1#
2# Copyright (c) 2015-2022, ARM Limited and Contributors. All rights reserved.
3#
4# SPDX-License-Identifier: BSD-3-Clause
5#
6
7PLAT_BL_COMMON_SOURCES	+=	drivers/arm/pl011/${ARCH}/pl011_console.S	\
8				plat/arm/board/common/${ARCH}/board_arm_helpers.S
9
10BL1_SOURCES		+=	drivers/cfi/v2m/v2m_flash.c
11
12BL2_SOURCES		+=	drivers/cfi/v2m/v2m_flash.c
13
14ifneq (${TRUSTED_BOARD_BOOT},0)
15ARM_ROTPK_S = plat/arm/board/common/rotpk/arm_dev_rotpk.S
16ifneq (${ARM_CRYPTOCELL_INTEG}, 1)
17# ROTPK hash location
18ifeq (${ARM_ROTPK_LOCATION}, regs)
19	ARM_ROTPK_LOCATION_ID = ARM_ROTPK_REGS_ID
20else ifeq (${ARM_ROTPK_LOCATION}, devel_rsa)
21	CRYPTO_ALG=rsa
22	ARM_ROTPK_LOCATION_ID = ARM_ROTPK_DEVEL_RSA_ID
23	ARM_ROTPK_HASH = plat/arm/board/common/rotpk/arm_rotpk_rsa_sha256.bin
24$(eval $(call add_define_val,ARM_ROTPK_HASH,'"$(ARM_ROTPK_HASH)"'))
25$(BUILD_PLAT)/bl2/arm_dev_rotpk.o : $(ARM_ROTPK_HASH)
26$(warning Development keys support for FVP is deprecated. Use `regs` \
27option instead)
28else ifeq (${ARM_ROTPK_LOCATION}, devel_ecdsa)
29	CRYPTO_ALG=ec
30	ARM_ROTPK_LOCATION_ID = ARM_ROTPK_DEVEL_ECDSA_ID
31	ARM_ROTPK_HASH = plat/arm/board/common/rotpk/arm_rotpk_ecdsa_sha256.bin
32$(eval $(call add_define_val,ARM_ROTPK_HASH,'"$(ARM_ROTPK_HASH)"'))
33$(BUILD_PLAT)/bl2/arm_dev_rotpk.o : $(ARM_ROTPK_HASH)
34$(warning Development keys support for FVP is deprecated. Use `regs` \
35option instead)
36else ifeq (${ARM_ROTPK_LOCATION}, devel_full_dev_rsa_key)
37	CRYPTO_ALG=rsa
38	ARM_ROTPK_LOCATION_ID = ARM_ROTPK_DEVEL_FULL_DEV_RSA_KEY_ID
39	ARM_ROTPK_S = plat/arm/board/common/rotpk/arm_full_dev_rsa_rotpk.S
40$(warning Development keys support for FVP is deprecated. Use `regs` \
41option instead)
42else
43$(error "Unsupported ARM_ROTPK_LOCATION value")
44endif
45
46$(eval $(call add_define,ARM_ROTPK_LOCATION_ID))
47
48ifeq (${ENABLE_RME}, 1)
49COT	:=	cca
50endif
51
52# Force generation of the new hash if ROT_KEY is specified
53ifdef ROT_KEY
54	HASH_PREREQUISITES = $(ROT_KEY) FORCE
55else
56	HASH_PREREQUISITES = $(ROT_KEY)
57endif
58
59$(ARM_ROTPK_HASH) : $(HASH_PREREQUISITES)
60ifndef ROT_KEY
61	$(error Cannot generate hash: no ROT_KEY defined)
62endif
63	${OPENSSL_BIN_PATH}/openssl ${CRYPTO_ALG} -in $< -pubout -outform DER | \
64	${OPENSSL_BIN_PATH}/openssl dgst -sha256 -binary > $@
65
66# Certificate NV-Counters. Use values corresponding to tied off values in
67# ARM development platforms
68TFW_NVCTR_VAL	?=	31
69NTFW_NVCTR_VAL	?=	223
70else
71# Certificate NV-Counters when CryptoCell is integrated. For development
72# platforms we set the counter to first valid value.
73TFW_NVCTR_VAL	?=	0
74NTFW_NVCTR_VAL	?=	0
75endif
76BL1_SOURCES		+=	plat/arm/board/common/board_arm_trusted_boot.c \
77				${ARM_ROTPK_S}
78BL2_SOURCES		+=	plat/arm/board/common/board_arm_trusted_boot.c \
79				${ARM_ROTPK_S}
80
81# Allows platform code to provide implementation variants depending on the
82# selected chain of trust.
83$(eval $(call add_define,ARM_COT_${COT}))
84
85ifeq (${COT},dualroot)
86# Platform Root of Trust key files.
87ARM_PROT_KEY		:=	plat/arm/board/common/protpk/arm_protprivk_rsa.pem
88ARM_PROTPK_HASH		:=	plat/arm/board/common/protpk/arm_protpk_rsa_sha256.bin
89
90# Provide the private key to cert_create tool. It needs it to sign the images.
91PROT_KEY		:=	${ARM_PROT_KEY}
92
93$(eval $(call add_define_val,ARM_PROTPK_HASH,'"$(ARM_PROTPK_HASH)"'))
94
95BL1_SOURCES		+=	plat/arm/board/common/protpk/arm_dev_protpk.S
96BL2_SOURCES		+=	plat/arm/board/common/protpk/arm_dev_protpk.S
97
98$(BUILD_PLAT)/bl1/arm_dev_protpk.o: $(ARM_PROTPK_HASH)
99$(BUILD_PLAT)/bl2/arm_dev_protpk.o: $(ARM_PROTPK_HASH)
100endif
101
102ifeq (${COT},cca)
103# Platform and Secure World Root of Trust key files.
104ARM_PROT_KEY		:=	plat/arm/board/common/protpk/arm_protprivk_rsa.pem
105ARM_PROTPK_HASH		:=	plat/arm/board/common/protpk/arm_protpk_rsa_sha256.bin
106ARM_SWD_ROT_KEY		:=	plat/arm/board/common/swd_rotpk/arm_swd_rotprivk_rsa.pem
107ARM_SWD_ROTPK_HASH	:=	plat/arm/board/common/swd_rotpk/arm_swd_rotpk_rsa_sha256.bin
108
109# Provide the private keys to cert_create tool. It needs them to sign the images.
110PROT_KEY		:=	${ARM_PROT_KEY}
111SWD_ROT_KEY		:=	${ARM_SWD_ROT_KEY}
112
113$(eval $(call add_define_val,ARM_PROTPK_HASH,'"$(ARM_PROTPK_HASH)"'))
114$(eval $(call add_define_val,ARM_SWD_ROTPK_HASH,'"$(ARM_SWD_ROTPK_HASH)"'))
115
116BL1_SOURCES		+=	plat/arm/board/common/protpk/arm_dev_protpk.S \
117				plat/arm/board/common/swd_rotpk/arm_dev_swd_rotpk.S
118BL2_SOURCES		+=	plat/arm/board/common/protpk/arm_dev_protpk.S \
119				plat/arm/board/common/swd_rotpk/arm_dev_swd_rotpk.S
120
121$(BUILD_PLAT)/bl1/arm_dev_protpk.o: $(ARM_PROTPK_HASH)
122$(BUILD_PLAT)/bl1/arm_dev_swd_rotpk.o: $(ARM_SWD_ROTPK_HASH)
123$(BUILD_PLAT)/bl2/arm_dev_protpk.o: $(ARM_PROTPK_HASH)
124$(BUILD_PLAT)/bl2/arm_dev_swd_rotpk.o: $(ARM_SWD_ROTPK_HASH)
125endif
126
127endif
128