1. 06 Mar, 2020 1 commit
    • Sumit Garg's avatar
      Makefile: Add support to optionally encrypt BL31 and BL32 · c6ba9b45
      Sumit Garg authored
      
      
      Following build flags have been added to support optional firmware
      encryption:
      
      - FW_ENC_STATUS: Top level firmware's encryption numeric flag, values:
          0: Encryption is done with Secret Symmetric Key (SSK) which is
             common for a class of devices.
          1: Encryption is done with Binding Secret Symmetric Key (BSSK) which
             is unique per device.
      
      - ENC_KEY: A 32-byte (256-bit) symmetric key in hex string format. It
          could be SSK or BSSK depending on FW_ENC_STATUS flag.
      
      - ENC_NONCE: A 12-byte (96-bit) encryption nonce or Initialization Vector
          (IV) in hex string format.
      
      - ENCRYPT_BL31: Binary flag to enable encryption of BL31 firmware.
      
      - ENCRYPT_BL32: Binary flag to enable encryption of Secure BL32 payload.
      
      Similar flags can be added to encrypt other firmwares as well depending
      on use-cases.
      Signed-off-by: default avatarSumit Garg <sumit.garg@linaro.org>
      Change-Id: I94374d6830ad5908df557f63823e58383d8ad670
      c6ba9b45
  2. 27 Feb, 2020 1 commit
  3. 18 Feb, 2020 1 commit
  4. 24 Jan, 2020 1 commit
    • Masahiro Yamada's avatar
      Build: support per-BL LDFLAGS · d986bae4
      Masahiro Yamada authored
      
      
      make_helpers/build_macros.mk supports per-BL CFLAGS. For example,
      you can pass compiler flags only to BL31 by using BL31_CFLAGS.
      
      This commit adds per-BL LDFLAGS support, which is useful as well.
      
      My main motivation of this addition is to use it for ENABLE_PIE.
      When ENABLE_PIE is enabled, some linker flags are added to TF_LDFLAGS,
      which affects all the TF images. It will make more sense to pass the
      relevant options only to BL images that support it.
      
      Change-Id: I203acaab0091db5ae0ea6e66460ee7dc8d9c4d75
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      d986bae4
  5. 14 Jan, 2020 1 commit
    • Balint Dobszay's avatar
      Replace dts includes with C preprocessor syntax · 2d51b55e
      Balint Dobszay authored
      
      
      Using the /include/ syntax, the include was evaluated by dtc, only after running
      the preprocessor, therefore the .dtsi files were not preprocessed. This patch
      adds the #include syntax instead. Evaluating this and preprocessing the files
      now happens in a single step, done by the C preprocessor.
      
      Change-Id: I6d0104b6274316fc736e84973502a4d6c2c9d6e0
      Signed-off-by: default avatarBalint Dobszay <balint.dobszay@arm.com>
      2d51b55e
  6. 02 Dec, 2019 1 commit
    • zelalem-aweke's avatar
      Enable Link Time Optimization in GCC · edbce9aa
      zelalem-aweke authored
      
      
      This patch enables LTO for TF-A when compiled with GCC.
      LTO is disabled by default and is enabled by
      ENABLE_LTO=1 build option.
      
      LTO is enabled only for aarch64 as there seem to be
      a bug in the aarch32 compiler when LTO is enabled.
      
      The changes in the makefiles include:
      - Adding -flto and associated flags to enable LTO.
      - Using gcc as a wrapper at link time instead of ld.
        This is recommended when using LTO as gcc internally
        takes care of invoking the necessary plugins for LTO.
      - Adding switches to pass options to ld.
      - Adding a flag to disable fix for erratum cortex-a53-843419
        unless explicitly enabled. This is needed because GCC
        seem to automatically add the erratum fix when used
        as a wrapper for LD.
      
      Additionally, this patch updates the TF-A user guide with
      the new build option.
      Signed-off-by: default avatarzelalem-aweke <zelalem.aweke@arm.com>
      Change-Id: I1188c11974da98434b7dc9344e058cd1eacf5468
      edbce9aa
  7. 01 Aug, 2019 2 commits
    • Julius Werner's avatar
      Switch AARCH32/AARCH64 to __aarch64__ · 402b3cf8
      Julius Werner authored
      
      
      NOTE: AARCH32/AARCH64 macros are now deprecated in favor of __aarch64__.
      
      All common C compilers pre-define the same macros to signal which
      architecture the code is being compiled for: __arm__ for AArch32 (or
      earlier versions) and __aarch64__ for AArch64. There's no need for TF-A
      to define its own custom macros for this. In order to unify code with
      the export headers (which use __aarch64__ to avoid another dependency),
      let's deprecate the AARCH32 and AARCH64 macros and switch the code base
      over to the pre-defined standard macro. (Since it is somewhat
      unintuitive that __arm__ only means AArch32, let's standardize on only
      using __aarch64__.)
      
      Change-Id: Ic77de4b052297d77f38fc95f95f65a8ee70cf200
      Signed-off-by: default avatarJulius Werner <jwerner@chromium.org>
      402b3cf8
    • Julius Werner's avatar
      Replace __ASSEMBLY__ with compiler-builtin __ASSEMBLER__ · d5dfdeb6
      Julius Werner authored
      
      
      NOTE: __ASSEMBLY__ macro is now deprecated in favor of __ASSEMBLER__.
      
      All common C compilers predefine a macro called __ASSEMBLER__ when
      preprocessing a .S file. There is no reason for TF-A to define it's own
      __ASSEMBLY__ macro for this purpose instead. To unify code with the
      export headers (which use __ASSEMBLER__ to avoid one extra dependency),
      let's deprecate __ASSEMBLY__ and switch the code base over to the
      predefined standard.
      
      Change-Id: Id7d0ec8cf330195da80499c68562b65cb5ab7417
      Signed-off-by: default avatarJulius Werner <jwerner@chromium.org>
      d5dfdeb6
  8. 02 May, 2019 1 commit
    • Christoph Müllner's avatar
      build_macros: Add mechanism to prevent bin generation. · 9e4609f1
      Christoph Müllner authored
      
      
      On certain platforms it does not make sense to generate
      TF-A binary images. For example a platform could make use of serveral
      memory areas, which are non-continuous and the resulting binary
      therefore would suffer from the padding-bytes.
      Typically these platforms use the ELF image.
      
      This patch introduces a variable DISABLE_BIN_GENERATION, which
      can be set to '1' in the platform makefile to prevent the binary
      generation.
      Signed-off-by: default avatarChristoph Müllner <christophm30@gmail.com>
      Change-Id: I62948e88bab685bb055fe6167d9660d14e604462
      9e4609f1
  9. 27 Feb, 2019 1 commit
    • Varun Wadekar's avatar
      Tegra: Support for scatterfile for the BL31 image · c2ad38ce
      Varun Wadekar authored
      
      
      This patch provides support for using the scatterfile format as
      the linker script with the 'armlink' linker for Tegra platforms.
      
      In order to enable the scatterfile usage the following changes
      have been made:
      
      * provide mapping for ld.S symbols in bl_common.h
      * include bl_common.h from all the affected files
      * update the makefile rules to use the scatterfile and armlink
        to compile BL31
      * update pubsub.h to add sections to the scatterfile
      
      NOTE: THIS CHANGE HAS BEEN VERIFIED WITH TEGRA PLATFORMS ONLY.
      
      Change-Id: I7bb78b991c97d74a842e5635c74cb0b18e0fce67
      Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      c2ad38ce
  10. 08 Feb, 2019 1 commit
  11. 24 Jan, 2019 1 commit
    • Manish Pandey's avatar
      Make device tree pre-processing similar to U-boot/Linux · 7e94a699
      Manish Pandey authored
      
      
      Following changes are done to make DT pre-processing similar to that of
      U-boot/Linux kernel.
      
      1. Creating seperate CPPFLAGS for DT preprocessing so that compiler
      options specific to it can be accommodated.
      e.g: "-undef" compiler option avoids replacing "linux" string(used in
      device trees) with "1" as "linux" is a pre-defined macro in gnu99
      standard.
      
      2. Replace CPP with PP for DT pre-processing, as CPP in U-boot/Linux is
      exported as "${CROSS_COMPILE}gcc -E" while in TF-A it is exported as
      "${CROSS_COMPILE}cpp".
      
      Change-Id: If4c61a249d51614d9f53ae30b602036d50c02349
      Signed-off-by: default avatarManish Pandey <manish.pandey2@arm.com>
      7e94a699
  12. 10 Jan, 2019 1 commit
  13. 22 Nov, 2018 1 commit
    • Sathees Balya's avatar
      romlib: Allow patching of romlib functions · 6baf85b3
      Sathees Balya authored
      
      
      This change allows patching of functions in the
      romlib. This can be done by adding "patch" at the
      end of the jump table entry for the function that
      needs to be patched in the file jmptbl.i.
      Functions patched in the jump table list will be
      built as part of the BL image and the romlib
      version will not be used
      
      Change-Id: Iefb200cb86e2a4b61ad3ee6180d3ecc39bad537f
      Signed-off-by: default avatarSathees Balya <sathees.balya@arm.com>
      6baf85b3
  14. 08 Oct, 2018 1 commit
    • Andre Przywara's avatar
      Makefile: Support totally quiet output with -s · ee1ba6d4
      Andre Przywara authored
      
      
      "-s" is a command line option to the make tool, to suppress normal output,
      something to the effect of prepending every line with '@' in the Makefile.
      However with our V={0|1} support, we now print the shortened command line
      output in any case (even with V=1, in addition to the long line!).
      Normally -s helps to not miss non-fatal warnings, which tend to scroll out
      of the window easily.
      
      Introduce a new Makefile variable ECHO, to control the shortened output.
      We only set it in the (current default) V=0 case, and replace every
      occurence of "@echo" with that variable.
      When the user specifies "-s", we set ECHO to some magic string which
      changes the output line into a comment, so the output is suppressed.
      
      Beside suppressing every output for "-s", we also avoid the redundant
      short output when compiling with V=1.
      
      This changes the output to:
      ==========
      $ make -s PLAT=.... bl31
      
      Built build/.../release/bl31.bin
      
      ==========
      $ make PLAT=.... bl31
      ...
        CC      lib/libc/strncmp.c
        CC      lib/libc/strnlen.c
      ...
      ==========
      $ make V=1 PLAT=.... bl31
      ...
      gcc -DDEBUG=0 .... -o build/.../release/libc/strncmp.o
      gcc -DDEBUG=0 .... -o build/.../release/libc/strnlen.o
      ...
      ==========
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      ee1ba6d4
  15. 03 Oct, 2018 1 commit
  16. 28 Sep, 2018 1 commit
  17. 03 Aug, 2018 2 commits
    • Roberto Vargas's avatar
      Add support for romlib in the build system · 5accce5b
      Roberto Vargas authored
      
      
      Romlib is a new image that is stored in ROM and contains the code of
      several libraries that can be shared between different images. All
      the functions within in the library are accessed using a jump table
      which allows to update the romlib image whithout changing the binary
      compatibility. This jump table can be also stored in RAM and it can
      allow to patch a romlib with potential bugs fixes..
      
      Change-Id: If980ccdaca24b7aaca900e32acc68baf6f94ab35
      Signed-off-by: default avatarRoberto Vargas <roberto.vargas@arm.com>
      5accce5b
    • Roberto Vargas's avatar
      Add make macros to build library archives · 5fee0287
      Roberto Vargas authored
      
      
      This patch adds all the make macros needed to create a library archive
      and to use it in the link stage.
      
      Change-Id: I26597bfd6543649d0b68a9b1e06aec1ba353e6de
      Signed-off-by: default avatarRoberto Vargas <roberto.vargas@arm.com>
      5fee0287
  18. 18 Jul, 2018 1 commit
    • Konstantin Porotchkin's avatar
      make: support libraries in MAKE_BL macro · 23e0fe52
      Konstantin Porotchkin authored
      
      
      Add support for BLx stages to use libraries in MAKE_BL macro.
      This change does not affect BL stages that do not have
      BL_LIBS variable defined in their makefiles.
      However in case that BL wants to use external library
      (for instance vendor-specific DDR initialization code supplied
      as a library), this patch will allow to build BL image linked
      with such library.
      
      Change-Id: Ife29069a72dc4aff833db6ef8b828736d6689b78
      Signed-off-by: default avatarKonstantin Porotchkin <kostap@marvell.com>
      23e0fe52
  19. 18 Jun, 2018 1 commit
    • Yann Gautier's avatar
      Build: add cpp build processing for dtb · 01d237cb
      Yann Gautier authored
      
      
      This is an add-on feature that allows processing
      device tree with external includes.
      
      "-Iinclude" is also added to INCLUDES.
      It allows inclusion of dt-bindings files either in dts files or drivers,
      as those files will be in include/dt-bindings/.
      
      "-i fdts" is added to the DTC command line.
      As the pre-processed files are in build directory, the DT source directory
      has to be explicitely included, to manages /include/ directives.
      
      fixes arm-software/tf-issues#595
      Signed-off-by: default avatarLionel Debieve <lionel.debieve@st.com>
      Signed-off-by: default avatarYann Gautier <yann.gautier@st.com>
      01d237cb
  20. 01 Mar, 2018 1 commit
  21. 28 Feb, 2018 1 commit
  22. 26 Feb, 2018 1 commit
  23. 22 Feb, 2018 1 commit
  24. 01 Feb, 2018 12 commits
    • Masahiro Yamada's avatar
      Build: add GZIP compression filter · 14db8908
      Masahiro Yamada authored
      
      
      One typical usage of the pre-tool image filter is data compression,
      and GZIP is one of the most commonly used compression methods.
      I guess this is generic enough to be put in the common script instead
      of platform.mk.
      
      If you want to use this, you can add something like follows to your
      platform.mk:
      
          BL32_PRE_TOOL_FILTER := GZIP
          BL33_PRE_TOOL_FILTER := GZIP
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      14db8908
    • Masahiro Yamada's avatar
      Build: support pre-tool image processing · 2da522bb
      Masahiro Yamada authored
      
      
      There are cases where we want to process images before they are
      passed to cert_create / fiptool.
      
      My main motivation is data compression.  By compressing images, we can
      save data storage, and possibly speed up loading images.  The image
      verification will also get faster because certificates are generated
      based on compressed images.
      
      Other image transformation filters (for ex. encryption), and their
      combinations would be possible.  So, our build system should support
      transformation filters in a generic manner.
      
      The choice of applied filters is up to platforms (so specified in
      platform.mk)
      
      To define a new filter, <FILTER_NAME>_RULE and <FILTER_NAME>_SUFFIX
      are needed.
      
      For example, the GZIP compression filter can be implemented as follows:
      
      ------------------------>8------------------------
      define GZIP_RULE
      $(1): $(2)
              @echo "  GZIP    $$@"
              $(Q)gzip -n -f -9 $$< --stdout > $$@
      endef
      
      GZIP_SUFFIX := .gz
      ------------------------>8------------------------
      
      The _RULE defines how to create the target $(1) from the source $(2).
      The _SUFFIX defines the extension appended to the processed image path.
      The suffix is not so important because the file name information is not
      propagated to FIP, but adding a sensible suffix will be good to classify
      the data file.
      
      Platforms can specify which filter is applied to which BL image, like
      this:
      
      ------------------------>8------------------------
      BL32_PRE_TOOL_FILTER := GZIP
      BL33_PRE_TOOL_FILTER := GZIP
      ------------------------>8------------------------
      
      <IMAGE_NAME>_PRE_TOOL_FILTER specifies per-image filter.  With this,
      different images can be transformed differently.  For the case above,
      only BL32 and BL33 are GZIP-compressed.  Nothing is done for other
      images.
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      2da522bb
    • Masahiro Yamada's avatar
      Build: change the first parameter of TOOL_ADD_IMG to lowercase · 33950dd8
      Masahiro Yamada authored
      
      
      In the next commit, I need the image name in lowercase because
      output files are generally named in lowercase.
      
      Unfortunately, TOOL_ADD_IMG takes the first argument in uppercase
      since we generally use uppercase Make variables.
      
      make_helpers/build_macros.mk provides 'uppercase' macro to convert
      a string into uppercase, but 'lowercase' does not exist.  We can
      implement it if we like, but it would be more straightforward to
      change the argument of TOOL_ADD_IMG.
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      33950dd8
    • Masahiro Yamada's avatar
      Build: make tools depend on $(BIN) instead of PHONY target · 36af3455
      Masahiro Yamada authored
      
      
      The PHONY target "bl*" generate $(BIN) and $(DUMP), but host tools
      (fiptool, cert_create) only need $(BIN).
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      36af3455
    • Masahiro Yamada's avatar
      Build: remove third argument of CERT_ADD_CMD_OPT · 91704d9d
      Masahiro Yamada authored
      
      
      The third argument was given "true" by images, but it was moved
      to TOOL_ADD_PAYLOAD.  No more caller of CERT_ADD_CMD_OPT uses this.
      So, the third argument is always empty.  Remove it.
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      91704d9d
    • Masahiro Yamada's avatar
      Build: rename FIP_ADD_IMG to TOOL_ADD_IMG · c939d13a
      Masahiro Yamada authored
      
      
      Now FIP_ADD_IMG takes care of both fiptool and cert_create
      symmetrically.  Rename it so that it matches the behavior.
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      c939d13a
    • Masahiro Yamada's avatar
      Build: rename FIP_ADD_PAYLOAD to TOOL_ADD_PAYLOAD · 10cea934
      Masahiro Yamada authored
      
      
      Now FIP_ADD_PAYLOAD takes care of both fiptool and cert_create
      symmetrically.  Rename it so that it matches the behavior.
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      10cea934
    • Masahiro Yamada's avatar
      Build: move cert_create arguments and dependency to FIP_ADD_PAYLOAD · f30ee0b9
      Masahiro Yamada authored
      
      
      The fiptool and cert_create use the same command options for images.
      It is pretty easy to handle both in the same, symmetrical way.
      
      Move CRT_ARGS and CRT_DEPS to FIP_ADD_PAYLOAD.  This refactoring makes
      sense because FIP_ADD_PAYLOAD is called from MAKE_BL (when building
      images from source), and from FIP_ADD_IMG (when including external
      images).  (FIP_ADD_PAYLOAD will be renamed later on since it now
      caters to both fiptool and cert_create).
      
      We can delete CERT_ADD_CMD_OPT for images in tbbr.mk.  It still
      needs to call CERT_ADD_CMD_OPT directly for certificates.
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      f30ee0b9
    • Masahiro Yamada's avatar
      Build: rip off unneeded $(eval ...) from buid macros · 945b316f
      Masahiro Yamada authored
      
      
      The callers of these macros are supposed to use $(eval $(call, ...)).
      The $(eval ...) on the callee side is unneeded.
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      945b316f
    • Masahiro Yamada's avatar
      Build: merge build macros between FIP_ and FWU_FIP_ · 1dc0714f
      Masahiro Yamada authored
      
      
      The build system supports generating two FIP images, fip and fwu_fip.
      Accordingly, we have similar build macros.
      
         FIP_ADD_PAYLOAD   <-->  FWU_FIP_ADD_PAYLOAD
         CERT_ADD_CMD_OPT  <-->  FWU_CERT_ADD_CMD_OPT
         FIP_ADD_IMG       <-->  FWU_FIP_ADD_IMG
      
      The duplicated code increases the maintenance burden.  Also, the build
      rule of BL2U looks clumsy - we want to call MAKE_BL to compile it from
      source files, but we want to put it in fwu_fip.  We can not do it in a
      single macro call since the current MAKE_BL does not support fwu_fip.
      
      To refactor those in a clean way is to support one more argument to
      specify the FIP prefix.  If it is empty, the images are targeted to
      fip, whereas if the argument is "FWU_", targeted to fwu_fip.
      
      The build macros prefixed with FWU_ go away.
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      1dc0714f
    • Masahiro Yamada's avatar
      Build: squash MAKE_TOOL_ARGS into MAKE_BL · 34ec8494
      Masahiro Yamada authored
      
      
      Now, MAKE_TOOL_ARGS is only called from MAKE_BL.  Squash it.
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      34ec8494
    • Masahiro Yamada's avatar
      Build: check if specified external image exists · 802d2dd2
      Masahiro Yamada authored
      
      
      check_* targets check if the required option are given, but do not
      check the validity of the argument.  If the specified file does not
      exist, let the build fail immediately instead of passing the invalid
      file path to tools.
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      802d2dd2
  25. 24 Dec, 2017 1 commit
  26. 23 Dec, 2017 1 commit
  27. 06 Nov, 2017 1 commit