1# 2# Copyright 2020 NXP 3# 4# SPDX-License-Identifier: BSD-3-Clause 5# 6 7# For TRUSTED_BOARD_BOOT platforms need to include this makefile 8# Following definations are to be provided by platform.mk file or 9# by user - BL33_INPUT_FILE, BL32_INPUT_FILE, BL31_INPUT_FILE 10 11ifeq ($(CHASSIS), 2) 12include $(PLAT_DRIVERS_PATH)/csu/csu.mk 13CSF_FILE := input_blx_ch${CHASSIS} 14BL2_CSF_FILE := input_bl2_ch${CHASSIS} 15else 16ifeq ($(CHASSIS), 3_2) 17CSF_FILE := input_blx_ch3 18BL2_CSF_FILE := input_bl2_ch${CHASSIS} 19PBI_CSF_FILE := input_pbi_ch${CHASSIS} 20$(eval $(call add_define, CSF_HDR_CH3)) 21else 22 $(error -> CHASSIS not set!) 23endif 24endif 25 26PLAT_AUTH_PATH := $(PLAT_DRIVERS_PATH)/auth 27 28 29ifeq (${BL2_INPUT_FILE},) 30 BL2_INPUT_FILE := $(PLAT_AUTH_PATH)/csf_hdr_parser/${BL2_CSF_FILE} 31endif 32 33ifeq (${PBI_INPUT_FILE},) 34 PBI_INPUT_FILE := $(PLAT_AUTH_PATH)/csf_hdr_parser/${PBI_CSF_FILE} 35endif 36 37# If MBEDTLS_DIR is not specified, use CSF Header option 38ifeq (${MBEDTLS_DIR},) 39 # Generic image processing filters to prepend CSF header 40 ifeq (${BL33_INPUT_FILE},) 41 BL33_INPUT_FILE := $(PLAT_AUTH_PATH)/csf_hdr_parser/${CSF_FILE} 42 endif 43 44 ifeq (${BL31_INPUT_FILE},) 45 BL31_INPUT_FILE := $(PLAT_AUTH_PATH)/csf_hdr_parser/${CSF_FILE} 46 endif 47 48 ifeq (${BL32_INPUT_FILE},) 49 BL32_INPUT_FILE := $(PLAT_AUTH_PATH)/csf_hdr_parser/${CSF_FILE} 50 endif 51 52 ifeq (${FUSE_INPUT_FILE},) 53 FUSE_INPUT_FILE := $(PLAT_AUTH_PATH)/csf_hdr_parser/${CSF_FILE} 54 endif 55 56 PLAT_INCLUDES += -I$(PLAT_DRIVERS_PATH)/sfp 57 PLAT_TBBR_SOURCES += $(PLAT_AUTH_PATH)/csf_hdr_parser/cot.c \ 58 $(PLAT_COMMON_PATH)/tbbr/csf_tbbr.c 59 # IMG PARSER here is CSF header parser 60 include $(PLAT_DRIVERS_PATH)/auth/csf_hdr_parser/csf_hdr.mk 61 PLAT_TBBR_SOURCES += $(CSF_HDR_SOURCES) 62 63 SCP_BL2_PRE_TOOL_FILTER := CST_SCP_BL2 64 BL31_PRE_TOOL_FILTER := CST_BL31 65 BL32_PRE_TOOL_FILTER := CST_BL32 66 BL33_PRE_TOOL_FILTER := CST_BL33 67else 68 69 ifeq (${DISABLE_FUSE_WRITE}, 1) 70 $(eval $(call add_define,DISABLE_FUSE_WRITE)) 71 endif 72 73 # For Mbedtls currently crypto is not supported via CAAM 74 # enable it when that support is there 75 CAAM_INTEG := 0 76 KEY_ALG := rsa 77 KEY_SIZE := 2048 78 79 $(eval $(call add_define,MBEDTLS_X509)) 80 ifeq (${PLAT_DDR_PHY},PHY_GEN2) 81 $(eval $(call add_define,PLAT_DEF_OID)) 82 endif 83 include drivers/auth/mbedtls/mbedtls_x509.mk 84 85 86 PLAT_TBBR_SOURCES += $(PLAT_AUTH_PATH)/tbbr/tbbr_cot.c \ 87 $(PLAT_COMMON_PATH)/tbbr/nxp_rotpk.S \ 88 $(PLAT_COMMON_PATH)/tbbr/x509_tbbr.c 89 90 #ROTPK key is embedded in BL2 image 91 ifeq (${ROT_KEY},) 92 ROT_KEY = $(BUILD_PLAT)/rot_key.pem 93 endif 94 95 ifeq (${SAVE_KEYS},1) 96 97 ifeq (${TRUSTED_WORLD_KEY},) 98 TRUSTED_WORLD_KEY = ${BUILD_PLAT}/trusted.pem 99 endif 100 101 ifeq (${NON_TRUSTED_WORLD_KEY},) 102 NON_TRUSTED_WORLD_KEY = ${BUILD_PLAT}/non-trusted.pem 103 endif 104 105 ifeq (${BL31_KEY},) 106 BL31_KEY = ${BUILD_PLAT}/soc.pem 107 endif 108 109 ifeq (${BL32_KEY},) 110 BL32_KEY = ${BUILD_PLAT}/trusted_os.pem 111 endif 112 113 ifeq (${BL33_KEY},) 114 BL33_KEY = ${BUILD_PLAT}/non-trusted_os.pem 115 endif 116 117 endif 118 119 ROTPK_HASH = $(BUILD_PLAT)/rotpk_sha256.bin 120 121 $(eval $(call add_define_val,ROTPK_HASH,'"$(ROTPK_HASH)"')) 122 123 $(BUILD_PLAT)/bl2/nxp_rotpk.o: $(ROTPK_HASH) 124 125 certificates: $(ROT_KEY) 126 $(ROT_KEY): | $(BUILD_PLAT) 127 @echo " OPENSSL $@" 128 @if [ ! -f $(ROT_KEY) ]; then \ 129 openssl genrsa 2048 > $@ 2>/dev/null; \ 130 fi 131 132 $(ROTPK_HASH): $(ROT_KEY) 133 @echo " OPENSSL $@" 134 $(Q)openssl rsa -in $< -pubout -outform DER 2>/dev/null |\ 135 openssl dgst -sha256 -binary > $@ 2>/dev/null 136 137endif #MBEDTLS_DIR 138 139PLAT_INCLUDES += -Iinclude/common/tbbr 140 141# Generic files for authentication framework 142TBBR_SOURCES += drivers/auth/auth_mod.c \ 143 drivers/auth/crypto_mod.c \ 144 drivers/auth/img_parser_mod.c \ 145 plat/common/tbbr/plat_tbbr.c \ 146 ${PLAT_TBBR_SOURCES} 147 148# If CAAM_INTEG is not defined (would be scenario with MBED TLS) 149# include mbedtls_crypto 150ifeq (${CAAM_INTEG},0) 151 include drivers/auth/mbedtls/mbedtls_crypto.mk 152else 153 include $(PLAT_DRIVERS_PATH)/crypto/caam/src/auth/auth.mk 154 TBBR_SOURCES += ${AUTH_SOURCES} 155endif 156