From 745a75faac970ec5dd35472412ddb94e888e4198 Mon Sep 17 00:00:00 2001 From: Julius Werner Date: Mon, 11 May 2015 16:45:56 -0700 Subject: arm64: Add support for using ARM Trusted Firmware as secure monitor This patch adds support for integrating the runtime-resident component of ARM Trusted Firmware (github.com/ARM-software/arm-trusted-firmware) called BL31. It expects the ARM TF source tree to be checked out under $(top)/3rdparty/arm-trusted-firmware, which will be set up in a later patch. Also include optional support for VBOOT2 verification (pretty hacky for now, since CBFSv1 is just around the corner and will make all this so much better). BRANCH=None BUG=None TEST=Booted Oak with ARM TF and working PSCI (with additional platform patches). Change-Id: I8c923226135bdf88a9a30a7f5ff163510c35608d Signed-off-by: Patrick Georgi Original-Commit-Id: a1b3b2d56b25bfc1f3b2d19bf7876205075a987a Original-Change-Id: I0714cc10b5b10779af53ecbe711ceeb89fb30da2 Original-Signed-off-by: Julius Werner Original-Reviewed-on: https://chromium-review.googlesource.com/270784 Original-Reviewed-by: Aaron Durbin Reviewed-on: http://review.coreboot.org/10249 Tested-by: build bot (Jenkins) Reviewed-by: Stefan Reinauer --- src/arch/arm64/Makefile.inc | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) (limited to 'src/arch/arm64/Makefile.inc') diff --git a/src/arch/arm64/Makefile.inc b/src/arch/arm64/Makefile.inc index 4a09190239..b14e69e767 100644 --- a/src/arch/arm64/Makefile.inc +++ b/src/arch/arm64/Makefile.inc @@ -154,6 +154,7 @@ ramstage-y += ../../lib/memmove.c ramstage-y += stage_entry.S ramstage-y += cpu-stubs.c ramstage-$(CONFIG_ARM64_USE_SPINTABLE) += spintable.c spintable_asm.S +ramstage-$(CONFIG_ARM64_USE_ARM_TRUSTED_FIRMWARE) += arm_tf.c ramstage-y += transition.c transition_asm.S rmodules_arm64-y += ../../lib/memset.c @@ -179,4 +180,46 @@ $(objcbfs)/ramstage.debug: $$(ramstage-objs) @printf " CC $(subst $(obj)/,,$(@))\n" $(LD_ramstage) -nostdlib --gc-sections -o $@ -L$(obj) --start-group $(filter-out %.ld,$(ramstage-objs)) --end-group -T $(obj)/mainboard/$(MAINBOARDDIR)/memlayout.ramstage.ld +# Build ARM Trusted Firmware (BL31) + +ifeq ($(CONFIG_ARM64_USE_ARM_TRUSTED_FIRMWARE),y) + +BL31_SOURCE := $(top)/3rdparty/arm-trusted-firmware + +BL31_MAKEARGS := PLAT=$(call strip_quotes,$(CONFIG_ARM_TF_PLATFORM_NAME)) + +ifeq ($(V),1) +BL31_MAKEARGS += V=1 +endif + +# Build ARM TF in debug mode (with serial output) if coreboot uses serial +ifeq ($(CONFIG_CONSOLE_SERIAL),y) +BL31_MAKEARGS += DEBUG=1 +endif # CONFIG_CONSOLE_SERIAL + +# Avoid build/release|build/debug distinction by overriding BUILD_PLAT directly +BL31_MAKEARGS += BUILD_PLAT="$(top)/$(obj)/3rdparty/arm-trusted-firmware" + +BL31_CFLAGS := -fno-pic -fno-stack-protector +BL31_LDFLAGS := --emit-relocs + +BL31 := $(obj)/3rdparty/arm-trusted-firmware/bl31/bl31.elf + +$(BL31): + @printf " MAKE $(subst $(obj)/,,$(@))\n" + CROSS_COMPILE="$(CROSS_COMPILE)" \ + CFLAGS="$(BL31_CFLAGS)" \ + LDFLAGS="$(BL31_LDFLAGS)" \ + $(MAKE) -C $(BL31_SOURCE) $(BL31_MAKEARGS) bl31 + +.PHONY: $(BL31) + +BL31_CBFS := $(call strip_quotes,$(CONFIG_CBFS_PREFIX))/bl31 +$(BL31_CBFS)-file := $(BL31) +$(BL31_CBFS)-type := stage +$(BL31_CBFS)-compression := $(CBFS_COMPRESS_FLAG) +cbfs-files-y += $(BL31_CBFS) + +endif # CONFIG_ARM64_USE_ARM_TRUSTED_FIRMWARE + endif # CONFIG_ARCH_RAMSTAGE_ARM64 -- cgit v1.2.3