X-Git-Url: http://git.openwrt.org/?a=blobdiff_plain;f=Makefile;h=fa7fb8c68b726ef8e6eb05c7e6607913c928bd38;hb=HEAD;hp=976f514dda3200a220841572fff36fa70c0fc207;hpb=ced1711297347f24fee45e75e73c7767507a0982;p=project%2Fbcm63xx%2Fatf.git diff --git a/Makefile b/Makefile index 976f514d..fa7fb8c6 100644 --- a/Makefile +++ b/Makefile @@ -8,7 +8,7 @@ # Trusted Firmware Version # VERSION_MAJOR := 2 -VERSION_MINOR := 1 +VERSION_MINOR := 2 # Default goal is build all images .DEFAULT_GOAL := all @@ -117,6 +117,38 @@ ifneq (${GENERATE_COT},0) FWU_FIP_DEPS += fwu_certificates endif +# Process BRANCH_PROTECTION value and set +# Pointer Authentication and Branch Target Identification flags +ifeq (${BRANCH_PROTECTION},0) + # Default value turns off all types of branch protection + BP_OPTION := none +else ifneq (${ARCH},aarch64) + $(error BRANCH_PROTECTION requires AArch64) +else ifeq (${BRANCH_PROTECTION},1) + # Enables all types of branch protection features + BP_OPTION := standard + ENABLE_BTI := 1 + ENABLE_PAUTH := 1 +else ifeq (${BRANCH_PROTECTION},2) + # Return address signing to its standard level + BP_OPTION := pac-ret + ENABLE_PAUTH := 1 +else ifeq (${BRANCH_PROTECTION},3) + # Extend the signing to include leaf functions + BP_OPTION := pac-ret+leaf + ENABLE_PAUTH := 1 +else + $(error Unknown BRANCH_PROTECTION value ${BRANCH_PROTECTION}) +endif + +# USE_SPINLOCK_CAS requires AArch64 build +ifeq (${USE_SPINLOCK_CAS},1) +ifneq (${ARCH},aarch64) + $(error USE_SPINLOCK_CAS requires AArch64) +else + $(info USE_SPINLOCK_CAS is an experimental feature) +endif +endif ################################################################################ # Toolchain @@ -189,27 +221,27 @@ endif TF_CFLAGS_aarch32 += -mno-unaligned-access TF_CFLAGS_aarch64 += -mgeneral-regs-only -mstrict-align +ifneq (${BP_OPTION},none) +TF_CFLAGS_aarch64 += -mbranch-protection=${BP_OPTION} +endif + ASFLAGS_aarch32 = $(march32-directive) ASFLAGS_aarch64 = $(march64-directive) WARNING1 := -Wextra -WARNING1 += -Wunused -Wno-unused-parameter WARNING1 += -Wmissing-declarations WARNING1 += -Wmissing-format-attribute WARNING1 += -Wmissing-prototypes WARNING1 += -Wold-style-definition -WARNING1 += -Wunused-but-set-variable WARNING1 += -Wunused-const-variable WARNING2 := -Waggregate-return WARNING2 += -Wcast-align -WARNING2 += -Wdisabled-optimization WARNING2 += -Wnested-externs WARNING2 += -Wshadow WARNING2 += -Wlogical-op WARNING2 += -Wmissing-field-initializers WARNING2 += -Wsign-compare -WARNING2 += -Wmaybe-uninitialized WARNING3 := -Wbad-function-cast WARNING3 += -Wcast-qual @@ -219,8 +251,6 @@ WARNING3 += -Wpadded WARNING3 += -Wpointer-arith WARNING3 += -Wredundant-decls WARNING3 += -Wswitch-default -WARNING3 += -Wpacked-bitfield-compat -WARNING3 += -Wvla ifeq (${W},1) WARNINGS := $(WARNING1) @@ -230,6 +260,22 @@ else ifeq (${W},3) WARNINGS := $(WARNING1) $(WARNING2) $(WARNING3) endif +WARNINGS += -Wunused -Wno-unused-parameter \ + -Wdisabled-optimization \ + -Wvla + +ifeq ($(findstring clang,$(notdir $(CC))),) +# not using clang +WARNINGS += -Wunused-but-set-variable \ + -Wmaybe-uninitialized \ + -Wpacked-bitfield-compat +# BRCM_PATCH: Conflicts with toolchain +# -Wshift-overflow=2 +else +# using clang +WARNINGS += -Wshift-overflow -Wshift-sign-overflow +endif + ifneq (${E},0) ERRORS := -Werror endif @@ -237,11 +283,24 @@ endif CPPFLAGS = ${DEFINES} ${INCLUDES} ${MBEDTLS_INC} -nostdinc \ -Wmissing-include-dirs $(ERRORS) $(WARNINGS) ASFLAGS += $(CPPFLAGS) $(ASFLAGS_$(ARCH)) \ - -D__ASSEMBLY__ -ffreestanding \ - -Wa,--fatal-warnings + -ffreestanding -Wa,--fatal-warnings +# BRCM_PATCH: Code optimization for Cortex-A9 brings instability +ifeq ($(strip $(BRCM_CHIP)),63138) +TF_CFLAGS += $(CPPFLAGS) $(TF_CFLAGS_$(ARCH)) \ + -ffreestanding -fno-builtin -Wall -std=gnu99 \ + -O0 -ffunction-sections -fdata-sections +else TF_CFLAGS += $(CPPFLAGS) $(TF_CFLAGS_$(ARCH)) \ -ffreestanding -fno-builtin -Wall -std=gnu99 \ -Os -ffunction-sections -fdata-sections +endif +ifeq (${SANITIZE_UB},on) +TF_CFLAGS += -fsanitize=undefined -fno-sanitize-recover +endif +ifeq (${SANITIZE_UB},trap) +TF_CFLAGS += -fsanitize=undefined -fno-sanitize-recover \ + -fsanitize-undefined-trap-on-error +endif GCC_V_OUTPUT := $(shell $(CC) -v 2>&1) @@ -278,6 +337,10 @@ ifeq ($(notdir $(CC)),armclang) BL_COMMON_SOURCES += lib/${ARCH}/armclang_printf.S endif +ifeq (${SANITIZE_UB},on) +BL_COMMON_SOURCES += plat/common/ubsan.c +endif + INCLUDES += -Iinclude \ -Iinclude/arch/${ARCH} \ -Iinclude/lib/cpus/${ARCH} \ @@ -308,7 +371,7 @@ INCLUDE_TBBR_MK := 1 ifneq (${SPD},none) ifeq (${ARCH},aarch32) - $(error "Error: SPD is incompatible with AArch32.") +# $(error "Error: SPD is incompatible with AArch32.") endif ifdef EL3_PAYLOAD_BASE $(warning "SPD and EL3_PAYLOAD_BASE are incompatible build options.") @@ -451,23 +514,35 @@ ifeq ($(DYN_DISABLE_AUTH), 1) endif # If pointer authentication is used in the firmware, make sure that all the -# registers associated to it are also saved and restored. Not doing it would -# leak the value of the key used by EL3 to EL1 and S-EL1. +# registers associated to it are also saved and restored. +# Not doing it would leak the value of the keys used by EL3 to EL1 and S-EL1. ifeq ($(ENABLE_PAUTH),1) - ifneq ($(ARCH),aarch64) - $(error ENABLE_PAUTH=1 requires AArch64) - else ifeq ($(CTX_INCLUDE_PAUTH_REGS),0) - $(error ENABLE_PAUTH=1 requires CTX_INCLUDE_PAUTH_REGS=1) + ifeq ($(CTX_INCLUDE_PAUTH_REGS),0) + $(error Pointer Authentication requires CTX_INCLUDE_PAUTH_REGS=1) + endif +endif + +ifeq ($(CTX_INCLUDE_PAUTH_REGS),1) + ifneq (${ARCH},aarch64) + $(error CTX_INCLUDE_PAUTH_REGS requires AArch64) else - $(info ENABLE_PAUTH and CTX_INCLUDE_PAUTH_REGS are experimental features) + $(info CTX_INCLUDE_PAUTH_REGS is an experimental feature) endif -else - ifeq ($(CTX_INCLUDE_PAUTH_REGS),1) - ifneq ($(ARCH),aarch64) - $(error CTX_INCLUDE_PAUTH_REGS=1 requires AArch64) - else - $(info CTX_INCLUDE_PAUTH_REGS is an experimental feature) - endif +endif + +ifeq ($(ENABLE_PAUTH),1) + $(info Pointer Authentication is an experimental feature) +endif + +ifeq ($(ENABLE_BTI),1) + $(info Branch Protection is an experimental feature) +endif + +ifeq ($(CTX_INCLUDE_MTE_REGS),1) + ifneq (${ARCH},aarch64) + $(error CTX_INCLUDE_MTE_REGS requires AArch64) + else + $(info CTX_INCLUDE_MTE_REGS is an experimental feature) endif endif @@ -475,9 +550,8 @@ endif # Process platform overrideable behaviour ################################################################################ -# Using the ARM Trusted Firmware BL2 implies that a BL33 image also needs to be -# supplied for the FIP and Certificate generation tools. This flag can be -# overridden by the platform. +# Using BL2 implies that a BL33 image also needs to be supplied for the FIP and +# Certificate generation tools. This flag can be overridden by the platform. ifdef BL2_SOURCES ifdef EL3_PAYLOAD_BASE # If booting an EL3 payload there is no need for a BL33 image @@ -593,13 +667,13 @@ $(eval $(call assert_boolean,CREATE_KEYS)) $(eval $(call assert_boolean,CTX_INCLUDE_AARCH32_REGS)) $(eval $(call assert_boolean,CTX_INCLUDE_FPREGS)) $(eval $(call assert_boolean,CTX_INCLUDE_PAUTH_REGS)) +$(eval $(call assert_boolean,CTX_INCLUDE_MTE_REGS)) $(eval $(call assert_boolean,DEBUG)) $(eval $(call assert_boolean,DYN_DISABLE_AUTH)) $(eval $(call assert_boolean,EL3_EXCEPTION_HANDLING)) $(eval $(call assert_boolean,ENABLE_AMU)) $(eval $(call assert_boolean,ENABLE_ASSERTIONS)) $(eval $(call assert_boolean,ENABLE_MPAM_FOR_LOWER_ELS)) -$(eval $(call assert_boolean,ENABLE_PAUTH)) $(eval $(call assert_boolean,ENABLE_PIE)) $(eval $(call assert_boolean,ENABLE_PMF)) $(eval $(call assert_boolean,ENABLE_PSCI_STAT)) @@ -613,7 +687,6 @@ $(eval $(call assert_boolean,GENERATE_COT)) $(eval $(call assert_boolean,GICV2_G0_FOR_EL3)) $(eval $(call assert_boolean,HANDLE_EA_EL3_FIRST)) $(eval $(call assert_boolean,HW_ASSISTED_COHERENCY)) -$(eval $(call assert_boolean,MULTI_CONSOLE_API)) $(eval $(call assert_boolean,NS_TIMER_SWITCH)) $(eval $(call assert_boolean,OVERRIDE_LIBC)) $(eval $(call assert_boolean,PL011_GENERIC_UART)) @@ -632,16 +705,29 @@ $(eval $(call assert_boolean,USE_TBBR_DEFS)) $(eval $(call assert_boolean,WARMBOOT_ENABLE_DCACHE_EARLY)) $(eval $(call assert_boolean,BL2_AT_EL3)) $(eval $(call assert_boolean,BL2_IN_XIP_MEM)) +$(eval $(call assert_boolean,BL2_INV_DCACHE)) +$(eval $(call assert_boolean,USE_SPINLOCK_CAS)) $(eval $(call assert_numeric,ARM_ARCH_MAJOR)) $(eval $(call assert_numeric,ARM_ARCH_MINOR)) +$(eval $(call assert_numeric,BRANCH_PROTECTION)) + +ifdef KEY_SIZE + $(eval $(call assert_numeric,KEY_SIZE)) +endif + +ifeq ($(filter $(SANITIZE_UB), on off trap),) + $(error "Invalid value for SANITIZE_UB: can be one of on, off, trap") +endif ################################################################################ # Add definitions to the cpp preprocessor based on the current build options. # This is done after including the platform specific makefile to allow the # platform to overwrite the default options ################################################################################ - +# BRCM_PATCH: Need to add Broadcom SoC specific platform profiles +$(eval $(call add_define,PLATFORM_FLAVOR_${BRCM_CHIP})) +$(eval $(call add_define,_BCM9${BRCM_CHIP}_)) $(eval $(call add_define,ARM_ARCH_MAJOR)) $(eval $(call add_define,ARM_ARCH_MINOR)) $(eval $(call add_define,COLD_BOOT_SINGLE_CPU)) @@ -649,8 +735,10 @@ $(eval $(call add_define,CTX_INCLUDE_AARCH32_REGS)) $(eval $(call add_define,CTX_INCLUDE_FPREGS)) $(eval $(call add_define,CTX_INCLUDE_PAUTH_REGS)) $(eval $(call add_define,EL3_EXCEPTION_HANDLING)) +$(eval $(call add_define,CTX_INCLUDE_MTE_REGS)) $(eval $(call add_define,ENABLE_AMU)) $(eval $(call add_define,ENABLE_ASSERTIONS)) +$(eval $(call add_define,ENABLE_BTI)) $(eval $(call add_define,ENABLE_MPAM_FOR_LOWER_ELS)) $(eval $(call add_define,ENABLE_PAUTH)) $(eval $(call add_define,ENABLE_PIE)) @@ -666,7 +754,6 @@ $(eval $(call add_define,GICV2_G0_FOR_EL3)) $(eval $(call add_define,HANDLE_EA_EL3_FIRST)) $(eval $(call add_define,HW_ASSISTED_COHERENCY)) $(eval $(call add_define,LOG_LEVEL)) -$(eval $(call add_define,MULTI_CONSOLE_API)) $(eval $(call add_define,NS_TIMER_SWITCH)) $(eval $(call add_define,PL011_GENERIC_UART)) $(eval $(call add_define,PLAT_${PLAT})) @@ -686,6 +773,12 @@ $(eval $(call add_define,USE_TBBR_DEFS)) $(eval $(call add_define,WARMBOOT_ENABLE_DCACHE_EARLY)) $(eval $(call add_define,BL2_AT_EL3)) $(eval $(call add_define,BL2_IN_XIP_MEM)) +$(eval $(call add_define,BL2_INV_DCACHE)) +$(eval $(call add_define,USE_SPINLOCK_CAS)) + +ifeq (${SANITIZE_UB},trap) + $(eval $(call add_define,MONITOR_TRAPS)) +endif # Define the EL3_PAYLOAD_BASE flag only if it is provided. ifdef EL3_PAYLOAD_BASE @@ -697,12 +790,6 @@ else $(eval $(call add_define,PRELOADED_BL33_BASE)) endif endif -# Define the AARCH32/AARCH64 flag based on the ARCH flag -ifeq (${ARCH},aarch32) - $(eval $(call add_define,AARCH32)) -else - $(eval $(call add_define,AARCH64)) -endif # Define the DYN_DISABLE_AUTH flag only if set. ifeq (${DYN_DISABLE_AUTH},1) @@ -725,14 +812,22 @@ all: msg_start msg_start: @echo "Building ${PLAT}" -# Check if deprecated declarations and cpp warnings should be treated as error or not. ifeq (${ERROR_DEPRECATED},0) +# Check if deprecated declarations and cpp warnings should be treated as error or not. ifneq ($(findstring clang,$(notdir $(CC))),) CPPFLAGS += -Wno-error=deprecated-declarations else CPPFLAGS += -Wno-error=deprecated-declarations -Wno-error=cpp endif +# __ASSEMBLY__ is deprecated in favor of the compiler-builtin __ASSEMBLER__. +ASFLAGS += -D__ASSEMBLY__ +# AARCH32/AARCH64 macros are deprecated in favor of the compiler-builtin __aarch64__. +ifeq (${ARCH},aarch32) + $(eval $(call add_define,AARCH32)) +else + $(eval $(call add_define,AARCH64)) endif +endif # !ERROR_DEPRECATED $(eval $(call MAKE_LIB_DIRS)) $(eval $(call MAKE_LIB,c)) @@ -901,7 +996,7 @@ ${SPTOOL}: .PHONY: libraries romlib.bin: libraries - ${Q}${MAKE} PLAT_DIR=${PLAT_DIR} BUILD_PLAT=${BUILD_PLAT} INCLUDES='${INCLUDES}' DEFINES='${DEFINES}' --no-print-directory -C ${ROMLIBPATH} all + ${Q}${MAKE} PLAT_DIR=${PLAT_DIR} BUILD_PLAT=${BUILD_PLAT} ENABLE_BTI=${ENABLE_BTI} ARM_ARCH_MINOR=${ARM_ARCH_MINOR} INCLUDES='${INCLUDES}' DEFINES='${DEFINES}' --no-print-directory -C ${ROMLIBPATH} all cscope: @echo " CSCOPE" @@ -909,11 +1004,13 @@ cscope: ${Q}cscope -b -q -k help: - @echo "usage: ${MAKE} PLAT=<${PLATFORM_LIST}> [OPTIONS] [TARGET]" + @echo "usage: ${MAKE} [PLAT=] [OPTIONS] [TARGET]" @echo "" @echo "PLAT is used to specify which platform you wish to build." @echo "If no platform is specified, PLAT defaults to: ${DEFAULT_PLAT}" @echo "" + @echo "platform = ${PLATFORM_LIST}" + @echo "" @echo "Please refer to the User Guide for a list of all supported options." @echo "Note that the build system doesn't track dependencies for build " @echo "options. Therefore, if any of the build options are changed "