diff options
| author | Sandrine Bailleux <sandrine.bailleux@arm.com> | 2020-01-15 10:23:25 +0100 |
|---|---|---|
| committer | Sandrine Bailleux <sandrine.bailleux@arm.com> | 2020-01-29 14:00:33 +0100 |
| commit | 3bff910dc16ad5ed97d470064b25481d3674732b (patch) | |
| tree | 087f519991d5bf70efebb45473929c7f38ce0c14 | |
| parent | 067f7e9c52f5aa19bac2cb91a96e6e4f9dee6cb9 (diff) | |
| download | arm-trusted-firmware-3bff910dc16ad5ed97d470064b25481d3674732b.tar.gz | |
Introduce COT build option
Allows to select the chain of trust to use when the Trusted Boot feature
is enabled. This affects both the cert_create tool and the firmware
itself.
Right now, the only available CoT is TBBR.
Change-Id: I7ab54e66508a1416cb3fcd3dfb0f055696763b3d
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
| -rw-r--r-- | Makefile | 2 | ||||
| -rw-r--r-- | docs/getting_started/build-options.rst | 3 | ||||
| -rw-r--r-- | make_helpers/defaults.mk | 5 | ||||
| -rw-r--r-- | plat/arm/common/arm_common.mk | 10 |
4 files changed, 16 insertions, 4 deletions
@@ -1009,7 +1009,7 @@ certtool: ${CRTTOOL} .PHONY: ${CRTTOOL} ${CRTTOOL}: - ${Q}${MAKE} PLAT=${PLAT} USE_TBBR_DEFS=${USE_TBBR_DEFS} --no-print-directory -C ${CRTTOOLPATH} + ${Q}${MAKE} PLAT=${PLAT} USE_TBBR_DEFS=${USE_TBBR_DEFS} COT=${COT} --no-print-directory -C ${CRTTOOLPATH} @${ECHO_BLANK_LINE} @echo "Built $@ successfully" @${ECHO_BLANK_LINE} diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst index fc4545571..f4e8cbe95 100644 --- a/docs/getting_started/build-options.rst +++ b/docs/getting_started/build-options.rst @@ -128,6 +128,9 @@ Common build options ``plat_secondary_cold_boot_setup()`` platform porting interfaces do not need to be implemented in this case. +- ``COT``: When Trusted Boot is enabled, selects the desired chain of trust. + Defaults to ``tbbr``. + - ``CRASH_REPORTING``: A non-zero value enables a console dump of processor register state when an unexpected exception occurs during execution of BL31. This option defaults to the value of ``DEBUG`` - i.e. by default diff --git a/make_helpers/defaults.mk b/make_helpers/defaults.mk index 53832c561..a211f6606 100644 --- a/make_helpers/defaults.mk +++ b/make_helpers/defaults.mk @@ -1,5 +1,5 @@ # -# Copyright (c) 2016-2019, ARM Limited and Contributors. All rights reserved. +# Copyright (c) 2016-2020, ARM Limited and Contributors. All rights reserved. # # SPDX-License-Identifier: BSD-3-Clause # @@ -201,6 +201,9 @@ USE_DEBUGFS := 0 # Build option to choose whether Trusted Firmware uses library at ROM USE_ROMLIB := 0 +# Chain of trust. +COT := tbbr + # Use tbbr_oid.h instead of platform_oid.h USE_TBBR_DEFS := 1 diff --git a/plat/arm/common/arm_common.mk b/plat/arm/common/arm_common.mk index 9d4f05e9e..c8b7ab448 100644 --- a/plat/arm/common/arm_common.mk +++ b/plat/arm/common/arm_common.mk @@ -1,5 +1,5 @@ # -# Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved. +# Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved. # # SPDX-License-Identifier: BSD-3-Clause # @@ -254,7 +254,13 @@ ifneq (${TRUSTED_BOARD_BOOT},0) AUTH_SOURCES := drivers/auth/auth_mod.c \ drivers/auth/crypto_mod.c \ drivers/auth/img_parser_mod.c \ - drivers/auth/tbbr/tbbr_cot.c \ + + # Include the selected chain of trust sources. + ifeq (${COT},tbbr) + AUTH_SOURCES += drivers/auth/tbbr/tbbr_cot.c + else + $(error Unknown chain of trust ${COT}) + endif BL1_SOURCES += ${AUTH_SOURCES} \ bl1/tbbr/tbbr_img_desc.c \ |