arm64: Add support for using ARM Trusted Firmware as secure monitor
This patch adds support for integrating the runtime-resident component
of ARM Trusted Firmware (github.com/ARM-software/arm-trusted-firmware)
called BL31. It expects the ARM TF source tree to be checked out under
$(top)/3rdparty/arm-trusted-firmware, which will be set up in a later
patch.
Also include optional support for VBOOT2 verification (pretty hacky for
now, since CBFSv1 is just around the corner and will make all this so
much better).
BRANCH=None
BUG=None
TEST=Booted Oak with ARM TF and working PSCI (with additional platform
patches).
Change-Id: I8c923226135bdf88a9a30a7f5ff163510c35608d
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Original-Commit-Id: a1b3b2d56b25bfc1f3b2d19bf7876205075a987a
Original-Change-Id: I0714cc10b5b10779af53ecbe711ceeb89fb30da2
Original-Signed-off-by: Julius Werner <jwerner@chromium.org>
Original-Reviewed-on: https://chromium-review.googlesource.com/270784
Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: http://review.coreboot.org/10249
Tested-by: build bot (Jenkins)
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
diff --git a/src/arch/arm64/Makefile.inc b/src/arch/arm64/Makefile.inc
index 4a09190..b14e69e 100644
--- a/src/arch/arm64/Makefile.inc
+++ b/src/arch/arm64/Makefile.inc
@@ -154,6 +154,7 @@
ramstage-y += stage_entry.S
ramstage-y += cpu-stubs.c
ramstage-$(CONFIG_ARM64_USE_SPINTABLE) += spintable.c spintable_asm.S
+ramstage-$(CONFIG_ARM64_USE_ARM_TRUSTED_FIRMWARE) += arm_tf.c
ramstage-y += transition.c transition_asm.S
rmodules_arm64-y += ../../lib/memset.c
@@ -179,4 +180,46 @@
@printf " CC $(subst $(obj)/,,$(@))\n"
$(LD_ramstage) -nostdlib --gc-sections -o $@ -L$(obj) --start-group $(filter-out %.ld,$(ramstage-objs)) --end-group -T $(obj)/mainboard/$(MAINBOARDDIR)/memlayout.ramstage.ld
+# Build ARM Trusted Firmware (BL31)
+
+ifeq ($(CONFIG_ARM64_USE_ARM_TRUSTED_FIRMWARE),y)
+
+BL31_SOURCE := $(top)/3rdparty/arm-trusted-firmware
+
+BL31_MAKEARGS := PLAT=$(call strip_quotes,$(CONFIG_ARM_TF_PLATFORM_NAME))
+
+ifeq ($(V),1)
+BL31_MAKEARGS += V=1
+endif
+
+# Build ARM TF in debug mode (with serial output) if coreboot uses serial
+ifeq ($(CONFIG_CONSOLE_SERIAL),y)
+BL31_MAKEARGS += DEBUG=1
+endif # CONFIG_CONSOLE_SERIAL
+
+# Avoid build/release|build/debug distinction by overriding BUILD_PLAT directly
+BL31_MAKEARGS += BUILD_PLAT="$(top)/$(obj)/3rdparty/arm-trusted-firmware"
+
+BL31_CFLAGS := -fno-pic -fno-stack-protector
+BL31_LDFLAGS := --emit-relocs
+
+BL31 := $(obj)/3rdparty/arm-trusted-firmware/bl31/bl31.elf
+
+$(BL31):
+ @printf " MAKE $(subst $(obj)/,,$(@))\n"
+ CROSS_COMPILE="$(CROSS_COMPILE)" \
+ CFLAGS="$(BL31_CFLAGS)" \
+ LDFLAGS="$(BL31_LDFLAGS)" \
+ $(MAKE) -C $(BL31_SOURCE) $(BL31_MAKEARGS) bl31
+
+.PHONY: $(BL31)
+
+BL31_CBFS := $(call strip_quotes,$(CONFIG_CBFS_PREFIX))/bl31
+$(BL31_CBFS)-file := $(BL31)
+$(BL31_CBFS)-type := stage
+$(BL31_CBFS)-compression := $(CBFS_COMPRESS_FLAG)
+cbfs-files-y += $(BL31_CBFS)
+
+endif # CONFIG_ARM64_USE_ARM_TRUSTED_FIRMWARE
+
endif # CONFIG_ARCH_RAMSTAGE_ARM64