| # Copyright 2024 Google LLC |
| # |
| # Licensed under the Apache License, Version 2.0 (the "License"); |
| # you may not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| # |
| # https://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| |
| EXT_FLASH_DEBUG=$(CHERIOT_OUT_DEBUG)/ext_flash.tar |
| EXT_FLASH_RELEASE=$(CHERIOT_OUT_RELEASE)/ext_flash.tar |
| |
| CHERIOT_SIM_SRC_DIR := $(ROOTDIR)/sim/mpact-cheriot |
| CHERIOT_SIM_OUT_DIR := $(OUT)/cheriot/sim |
| |
| CHERIOT_BOOT_SRC_DIR := $(MATCHA_SRC_DIR)/sw/device/cheriot/boot |
| |
| TMP_DEBUG=$(CHERIOT_OUT_DEBUG)/tmp |
| TMP_RELEASE=$(CHERIOT_OUT_RELEASE)/tmp |
| |
| sim_configs: |
| $(RENODE_SIM_GENERATOR_SCRIPT) |
| |
| clean_sim_configs: |
| @rm -rf $(OUT)/renode_configs |
| |
| $(TMP_DEBUG): |
| mkdir $(TMP_DEBUG) |
| $(TMP_RELEASE): |
| mkdir $(TMP_RELEASE) |
| |
| ## Build the CHERIoT boot ROM image |
| # |
| # This builds the HW boot rom executable for simulation. |
| # Source is in hw/matcha, while output is placed in |
| # out/cheriot/hw/ |
| cheriot_boot_rom: cheriot_boot_rom_otp |
| cheriot_boot_rom_clean: cheriot_boot_rom_otp_clean |
| |
| cheriot_boot_rom_otp: | $(CHERIOT_OUT_DIR) |
| cd $(MATCHA_SRC_DIR) && \ |
| bazel build --config=cheriot-baremetal --copt=-D_CHERIOT_BAREMETAL_ \ |
| //sw/device/lib/testing/test_rom:test_rom_no_otp_cheri_fpga_nexus.elf |
| cd $(MATCHA_SRC_DIR) && \ |
| find "bazel-out/" -wholename "*test_rom/test_rom_no_otp_cheri_fpga_nexus.elf" \ |
| -exec cp -f '{}' "$(CHERIOT_OUT_DIR)/$(BOOT_ROM_ELF)" \; |
| cd ${MATCHA_SRC_DIR}/bazel-matcha && \ |
| $(CACHE)/cheriot-tools/bin/llvm-objdump -glxsdrS --demangle \ |
| $(CHERIOT_OUT_DIR)/$(BOOT_ROM_ELF) > $(CHERIOT_OUT_DIR)/$(BOOT_ROM_ELF).dump |
| |
| cheriot_boot_rom_otp_clean: |
| cd $(MATCHA_SRC_DIR) && bazel clean --expunge |
| |
| # XXX symlink cheriot fw to "kernel" to satisfy elfloader |
| $(EXT_FLASH_DEBUG): $(MATCHA_BUNDLE_DEBUG) $(CHERIOT_FIRMWARE_DEBUG) | $(TMP_DEBUG) |
| cp -f $(MATCHA_BUNDLE_DEBUG) $(TMP_DEBUG)/matcha-tock-bundle |
| ${C_PREFIX}strip $(TMP_DEBUG)/matcha-tock-bundle |
| ${C_PREFIX}objcopy -O binary -g $(TMP_DEBUG)/matcha-tock-bundle $(TMP_DEBUG)/matcha-tock-bundle.bin |
| ln -sf $(CHERIOT_FIRMWARE_DEBUG) $(TMP_DEBUG)/kernel |
| tar -C $(TMP_DEBUG) -cvhf $@ matcha-tock-bundle.bin kernel |
| ext_flash_debug: $(EXT_FLASH_DEBUG) |
| |
| # TODO(sleffler): maybe move to opentitan_sw.mk? |
| |
| TEST_PRIVATE_KEY_0 := ${OPENTITAN_SOURCE}/sw/device/silicon_creator/rom/keys/fake/test_key_0_rsa_3072_exp_f4.der |
| |
| $(OUT)/host: |
| mkdir $(OUT)/host |
| opentitantool_: opentitantool_pkg | ${OUT}/host |
| tar -C ${OUT}/host -xf $(MATCHA_OUT_DIR)/opentitantool_pkg.tar.gz |
| |
| ## Construct a 2nd-level OpenTitan firmware image from a cheriot-rtos |
| ## firmware image. |
| # |
| # This assumes the cheriot-rtos image was built with the instruction |
| # memory in the board config offset by 0x380 bytes (0x380 = 896 bytes |
| # is the size of the OT manifest data structure). To build the image: |
| # - strip symbol & linearize the ELF segments; data will start at offset 0 in the file |
| # - copy the data up by the size of an OT manifest data structure |
| # - use openttitantool to construct the manifest & sign the image |
| # There are many ways we could do this. It might be better to have the |
| # cheriot-rtos build glue help us leave room for the manifest instead |
| # of adjusting the instruction memory but this works for now. |
| cheriot_firmware_release: ${CHERIOT_FIRMWARE_RELEASE} opentitantool_ | ${TMP_RELEASE} |
| cp -f $(CHERIOT_FIRMWARE_RELEASE) $(TMP_RELEASE)/cheriot-firmware |
| ${C_PREFIX}objcopy --strip-all -O binary -g $(TMP_RELEASE)/cheriot-firmware $(TMP_RELEASE)/cheriot-firmware.raw |
| dd if=$(TMP_RELEASE)/cheriot-firmware.raw of=${TMP_RELEASE}/cheriot-firmware.bin bs=896 seek=1 |
| ${OT_TOOL} image manifest update \ |
| --manifest=${ROOTDIR}/build/platforms/bancha/bl0-manifest.hjson \ |
| --sign --key-file=${TEST_PRIVATE_KEY_0} \ |
| $(TMP_RELEASE)/cheriot-firmware.bin |
| |
| $(EXT_FLASH_RELEASE): ${CANTRIP_MODEL_RELEASE} cheriot_firmware_release | $(TMP_RELEASE) |
| tar -C $(TMP_RELEASE) -cvhf $@ cheriot-firmware.bin |
| if [[ -f "${CANTRIP_MODEL_RELEASE}" ]]; then \ |
| ${C_PREFIX}objcopy -O binary -g ${CANTRIP_MODEL_RELEASE} $(TMP_RELEASE)/kelvin.bin; \ |
| tar -C $(TMP_RELEASE) -uvf $@ kelvin.bin; \ |
| fi |
| ext_flash_release: $(EXT_FLASH_RELEASE) |
| |
| # Renode commands to issue before the initial start of a simulation. |
| # This pauses all cores and then sets cpu0 (SC). |
| RENODE_PRESTART_CMDS=pause; cpu0 IsHalted false; |
| PORT_PRESTART_CMDS:=$(shell $(ROOTDIR)/scripts/generate-renode-port-cmd.sh $(RENODE_PORT)) |
| |
| # XXX the same for now |
| BANCHA_RESC_DEBUG=sim/config/bancha.resc |
| BANCHA_RESC_RELEASE=sim/config/bancha.resc |
| CHERIOT_RESC_RELEASE=sim/config/cheriot.resc |
| |
| BANCHA_REPL=sim/config/platforms/bancha.repl |
| |
| ## Launches an end-to-end build of the system and starts Renode |
| # |
| # This top-level target triggers the `cheriot_sim`, `kelvin_sim', `renode`, |
| # `cheriot_boot_rom`, and `ext_flash_release' targets to build the entire |
| # system and then finally starts the Renode simulator. |
| # |
| # This is the default target for the build system, and is generally what you |
| # need for day-to-day work on the software side of Shodan. |
| simulate: renode cheriot_sim kelvin_sim cheriot_boot_rom ext_flash_release |
| $(RENODE_CMD) -e "\ |
| \$$repl_file = @${BANCHA_REPL}; \ |
| \$$sc_bin =@$(TMP_RELEASE)/cheriot-firmware.bin; \ |
| \$$cheriot_elf = @$(TMP_RELEASE)/cheriot-firmware; \ |
| $(PORT_PRESTART_CMDS) i @${BANCHA_RESC_RELEASE}; \ |
| $(RENODE_PRESTART_CMDS) start" |
| |
| ## Version of the `simulate` target that also enables the simulator command |
| ## line interface on port 4567. To access the simulator use something like |
| ## telnet localhost 4567. Note renode will block until the cli is connected. |
| simulate+cli: renode cheriot_sim kelvin_sim cheriot_boot_rom ext_flash_release |
| $(RENODE_CMD) -e "\ |
| \$$repl_file = @${BANCHA_REPL}; \ |
| \$$sc_bin =@$(TMP_RELEASE)/cheriot-firmware.bin; \ |
| \$$cheriot_elf = @$(TMP_RELEASE)/cheriot-firmware; \ |
| \$$cli_port = 4567; \ |
| \$$wait_for_cli = true; \ |
| $(PORT_PRESTART_CMDS) i @${BANCHA_RESC_RELEASE}; \ |
| $(RENODE_PRESTART_CMDS) start" |
| |
| ## Debug version of the `simulate` target |
| # |
| # This top-level target does the same job as `simulate`, but instead of |
| # unhalting the CPUs and starting the system, this alternate target only unhalts |
| # cpu0, and uses the debug build of TockOS from the `matcha_tock_debug` target. |
| simulate-debug: renode cheriot_sim kelvin_sim cheriot_boot_rom ext_flash_debug |
| $(RENODE_CMD) -e "\ |
| \$$repl_file = @${BANCHA_REPL}; \ |
| \$$tar = @$(EXT_FLASH_DEBUG); \ |
| \$$sc_bin =@$(TMP_RELEASE)/cheriot-firmware.bin; \ |
| \$$cheriot_elf = @$(TMP_RELEASE)/cheriot-firmware; \ |
| $(PORT_PRESTART_CMDS) i @${BANCHA_RESC_DEBUG}; \ |
| $(RENODE_PRESTART_CMDS); start" |
| |
| ## Debug version of the `simulate` target |
| # |
| # This top-level target does the same job as `simulate-debug`, but instead of |
| # unhalting the CPUs and starting the system, this alternate target starts |
| # renode with no CPUs unhalted, allowing for GDB to be used for early system |
| # start. |
| debug-simulation: renode cheriot_sim kelvin_sim cheriot_boot_rom ext_flash_debug |
| $(RENODE_CMD) -e "\ |
| \$$repl_file = @${BANCHA_REPL}; \ |
| \$$tar = @$(EXT_FLASH_DEBUG); \ |
| \$$sc_bin =@$(TMP_RELEASE)/cheriot-firmware.bin; \ |
| \$$cheriot_elf = @$(TMP_RELEASE)/cheriot-firmware; \ |
| $(PORT_PRESTART_CMDS) i @${BANCHA_RESC_DEBUG}; start" |
| |
| $(CHERIOT_SIM_OUT_DIR): |
| mkdir -p "$(CHERIOT_SIM_OUT_DIR)" |
| |
| ## Build CHERIoT ISS |
| # |
| # Build mpact-sim-based CHERIoT ISS with bazel, and copy it to out/ |
| # Use /tmp as the bazel tmpfs to unblock CI |
| cheriot_sim: | $(CHERIOT_SIM_OUT_DIR) |
| cd "$(CHERIOT_SIM_SRC_DIR)" && \ |
| bazel build --sandbox_tmpfs_path=/tmp \ |
| //cheriot:mpact_cheriot \ |
| //cheriot:renode_mpact_cheriot |
| cd "$(CHERIOT_SIM_SRC_DIR)/bazel-bin" && \ |
| cp -f cheriot/mpact_cheriot "$(CHERIOT_SIM_OUT_DIR)" && \ |
| cp -f cheriot/librenode_mpact_cheriot.so "$(CHERIOT_SIM_OUT_DIR)" |
| |
| ## Clean CHERIoT ISS |
| # |
| # Clean the CHERIoT ISS |
| cheriot_sim_clean: |
| cd "$(CHERIOT_SIM_SRC_DIR)" && \ |
| bazel clean --expunge |
| rm -rf $(CHERIOT_SIM_OUT_DIR) |
| |
| .PHONY:: sim_configs clean_sim_configs simulate simulate-debug debug-simulation |
| .PHONY:: opentitantool_ |
| .PHONY:: cheriot_firmware_release |
| .PHONY:: cheriot_sim cheriot_sim_clean |
| .PHONY:: cheriot_boot_rom cheriot_boot_rom_clean |
