1*91f16700Schasinglulu# 2*91f16700Schasinglulu# Copyright (c) 2013-2023, Arm Limited and Contributors. All rights reserved. 3*91f16700Schasinglulu# 4*91f16700Schasinglulu# SPDX-License-Identifier: BSD-3-Clause 5*91f16700Schasinglulu# 6*91f16700Schasinglulu 7*91f16700Schasingluluinclude lib/libfdt/libfdt.mk 8*91f16700Schasingluluinclude lib/xlat_tables_v2/xlat_tables.mk 9*91f16700Schasinglulu 10*91f16700SchasingluluPLAT_INCLUDES := -Iplat/rpi/common/include \ 11*91f16700Schasinglulu -Iplat/rpi/rpi3/include 12*91f16700Schasinglulu 13*91f16700SchasingluluPLAT_BL_COMMON_SOURCES := drivers/ti/uart/aarch64/16550_console.S \ 14*91f16700Schasinglulu drivers/arm/pl011/aarch64/pl011_console.S \ 15*91f16700Schasinglulu drivers/gpio/gpio.c \ 16*91f16700Schasinglulu drivers/delay_timer/delay_timer.c \ 17*91f16700Schasinglulu drivers/rpi3/gpio/rpi3_gpio.c \ 18*91f16700Schasinglulu plat/rpi/common/aarch64/plat_helpers.S \ 19*91f16700Schasinglulu plat/rpi/common/rpi3_common.c \ 20*91f16700Schasinglulu ${XLAT_TABLES_LIB_SRCS} 21*91f16700Schasinglulu 22*91f16700SchasingluluBL1_SOURCES += drivers/io/io_fip.c \ 23*91f16700Schasinglulu drivers/io/io_memmap.c \ 24*91f16700Schasinglulu drivers/io/io_storage.c \ 25*91f16700Schasinglulu lib/cpus/aarch64/cortex_a53.S \ 26*91f16700Schasinglulu plat/common/aarch64/platform_mp_stack.S \ 27*91f16700Schasinglulu plat/rpi/rpi3/rpi3_bl1_setup.c \ 28*91f16700Schasinglulu plat/rpi/common/rpi3_io_storage.c \ 29*91f16700Schasinglulu drivers/rpi3/mailbox/rpi3_mbox.c \ 30*91f16700Schasinglulu plat/rpi/rpi3/rpi_mbox_board.c 31*91f16700Schasinglulu 32*91f16700SchasingluluBL2_SOURCES += common/desc_image_load.c \ 33*91f16700Schasinglulu drivers/io/io_fip.c \ 34*91f16700Schasinglulu drivers/io/io_memmap.c \ 35*91f16700Schasinglulu drivers/io/io_storage.c \ 36*91f16700Schasinglulu drivers/delay_timer/generic_delay_timer.c \ 37*91f16700Schasinglulu drivers/io/io_block.c \ 38*91f16700Schasinglulu drivers/mmc/mmc.c \ 39*91f16700Schasinglulu drivers/rpi3/sdhost/rpi3_sdhost.c \ 40*91f16700Schasinglulu plat/common/aarch64/platform_mp_stack.S \ 41*91f16700Schasinglulu plat/rpi/rpi3/aarch64/rpi3_bl2_mem_params_desc.c \ 42*91f16700Schasinglulu plat/rpi/rpi3/rpi3_bl2_setup.c \ 43*91f16700Schasinglulu plat/rpi/common/rpi3_image_load.c \ 44*91f16700Schasinglulu plat/rpi/common/rpi3_io_storage.c 45*91f16700Schasinglulu 46*91f16700SchasingluluBL31_SOURCES += lib/cpus/aarch64/cortex_a53.S \ 47*91f16700Schasinglulu plat/common/plat_gicv2.c \ 48*91f16700Schasinglulu plat/common/plat_psci_common.c \ 49*91f16700Schasinglulu plat/rpi/rpi3/rpi3_bl31_setup.c \ 50*91f16700Schasinglulu plat/rpi/common/rpi3_pm.c \ 51*91f16700Schasinglulu plat/rpi/common/rpi3_topology.c \ 52*91f16700Schasinglulu ${LIBFDT_SRCS} 53*91f16700Schasinglulu 54*91f16700Schasinglulu# Tune compiler for Cortex-A53 55*91f16700Schasingluluifeq ($(notdir $(CC)),armclang) 56*91f16700Schasinglulu TF_CFLAGS_aarch64 += -mcpu=cortex-a53 57*91f16700Schasingluluelse ifneq ($(findstring clang,$(notdir $(CC))),) 58*91f16700Schasinglulu TF_CFLAGS_aarch64 += -mcpu=cortex-a53 59*91f16700Schasingluluelse 60*91f16700Schasinglulu TF_CFLAGS_aarch64 += -mtune=cortex-a53 61*91f16700Schasingluluendif 62*91f16700Schasinglulu 63*91f16700Schasinglulu# Platform Makefile target 64*91f16700Schasinglulu# ------------------------ 65*91f16700Schasinglulu 66*91f16700SchasingluluRPI3_BL1_PAD_BIN := ${BUILD_PLAT}/bl1_pad.bin 67*91f16700SchasingluluRPI3_ARMSTUB8_BIN := ${BUILD_PLAT}/armstub8.bin 68*91f16700Schasinglulu 69*91f16700Schasinglulu# Add new default target when compiling this platform 70*91f16700Schasingluluall: armstub 71*91f16700Schasinglulu 72*91f16700Schasinglulu# This target concatenates BL1 and the FIP so that the base addresses match the 73*91f16700Schasinglulu# ones defined in the memory map 74*91f16700Schasingluluarmstub: bl1 fip 75*91f16700Schasinglulu @echo " CAT $@" 76*91f16700Schasinglulu ${Q}cp ${BUILD_PLAT}/bl1.bin ${RPI3_BL1_PAD_BIN} 77*91f16700Schasinglulu ${Q}truncate --size=131072 ${RPI3_BL1_PAD_BIN} 78*91f16700Schasinglulu ${Q}cat ${RPI3_BL1_PAD_BIN} ${BUILD_PLAT}/fip.bin > ${RPI3_ARMSTUB8_BIN} 79*91f16700Schasinglulu @${ECHO_BLANK_LINE} 80*91f16700Schasinglulu @echo "Built $@ successfully" 81*91f16700Schasinglulu @${ECHO_BLANK_LINE} 82*91f16700Schasinglulu 83*91f16700Schasinglulu# Build config flags 84*91f16700Schasinglulu# ------------------ 85*91f16700Schasinglulu 86*91f16700Schasinglulu# Enable all errata workarounds for Cortex-A53 87*91f16700SchasingluluERRATA_A53_826319 := 1 88*91f16700SchasingluluERRATA_A53_835769 := 1 89*91f16700SchasingluluERRATA_A53_836870 := 1 90*91f16700SchasingluluERRATA_A53_843419 := 1 91*91f16700SchasingluluERRATA_A53_855873 := 1 92*91f16700Schasinglulu 93*91f16700SchasingluluWORKAROUND_CVE_2017_5715 := 0 94*91f16700Schasinglulu 95*91f16700Schasinglulu# Disable stack protector by default 96*91f16700SchasingluluENABLE_STACK_PROTECTOR := 0 97*91f16700Schasinglulu 98*91f16700Schasinglulu# Reset to BL31 isn't supported 99*91f16700SchasingluluRESET_TO_BL31 := 0 100*91f16700Schasinglulu 101*91f16700Schasinglulu# Have different sections for code and rodata 102*91f16700SchasingluluSEPARATE_CODE_AND_RODATA := 1 103*91f16700Schasinglulu 104*91f16700Schasinglulu# Use Coherent memory 105*91f16700SchasingluluUSE_COHERENT_MEM := 1 106*91f16700Schasinglulu 107*91f16700Schasinglulu# Platform build flags 108*91f16700Schasinglulu# -------------------- 109*91f16700Schasinglulu 110*91f16700Schasinglulu# BL33 images are in AArch64 by default 111*91f16700SchasingluluRPI3_BL33_IN_AARCH32 := 0 112*91f16700Schasinglulu 113*91f16700Schasinglulu# Assume that BL33 isn't the Linux kernel by default 114*91f16700SchasingluluRPI3_DIRECT_LINUX_BOOT := 0 115*91f16700Schasinglulu 116*91f16700Schasinglulu# UART to use at runtime. -1 means the runtime UART is disabled. 117*91f16700Schasinglulu# Any other value means the default UART will be used. 118*91f16700SchasingluluRPI3_RUNTIME_UART := -1 119*91f16700Schasinglulu 120*91f16700Schasinglulu# Use normal memory mapping for ROM, FIP, SRAM and DRAM 121*91f16700SchasingluluRPI3_USE_UEFI_MAP := 0 122*91f16700Schasinglulu 123*91f16700Schasinglulu# BL32 location 124*91f16700SchasingluluRPI3_BL32_RAM_LOCATION := tdram 125*91f16700Schasingluluifeq (${RPI3_BL32_RAM_LOCATION}, tsram) 126*91f16700Schasinglulu RPI3_BL32_RAM_LOCATION_ID = SEC_SRAM_ID 127*91f16700Schasingluluelse ifeq (${RPI3_BL32_RAM_LOCATION}, tdram) 128*91f16700Schasinglulu RPI3_BL32_RAM_LOCATION_ID = SEC_DRAM_ID 129*91f16700Schasingluluelse 130*91f16700Schasinglulu $(error "Unsupported RPI3_BL32_RAM_LOCATION value") 131*91f16700Schasingluluendif 132*91f16700Schasinglulu 133*91f16700Schasinglulu# Process platform flags 134*91f16700Schasinglulu# ---------------------- 135*91f16700Schasinglulu 136*91f16700Schasinglulu$(eval $(call add_define,RPI3_BL32_RAM_LOCATION_ID)) 137*91f16700Schasinglulu$(eval $(call add_define,RPI3_BL33_IN_AARCH32)) 138*91f16700Schasinglulu$(eval $(call add_define,RPI3_DIRECT_LINUX_BOOT)) 139*91f16700Schasingluluifdef RPI3_PRELOADED_DTB_BASE 140*91f16700Schasinglulu$(eval $(call add_define,RPI3_PRELOADED_DTB_BASE)) 141*91f16700Schasingluluendif 142*91f16700Schasinglulu$(eval $(call add_define,RPI3_RUNTIME_UART)) 143*91f16700Schasinglulu$(eval $(call add_define,RPI3_USE_UEFI_MAP)) 144*91f16700Schasinglulu 145*91f16700Schasinglulu# Verify build config 146*91f16700Schasinglulu# ------------------- 147*91f16700Schasinglulu# 148*91f16700Schasingluluifneq (${RPI3_DIRECT_LINUX_BOOT}, 0) 149*91f16700Schasinglulu ifndef RPI3_PRELOADED_DTB_BASE 150*91f16700Schasinglulu $(error Error: RPI3_PRELOADED_DTB_BASE needed if RPI3_DIRECT_LINUX_BOOT=1) 151*91f16700Schasinglulu endif 152*91f16700Schasingluluendif 153*91f16700Schasinglulu 154*91f16700Schasingluluifneq (${RESET_TO_BL31}, 0) 155*91f16700Schasinglulu $(error Error: rpi3 needs RESET_TO_BL31=0) 156*91f16700Schasingluluendif 157*91f16700Schasinglulu 158*91f16700Schasingluluifeq (${ARCH},aarch32) 159*91f16700Schasinglulu $(error Error: AArch32 not supported on rpi3) 160*91f16700Schasingluluendif 161*91f16700Schasinglulu 162*91f16700Schasingluluifneq ($(ENABLE_STACK_PROTECTOR), 0) 163*91f16700SchasingluluPLAT_BL_COMMON_SOURCES += drivers/rpi3/rng/rpi3_rng.c \ 164*91f16700Schasinglulu plat/rpi/common/rpi3_stack_protector.c 165*91f16700Schasingluluendif 166*91f16700Schasinglulu 167*91f16700Schasingluluifeq (${SPD},opteed) 168*91f16700SchasingluluBL2_SOURCES += \ 169*91f16700Schasinglulu lib/optee/optee_utils.c 170*91f16700Schasingluluendif 171*91f16700Schasinglulu 172*91f16700Schasinglulu# Add the build options to pack Trusted OS Extra1 and Trusted OS Extra2 images 173*91f16700Schasinglulu# in the FIP if the platform requires. 174*91f16700Schasingluluifneq ($(BL32_EXTRA1),) 175*91f16700Schasinglulu$(eval $(call TOOL_ADD_IMG,BL32_EXTRA1,--tos-fw-extra1)) 176*91f16700Schasingluluendif 177*91f16700Schasingluluifneq ($(BL32_EXTRA2),) 178*91f16700Schasinglulu$(eval $(call TOOL_ADD_IMG,BL32_EXTRA2,--tos-fw-extra2)) 179*91f16700Schasingluluendif 180*91f16700Schasinglulu 181*91f16700Schasingluluifneq (${TRUSTED_BOARD_BOOT},0) 182*91f16700Schasinglulu 183*91f16700Schasinglulu include drivers/auth/mbedtls/mbedtls_crypto.mk 184*91f16700Schasinglulu include drivers/auth/mbedtls/mbedtls_x509.mk 185*91f16700Schasinglulu 186*91f16700Schasinglulu AUTH_SOURCES := drivers/auth/auth_mod.c \ 187*91f16700Schasinglulu drivers/auth/crypto_mod.c \ 188*91f16700Schasinglulu drivers/auth/img_parser_mod.c \ 189*91f16700Schasinglulu drivers/auth/tbbr/tbbr_cot_common.c 190*91f16700Schasinglulu 191*91f16700Schasinglulu BL1_SOURCES += ${AUTH_SOURCES} \ 192*91f16700Schasinglulu bl1/tbbr/tbbr_img_desc.c \ 193*91f16700Schasinglulu plat/common/tbbr/plat_tbbr.c \ 194*91f16700Schasinglulu plat/rpi/common/rpi3_trusted_boot.c \ 195*91f16700Schasinglulu plat/rpi/common/rpi3_rotpk.S \ 196*91f16700Schasinglulu drivers/auth/tbbr/tbbr_cot_bl1.c 197*91f16700Schasinglulu 198*91f16700Schasinglulu BL2_SOURCES += ${AUTH_SOURCES} \ 199*91f16700Schasinglulu plat/common/tbbr/plat_tbbr.c \ 200*91f16700Schasinglulu plat/rpi/common/rpi3_trusted_boot.c \ 201*91f16700Schasinglulu plat/rpi/common/rpi3_rotpk.S \ 202*91f16700Schasinglulu drivers/auth/tbbr/tbbr_cot_bl2.c 203*91f16700Schasinglulu 204*91f16700Schasinglulu ROT_KEY = $(BUILD_PLAT)/rot_key.pem 205*91f16700Schasinglulu ROTPK_HASH = $(BUILD_PLAT)/rotpk_sha256.bin 206*91f16700Schasinglulu 207*91f16700Schasinglulu $(eval $(call add_define_val,ROTPK_HASH,'"$(ROTPK_HASH)"')) 208*91f16700Schasinglulu 209*91f16700Schasinglulu $(BUILD_PLAT)/bl1/rpi3_rotpk.o: $(ROTPK_HASH) 210*91f16700Schasinglulu $(BUILD_PLAT)/bl2/rpi3_rotpk.o: $(ROTPK_HASH) 211*91f16700Schasinglulu 212*91f16700Schasinglulu certificates: $(ROT_KEY) 213*91f16700Schasinglulu 214*91f16700Schasinglulu $(ROT_KEY): | $(BUILD_PLAT) 215*91f16700Schasinglulu @echo " OPENSSL $@" 216*91f16700Schasinglulu $(Q)${OPENSSL_BIN_PATH}/openssl genrsa 2048 > $@ 2>/dev/null 217*91f16700Schasinglulu 218*91f16700Schasinglulu $(ROTPK_HASH): $(ROT_KEY) 219*91f16700Schasinglulu @echo " OPENSSL $@" 220*91f16700Schasinglulu $(Q)${OPENSSL_BIN_PATH}/openssl rsa -in $< -pubout -outform DER 2>/dev/null |\ 221*91f16700Schasinglulu ${OPENSSL_BIN_PATH}/openssl dgst -sha256 -binary > $@ 2>/dev/null 222*91f16700Schasingluluendif 223