Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / 3e334751b0e8a7427e29c9a882693225e3236a8c / . / plat / nxp / common / tbbr / tbbr.mk
blob: 4aac9d6343217ca1393c75d18c1b6dd2e404aaa0 [file] [log] [blame]
Pankaj Gupta713b6a52020-12-09 14:02:40 +0530[diff] [blame]1#
Biwen Li68e24192021-01-05 18:15:48 +0800[diff] [blame]2# Copyright 2020-2022 NXP
Pankaj Gupta713b6a52020-12-09 14:02:40 +0530[diff] [blame]3#
4# SPDX-License-Identifier: BSD-3-Clause
5#
6
7# For TRUSTED_BOARD_BOOT platforms need to include this makefile
8# Following definations are to be provided by platform.mk file or
9# by user - BL33_INPUT_FILE, BL32_INPUT_FILE, BL31_INPUT_FILE
10
11ifeq ($(CHASSIS), 2)
12include $(PLAT_DRIVERS_PATH)/csu/csu.mk
13CSF_FILE := input_blx_ch${CHASSIS}
14BL2_CSF_FILE := input_bl2_ch${CHASSIS}
15else
Biwen Li68e24192021-01-05 18:15:48 +0800[diff] [blame]16ifeq ($(CHASSIS), 3)
17CSF_FILE := input_blx_ch${CHASSIS}
18BL2_CSF_FILE := input_bl2_ch${CHASSIS}
19PBI_CSF_FILE := input_pbi_ch${CHASSIS}
20$(eval $(call add_define, CSF_HDR_CH3))
21else
Pankaj Gupta713b6a52020-12-09 14:02:40 +0530[diff] [blame]22ifeq ($(CHASSIS), 3_2)
23CSF_FILE := input_blx_ch3
24BL2_CSF_FILE := input_bl2_ch${CHASSIS}
25PBI_CSF_FILE := input_pbi_ch${CHASSIS}
26$(eval $(call add_define, CSF_HDR_CH3))
27else
28 $(error -> CHASSIS not set!)
29endif
30endif
Biwen Li68e24192021-01-05 18:15:48 +0800[diff] [blame]31endif
Pankaj Gupta713b6a52020-12-09 14:02:40 +0530[diff] [blame]32
33PLAT_AUTH_PATH := $(PLAT_DRIVERS_PATH)/auth
34
35
36ifeq (${BL2_INPUT_FILE},)
37 BL2_INPUT_FILE := $(PLAT_AUTH_PATH)/csf_hdr_parser/${BL2_CSF_FILE}
38endif
39
40ifeq (${PBI_INPUT_FILE},)
41 PBI_INPUT_FILE := $(PLAT_AUTH_PATH)/csf_hdr_parser/${PBI_CSF_FILE}
42endif
43
44# If MBEDTLS_DIR is not specified, use CSF Header option
45ifeq (${MBEDTLS_DIR},)
46 # Generic image processing filters to prepend CSF header
47 ifeq (${BL33_INPUT_FILE},)
48 BL33_INPUT_FILE := $(PLAT_AUTH_PATH)/csf_hdr_parser/${CSF_FILE}
49 endif
50
51 ifeq (${BL31_INPUT_FILE},)
52 BL31_INPUT_FILE := $(PLAT_AUTH_PATH)/csf_hdr_parser/${CSF_FILE}
53 endif
54
55 ifeq (${BL32_INPUT_FILE},)
56 BL32_INPUT_FILE := $(PLAT_AUTH_PATH)/csf_hdr_parser/${CSF_FILE}
57 endif
58
59 ifeq (${FUSE_INPUT_FILE},)
60 FUSE_INPUT_FILE := $(PLAT_AUTH_PATH)/csf_hdr_parser/${CSF_FILE}
61 endif
62
63 PLAT_INCLUDES += -I$(PLAT_DRIVERS_PATH)/sfp
64 PLAT_TBBR_SOURCES += $(PLAT_AUTH_PATH)/csf_hdr_parser/cot.c \
65 $(PLAT_COMMON_PATH)/tbbr/csf_tbbr.c
66 # IMG PARSER here is CSF header parser
67 include $(PLAT_DRIVERS_PATH)/auth/csf_hdr_parser/csf_hdr.mk
68 PLAT_TBBR_SOURCES += $(CSF_HDR_SOURCES)
69
70 SCP_BL2_PRE_TOOL_FILTER := CST_SCP_BL2
71 BL31_PRE_TOOL_FILTER := CST_BL31
72 BL32_PRE_TOOL_FILTER := CST_BL32
73 BL33_PRE_TOOL_FILTER := CST_BL33
74else
75
76 ifeq (${DISABLE_FUSE_WRITE}, 1)
77 $(eval $(call add_define,DISABLE_FUSE_WRITE))
78 endif
79
80 # For Mbedtls currently crypto is not supported via CAAM
81 # enable it when that support is there
82 CAAM_INTEG := 0
83 KEY_ALG := rsa
84 KEY_SIZE := 2048
85
86 $(eval $(call add_define,MBEDTLS_X509))
87 ifeq (${PLAT_DDR_PHY},PHY_GEN2)
88 $(eval $(call add_define,PLAT_DEF_OID))
89 endif
90 include drivers/auth/mbedtls/mbedtls_x509.mk
91
92
93 PLAT_TBBR_SOURCES += $(PLAT_AUTH_PATH)/tbbr/tbbr_cot.c \
94 $(PLAT_COMMON_PATH)/tbbr/nxp_rotpk.S \
95 $(PLAT_COMMON_PATH)/tbbr/x509_tbbr.c
96
97 #ROTPK key is embedded in BL2 image
98 ifeq (${ROT_KEY},)
99 ROT_KEY = $(BUILD_PLAT)/rot_key.pem
100 endif
101
102 ifeq (${SAVE_KEYS},1)
103
104 ifeq (${TRUSTED_WORLD_KEY},)
105 TRUSTED_WORLD_KEY = ${BUILD_PLAT}/trusted.pem
106 endif
107
108 ifeq (${NON_TRUSTED_WORLD_KEY},)
109 NON_TRUSTED_WORLD_KEY = ${BUILD_PLAT}/non-trusted.pem
110 endif
111
112 ifeq (${BL31_KEY},)
113 BL31_KEY = ${BUILD_PLAT}/soc.pem
114 endif
115
116 ifeq (${BL32_KEY},)
117 BL32_KEY = ${BUILD_PLAT}/trusted_os.pem
118 endif
119
120 ifeq (${BL33_KEY},)
121 BL33_KEY = ${BUILD_PLAT}/non-trusted_os.pem
122 endif
123
124 endif
125
126 ROTPK_HASH = $(BUILD_PLAT)/rotpk_sha256.bin
127
128 $(eval $(call add_define_val,ROTPK_HASH,'"$(ROTPK_HASH)"'))
129
130 $(BUILD_PLAT)/bl2/nxp_rotpk.o: $(ROTPK_HASH)
131
132 certificates: $(ROT_KEY)
133 $(ROT_KEY): | $(BUILD_PLAT)
134 @echo " OPENSSL $@"
135 @if [ ! -f $(ROT_KEY) ]; then \
Salome Thirot0b35da32022-07-14 16:14:15 +0100[diff] [blame]136 ${OPENSSL_BIN_PATH}/openssl genrsa 2048 > $@ 2>/dev/null; \
Pankaj Gupta713b6a52020-12-09 14:02:40 +0530[diff] [blame]137 fi
138
139 $(ROTPK_HASH): $(ROT_KEY)
140 @echo " OPENSSL $@"
Salome Thirot0b35da32022-07-14 16:14:15 +0100[diff] [blame]141 $(Q)${OPENSSL_BIN_PATH}/openssl rsa -in $< -pubout -outform DER 2>/dev/null |\
142 ${OPENSSL_BIN_PATH}/openssl dgst -sha256 -binary > $@ 2>/dev/null
Pankaj Gupta713b6a52020-12-09 14:02:40 +0530[diff] [blame]143
144endif #MBEDTLS_DIR
145
146PLAT_INCLUDES += -Iinclude/common/tbbr
147
148# Generic files for authentication framework
149TBBR_SOURCES += drivers/auth/auth_mod.c \
150 drivers/auth/crypto_mod.c \
151 drivers/auth/img_parser_mod.c \
152 plat/common/tbbr/plat_tbbr.c \
153 ${PLAT_TBBR_SOURCES}
154
155# If CAAM_INTEG is not defined (would be scenario with MBED TLS)
156# include mbedtls_crypto
157ifeq (${CAAM_INTEG},0)
158 include drivers/auth/mbedtls/mbedtls_crypto.mk
159else
160 include $(PLAT_DRIVERS_PATH)/crypto/caam/src/auth/auth.mk
161 TBBR_SOURCES += ${AUTH_SOURCES}
162endif