1*91f16700Schasinglulu# 2*91f16700Schasinglulu# Copyright 2020-2022 NXP 3*91f16700Schasinglulu# 4*91f16700Schasinglulu# SPDX-License-Identifier: BSD-3-Clause 5*91f16700Schasinglulu# 6*91f16700Schasinglulu 7*91f16700Schasinglulu# For TRUSTED_BOARD_BOOT platforms need to include this makefile 8*91f16700Schasinglulu# Following definations are to be provided by platform.mk file or 9*91f16700Schasinglulu# by user - BL33_INPUT_FILE, BL32_INPUT_FILE, BL31_INPUT_FILE 10*91f16700Schasinglulu 11*91f16700Schasingluluifeq ($(CHASSIS), 2) 12*91f16700Schasingluluinclude $(PLAT_DRIVERS_PATH)/csu/csu.mk 13*91f16700SchasingluluCSF_FILE := input_blx_ch${CHASSIS} 14*91f16700SchasingluluBL2_CSF_FILE := input_bl2_ch${CHASSIS} 15*91f16700Schasingluluelse 16*91f16700Schasingluluifeq ($(CHASSIS), 3) 17*91f16700SchasingluluCSF_FILE := input_blx_ch${CHASSIS} 18*91f16700SchasingluluBL2_CSF_FILE := input_bl2_ch${CHASSIS} 19*91f16700SchasingluluPBI_CSF_FILE := input_pbi_ch${CHASSIS} 20*91f16700Schasinglulu$(eval $(call add_define, CSF_HDR_CH3)) 21*91f16700Schasingluluelse 22*91f16700Schasingluluifeq ($(CHASSIS), 3_2) 23*91f16700SchasingluluCSF_FILE := input_blx_ch3 24*91f16700SchasingluluBL2_CSF_FILE := input_bl2_ch${CHASSIS} 25*91f16700SchasingluluPBI_CSF_FILE := input_pbi_ch${CHASSIS} 26*91f16700Schasinglulu$(eval $(call add_define, CSF_HDR_CH3)) 27*91f16700Schasingluluelse 28*91f16700Schasinglulu $(error -> CHASSIS not set!) 29*91f16700Schasingluluendif 30*91f16700Schasingluluendif 31*91f16700Schasingluluendif 32*91f16700Schasinglulu 33*91f16700SchasingluluPLAT_AUTH_PATH := $(PLAT_DRIVERS_PATH)/auth 34*91f16700Schasinglulu 35*91f16700Schasinglulu 36*91f16700Schasingluluifeq (${BL2_INPUT_FILE},) 37*91f16700Schasinglulu BL2_INPUT_FILE := $(PLAT_AUTH_PATH)/csf_hdr_parser/${BL2_CSF_FILE} 38*91f16700Schasingluluendif 39*91f16700Schasinglulu 40*91f16700Schasingluluifeq (${PBI_INPUT_FILE},) 41*91f16700Schasinglulu PBI_INPUT_FILE := $(PLAT_AUTH_PATH)/csf_hdr_parser/${PBI_CSF_FILE} 42*91f16700Schasingluluendif 43*91f16700Schasinglulu 44*91f16700Schasinglulu# If MBEDTLS_DIR is not specified, use CSF Header option 45*91f16700Schasingluluifeq (${MBEDTLS_DIR},) 46*91f16700Schasinglulu # Generic image processing filters to prepend CSF header 47*91f16700Schasinglulu ifeq (${BL33_INPUT_FILE},) 48*91f16700Schasinglulu BL33_INPUT_FILE := $(PLAT_AUTH_PATH)/csf_hdr_parser/${CSF_FILE} 49*91f16700Schasinglulu endif 50*91f16700Schasinglulu 51*91f16700Schasinglulu ifeq (${BL31_INPUT_FILE},) 52*91f16700Schasinglulu BL31_INPUT_FILE := $(PLAT_AUTH_PATH)/csf_hdr_parser/${CSF_FILE} 53*91f16700Schasinglulu endif 54*91f16700Schasinglulu 55*91f16700Schasinglulu ifeq (${BL32_INPUT_FILE},) 56*91f16700Schasinglulu BL32_INPUT_FILE := $(PLAT_AUTH_PATH)/csf_hdr_parser/${CSF_FILE} 57*91f16700Schasinglulu endif 58*91f16700Schasinglulu 59*91f16700Schasinglulu ifeq (${FUSE_INPUT_FILE},) 60*91f16700Schasinglulu FUSE_INPUT_FILE := $(PLAT_AUTH_PATH)/csf_hdr_parser/${CSF_FILE} 61*91f16700Schasinglulu endif 62*91f16700Schasinglulu 63*91f16700Schasinglulu PLAT_INCLUDES += -I$(PLAT_DRIVERS_PATH)/sfp 64*91f16700Schasinglulu PLAT_TBBR_SOURCES += $(PLAT_AUTH_PATH)/csf_hdr_parser/cot.c \ 65*91f16700Schasinglulu $(PLAT_COMMON_PATH)/tbbr/csf_tbbr.c 66*91f16700Schasinglulu # IMG PARSER here is CSF header parser 67*91f16700Schasinglulu include $(PLAT_DRIVERS_PATH)/auth/csf_hdr_parser/csf_hdr.mk 68*91f16700Schasinglulu PLAT_TBBR_SOURCES += $(CSF_HDR_SOURCES) 69*91f16700Schasinglulu 70*91f16700Schasinglulu SCP_BL2_PRE_TOOL_FILTER := CST_SCP_BL2 71*91f16700Schasinglulu BL31_PRE_TOOL_FILTER := CST_BL31 72*91f16700Schasinglulu BL32_PRE_TOOL_FILTER := CST_BL32 73*91f16700Schasinglulu BL33_PRE_TOOL_FILTER := CST_BL33 74*91f16700Schasingluluelse 75*91f16700Schasinglulu 76*91f16700Schasinglulu ifeq (${DISABLE_FUSE_WRITE}, 1) 77*91f16700Schasinglulu $(eval $(call add_define,DISABLE_FUSE_WRITE)) 78*91f16700Schasinglulu endif 79*91f16700Schasinglulu 80*91f16700Schasinglulu # For Mbedtls currently crypto is not supported via CAAM 81*91f16700Schasinglulu # enable it when that support is there 82*91f16700Schasinglulu CAAM_INTEG := 0 83*91f16700Schasinglulu KEY_ALG := rsa 84*91f16700Schasinglulu KEY_SIZE := 2048 85*91f16700Schasinglulu 86*91f16700Schasinglulu $(eval $(call add_define,MBEDTLS_X509)) 87*91f16700Schasinglulu ifeq (${PLAT_DDR_PHY},PHY_GEN2) 88*91f16700Schasinglulu $(eval $(call add_define,PLAT_DEF_OID)) 89*91f16700Schasinglulu endif 90*91f16700Schasinglulu include drivers/auth/mbedtls/mbedtls_x509.mk 91*91f16700Schasinglulu 92*91f16700Schasinglulu 93*91f16700Schasinglulu PLAT_TBBR_SOURCES += $(PLAT_AUTH_PATH)/tbbr/tbbr_cot.c \ 94*91f16700Schasinglulu $(PLAT_COMMON_PATH)/tbbr/nxp_rotpk.S \ 95*91f16700Schasinglulu $(PLAT_COMMON_PATH)/tbbr/x509_tbbr.c 96*91f16700Schasinglulu 97*91f16700Schasinglulu #ROTPK key is embedded in BL2 image 98*91f16700Schasinglulu ifeq (${ROT_KEY},) 99*91f16700Schasinglulu ROT_KEY = $(BUILD_PLAT)/rot_key.pem 100*91f16700Schasinglulu endif 101*91f16700Schasinglulu 102*91f16700Schasinglulu ifeq (${SAVE_KEYS},1) 103*91f16700Schasinglulu 104*91f16700Schasinglulu ifeq (${TRUSTED_WORLD_KEY},) 105*91f16700Schasinglulu TRUSTED_WORLD_KEY = ${BUILD_PLAT}/trusted.pem 106*91f16700Schasinglulu endif 107*91f16700Schasinglulu 108*91f16700Schasinglulu ifeq (${NON_TRUSTED_WORLD_KEY},) 109*91f16700Schasinglulu NON_TRUSTED_WORLD_KEY = ${BUILD_PLAT}/non-trusted.pem 110*91f16700Schasinglulu endif 111*91f16700Schasinglulu 112*91f16700Schasinglulu ifeq (${BL31_KEY},) 113*91f16700Schasinglulu BL31_KEY = ${BUILD_PLAT}/soc.pem 114*91f16700Schasinglulu endif 115*91f16700Schasinglulu 116*91f16700Schasinglulu ifeq (${BL32_KEY},) 117*91f16700Schasinglulu BL32_KEY = ${BUILD_PLAT}/trusted_os.pem 118*91f16700Schasinglulu endif 119*91f16700Schasinglulu 120*91f16700Schasinglulu ifeq (${BL33_KEY},) 121*91f16700Schasinglulu BL33_KEY = ${BUILD_PLAT}/non-trusted_os.pem 122*91f16700Schasinglulu endif 123*91f16700Schasinglulu 124*91f16700Schasinglulu endif 125*91f16700Schasinglulu 126*91f16700Schasinglulu ROTPK_HASH = $(BUILD_PLAT)/rotpk_sha256.bin 127*91f16700Schasinglulu 128*91f16700Schasinglulu $(eval $(call add_define_val,ROTPK_HASH,'"$(ROTPK_HASH)"')) 129*91f16700Schasinglulu 130*91f16700Schasinglulu $(BUILD_PLAT)/bl2/nxp_rotpk.o: $(ROTPK_HASH) 131*91f16700Schasinglulu 132*91f16700Schasinglulu certificates: $(ROT_KEY) 133*91f16700Schasinglulu $(ROT_KEY): | $(BUILD_PLAT) 134*91f16700Schasinglulu @echo " OPENSSL $@" 135*91f16700Schasinglulu @if [ ! -f $(ROT_KEY) ]; then \ 136*91f16700Schasinglulu ${OPENSSL_BIN_PATH}/openssl genrsa 2048 > $@ 2>/dev/null; \ 137*91f16700Schasinglulu fi 138*91f16700Schasinglulu 139*91f16700Schasinglulu $(ROTPK_HASH): $(ROT_KEY) 140*91f16700Schasinglulu @echo " OPENSSL $@" 141*91f16700Schasinglulu $(Q)${OPENSSL_BIN_PATH}/openssl rsa -in $< -pubout -outform DER 2>/dev/null |\ 142*91f16700Schasinglulu ${OPENSSL_BIN_PATH}/openssl dgst -sha256 -binary > $@ 2>/dev/null 143*91f16700Schasinglulu 144*91f16700Schasingluluendif #MBEDTLS_DIR 145*91f16700Schasinglulu 146*91f16700SchasingluluPLAT_INCLUDES += -Iinclude/common/tbbr 147*91f16700Schasinglulu 148*91f16700Schasinglulu# Generic files for authentication framework 149*91f16700SchasingluluTBBR_SOURCES += drivers/auth/auth_mod.c \ 150*91f16700Schasinglulu drivers/auth/crypto_mod.c \ 151*91f16700Schasinglulu drivers/auth/img_parser_mod.c \ 152*91f16700Schasinglulu plat/common/tbbr/plat_tbbr.c \ 153*91f16700Schasinglulu ${PLAT_TBBR_SOURCES} 154*91f16700Schasinglulu 155*91f16700Schasinglulu# If CAAM_INTEG is not defined (would be scenario with MBED TLS) 156*91f16700Schasinglulu# include mbedtls_crypto 157*91f16700Schasingluluifeq (${CAAM_INTEG},0) 158*91f16700Schasinglulu include drivers/auth/mbedtls/mbedtls_crypto.mk 159*91f16700Schasingluluelse 160*91f16700Schasinglulu include $(PLAT_DRIVERS_PATH)/crypto/caam/src/auth/auth.mk 161*91f16700Schasinglulu TBBR_SOURCES += ${AUTH_SOURCES} 162*91f16700Schasingluluendif 163