2.1. Prerequisites

This document describes the software requirements for building TF-A for AArch32 and AArch64 target platforms.

It may possible to build TF-A with combinations of software packages that are different from those listed below, however only the software described in this document can be officially supported.

2.1.1. Build Host

TF-A can be built using either a Linux or a Windows machine as the build host.

A relatively recent Linux distribution is recommended for building TF-A. We have performed tests using Ubuntu 22.04 LTS (64-bit) but other distributions should also work fine as a base, provided that the necessary tools and libraries can be installed.

2.1.2. Toolchain

TF-A can be built with any of the following cross-compiler toolchains that target the Armv7-A or Armv8-A architectures:

  • GCC >= 12.2.Rel1 (from the Arm Developer website)

    You will need the targets arm-none-eabi and aarch64-none-elf for AArch32 and AArch64 builds respectively.

  • Clang == 14.0.0

  • Arm Compiler == 6.18

In addition, a native compiler is required to build the supporting tools.

Note

Versions greater than the ones specified are likely but not guaranteed to work. This is predominantly because TF-A carries its own copy of compiler-rt, which may be older than the version expected by the compiler. Fixes and bug reports are always welcome.

Note

The software has also been built on Windows 7 Enterprise SP1, using CMD.EXE, Cygwin, and Msys (MinGW) shells, using version 5.3.1 of the GNU toolchain.

Note

For instructions on how to select the cross compiler refer to Performing an Initial Build.

2.1.3. Software and Libraries

The following tools are required to obtain and build TF-A:

  • An appropriate toolchain (see Toolchain)

  • GNU Make

  • Git

The following libraries must be available to build one or more components or supporting tools:

  • OpenSSL >= 1.1.1 (v3.0.0 to v3.0.6 highly discouraged due to security issues)

    Required to build the cert_create, encrypt_fw, and fiptool tools.

    Note

    If using OpenSSL 3, older Linux versions may require it to be built from source code, as it may not be available in the default package repositories. Please refer to the OpenSSL project documentation for more information.

The following libraries are required for Trusted Board Boot and Measured Boot support:

  • mbed TLS == 3.4.0 (tag: mbedtls-3.4.0)

These tools are optional:

  • Device Tree Compiler (DTC) >= 1.4.7

    Needed if you want to rebuild the provided Flattened Device Tree (FDT) source files (.dts files). DTC is available for Linux through the package repositories of most distributions.

  • Arm Development Studio (Arm-DS)

    The standard software package used for debugging software on Arm development platforms and FVP models.

  • Node.js >= 16

    Highly recommended, and necessary in order to install and use the packaged Git hooks and helper tools. Without these tools you will need to rely on the CI for feedback on commit message conformance.

  • Poetry >= 1.3.2

    Required for managing Python dependencies, this will allow you to reliably reproduce a Python environment to build documentation and run analysis tools. Most importantly, it ensures your system environment will not be affected by dependencies in the Python scripts.

2.1.3.1. Package Installation (Linux)

If you are using the recommended Ubuntu distribution then you can install the required packages with the following command:

sudo apt install build-essential git

The optional packages can be installed using:

sudo apt install device-tree-compiler

Additionally, to install a version of Node.js compatible with TF-A’s repository scripts, you can use the Node Version Manager. To install both NVM and an appropriate version of Node.js, run the following from the root directory of the repository:

curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.1/install.sh | bash
exec "$SHELL" -ic "nvm install; exec $SHELL"

2.1.4. Supporting Files

TF-A has been tested with pre-built binaries and file systems from Linaro Release 20.01. Alternatively, you can build the binaries from source using instructions in Performing an Initial Build.

2.1.5. Getting the TF-A Source

Source code for TF-A is maintained in a Git repository hosted on TrustedFirmware.org. To clone this repository from the server, run the following in your shell:

git clone "https://review.trustedfirmware.org/TF-A/trusted-firmware-a"

2.1.5.1. Additional Steps for Contributors

If you are planning on contributing back to TF-A, there are some things you’ll want to know.

TF-A is hosted by a Gerrit Code Review server. Gerrit requires that all commits include a Change-Id footer, and this footer is typically automatically generated by a Git hook installed by you, the developer.

If you have Node.js installed already, you can automatically install this hook, along with any additional hooks and Javascript-based tooling that we use, by running from within your newly-cloned repository:

npm install --no-save

If you have opted not to install Node.js, you can install the Gerrit hook manually by running:

curl -Lo $(git rev-parse --git-dir)/hooks/commit-msg https://review.trustedfirmware.org/tools/hooks/commit-msg
chmod +x $(git rev-parse --git-dir)/hooks/commit-msg

You can read more about Git hooks in the githooks page of the Git documentation, available here.

Copyright (c) 2021-2023, Arm Limited. All rights reserved.