blob: db7d0b9ac1f0b1560c2c7c6e0d6d4d3d0fd5c811 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
|
link-script$(sm) = $(ta-dev-kit-dir$(sm))/src/ta.ld.S
link-script-pp$(sm) = $(link-out-dir$(sm))/ta.lds
link-script-dep$(sm) = $(link-out-dir$(sm))/.ta.ld.d
SIGN_ENC ?= $(ta-dev-kit-dir$(sm))/scripts/sign_encrypt.py
TA_SIGN_KEY ?= $(ta-dev-kit-dir$(sm))/keys/default_ta.pem
ifeq ($(CFG_ENCRYPT_TA),y)
# Default TA encryption key is a dummy key derived from default
# hardware unique key (an array of 16 zero bytes) to demonstrate
# usage of REE-FS TAs encryption feature.
#
# Note that a user of this TA encryption feature needs to provide
# encryption key and its handling corresponding to their security
# requirements.
TA_ENC_KEY ?= 'b64d239b1f3c7d3b06506229cd8ff7c8af2bb4db2168621ac62c84948468c4f4'
endif
all: $(link-out-dir$(sm))/$(user-ta-uuid).dmp \
$(link-out-dir$(sm))/$(user-ta-uuid).stripped.elf \
$(link-out-dir$(sm))/$(user-ta-uuid).ta
cleanfiles += $(link-out-dir$(sm))/$(user-ta-uuid).elf
cleanfiles += $(link-out-dir$(sm))/$(user-ta-uuid).dmp
cleanfiles += $(link-out-dir$(sm))/$(user-ta-uuid).map
cleanfiles += $(link-out-dir$(sm))/$(user-ta-uuid).stripped.elf
cleanfiles += $(link-out-dir$(sm))/$(user-ta-uuid).ta
cleanfiles += $(link-script-pp$(sm)) $(link-script-dep$(sm))
link-ldflags = -e__ta_entry -pie
link-ldflags += -T $(link-script-pp$(sm))
link-ldflags += -Map=$(link-out-dir$(sm))/$(user-ta-uuid).map
link-ldflags += --sort-section=alignment
link-ldflags += -z max-page-size=4096 # OP-TEE always uses 4K alignment
link-ldflags += --as-needed # Do not add dependency on unused shlib
link-ldflags += $(link-ldflags$(sm))
$(link-out-dir$(sm))/dyn_list:
@$(cmd-echo-silent) ' GEN $@'
$(q)mkdir -p $(dir $@)
$(q)echo "{" >$@
$(q)echo "__init_fini_info;" >>$@
ifeq ($(CFG_FTRACE_SUPPORT),y)
$(q)echo "__ftrace_info;" >>$@
endif
$(q)echo "};" >>$@
link-ldflags += --dynamic-list $(link-out-dir$(sm))/dyn_list
dynlistdep = $(link-out-dir$(sm))/dyn_list
cleanfiles += $(link-out-dir$(sm))/dyn_list
link-ldadd = $(user-ta-ldadd) $(addprefix -L,$(libdirs))
link-ldadd += --start-group $(addprefix -l,$(libnames)) --end-group
ldargs-$(user-ta-uuid).elf := $(link-ldflags) $(objs) $(link-ldadd) $(libgcc$(sm))
link-script-cppflags-$(sm) := \
$(filter-out $(CPPFLAGS_REMOVE) $(cppflags-remove), \
$(nostdinc$(sm)) $(CPPFLAGS) \
$(addprefix -I,$(incdirs$(sm)) $(link-out-dir$(sm))) \
$(cppflags$(sm)))
-include $(link-script-dep$(sm))
link-script-pp-makefiles$(sm) = $(filter-out %.d %.cmd,$(MAKEFILE_LIST))
define gen-link-t
$(link-script-pp$(sm)): $(link-script$(sm)) $(conf-file) $(link-script-pp-makefiles$(sm))
@$(cmd-echo-silent) ' CPP $$@'
$(q)mkdir -p $$(dir $$@)
$(q)$(CPP$(sm)) -P -MT $$@ -MD -MF $(link-script-dep$(sm)) \
$(link-script-cppflags-$(sm)) $$< -o $$@
$(link-out-dir$(sm))/$(user-ta-uuid).elf: $(objs) $(libdeps) \
$(link-script-pp$(sm)) \
$(dynlistdep) \
$(additional-link-deps)
@$(cmd-echo-silent) ' LD $$@'
$(q)$(LD$(sm)) $(ldargs-$(user-ta-uuid).elf) -o $$@
$(link-out-dir$(sm))/$(user-ta-uuid).dmp: \
$(link-out-dir$(sm))/$(user-ta-uuid).elf
@$(cmd-echo-silent) ' OBJDUMP $$@'
$(q)$(OBJDUMP$(sm)) -l -x -d $$< > $$@
$(link-out-dir$(sm))/$(user-ta-uuid).stripped.elf: \
$(link-out-dir$(sm))/$(user-ta-uuid).elf
@$(cmd-echo-silent) ' OBJCOPY $$@'
$(q)$(OBJCOPY$(sm)) --strip-unneeded $$< $$@
cmd-echo$(user-ta-uuid) := SIGN #
ifeq ($(CFG_ENCRYPT_TA),y)
crypt-args$(user-ta-uuid) := --enc-key $(TA_ENC_KEY)
cmd-echo$(user-ta-uuid) := SIGNENC
endif
$(link-out-dir$(sm))/$(user-ta-uuid).ta: \
$(link-out-dir$(sm))/$(user-ta-uuid).stripped.elf \
$(TA_SIGN_KEY)
@$(cmd-echo-silent) ' $$(cmd-echo$(user-ta-uuid)) $$@'
$(q)$(SIGN_ENC) --key $(TA_SIGN_KEY) $$(crypt-args$(user-ta-uuid)) \
--uuid $(user-ta-uuid) --ta-version $(user-ta-version) \
--in $$< --out $$@
endef
$(eval $(call gen-link-t))
additional-link-deps :=
|
