blob: 25852ba79378a79cd978a77d0899ed2baba3212f [file] [log] [blame]
Pankaj Gupta713b6a52020-12-09 14:02:40 +05301#
2# Copyright 2020 NXP
3#
4# SPDX-License-Identifier: BSD-3-Clause
5#
6
7# For TRUSTED_BOARD_BOOT platforms need to include this makefile
8# Following definations are to be provided by platform.mk file or
9# by user - BL33_INPUT_FILE, BL32_INPUT_FILE, BL31_INPUT_FILE
10
11ifeq ($(CHASSIS), 2)
12include $(PLAT_DRIVERS_PATH)/csu/csu.mk
13CSF_FILE := input_blx_ch${CHASSIS}
14BL2_CSF_FILE := input_bl2_ch${CHASSIS}
15else
16ifeq ($(CHASSIS), 3_2)
17CSF_FILE := input_blx_ch3
18BL2_CSF_FILE := input_bl2_ch${CHASSIS}
19PBI_CSF_FILE := input_pbi_ch${CHASSIS}
20$(eval $(call add_define, CSF_HDR_CH3))
21else
22 $(error -> CHASSIS not set!)
23endif
24endif
25
26PLAT_AUTH_PATH := $(PLAT_DRIVERS_PATH)/auth
27
28
29ifeq (${BL2_INPUT_FILE},)
30 BL2_INPUT_FILE := $(PLAT_AUTH_PATH)/csf_hdr_parser/${BL2_CSF_FILE}
31endif
32
33ifeq (${PBI_INPUT_FILE},)
34 PBI_INPUT_FILE := $(PLAT_AUTH_PATH)/csf_hdr_parser/${PBI_CSF_FILE}
35endif
36
37# If MBEDTLS_DIR is not specified, use CSF Header option
38ifeq (${MBEDTLS_DIR},)
39 # Generic image processing filters to prepend CSF header
40 ifeq (${BL33_INPUT_FILE},)
41 BL33_INPUT_FILE := $(PLAT_AUTH_PATH)/csf_hdr_parser/${CSF_FILE}
42 endif
43
44 ifeq (${BL31_INPUT_FILE},)
45 BL31_INPUT_FILE := $(PLAT_AUTH_PATH)/csf_hdr_parser/${CSF_FILE}
46 endif
47
48 ifeq (${BL32_INPUT_FILE},)
49 BL32_INPUT_FILE := $(PLAT_AUTH_PATH)/csf_hdr_parser/${CSF_FILE}
50 endif
51
52 ifeq (${FUSE_INPUT_FILE},)
53 FUSE_INPUT_FILE := $(PLAT_AUTH_PATH)/csf_hdr_parser/${CSF_FILE}
54 endif
55
56 PLAT_INCLUDES += -I$(PLAT_DRIVERS_PATH)/sfp
57 PLAT_TBBR_SOURCES += $(PLAT_AUTH_PATH)/csf_hdr_parser/cot.c \
58 $(PLAT_COMMON_PATH)/tbbr/csf_tbbr.c
59 # IMG PARSER here is CSF header parser
60 include $(PLAT_DRIVERS_PATH)/auth/csf_hdr_parser/csf_hdr.mk
61 PLAT_TBBR_SOURCES += $(CSF_HDR_SOURCES)
62
63 SCP_BL2_PRE_TOOL_FILTER := CST_SCP_BL2
64 BL31_PRE_TOOL_FILTER := CST_BL31
65 BL32_PRE_TOOL_FILTER := CST_BL32
66 BL33_PRE_TOOL_FILTER := CST_BL33
67else
68
69 ifeq (${DISABLE_FUSE_WRITE}, 1)
70 $(eval $(call add_define,DISABLE_FUSE_WRITE))
71 endif
72
73 # For Mbedtls currently crypto is not supported via CAAM
74 # enable it when that support is there
75 CAAM_INTEG := 0
76 KEY_ALG := rsa
77 KEY_SIZE := 2048
78
79 $(eval $(call add_define,MBEDTLS_X509))
80 ifeq (${PLAT_DDR_PHY},PHY_GEN2)
81 $(eval $(call add_define,PLAT_DEF_OID))
82 endif
83 include drivers/auth/mbedtls/mbedtls_x509.mk
84
85
86 PLAT_TBBR_SOURCES += $(PLAT_AUTH_PATH)/tbbr/tbbr_cot.c \
87 $(PLAT_COMMON_PATH)/tbbr/nxp_rotpk.S \
88 $(PLAT_COMMON_PATH)/tbbr/x509_tbbr.c
89
90 #ROTPK key is embedded in BL2 image
91 ifeq (${ROT_KEY},)
92 ROT_KEY = $(BUILD_PLAT)/rot_key.pem
93 endif
94
95 ifeq (${SAVE_KEYS},1)
96
97 ifeq (${TRUSTED_WORLD_KEY},)
98 TRUSTED_WORLD_KEY = ${BUILD_PLAT}/trusted.pem
99 endif
100
101 ifeq (${NON_TRUSTED_WORLD_KEY},)
102 NON_TRUSTED_WORLD_KEY = ${BUILD_PLAT}/non-trusted.pem
103 endif
104
105 ifeq (${BL31_KEY},)
106 BL31_KEY = ${BUILD_PLAT}/soc.pem
107 endif
108
109 ifeq (${BL32_KEY},)
110 BL32_KEY = ${BUILD_PLAT}/trusted_os.pem
111 endif
112
113 ifeq (${BL33_KEY},)
114 BL33_KEY = ${BUILD_PLAT}/non-trusted_os.pem
115 endif
116
117 endif
118
119 ROTPK_HASH = $(BUILD_PLAT)/rotpk_sha256.bin
120
121 $(eval $(call add_define_val,ROTPK_HASH,'"$(ROTPK_HASH)"'))
122
123 $(BUILD_PLAT)/bl2/nxp_rotpk.o: $(ROTPK_HASH)
124
125 certificates: $(ROT_KEY)
126 $(ROT_KEY): | $(BUILD_PLAT)
127 @echo " OPENSSL $@"
128 @if [ ! -f $(ROT_KEY) ]; then \
129 openssl genrsa 2048 > $@ 2>/dev/null; \
130 fi
131
132 $(ROTPK_HASH): $(ROT_KEY)
133 @echo " OPENSSL $@"
134 $(Q)openssl rsa -in $< -pubout -outform DER 2>/dev/null |\
135 openssl dgst -sha256 -binary > $@ 2>/dev/null
136
137endif #MBEDTLS_DIR
138
139PLAT_INCLUDES += -Iinclude/common/tbbr
140
141# Generic files for authentication framework
142TBBR_SOURCES += drivers/auth/auth_mod.c \
143 drivers/auth/crypto_mod.c \
144 drivers/auth/img_parser_mod.c \
145 plat/common/tbbr/plat_tbbr.c \
146 ${PLAT_TBBR_SOURCES}
147
148# If CAAM_INTEG is not defined (would be scenario with MBED TLS)
149# include mbedtls_crypto
150ifeq (${CAAM_INTEG},0)
151 include drivers/auth/mbedtls/mbedtls_crypto.mk
152else
153 include $(PLAT_DRIVERS_PATH)/crypto/caam/src/auth/auth.mk
154 TBBR_SOURCES += ${AUTH_SOURCES}
155endif