1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
|
#
# Copyright 2020-2022 NXP
#
# SPDX-License-Identifier: BSD-3-Clause
#
# For TRUSTED_BOARD_BOOT platforms need to include this makefile
# Following definations are to be provided by platform.mk file or
# by user - BL33_INPUT_FILE, BL32_INPUT_FILE, BL31_INPUT_FILE
ifeq ($(CHASSIS), 2)
include $(PLAT_DRIVERS_PATH)/csu/csu.mk
CSF_FILE := input_blx_ch${CHASSIS}
BL2_CSF_FILE := input_bl2_ch${CHASSIS}
else
ifeq ($(CHASSIS), 3)
CSF_FILE := input_blx_ch${CHASSIS}
BL2_CSF_FILE := input_bl2_ch${CHASSIS}
PBI_CSF_FILE := input_pbi_ch${CHASSIS}
$(eval $(call add_define, CSF_HDR_CH3))
else
ifeq ($(CHASSIS), 3_2)
CSF_FILE := input_blx_ch3
BL2_CSF_FILE := input_bl2_ch${CHASSIS}
PBI_CSF_FILE := input_pbi_ch${CHASSIS}
$(eval $(call add_define, CSF_HDR_CH3))
else
$(error -> CHASSIS not set!)
endif
endif
endif
PLAT_AUTH_PATH := $(PLAT_DRIVERS_PATH)/auth
ifeq (${BL2_INPUT_FILE},)
BL2_INPUT_FILE := $(PLAT_AUTH_PATH)/csf_hdr_parser/${BL2_CSF_FILE}
endif
ifeq (${PBI_INPUT_FILE},)
PBI_INPUT_FILE := $(PLAT_AUTH_PATH)/csf_hdr_parser/${PBI_CSF_FILE}
endif
# If MBEDTLS_DIR is not specified, use CSF Header option
ifeq (${MBEDTLS_DIR},)
# Generic image processing filters to prepend CSF header
ifeq (${BL33_INPUT_FILE},)
BL33_INPUT_FILE := $(PLAT_AUTH_PATH)/csf_hdr_parser/${CSF_FILE}
endif
ifeq (${BL31_INPUT_FILE},)
BL31_INPUT_FILE := $(PLAT_AUTH_PATH)/csf_hdr_parser/${CSF_FILE}
endif
ifeq (${BL32_INPUT_FILE},)
BL32_INPUT_FILE := $(PLAT_AUTH_PATH)/csf_hdr_parser/${CSF_FILE}
endif
ifeq (${FUSE_INPUT_FILE},)
FUSE_INPUT_FILE := $(PLAT_AUTH_PATH)/csf_hdr_parser/${CSF_FILE}
endif
PLAT_INCLUDES += -I$(PLAT_DRIVERS_PATH)/sfp
PLAT_TBBR_SOURCES += $(PLAT_AUTH_PATH)/csf_hdr_parser/cot.c \
$(PLAT_COMMON_PATH)/tbbr/csf_tbbr.c
# IMG PARSER here is CSF header parser
include $(PLAT_DRIVERS_PATH)/auth/csf_hdr_parser/csf_hdr.mk
PLAT_TBBR_SOURCES += $(CSF_HDR_SOURCES)
SCP_BL2_PRE_TOOL_FILTER := CST_SCP_BL2
BL31_PRE_TOOL_FILTER := CST_BL31
BL32_PRE_TOOL_FILTER := CST_BL32
BL33_PRE_TOOL_FILTER := CST_BL33
else
ifeq (${DISABLE_FUSE_WRITE}, 1)
$(eval $(call add_define,DISABLE_FUSE_WRITE))
endif
# For Mbedtls currently crypto is not supported via CAAM
# enable it when that support is there
CAAM_INTEG := 0
KEY_ALG := rsa
KEY_SIZE := 2048
$(eval $(call add_define,MBEDTLS_X509))
ifeq (${PLAT_DDR_PHY},PHY_GEN2)
$(eval $(call add_define,PLAT_DEF_OID))
endif
include drivers/auth/mbedtls/mbedtls_x509.mk
PLAT_TBBR_SOURCES += $(PLAT_AUTH_PATH)/tbbr/tbbr_cot.c \
$(PLAT_COMMON_PATH)/tbbr/nxp_rotpk.S \
$(PLAT_COMMON_PATH)/tbbr/x509_tbbr.c
#ROTPK key is embedded in BL2 image
ifeq (${ROT_KEY},)
ROT_KEY = $(BUILD_PLAT)/rot_key.pem
endif
ifeq (${SAVE_KEYS},1)
ifeq (${TRUSTED_WORLD_KEY},)
TRUSTED_WORLD_KEY = ${BUILD_PLAT}/trusted.pem
endif
ifeq (${NON_TRUSTED_WORLD_KEY},)
NON_TRUSTED_WORLD_KEY = ${BUILD_PLAT}/non-trusted.pem
endif
ifeq (${BL31_KEY},)
BL31_KEY = ${BUILD_PLAT}/soc.pem
endif
ifeq (${BL32_KEY},)
BL32_KEY = ${BUILD_PLAT}/trusted_os.pem
endif
ifeq (${BL33_KEY},)
BL33_KEY = ${BUILD_PLAT}/non-trusted_os.pem
endif
endif
ROTPK_HASH = $(BUILD_PLAT)/rotpk_sha256.bin
$(eval $(call add_define_val,ROTPK_HASH,'"$(ROTPK_HASH)"'))
$(BUILD_PLAT)/bl2/nxp_rotpk.o: $(ROTPK_HASH)
certificates: $(ROT_KEY)
$(ROT_KEY): | $(BUILD_PLAT)
@echo " OPENSSL $@"
@if [ ! -f $(ROT_KEY) ]; then \
${OPENSSL_BIN_PATH}/openssl genrsa 2048 > $@ 2>/dev/null; \
fi
$(ROTPK_HASH): $(ROT_KEY)
@echo " OPENSSL $@"
$(Q)${OPENSSL_BIN_PATH}/openssl rsa -in $< -pubout -outform DER 2>/dev/null |\
${OPENSSL_BIN_PATH}/openssl dgst -sha256 -binary > $@ 2>/dev/null
endif #MBEDTLS_DIR
PLAT_INCLUDES += -Iinclude/common/tbbr
# Generic files for authentication framework
TBBR_SOURCES += drivers/auth/auth_mod.c \
drivers/auth/crypto_mod.c \
drivers/auth/img_parser_mod.c \
plat/common/tbbr/plat_tbbr.c \
${PLAT_TBBR_SOURCES}
# If CAAM_INTEG is not defined (would be scenario with MBED TLS)
# include mbedtls_crypto
ifeq (${CAAM_INTEG},0)
include drivers/auth/mbedtls/mbedtls_crypto.mk
else
include $(PLAT_DRIVERS_PATH)/crypto/caam/src/auth/auth.mk
TBBR_SOURCES += ${AUTH_SOURCES}
endif
|
