The Cortex A75 has 5 AMU counters. The first three counters are fixed
and the remaining two are programmable.
A new build option is introduced, `ENABLE_AMU`. When set, the fixed
counters will be enabled for use by lower ELs. The programmable
counters are currently disabled.
Change-Id: I4bd5208799bb9ed7d2596e8b0bfc87abbbe18740
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
The flag support the following values:
- sha256 (default)
- sha384
- sha512
Change-Id: I7a49d858c361e993949cf6ada0a86575c3291066
Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
It is not possible to detect at compile-time whether support for an
optional extension such as SPE should be enabled based on the
ARM_ARCH_MINOR build option value. Therefore SPE is now enabled by
default.
Change-Id: I670db164366aa78a7095de70a0962f7c0328ab7c
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
The implementation currently supports only interrupt-based SDEI events,
and supports all interfaces as defined by SDEI specification version
1.0 [1].
Introduce the build option SDEI_SUPPORT to include SDEI dispatcher in
BL31.
Update user guide and porting guide. SDEI documentation to follow.
[1] http://infocenter.arm.com/help/topic/com.arm.doc.den0054a/ARM_DEN0054A_Software_Delegated_Exception_Interface.pdf
Change-Id: I758b733084e4ea3b27ac77d0259705565842241a
Co-authored-by: Yousuf A <yousuf.sait@arm.com>
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
EHF is a framework that allows dispatching of EL3 interrupts to their
respective handlers in EL3.
This framework facilitates the firmware-first error handling policy in
which asynchronous exceptions may be routed to EL3. Such exceptions may
be handed over to respective exception handlers. Individual handlers
might further delegate exception handling to lower ELs.
The framework associates the delegated execution to lower ELs with a
priority value. For interrupts, this corresponds to the priorities
programmed in GIC; for other types of exceptions, viz. SErrors or
Synchronous External Aborts, individual dispatchers shall explicitly
associate delegation to a secure priority. In order to prevent lower
priority interrupts from preempting higher priority execution, the
framework provides helpers to control preemption by virtue of
programming Priority Mask register in the interrupt controller.
This commit allows for handling interrupts targeted at EL3. Exception
handlers own interrupts by assigning them a range of secure priorities,
and registering handlers for each priority range it owns.
Support for exception handling in BL31 image is enabled by setting the
build option EL3_EXCEPTION_HANDLING=1.
Documentation to follow.
NOTE: The framework assumes the priority scheme supported by platform
interrupt controller is compliant with that of ARM GIC architecture (v2
or later).
Change-Id: I7224337e4cea47c6ca7d7a4ca22a3716939f7e42
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
A Secure Partition is a software execution environment instantiated in
S-EL0 that can be used to implement simple management and security
services. Since S-EL0 is an unprivileged exception level, a Secure
Partition relies on privileged firmware e.g. ARM Trusted Firmware to be
granted access to system and processor resources. Essentially, it is a
software sandbox that runs under the control of privileged software in
the Secure World and accesses the following system resources:
- Memory and device regions in the system address map.
- PE system registers.
- A range of asynchronous exceptions e.g. interrupts.
- A range of synchronous exceptions e.g. SMC function identifiers.
A Secure Partition enables privileged firmware to implement only the
absolutely essential secure services in EL3 and instantiate the rest in
a partition. Since the partition executes in S-EL0, its implementation
cannot be overly complex.
The component in ARM Trusted Firmware responsible for managing a Secure
Partition is called the Secure Partition Manager (SPM). The SPM is
responsible for the following:
- Validating and allocating resources requested by a Secure Partition.
- Implementing a well defined interface that is used for initialising a
Secure Partition.
- Implementing a well defined interface that is used by the normal world
and other secure services for accessing the services exported by a
Secure Partition.
- Implementing a well defined interface that is used by a Secure
Partition to fulfil service requests.
- Instantiating the software execution environment required by a Secure
Partition to fulfil a service request.
Change-Id: I6f7862d6bba8732db5b73f54e789d717a35e802f
Co-authored-by: Douglas Raillard <douglas.raillard@arm.com>
Co-authored-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Co-authored-by: Achin Gupta <achin.gupta@arm.com>
Co-authored-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
If ARMv7 based platform does not set ARM_CORTEX_Ax=yes, platform
shall define ARMV7_SUPPORTS_GENERIC_TIMER to enable generic timer
support.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
ARMv7-A Virtualization extensions brings new instructions and resources
that were supported by later architectures. Reference ARM ARM Issue C.c
[DDI0406C_C].
ERET and extended MSR/MRS instructions, as specified in [DDI0406C_C] in
ID_PFR1 description of bits[15:12] (Virtualization Extensions):
A value of 0b0001 implies implementation of the HVC, ERET, MRS
(Banked register), and MSR (Banked register) instructions. The ID_ISARs
do not identify whether these instructions are implemented.
UDIV/SDIV were introduced with the Virtualization extensions, even if
not strictly related to the virtualization extensions.
If ARMv7 based platform does not set ARM_CORTEX_Ax=yes, platform
shall define ARMV7_SUPPORTS_VIRTUALIZATION to enable virtualization
extension related resources.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
ARCH_SUPPORTS_LARGE_PAGE_ADDRESSING allows build environment to
handle specific case when target ARMv7 core only supports 32bit MMU
descriptor mode.
If ARMv7 based platform does not set ARM_CORTEX_Ax=yes, platform
shall define ARMV7_SUPPORTS_LARGE_PAGE_ADDRESSING to enable
large page addressing support.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
External build environment shall sets directive ARM_ARCH_MAJOR to 7
to specify a target ARMv7-A core.
As ARM-TF expects AARCH to be set, ARM_ARCH_MAJOR==7 mandates
AARCH=aarch32.
The toolchain target architecture/cpu is delegated after the platform
configuration is parsed. Platform shall define target core through
ARM_CORTEX_A<x>=yes, <x> being 5, 7, 9, 12, 15 and/or 17.
Platform can bypass ARM_CORTEX_A<x>=yes directive and provide straight
the toolchain target directive through MARCH32_DIRECTIVE.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Some platforms (for ex. UniPhier) want to create files in the very
top of the build directory. Add ${BUILD_PLAT} so such files can
depend on it.
Make existing directory targets depend on ${BUILD_PLAT} because
they are sub-directories of ${BUILD_PLAT}.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
The back end GIC driver converts and assigns the interrupt type to
suitable group.
For GICv2, a build option GICV2_G0_FOR_EL3 is introduced, which
determines to which type Group 0 interrupts maps to.
- When the build option is set 0 (the default), Group 0 interrupts are
meant for Secure EL1. This is presently the case.
- Otherwise, Group 0 interrupts are meant for EL3. This means the SPD
will have to synchronously hand over the interrupt to Secure EL1.
The query API allows the platform to query whether the platform supports
interrupts of a given type.
API documentation updated.
Change-Id: I60fdb4053ffe0bd006b3b20914914ebd311fc858
Co-authored-by: Yousuf A <yousuf.sait@arm.com>
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
The `KEY_ALG` variable is used to select the algorithm for key
generation by `cert_create` tool for signing the certificates. This
variable was previously undocumented and did not have a global default
value. This patch corrects this and also adds changes to derive the
value of `TF_MBEDTLS_KEY_ALG` based on `KEY_ALG` if it not set by the
platform. The corresponding assignment of these variables are also now
removed from the `arm_common.mk` makefile.
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Change-Id: I78e2d6f4fc04ed5ad35ce2266118afb63127a5a4
Since Trusted OS firmware may have extra images, need to
assign new uuid and image id for them.
The TBBR chain of trust has been extended to add support
for the new images within the existing Trusted OS firmware
content certificate.
Change-Id: I678dac7ba1137e85c5779b05e0c4331134c10e06
Signed-off-by: Summer Qin <summer.qin@arm.com>
The current build system and driver requires the CCI product to be
specified at build time. The device constraints can be determined at run
time from its ID registers, obviating the need for specifying them
ahead.
This patch adds changes to identify and validate CCI at run time. Some
global variables are renamed to be in line with the rest of the code
base.
The build option ARM_CCI_PRODUCT_ID is now removed, and user guide is
updated.
Change-Id: Ibb765e349d3bc95ff3eb9a64bde1207ab710a93d
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
This patch defines the variable `LDLIBS` which allows external
libraries to be specified to 'ld' to enable it to link the
libraries.
Change-Id: I02a490eca1074063d00153ccb0ee974ef8859a0e
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Use TF_LDFLAGS from the Makefiles, and still append LDFLAGS as well to
the compiler's invocation. This allows passing extra options from the
make command line using LDFLAGS.
Document new LDFLAGS Makefile option.
Change-Id: I88c5ac26ca12ac2b2d60a6f150ae027639991f27
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
SPE is only supported in non-secure state. Accesses to SPE specific
registers from SEL1 will trap to EL3. During a world switch, before
`TTBR` is modified the SPE profiling buffers are drained. This is to
avoid a potential invalid memory access in SEL1.
SPE is architecturally specified only for AArch64.
Change-Id: I04a96427d9f9d586c331913d815fdc726855f6b0
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
It doesn't make sense to use the `-pedantic` flag when building the
Trusted Firmware as we use GNU extensions and so our code is not
fully ISO C compliant. This flag only makes sense if the code intends to
be ISO C compliant.
Change-Id: I6273564112759ff57f03b273f5349733a5f38aef
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Platforms aligned with TBBR are supposed to use their own OIDs, but
defining the same macros with different OIDs does not provide any
value (at least technically).
For easier use of TBBR, this commit allows platforms to reuse the OIDs
obtained by ARM Ltd. This will be useful for non-ARM vendors that
do not need their own extension fields in their certificate files.
The OIDs of ARM Ltd. have been moved to include/tools_share/tbbr_oid.h
Platforms can include <tbbr_oid.h> instead of <platform_oid.h> by
defining USE_TBBR_DEFS as 1. USE_TBBR_DEFS is 0 by default to keep the
backward compatibility.
For clarification, I inserted a blank line between headers from the
include/ directory (#include <...>) and ones from a local directory
(#include "..." ).
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
The current assert_boolean does not work with variables assigned with
'=' flavor instead of ':='.
For example,
FOO = $(BAR)
BAR := 1
Here, $(value FOO) is evaluated to $(BAR), not 1. This is not what
we expect. While I am here, I simplified the implementation.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
This patch adds `TRUSTED_BOARD_BOOT` support for AArch32 mode.
To build this patch the "mbedtls/include/mbedtls/bignum.h"
needs to be modified to remove `#define MBEDTLS_HAVE_UDBL`
when `MBEDTLS_HAVE_INT32` is defined. This is a workaround
for "https://github.com/ARMmbed/mbedtls/issues/708"
NOTE: TBBR support on Juno AArch32 is not currently supported.
Change-Id: I86d80e30b9139adc4d9663f112801ece42deafcf
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
Co-Authored-By: Yatharth Kochar <yatharth.kochar@arm.com>
To make software license auditing simpler, use SPDX[0] license
identifiers instead of duplicating the license text in every file.
NOTE: Files that have been imported by FreeBSD have not been modified.
[0]: https://spdx.org/
Change-Id: I80a00e1f641b8cc075ca5a95b10607ed9ed8761a
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
Some recent changes have added direct use of the echo command without
parameters. This fails on a Windows shell, because echo without
parameters reports the mode ("ECHO is on").
This is corrected using the ECHO_BLANK_LINE macro already provided
for that purpose.
Change-Id: I5fd7192861b4496f6f46b4f096e80a752cd135d6
Signed-off-by: Evan Lloyd <evan.lloyd@arm.com>
2 problems were found, but are in one change to avoid submitting a patch
that might fail to build. The problems were:
1. The macro MAKE_PREREQ_DIR has a minor bug, in that it is capable of
generating recursive dependencies.
2. The inclusion of BUILD_DIR in TEMP_OBJ_DIRS left no explicit
dependency, BUILD_DIR might not exist when subdirectories are
created by a thread on another CPU.
This fix corrects these with the following changes:
1. MAKE_PREREQ_DIR does nothing for a direct self dependency.
2. BUILD_DIR is built using MAKE_PREREQ_DIR.
3. BUILD_DIR is an explicit prerequisite of all OBJ_DIRS.
Change-Id: I938cddea4a006df225c02a47b9cf759212f27fb7
Signed-off-by: Evan Lloyd <evan.lloyd@arm.com>
This patch introduces a build option to enable D-cache early on the CPU
after warm boot. This is applicable for platforms which do not require
interconnect programming to enable cache coherency (eg: single cluster
platforms). If this option is enabled, then warm boot path enables
D-caches immediately after enabling MMU.
FixesARM-Software/tf-issues#456
Change-Id: I44c8787d116d7217837ced3bcf0b1d3441c8d80e
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Introduce new build option ENABLE_STACK_PROTECTOR. It enables
compilation of all BL images with one of the GCC -fstack-protector-*
options.
A new platform function plat_get_stack_protector_canary() is introduced.
It returns a value that is used to initialize the canary for stack
corruption detection. Returning a random value will prevent an attacker
from predicting the value and greatly increase the effectiveness of the
protection.
A message is printed at the ERROR level when a stack corruption is
detected.
To be effective, the global data must be stored at an address
lower than the base of the stacks. Failure to do so would allow an
attacker to overwrite the canary as part of an attack which would void
the protection.
FVP implementation of plat_get_stack_protector_canary is weak as
there is no real source of entropy on the FVP. It therefore relies on a
timer's value, which could be predictable.
Change-Id: Icaaee96392733b721fa7c86a81d03660d3c1bc06
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
The boolean build option HW_ASSISTED_COHERENCY is introduced to enable
various optimizations in ARM Trusted Software, when built for such
systems. It's set to 0 by default.
Change-Id: I638390da6e1718fe024dcf5b402e07084f1eb014
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
The ARMv8v.1 architecture extension has introduced support for far
atomics, which includes compare-and-swap. Compare and Swap instruction
is only available for AArch64.
Introduce build options to choose the architecture versions to target
ARM Trusted Firmware:
- ARM_ARCH_MAJOR: selects the major version of target ARM
Architecture. Default value is 8.
- ARM_ARCH_MINOR: selects the minor version of target ARM
Architecture. Default value is 0.
When:
(ARM_ARCH_MAJOR > 8) || ((ARM_ARCH_MAJOR == 8) && (ARM_ARCH_MINOR >= 1)),
for AArch64, Compare and Swap instruction is used to implement spin
locks. Otherwise, the implementation falls back to using
load-/store-exclusive instructions.
Update user guide, and introduce a section in Firmware Design guide to
summarize support for features introduced in ARMv8 Architecture
Extensions.
Change-Id: I73096a0039502f7aef9ec6ab3ae36680da033f16
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
The current fiptool packs all the images without any padding between
them. So, the offset to each image has no alignment. This is not
efficient, for example, when the FIP is read from a block-oriented
device.
For example, (e)MMC is accessed by block-addressing. The block size
is 512 byte. So, the best case is each image is aligned by 512 byte
since the DMA engine can transfer the whole of the image to its load
address directly. The worst case is the offset does not have even
DMA-capable alignment (this is where we stand now). In this case,
we need to transfer every block to a bounce buffer, then do memcpy()
from the bounce buffer to our final destination. At least, this
should work with the abstraction by the block I/O layer, but the
CPU-intervention for the whole data transfer makes it really slow.
This commit adds a new option --align to the fiptool. This option,
if given, requests the tool to align each component in the FIP file
by the specified byte. Also, add a new Make option FIP_ALIGN for
easier access to this feature; users can give something like
FIP_ALIGN=512 from the command line, or add "FIP_ALIGN := 512" to
their platform.mk file.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Soren reports build fails if -j option is given:
$ make -j16 CROSS_COMPILE=aarch64-linux-gnu-
Building fvp
make: *** No rule to make target 'build/fvp/release/bl1/',
needed by 'build/fvp/release/bl1/bl1.ld'. Stop.
make: *** Waiting for unfinished jobs....
The cause of the failure is that $(dir ) leaves a trailing / on the
directory names. It must be ripped off to let Make create the
directory.
There are some ways to fix the issue. Here, I chose to make MAKE_LD
look like MAKE_C and MAKE_S because bl*_dirs seems the central place
of making directories.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Reported-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
Tested-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
This adds a phony target for each dependency other than the main
file, causing each to depend on nothing.
Without this, the incremental build will fail when a header file
is removed.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Currently, .d files are generated before any objects are built.
So, IS_ANYTHING_TO_BUILD flag is needed to avoid such processing for
non-build targets.
There is a cleverer way; just create a .d file simultaneously when
the corresponding object is created. No need to have separate rules
for .d files.
This commit will also fix a bug; -D$(IMAGE) is defined for $(OBJ),
but not for $(PREREQUISITES). So, .d files are generated with
different macro sets from those for .o files, then wrong .d files
are generated.
For example, in lib/cpus/aarch64/cpu_helpers.S
#if IMAGE_BL31
#include <cpu_data.h>
#endif
<cpu_data.h> is parsed for the object when built for BL31, but the
.d file does not pick up that dependency.
With this commit, the compiler will generate .o and .d at the same
time, guaranteeing they are generated under the same circumstances.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Using AS for pre-processing looks a bit weird, and some assembly
specific options are given for nothing. Rather, use CPP.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
The -c flag should not be included in the global variable TF_CFLAGS;
it should be specified in the build rule only when its target is a
*.o file.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Some files have incorrect copyright notices, this patch fixes all
files with deviations from the standard notice.
Change-Id: I66b73e78a50a235acb55f1e2ec2052a42c0570d2
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
When build variables are assigned or processed en masse, they'd appear
neater in alphabetical order.
Static initializations are moved to a separate file,
make_helpers/defaults.mk, which in itself is sorted alphabetically.
No functional changes.
Change-Id: I966010042b33de6b67592fb9ffcef8fc44d7d128
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
fiptool provides a more consistent and intuitive interface compared to
the fip_create program. It serves as a better base to build on more
features in the future.
fiptool supports various subcommands. Below are the currently
supported subcommands:
1) info - List the images contained in a FIP file.
2) create - Create a new FIP file with the given images.
3) update - Update an existing FIP with the given images.
4) unpack - Extract a selected set or all the images from a FIP file.
5) remove - Remove images from a FIP file. This is a new command that
was not present in fip_create.
To create a new FIP file, replace "fip_create" with "fiptool create".
To update a FIP file, replace "fip_create" with "fiptool update".
To dump the contents of a FIP file, replace "fip_create --dump" with
"fiptool info".
A compatibility script that emulates the basic functionality of
fip_create is provided. Existing scripts might or might not work with
the compatibility script. Users are strongly encouraged to migrate to
fiptool.
FixesARM-Software/tf-issues#87FixesARM-Software/tf-issues#108FixesARM-Software/tf-issues#361
Change-Id: I7ee4da7ac60179cc83cf46af890fd8bc61a53330
The user can provide additional CFLAGS to use when building TF.
However, these custom CFLAGS are currently prepended to the
standard CFLAGS that are hardcoded in the TF build system. This
is an issue because when providing conflicting compiler flags
(e.g. different optimisations levels like -O1 and -O0), the last
one on the command line usually takes precedence. This means that
the user flags get overriden.
To address this problem, this patch separates the TF CFLAGS from
the user CFLAGS. The former are now stored in the TF_CFLAGS make
variable, whereas the CFLAGS make variable is untouched and reserved
for the user. The order of the 2 sets of flags is enforced when
invoking the compiler.
FixesARM-Software/tf-issues#350
Change-Id: Ib189f44555b885f1dffbec6015092f381600e560
To get round problems encountered when building in a DOS build
environment the generation of the .o file containing build identifier
strings is modified.
The problems encounterred were:
1. DOS echo doesn't strip ' characters from the output text.
2. git is not available from CMD.EXE so the BUILD_STRING value needs
some other origin.
A BUILD_STRING value of "development build" is used for now.
MAKE_BUILD_STRINGS is used to customise build string generation in a DOS
environment. This variable is not defined in the UNIX build environment
make file helper, and so the existing build string generation behaviour
is retained in these build environments.
NOTE: This commit completes a cumulative series aimed at improving
build portability across development environments.
This enables the build to run on several new build environments,
if the relevant tools are available.
At this point the build is tested on Windows 7 Enterprise SP1,
using CMD.EXE, Cygwin and Msys (MinGW),as well as a native
Linux envionment". The Windows platform builds used
aarch64-none-elf-gcc.exe 4.9.1. CMD.EXE and Msys used Gnu
Make 3.81, cygwin used Gnu Make 4.1.
CAVEAT: The cert_create tool build is not tested on the Windows
platforms (openssl-for-windows has a GPL license).
Change-Id: Iaa4fc89dbe2a9ebae87e2600c9eef10a6af30251
Because of command differences in some build environments the "inline"
method of generating the build directory structure is not portable.
(e.g. in DOS environments the mkdir shell command fails if a directory
already exists, whereas in UNIX environments it succeeds.)
To improve portability we generate the directories needed using make,
but use the "order-only prerequisites" feature of make to prevent writes
of files into the directories generating re-builds, as suggested in the
GNU make Manual (Version 4.1 September 2014).
Change-Id: Ic9af475831063c7fe6f8bccffef184d79e799419
In some build environments executable programs have a specific file
extension. The value of BIN_EXT is appended to the relevant tool file
names to allow for this.
The value of BIN_EXT is set, where appropriate, by the build environment
specific make helper (to .exe for Windows build environments).
.gitignore is updated to hide the new (.exe) files.
Change-Id: Icc32f64b750e425265075ad4e0dea18129640b86
Add make helper files to select the appropriate settings for the build
environment. Selection is made in make_helpers/build_env.mk, which
selects other files to include using generic build environment settings.
The Trusted Firmware Makefile and supporting tool Makefiles are updated
to include build_env.mk instead of unix.mk.
NOTE: This change does not fully enable builds in other build
environments. It facilitates this without compromising the
existing build environments.
Change-Id: Ic4064ffe6ce158bbd16d7cc9f27dd4655a3580f6
To help diagnose make problems, we report an error if the make
program used does not provide the $(eval ) make functionality.
This will detect early versions of GNU make and other make programs.
Change-Id: I0ebb0f63694cf0b04eaeb7ea1e9e172fb9770ce0
Macros are inserted to replace direct invocations of commands that are
problematic on some build environments. (e.g. Some environments expect
\ in paths instead of /.)
The changes take into account mismatched command mappings across
environments.
The new helper file unix.mk retains existing makefile behaviour on unix
like build environments by providing the following macro definitions:
SHELL_COPY cp -f
SHELL_COPY_TREE cp -rf
SHELL_DELETE rm -f
SHELL_DELETE_ALL rm -rf
MAKE_PREREQ_DIR mkdir -p (As make target)
SHELL_REMOVE_DIR rm -rf
Change-Id: I1b5ca5e1208e78230b15284c4af00c1c006cffcb
As an initial stage of making Trusted Firmware build environment more
portable, we remove most uses of the $(shell ) function and replace them
with more portable make function based solutions.
Note that the setting of BUILD_STRING still uses $(shell ) since it's
not possible to reimplement this as a make function. Avoiding invocation
of this on incompatible host platforms will be implemented separately.
Change-Id: I768e2f9a265c78814a4adf2edee4cc46cda0f5b8
This patch adds non-volatile counter support to the Certificate
Generation tool. The TBBR Chain of Trust definition in the tool
has been extended to include the counters as certificate extensions.
The counter values can be specified in the command line.
The following default counter values are specified in the build
system:
* Trusted FW Non-Volatile counter = 0
* Non-Trusted FW Non-Volatile counter = 0
These values can be overridden by the platform at build time.
Change-Id: I7ea10ee78d72748d181df4ee78a7169b3ef2720c
This allows reproducible builds (same source and same compiler produce
bit-identical results) and also allows coordinating the timestamp across
multiple projects, eg. with another firmware.
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Dimitris Papastamos
Qixiang Xu
Jeenu Viswambharan
Antonio Nino Diaz
Etienne Carriere
Masahiro Yamada
Soby Mathew
Summer Qin
Douglas Raillard
Evan Lloyd
Soren Brinkmann
Sandrine Bailleux
Juan Castillo
Patrick Georgi