| # Select which SPMC version to use. Possible values: |
| # - github: up-stream version from master branch |
| # - tforg: trustedfirmware.org fork (integration or psa-development branch) |
| SPMC_VERSION ?= github |
| |
| # Select SP deployment type. Possible values: |
| # - opteesp: legacy OP-TEE specific ELF format |
| # - sp: generic binary SP, fip packaging method is forced by this option |
| SP_DEPLOYMENT_TYPE ?= opteesp |
| |
| # Trusted Services build configs. SP_COMMON_FLAGS is passed to each Trusted |
| # Services SP. |
| SP_COMMON_FLAGS ?= |
| #PSA SP specific build configs: |
| ifeq (github, $(SPMC_VERSION)) |
| ifeq (fip, $(SP_PACKAGING_METHOD)) |
| $(error Invalid packaging method for github version) |
| endif |
| ifeq (sp, $(SP_DEPLOYMENT_TYPE)) |
| $(error Unsupported deployment type for github version) |
| endif |
| endif |
| PSA_ITS_EXTRA_FLAGS ?= |
| PSA_PROTECTED_STORAGE_EXTRA_FLAGS ?= |
| PSA_CRYPTO_EXTRA_FLAGS ?= |
| PSA_ATTESTATION_EXTRA_FLAGS ?= |
| PSA_SMM_GATEWAY_EXTRA_FLAGS ?= |
| |
| DTS_CONFIG ?= |
| DTS ?= optee_ffa |
| DTS_PATH ?= $(BUILD_PATH)/fvp |
| USE_FVP_BASE_PLAT ?= 1 |
| |
| ifeq (opteesp, $(SP_DEPLOYMENT_TYPE)) |
| SP_FILE_EXTENSION=stripped.elf |
| else ifeq (sp, $(SP_DEPLOYMENT_TYPE)) |
| SP_FILE_EXTENSION=bin |
| SP_PACKAGING_METHOD=fip |
| else |
| $(error Invalid SP deployment type $(SP_DEPLOYMENT_TYPE)) |
| endif |
| |
| # Use "embedded" or "fip" |
| SP_PACKAGING_METHOD ?= embedded |
| |
| OPTEE_OS_COMMON_EXTRA_FLAGS += CFG_CORE_SEL1_SPMC=y CFG_CORE_FFA=y |
| OPTEE_OS_COMMON_EXTRA_FLAGS += CFG_CORE_HEAP_SIZE=131072 |
| OPTEE_OS_COMMON_EXTRA_FLAGS += O=out/arm |
| ifeq (tforg, $(SPMC_VERSION)) |
| OPTEE_OS_COMMON_EXTRA_FLAGS += CFG_WITH_SP=y |
| else |
| OPTEE_OS_COMMON_EXTRA_FLAGS += CFG_SECURE_PARTITION=y |
| endif |
| |
| SP_EVENT_LOG ?= y |
| |
| ifeq (y,$(SP_EVENT_LOG)) |
| TF_A_FLAGS ?= \ |
| ARM_TSP_RAM_LOCATION=tdram \ |
| BL32=$(OPTEE_OS_PAGER_V2_BIN) \ |
| BL33=$(EDK2_BIN) \ |
| DEBUG=0 \ |
| PLAT=fvp \ |
| SPMD_SPM_AT_SEL2=0 \ |
| MBEDTLS_DIR=$(ROOT)/mbedtls \ |
| ARM_ROTPK_LOCATION=devel_rsa \ |
| ARM_TSP_RAM_LOCATION=tdram \ |
| FVP_USE_GIC_DRIVER=FVP_GICV3 \ |
| GENERATE_COT=1 \ |
| MEASURED_BOOT=1 \ |
| PLAT=fvp \ |
| ROT_KEY=plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem \ |
| TPM_HASH_ALG=sha256 \ |
| TRUSTED_BOARD_BOOT=1 \ |
| EVENT_LOG_LEVEL=20 \ |
| BL2_optee=y \ |
| SPD=spmd |
| else |
| TF_A_FLAGS ?= \ |
| ARM_TSP_RAM_LOCATION=tdram \ |
| BL32=$(OPTEE_OS_PAGER_V2_BIN) \ |
| BL33=$(EDK2_BIN) \ |
| DEBUG=$(DEBUG) \ |
| PLAT=fvp \ |
| SPD=spmd \ |
| SPMD_SPM_AT_SEL2=0 |
| endif |
| include fvp.mk |
| |
| TF_A_FLAGS+=ARM_SPMC_MANIFEST_DTS=$(CURDIR)/fvp/spmc_manifest.dts |
| TS_INSTALL_PREFIX:=$(CURDIR)/../out-ts |
| |
| # Add machinery allowing to build secure partitions from Trusted Services. |
| # |
| # build-sp <sp-name>,<uuid>,<TS build flags> |
| # <sp name> The name of the SP. |
| # |
| # When called build and clean targets for the SP will be defined as: |
| # |
| # ffa-<sp name>-sp - Build the SP with cmake, and include the SP |
| # export makefile to make the SP binary part |
| # of the OP-TEE OS image. |
| # ffa-<sp name>-sp-clean - run make clean on the cmake project |
| # ffa-<sp name>-sp-realclean - remove all cmake output |
| # |
| # To run these for each SP in one step, the "ffa-sp-all", "ffa-sp-all-clean" and |
| # "ffa-sp-all-realclean" targets are defined. |
| # |
| # The build and the clean target are added to the dependency tree of common |
| # op-tee targets. |
| # |
| #example: |
| #$(eval $(call build-sp,crypto,d9df52d5-16a2-4bb2-9aa4-d26d3b84e8c0, -DTS_PLATFORM=ts/mock)) |
| #This wil build the crypto_sp with the mock platorm as it backend. |
| #Don't add spaces between the ',' and the uuid and name. |
| |
| .PHONY: ffa-sp-all |
| .PHONY: ffa-sp-all-clean |
| .PHONY: ffa-sp-all-realclean |
| |
| optee-os-common: ffa-sp-all |
| optee-os-clean: ffa-sp-all-clean |
| |
| ffa-sp-all-realclean: |
| rm -rf $(TS_INSTALL_PREFIX)/$(SP_DEPLOYMENT_TYPE) |
| |
| ifeq (tforg-fip, $(SPMC_VERSION)-$(SP_PACKAGING_METHOD)) |
| # If FIP packaging method is selected, TF-A requires a number of config options: |
| # - ARM_BL2_SP_LIST_DTS: This file will be included into the TB_FW_CONFIG DT |
| # of TF-A. It contains the UUID and load address of SP |
| # packages present in the FIP, BL2 will load them based |
| # on this information. |
| # - ARM_SPMC_MANIFEST_DTS: Contains information about the SPMC: consumed by the |
| # SPMD at SPMC init. And about the SP packages: the |
| # SPMC can only know where the packages were loaded by |
| # BL2 based on this file. |
| # - SP_LAYOUT_FILE: JSON file which describes the corresponding SP image |
| # and SP manifest DT pairs, TF-A will create the SP |
| # packages based on this. However, the TS build |
| # provides a separate JSON file for each SP. A Python |
| # snippet is used to merge these JSONs into one file. |
| define include_sp |
| TS_SP_JSON_LIST+=${TS_INSTALL_PREFIX}/$(SP_DEPLOYMENT_TYPE)/json/$1.json |
| endef |
| SP_LAYOUT_FILE := $(TS_INSTALL_PREFIX)/$(SP_DEPLOYMENT_TYPE)/json/sp_layout.json |
| |
| TF_A_FLAGS+=SP_LAYOUT_FILE=$(SP_LAYOUT_FILE) |
| TF_A_FLAGS+=ARM_BL2_SP_LIST_DTS=$(CURDIR)/fvp/bl2_sp_images.dtsi |
| OPTEE_OS_COMMON_EXTRA_FLAGS+=CFG_FIP_SP=y |
| |
| MERGE_JSON_PY := import json, sys |
| MERGE_JSON_PY += \ncombined = {} |
| MERGE_JSON_PY += \nfor path in sys.stdin.read().split(): |
| MERGE_JSON_PY += \n with open(path) as f: |
| MERGE_JSON_PY += \n current = json.load(f) |
| MERGE_JSON_PY += \n combined = {**combined, **current} |
| MERGE_JSON_PY += \nprint(json.dumps(combined, indent=4)) |
| |
| $(SP_LAYOUT_FILE): ffa-sp-all |
| @echo $(TS_SP_JSON_LIST) | python3 -c "$$(echo -e '$(MERGE_JSON_PY)')" > $(SP_LAYOUT_FILE) |
| |
| .PHONY: ffa-sp-layout-clean |
| ffa-sp-layout-clean: |
| @rm -f $(SP_LAYOUT_FILE) |
| |
| arm-tf: $(SP_LAYOUT_FILE) |
| ffa-sp-all-clean: ffa-sp-layout-clean |
| endif |
| |
| ifeq (embedded, $(SP_PACKAGING_METHOD)) |
| |
| # build_fdt converts the SP manifest dts file to have the proper |
| # UUID format and builds the fdt into a dtb file which can be used by |
| # OP-TEE. |
| define build_fdt |
| ffa-$1-dts: ffa-$1-sp |
| python3 fvp/fdt_uuid_conversion.py --fdt ${TS_INSTALL_PREFIX}/opteesp/manifest/$2.dts |
| dtc -I dts -O dtb -o ${TS_INSTALL_PREFIX}/opteesp/manifest/$2.dtb ${TS_INSTALL_PREFIX}/opteesp/manifest/$2.dts |
| ffa-sp-all: ffa-$1-dts |
| endef |
| |
| |
| # If the SPMC version is tforg and embedded packaging method is selected then |
| # the SP manifest files from TS have to be merged into a common DTS file, which |
| # is passed to OP-TEE as the embedded DT file. For each SP a dtsi file is |
| # exported from TS, which contains a single node, representing that SP. |
| # The TS_SP_DTSI_LIST parameter contains a line like this for each SP: |
| # |
| # #include "<absolute_path_to_dtsi>/<sp_uuid>.dtsi" |
| # |
| define include_sp |
| ifeq (tforg, $(SPMC_VERSION)) |
| OPTEE_OS_COMMON_EXTRA_FLAGS+=EARLY_TA_PATHS+=${TS_INSTALL_PREFIX}/$(SP_DEPLOYMENT_TYPE)/bin/$2.$(SP_FILE_EXTENSION) |
| TS_SP_DTSI_LIST+="\\n\#include \"${TS_INSTALL_PREFIX}/$(SP_DEPLOYMENT_TYPE)/manifest/$2.dtsi\"" |
| else |
| OPTEE_OS_COMMON_EXTRA_FLAGS+=SP_PATHS+=${TS_INSTALL_PREFIX}/$(SP_DEPLOYMENT_TYPE)/bin/$2.$(SP_FILE_EXTENSION) |
| $(eval $(call build_fdt,$1,$2)) |
| endif |
| endef |
| |
| ifeq (tforg, $(SPMC_VERSION)) |
| SP_MANIFEST_FILE := $(OUT_PATH)/sp_manifest.dts |
| OPTEE_OS_COMMON_EXTRA_FLAGS+=CFG_EMBED_DTB_SOURCE_FILE=$(SP_MANIFEST_FILE) |
| |
| $(SP_MANIFEST_FILE): ffa-sp-all |
| @echo -e "/dts-v1/;\n/ {$(TS_SP_DTSI_LIST)\n};" > $(SP_MANIFEST_FILE) |
| |
| optee-os-common: $(SP_MANIFEST_FILE) |
| |
| .PHONY: ffa-sp-manifest-clean |
| ffa-sp-manifest-clean: |
| @rm -f $(SP_MANIFEST_FILE) |
| ffa-sp-all-clean: ffa-sp-manifest-clean |
| endif |
| endif |
| |
| define build-sp |
| .PHONY: ffa-$1-sp |
| ffa-$1-sp: |
| CROSS_COMPILE="$$(AARCH64_CROSS_COMPILE)" cmake -G"Unix Makefiles" -DCMAKE_INSTALL_PREFIX=$${TS_INSTALL_PREFIX} \ |
| -S $$(CURDIR)/../trusted-services/deployments/$1/$(SP_DEPLOYMENT_TYPE) -B $$(CURDIR)/../ts-build/$1 \ |
| ${SP_COMMON_FLAGS} $3 |
| cmake --build $$(CURDIR)/../ts-build/$1 -- -j$$(nproc) |
| cmake --install $$(CURDIR)/../ts-build/$1 |
| $(eval $(call include_sp,$1,$2)) |
| |
| |
| .PHONY: ffa-$1-sp-clean |
| ffa-$1-sp-clean: |
| cmake --build $$(CURDIR)/../ts-build/$1 -- clean -j$$(nproc) |
| |
| .PHONY: ffa-$1-sp-realclean |
| ffa-$1-sp-realclean: |
| rm -rf $$(CURDIR)/../ts-build/$1 |
| |
| ffa-sp-all: ffa-$1-sp |
| ffa-sp-all-clean: ffa-$1-sp-clean |
| ffa-sp-all-realclean: ffa-$1-sp-realclean |
| endef |
| |
| $(eval $(call build-sp,internal-trusted-storage,dc1eef48-b17a-4ccf-ac8b-dfcff7711b14, ${PSA_ITS_EXTRA_FLAGS})) |
| $(eval $(call build-sp,protected-storage,751bf801-3dde-4768-a514-0f10aeed1790, ${PSA_PROTECTED_STORAGE_EXTRA_FLAGS})) |
| $(eval $(call build-sp,crypto,d9df52d5-16a2-4bb2-9aa4-d26d3b84e8c0, ${PSA_CRYPTO_EXTRA_FLAGS})) |
| $(eval $(call build-sp,attestation,a1baf155-8876-4695-8f7c-54955e8db974, ${PSA_ATTESTATION_EXTRA_FLAGS})) |
| ifeq (tforg, $(SPMC_VERSION)) |
| $(eval $(call build-sp,smm-gateway,ed32d533-99e6-4209-9cc0-2d72cdd998a7, ${PSA_SMM_GATEWAY_EXTRA_FLAGS})) |
| endif |
| |
| .PHONY: sp_uuid_list |
| sp_uuid_list: $(SHARED_DIR)/sp_uuid_list.txt |
| |
| .PHONY: sp_uuid_list_clean |
| sp_uuid_list_clean: |
| rm -rf $(SHARED_DIR)/sp_uuid_list.txt |
| |
| ffa-sp-all-clean: sp_uuid_list_clean |
| |
| $(SHARED_DIR)/sp_uuid_list.txt: ffa-sp-all | shared_directory |
| find $(TS_INSTALL_PREFIX)/$(SP_DEPLOYMENT_TYPE)/bin -name "[0-9a-f-]*.$(SP_FILE_EXTENSION)" -type f | \ |
| sed -n "s@.*/\(.*\).$(SP_FILE_EXTENSION)@\1@gp" | tr '\n' ',' | \ |
| head -c -1 > $(SHARED_DIR)/sp_uuid_list.txt |
| |
| # Add targets to build the "arm_ffa_user" Linux Kernel module. |
| arm_ffa_user: sp_uuid_list linux |
| $(eval ROOT:=$(CURDIR)/..) |
| make -C $(CURDIR)/../linux_poc $(LINUX_COMMON_FLAGS) install |
| |
| arm_ffa_user_clean: |
| make -C $(CURDIR)/../linux_poc clean |
| |
| all: arm_ffa_user |