From f30ee0b9c07badc226fc36c4ac791ae65b837f45 Mon Sep 17 00:00:00 2001 From: Masahiro Yamada Date: Fri, 26 Jan 2018 11:42:01 +0900 Subject: Build: move cert_create arguments and dependency to FIP_ADD_PAYLOAD The fiptool and cert_create use the same command options for images. It is pretty easy to handle both in the same, symmetrical way. Move CRT_ARGS and CRT_DEPS to FIP_ADD_PAYLOAD. This refactoring makes sense because FIP_ADD_PAYLOAD is called from MAKE_BL (when building images from source), and from FIP_ADD_IMG (when including external images). (FIP_ADD_PAYLOAD will be renamed later on since it now caters to both fiptool and cert_create). We can delete CERT_ADD_CMD_OPT for images in tbbr.mk. It still needs to call CERT_ADD_CMD_OPT directly for certificates. Signed-off-by: Masahiro Yamada --- make_helpers/build_macros.mk | 2 ++ make_helpers/tbbr/tbbr_tools.mk | 50 +++++------------------------------------ 2 files changed, 8 insertions(+), 44 deletions(-) (limited to 'make_helpers') diff --git a/make_helpers/build_macros.mk b/make_helpers/build_macros.mk index 85e575c0..e0d107fc 100644 --- a/make_helpers/build_macros.mk +++ b/make_helpers/build_macros.mk @@ -107,6 +107,8 @@ endef define FIP_ADD_PAYLOAD $(4)FIP_ARGS += $(2) $(1) $(if $(3),$(4)FIP_DEPS += $(3)) + $(4)CRT_ARGS += $(2) $(1) + $(if $(3),$(4)CRT_DEPS += $(3)) endef # CERT_ADD_CMD_OPT adds a new command line option to the cert_create invocation diff --git a/make_helpers/tbbr/tbbr_tools.mk b/make_helpers/tbbr/tbbr_tools.mk index 00210177..2b753756 100644 --- a/make_helpers/tbbr/tbbr_tools.mk +++ b/make_helpers/tbbr/tbbr_tools.mk @@ -44,11 +44,9 @@ $(eval $(call CERT_ADD_CMD_OPT,${NTFW_NVCTR_VAL},--ntfw-nvctr)) # Add Trusted Key certificate to the fiptool and cert_create command line options $(eval $(call FIP_ADD_PAYLOAD,${TRUSTED_KEY_CERT},--trusted-key-cert)) -$(eval $(call CERT_ADD_CMD_OPT,${TRUSTED_KEY_CERT},--trusted-key-cert)) # Add fwu certificate to the fiptool and cert_create command line options $(eval $(call FIP_ADD_PAYLOAD,${FWU_CERT},--fwu-cert,,FWU_)) -$(eval $(call CERT_ADD_CMD_OPT,${FWU_CERT},--fwu-cert,,FWU_)) # Add the keys to the cert_create command line options (private keys are NOT # packed in the FIP). Developers can use their own keys by specifying the proper @@ -60,74 +58,38 @@ $(if ${ROT_KEY},$(eval $(call CERT_ADD_CMD_OPT,${ROT_KEY},--rot-key,,FWU_))) $(if ${TRUSTED_WORLD_KEY},$(eval $(call CERT_ADD_CMD_OPT,${TRUSTED_WORLD_KEY},--trusted-world-key))) $(if ${NON_TRUSTED_WORLD_KEY},$(eval $(call CERT_ADD_CMD_OPT,${NON_TRUSTED_WORLD_KEY},--non-trusted-world-key))) -# Add the BL2 CoT (image cert + image) -$(if ${BL2},$(eval $(call CERT_ADD_CMD_OPT,${BL2},--tb-fw,true)),\ - $(eval $(call CERT_ADD_CMD_OPT,$(call IMG_BIN,2),--tb-fw,true))) -$(eval $(call CERT_ADD_CMD_OPT,${BUILD_PLAT}/tb_fw.crt,--tb-fw-cert)) + +# Add the BL2 CoT (image cert) ifeq (${BL2_AT_EL3}, 0) $(eval $(call FIP_ADD_PAYLOAD,${BUILD_PLAT}/tb_fw.crt,--tb-fw-cert)) endif -# Add the SCP_BL2 CoT (key cert + img cert + image) +# Add the SCP_BL2 CoT (key cert + img cert) ifneq (${SCP_BL2},) - $(eval $(call CERT_ADD_CMD_OPT,${SCP_BL2},--scp-fw,true)) $(if ${SCP_BL2_KEY},$(eval $(call CERT_ADD_CMD_OPT,${SCP_BL2_KEY},--scp-fw-key))) - $(eval $(call CERT_ADD_CMD_OPT,${BUILD_PLAT}/scp_fw_content.crt,--scp-fw-cert)) - $(eval $(call CERT_ADD_CMD_OPT,${BUILD_PLAT}/scp_fw_key.crt,--scp-fw-key-cert)) $(eval $(call FIP_ADD_PAYLOAD,${BUILD_PLAT}/scp_fw_content.crt,--scp-fw-cert)) $(eval $(call FIP_ADD_PAYLOAD,${BUILD_PLAT}/scp_fw_key.crt,--scp-fw-key-cert)) endif ifeq (${ARCH},aarch64) ifeq (${NEED_BL31},yes) -# Add the BL31 CoT (key cert + img cert + image) -$(if ${BL31},$(eval $(call CERT_ADD_CMD_OPT,${BL31},--soc-fw,true)),\ - $(eval $(call CERT_ADD_CMD_OPT,$(call IMG_BIN,31),--soc-fw,true))) +# Add the BL31 CoT (key cert + img cert) $(if ${BL31_KEY},$(eval $(call CERT_ADD_CMD_OPT,${BL31_KEY},--soc-fw-key))) -$(eval $(call CERT_ADD_CMD_OPT,${BUILD_PLAT}/soc_fw_content.crt,--soc-fw-cert)) -$(eval $(call CERT_ADD_CMD_OPT,${BUILD_PLAT}/soc_fw_key.crt,--soc-fw-key-cert)) $(eval $(call FIP_ADD_PAYLOAD,${BUILD_PLAT}/soc_fw_content.crt,--soc-fw-cert)) $(eval $(call FIP_ADD_PAYLOAD,${BUILD_PLAT}/soc_fw_key.crt,--soc-fw-key-cert)) endif endif -# Add the BL32 CoT (key cert + img cert + image) +# Add the BL32 CoT (key cert + img cert) ifeq (${NEED_BL32},yes) - $(if ${BL32},$(eval $(call CERT_ADD_CMD_OPT,${BL32},--tos-fw,true)),\ - $(if ${BL32_SOURCES},$(eval $(call CERT_ADD_CMD_OPT,$(call IMG_BIN,32),--tos-fw,true)))) $(if ${BL32_KEY},$(eval $(call CERT_ADD_CMD_OPT,${BL32_KEY},--tos-fw-key))) - $(eval $(call CERT_ADD_CMD_OPT,${BUILD_PLAT}/tos_fw_content.crt,--tos-fw-cert)) - $(eval $(call CERT_ADD_CMD_OPT,${BUILD_PLAT}/tos_fw_key.crt,--tos-fw-key-cert)) $(eval $(call FIP_ADD_PAYLOAD,${BUILD_PLAT}/tos_fw_content.crt,--tos-fw-cert)) $(eval $(call FIP_ADD_PAYLOAD,${BUILD_PLAT}/tos_fw_key.crt,--tos-fw-key-cert)) -ifneq (${BL32_EXTRA1},) - $(eval $(call CERT_ADD_CMD_OPT,${BL32_EXTRA1},--tos-fw-extra1,true)) -endif -ifneq (${BL32_EXTRA2},) - $(eval $(call CERT_ADD_CMD_OPT,${BL32_EXTRA2},--tos-fw-extra2,true)) -endif endif -# Add the BL33 CoT (key cert + img cert + image) +# Add the BL33 CoT (key cert + img cert) ifneq (${BL33},) - $(eval $(call CERT_ADD_CMD_OPT,${BL33},--nt-fw,true)) $(if ${BL33_KEY},$(eval $(call CERT_ADD_CMD_OPT,${BL33_KEY},--nt-fw-key))) - $(eval $(call CERT_ADD_CMD_OPT,${BUILD_PLAT}/nt_fw_content.crt,--nt-fw-cert)) - $(eval $(call CERT_ADD_CMD_OPT,${BUILD_PLAT}/nt_fw_key.crt,--nt-fw-key-cert)) $(eval $(call FIP_ADD_PAYLOAD,${BUILD_PLAT}/nt_fw_content.crt,--nt-fw-cert)) $(eval $(call FIP_ADD_PAYLOAD,${BUILD_PLAT}/nt_fw_key.crt,--nt-fw-key-cert)) endif - -# Add the BL2U image -$(if ${BL2U},$(eval $(call CERT_ADD_CMD_OPT,${BL2U},--ap-fwu-cfg,true,FWU_)),\ - $(eval $(call CERT_ADD_CMD_OPT,$(call IMG_BIN,2u),--ap-fwu-cfg,true,FWU_))) - -# Add the SCP_BL2U image -ifneq (${SCP_BL2U},) - $(eval $(call CERT_ADD_CMD_OPT,${SCP_BL2U},--scp-fwu-cfg,true,FWU_)) -endif - -# Add the NS_BL2U image -ifneq (${NS_BL2U},) - $(eval $(call CERT_ADD_CMD_OPT,${NS_BL2U},--fwu,true,FWU_)) -endif -- cgit v1.2.3