1#
2# Copyright (c) 2013-2024, Arm Limited and Contributors. All rights reserved.
3#
4# SPDX-License-Identifier: BSD-3-Clause
5#
6
7include lib/libfdt/libfdt.mk
8include lib/xlat_tables_v2/xlat_tables.mk
9
10PLAT_INCLUDES		:=	-Iplat/rpi/common/include		\
11				-Iplat/rpi/rpi3/include
12
13PLAT_BL_COMMON_SOURCES	:=	drivers/ti/uart/aarch64/16550_console.S	\
14				drivers/arm/pl011/aarch64/pl011_console.S \
15				drivers/gpio/gpio.c			\
16				drivers/delay_timer/delay_timer.c	\
17				drivers/rpi3/gpio/rpi3_gpio.c		\
18				plat/rpi/common/aarch64/plat_helpers.S	\
19				plat/rpi/common/rpi3_common.c		\
20				plat/rpi/common/rpi3_console_dual.c	\
21				${XLAT_TABLES_LIB_SRCS}
22
23BL1_SOURCES		+=	drivers/io/io_fip.c			\
24				drivers/io/io_memmap.c			\
25				drivers/io/io_storage.c			\
26				drivers/delay_timer/generic_delay_timer.c \
27				lib/cpus/aarch64/cortex_a53.S		\
28				plat/common/aarch64/platform_mp_stack.S	\
29				plat/rpi/rpi3/rpi3_bl1_setup.c		\
30				plat/rpi/common/rpi3_io_storage.c	\
31				drivers/rpi3/mailbox/rpi3_mbox.c	\
32				plat/rpi/rpi3/rpi_mbox_board.c
33
34BL2_SOURCES		+=	common/desc_image_load.c		\
35				drivers/io/io_fip.c			\
36				drivers/io/io_memmap.c			\
37				drivers/io/io_storage.c			\
38				drivers/delay_timer/generic_delay_timer.c \
39				drivers/io/io_block.c			\
40				drivers/mmc/mmc.c			\
41				drivers/rpi3/sdhost/rpi3_sdhost.c	\
42				plat/common/aarch64/platform_mp_stack.S	\
43				plat/rpi/rpi3/aarch64/rpi3_bl2_mem_params_desc.c \
44				plat/rpi/rpi3/rpi3_bl2_setup.c		\
45				plat/rpi/common/rpi3_image_load.c	\
46				plat/rpi/common/rpi3_io_storage.c
47
48BL31_SOURCES		+=	lib/cpus/aarch64/cortex_a53.S		\
49				plat/common/plat_gicv2.c		\
50				plat/common/plat_psci_common.c		\
51				plat/rpi/rpi3/rpi3_bl31_setup.c		\
52				plat/rpi/common/rpi3_pm.c		\
53				plat/rpi/common/rpi3_topology.c		\
54				${LIBFDT_SRCS}
55
56# Tune compiler for Cortex-A53
57ifeq ($($(ARCH)-cc-id),arm-clang)
58    TF_CFLAGS_aarch64	+=	-mcpu=cortex-a53
59else ifneq ($(filter %-clang,$($(ARCH)-cc-id)),)
60    TF_CFLAGS_aarch64	+=	-mcpu=cortex-a53
61else
62    TF_CFLAGS_aarch64	+=	-mtune=cortex-a53
63endif
64
65# Platform Makefile target
66# ------------------------
67
68RPI3_BL1_PAD_BIN	:=	${BUILD_PLAT}/bl1_pad.bin
69RPI3_ARMSTUB8_BIN	:=	${BUILD_PLAT}/armstub8.bin
70
71# Add new default target when compiling this platform
72all: armstub
73
74# This target concatenates BL1 and the FIP so that the base addresses match the
75# ones defined in the memory map
76armstub: bl1 fip
77	$(s)echo "  CAT     $@"
78	$(q)cp ${BUILD_PLAT}/bl1.bin ${RPI3_BL1_PAD_BIN}
79	$(q)truncate --size=131072 ${RPI3_BL1_PAD_BIN}
80	$(q)cat ${RPI3_BL1_PAD_BIN} ${BUILD_PLAT}/fip.bin > ${RPI3_ARMSTUB8_BIN}
81	$(s)echo
82	$(s)echo "Built $@ successfully"
83	$(s)echo
84
85# Build config flags
86# ------------------
87
88# Enable all errata workarounds for Cortex-A53
89ERRATA_A53_826319		:= 1
90ERRATA_A53_835769		:= 1
91ERRATA_A53_836870		:= 1
92ERRATA_A53_843419		:= 1
93ERRATA_A53_855873		:= 1
94
95WORKAROUND_CVE_2017_5715	:= 0
96
97# Disable stack protector by default
98ENABLE_STACK_PROTECTOR	 	:= 0
99
100# Reset to BL31 isn't supported
101RESET_TO_BL31			:= 0
102
103# Have different sections for code and rodata
104SEPARATE_CODE_AND_RODATA	:= 1
105
106# Use Coherent memory
107USE_COHERENT_MEM		:= 1
108
109# Platform build flags
110# --------------------
111
112# BL33 images are in AArch64 by default
113RPI3_BL33_IN_AARCH32		:= 0
114
115# Assume that BL33 isn't the Linux kernel by default
116RPI3_DIRECT_LINUX_BOOT		:= 0
117
118# UART to use at runtime. -1 means the runtime UART is disabled.
119# Any other value means the default UART will be used.
120RPI3_RUNTIME_UART		:= -1
121
122# Use normal memory mapping for ROM, FIP, SRAM and DRAM
123RPI3_USE_UEFI_MAP		:= 0
124
125# BL32 location
126RPI3_BL32_RAM_LOCATION	:= tdram
127ifeq (${RPI3_BL32_RAM_LOCATION}, tsram)
128  RPI3_BL32_RAM_LOCATION_ID = SEC_SRAM_ID
129else ifeq (${RPI3_BL32_RAM_LOCATION}, tdram)
130  RPI3_BL32_RAM_LOCATION_ID = SEC_DRAM_ID
131else
132  $(error "Unsupported RPI3_BL32_RAM_LOCATION value")
133endif
134
135# Process platform flags
136# ----------------------
137
138$(eval $(call add_define,RPI3_BL32_RAM_LOCATION_ID))
139$(eval $(call add_define,RPI3_BL33_IN_AARCH32))
140$(eval $(call add_define,RPI3_DIRECT_LINUX_BOOT))
141ifdef RPI3_PRELOADED_DTB_BASE
142$(eval $(call add_define,RPI3_PRELOADED_DTB_BASE))
143endif
144$(eval $(call add_define,RPI3_RUNTIME_UART))
145$(eval $(call add_define,RPI3_USE_UEFI_MAP))
146
147# Verify build config
148# -------------------
149#
150ifneq (${RPI3_DIRECT_LINUX_BOOT}, 0)
151  ifndef RPI3_PRELOADED_DTB_BASE
152    $(error Error: RPI3_PRELOADED_DTB_BASE needed if RPI3_DIRECT_LINUX_BOOT=1)
153  endif
154endif
155
156ifneq (${RESET_TO_BL31}, 0)
157  $(error Error: rpi3 needs RESET_TO_BL31=0)
158endif
159
160ifeq (${ARCH},aarch32)
161  $(error Error: AArch32 not supported on rpi3)
162endif
163
164ifneq ($(ENABLE_STACK_PROTECTOR), 0)
165PLAT_BL_COMMON_SOURCES	+=	drivers/rpi3/rng/rpi3_rng.c		\
166				plat/rpi/common/rpi3_stack_protector.c
167endif
168
169ifeq (${SPD},opteed)
170BL2_SOURCES	+=							\
171		lib/optee/optee_utils.c
172endif
173
174# Add the build options to pack Trusted OS Extra1 and Trusted OS Extra2 images
175# in the FIP if the platform requires.
176ifneq ($(BL32_EXTRA1),)
177$(eval $(call TOOL_ADD_IMG,BL32_EXTRA1,--tos-fw-extra1))
178endif
179ifneq ($(BL32_EXTRA2),)
180$(eval $(call TOOL_ADD_IMG,BL32_EXTRA2,--tos-fw-extra2))
181endif
182
183ifneq (${TRUSTED_BOARD_BOOT},0)
184
185    include drivers/auth/mbedtls/mbedtls_crypto.mk
186    include drivers/auth/mbedtls/mbedtls_x509.mk
187
188    AUTH_SOURCES	:=	drivers/auth/auth_mod.c			\
189				drivers/auth/crypto_mod.c		\
190				drivers/auth/img_parser_mod.c		\
191				drivers/auth/tbbr/tbbr_cot_common.c
192
193    BL1_SOURCES		+=	${AUTH_SOURCES}				\
194				bl1/tbbr/tbbr_img_desc.c		\
195				plat/common/tbbr/plat_tbbr.c		\
196				plat/rpi/common/rpi3_trusted_boot.c    	\
197				plat/rpi/common/rpi3_rotpk.S		\
198				drivers/auth/tbbr/tbbr_cot_bl1.c
199
200    BL2_SOURCES		+=	${AUTH_SOURCES}				\
201				plat/common/tbbr/plat_tbbr.c		\
202				plat/rpi/common/rpi3_trusted_boot.c    	\
203				plat/rpi/common/rpi3_rotpk.S		\
204				drivers/auth/tbbr/tbbr_cot_bl2.c
205
206    ROT_KEY             = $(BUILD_PLAT)/rot_key.pem
207    ROTPK_HASH          = $(BUILD_PLAT)/rotpk_sha256.bin
208
209    $(eval $(call add_define_val,ROTPK_HASH,'"$(ROTPK_HASH)"'))
210
211    $(BUILD_PLAT)/bl1/rpi3_rotpk.o: $(ROTPK_HASH)
212    $(BUILD_PLAT)/bl2/rpi3_rotpk.o: $(ROTPK_HASH)
213
214    certificates: $(ROT_KEY)
215
216    $(ROT_KEY): | $$(@D)/
217	$(s)echo "  OPENSSL $@"
218	$(q)${OPENSSL_BIN_PATH}/openssl genrsa 2048 > $@ 2>/dev/null
219
220    $(ROTPK_HASH): $(ROT_KEY) | $$(@D)/
221	$(s)echo "  OPENSSL $@"
222	$(q)${OPENSSL_BIN_PATH}/openssl rsa -in $< -pubout -outform DER 2>/dev/null |\
223	${OPENSSL_BIN_PATH}/openssl dgst -sha256 -binary > $@ 2>/dev/null
224endif
225