163 lines
4.3 KiB
Makefile
163 lines
4.3 KiB
Makefile
#
|
|
# Copyright 2020-2022 NXP
|
|
#
|
|
# SPDX-License-Identifier: BSD-3-Clause
|
|
#
|
|
|
|
# For TRUSTED_BOARD_BOOT platforms need to include this makefile
|
|
# Following definations are to be provided by platform.mk file or
|
|
# by user - BL33_INPUT_FILE, BL32_INPUT_FILE, BL31_INPUT_FILE
|
|
|
|
ifeq ($(CHASSIS), 2)
|
|
include $(PLAT_DRIVERS_PATH)/csu/csu.mk
|
|
CSF_FILE := input_blx_ch${CHASSIS}
|
|
BL2_CSF_FILE := input_bl2_ch${CHASSIS}
|
|
else
|
|
ifeq ($(CHASSIS), 3)
|
|
CSF_FILE := input_blx_ch${CHASSIS}
|
|
BL2_CSF_FILE := input_bl2_ch${CHASSIS}
|
|
PBI_CSF_FILE := input_pbi_ch${CHASSIS}
|
|
$(eval $(call add_define, CSF_HDR_CH3))
|
|
else
|
|
ifeq ($(CHASSIS), 3_2)
|
|
CSF_FILE := input_blx_ch3
|
|
BL2_CSF_FILE := input_bl2_ch${CHASSIS}
|
|
PBI_CSF_FILE := input_pbi_ch${CHASSIS}
|
|
$(eval $(call add_define, CSF_HDR_CH3))
|
|
else
|
|
$(error -> CHASSIS not set!)
|
|
endif
|
|
endif
|
|
endif
|
|
|
|
PLAT_AUTH_PATH := $(PLAT_DRIVERS_PATH)/auth
|
|
|
|
|
|
ifeq (${BL2_INPUT_FILE},)
|
|
BL2_INPUT_FILE := $(PLAT_AUTH_PATH)/csf_hdr_parser/${BL2_CSF_FILE}
|
|
endif
|
|
|
|
ifeq (${PBI_INPUT_FILE},)
|
|
PBI_INPUT_FILE := $(PLAT_AUTH_PATH)/csf_hdr_parser/${PBI_CSF_FILE}
|
|
endif
|
|
|
|
# If MBEDTLS_DIR is not specified, use CSF Header option
|
|
ifeq (${MBEDTLS_DIR},)
|
|
# Generic image processing filters to prepend CSF header
|
|
ifeq (${BL33_INPUT_FILE},)
|
|
BL33_INPUT_FILE := $(PLAT_AUTH_PATH)/csf_hdr_parser/${CSF_FILE}
|
|
endif
|
|
|
|
ifeq (${BL31_INPUT_FILE},)
|
|
BL31_INPUT_FILE := $(PLAT_AUTH_PATH)/csf_hdr_parser/${CSF_FILE}
|
|
endif
|
|
|
|
ifeq (${BL32_INPUT_FILE},)
|
|
BL32_INPUT_FILE := $(PLAT_AUTH_PATH)/csf_hdr_parser/${CSF_FILE}
|
|
endif
|
|
|
|
ifeq (${FUSE_INPUT_FILE},)
|
|
FUSE_INPUT_FILE := $(PLAT_AUTH_PATH)/csf_hdr_parser/${CSF_FILE}
|
|
endif
|
|
|
|
PLAT_INCLUDES += -I$(PLAT_DRIVERS_PATH)/sfp
|
|
PLAT_TBBR_SOURCES += $(PLAT_AUTH_PATH)/csf_hdr_parser/cot.c \
|
|
$(PLAT_COMMON_PATH)/tbbr/csf_tbbr.c
|
|
# IMG PARSER here is CSF header parser
|
|
include $(PLAT_DRIVERS_PATH)/auth/csf_hdr_parser/csf_hdr.mk
|
|
PLAT_TBBR_SOURCES += $(CSF_HDR_SOURCES)
|
|
|
|
SCP_BL2_PRE_TOOL_FILTER := CST_SCP_BL2
|
|
BL31_PRE_TOOL_FILTER := CST_BL31
|
|
BL32_PRE_TOOL_FILTER := CST_BL32
|
|
BL33_PRE_TOOL_FILTER := CST_BL33
|
|
else
|
|
|
|
ifeq (${DISABLE_FUSE_WRITE}, 1)
|
|
$(eval $(call add_define,DISABLE_FUSE_WRITE))
|
|
endif
|
|
|
|
# For Mbedtls currently crypto is not supported via CAAM
|
|
# enable it when that support is there
|
|
CAAM_INTEG := 0
|
|
KEY_ALG := rsa
|
|
KEY_SIZE := 2048
|
|
|
|
$(eval $(call add_define,MBEDTLS_X509))
|
|
ifeq (${PLAT_DDR_PHY},PHY_GEN2)
|
|
$(eval $(call add_define,PLAT_DEF_OID))
|
|
endif
|
|
include drivers/auth/mbedtls/mbedtls_x509.mk
|
|
|
|
|
|
PLAT_TBBR_SOURCES += $(PLAT_AUTH_PATH)/tbbr/tbbr_cot.c \
|
|
$(PLAT_COMMON_PATH)/tbbr/nxp_rotpk.S \
|
|
$(PLAT_COMMON_PATH)/tbbr/x509_tbbr.c
|
|
|
|
#ROTPK key is embedded in BL2 image
|
|
ifeq (${ROT_KEY},)
|
|
ROT_KEY = $(BUILD_PLAT)/rot_key.pem
|
|
endif
|
|
|
|
ifeq (${SAVE_KEYS},1)
|
|
|
|
ifeq (${TRUSTED_WORLD_KEY},)
|
|
TRUSTED_WORLD_KEY = ${BUILD_PLAT}/trusted.pem
|
|
endif
|
|
|
|
ifeq (${NON_TRUSTED_WORLD_KEY},)
|
|
NON_TRUSTED_WORLD_KEY = ${BUILD_PLAT}/non-trusted.pem
|
|
endif
|
|
|
|
ifeq (${BL31_KEY},)
|
|
BL31_KEY = ${BUILD_PLAT}/soc.pem
|
|
endif
|
|
|
|
ifeq (${BL32_KEY},)
|
|
BL32_KEY = ${BUILD_PLAT}/trusted_os.pem
|
|
endif
|
|
|
|
ifeq (${BL33_KEY},)
|
|
BL33_KEY = ${BUILD_PLAT}/non-trusted_os.pem
|
|
endif
|
|
|
|
endif
|
|
|
|
ROTPK_HASH = $(BUILD_PLAT)/rotpk_sha256.bin
|
|
|
|
$(eval $(call add_define_val,ROTPK_HASH,'"$(ROTPK_HASH)"'))
|
|
|
|
$(BUILD_PLAT)/bl2/nxp_rotpk.o: $(ROTPK_HASH)
|
|
|
|
certificates: $(ROT_KEY)
|
|
$(ROT_KEY): | $(BUILD_PLAT)
|
|
@echo " OPENSSL $@"
|
|
@if [ ! -f $(ROT_KEY) ]; then \
|
|
openssl genrsa 2048 > $@ 2>/dev/null; \
|
|
fi
|
|
|
|
$(ROTPK_HASH): $(ROT_KEY)
|
|
@echo " OPENSSL $@"
|
|
$(Q)openssl rsa -in $< -pubout -outform DER 2>/dev/null |\
|
|
openssl dgst -sha256 -binary > $@ 2>/dev/null
|
|
|
|
endif #MBEDTLS_DIR
|
|
|
|
PLAT_INCLUDES += -Iinclude/common/tbbr
|
|
|
|
# Generic files for authentication framework
|
|
TBBR_SOURCES += drivers/auth/auth_mod.c \
|
|
drivers/auth/crypto_mod.c \
|
|
drivers/auth/img_parser_mod.c \
|
|
plat/common/tbbr/plat_tbbr.c \
|
|
${PLAT_TBBR_SOURCES}
|
|
|
|
# If CAAM_INTEG is not defined (would be scenario with MBED TLS)
|
|
# include mbedtls_crypto
|
|
ifeq (${CAAM_INTEG},0)
|
|
include drivers/auth/mbedtls/mbedtls_crypto.mk
|
|
else
|
|
include $(PLAT_DRIVERS_PATH)/crypto/caam/src/auth/auth.mk
|
|
TBBR_SOURCES += ${AUTH_SOURCES}
|
|
endif
|