arm64: Add support for using ARM Trusted Firmware as secure monitor

This patch adds support for integrating the runtime-resident component of ARM Trusted Firmware (github.com/ARM-software/arm-trusted-firmware) called BL31. It expects the ARM TF source tree to be checked out under $(top)/3rdparty/arm-trusted-firmware, which will be set up in a later patch. Also include optional support for VBOOT2 verification (pretty hacky for now, since CBFSv1 is just around the corner and will make all this so much better). BRANCH=None BUG=None TEST=Booted Oak with ARM TF and working PSCI (with additional platform patches). Change-Id: I8c923226135bdf88a9a30a7f5ff163510c35608d Signed-off-by: Patrick Georgi <pgeorgi@chromium.org> Original-Commit-Id: a1b3b2d56b25bfc1f3b2d19bf7876205075a987a Original-Change-Id: I0714cc10b5b10779af53ecbe711ceeb89fb30da2 Original-Signed-off-by: Julius Werner <jwerner@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/270784 Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: http://review.coreboot.org/10249 Tested-by: build bot (Jenkins) Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
2015-05-11 16:45:56 -07:00
parent bbca3a9cfa
commit 745a75faac
6 changed files with 295 additions and 2 deletions
--- a/src/arch/arm64/Makefile.inc
+++ b/src/arch/arm64/Makefile.inc
@@ -154,6 +154,7 @@ ramstage-y += ../../lib/memmove.c
 ramstage-y += stage_entry.S
 ramstage-y += cpu-stubs.c
 ramstage-$(CONFIG_ARM64_USE_SPINTABLE) += spintable.c spintable_asm.S
+ramstage-$(CONFIG_ARM64_USE_ARM_TRUSTED_FIRMWARE) += arm_tf.c
 ramstage-y += transition.c transition_asm.S

 rmodules_arm64-y += ../../lib/memset.c
@@ -179,4 +180,46 @@ $(objcbfs)/ramstage.debug: $$(ramstage-objs)
 	@printf "    CC         $(subst $(obj)/,,$(@))\n"
 	$(LD_ramstage) -nostdlib --gc-sections -o $@ -L$(obj) --start-group $(filter-out %.ld,$(ramstage-objs)) --end-group -T $(obj)/mainboard/$(MAINBOARDDIR)/memlayout.ramstage.ld

+# Build ARM Trusted Firmware (BL31)
+
+ifeq ($(CONFIG_ARM64_USE_ARM_TRUSTED_FIRMWARE),y)
+
+BL31_SOURCE := $(top)/3rdparty/arm-trusted-firmware
+
+BL31_MAKEARGS := PLAT=$(call strip_quotes,$(CONFIG_ARM_TF_PLATFORM_NAME))
+
+ifeq ($(V),1)
+BL31_MAKEARGS += V=1
+endif
+
+# Build ARM TF in debug mode (with serial output) if coreboot uses serial
+ifeq ($(CONFIG_CONSOLE_SERIAL),y)
+BL31_MAKEARGS += DEBUG=1
+endif # CONFIG_CONSOLE_SERIAL
+
+# Avoid build/release|build/debug distinction by overriding BUILD_PLAT directly
+BL31_MAKEARGS += BUILD_PLAT="$(top)/$(obj)/3rdparty/arm-trusted-firmware"
+
+BL31_CFLAGS := -fno-pic -fno-stack-protector
+BL31_LDFLAGS := --emit-relocs
+
+BL31 := $(obj)/3rdparty/arm-trusted-firmware/bl31/bl31.elf
+
+$(BL31):
+	@printf "    MAKE       $(subst $(obj)/,,$(@))\n"
+	CROSS_COMPILE="$(CROSS_COMPILE)" \
+	CFLAGS="$(BL31_CFLAGS)" \
+	LDFLAGS="$(BL31_LDFLAGS)" \
+	$(MAKE) -C $(BL31_SOURCE) $(BL31_MAKEARGS) bl31
+
+.PHONY: $(BL31)
+
+BL31_CBFS := $(call strip_quotes,$(CONFIG_CBFS_PREFIX))/bl31
+$(BL31_CBFS)-file := $(BL31)
+$(BL31_CBFS)-type := stage
+$(BL31_CBFS)-compression := $(CBFS_COMPRESS_FLAG)
+cbfs-files-y += $(BL31_CBFS)
+
+endif # CONFIG_ARM64_USE_ARM_TRUSTED_FIRMWARE
+
 endif # CONFIG_ARCH_RAMSTAGE_ARM64