| # |
| # Copyright (c) 2013-2024, Arm Limited and Contributors. All rights reserved. |
| # |
| # SPDX-License-Identifier: BSD-3-Clause |
| # |
| |
| include lib/libfdt/libfdt.mk |
| include lib/xlat_tables_v2/xlat_tables.mk |
| |
| PLAT_INCLUDES := -Iplat/rpi/common/include \ |
| -Iplat/rpi/rpi3/include |
| |
| PLAT_BL_COMMON_SOURCES := drivers/ti/uart/aarch64/16550_console.S \ |
| drivers/arm/pl011/aarch64/pl011_console.S \ |
| drivers/gpio/gpio.c \ |
| drivers/delay_timer/delay_timer.c \ |
| drivers/rpi3/gpio/rpi3_gpio.c \ |
| plat/rpi/common/aarch64/plat_helpers.S \ |
| plat/rpi/common/rpi3_common.c \ |
| plat/rpi/common/rpi3_console_dual.c \ |
| ${XLAT_TABLES_LIB_SRCS} |
| |
| BL1_SOURCES += drivers/io/io_fip.c \ |
| drivers/io/io_memmap.c \ |
| drivers/io/io_storage.c \ |
| drivers/delay_timer/generic_delay_timer.c \ |
| lib/cpus/aarch64/cortex_a53.S \ |
| plat/common/aarch64/platform_mp_stack.S \ |
| plat/rpi/rpi3/rpi3_bl1_setup.c \ |
| plat/rpi/common/rpi3_io_storage.c \ |
| drivers/rpi3/mailbox/rpi3_mbox.c \ |
| plat/rpi/rpi3/rpi_mbox_board.c |
| |
| BL2_SOURCES += common/desc_image_load.c \ |
| drivers/io/io_fip.c \ |
| drivers/io/io_memmap.c \ |
| drivers/io/io_storage.c \ |
| drivers/delay_timer/generic_delay_timer.c \ |
| drivers/io/io_block.c \ |
| drivers/mmc/mmc.c \ |
| drivers/rpi3/sdhost/rpi3_sdhost.c \ |
| plat/common/aarch64/platform_mp_stack.S \ |
| plat/rpi/rpi3/aarch64/rpi3_bl2_mem_params_desc.c \ |
| plat/rpi/rpi3/rpi3_bl2_setup.c \ |
| plat/rpi/common/rpi3_image_load.c \ |
| plat/rpi/common/rpi3_io_storage.c |
| |
| BL31_SOURCES += lib/cpus/aarch64/cortex_a53.S \ |
| plat/common/plat_gicv2.c \ |
| plat/common/plat_psci_common.c \ |
| plat/rpi/rpi3/rpi3_bl31_setup.c \ |
| plat/rpi/common/rpi3_pm.c \ |
| plat/rpi/common/rpi3_topology.c \ |
| ${LIBFDT_SRCS} |
| |
| # Tune compiler for Cortex-A53 |
| ifeq ($($(ARCH)-cc-id),arm-clang) |
| TF_CFLAGS_aarch64 += -mcpu=cortex-a53 |
| else ifneq ($(filter %-clang,$($(ARCH)-cc-id)),) |
| TF_CFLAGS_aarch64 += -mcpu=cortex-a53 |
| else |
| TF_CFLAGS_aarch64 += -mtune=cortex-a53 |
| endif |
| |
| # Platform Makefile target |
| # ------------------------ |
| |
| RPI3_BL1_PAD_BIN := ${BUILD_PLAT}/bl1_pad.bin |
| RPI3_ARMSTUB8_BIN := ${BUILD_PLAT}/armstub8.bin |
| |
| # Add new default target when compiling this platform |
| all: armstub |
| |
| # This target concatenates BL1 and the FIP so that the base addresses match the |
| # ones defined in the memory map |
| armstub: bl1 fip |
| $(s)echo " CAT $@" |
| $(q)cp ${BUILD_PLAT}/bl1.bin ${RPI3_BL1_PAD_BIN} |
| $(q)truncate --size=131072 ${RPI3_BL1_PAD_BIN} |
| $(q)cat ${RPI3_BL1_PAD_BIN} ${BUILD_PLAT}/fip.bin > ${RPI3_ARMSTUB8_BIN} |
| $(s)echo |
| $(s)echo "Built $@ successfully" |
| $(s)echo |
| |
| # Build config flags |
| # ------------------ |
| |
| # Enable all errata workarounds for Cortex-A53 |
| ERRATA_A53_826319 := 1 |
| ERRATA_A53_835769 := 1 |
| ERRATA_A53_836870 := 1 |
| ERRATA_A53_843419 := 1 |
| ERRATA_A53_855873 := 1 |
| |
| WORKAROUND_CVE_2017_5715 := 0 |
| |
| # Disable stack protector by default |
| ENABLE_STACK_PROTECTOR := 0 |
| |
| # Reset to BL31 isn't supported |
| RESET_TO_BL31 := 0 |
| |
| # Have different sections for code and rodata |
| SEPARATE_CODE_AND_RODATA := 1 |
| |
| # Use Coherent memory |
| USE_COHERENT_MEM := 1 |
| |
| # Platform build flags |
| # -------------------- |
| |
| # BL33 images are in AArch64 by default |
| RPI3_BL33_IN_AARCH32 := 0 |
| |
| # Assume that BL33 isn't the Linux kernel by default |
| RPI3_DIRECT_LINUX_BOOT := 0 |
| |
| # UART to use at runtime. -1 means the runtime UART is disabled. |
| # Any other value means the default UART will be used. |
| RPI3_RUNTIME_UART := -1 |
| |
| # Use normal memory mapping for ROM, FIP, SRAM and DRAM |
| RPI3_USE_UEFI_MAP := 0 |
| |
| # BL32 location |
| RPI3_BL32_RAM_LOCATION := tdram |
| ifeq (${RPI3_BL32_RAM_LOCATION}, tsram) |
| RPI3_BL32_RAM_LOCATION_ID = SEC_SRAM_ID |
| else ifeq (${RPI3_BL32_RAM_LOCATION}, tdram) |
| RPI3_BL32_RAM_LOCATION_ID = SEC_DRAM_ID |
| else |
| $(error "Unsupported RPI3_BL32_RAM_LOCATION value") |
| endif |
| |
| # Process platform flags |
| # ---------------------- |
| |
| $(eval $(call add_define,RPI3_BL32_RAM_LOCATION_ID)) |
| $(eval $(call add_define,RPI3_BL33_IN_AARCH32)) |
| $(eval $(call add_define,RPI3_DIRECT_LINUX_BOOT)) |
| ifdef RPI3_PRELOADED_DTB_BASE |
| $(eval $(call add_define,RPI3_PRELOADED_DTB_BASE)) |
| endif |
| $(eval $(call add_define,RPI3_RUNTIME_UART)) |
| $(eval $(call add_define,RPI3_USE_UEFI_MAP)) |
| |
| # Verify build config |
| # ------------------- |
| # |
| ifneq (${RPI3_DIRECT_LINUX_BOOT}, 0) |
| ifndef RPI3_PRELOADED_DTB_BASE |
| $(error Error: RPI3_PRELOADED_DTB_BASE needed if RPI3_DIRECT_LINUX_BOOT=1) |
| endif |
| endif |
| |
| ifneq (${RESET_TO_BL31}, 0) |
| $(error Error: rpi3 needs RESET_TO_BL31=0) |
| endif |
| |
| ifeq (${ARCH},aarch32) |
| $(error Error: AArch32 not supported on rpi3) |
| endif |
| |
| ifneq ($(ENABLE_STACK_PROTECTOR), 0) |
| PLAT_BL_COMMON_SOURCES += drivers/rpi3/rng/rpi3_rng.c \ |
| plat/rpi/common/rpi3_stack_protector.c |
| endif |
| |
| ifeq (${SPD},opteed) |
| BL2_SOURCES += \ |
| lib/optee/optee_utils.c |
| endif |
| |
| # Add the build options to pack Trusted OS Extra1 and Trusted OS Extra2 images |
| # in the FIP if the platform requires. |
| ifneq ($(BL32_EXTRA1),) |
| $(eval $(call TOOL_ADD_IMG,BL32_EXTRA1,--tos-fw-extra1)) |
| endif |
| ifneq ($(BL32_EXTRA2),) |
| $(eval $(call TOOL_ADD_IMG,BL32_EXTRA2,--tos-fw-extra2)) |
| endif |
| |
| ifneq (${TRUSTED_BOARD_BOOT},0) |
| |
| include drivers/auth/mbedtls/mbedtls_crypto.mk |
| include drivers/auth/mbedtls/mbedtls_x509.mk |
| |
| AUTH_SOURCES := drivers/auth/auth_mod.c \ |
| drivers/auth/crypto_mod.c \ |
| drivers/auth/img_parser_mod.c \ |
| drivers/auth/tbbr/tbbr_cot_common.c |
| |
| BL1_SOURCES += ${AUTH_SOURCES} \ |
| bl1/tbbr/tbbr_img_desc.c \ |
| plat/common/tbbr/plat_tbbr.c \ |
| plat/rpi/common/rpi3_trusted_boot.c \ |
| plat/rpi/common/rpi3_rotpk.S \ |
| drivers/auth/tbbr/tbbr_cot_bl1.c |
| |
| BL2_SOURCES += ${AUTH_SOURCES} \ |
| plat/common/tbbr/plat_tbbr.c \ |
| plat/rpi/common/rpi3_trusted_boot.c \ |
| plat/rpi/common/rpi3_rotpk.S \ |
| drivers/auth/tbbr/tbbr_cot_bl2.c |
| |
| ROT_KEY = $(BUILD_PLAT)/rot_key.pem |
| ROTPK_HASH = $(BUILD_PLAT)/rotpk_sha256.bin |
| |
| $(eval $(call add_define_val,ROTPK_HASH,'"$(ROTPK_HASH)"')) |
| |
| $(BUILD_PLAT)/bl1/rpi3_rotpk.o: $(ROTPK_HASH) |
| $(BUILD_PLAT)/bl2/rpi3_rotpk.o: $(ROTPK_HASH) |
| |
| certificates: $(ROT_KEY) |
| |
| $(ROT_KEY): | $(BUILD_PLAT) |
| $(s)echo " OPENSSL $@" |
| $(q)${OPENSSL_BIN_PATH}/openssl genrsa 2048 > $@ 2>/dev/null |
| |
| $(ROTPK_HASH): $(ROT_KEY) |
| $(s)echo " OPENSSL $@" |
| $(q)${OPENSSL_BIN_PATH}/openssl rsa -in $< -pubout -outform DER 2>/dev/null |\ |
| ${OPENSSL_BIN_PATH}/openssl dgst -sha256 -binary > $@ 2>/dev/null |
| endif |