From 102b0d2daa97dae68d3eed54d8fe37a9cc38a892 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sun, 28 Apr 2024 11:13:47 +0200
Subject: Adding upstream version 2.8.0+dfsg.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 plat/nxp/common/tbbr/tbbr.mk | 162 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 162 insertions(+)
 create mode 100644 plat/nxp/common/tbbr/tbbr.mk

(limited to 'plat/nxp/common/tbbr/tbbr.mk')

diff --git a/plat/nxp/common/tbbr/tbbr.mk b/plat/nxp/common/tbbr/tbbr.mk
new file mode 100644
index 0000000..4aac9d6
--- /dev/null
+++ b/plat/nxp/common/tbbr/tbbr.mk
@@ -0,0 +1,162 @@
+#
+# Copyright 2020-2022 NXP
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+
+# For TRUSTED_BOARD_BOOT platforms need to include this makefile
+# Following definations are to be provided by platform.mk file or
+# by user - BL33_INPUT_FILE, BL32_INPUT_FILE, BL31_INPUT_FILE
+
+ifeq ($(CHASSIS), 2)
+include $(PLAT_DRIVERS_PATH)/csu/csu.mk
+CSF_FILE		:=	input_blx_ch${CHASSIS}
+BL2_CSF_FILE		:=	input_bl2_ch${CHASSIS}
+else
+ifeq ($(CHASSIS), 3)
+CSF_FILE		:=	input_blx_ch${CHASSIS}
+BL2_CSF_FILE		:=	input_bl2_ch${CHASSIS}
+PBI_CSF_FILE		:=	input_pbi_ch${CHASSIS}
+$(eval $(call add_define, CSF_HDR_CH3))
+else
+ifeq ($(CHASSIS), 3_2)
+CSF_FILE		:=	input_blx_ch3
+BL2_CSF_FILE		:=	input_bl2_ch${CHASSIS}
+PBI_CSF_FILE		:=	input_pbi_ch${CHASSIS}
+$(eval $(call add_define, CSF_HDR_CH3))
+else
+    $(error -> CHASSIS not set!)
+endif
+endif
+endif
+
+PLAT_AUTH_PATH		:=  $(PLAT_DRIVERS_PATH)/auth
+
+
+ifeq (${BL2_INPUT_FILE},)
+    BL2_INPUT_FILE	:= $(PLAT_AUTH_PATH)/csf_hdr_parser/${BL2_CSF_FILE}
+endif
+
+ifeq (${PBI_INPUT_FILE},)
+    PBI_INPUT_FILE	:= $(PLAT_AUTH_PATH)/csf_hdr_parser/${PBI_CSF_FILE}
+endif
+
+# If MBEDTLS_DIR is not specified, use CSF Header option
+ifeq (${MBEDTLS_DIR},)
+    # Generic image processing filters to prepend CSF header
+    ifeq (${BL33_INPUT_FILE},)
+    BL33_INPUT_FILE	:= $(PLAT_AUTH_PATH)/csf_hdr_parser/${CSF_FILE}
+    endif
+
+    ifeq (${BL31_INPUT_FILE},)
+    BL31_INPUT_FILE	:= $(PLAT_AUTH_PATH)/csf_hdr_parser/${CSF_FILE}
+    endif
+
+    ifeq (${BL32_INPUT_FILE},)
+    BL32_INPUT_FILE	:= $(PLAT_AUTH_PATH)/csf_hdr_parser/${CSF_FILE}
+    endif
+
+    ifeq (${FUSE_INPUT_FILE},)
+    FUSE_INPUT_FILE	:= $(PLAT_AUTH_PATH)/csf_hdr_parser/${CSF_FILE}
+    endif
+
+    PLAT_INCLUDES	+= -I$(PLAT_DRIVERS_PATH)/sfp
+    PLAT_TBBR_SOURCES	+= $(PLAT_AUTH_PATH)/csf_hdr_parser/cot.c	\
+			   $(PLAT_COMMON_PATH)/tbbr/csf_tbbr.c
+    # IMG PARSER here is CSF header parser
+    include $(PLAT_DRIVERS_PATH)/auth/csf_hdr_parser/csf_hdr.mk
+    PLAT_TBBR_SOURCES 	+=	$(CSF_HDR_SOURCES)
+
+    SCP_BL2_PRE_TOOL_FILTER	:= CST_SCP_BL2
+    BL31_PRE_TOOL_FILTER	:= CST_BL31
+    BL32_PRE_TOOL_FILTER	:= CST_BL32
+    BL33_PRE_TOOL_FILTER	:= CST_BL33
+else
+
+    ifeq (${DISABLE_FUSE_WRITE}, 1)
+        $(eval $(call add_define,DISABLE_FUSE_WRITE))
+    endif
+
+    # For Mbedtls currently crypto is not supported via CAAM
+    # enable it when that support is there
+    CAAM_INTEG		:= 0
+    KEY_ALG		:= rsa
+    KEY_SIZE		:= 2048
+
+    $(eval $(call add_define,MBEDTLS_X509))
+    ifeq (${PLAT_DDR_PHY},PHY_GEN2)
+        $(eval $(call add_define,PLAT_DEF_OID))
+    endif
+    include drivers/auth/mbedtls/mbedtls_x509.mk
+
+
+    PLAT_TBBR_SOURCES	+= $(PLAT_AUTH_PATH)/tbbr/tbbr_cot.c \
+			   $(PLAT_COMMON_PATH)/tbbr/nxp_rotpk.S \
+			   $(PLAT_COMMON_PATH)/tbbr/x509_tbbr.c
+
+    #ROTPK key is embedded in BL2 image
+    ifeq (${ROT_KEY},)
+	ROT_KEY		= $(BUILD_PLAT)/rot_key.pem
+    endif
+
+    ifeq (${SAVE_KEYS},1)
+
+        ifeq (${TRUSTED_WORLD_KEY},)
+            TRUSTED_WORLD_KEY = ${BUILD_PLAT}/trusted.pem
+        endif
+
+        ifeq (${NON_TRUSTED_WORLD_KEY},)
+            NON_TRUSTED_WORLD_KEY = ${BUILD_PLAT}/non-trusted.pem
+        endif
+
+        ifeq (${BL31_KEY},)
+            BL31_KEY = ${BUILD_PLAT}/soc.pem
+        endif
+
+        ifeq (${BL32_KEY},)
+            BL32_KEY = ${BUILD_PLAT}/trusted_os.pem
+        endif
+
+        ifeq (${BL33_KEY},)
+            BL33_KEY = ${BUILD_PLAT}/non-trusted_os.pem
+        endif
+
+    endif
+
+    ROTPK_HASH		= $(BUILD_PLAT)/rotpk_sha256.bin
+
+    $(eval $(call add_define_val,ROTPK_HASH,'"$(ROTPK_HASH)"'))
+
+    $(BUILD_PLAT)/bl2/nxp_rotpk.o: $(ROTPK_HASH)
+
+    certificates: $(ROT_KEY)
+    $(ROT_KEY): | $(BUILD_PLAT)
+	@echo "  OPENSSL $@"
+	@if [ ! -f $(ROT_KEY) ]; then \
+		${OPENSSL_BIN_PATH}/openssl genrsa 2048 > $@ 2>/dev/null; \
+	fi
+
+    $(ROTPK_HASH): $(ROT_KEY)
+	@echo "  OPENSSL $@"
+	$(Q)${OPENSSL_BIN_PATH}/openssl rsa -in $< -pubout -outform DER 2>/dev/null |\
+	${OPENSSL_BIN_PATH}/openssl dgst -sha256 -binary > $@ 2>/dev/null
+
+endif #MBEDTLS_DIR
+
+PLAT_INCLUDES		+=	-Iinclude/common/tbbr
+
+# Generic files for authentication framework
+TBBR_SOURCES		+=	drivers/auth/auth_mod.c		\
+				drivers/auth/crypto_mod.c	\
+				drivers/auth/img_parser_mod.c	\
+				plat/common/tbbr/plat_tbbr.c	\
+				${PLAT_TBBR_SOURCES}
+
+# If CAAM_INTEG is not defined (would be scenario with MBED TLS)
+# include mbedtls_crypto
+ifeq (${CAAM_INTEG},0)
+    include drivers/auth/mbedtls/mbedtls_crypto.mk
+else
+    include $(PLAT_DRIVERS_PATH)/crypto/caam/src/auth/auth.mk
+    TBBR_SOURCES	+= ${AUTH_SOURCES}
+endif
-- 
cgit v1.2.3