$(Q)$$(AS) $$(ASFLAGS) -DIMAGE_BL$(3) -c $$< -o $$@
-
-$(PREREQUISITES) : $(2)
- @echo " DEPS $$@"
- @mkdir -p $(1)
- $$(Q)$$(AS) $$(ASFLAGS) -M -MT $(OBJ) -MF $$@ $$<
-
-ifdef IS_ANYTHING_TO_BUILD
--include $(PREREQUISITES)
-endif
-
-endef
-
-
-define MAKE_LD
-
-$(eval PREREQUISITES := $(1).d)
-
-$(1) : $(2)
- @echo " PP $$<"
- $$(Q)$$(AS) $$(ASFLAGS) -P -E -D__LINKER__ -o $$@ $$<
-
-$(PREREQUISITES) : $(2)
- @echo " DEPS $$@"
- @mkdir -p $$(dir $$@)
- $$(Q)$$(AS) $$(ASFLAGS) -M -MT $(1) -MF $$@ $$<
-
-ifdef IS_ANYTHING_TO_BUILD
--include $(PREREQUISITES)
-endif
-
-endef
-
-
-define MAKE_OBJS
- $(eval C_OBJS := $(filter %.c,$(2)))
- $(eval REMAIN := $(filter-out %.c,$(2)))
- $(eval $(foreach obj,$(C_OBJS),$(call MAKE_C,$(1),$(obj),$(3))))
-
- $(eval S_OBJS := $(filter %.S,$(REMAIN)))
- $(eval REMAIN := $(filter-out %.S,$(REMAIN)))
- $(eval $(foreach obj,$(S_OBJS),$(call MAKE_S,$(1),$(obj),$(3))))
-
- $(and $(REMAIN),$(error Unexpected source files present: $(REMAIN)))
-endef
-
-
-# NOTE: The line continuation '\' is required in the next define otherwise we
-# end up with a line-feed characer at the end of the last c filename.
-# Also bare this issue in mind if extending the list of supported filetypes.
-define SOURCES_TO_OBJS
- $(notdir $(patsubst %.c,%.o,$(filter %.c,$(1)))) \
- $(notdir $(patsubst %.S,%.o,$(filter %.S,$(1))))
-endef
-
-
-# MAKE_TOOL_ARGS macro defines the command line arguments for the FIP and CRT
-# tools at each BL stage. Arguments:
-# $(1) = BL stage (2, 30, 31, 32, 33)
-# $(2) = Binary file
-# $(3) = In FIP (false if empty)
-# $(4) = Create certificates (false if empty)
-# $(5) = Create key certificate (false if empty)
-# $(6) = Private key (optional)
-define MAKE_TOOL_ARGS
-
-$(eval FIP_DEPS += $(if $3,$(2),))
-$(eval FIP_ARGS += $(if $3,--bl$(1) $(2),))
-$(eval FIP_ARGS += $(if $4,--bl$(1)-cert $(BUILD_PLAT)/bl$(1).crt))
-$(eval FIP_ARGS += $(if $4,$(if $5,--bl$(1)-key-cert $(BUILD_PLAT)/bl$(1)_key.crt)))
-
-$(eval CRT_DEPS += $(if $4,$(2),))
-$(eval CRT_ARGS += $(if $4,--bl$(1) $(2)))
-$(eval CRT_ARGS += $(if $4,$(if $6,--bl$(1)-key $(6))))
-$(eval CRT_ARGS += $(if $4,--bl$(1)-cert $(BUILD_PLAT)/bl$(1).crt))
-$(eval CRT_ARGS += $(if $4,$(if $5,--bl$(1)-key-cert $(BUILD_PLAT)/bl$(1)_key.crt)))
-
-endef
-
-
-# MAKE_BL macro defines the targets and options to build each BL image.
-# Arguments:
-# $(1) = BL stage (2, 30, 31, 32, 33)
-# $(2) = In FIP (false if empty)
-# $(3) = Create certificates (false if empty)
-# $(4) = Create key certificate (false if empty)
-# $(5) = Private key (optional)
-define MAKE_BL
- $(eval BUILD_DIR := ${BUILD_PLAT}/bl$(1))
- $(eval SOURCES := $(BL$(1)_SOURCES) $(BL_COMMON_SOURCES) $(PLAT_BL_COMMON_SOURCES))
- $(eval OBJS := $(addprefix $(BUILD_DIR)/,$(call SOURCES_TO_OBJS,$(SOURCES))))
- $(eval LINKERFILE := $(BUILD_DIR)/bl$(1).ld)
- $(eval MAPFILE := $(BUILD_DIR)/bl$(1).map)
- $(eval ELF := $(BUILD_DIR)/bl$(1).elf)
- $(eval DUMP := $(BUILD_DIR)/bl$(1).dump)
- $(eval BIN := $(BUILD_PLAT)/bl$(1).bin)
-
- $(eval $(call MAKE_OBJS,$(BUILD_DIR),$(SOURCES),$(1)))
- $(eval $(call MAKE_LD,$(LINKERFILE),$(BL$(1)_LINKERFILE)))
-
-$(BUILD_DIR) :
- $$(Q)mkdir -p "$$@"
-
-$(ELF) : $(OBJS) $(LINKERFILE)
- @echo " LD $$@"
- @echo 'const char build_message[] = "Built : "__TIME__", "__DATE__; \
- const char version_string[] = "${VERSION_STRING}";' | \
- $$(CC) $$(CFLAGS) -xc - -o $(BUILD_DIR)/build_message.o
- $$(Q)$$(LD) -o $$@ $$(LDFLAGS) -Map=$(MAPFILE) --script $(LINKERFILE) \
- $(BUILD_DIR)/build_message.o $(OBJS)
-
-$(DUMP) : $(ELF)
- @echo " OD $$@"
- $${Q}$${OD} -dx $$< > $$@
-
-$(BIN) : $(ELF)
- @echo " BIN $$@"
- $$(Q)$$(OC) -O binary $$< $$@
+ ${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${CRTTOOLPATH}
@echo
- @echo "Built $$@ successfully"
+ @echo "Built $@ successfully"
@echo
-.PHONY : bl$(1)
-bl$(1) : $(BUILD_DIR) $(BIN) $(DUMP)
-
-all : bl$(1)
-
-$(eval $(call MAKE_TOOL_ARGS,$(1),$(BIN),$(2),$(3),$(4),$(5)))
-
-endef
-
-
-ifeq (${NEED_BL1},yes)
-$(eval $(call MAKE_BL,1))
-endif
-
-ifeq (${NEED_BL2},yes)
-$(if ${BL2}, $(eval $(call MAKE_TOOL_ARGS,2,${BL2},in_fip,${CERTS})),\
- $(eval $(call MAKE_BL,2,in_fip,${CERTS})))
-endif
-
-ifeq (${NEED_BL31},yes)
-BL31_SOURCES += ${SPD_SOURCES}
-$(if ${BL31}, $(eval $(call MAKE_TOOL_ARGS,31,${BL31},in_fip,${CERTS},${CERTS},${BL31_KEY})),\
- $(eval $(call MAKE_BL,31,in_fip,${CERTS},${CERTS},${BL31_KEY})))
-endif
-
-ifeq (${NEED_BL32},yes)
-$(if ${BL32}, $(eval $(call MAKE_TOOL_ARGS,32,${BL32},in_fip,${CERTS},${CERTS},${BL32_KEY})),\
- $(eval $(call MAKE_BL,32,in_fip,${CERTS},${CERTS},${BL32_KEY})))
-endif
-
-ifeq (${NEED_BL30},yes)
-$(if ${BL30}, $(eval $(call MAKE_TOOL_ARGS,30,${BL30},in_fip,${CERTS},${CERTS},${BL30_KEY})))
-
-# If BL3-0 is needed by the platform then 'BL30' variable must be defined.
-check_bl30:
- $(if ${BL30},,$(error "To build a FIP for platform ${PLAT}, please set BL30 to point to the SCP firmware"))
-else
-
-# If BL3-0 is not needed by the platform but the user still specified the path
-# to a BL3-0 image then warn him that it will be ignored.
-check_bl30:
- $(if ${BL30},$(warning "BL3-0 is not supported on platform ${PLAT}, it will just be ignored"),)
-endif
-
-ifeq (${NEED_BL33},yes)
-$(if ${BL33}, $(eval $(call MAKE_TOOL_ARGS,33,${BL33},in_fip,${CERTS},${CERTS},${BL33_KEY})))
-
-# If BL3-3 is needed by the platform then 'BL33' variable must be defined.
-check_bl33:
- $(if ${BL33},,$(error "To build a FIP, please set BL33 to point to the Normal World binary, eg: BL33=../uefi/FVP_AARCH64_EFI.fd"))
-else
-
-# If BL3-3 is not needed by the platform but the user still specified the path
-# to a BL3-3 image then warn him that it will be ignored.
-check_bl33:
- $(if ${BL33},$(warning "BL3-3 is not supported on platform ${PLAT}, it will just be ignored"),)
-endif
-
-# Add the dependency on the certificates
ifneq (${GENERATE_COT},0)
- fip: certificates
+certificates: ${CRT_DEPS} ${CRTTOOL}
+ ${Q}${CRTTOOL} ${CRT_ARGS}
+ @echo
+ @echo "Built $@ successfully"
+ @echo "Certificates can be found in ${BUILD_PLAT}"
+ @echo
endif
-certificates: ${CRT_DEPS} ${CRTTOOL} check_bl30 check_bl33
- ${Q}${CRTTOOL} ${CRT_ARGS}
- @echo
- @echo "Built $@ successfully"
- @echo "Certificates can be found in ${BUILD_PLAT}"
- @echo
+${BUILD_PLAT}/${FIP_NAME}: ${FIP_DEPS} ${FIPTOOL}
+ ${Q}${FIPTOOL} --dump ${FIP_ARGS} $@
+ @echo
+ @echo "Built $@ successfully"
+ @echo
-${BUILD_PLAT}/${FIP_NAME}: ${FIP_DEPS} ${FIPTOOL} check_bl30 check_bl33
- ${Q}${FIPTOOL} --dump \
- ${FIP_ARGS} \
- $@
- @echo
- @echo "Built $@ successfully"
- @echo
+fiptool: ${FIPTOOL}
+fip: ${BUILD_PLAT}/${FIP_NAME}
+.PHONY: ${FIPTOOL}
+${FIPTOOL}:
+ ${Q}${MAKE} --no-print-directory -C ${FIPTOOLPATH}
cscope:
@echo " CSCOPE"
@@ -681,6 +499,7 @@
@echo " bl2 Build the BL2 binary"
@echo " bl31 Build the BL3-1 binary"
@echo " bl32 Build the BL3-2 binary"
+ @echo " certificates Build the certificates (requires 'GENERATE_COT=1')"
@echo " fip Build the Firmware Image Package (FIP)"
@echo " checkcodebase Check the coding style of the entire source tree"
@echo " checkpatch Check the coding style on changes in the current"
diff --git a/bl2/bl2_main.c b/bl2/bl2_main.c
index 71940a6..404744b 100644
--- a/bl2/bl2_main.c
+++ b/bl2/bl2_main.c
@@ -34,6 +34,7 @@
#include <auth_mod.h>
#include <bl_common.h>
#include <debug.h>
+#include <errno.h>
#include <platform.h>
#include <platform_def.h>
#include <stdint.h>
@@ -239,7 +240,7 @@
e = load_bl32(bl2_to_bl31_params);
if (e) {
- if (e == LOAD_AUTH_ERR) {
+ if (e == -EAUTH) {
ERROR("Failed to authenticate BL3-2\n");
panic();
} else {
diff --git a/common/bl_common.c b/common/bl_common.c
index 73c615e..91a0ae8 100644
--- a/common/bl_common.c
+++ b/common/bl_common.c
@@ -207,7 +207,7 @@
uintptr_t image_spec;
size_t image_size;
size_t bytes_read;
- int io_result = IO_FAIL;
+ int io_result;
assert(mem_layout != NULL);
assert(image_data != NULL);
@@ -215,7 +215,7 @@
/* Obtain a reference to the image by querying the platform layer */
io_result = plat_get_image_source(image_id, &dev_handle, &image_spec);
- if (io_result != IO_SUCCESS) {
+ if (io_result != 0) {
WARN("Failed to obtain reference to image id=%u (%i)\n",
image_id, io_result);
return io_result;
@@ -223,7 +223,7 @@
/* Attempt to access the image */
io_result = io_open(dev_handle, image_spec, &image_handle);
- if (io_result != IO_SUCCESS) {
+ if (io_result != 0) {
WARN("Failed to access image id=%u (%i)\n",
image_id, io_result);
return io_result;
@@ -233,7 +233,7 @@
/* Find the size of the image */
io_result = io_size(image_handle, &image_size);
- if ((io_result != IO_SUCCESS) || (image_size == 0)) {
+ if ((io_result != 0) || (image_size == 0)) {
WARN("Failed to determine the size of the image id=%u (%i)\n",
image_id, io_result);
goto exit;
@@ -252,7 +252,7 @@
/* We have enough space so load the image now */
/* TODO: Consider whether to try to recover/retry a partially successful read */
io_result = io_read(image_handle, image_base, image_size, &bytes_read);
- if ((io_result != IO_SUCCESS) || (bytes_read < image_size)) {
+ if ((io_result != 0) || (bytes_read < image_size)) {
WARN("Failed to load image id=%u (%i)\n", image_id, io_result);
goto exit;
}
@@ -319,7 +319,7 @@
if (rc == 0) {
rc = load_auth_image(mem_layout, parent_id, image_base,
image_data, NULL);
- if (rc != LOAD_SUCCESS) {
+ if (rc != 0) {
return rc;
}
}
@@ -328,8 +328,8 @@
/* Load the image */
rc = load_image(mem_layout, image_id, image_base, image_data,
entry_point_info);
- if (rc != IO_SUCCESS) {
- return LOAD_ERR;
+ if (rc != 0) {
+ return rc;
}
#if TRUSTED_BOARD_BOOT
@@ -342,7 +342,7 @@
image_data->image_size);
flush_dcache_range(image_data->image_base,
image_data->image_size);
- return LOAD_AUTH_ERR;
+ return -EAUTH;
}
/* After working with data, invalidate the data cache */
@@ -350,5 +350,5 @@
(size_t)image_data->image_size);
#endif /* TRUSTED_BOARD_BOOT */
- return LOAD_SUCCESS;
+ return 0;
}
diff --git a/docs/porting-guide.md b/docs/porting-guide.md
index c369844..08fef4a 100644
--- a/docs/porting-guide.md
+++ b/docs/porting-guide.md
@@ -358,13 +358,12 @@
Defines the maximum number of registered IO devices. Attempting to register
more devices than this value using `io_register_device()` will fail with
- IO_RESOURCES_EXHAUSTED.
+ -ENOMEM.
* **#define : MAX_IO_HANDLES**
Defines the maximum number of open IO handles. Attempting to open more IO
- entities than this value using `io_open()` will fail with
- IO_RESOURCES_EXHAUSTED.
+ entities than this value using `io_open()` will fail with -ENOMEM.
If the platform needs to allocate data within the per-cpu data framework in
BL3-1, it should define the following macro. Currently this is only required if
@@ -1568,11 +1567,6 @@
need to be defined in the platform makefile which will get included by the
build system.
-* **NEED_BL30**
- This flag if defined by the platform mandates that a BL3-0 binary should
- be included in the FIP image. The path to the BL3-0 binary can be specified
- by the `BL30` build option (see build options in the [User Guide]).
-
* **NEED_BL33**
By default, this flag is defined `yes` by the build system and `BL33`
build option should be supplied as a build option. The platform has the option
diff --git a/include/common/bl_common.h b/include/common/bl_common.h
index 164377f..c687b35 100644
--- a/include/common/bl_common.h
+++ b/include/common/bl_common.h
@@ -202,15 +202,6 @@
image_info_t *bl33_image_info;
} bl31_params_t;
-/*
- * load_auth_image() return values
- */
-enum {
- LOAD_SUCCESS, /* Load + authentication success */
- LOAD_ERR, /* Load error */
- LOAD_AUTH_ERR /* Authentication error */
-};
-
/*
* Compile time assertions related to the 'entry_point_info' structure to
diff --git a/include/drivers/io/io_storage.h b/include/drivers/io/io_storage.h
index e98dcd0..4c3526e 100644
--- a/include/drivers/io/io_storage.h
+++ b/include/drivers/io/io_storage.h
@@ -31,6 +31,7 @@
#ifndef __IO_H__
#define __IO_H__
+#include <errno.h>
#include <stdint.h>
#include <stdio.h> /* For ssize_t */
#include <uuid.h>
@@ -88,11 +89,13 @@
#define IO_MODE_RW (1 << 1)
-/* Return codes reported by 'io_*' APIs */
+/* Return codes reported by 'io_*' APIs.
+ * IMPORTANT: these definitions are deprecated. Callers should use standard
+ * errno definitions when checking the return value of io_* APIs. */
#define IO_SUCCESS (0)
-#define IO_FAIL (-1)
-#define IO_NOT_SUPPORTED (-2)
-#define IO_RESOURCES_EXHAUSTED (-3)
+#define IO_FAIL (-ENOENT)
+#define IO_NOT_SUPPORTED (-ENODEV)
+#define IO_RESOURCES_EXHAUSTED (-ENOMEM)
/* Open a connection to a device */
diff --git a/make_helpers/build_macros.mk b/make_helpers/build_macros.mk
new file mode 100644
index 0000000..9ab6e64
--- /dev/null
+++ b/make_helpers/build_macros.mk
@@ -0,0 +1,291 @@
+#
+# Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# Redistributions of source code must retain the above copyright notice, this
+# list of conditions and the following disclaimer.
+#
+# Redistributions in binary form must reproduce the above copyright notice,
+# this list of conditions and the following disclaimer in the documentation
+# and/or other materials provided with the distribution.
+#
+# Neither the name of ARM nor the names of its contributors may be used
+# to endorse or promote products derived from this software without specific
+# prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+#
+
+# Convenience function for adding build definitions
+# $(eval $(call add_define,FOO)) will have:
+# -DFOO if $(FOO) is empty; -DFOO=$(FOO) otherwise
+define add_define
+ DEFINES += -D$(1)$(if $(value $(1)),=$(value $(1)),)
+endef
+
+# Convenience function for verifying option has a boolean value
+# $(eval $(call assert_boolean,FOO)) will assert FOO is 0 or 1
+define assert_boolean
+ $(and $(patsubst 0,,$(value $(1))),$(patsubst 1,,$(value $(1))),$(error $(1) must be boolean))
+endef
+
+# IMG_LINKERFILE defines the linker script corresponding to a BL stage
+# $(1) = BL stage (2, 30, 31, 32, 33)
+define IMG_LINKERFILE
+ ${BUILD_DIR}/bl$(1).ld
+endef
+
+# IMG_MAPFILE defines the output file describing the memory map corresponding
+# to a BL stage
+# $(1) = BL stage (2, 30, 31, 32, 33)
+define IMG_MAPFILE
+ ${BUILD_DIR}/bl$(1).map
+endef
+
+# IMG_ELF defines the elf file corresponding to a BL stage
+# $(1) = BL stage (2, 30, 31, 32, 33)
+define IMG_ELF
+ ${BUILD_DIR}/bl$(1).elf
+endef
+
+# IMG_DUMP defines the symbols dump file corresponding to a BL stage
+# $(1) = BL stage (2, 30, 31, 32, 33)
+define IMG_DUMP
+ ${BUILD_DIR}/bl$(1).dump
+endef
+
+# IMG_BIN defines the default image file corresponding to a BL stage
+# $(1) = BL stage (2, 30, 31, 32, 33)
+define IMG_BIN
+ ${BUILD_PLAT}/bl$(1).bin
+endef
+
+# FIP_ADD_PAYLOAD appends the command line arguments required by the FIP tool
+# to package a new payload. Optionally, it adds the dependency on this payload
+# $(1) = payload filename (i.e. bl31.bin)
+# $(2) = command line option for the specified payload (i.e. --bl31)
+# $(3) = fip target dependency (optional) (i.e. bl31)
+define FIP_ADD_PAYLOAD
+ $(eval FIP_ARGS += $(2) $(1))
+ $(eval $(if $(3),FIP_DEPS += $(3)))
+endef
+
+# CERT_ADD_CMD_OPT adds a new command line option to the cert_create invokation
+# $(1) = parameter filename
+# $(2) = cert_create command line option for the specified parameter
+# $(3) = input parameter (false if empty)
+define CERT_ADD_CMD_OPT
+ $(eval $(if $(3),CRT_DEPS += $(1)))
+ $(eval CRT_ARGS += $(2) $(1))
+endef
+
+# FIP_ADD_IMG allows the platform to specify an image to be packed in the FIP
+# using a build option. It also adds a dependency on the image file, aborting
+# the build if the file does not exist.
+# $(1) = build option to specify the image filename (BL30, BL33, etc)
+# $(2) = command line option for the fip_create tool (bl30, bl33, etc)
+# Example:
+# $(eval $(call FIP_ADD_IMG,BL33,--bl33))
+define FIP_ADD_IMG
+ CRT_DEPS += check_$(1)
+ FIP_DEPS += check_$(1)
+ $(call FIP_ADD_PAYLOAD,$(value $(1)),$(2))
+
+check_$(1):
+ $$(if $(value $(1)),,$$(error "Platform '${PLAT}' requires $(1). Please set $(1) to point to the right file"))
+endef
+
+
+################################################################################
+# Auxiliary macros to build TF images from sources
+################################################################################
+
+# If no goal is specified in the command line, .DEFAULT_GOAL is used.
+# .DEFAULT_GOAL is defined in the main Makefile before including this file.
+ifeq ($(MAKECMDGOALS),)
+MAKECMDGOALS := $(.DEFAULT_GOAL)
+endif
+
+define match_goals
+$(strip $(foreach goal,$(1),$(filter $(goal),$(MAKECMDGOALS))))
+endef
+
+# List of rules that involve building things
+BUILD_TARGETS := all bl1 bl2 bl31 bl32 certificates fip
+
+# Does the list of goals specified on the command line include a build target?
+ifneq ($(call match_goals,${BUILD_TARGETS}),)
+IS_ANYTHING_TO_BUILD := 1
+endif
+
+
+# MAKE_C builds a C source file and generates the dependency file
+# $(1) = output directory
+# $(2) = source file (%.c)
+# $(3) = BL stage (2, 30, 31, 32, 33)
+define MAKE_C
+
+$(eval OBJ := $(1)/$(patsubst %.c,%.o,$(notdir $(2))))
+$(eval PREREQUISITES := $(patsubst %.o,%.d,$(OBJ)))
+
+$(OBJ): $(2)
+ @echo " CC $$<"
+ $$(Q)$$(CC) $$(CFLAGS) -DIMAGE_BL$(3) -c $$< -o $$@
+
+
+$(PREREQUISITES): $(2)
+ @echo " DEPS $$@"
+ @mkdir -p $(1)
+ $$(Q)$$(CC) $$(CFLAGS) -M -MT $(OBJ) -MF $$@ $$<
+
+ifdef IS_ANYTHING_TO_BUILD
+-include $(PREREQUISITES)
+endif
+
+endef
+
+
+# MAKE_S builds an assembly source file and generates the dependency file
+# $(1) = output directory
+# $(2) = assembly file (%.S)
+# $(3) = BL stage (2, 30, 31, 32, 33)
+define MAKE_S
+
+$(eval OBJ := $(1)/$(patsubst %.S,%.o,$(notdir $(2))))
+$(eval PREREQUISITES := $(patsubst %.o,%.d,$(OBJ)))
+
+$(OBJ): $(2)
+ @echo " AS $$<"
+ $$(Q)$$(AS) $$(ASFLAGS) -DIMAGE_BL$(3) -c $$< -o $$@
+
+$(PREREQUISITES): $(2)
+ @echo " DEPS $$@"
+ @mkdir -p $(1)
+ $$(Q)$$(AS) $$(ASFLAGS) -M -MT $(OBJ) -MF $$@ $$<
+
+ifdef IS_ANYTHING_TO_BUILD
+-include $(PREREQUISITES)
+endif
+
+endef
+
+
+# MAKE_LD generate the linker script using the C preprocessor
+# $(1) = output linker script
+# $(2) = input template
+define MAKE_LD
+
+$(eval PREREQUISITES := $(1).d)
+
+$(1): $(2)
+ @echo " PP $$<"
+ $$(Q)$$(AS) $$(ASFLAGS) -P -E -D__LINKER__ -o $$@ $$<
+
+$(PREREQUISITES): $(2)
+ @echo " DEPS $$@"
+ @mkdir -p $$(dir $$@)
+ $$(Q)$$(AS) $$(ASFLAGS) -M -MT $(1) -MF $$@ $$<
+
+ifdef IS_ANYTHING_TO_BUILD
+-include $(PREREQUISITES)
+endif
+
+endef
+
+
+# MAKE_OBJS builds both C and assembly source files
+# $(1) = output directory
+# $(2) = list of source files (both C and assembly)
+# $(3) = BL stage (2, 30, 31, 32, 33)
+define MAKE_OBJS
+ $(eval C_OBJS := $(filter %.c,$(2)))
+ $(eval REMAIN := $(filter-out %.c,$(2)))
+ $(eval $(foreach obj,$(C_OBJS),$(call MAKE_C,$(1),$(obj),$(3))))
+
+ $(eval S_OBJS := $(filter %.S,$(REMAIN)))
+ $(eval REMAIN := $(filter-out %.S,$(REMAIN)))
+ $(eval $(foreach obj,$(S_OBJS),$(call MAKE_S,$(1),$(obj),$(3))))
+
+ $(and $(REMAIN),$(error Unexpected source files present: $(REMAIN)))
+endef
+
+
+# NOTE: The line continuation '\' is required in the next define otherwise we
+# end up with a line-feed characer at the end of the last c filename.
+# Also bare this issue in mind if extending the list of supported filetypes.
+define SOURCES_TO_OBJS
+ $(notdir $(patsubst %.c,%.o,$(filter %.c,$(1)))) \
+ $(notdir $(patsubst %.S,%.o,$(filter %.S,$(1))))
+endef
+
+
+# MAKE_TOOL_ARGS macro defines the command line arguments for the FIP tool for
+# each BL image. Arguments:
+# $(1) = BL stage (2, 30, 31, 32, 33)
+# $(2) = Binary file
+# $(3) = In FIP (false if empty)
+define MAKE_TOOL_ARGS
+ $(if $(3),$(eval $(call FIP_ADD_PAYLOAD,$(2),--bl$(1),bl$(1))))
+endef
+
+
+# MAKE_BL macro defines the targets and options to build each BL image.
+# Arguments:
+# $(1) = BL stage (2, 30, 31, 32, 33)
+# $(2) = In FIP (false if empty)
+define MAKE_BL
+ $(eval BUILD_DIR := ${BUILD_PLAT}/bl$(1))
+ $(eval SOURCES := $(BL$(1)_SOURCES) $(BL_COMMON_SOURCES) $(PLAT_BL_COMMON_SOURCES))
+ $(eval OBJS := $(addprefix $(BUILD_DIR)/,$(call SOURCES_TO_OBJS,$(SOURCES))))
+ $(eval LINKERFILE := $(call IMG_LINKERFILE,$(1)))
+ $(eval MAPFILE := $(call IMG_MAPFILE,$(1)))
+ $(eval ELF := $(call IMG_ELF,$(1)))
+ $(eval DUMP := $(call IMG_DUMP,$(1)))
+ $(eval BIN := $(call IMG_BIN,$(1)))
+
+ $(eval $(call MAKE_OBJS,$(BUILD_DIR),$(SOURCES),$(1)))
+ $(eval $(call MAKE_LD,$(LINKERFILE),$(BL$(1)_LINKERFILE)))
+
+$(BUILD_DIR):
+ $$(Q)mkdir -p "$$@"
+
+$(ELF): $(OBJS) $(LINKERFILE)
+ @echo " LD $$@"
+ @echo 'const char build_message[] = "Built : "__TIME__", "__DATE__; \
+ const char version_string[] = "${VERSION_STRING}";' | \
+ $$(CC) $$(CFLAGS) -xc - -o $(BUILD_DIR)/build_message.o
+ $$(Q)$$(LD) -o $$@ $$(LDFLAGS) -Map=$(MAPFILE) --script $(LINKERFILE) \
+ $(BUILD_DIR)/build_message.o $(OBJS)
+
+$(DUMP): $(ELF)
+ @echo " OD $$@"
+ $${Q}$${OD} -dx $$< > $$@
+
+$(BIN): $(ELF)
+ @echo " BIN $$@"
+ $$(Q)$$(OC) -O binary $$< $$@
+ @echo
+ @echo "Built $$@ successfully"
+ @echo
+
+.PHONY: bl$(1)
+bl$(1): $(BUILD_DIR) $(BIN) $(DUMP)
+
+all: bl$(1)
+
+$(eval $(call MAKE_TOOL_ARGS,$(1),$(BIN),$(2)))
+
+endef
+
diff --git a/make_helpers/tbbr/tbbr_tools.mk b/make_helpers/tbbr/tbbr_tools.mk
new file mode 100644
index 0000000..58c84d2
--- /dev/null
+++ b/make_helpers/tbbr/tbbr_tools.mk
@@ -0,0 +1,116 @@
+#
+# Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# Redistributions of source code must retain the above copyright notice, this
+# list of conditions and the following disclaimer.
+#
+# Redistributions in binary form must reproduce the above copyright notice,
+# this list of conditions and the following disclaimer in the documentation
+# and/or other materials provided with the distribution.
+#
+# Neither the name of ARM nor the names of its contributors may be used
+# to endorse or promote products derived from this software without specific
+# prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+#
+
+# This file defines the keys and certificates that must be created to establish
+# a Chain of Trust following the TBBR document. These definitions include the
+# command line options passed to the cert_create and fip_create tools.
+#
+# Expected environment:
+#
+# BUILD_PLAT: output directory
+# NEED_BL32: indicates whether BL3-2 is needed by the platform
+# BL2: image filename (optional). Default is IMG_BIN(2) (see macro IMG_BIN)
+# BL30: image filename (optional). Default is IMG_BIN(30)
+# BL31: image filename (optional). Default is IMG_BIN(31)
+# BL32: image filename (optional). Default is IMG_BIN(32)
+# BL33: image filename (optional). Default is IMG_BIN(33)
+#
+# Build options added by this file:
+#
+# KEY_ALG
+# ROT_KEY
+# TRUSTED_WORLD_KEY
+# NON_TRUSTED_WORLD_KEY
+# BL30_KEY
+# BL31_KEY
+# BL32_KEY
+# BL33_KEY
+#
+
+# Certificate generation tool default parameters
+TRUSTED_KEY_CERT := ${BUILD_PLAT}/trusted_key.crt
+
+# Add Trusted Key certificate to the fip_create and cert_create command line options
+$(eval $(call FIP_ADD_PAYLOAD,${TRUSTED_KEY_CERT},--trusted-key-cert))
+$(eval $(call CERT_ADD_CMD_OPT,${TRUSTED_KEY_CERT},--trusted-key-cert))
+
+# Add the keys to the cert_create command line options (private keys are NOT
+# packed in the FIP). Developers can use their own keys by specifying the proper
+# build option in the command line when building the Trusted Firmware
+$(if ${KEY_ALG},$(eval $(call CERT_ADD_CMD_OPT,${KEY_ALG},--key-alg)))
+$(if ${ROT_KEY},$(eval $(call CERT_ADD_CMD_OPT,${ROT_KEY},--rot-key)))
+$(if ${TRUSTED_WORLD_KEY},$(eval $(call CERT_ADD_CMD_OPT,${TRUSTED_WORLD_KEY},--trusted-world-key)))
+$(if ${NON_TRUSTED_WORLD_KEY},$(eval $(call CERT_ADD_CMD_OPT,${NON_TRUSTED_WORLD_KEY},--non-trusted-world-key)))
+
+# Add the BL2 CoT (image cert + image)
+$(if ${BL2},$(eval $(call CERT_ADD_CMD_OPT,${BL2},--bl2,true)),\
+ $(eval $(call CERT_ADD_CMD_OPT,$(call IMG_BIN,2),--bl2,true)))
+$(eval $(call CERT_ADD_CMD_OPT,${BUILD_PLAT}/bl2.crt,--bl2-cert))
+$(eval $(call FIP_ADD_PAYLOAD,${BUILD_PLAT}/bl2.crt,--bl2-cert))
+
+# Add the BL30 CoT (key cert + img cert + image)
+ifneq (${BL30},)
+ $(eval $(call CERT_ADD_CMD_OPT,${BL30},--bl30,true))
+ $(if ${BL30_KEY},$(eval $(call CERT_ADD_CMD_OPT,${BL30_KEY},--bl30-key)))
+ $(eval $(call CERT_ADD_CMD_OPT,${BUILD_PLAT}/bl30.crt,--bl30-cert))
+ $(eval $(call CERT_ADD_CMD_OPT,${BUILD_PLAT}/bl30_key.crt,--bl30-key-cert))
+ $(eval $(call FIP_ADD_PAYLOAD,${BUILD_PLAT}/bl30.crt,--bl30-cert))
+ $(eval $(call FIP_ADD_PAYLOAD,${BUILD_PLAT}/bl30_key.crt,--bl30-key-cert))
+endif
+
+# Add the BL31 CoT (key cert + img cert + image)
+$(if ${BL31},$(eval $(call CERT_ADD_CMD_OPT,${BL31},--bl31,true)),\
+ $(eval $(call CERT_ADD_CMD_OPT,$(call IMG_BIN,31),--bl31,true)))
+$(if ${BL31_KEY},$(eval $(call CERT_ADD_CMD_OPT,${BL31_KEY},--bl31-key)))
+$(eval $(call CERT_ADD_CMD_OPT,${BUILD_PLAT}/bl31.crt,--bl31-cert))
+$(eval $(call CERT_ADD_CMD_OPT,${BUILD_PLAT}/bl31_key.crt,--bl31-key-cert))
+$(eval $(call FIP_ADD_PAYLOAD,${BUILD_PLAT}/bl31.crt,--bl31-cert))
+$(eval $(call FIP_ADD_PAYLOAD,${BUILD_PLAT}/bl31_key.crt,--bl31-key-cert))
+
+# Add the BL32 CoT (key cert + img cert + image)
+ifeq (${NEED_BL32},yes)
+ $(if ${BL32},$(eval $(call CERT_ADD_CMD_OPT,${BL32},--bl32,true)),\
+ $(eval $(call CERT_ADD_CMD_OPT,$(call IMG_BIN,32),--bl32,true)))
+ $(if ${BL32_KEY},$(eval $(call CERT_ADD_CMD_OPT,${BL32_KEY},--bl32-key)))
+ $(eval $(call CERT_ADD_CMD_OPT,${BUILD_PLAT}/bl32.crt,--bl32-cert))
+ $(eval $(call CERT_ADD_CMD_OPT,${BUILD_PLAT}/bl32_key.crt,--bl32-key-cert))
+ $(eval $(call FIP_ADD_PAYLOAD,${BUILD_PLAT}/bl32.crt,--bl32-cert))
+ $(eval $(call FIP_ADD_PAYLOAD,${BUILD_PLAT}/bl32_key.crt,--bl32-key-cert))
+endif
+
+# Add the BL33 CoT (key cert + img cert + image)
+ifneq (${BL33},)
+ $(eval $(call CERT_ADD_CMD_OPT,${BL33},--bl33,true))
+ $(if ${BL33_KEY},$(eval $(call CERT_ADD_CMD_OPT,${BL33_KEY},--bl33-key)))
+ $(eval $(call CERT_ADD_CMD_OPT,${BUILD_PLAT}/bl33.crt,--bl33-cert))
+ $(eval $(call CERT_ADD_CMD_OPT,${BUILD_PLAT}/bl33_key.crt,--bl33-key-cert))
+ $(eval $(call FIP_ADD_PAYLOAD,${BUILD_PLAT}/bl33.crt,--bl33-cert))
+ $(eval $(call FIP_ADD_PAYLOAD,${BUILD_PLAT}/bl33_key.crt,--bl33-key-cert))
+endif
diff --git a/plat/arm/css/common/css_common.mk b/plat/arm/css/common/css_common.mk
index d5c2fcb..6b05869 100644
--- a/plat/arm/css/common/css_common.mk
+++ b/plat/arm/css/common/css_common.mk
@@ -53,7 +53,8 @@
Please set RESET_TO_BL31 to 0.")
endif
-NEED_BL30 := yes
+# Subsystems require a BL30 image
+$(eval $(call FIP_ADD_IMG,BL30,--bl30))
# Enable option to detect whether the SCP ROM firmware in use predates version
# 1.7.0 and therefore, is incompatible.
diff --git a/tools/cert_create/Makefile b/tools/cert_create/Makefile
index 7efaf8a..8d7b8a5 100644
--- a/tools/cert_create/Makefile
+++ b/tools/cert_create/Makefile
@@ -36,6 +36,7 @@
OPENSSL_DIR := /usr
OBJECTS := src/cert.o \
+ src/cmd_opt.o \
src/ext.o \
src/key.o \
src/main.o \
diff --git a/tools/cert_create/include/cert.h b/tools/cert_create/include/cert.h
index 18129a7..11381c9 100644
--- a/tools/cert_create/include/cert.h
+++ b/tools/cert_create/include/cert.h
@@ -54,6 +54,7 @@
struct cert_s {
int id; /* Unique identifier */
+ const char *opt; /* Command line option to pass filename */
const char *fn; /* Filename to save the certificate */
const char *cn; /* Subject CN (Company Name) */
@@ -67,6 +68,8 @@
};
/* Exported API */
+int cert_init(void);
+cert_t *cert_get_by_opt(const char *opt);
int cert_add_ext(X509 *issuer, X509 *subject, int nid, char *value);
int cert_new(cert_t *cert, int days, int ca, STACK_OF(X509_EXTENSION) * sk);
diff --git a/tools/cert_create/include/cmd_opt.h b/tools/cert_create/include/cmd_opt.h
new file mode 100644
index 0000000..ca48d7c
--- /dev/null
+++ b/tools/cert_create/include/cmd_opt.h
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * Neither the name of ARM nor the names of its contributors may be used
+ * to endorse or promote products derived from this software without specific
+ * prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef CMD_OPT_H_
+#define CMD_OPT_H_
+
+#include <getopt.h>
+
+#define CMD_OPT_MAX_NUM 64
+
+/* Supported long command line option types */
+enum {
+ CMD_OPT_CERT,
+ CMD_OPT_KEY,
+ CMD_OPT_EXT
+};
+
+/* Exported API*/
+int cmd_opt_add(const char *name, int has_arg, int val);
+const struct option *cmd_opt_get_array(void);
+const char *cmd_opt_get_name(int idx);
+
+#endif /* CMD_OPT_H_ */
diff --git a/tools/cert_create/include/ext.h b/tools/cert_create/include/ext.h
index 60455e6..3c65473 100644
--- a/tools/cert_create/include/ext.h
+++ b/tools/cert_create/include/ext.h
@@ -56,6 +56,7 @@
* - V_ASN1_OCTET_STRING
*/
int type;
+ const char *opt; /* Command line option to specify data */
/* Extension data (depends on extension type) */
union {
const char *fn; /* File with extension data */
@@ -79,7 +80,8 @@
};
/* Exported API */
-int ext_register(ext_t *tbb_ext);
+int ext_init(void);
+ext_t *ext_get_by_opt(const char *opt);
X509_EXTENSION *ext_new_hash(int nid, int crit, const EVP_MD *md,
unsigned char *buf, size_t len);
X509_EXTENSION *ext_new_nvcounter(int nid, int crit, int value);
diff --git a/tools/cert_create/include/key.h b/tools/cert_create/include/key.h
index da9f119..6995a06 100644
--- a/tools/cert_create/include/key.h
+++ b/tools/cert_create/include/key.h
@@ -63,12 +63,15 @@
*/
typedef struct key_s {
int id; /* Key id */
+ const char *opt; /* Command line option to specify a key */
const char *desc; /* Key description (debug purposes) */
char *fn; /* Filename to load/store the key */
EVP_PKEY *key; /* Key container */
} key_t;
/* Exported API */
+int key_init(void);
+key_t *key_get_by_opt(const char *opt);
int key_create(key_t *key, int type);
int key_load(key_t *key, unsigned int *err_code);
int key_store(key_t *key);
diff --git a/tools/cert_create/src/cert.c b/tools/cert_create/src/cert.c
index e58b10e..bf52645 100644
--- a/tools/cert_create/src/cert.c
+++ b/tools/cert_create/src/cert.c
@@ -39,6 +39,7 @@
#include <openssl/x509v3.h>
#include "cert.h"
+#include "cmd_opt.h"
#include "debug.h"
#include "key.h"
#include "platform_oid.h"
@@ -179,3 +180,35 @@
cert->x = x;
return 1;
}
+
+int cert_init(void)
+{
+ cert_t *cert;
+ int rc = 0;
+ unsigned int i;
+
+ for (i = 0; i < num_certs; i++) {
+ cert = &certs[i];
+ rc = cmd_opt_add(cert->opt, required_argument, CMD_OPT_CERT);
+ if (rc != 0) {
+ break;
+ }
+ }
+
+ return rc;
+}
+
+cert_t *cert_get_by_opt(const char *opt)
+{
+ cert_t *cert = NULL;
+ unsigned int i;
+
+ for (i = 0; i < num_certs; i++) {
+ cert = &certs[i];
+ if (0 == strcmp(cert->opt, opt)) {
+ return cert;
+ }
+ }
+
+ return NULL;
+}
diff --git a/tools/cert_create/src/cmd_opt.c b/tools/cert_create/src/cmd_opt.c
new file mode 100644
index 0000000..3847b98
--- /dev/null
+++ b/tools/cert_create/src/cmd_opt.c
@@ -0,0 +1,65 @@
+/*
+ * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * Neither the name of ARM nor the names of its contributors may be used
+ * to endorse or promote products derived from this software without specific
+ * prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <getopt.h>
+#include <stddef.h>
+#include <cmd_opt.h>
+
+/* Command line options */
+static struct option long_opt[CMD_OPT_MAX_NUM+1];
+static int num_reg_opt;
+
+int cmd_opt_add(const char *name, int has_arg, int val)
+{
+ if (num_reg_opt >= CMD_OPT_MAX_NUM) {
+ return -1;
+ }
+ long_opt[num_reg_opt].name = name;
+ long_opt[num_reg_opt].has_arg = has_arg;
+ long_opt[num_reg_opt].flag = 0;
+ long_opt[num_reg_opt].val = val;
+ num_reg_opt++;
+
+ return 0;
+}
+
+const struct option *cmd_opt_get_array(void)
+{
+ return long_opt;
+}
+
+const char *cmd_opt_get_name(int idx)
+{
+ if (idx >= num_reg_opt) {
+ return NULL;
+ }
+
+ return long_opt[idx].name;
+}
diff --git a/tools/cert_create/src/ext.c b/tools/cert_create/src/ext.c
index 6d09837..14aef66 100644
--- a/tools/cert_create/src/ext.c
+++ b/tools/cert_create/src/ext.c
@@ -35,6 +35,8 @@
#include <openssl/asn1t.h>
#include <openssl/err.h>
#include <openssl/x509v3.h>
+
+#include "cmd_opt.h"
#include "ext.h"
DECLARE_ASN1_ITEM(ASN1_INTEGER)
@@ -65,13 +67,26 @@
*
* Return: 0 = success, Otherwise: error
*/
-int ext_register(ext_t *exts)
+int ext_init(void)
{
ext_t *ext;
X509V3_EXT_METHOD *m;
- int i = 0, nid, ret;
+ int nid, ret;
+ unsigned int i;
- while ((ext = &exts[i++]) && ext->oid) {
+ for (i = 0; i < num_extensions; i++) {
+ ext = &extensions[i];
+ /* Register command line option */
+ if (ext->opt) {
+ if (cmd_opt_add(ext->opt, required_argument,
+ CMD_OPT_EXT)) {
+ return 1;
+ }
+ }
+ /* Register the extension OID in OpenSSL */
+ if (ext->oid == NULL) {
+ continue;
+ }
nid = OBJ_create(ext->oid, ext->sn, ext->ln);
if (ext->alias) {
X509V3_EXT_add_alias(nid, ext->alias);
@@ -295,3 +310,20 @@
return ex;
}
+
+ext_t *ext_get_by_opt(const char *opt)
+{
+ ext_t *ext = NULL;
+ unsigned int i;
+
+ /* Sequential search. This is not a performance concern since the number
+ * of extensions is bounded and the code runs on a host machine */
+ for (i = 0; i < num_extensions; i++) {
+ ext = &extensions[i];
+ if (ext->opt && !strcmp(ext->opt, opt)) {
+ return ext;
+ }
+ }
+
+ return NULL;
+}
diff --git a/tools/cert_create/src/key.c b/tools/cert_create/src/key.c
index 6072d9c..76d528b 100644
--- a/tools/cert_create/src/key.c
+++ b/tools/cert_create/src/key.c
@@ -38,6 +38,7 @@
#include <openssl/pem.h>
#include "cert.h"
+#include "cmd_opt.h"
#include "debug.h"
#include "key.h"
#include "platform_oid.h"
@@ -190,3 +191,40 @@
return 0;
}
+
+int key_init(void)
+{
+ key_t *key;
+ int rc = 0;
+ unsigned int i;
+
+ for (i = 0; i < num_keys; i++) {
+ key = &keys[i];
+ if (key->opt != NULL) {
+ rc = cmd_opt_add(key->opt, required_argument,
+ CMD_OPT_KEY);
+ if (rc != 0) {
+ break;
+ }
+ }
+ }
+
+ return rc;
+}
+
+key_t *key_get_by_opt(const char *opt)
+{
+ key_t *key = NULL;
+ unsigned int i;
+
+ /* Sequential search. This is not a performance concern since the number
+ * of keys is bounded and the code runs on a host machine */
+ for (i = 0; i < num_keys; i++) {
+ key = &keys[i];
+ if (0 == strcmp(key->opt, opt)) {
+ return key;
+ }
+ }
+
+ return NULL;
+}
diff --git a/tools/cert_create/src/main.c b/tools/cert_create/src/main.c
index 29bf452..b7ad33f 100644
--- a/tools/cert_create/src/main.c
+++ b/tools/cert_create/src/main.c
@@ -41,6 +41,7 @@
#include <openssl/x509v3.h>
#include "cert.h"
+#include "cmd_opt.h"
#include "debug.h"
#include "ext.h"
#include "key.h"
@@ -116,8 +117,6 @@
static int new_keys;
static int save_keys;
static int print_cert;
-static int bl30_present;
-static int bl32_present;
/* Info messages created in the Makefile */
extern const char build_msg[];
@@ -141,43 +140,7 @@
#endif /* OPENSSL_NO_EC */
};
-/* Command line options */
-static const struct option long_opt[] = {
- /* Binary images */
- {"bl2", required_argument, 0, BL2_ID},
- {"bl30", required_argument, 0, BL30_ID},
- {"bl31", required_argument, 0, BL31_ID},
- {"bl32", required_argument, 0, BL32_ID},
- {"bl33", required_argument, 0, BL33_ID},
- /* Certificate files */
- {"bl2-cert", required_argument, 0, BL2_CERT_ID},
- {"trusted-key-cert", required_argument, 0, TRUSTED_KEY_CERT_ID},
- {"bl30-key-cert", required_argument, 0, BL30_KEY_CERT_ID},
- {"bl30-cert", required_argument, 0, BL30_CERT_ID},
- {"bl31-key-cert", required_argument, 0, BL31_KEY_CERT_ID},
- {"bl31-cert", required_argument, 0, BL31_CERT_ID},
- {"bl32-key-cert", required_argument, 0, BL32_KEY_CERT_ID},
- {"bl32-cert", required_argument, 0, BL32_CERT_ID},
- {"bl33-key-cert", required_argument, 0, BL33_KEY_CERT_ID},
- {"bl33-cert", required_argument, 0, BL33_CERT_ID},
- /* Private key files */
- {"rot-key", required_argument, 0, ROT_KEY_ID},
- {"trusted-world-key", required_argument, 0, TRUSTED_WORLD_KEY_ID},
- {"non-trusted-world-key", required_argument, 0, NON_TRUSTED_WORLD_KEY_ID},
- {"bl30-key", required_argument, 0, BL30_KEY_ID},
- {"bl31-key", required_argument, 0, BL31_KEY_ID},
- {"bl32-key", required_argument, 0, BL32_KEY_ID},
- {"bl33-key", required_argument, 0, BL33_KEY_ID},
- /* Common options */
- {"key-alg", required_argument, 0, 'a'},
- {"help", no_argument, 0, 'h'},
- {"save-keys", no_argument, 0, 'k'},
- {"new-chain", no_argument, 0, 'n'},
- {"print-cert", no_argument, 0, 'p'},
- {0, 0, 0, 0}
-};
-
-static void print_help(const char *cmd)
+static void print_help(const char *cmd, const struct option *long_opt)
{
int i = 0;
printf("\n\n");
@@ -218,74 +181,55 @@
static void check_cmd_params(void)
{
+ cert_t *cert;
+ ext_t *ext;
+ key_t *key;
+ int i, j;
+
/* Only save new keys */
if (save_keys && !new_keys) {
ERROR("Only new keys can be saved to disk\n");
exit(1);
}
- /* BL2, BL31 and BL33 are mandatory */
- if (extensions[BL2_HASH_EXT].data.fn == NULL) {
- ERROR("BL2 image not specified\n");
- exit(1);
- }
-
- if (extensions[BL31_HASH_EXT].data.fn == NULL) {
- ERROR("BL31 image not specified\n");
- exit(1);
- }
-
- if (extensions[BL33_HASH_EXT].data.fn == NULL) {
- ERROR("BL33 image not specified\n");
- exit(1);
- }
-
- /* BL30 and BL32 are optional */
- if (extensions[BL30_HASH_EXT].data.fn != NULL) {
- bl30_present = 1;
- }
-
- if (extensions[BL32_HASH_EXT].data.fn != NULL) {
- bl32_present = 1;
- }
-
- /* TODO: Certificate filenames */
-
- /* Filenames to store keys must be specified */
- if (save_keys || !new_keys) {
- if (keys[ROT_KEY].fn == NULL) {
- ERROR("ROT key not specified\n");
- exit(1);
- }
-
- if (keys[TRUSTED_WORLD_KEY].fn == NULL) {
- ERROR("Trusted World key not specified\n");
- exit(1);
- }
-
- if (keys[NON_TRUSTED_WORLD_KEY].fn == NULL) {
- ERROR("Non-trusted World key not specified\n");
- exit(1);
- }
-
- if (keys[BL31_KEY].fn == NULL) {
- ERROR("BL31 key not specified\n");
- exit(1);
- }
-
- if (keys[BL33_KEY].fn == NULL) {
- ERROR("BL33 key not specified\n");
- exit(1);
- }
-
- if (bl30_present && (keys[BL30_KEY].fn == NULL)) {
- ERROR("BL30 key not specified\n");
- exit(1);
+ /* Check that all required options have been specified in the
+ * command line */
+ for (i = 0; i < num_certs; i++) {
+ cert = &certs[i];
+ if (cert->fn == NULL) {
+ /* Certificate not requested. Skip to the next one */
+ continue;
}
- if (bl32_present && (keys[BL32_KEY].fn == NULL)) {
- ERROR("BL32 key not specified\n");
- exit(1);
+ /* Check that all parameters required to create this certificate
+ * have been specified in the command line */
+ for (j = 0; j < cert->num_ext; j++) {
+ ext = &extensions[cert->ext[j]];
+ switch (ext->type) {
+ case EXT_TYPE_PKEY:
+ /* Key filename must be specified */
+ key = &keys[ext->data.key];
+ if (!new_keys && key->fn == NULL) {
+ ERROR("Key '%s' required by '%s' not "
+ "specified\n", key->desc,
+ cert->cn);
+ exit(1);
+ }
+ break;
+ case EXT_TYPE_HASH:
+ /* Binary image must be specified */
+ if (ext->data.fn == NULL) {
+ ERROR("Image for '%s' not specified\n",
+ ext->ln);
+ exit(1);
+ }
+ break;
+ default:
+ ERROR("Unknown extension type in '%s'\n",
+ ext->ln);
+ exit(1);
+ break;
+ }
}
}
}
@@ -295,10 +239,13 @@
STACK_OF(X509_EXTENSION) * sk = NULL;
X509_EXTENSION *cert_ext = NULL;
ext_t *ext = NULL;
- cert_t *cert;
+ key_t *key = NULL;
+ cert_t *cert = NULL;
FILE *file = NULL;
int i, j, ext_nid;
int c, opt_idx = 0;
+ const struct option *cmd_opt;
+ const char *cur_opt;
unsigned int err_code;
unsigned char md[SHA256_DIGEST_LENGTH];
const EVP_MD *md_info;
@@ -309,9 +256,37 @@
/* Set default options */
key_alg = KEY_ALG_RSA;
+ /* Add common command line options */
+ cmd_opt_add("key-alg", required_argument, 'a');
+ cmd_opt_add("help", no_argument, 'h');
+ cmd_opt_add("save-keys", no_argument, 'k');
+ cmd_opt_add("new-chain", no_argument, 'n');
+ cmd_opt_add("print-cert", no_argument, 'p');
+
+ /* Initialize the certificates */
+ if (cert_init() != 0) {
+ ERROR("Cannot initialize certificates\n");
+ exit(1);
+ }
+
+ /* Initialize the keys */
+ if (key_init() != 0) {
+ ERROR("Cannot initialize keys\n");
+ exit(1);
+ }
+
+ /* Initialize the new types and register OIDs for the extensions */
+ if (ext_init() != 0) {
+ ERROR("Cannot initialize TBB extensions\n");
+ exit(1);
+ }
+
+ /* Get the command line options populated during the initialization */
+ cmd_opt = cmd_opt_get_array();
+
while (1) {
/* getopt_long stores the option index here. */
- c = getopt_long(argc, argv, "ahknp", long_opt, &opt_idx);
+ c = getopt_long(argc, argv, "ahknp", cmd_opt, &opt_idx);
/* Detect the end of the options. */
if (c == -1) {
@@ -327,7 +302,7 @@
}
break;
case 'h':
- print_help(argv[0]);
+ print_help(argv[0], cmd_opt);
break;
case 'k':
save_keys = 1;
@@ -338,71 +313,20 @@
case 'p':
print_cert = 1;
break;
- case BL2_ID:
- extensions[BL2_HASH_EXT].data.fn = strdup(optarg);
+ case CMD_OPT_EXT:
+ cur_opt = cmd_opt_get_name(opt_idx);
+ ext = ext_get_by_opt(cur_opt);
+ ext->data.fn = strdup(optarg);
break;
- case BL30_ID:
- extensions[BL30_HASH_EXT].data.fn = strdup(optarg);
+ case CMD_OPT_KEY:
+ cur_opt = cmd_opt_get_name(opt_idx);
+ key = key_get_by_opt(cur_opt);
+ key->fn = strdup(optarg);
break;
- case BL31_ID:
- extensions[BL31_HASH_EXT].data.fn = strdup(optarg);
- break;
- case BL32_ID:
- extensions[BL32_HASH_EXT].data.fn = strdup(optarg);
- break;
- case BL33_ID:
- extensions[BL33_HASH_EXT].data.fn = strdup(optarg);
- break;
- case BL2_CERT_ID:
- certs[BL2_CERT].fn = strdup(optarg);
- break;
- case TRUSTED_KEY_CERT_ID:
- certs[TRUSTED_KEY_CERT].fn = strdup(optarg);
- break;
- case BL30_KEY_CERT_ID:
- certs[BL30_KEY_CERT].fn = strdup(optarg);
- break;
- case BL30_CERT_ID:
- certs[BL30_CERT].fn = strdup(optarg);
- break;
- case BL31_KEY_CERT_ID:
- certs[BL31_KEY_CERT].fn = strdup(optarg);
- break;
- case BL31_CERT_ID:
- certs[BL31_CERT].fn = strdup(optarg);
- break;
- case BL32_KEY_CERT_ID:
- certs[BL32_KEY_CERT].fn = strdup(optarg);
- break;
- case BL32_CERT_ID:
- certs[BL32_CERT].fn = strdup(optarg);
- break;
- case BL33_KEY_CERT_ID:
- certs[BL33_KEY_CERT].fn = strdup(optarg);
- break;
- case BL33_CERT_ID:
- certs[BL33_CERT].fn = strdup(optarg);
- break;
- case ROT_KEY_ID:
- keys[ROT_KEY].fn = strdup(optarg);
- break;
- case TRUSTED_WORLD_KEY_ID:
- keys[TRUSTED_WORLD_KEY].fn = strdup(optarg);
- break;
- case NON_TRUSTED_WORLD_KEY_ID:
- keys[NON_TRUSTED_WORLD_KEY].fn = strdup(optarg);
- break;
- case BL30_KEY_ID:
- keys[BL30_KEY].fn = strdup(optarg);
- break;
- case BL31_KEY_ID:
- keys[BL31_KEY].fn = strdup(optarg);
- break;
- case BL32_KEY_ID:
- keys[BL32_KEY].fn = strdup(optarg);
- break;
- case BL33_KEY_ID:
- keys[BL33_KEY].fn = strdup(optarg);
+ case CMD_OPT_CERT:
+ cur_opt = cmd_opt_get_name(opt_idx);
+ cert = cert_get_by_opt(cur_opt);
+ cert->fn = strdup(optarg);
break;
case '?':
default:
@@ -414,12 +338,6 @@
/* Check command line arguments */
check_cmd_params();
- /* Register the new types and OIDs for the extensions */
- if (ext_register(extensions) != 0) {
- ERROR("Cannot register TBB extensions\n");
- exit(1);
- }
-
/* Indicate SHA256 as image hash algorithm in the certificate
* extension */
md_info = EVP_sha256();
@@ -518,7 +436,7 @@
}
/* Create certificate. Signed with ROT key */
- if (!cert_new(cert, VAL_DAYS, 0, sk)) {
+ if (cert->fn && !cert_new(cert, VAL_DAYS, 0, sk)) {
ERROR("Cannot create %s\n", cert->cn);
exit(1);
}
diff --git a/tools/cert_create/src/tbbr/tbb_cert.c b/tools/cert_create/src/tbbr/tbb_cert.c
index d0ae836..770bd6a 100644
--- a/tools/cert_create/src/tbbr/tbb_cert.c
+++ b/tools/cert_create/src/tbbr/tbb_cert.c
@@ -42,6 +42,7 @@
static cert_t tbb_certs[] = {
[BL2_CERT] = {
.id = BL2_CERT,
+ .opt = "bl2-cert",
.fn = NULL,
.cn = "BL2 Certificate",
.key = ROT_KEY,
@@ -53,6 +54,7 @@
},
[TRUSTED_KEY_CERT] = {
.id = TRUSTED_KEY_CERT,
+ .opt = "trusted-key-cert",
.fn = NULL,
.cn = "Trusted Key Certificate",
.key = ROT_KEY,
@@ -65,6 +67,7 @@
},
[BL30_KEY_CERT] = {
.id = BL30_KEY_CERT,
+ .opt = "bl30-key-cert",
.fn = NULL,
.cn = "BL3-0 Key Certificate",
.key = TRUSTED_WORLD_KEY,
@@ -76,6 +79,7 @@
},
[BL30_CERT] = {
.id = BL30_CERT,
+ .opt = "bl30-cert",
.fn = NULL,
.cn = "BL3-0 Content Certificate",
.key = BL30_KEY,
@@ -87,6 +91,7 @@
},
[BL31_KEY_CERT] = {
.id = BL31_KEY_CERT,
+ .opt = "bl31-key-cert",
.fn = NULL,
.cn = "BL3-1 Key Certificate",
.key = TRUSTED_WORLD_KEY,
@@ -98,6 +103,7 @@
},
[BL31_CERT] = {
.id = BL31_CERT,
+ .opt = "bl31-cert",
.fn = NULL,
.cn = "BL3-1 Content Certificate",
.key = BL31_KEY,
@@ -109,6 +115,7 @@
},
[BL32_KEY_CERT] = {
.id = BL32_KEY_CERT,
+ .opt = "bl32-key-cert",
.fn = NULL,
.cn = "BL3-2 Key Certificate",
.key = TRUSTED_WORLD_KEY,
@@ -120,6 +127,7 @@
},
[BL32_CERT] = {
.id = BL32_CERT,
+ .opt = "bl32-cert",
.fn = NULL,
.cn = "BL3-2 Content Certificate",
.key = BL32_KEY,
@@ -131,6 +139,7 @@
},
[BL33_KEY_CERT] = {
.id = BL33_KEY_CERT,
+ .opt = "bl33-key-cert",
.fn = NULL,
.cn = "BL3-3 Key Certificate",
.key = NON_TRUSTED_WORLD_KEY,
@@ -142,6 +151,7 @@
},
[BL33_CERT] = {
.id = BL33_CERT,
+ .opt = "bl33-cert",
.fn = NULL,
.cn = "BL3-3 Content Certificate",
.key = BL33_KEY,
diff --git a/tools/cert_create/src/tbbr/tbb_ext.c b/tools/cert_create/src/tbbr/tbb_ext.c
index c4816df..c39c9e6 100644
--- a/tools/cert_create/src/tbbr/tbb_ext.c
+++ b/tools/cert_create/src/tbbr/tbb_ext.c
@@ -60,6 +60,7 @@
},
[BL2_HASH_EXT] = {
.oid = BL2_HASH_OID,
+ .opt = "bl2",
.sn = "TrustedBootFirmwareHash",
.ln = "Trusted Boot Firmware (BL2) hash (SHA256)",
.asn1_type = V_ASN1_OCTET_STRING,
@@ -91,6 +92,7 @@
},
[BL30_HASH_EXT] = {
.oid = BL30_HASH_OID,
+ .opt = "bl30",
.sn = "SCPFirmwareHash",
.ln = "SCP Firmware (BL30) hash (SHA256)",
.asn1_type = V_ASN1_OCTET_STRING,
@@ -106,6 +108,7 @@
},
[BL31_HASH_EXT] = {
.oid = BL31_HASH_OID,
+ .opt = "bl31",
.sn = "SoCAPFirmwareHash",
.ln = "SoC AP Firmware (BL31) hash (SHA256)",
.asn1_type = V_ASN1_OCTET_STRING,
@@ -121,6 +124,7 @@
},
[BL32_HASH_EXT] = {
.oid = BL32_HASH_OID,
+ .opt = "bl32",
.sn = "TrustedOSHash",
.ln = "Trusted OS (BL32) hash (SHA256)",
.asn1_type = V_ASN1_OCTET_STRING,
@@ -136,6 +140,7 @@
},
[BL33_HASH_EXT] = {
.oid = BL33_HASH_OID,
+ .opt = "bl33",
.sn = "NonTrustedWorldBootloaderHash",
.ln = "Non-Trusted World (BL33) hash (SHA256)",
.asn1_type = V_ASN1_OCTET_STRING,
diff --git a/tools/cert_create/src/tbbr/tbb_key.c b/tools/cert_create/src/tbbr/tbb_key.c
index 3685559..eaaf1ff 100644
--- a/tools/cert_create/src/tbbr/tbb_key.c
+++ b/tools/cert_create/src/tbbr/tbb_key.c
@@ -38,30 +38,37 @@
static key_t tbb_keys[] = {
[ROT_KEY] = {
.id = ROT_KEY,
+ .opt = "rot-key",
.desc = "Root Of Trust key"
},
[TRUSTED_WORLD_KEY] = {
.id = TRUSTED_WORLD_KEY,
+ .opt = "trusted-world-key",
.desc = "Trusted World key"
},
[NON_TRUSTED_WORLD_KEY] = {
.id = NON_TRUSTED_WORLD_KEY,
+ .opt = "non-trusted-world-key",
.desc = "Non Trusted World key"
},
[BL30_KEY] = {
.id = BL30_KEY,
+ .opt = "bl30-key",
.desc = "BL30 key"
},
[BL31_KEY] = {
.id = BL31_KEY,
+ .opt = "bl31-key",
.desc = "BL31 key"
},
[BL32_KEY] = {
.id = BL32_KEY,
+ .opt = "bl32-key",
.desc = "BL32 key"
},
[BL33_KEY] = {
.id = BL33_KEY,
+ .opt = "bl33-key",
.desc = "BL33 key"
}
};