aboutsummaryrefslogtreecommitdiffstats
path: root/make_helpers
diff options
context:
space:
mode:
Diffstat (limited to 'make_helpers')
-rw-r--r--make_helpers/armv7-a-cpus.mk11
-rw-r--r--make_helpers/build_macros.mk123
-rw-r--r--make_helpers/defaults.mk88
-rw-r--r--make_helpers/tbbr/tbbr_tools.mk17
-rw-r--r--make_helpers/windows.mk4
5 files changed, 213 insertions, 30 deletions
diff --git a/make_helpers/armv7-a-cpus.mk b/make_helpers/armv7-a-cpus.mk
index 5571ab0f7..eec85cc1e 100644
--- a/make_helpers/armv7-a-cpus.mk
+++ b/make_helpers/armv7-a-cpus.mk
@@ -44,10 +44,13 @@ endif
# Defined if ARMv7 core supports the Generic Timer extension.
ifeq ($(filter yes,$(ARM_CORTEX_A7) $(ARM_CORTEX_A12) $(ARM_CORTEX_A15) $(ARM_CORTEX_A17)),yes)
-$(eval $(call add_define,ARMV7_SUPPORTS_LARGE_PAGE_ADDRESSING))
-$(eval $(call add_define,ARMV7_SUPPORTS_VIRTUALIZATION))
-$(eval $(call add_define,ARMV7_SUPPORTS_GENERIC_TIMER))
-$(eval $(call add_define,ARMV7_SUPPORTS_VFP))
+$(eval $(call add_defines,\
+ $(sort \
+ ARMV7_SUPPORTS_LARGE_PAGE_ADDRESSING \
+ ARMV7_SUPPORTS_VIRTUALIZATION \
+ ARMV7_SUPPORTS_GENERIC_TIMER \
+ ARMV7_SUPPORTS_VFP \
+)))
endif
ifeq ($(ARM_CORTEX_A5),yes)
diff --git a/make_helpers/build_macros.mk b/make_helpers/build_macros.mk
index 1fa26cc2b..86550288c 100644
--- a/make_helpers/build_macros.mk
+++ b/make_helpers/build_macros.mk
@@ -44,6 +44,13 @@ define add_define
DEFINES += -D$(1)$(if $(value $(1)),=$(value $(1)),)
endef
+
+# Convenience function for addding multiple build definitions
+# $(eval $(call add_defines,FOO BOO))
+define add_defines
+ $(foreach def,$1,$(eval $(call add_define,$(def))))
+endef
+
# Convenience function for adding build definitions
# $(eval $(call add_define_val,FOO,BAR)) will have:
# -DFOO=BAR
@@ -57,6 +64,12 @@ define assert_boolean
$(if $(filter-out 0 1,$($1)),$(error $1 must be boolean))
endef
+# Convenience function for verifying options have boolean values
+# $(eval $(call assert_booleans,FOO BOO)) will assert FOO and BOO for 0 or 1 values
+define assert_booleans
+ $(foreach bool,$1,$(eval $(call assert_boolean,$(bool))))
+endef
+
0-9 := 0 1 2 3 4 5 6 7 8 9
# Function to verify that a given option $(1) contains a numeric value
@@ -67,37 +80,70 @@ $(foreach d,$(0-9),$(eval __numeric := $(subst $(d),,$(__numeric))))
$(if $(__numeric),$(error $(1) must be numeric))
endef
+# Convenience function for verifying options have numeric values
+# $(eval $(call assert_numerics,FOO BOO)) will assert FOO and BOO contain numeric values
+define assert_numerics
+ $(foreach num,$1,$(eval $(call assert_numeric,$(num))))
+endef
+
+# CREATE_SEQ is a recursive function to create sequence of numbers from 1 to
+# $(2) and assign the sequence to $(1)
+define CREATE_SEQ
+$(if $(word $(2), $($(1))),\
+ $(eval $(1) += $(words $($(1))))\
+ $(eval $(1) := $(filter-out 0,$($(1)))),\
+ $(eval $(1) += $(words $($(1))))\
+ $(call CREATE_SEQ,$(1),$(2))\
+)
+endef
+
# IMG_LINKERFILE defines the linker script corresponding to a BL stage
-# $(1) = BL stage (2, 30, 31, 32, 33)
+# $(1) = BL stage (1, 2, 2u, 31, 32)
define IMG_LINKERFILE
${BUILD_DIR}/bl$(1).ld
endef
# IMG_MAPFILE defines the output file describing the memory map corresponding
# to a BL stage
-# $(1) = BL stage (2, 30, 31, 32, 33)
+# $(1) = BL stage (1, 2, 2u, 31, 32)
define IMG_MAPFILE
${BUILD_DIR}/bl$(1).map
endef
# IMG_ELF defines the elf file corresponding to a BL stage
-# $(1) = BL stage (2, 30, 31, 32, 33)
+# $(1) = BL stage (1, 2, 2u, 31, 32)
define IMG_ELF
${BUILD_DIR}/bl$(1).elf
endef
# IMG_DUMP defines the symbols dump file corresponding to a BL stage
-# $(1) = BL stage (2, 30, 31, 32, 33)
+# $(1) = BL stage (1, 2, 2u, 31, 32)
define IMG_DUMP
${BUILD_DIR}/bl$(1).dump
endef
# IMG_BIN defines the default image file corresponding to a BL stage
-# $(1) = BL stage (2, 30, 31, 32, 33)
+# $(1) = BL stage (1, 2, 2u, 31, 32)
define IMG_BIN
${BUILD_PLAT}/bl$(1).bin
endef
+# IMG_ENC_BIN defines the default encrypted image file corresponding to a
+# BL stage
+# $(1) = BL stage (2, 30, 31, 32, 33)
+define IMG_ENC_BIN
+ ${BUILD_PLAT}/bl$(1)_enc.bin
+endef
+
+# ENCRYPT_FW invokes enctool to encrypt firmware binary
+# $(1) = input firmware binary
+# $(2) = output encrypted firmware binary
+define ENCRYPT_FW
+$(2): $(1) enctool
+ $$(ECHO) " ENC $$<"
+ $$(Q)$$(ENCTOOL) $$(ENC_ARGS) -i $$< -o $$@
+endef
+
# TOOL_ADD_PAYLOAD appends the command line arguments required by fiptool to
# package a new payload and/or by cert_create to generate certificate.
# Optionally, it adds the dependency on this payload
@@ -105,11 +151,17 @@ endef
# $(2) = command line option for the specified payload (i.e. --soc-fw)
# $(3) = tool target dependency (optional) (ex. build/fvp/release/bl31.bin)
# $(4) = FIP prefix (optional) (if FWU_, target is fwu_fip instead of fip)
+# $(5) = encrypted payload (optional) (ex. build/fvp/release/bl31_enc.bin)
define TOOL_ADD_PAYLOAD
+ifneq ($(5),)
+ $(4)FIP_ARGS += $(2) $(5)
+ $(if $(3),$(4)CRT_DEPS += $(1))
+else
$(4)FIP_ARGS += $(2) $(1)
+ $(if $(3),$(4)CRT_DEPS += $(3))
+endif
$(if $(3),$(4)FIP_DEPS += $(3))
$(4)CRT_ARGS += $(2) $(1)
- $(if $(3),$(4)CRT_DEPS += $(3))
endef
# TOOL_ADD_IMG_PAYLOAD works like TOOL_ADD_PAYLOAD, but applies image filters
@@ -119,6 +171,7 @@ endef
# $(3) = command line option for the specified payload (ex. --soc-fw)
# $(4) = tool target dependency (optional) (ex. build/fvp/release/bl31.bin)
# $(5) = FIP prefix (optional) (if FWU_, target is fwu_fip instead of fip)
+# $(6) = encrypted payload (optional) (ex. build/fvp/release/bl31_enc.bin)
define TOOL_ADD_IMG_PAYLOAD
@@ -132,10 +185,10 @@ $(call $(PRE_TOOL_FILTER)_RULE,$(PROCESSED_PATH),$(2))
$(PROCESSED_PATH): $(4)
-$(call TOOL_ADD_PAYLOAD,$(PROCESSED_PATH),$(3),$(PROCESSED_PATH),$(5))
+$(call TOOL_ADD_PAYLOAD,$(PROCESSED_PATH),$(3),$(PROCESSED_PATH),$(5),$(6))
else
-$(call TOOL_ADD_PAYLOAD,$(2),$(3),$(4),$(5))
+$(call TOOL_ADD_PAYLOAD,$(2),$(3),$(4),$(5),$(6))
endif
endef
@@ -153,6 +206,7 @@ endef
# $(1) = image_type (scp_bl2, bl33, etc.)
# $(2) = command line option for fiptool (--scp-fw, --nt-fw, etc)
# $(3) = FIP prefix (optional) (if FWU_, target is fwu_fip instead of fip)
+# $(4) = Image encryption flag (optional) (0, 1)
# Example:
# $(eval $(call TOOL_ADD_IMG,bl33,--nt-fw))
define TOOL_ADD_IMG
@@ -160,14 +214,28 @@ define TOOL_ADD_IMG
# This is the uppercase form of the first parameter
$(eval _V := $(call uppercase,$(1)))
+ # $(check_$(1)_cmd) variable is executed in the check_$(1) target and also
+ # is put into the ${CHECK_$(3)FIP_CMD} variable which is executed by the
+ # target ${BUILD_PLAT}/${$(3)FIP_NAME}.
+ $(eval check_$(1)_cmd := \
+ $(if $(value $(_V)),,$$$$(error "Platform '${PLAT}' requires $(_V). Please set $(_V) to point to the right file")) \
+ $(if $(wildcard $(value $(_V))),,$$$$(error '$(_V)=$(value $(_V))' was specified, but '$(value $(_V))' does not exist)) \
+ )
+
$(3)CRT_DEPS += check_$(1)
- $(3)FIP_DEPS += check_$(1)
- $(call TOOL_ADD_IMG_PAYLOAD,$(1),$(value $(_V)),$(2),,$(3))
+ CHECK_$(3)FIP_CMD += $$(check_$(1)_cmd)
+ifeq ($(4),1)
+ $(eval ENC_BIN := ${BUILD_PLAT}/$(1)_enc.bin)
+ $(call ENCRYPT_FW,$(value $(_V)),$(ENC_BIN))
+ $(call TOOL_ADD_IMG_PAYLOAD,$(1),$(value $(_V)),$(2),$(ENC_BIN),$(3), \
+ $(ENC_BIN))
+else
+ $(call TOOL_ADD_IMG_PAYLOAD,$(1),$(value $(_V)),$(2),$(if $(wildcard $(value $(_V))),$(value $(_V)),FORCE),$(3))
+endif
.PHONY: check_$(1)
check_$(1):
- $$(if $(value $(_V)),,$$(error "Platform '${PLAT}' requires $(_V). Please set $(_V) to point to the right file"))
- $$(if $(wildcard $(value $(_V))),,$$(error '$(_V)=$(value $(_V))' was specified, but '$(value $(_V))' does not exist))
+ $(check_$(1)_cmd)
endef
################################################################################
@@ -226,17 +294,17 @@ endef
# MAKE_C builds a C source file and generates the dependency file
# $(1) = output directory
# $(2) = source file (%.c)
-# $(3) = BL stage (2, 2u, 30, 31, 32, 33)
+# $(3) = BL stage (1, 2, 2u, 31, 32)
define MAKE_C
$(eval OBJ := $(1)/$(patsubst %.c,%.o,$(notdir $(2))))
$(eval DEP := $(patsubst %.o,%.d,$(OBJ)))
-$(eval IMAGE := IMAGE_BL$(call uppercase,$(3)))
+$(eval BL_CPPFLAGS := $(BL$(call uppercase,$(3))_CPPFLAGS) -DIMAGE_BL$(call uppercase,$(3)))
$(eval BL_CFLAGS := $(BL$(call uppercase,$(3))_CFLAGS))
$(OBJ): $(2) $(filter-out %.d,$(MAKEFILE_LIST)) | bl$(3)_dirs
$$(ECHO) " CC $$<"
- $$(Q)$$(CC) $$(LTO_CFLAGS) $$(TF_CFLAGS) $$(CFLAGS) $(BL_CFLAGS) -D$(IMAGE) $(MAKE_DEP) -c $$< -o $$@
+ $$(Q)$$(CC) $$(LTO_CFLAGS) $$(TF_CFLAGS) $$(CFLAGS) $(BL_CPPFLAGS) $(BL_CFLAGS) $(MAKE_DEP) -c $$< -o $$@
-include $(DEP)
@@ -246,16 +314,17 @@ endef
# MAKE_S builds an assembly source file and generates the dependency file
# $(1) = output directory
# $(2) = assembly file (%.S)
-# $(3) = BL stage (2, 2u, 30, 31, 32, 33)
+# $(3) = BL stage (1, 2, 2u, 31, 32)
define MAKE_S
$(eval OBJ := $(1)/$(patsubst %.S,%.o,$(notdir $(2))))
$(eval DEP := $(patsubst %.o,%.d,$(OBJ)))
-$(eval IMAGE := IMAGE_BL$(call uppercase,$(3)))
+$(eval BL_CPPFLAGS := $(BL$(call uppercase,$(3))_CPPFLAGS) -DIMAGE_BL$(call uppercase,$(3)))
+$(eval BL_ASFLAGS := $(BL$(call uppercase,$(3))_ASFLAGS))
$(OBJ): $(2) $(filter-out %.d,$(MAKEFILE_LIST)) | bl$(3)_dirs
$$(ECHO) " AS $$<"
- $$(Q)$$(AS) $$(ASFLAGS) -D$(IMAGE) $(MAKE_DEP) -c $$< -o $$@
+ $$(Q)$$(AS) $$(ASFLAGS) $(BL_CPPFLAGS) $(BL_ASFLAGS) $(MAKE_DEP) -c $$< -o $$@
-include $(DEP)
@@ -265,15 +334,15 @@ endef
# MAKE_LD generate the linker script using the C preprocessor
# $(1) = output linker script
# $(2) = input template
-# $(3) = BL stage (2, 2u, 30, 31, 32, 33)
+# $(3) = BL stage (1, 2, 2u, 31, 32)
define MAKE_LD
$(eval DEP := $(1).d)
-$(eval IMAGE := IMAGE_BL$(call uppercase,$(3)))
+$(eval BL_CPPFLAGS := $(BL$(call uppercase,$(3))_CPPFLAGS) -DIMAGE_BL$(call uppercase,$(3)))
$(1): $(2) $(filter-out %.d,$(MAKEFILE_LIST)) | bl$(3)_dirs
$$(ECHO) " PP $$<"
- $$(Q)$$(CPP) $$(CPPFLAGS) $(TF_CFLAGS_$(ARCH)) -P -x assembler-with-cpp -D__LINKER__ $(MAKE_DEP) -D$(IMAGE) -o $$@ $$<
+ $$(Q)$$(CPP) $$(CPPFLAGS) $(BL_CPPFLAGS) $(TF_CFLAGS_$(ARCH)) -P -x assembler-with-cpp -D__LINKER__ $(MAKE_DEP) -o $$@ $$<
-include $(DEP)
@@ -299,7 +368,7 @@ endef
# MAKE_OBJS builds both C and assembly source files
# $(1) = output directory
# $(2) = list of source files (both C and assembly)
-# $(3) = BL stage (2, 30, 31, 32, 33)
+# $(3) = BL stage (1, 2, 2u, 31, 32)
define MAKE_OBJS
$(eval C_OBJS := $(filter %.c,$(2)))
$(eval REMAIN := $(filter-out %.c,$(2)))
@@ -376,9 +445,10 @@ endef
# MAKE_BL macro defines the targets and options to build each BL image.
# Arguments:
-# $(1) = BL stage (2, 2u, 30, 31, 32, 33)
+# $(1) = BL stage (1, 2, 2u, 31, 32)
# $(2) = FIP command line option (if empty, image will not be included in the FIP)
# $(3) = FIP prefix (optional) (if FWU_, target is fwu_fip instead of fip)
+# $(4) = BL encryption flag (optional) (0, 1)
define MAKE_BL
$(eval BUILD_DIR := ${BUILD_PLAT}/bl$(1))
$(eval BL_SOURCES := $(BL$(call uppercase,$(1))_SOURCES))
@@ -389,6 +459,7 @@ define MAKE_BL
$(eval ELF := $(call IMG_ELF,$(1)))
$(eval DUMP := $(call IMG_DUMP,$(1)))
$(eval BIN := $(call IMG_BIN,$(1)))
+ $(eval ENC_BIN := $(call IMG_ENC_BIN,$(1)))
$(eval BL_LINKERFILE := $(BL$(call uppercase,$(1))_LINKERFILE))
$(eval BL_LIBS := $(BL$(call uppercase,$(1))_LIBS))
# We use sort only to get a list of unique object directory names.
@@ -469,7 +540,13 @@ endif
all: bl$(1)
+ifeq ($(4),1)
+$(call ENCRYPT_FW,$(BIN),$(ENC_BIN))
+$(if $(2),$(call TOOL_ADD_IMG_PAYLOAD,bl$(1),$(BIN),--$(2),$(ENC_BIN),$(3), \
+ $(ENC_BIN)))
+else
$(if $(2),$(call TOOL_ADD_IMG_PAYLOAD,bl$(1),$(BIN),--$(2),$(BIN),$(3)))
+endif
endef
diff --git a/make_helpers/defaults.mk b/make_helpers/defaults.mk
index fff336cd2..e94f3c31a 100644
--- a/make_helpers/defaults.mk
+++ b/make_helpers/defaults.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2016-2020, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2016-2021, ARM Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -19,6 +19,9 @@ AARCH32_SP := none
# The Target build architecture. Supported values are: aarch64, aarch32.
ARCH := aarch64
+# ARM Architecture feature modifiers: none by default
+ARM_ARCH_FEATURE := none
+
# ARM Architecture major and minor versions: 8.0 by default.
ARM_ARCH_MAJOR := 8
ARM_ARCH_MINOR := 0
@@ -62,15 +65,27 @@ CTX_INCLUDE_FPREGS := 0
# world. It is not needed to use it in the Non-secure world.
CTX_INCLUDE_PAUTH_REGS := 0
+# Include Nested virtualization control (Armv8.4-NV) registers in cpu context.
+# This must be set to 1 if architecture implements Nested Virtualization
+# Extension and platform wants to use this feature in the Secure world
+CTX_INCLUDE_NEVE_REGS := 0
+
# Debug build
DEBUG := 0
+# By default disable authenticated decryption support.
+DECRYPTION_SUPPORT := none
+
# Build platform
DEFAULT_PLAT := fvp
# Disable the generation of the binary image (ELF only).
DISABLE_BIN_GENERATION := 0
+# Disable MTPMU if FEAT_MTPMU is supported. Default is 0 to keep backwards
+# compatibility.
+DISABLE_MTPMU := 0
+
# Enable capability to disable authentication dynamically. Only meant for
# development platforms.
DYN_DISABLE_AUTH := 0
@@ -106,6 +121,18 @@ ENABLE_BTI := 0
# Use BRANCH_PROTECTION to enable PAUTH.
ENABLE_PAUTH := 0
+# By default BL31 encryption disabled
+ENCRYPT_BL31 := 0
+
+# By default BL32 encryption disabled
+ENCRYPT_BL32 := 0
+
+# Default dummy firmware encryption key
+ENC_KEY := 1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef
+
+# Default dummy nonce for firmware encryption
+ENC_NONCE := 1234567890abcdef12345678
+
# Build flag to treat usage of deprecated platform and framework APIs as error.
ERROR_DEPRECATED := 0
@@ -121,6 +148,9 @@ FIP_NAME := fip.bin
# Default FWU_FIP file name
FWU_FIP_NAME := fwu_fip.bin
+# By default firmware encryption with SSK
+FW_ENC_STATUS := 0
+
# For Chain of Trust
GENERATE_COT := 0
@@ -132,6 +162,10 @@ GICV2_G0_FOR_EL3 := 0
# by lower ELs.
HANDLE_EA_EL3_FIRST := 0
+# Secure hash algorithm flag, accepts 3 values: sha256, sha384 and sha512.
+# The default value is sha256.
+HASH_ALG := sha256
+
# Whether system coherency is managed in hardware, without explicit software
# operations.
HW_ASSISTED_COHERENCY := 0
@@ -139,6 +173,11 @@ HW_ASSISTED_COHERENCY := 0
# Set the default algorithm for the generation of Trusted Board Boot keys
KEY_ALG := rsa
+# Set the default key size in case KEY_ALG is rsa
+ifeq ($(KEY_ALG),rsa)
+KEY_SIZE := 2048
+endif
+
# Option to build TF with Measured Boot support
MEASURED_BOOT := 0
@@ -170,6 +209,9 @@ SAVE_KEYS := 0
# Software Delegated Exception support
SDEI_SUPPORT := 0
+# True Random Number firmware Interface
+TRNG_SUPPORT := 0
+
# Whether code and read-only data should be put on separate memory pages. The
# platform Makefile is free to override this value.
SEPARATE_CODE_AND_RODATA := 0
@@ -188,6 +230,9 @@ SPD := none
# Enable the Management Mode (MM)-based Secure Partition Manager implementation
SPM_MM := 0
+# Use SPM at S-EL2 as a default config for SPMD
+SPMD_SPM_AT_SEL2 := 1
+
# Flag to introduce an infinite loop in BL1 just before it exits into the next
# image. This is meant to help debugging the post-BL2 phase.
SPIN_ON_BL1_EXIT := 0
@@ -201,9 +246,25 @@ USE_COHERENT_MEM := 1
# Build option to add debugfs support
USE_DEBUGFS := 0
+# Build option to fconf based io
+ARM_IO_IN_DTB := 0
+
+# Build option to support SDEI through fconf
+SDEI_IN_FCONF := 0
+
+# Build option to support Secure Interrupt descriptors through fconf
+SEC_INT_DESC_IN_FCONF := 0
+
# Build option to choose whether Trusted Firmware uses library at ROM
USE_ROMLIB := 0
+# Build option to choose whether the xlat tables of BL images can be read-only.
+# Note that this only serves as a higher level option to PLAT_RO_XLAT_TABLES,
+# which is the per BL-image option that actually enables the read-only tables
+# API. The reason for having this additional option is to have a common high
+# level makefile where we can check for incompatible features/build options.
+ALLOW_RO_XLAT_TABLES := 0
+
# Chain of trust.
COT := tbbr
@@ -252,3 +313,28 @@ USE_SPINLOCK_CAS := 0
# Enable Link Time Optimization
ENABLE_LTO := 0
+
+# Build flag to include EL2 registers in cpu context save and restore during
+# S-EL2 firmware entry/exit. This flag is to be used with SPD=spmd option.
+# Default is 0.
+CTX_INCLUDE_EL2_REGS := 0
+
+# Enable Memory tag extension which is supported for architecture greater
+# than Armv8.5-A
+# By default it is set to "no"
+SUPPORT_STACK_MEMTAG := no
+
+# Select workaround for AT speculative behaviour.
+ERRATA_SPECULATIVE_AT := 0
+
+# Trap RAS error record access from lower EL
+RAS_TRAP_LOWER_EL_ERR_ACCESS := 0
+
+# Build option to create cot descriptors using fconf
+COT_DESC_IN_DTB := 0
+
+# Build option to provide openssl directory path
+OPENSSL_DIR := /usr
+
+# Build option to use the SP804 timer instead of the generic one
+USE_SP804_TIMER := 0
diff --git a/make_helpers/tbbr/tbbr_tools.mk b/make_helpers/tbbr/tbbr_tools.mk
index 9c47cc7c4..853ad11be 100644
--- a/make_helpers/tbbr/tbbr_tools.mk
+++ b/make_helpers/tbbr/tbbr_tools.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -23,6 +23,7 @@
# KEY_ALG
# KEY_SIZE
# ROT_KEY
+# PROT_KEY
# TRUSTED_WORLD_KEY
# NON_TRUSTED_WORLD_KEY
# SCP_BL2_KEY
@@ -53,10 +54,14 @@ $(eval $(call TOOL_ADD_PAYLOAD,${FWU_CERT},--fwu-cert,,FWU_))
# packed in the FIP). Developers can use their own keys by specifying the proper
# build option in the command line when building the Trusted Firmware
$(if ${KEY_ALG},$(eval $(call CERT_ADD_CMD_OPT,${KEY_ALG},--key-alg)))
+$(if ${KEY_ALG},$(eval $(call CERT_ADD_CMD_OPT,${KEY_ALG},--key-alg,FWU_)))
$(if ${KEY_SIZE},$(eval $(call CERT_ADD_CMD_OPT,${KEY_SIZE},--key-size)))
+$(if ${KEY_SIZE},$(eval $(call CERT_ADD_CMD_OPT,${KEY_SIZE},--key-size,FWU_)))
$(if ${HASH_ALG},$(eval $(call CERT_ADD_CMD_OPT,${HASH_ALG},--hash-alg)))
+$(if ${HASH_ALG},$(eval $(call CERT_ADD_CMD_OPT,${HASH_ALG},--hash-alg,FWU_)))
$(if ${ROT_KEY},$(eval $(call CERT_ADD_CMD_OPT,${ROT_KEY},--rot-key)))
$(if ${ROT_KEY},$(eval $(call CERT_ADD_CMD_OPT,${ROT_KEY},--rot-key,FWU_)))
+$(if ${PROT_KEY},$(eval $(call CERT_ADD_CMD_OPT,${PROT_KEY},--prot-key)))
$(if ${TRUSTED_WORLD_KEY},$(eval $(call CERT_ADD_CMD_OPT,${TRUSTED_WORLD_KEY},--trusted-world-key)))
$(if ${NON_TRUSTED_WORLD_KEY},$(eval $(call CERT_ADD_CMD_OPT,${NON_TRUSTED_WORLD_KEY},--non-trusted-world-key)))
@@ -93,5 +98,15 @@ endif
ifneq (${BL33},)
$(if ${BL33_KEY},$(eval $(call CERT_ADD_CMD_OPT,${BL33_KEY},--nt-fw-key)))
$(eval $(call TOOL_ADD_PAYLOAD,${BUILD_PLAT}/nt_fw_content.crt,--nt-fw-cert))
+ifneq (${COT},dualroot)
$(eval $(call TOOL_ADD_PAYLOAD,${BUILD_PLAT}/nt_fw_key.crt,--nt-fw-key-cert))
endif
+endif
+
+# Add SiP owned Secure Partitions CoT (image cert)
+ifneq (${SP_LAYOUT_FILE},)
+ $(eval $(call TOOL_ADD_PAYLOAD,${BUILD_PLAT}/sip_sp_content.crt,--sip-sp-cert))
+ifeq (${COT},dualroot)
+ $(eval $(call TOOL_ADD_PAYLOAD,${BUILD_PLAT}/plat_sp_content.crt,--plat-sp-cert))
+endif
+endif
diff --git a/make_helpers/windows.mk b/make_helpers/windows.mk
index 5ab8bdc4f..26ea88ef0 100644
--- a/make_helpers/windows.mk
+++ b/make_helpers/windows.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2016-2018, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2016-2020, ARM Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -86,3 +86,5 @@ define MAKE_BUILD_STRINGS
$$(CC) $$(TF_CFLAGS) $$(CFLAGS) -x c -c - -o $1
endef
+MSVC_NMAKE := nmake.exe
+
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-15 22:00:59 +0000