andrius
/
arm-trusted-firmware
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
arm-trusted-firmware/make_helpers/defaults.mk

469 lines
13 KiB
Makefile
Raw Permalink Normal View History

build: Reorder build variables alphabetically When build variables are assigned or processed en masse, they'd appear neater in alphabetical order. Static initializations are moved to a separate file, make_helpers/defaults.mk, which in itself is sorted alphabetically. No functional changes. Change-Id: I966010042b33de6b67592fb9ffcef8fc44d7d128 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
2016-10-24 14:31:51 +01:00
#
fix(el3-runtime): set unset pstate bits to default During a transition to a higher EL some of the PSTATE bits are not set by hardware, this means that their state may be leaked from lower ELs. This patch sets those bits to a default value upon entry to EL3. This patch was tested using a debugger to check the PSTATE values are correctly set. As well as adding a test in the next patch to ensure the PSTATE in lower ELs is still maintained after this change. Change-Id: Ie546acbca7b9aa3c86bd68185edded91b2a64ae5 Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
2021-05-25 18:09:34 +01:00
# Copyright (c) 2016-2022, Arm Limited. All rights reserved.
build: Reorder build variables alphabetically When build variables are assigned or processed en masse, they'd appear neater in alphabetical order. Static initializations are moved to a separate file, make_helpers/defaults.mk, which in itself is sorted alphabetically. No functional changes. Change-Id: I966010042b33de6b67592fb9ffcef8fc44d7d128 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
2016-10-24 14:31:51 +01:00
#
Use SPDX license identifiers To make software license auditing simpler, use SPDX[0] license identifiers instead of duplicating the license text in every file. NOTE: Files that have been imported by FreeBSD have not been modified. [0]: https://spdx.org/ Change-Id: I80a00e1f641b8cc075ca5a95b10607ed9ed8761a Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
2017-05-03 09:38:09 +01:00
# SPDX-License-Identifier: BSD-3-Clause
build: Reorder build variables alphabetically When build variables are assigned or processed en masse, they'd appear neater in alphabetical order. Static initializations are moved to a separate file, make_helpers/defaults.mk, which in itself is sorted alphabetically. No functional changes. Change-Id: I966010042b33de6b67592fb9ffcef8fc44d7d128 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
2016-10-24 14:31:51 +01:00
#
# Default, static values for build variables, listed in alphabetic order.
# Dependencies between build options, if any, are handled in the top-level
# Makefile, after this file is included. This ensures that the former is better
# poised to handle dependencies, as all build variables would have a default
# value by then.
Allow manually setting the AArch32 instruction set At the moment the AArch32 instruction set isn't specified in the command line, which means that the compiler is free to choose the one it sees fit. This decision may change between compiler versions, so it is better to specify it manually. The build option AARCH32_INSTRUCTION_SET has been introduced for this reason. This option can be set to T32 or A32 to pass the correct flags to the compiler. The current behaviour is to default to T32 due to it's smaller size. Change-Id: I02297eb1d9404b5868ff7c054fbff9b3cda7fdb6 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-08-08 16:28:43 +01:00
# Use T32 by default
AARCH32_INSTRUCTION_SET := T32
build: Reorder build variables alphabetically When build variables are assigned or processed en masse, they'd appear neater in alphabetical order. Static initializations are moved to a separate file, make_helpers/defaults.mk, which in itself is sorted alphabetically. No functional changes. Change-Id: I966010042b33de6b67592fb9ffcef8fc44d7d128 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
2016-10-24 14:31:51 +01:00
# The AArch32 Secure Payload to be built as BL32 image
AARCH32_SP := none
# The Target build architecture. Supported values are: aarch64, aarch32.
ARCH := aarch64
TF-A: Add build option for Arm Feature Modifiers This patch adds a new ARM_ARCH_FEATURE build option to add support for compiler's feature modifiers. It has the form '[no]feature+...' and defaults to 'none'. This option translates into compiler option '-march=armvX[.Y]-a+[no]feature+...'. Change-Id: I37742f270a898f5d6968e146cbcc04cbf53ef2ad Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
2020-12-07 16:38:53 +00:00
# ARM Architecture feature modifiers: none by default
ARM_ARCH_FEATURE := none
Introduce locking primitives using CAS instruction The ARMv8v.1 architecture extension has introduced support for far atomics, which includes compare-and-swap. Compare and Swap instruction is only available for AArch64. Introduce build options to choose the architecture versions to target ARM Trusted Firmware: - ARM_ARCH_MAJOR: selects the major version of target ARM Architecture. Default value is 8. - ARM_ARCH_MINOR: selects the minor version of target ARM Architecture. Default value is 0. When: (ARM_ARCH_MAJOR > 8) || ((ARM_ARCH_MAJOR == 8) && (ARM_ARCH_MINOR >= 1)), for AArch64, Compare and Swap instruction is used to implement spin locks. Otherwise, the implementation falls back to using load-/store-exclusive instructions. Update user guide, and introduce a section in Firmware Design guide to summarize support for features introduced in ARMv8 Architecture Extensions. Change-Id: I73096a0039502f7aef9ec6ab3ae36680da033f16 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
2017-01-16 16:52:35 +00:00
# ARM Architecture major and minor versions: 8.0 by default.
ARM_ARCH_MAJOR := 8
ARM_ARCH_MINOR := 0
build: Reorder build variables alphabetically When build variables are assigned or processed en masse, they'd appear neater in alphabetical order. Static initializations are moved to a separate file, make_helpers/defaults.mk, which in itself is sorted alphabetically. No functional changes. Change-Id: I966010042b33de6b67592fb9ffcef8fc44d7d128 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
2016-10-24 14:31:51 +01:00
# Base commit to perform code check on
BASE_COMMIT := origin/master
bl2-el3: Add BL2_EL3 image This patch enables BL2 to execute at the highest exception level without any dependancy on TF BL1. This enables platforms which already have a non-TF Boot ROM to directly load and execute BL2 and subsequent BL stages without need for BL1. This is not currently possible because BL2 executes at S-EL1 and cannot jump straight to EL3. Change-Id: Ief1efca4598560b1b8c8e61fbe26d1f44e929d69 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
2017-10-30 14:43:43 +00:00
# Execute BL2 at EL3
BL2_AT_EL3 := 0
build(bl2): enable SP pkg loading for S-EL1 SPMC Currently the SP package loading mechanism is only enabled when S-EL2 SPMC is selected. Remove this limitation. Signed-off-by: Balint Dobszay <balint.dobszay@arm.com> Change-Id: I5bf5a32248e85a26d0345cacff7d539eed824cfc
2021-03-26 15:23:18 +00:00
# Only use SP packages if SP layout JSON is defined
BL2_ENABLE_SP_LOAD := 0
Add support for BL2 in XIP memory In some use-cases BL2 will be stored in eXecute In Place (XIP) memory, like BL1. In these use-cases, it is necessary to initialize the RW sections in RAM, while leaving the RO sections in place. This patch enable this use-case with a new build option, BL2_IN_XIP_MEM. For now, this option is only supported when BL2_AT_EL3 is 1. Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
2018-03-21 07:20:09 +00:00
# BL2 image is stored in XIP memory, for now, this option is only supported
# when BL2_AT_EL3 is 1.
BL2_IN_XIP_MEM := 0
Invalidate dcache build option for bl2 entry at EL3 Some of the platform (ie. Agilex) make use of CCU IPs which will only be initialized during bl2_el3_early_platform_setup. Any operation to the cache beforehand will crash the platform. Hence, this will provide an option to skip the data cache invalidation upon bl2 entry at EL3 Signed-off-by: Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com> Change-Id: I2c924ed0589a72d0034714c31be8fe57237d1f06
2019-08-20 08:33:27 +01:00
# Do dcache invalidate upon BL2 entry at EL3
BL2_INV_DCACHE := 1
Add support for Branch Target Identification This patch adds the functionality needed for platforms to provide Branch Target Identification (BTI) extension, introduced to AArch64 in Armv8.5-A by adding BTI instruction used to mark valid targets for indirect branches. The patch sets new GP bit [50] to the stage 1 Translation Table Block and Page entries to denote guarded EL3 code pages which will cause processor to trap instructions in protected pages trying to perform an indirect branch to any instruction other than BTI. BTI feature is selected by BRANCH_PROTECTION option which supersedes the previous ENABLE_PAUTH used for Armv8.3-A Pointer Authentication and is disabled by default. Enabling BTI requires compiler support and was tested with GCC versions 9.0.0, 9.0.1 and 10.0.0. The assembly macros and helpers are modified to accommodate the BTI instruction. This is an experimental feature. Note. The previous ENABLE_PAUTH build option to enable PAuth in EL3 is now made as an internal flag and BRANCH_PROTECTION flag should be used instead to enable Pointer Authentication. Note. USE_LIBROM=1 option is currently not supported. Change-Id: Ifaf4438609b16647dc79468b70cd1f47a623362e Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
2019-05-24 12:17:09 +01:00
# Select the branch protection features to use.
BRANCH_PROTECTION := 0
build: Reorder build variables alphabetically When build variables are assigned or processed en masse, they'd appear neater in alphabetical order. Static initializations are moved to a separate file, make_helpers/defaults.mk, which in itself is sorted alphabetically. No functional changes. Change-Id: I966010042b33de6b67592fb9ffcef8fc44d7d128 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
2016-10-24 14:31:51 +01:00
# By default, consider that the platform may release several CPUs out of reset.
# The platform Makefile is free to override this value.
COLD_BOOT_SINGLE_CPU := 0
Add platform-independent coreboot support library This patch adds the foundation for a platform-independent coreboot support library that can be shared by all platforms that boot BL31 from coreboot (acting as BL2). It adds code to parse the "coreboot table", a data structure that coreboot uses to communicate different kinds of information to later-stage firmware and certain OS drivers. As a first small use case for this information, allow platforms to access the serial console configuration used by coreboot, removing the need to hardcode base address and divisors and allowing Trusted Firmware to benefit from coreboot's user configuration (e.g. which UART to pick and which baud rate to use). Change-Id: I2bfb39cd2609ce6640b844ab68df6c9ae3f28e9e Signed-off-by: Julius Werner <jwerner@chromium.org>
2017-06-09 23:17:15 +01:00
# Flag to compile in coreboot support code. Exclude by default. The coreboot
# Makefile system will set this when compiling TF as part of a coreboot image.
COREBOOT := 0
build: Reorder build variables alphabetically When build variables are assigned or processed en masse, they'd appear neater in alphabetical order. Static initializations are moved to a separate file, make_helpers/defaults.mk, which in itself is sorted alphabetically. No functional changes. Change-Id: I966010042b33de6b67592fb9ffcef8fc44d7d128 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
2016-10-24 14:31:51 +01:00
# For Chain of Trust
CREATE_KEYS := 1
# Build flag to include AArch32 registers in cpu context save and restore during
# world switch. This flag must be set to 0 for AArch64-only platforms.
CTX_INCLUDE_AARCH32_REGS := 1
# Include FP registers in cpu context
CTX_INCLUDE_FPREGS := 0
Add ARMv8.3-PAuth registers to CPU context ARMv8.3-PAuth adds functionality that supports address authentication of the contents of a register before that register is used as the target of an indirect branch, or as a load. This feature is supported only in AArch64 state. This feature is mandatory in ARMv8.3 implementations. This feature adds several registers to EL1. A new option called CTX_INCLUDE_PAUTH_REGS has been added to select if the TF needs to save them during Non-secure <-> Secure world switches. This option must be enabled if the hardware has the registers or the values will be leaked during world switches. To prevent leaks, this patch also disables pointer authentication in the Secure world if CTX_INCLUDE_PAUTH_REGS is 0. Any attempt to use it will be trapped in EL3. Change-Id: I27beba9907b9a86c6df1d0c5bf6180c972830855 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2019-01-31 11:58:00 +00:00
# Include pointer authentication (ARMv8.3-PAuth) registers in cpu context. This
# must be set to 1 if the platform wants to use this feature in the Secure
# world. It is not needed to use it in the Non-secure world.
CTX_INCLUDE_PAUTH_REGS := 0
lib: el3_runtime: Conditionally save/restore EL2 NEVE registers Include EL2 registers related to Nested Virtualization in EL2 context save/restore routines if architecture supports it and platform wants to use these features in Secure world. Change-Id: If006ab83bbc2576488686f5ffdff88b91adced5c Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
2020-05-28 11:57:09 +01:00
# Include Nested virtualization control (Armv8.4-NV) registers in cpu context.
# This must be set to 1 if architecture implements Nested Virtualization
# Extension and platform wants to use this feature in the Secure world
CTX_INCLUDE_NEVE_REGS := 0
build: Reorder build variables alphabetically When build variables are assigned or processed en masse, they'd appear neater in alphabetical order. Static initializations are moved to a separate file, make_helpers/defaults.mk, which in itself is sorted alphabetically. No functional changes. Change-Id: I966010042b33de6b67592fb9ffcef8fc44d7d128 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
2016-10-24 14:31:51 +01:00
# Debug build
DEBUG := 0
drivers: crypto: Add authenticated decryption framework Add framework for autheticated decryption of data. Currently this patch optionally imports mbedtls library as a backend if build option "DECRYPTION_SUPPORT = aes_gcm" is set to perform authenticated decryption using AES-GCM algorithm. Signed-off-by: Sumit Garg <sumit.garg@linaro.org> Change-Id: I2966f0e79033151012bf4ffc66f484cd949e7271
2019-11-15 05:13:00 +00:00
# By default disable authenticated decryption support.
DECRYPTION_SUPPORT := none
build: Reorder build variables alphabetically When build variables are assigned or processed en masse, they'd appear neater in alphabetical order. Static initializations are moved to a separate file, make_helpers/defaults.mk, which in itself is sorted alphabetically. No functional changes. Change-Id: I966010042b33de6b67592fb9ffcef8fc44d7d128 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
2016-10-24 14:31:51 +01:00
# Build platform
DEFAULT_PLAT := fvp
build_macros: Add mechanism to prevent bin generation. On certain platforms it does not make sense to generate TF-A binary images. For example a platform could make use of serveral memory areas, which are non-continuous and the resulting binary therefore would suffer from the padding-bytes. Typically these platforms use the ELF image. This patch introduces a variable DISABLE_BIN_GENERATION, which can be set to '1' in the platform makefile to prevent the binary generation. Signed-off-by: Christoph Müllner <christophm30@gmail.com> Change-Id: I62948e88bab685bb055fe6167d9660d14e604462
2019-04-24 08:45:30 +01:00
# Disable the generation of the binary image (ELF only).
DISABLE_BIN_GENERATION := 0
Add support for FEAT_MTPMU for Armv8.6 If FEAT_PMUv3 is implemented and PMEVTYPER<n>(_EL0).MT bit is implemented as well, it is possible to control whether PMU counters take into account events happening on other threads. If FEAT_MTPMU is implemented, EL3 (or EL2) can override the MT bit leaving it to effective state of 0 regardless of any write to it. This patch introduces the DISABLE_MTPMU flag, which allows to diable multithread event count from EL3 (or EL2). The flag is disabled by default so the behavior is consistent with those architectures that do not implement FEAT_MTPMU. Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com> Change-Id: Iee3a8470ae8ba13316af1bd40c8d4aa86e0cb85e
2020-11-23 18:38:15 +00:00
# Disable MTPMU if FEAT_MTPMU is supported. Default is 0 to keep backwards
# compatibility.
DISABLE_MTPMU := 0
Allow disabling authentication dynamically This patch allows platforms to dynamically disable authentication of images during cold boot. This capability is controlled via the DYN_DISABLE_AUTH build flag and is only meant for development purposes. Change-Id: Ia3df8f898824319bb76d5cc855b5ad6c3d227260 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
2018-03-26 12:43:37 +01:00
# Enable capability to disable authentication dynamically. Only meant for
# development platforms.
DYN_DISABLE_AUTH := 0
AArch64: Enable MPAM for lower ELs Memory Partitioning And Monitoring is an Armv8.4 feature that enables various memory system components and resources to define partitions. Software running at various ELs can then assign themselves to the desired partition to control their performance aspects. With this patch, when ENABLE_MPAM_FOR_LOWER_ELS is set to 1, EL3 allows lower ELs to access their own MPAM registers without trapping to EL3. This patch however doesn't make use of partitioning in EL3; platform initialisation code should configure and use partitions in EL3 if required. Change-Id: I5a55b6771ccaa0c1cffc05543d2116b60cbbcdcd Co-authored-by: James Morse <james.morse@arm.com> Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
2018-07-31 16:13:33 +01:00
# Build option to enable MPAM for lower ELs
ENABLE_MPAM_FOR_LOWER_ELS := 0
feat(mpmm): add support for MPMM MPMM - the Maximum Power Mitigation Mechanism - is an optional microarchitectural feature present on some Armv9-A cores, introduced with the Cortex-X2, Cortex-A710 and Cortex-A510 cores. MPMM allows the SoC firmware to detect and limit high activity events to assist in SoC processor power domain dynamic power budgeting and limit the triggering of whole-rail (i.e. clock chopping) responses to overcurrent conditions. This feature is enabled via the `ENABLE_MPMM` build option. Configuration can be done via FCONF by enabling `ENABLE_MPMM_FCONF`, or by via the plaform-implemented `plat_mpmm_topology` function. Change-Id: I77da82808ad4744ece8263f0bf215c5a091c3167 Signed-off-by: Chris Kay <chris.kay@arm.com>
2021-05-05 13:38:30 +01:00
# Enable the Maximum Power Mitigation Mechanism on supporting cores.
ENABLE_MPMM := 0
# Enable MPMM configuration via FCONF.
ENABLE_MPMM_FCONF := 0
Basic Makefile changes for PIE Change-Id: I0b8ccba15024c55bb03927cdb50370913eb8010c Signed-off-by: Soby Mathew <soby.mathew@arm.com>
2018-08-28 11:13:55 +01:00
# Flag to Enable Position Independant support (PIE)
ENABLE_PIE := 0
build: Reorder build variables alphabetically When build variables are assigned or processed en masse, they'd appear neater in alphabetical order. Static initializations are moved to a separate file, make_helpers/defaults.mk, which in itself is sorted alphabetically. No functional changes. Change-Id: I966010042b33de6b67592fb9ffcef8fc44d7d128 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
2016-10-24 14:31:51 +01:00
# Flag to enable Performance Measurement Framework
ENABLE_PMF := 0
# Flag to enable PSCI STATs functionality
ENABLE_PSCI_STAT := 0
feat(rme): add ENABLE_RME build option and support for RMM image The changes include: - A new build option (ENABLE_RME) to enable FEAT_RME - New image called RMM. RMM is R-EL2 firmware that manages Realms. When building TF-A, a path to RMM image can be specified using the "RMM" build flag. If RMM image is not provided, TRP is built by default and used as RMM image. - Support for RMM image in fiptool Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com> Change-Id: I017c23ef02e465a5198baafd665a60858ecd1b25
2021-07-12 00:33:20 +01:00
# Flag to enable Realm Management Extension (FEAT_RME)
ENABLE_RME := 0
build: Reorder build variables alphabetically When build variables are assigned or processed en masse, they'd appear neater in alphabetical order. Static initializations are moved to a separate file, make_helpers/defaults.mk, which in itself is sorted alphabetically. No functional changes. Change-Id: I966010042b33de6b67592fb9ffcef8fc44d7d128 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
2016-10-24 14:31:51 +01:00
# Flag to enable runtime instrumentation using PMF
ENABLE_RUNTIME_INSTRUMENTATION := 0
Add support for GCC stack protection Introduce new build option ENABLE_STACK_PROTECTOR. It enables compilation of all BL images with one of the GCC -fstack-protector-* options. A new platform function plat_get_stack_protector_canary() is introduced. It returns a value that is used to initialize the canary for stack corruption detection. Returning a random value will prevent an attacker from predicting the value and greatly increase the effectiveness of the protection. A message is printed at the ERROR level when a stack corruption is detected. To be effective, the global data must be stored at an address lower than the base of the stacks. Failure to do so would allow an attacker to overwrite the canary as part of an attack which would void the protection. FVP implementation of plat_get_stack_protector_canary is weak as there is no real source of entropy on the FVP. It therefore relies on a timer's value, which could be predictable. Change-Id: Icaaee96392733b721fa7c86a81d03660d3c1bc06 Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
2017-02-24 18:14:15 +00:00
# Flag to enable stack corruption protection
ENABLE_STACK_PROTECTOR := 0
BL31: Introduce Exception Handling Framework EHF is a framework that allows dispatching of EL3 interrupts to their respective handlers in EL3. This framework facilitates the firmware-first error handling policy in which asynchronous exceptions may be routed to EL3. Such exceptions may be handed over to respective exception handlers. Individual handlers might further delegate exception handling to lower ELs. The framework associates the delegated execution to lower ELs with a priority value. For interrupts, this corresponds to the priorities programmed in GIC; for other types of exceptions, viz. SErrors or Synchronous External Aborts, individual dispatchers shall explicitly associate delegation to a secure priority. In order to prevent lower priority interrupts from preempting higher priority execution, the framework provides helpers to control preemption by virtue of programming Priority Mask register in the interrupt controller. This commit allows for handling interrupts targeted at EL3. Exception handlers own interrupts by assigning them a range of secure priorities, and registering handlers for each priority range it owns. Support for exception handling in BL31 image is enabled by setting the build option EL3_EXCEPTION_HANDLING=1. Documentation to follow. NOTE: The framework assumes the priority scheme supported by platform interrupt controller is compliant with that of ARM GIC architecture (v2 or later). Change-Id: I7224337e4cea47c6ca7d7a4ca22a3716939f7e42 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
2017-09-22 08:32:10 +01:00
# Flag to enable exception handling in EL3
EL3_EXCEPTION_HANDLING := 0
Add support for Branch Target Identification This patch adds the functionality needed for platforms to provide Branch Target Identification (BTI) extension, introduced to AArch64 in Armv8.5-A by adding BTI instruction used to mark valid targets for indirect branches. The patch sets new GP bit [50] to the stage 1 Translation Table Block and Page entries to denote guarded EL3 code pages which will cause processor to trap instructions in protected pages trying to perform an indirect branch to any instruction other than BTI. BTI feature is selected by BRANCH_PROTECTION option which supersedes the previous ENABLE_PAUTH used for Armv8.3-A Pointer Authentication and is disabled by default. Enabling BTI requires compiler support and was tested with GCC versions 9.0.0, 9.0.1 and 10.0.0. The assembly macros and helpers are modified to accommodate the BTI instruction. This is an experimental feature. Note. The previous ENABLE_PAUTH build option to enable PAuth in EL3 is now made as an internal flag and BRANCH_PROTECTION flag should be used instead to enable Pointer Authentication. Note. USE_LIBROM=1 option is currently not supported. Change-Id: Ifaf4438609b16647dc79468b70cd1f47a623362e Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
2019-05-24 12:17:09 +01:00
# Flag to enable Branch Target Identification.
# Internal flag not meant for direct setting.
# Use BRANCH_PROTECTION to enable BTI.
ENABLE_BTI := 0
# Flag to enable Pointer Authentication.
# Internal flag not meant for direct setting.
# Use BRANCH_PROTECTION to enable PAUTH.
Add support for pointer authentication The previous commit added the infrastructure to load and save ARMv8.3-PAuth registers during Non-secure <-> Secure world switches, but didn't actually enable pointer authentication in the firmware. This patch adds the functionality needed for platforms to provide authentication keys for the firmware, and a new option (ENABLE_PAUTH) to enable pointer authentication in the firmware itself. This option is disabled by default, and it requires CTX_INCLUDE_PAUTH_REGS to be enabled. Change-Id: I35127ec271e1198d43209044de39fa712ef202a5 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2019-02-19 11:53:51 +00:00
ENABLE_PAUTH := 0
fix(amu): fault handling on EL2 context switch The HAFGRTR_EL2 register is UNDEFINED unless the CPU supports both FEAT_FGT and FEAT_AMUv1. FEAT_FGT is mandatory for v8.6-A and upwards, but FEAT_AMUv1 is optional (from v8.4-A upwards), and as such any 8.6-A cores today without support for FEAT_AMUv1 will trigger an undefined instruction exception on accessing this register. Currently ARM_ARCH_AT_LEAST macro has been used to associate with an architecture extension allowing to access HAFGRTR_EL2 register. This condition should be replaced with macros specific to individual features. This patch adds a new set of macros "ENABLE_FEAT_FGT, ENABLE_FEAT_AMUv1, ENABLE_FEAT_ECV" under build options to provide controlled access to the HAFGRTR_EL2 register. Further to ensure that the the build options passed comply with the given hardware implementation, a feature detection mechanism, checking whether build options match with the architecture is required at bootime. This will be implemented and pushed later in a separate patch. Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com> Change-Id: Ie390f4babe233b8b09455290277edbddecd33ead
2021-11-25 14:59:30 +00:00
# Flag to enable access to the HAFGRTR_EL2 register
ENABLE_FEAT_AMUv1 := 0
refactor(el3-runtime): add arch-features detection mechanism This patch adds architectural features detection procedure to ensure features enabled are present in the given hardware implementation. It verifies whether the architecture build flags passed during compilation match the respective features by reading their ID registers. It reads through all the enabled feature specific ID registers at once and panics in case of mismatch(feature enabled but not implemented in PE). Feature flags are used at sections (context_management, save and restore routines of registers) during context switch. If the enabled feature flag is not supported by the PE, it causes an exception while saving or restoring the registers guarded by them. With this mechanism, the build flags are validated at an early phase prior to their usage, thereby preventing any undefined action under their control. This implementation is based on tristate approach for each feature and currently FEAT_STATE=0 and FEAT_STATE=1 are covered as part of this patch. FEAT_STATE=2 is planned for phase-2 implementation and will be taken care separately. The patch has been explicitly tested, by adding a new test_config with build config enabling majority of the features and detected all of them under FVP launched with parameters enabling v8.7 features. Note: This is an experimental procedure and the mechanism itself is guarded by a macro "FEATURE_DETECTION", which is currently being disabled by default. The "FEATURE_DETECTION" macro is documented and the platforms are encouraged to make use of this diagnostic tool by enabling this "FEATURE_DETECTION" flag explicitly and get used to its behaviour during booting before the procedure gets mandated. Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com> Change-Id: Ia23d95430fe82d417a938b672bfb5edc401b0f43
2022-01-17 18:57:17 +00:00
# Flag to enable AMUv1p1 extension.
ENABLE_FEAT_AMUv1p1 := 0
# Flag to enable CSV2_2 extension.
ENABLE_FEAT_CSV2_2 := 0
# Flag to enable access to the HCRX_EL2 register by setting SCR_EL3.HXEn.
ENABLE_FEAT_HCX := 0
fix(amu): add default value for ENABLE_FEAT_FGT and ENABLE_FEAT_ECV flags ENABLE_FEAT_FGT and ENABLE_FEAT_ECV macros are used to access HDFGRTR_EL2 and CNTPOFF_EL2 registers respectively. These flags are set to true for v8.6 and upwards and are not handled explicitly for lower architecture versions. This patch adds definitive default value to these build macros, so that for v8.5 and below, they are not overridden and set to true by the gcc. Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com> Change-Id: Ic300194c8ad77558be9a0e00153e42185bf2c58c
2021-12-15 16:52:10 +00:00
# Flag to enable access to the HDFGRTR_EL2 register
ENABLE_FEAT_FGT := 0
# Flag to enable access to the CNTPOFF_EL2 register
ENABLE_FEAT_ECV := 0
fix(el3-runtime): set unset pstate bits to default During a transition to a higher EL some of the PSTATE bits are not set by hardware, this means that their state may be leaked from lower ELs. This patch sets those bits to a default value upon entry to EL3. This patch was tested using a debugger to check the PSTATE values are correctly set. As well as adding a test in the next patch to ensure the PSTATE in lower ELs is still maintained after this change. Change-Id: Ie546acbca7b9aa3c86bd68185edded91b2a64ae5 Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
2021-05-25 18:09:34 +01:00
# Flag to enable use of the DIT feature.
ENABLE_FEAT_DIT := 0
refactor(el3-runtime): add arch-features detection mechanism This patch adds architectural features detection procedure to ensure features enabled are present in the given hardware implementation. It verifies whether the architecture build flags passed during compilation match the respective features by reading their ID registers. It reads through all the enabled feature specific ID registers at once and panics in case of mismatch(feature enabled but not implemented in PE). Feature flags are used at sections (context_management, save and restore routines of registers) during context switch. If the enabled feature flag is not supported by the PE, it causes an exception while saving or restoring the registers guarded by them. With this mechanism, the build flags are validated at an early phase prior to their usage, thereby preventing any undefined action under their control. This implementation is based on tristate approach for each feature and currently FEAT_STATE=0 and FEAT_STATE=1 are covered as part of this patch. FEAT_STATE=2 is planned for phase-2 implementation and will be taken care separately. The patch has been explicitly tested, by adding a new test_config with build config enabling majority of the features and detected all of them under FVP launched with parameters enabling v8.7 features. Note: This is an experimental procedure and the mechanism itself is guarded by a macro "FEATURE_DETECTION", which is currently being disabled by default. The "FEATURE_DETECTION" macro is documented and the platforms are encouraged to make use of this diagnostic tool by enabling this "FEATURE_DETECTION" flag explicitly and get used to its behaviour during booting before the procedure gets mandated. Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com> Change-Id: Ia23d95430fe82d417a938b672bfb5edc401b0f43
2022-01-17 18:57:17 +00:00
# Flag to enable access to Privileged Access Never bit of PSTATE.
ENABLE_FEAT_PAN := 0
# Flag to enable access to the Random Number Generator registers
ENABLE_FEAT_RNG := 0
# Flag to enable Speculation Barrier Instruction
ENABLE_FEAT_SB := 0
# Flag to enable Secure EL-2 feature.
ENABLE_FEAT_SEL2 := 0
# Flag to enable Virtualization Host Extensions
ENABLE_FEAT_VHE := 0
refactor(twed): improve TWED enablement in EL-3 The current implementation uses plat_arm API under generic code. "plat_arm" API is a convention used with Arm common platform layer and is reserved for that purpose. In addition, the function has a weak definition which is not encouraged in TF-A. Henceforth, removing the weak API with a configurable macro "TWED_DELAY" of numeric data type in generic code and simplifying the implementation. By default "TWED_DELAY" is defined to zero, and the delay value need to be explicitly set by the platforms during buildtime. Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com> Change-Id: I25cd6f628e863dc40415ced3a82d0662fdf2d75a
2022-03-28 15:28:55 +01:00
# Flag to enable delayed trapping of WFE instruction (FEAT_TWED)
ENABLE_FEAT_TWED := 0
Makefile: Add support to optionally encrypt BL31 and BL32 Following build flags have been added to support optional firmware encryption: - FW_ENC_STATUS: Top level firmware's encryption numeric flag, values: 0: Encryption is done with Secret Symmetric Key (SSK) which is common for a class of devices. 1: Encryption is done with Binding Secret Symmetric Key (BSSK) which is unique per device. - ENC_KEY: A 32-byte (256-bit) symmetric key in hex string format. It could be SSK or BSSK depending on FW_ENC_STATUS flag. - ENC_NONCE: A 12-byte (96-bit) encryption nonce or Initialization Vector (IV) in hex string format. - ENCRYPT_BL31: Binary flag to enable encryption of BL31 firmware. - ENCRYPT_BL32: Binary flag to enable encryption of Secure BL32 payload. Similar flags can be added to encrypt other firmwares as well depending on use-cases. Signed-off-by: Sumit Garg <sumit.garg@linaro.org> Change-Id: I94374d6830ad5908df557f63823e58383d8ad670
2019-11-14 11:03:45 +00:00
# By default BL31 encryption disabled
ENCRYPT_BL31 := 0
# By default BL32 encryption disabled
ENCRYPT_BL32 := 0
# Default dummy firmware encryption key
ENC_KEY := 1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef
# Default dummy nonce for firmware encryption
ENC_NONCE := 1234567890abcdef12345678
build: Reorder build variables alphabetically When build variables are assigned or processed en masse, they'd appear neater in alphabetical order. Static initializations are moved to a separate file, make_helpers/defaults.mk, which in itself is sorted alphabetically. No functional changes. Change-Id: I966010042b33de6b67592fb9ffcef8fc44d7d128 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
2016-10-24 14:31:51 +01:00
# Build flag to treat usage of deprecated platform and framework APIs as error.
ERROR_DEPRECATED := 0
RAS: Add fault injection support The ARMv8.4 RAS extensions introduce architectural support for software to inject faults into the system in order to test fault-handling software. This patch introduces the build option FAULT_HANDLING_SUPPORT to allow for lower ELs to use registers in the Standard Error Record to inject fault. The build option RAS_EXTENSIONS must also be enabled along with fault injection. This feature is intended for testing purposes only, and is advisable to keep disabled for production images. Change-Id: I6f7a4454b15aec098f9505a10eb188c2f928f7ea Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
2017-12-08 12:13:51 +00:00
# Fault injection support
FAULT_INJECTION_SUPPORT := 0
refactor(el3-runtime): add arch-features detection mechanism This patch adds architectural features detection procedure to ensure features enabled are present in the given hardware implementation. It verifies whether the architecture build flags passed during compilation match the respective features by reading their ID registers. It reads through all the enabled feature specific ID registers at once and panics in case of mismatch(feature enabled but not implemented in PE). Feature flags are used at sections (context_management, save and restore routines of registers) during context switch. If the enabled feature flag is not supported by the PE, it causes an exception while saving or restoring the registers guarded by them. With this mechanism, the build flags are validated at an early phase prior to their usage, thereby preventing any undefined action under their control. This implementation is based on tristate approach for each feature and currently FEAT_STATE=0 and FEAT_STATE=1 are covered as part of this patch. FEAT_STATE=2 is planned for phase-2 implementation and will be taken care separately. The patch has been explicitly tested, by adding a new test_config with build config enabling majority of the features and detected all of them under FVP launched with parameters enabling v8.7 features. Note: This is an experimental procedure and the mechanism itself is guarded by a macro "FEATURE_DETECTION", which is currently being disabled by default. The "FEATURE_DETECTION" macro is documented and the platforms are encouraged to make use of this diagnostic tool by enabling this "FEATURE_DETECTION" flag explicitly and get used to its behaviour during booting before the procedure gets mandated. Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com> Change-Id: Ia23d95430fe82d417a938b672bfb5edc401b0f43
2022-01-17 18:57:17 +00:00
# Flag to enable architectural features detection mechanism
FEATURE_DETECTION := 0
fiptool: support --align option to add desired alignment to image offset The current fiptool packs all the images without any padding between them. So, the offset to each image has no alignment. This is not efficient, for example, when the FIP is read from a block-oriented device. For example, (e)MMC is accessed by block-addressing. The block size is 512 byte. So, the best case is each image is aligned by 512 byte since the DMA engine can transfer the whole of the image to its load address directly. The worst case is the offset does not have even DMA-capable alignment (this is where we stand now). In this case, we need to transfer every block to a bounce buffer, then do memcpy() from the bounce buffer to our final destination. At least, this should work with the abstraction by the block I/O layer, but the CPU-intervention for the whole data transfer makes it really slow. This commit adds a new option --align to the fiptool. This option, if given, requests the tool to align each component in the FIP file by the specified byte. Also, add a new Make option FIP_ALIGN for easier access to this feature; users can give something like FIP_ALIGN=512 from the command line, or add "FIP_ALIGN := 512" to their platform.mk file. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
2016-12-25 04:52:22 +00:00
# Byte alignment that each component in FIP is aligned to
FIP_ALIGN := 0
build: Reorder build variables alphabetically When build variables are assigned or processed en masse, they'd appear neater in alphabetical order. Static initializations are moved to a separate file, make_helpers/defaults.mk, which in itself is sorted alphabetically. No functional changes. Change-Id: I966010042b33de6b67592fb9ffcef8fc44d7d128 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
2016-10-24 14:31:51 +01:00
# Default FIP file name
FIP_NAME := fip.bin
# Default FWU_FIP file name
FWU_FIP_NAME := fwu_fip.bin
Makefile: Add support to optionally encrypt BL31 and BL32 Following build flags have been added to support optional firmware encryption: - FW_ENC_STATUS: Top level firmware's encryption numeric flag, values: 0: Encryption is done with Secret Symmetric Key (SSK) which is common for a class of devices. 1: Encryption is done with Binding Secret Symmetric Key (BSSK) which is unique per device. - ENC_KEY: A 32-byte (256-bit) symmetric key in hex string format. It could be SSK or BSSK depending on FW_ENC_STATUS flag. - ENC_NONCE: A 12-byte (96-bit) encryption nonce or Initialization Vector (IV) in hex string format. - ENCRYPT_BL31: Binary flag to enable encryption of BL31 firmware. - ENCRYPT_BL32: Binary flag to enable encryption of Secure BL32 payload. Similar flags can be added to encrypt other firmwares as well depending on use-cases. Signed-off-by: Sumit Garg <sumit.garg@linaro.org> Change-Id: I94374d6830ad5908df557f63823e58383d8ad670
2019-11-14 11:03:45 +00:00
# By default firmware encryption with SSK
FW_ENC_STATUS := 0
build: Reorder build variables alphabetically When build variables are assigned or processed en masse, they'd appear neater in alphabetical order. Static initializations are moved to a separate file, make_helpers/defaults.mk, which in itself is sorted alphabetically. No functional changes. Change-Id: I966010042b33de6b67592fb9ffcef8fc44d7d128 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
2016-10-24 14:31:51 +01:00
# For Chain of Trust
GENERATE_COT := 0
GIC: Add APIs to set interrupt type and query support The back end GIC driver converts and assigns the interrupt type to suitable group. For GICv2, a build option GICV2_G0_FOR_EL3 is introduced, which determines to which type Group 0 interrupts maps to. - When the build option is set 0 (the default), Group 0 interrupts are meant for Secure EL1. This is presently the case. - Otherwise, Group 0 interrupts are meant for EL3. This means the SPD will have to synchronously hand over the interrupt to Secure EL1. The query API allows the platform to query whether the platform supports interrupts of a given type. API documentation updated. Change-Id: I60fdb4053ffe0bd006b3b20914914ebd311fc858 Co-authored-by: Yousuf A <yousuf.sait@arm.com> Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
2017-09-22 08:32:09 +01:00
# Hint platform interrupt control layer that Group 0 interrupts are for EL3. By
# default, they are for Secure EL1.
GICV2_G0_FOR_EL3 := 0
AArch64: Introduce External Abort handling At present, any External Abort routed to EL3 is reported as an unhandled exception and cause a panic. This patch enables ARM Trusted Firmware to handle External Aborts routed to EL3. With this patch, when an External Abort is received at EL3, its handling is delegated to plat_ea_handler() function. Platforms can provide their own implementation of this function. This patch adds a weak definition of the said function that prints out a message and just panics. In order to support handling External Aborts at EL3, the build option HANDLE_EA_EL3_FIRST must be set to 1. Before this patch, HANDLE_EA_EL3_FIRST wasn't passed down to compilation; this patch fixes that too. Change-Id: I4d07b7e65eb191ff72d63b909ae9512478cd01a1 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
2017-11-30 12:54:15 +00:00
# Route External Aborts to EL3. Disabled by default; External Aborts are handled
# by lower ELs.
HANDLE_EA_EL3_FIRST := 0
TF-A: Add HASH_ALG default value to defaults.mk This patch adds default value of 'sha256' for HASH_ALG build flag to 'make_helpers\defaults.mk', according to 'docs\getting_started\build-options.rst'. This fixes Measured Boot driver error when TF-A uses default HASH_ALG value and TPM_HASH_ALG is set to sha384 or sha512. Change-Id: Id0aa34b54807de0adaf88e5f7d7032577c22f365 Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
2020-10-06 15:54:12 +01:00
# Secure hash algorithm flag, accepts 3 values: sha256, sha384 and sha512.
# The default value is sha256.
HASH_ALG := sha256
build: Define build option for hardware-assisted coherency The boolean build option HW_ASSISTED_COHERENCY is introduced to enable various optimizations in ARM Trusted Software, when built for such systems. It's set to 0 by default. Change-Id: I638390da6e1718fe024dcf5b402e07084f1eb014 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
2017-01-04 13:51:42 +00:00
# Whether system coherency is managed in hardware, without explicit software
# operations.
HW_ASSISTED_COHERENCY := 0
Export KEY_ALG as a user build option The `KEY_ALG` variable is used to select the algorithm for key generation by `cert_create` tool for signing the certificates. This variable was previously undocumented and did not have a global default value. This patch corrects this and also adds changes to derive the value of `TF_MBEDTLS_KEY_ALG` based on `KEY_ALG` if it not set by the platform. The corresponding assignment of these variables are also now removed from the `arm_common.mk` makefile. Signed-off-by: Soby Mathew <soby.mathew@arm.com> Change-Id: I78e2d6f4fc04ed5ad35ce2266118afb63127a5a4
2017-08-31 11:49:32 +01:00
# Set the default algorithm for the generation of Trusted Board Boot keys
KEY_ALG := rsa
defaults.mk: default KEY_SIZE to 2048 in case of RSA algorithm According to the documentation [1], KEY_SIZE defaults to 2048 when RSA algorithm is chosen, so set this value on the make's defaults file. [1] https://trustedfirmware-a.readthedocs.io/en/latest/getting_started/build-options.html Change-Id: I030f98363198a752bc0dd03528f748de527d48d8 Signed-off-by: Leonardo Sandoval <leonardo.sandoval@linaro.org>
2020-06-18 23:32:55 +01:00
# Set the default key size in case KEY_ALG is rsa
ifeq ($(KEY_ALG),rsa)
KEY_SIZE := 2048
endif
Measured Boot: add function for hash calculation This patch adds 'calc_hash' function using Mbed TLS library required for Measured Boot support. Change-Id: Ifc5aee0162d04db58ec6391e0726a526f29a52bb Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
2020-01-23 14:27:38 +00:00
# Option to build TF with Measured Boot support
MEASURED_BOOT := 0
build: Reorder build variables alphabetically When build variables are assigned or processed en masse, they'd appear neater in alphabetical order. Static initializations are moved to a separate file, make_helpers/defaults.mk, which in itself is sorted alphabetically. No functional changes. Change-Id: I966010042b33de6b67592fb9ffcef8fc44d7d128 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
2016-10-24 14:31:51 +01:00
# NS timer register save and restore
NS_TIMER_SWITCH := 0
Introduce build option to override libc This patch introduces a build option 'OVERRIDE_LIBC' that platforms can set to override libc from the BL image. The default value is '0' to keep the library. Change-Id: I10a0b247f6a782eeea4a0359e30a8d79b1e9e4e1 Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
2019-01-31 17:22:30 +00:00
# Include lib/libc in the final image
OVERRIDE_LIBC := 0
build: Reorder build variables alphabetically When build variables are assigned or processed en masse, they'd appear neater in alphabetical order. Static initializations are moved to a separate file, make_helpers/defaults.mk, which in itself is sorted alphabetically. No functional changes. Change-Id: I966010042b33de6b67592fb9ffcef8fc44d7d128 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
2016-10-24 14:31:51 +01:00
# Build PL011 UART driver in minimal generic UART mode
PL011_GENERIC_UART := 0
# By default, consider that the platform's reset address is not programmable.
# The platform Makefile is free to override this value.
PROGRAMMABLE_RESET_ADDRESS := 0
Minor changes to documentation and comments Fix some typos and clarify some sentences. Change-Id: Id276d1ced9a991b4eddc5c47ad9a825e6b29ef74 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2019-02-28 13:35:21 +00:00
# Flag used to choose the power state format: Extended State-ID or Original
build: Reorder build variables alphabetically When build variables are assigned or processed en masse, they'd appear neater in alphabetical order. Static initializations are moved to a separate file, make_helpers/defaults.mk, which in itself is sorted alphabetically. No functional changes. Change-Id: I966010042b33de6b67592fb9ffcef8fc44d7d128 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
2016-10-24 14:31:51 +01:00
PSCI_EXTENDED_STATE_ID := 0
AArch64: Introduce RAS handling RAS extensions are mandatory for ARMv8.2 CPUs, but are also optional extensions to base ARMv8.0 architecture. This patch adds build system support to enable RAS features in ARM Trusted Firmware. A boolean build option RAS_EXTENSION is introduced for this. With RAS_EXTENSION, an Exception Synchronization Barrier (ESB) is inserted at all EL3 vector entry and exit. ESBs will synchronize pending external aborts before entering EL3, and therefore will contain and attribute errors to lower EL execution. Any errors thus synchronized are detected via. DISR_EL1 register. When RAS_EXTENSION is set to 1, HANDLE_EL3_EA_FIRST must also be set to 1. Change-Id: I38a19d84014d4d8af688bd81d61ba582c039383a Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
2018-04-04 16:07:11 +01:00
# Enable RAS support
RAS_EXTENSION := 0
build: Reorder build variables alphabetically When build variables are assigned or processed en masse, they'd appear neater in alphabetical order. Static initializations are moved to a separate file, make_helpers/defaults.mk, which in itself is sorted alphabetically. No functional changes. Change-Id: I966010042b33de6b67592fb9ffcef8fc44d7d128 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
2016-10-24 14:31:51 +01:00
# By default, BL1 acts as the reset handler, not BL31
RESET_TO_BL31 := 0
feat(bl31): aarch64: RESET_TO_BL31_WITH_PARAMS It is not always the case that RESET_TO_BL31 enabled platforms don't execute a bootloader before BL31. For those use cases, being able to receive arguments from that first loader (i.e: a DTB with TPM logs) might be necessary feature. This code has been validated on iMX8mm. Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io> Change-Id: Ibf00c3867cb1d1012b8b376e64ccaeca1c9d2bff
2022-04-15 10:46:47 +01:00
# By default, clear the input registers when RESET_TO_BL31 is enabled
RESET_TO_BL31_WITH_PARAMS := 0
build: Reorder build variables alphabetically When build variables are assigned or processed en masse, they'd appear neater in alphabetical order. Static initializations are moved to a separate file, make_helpers/defaults.mk, which in itself is sorted alphabetically. No functional changes. Change-Id: I966010042b33de6b67592fb9ffcef8fc44d7d128 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
2016-10-24 14:31:51 +01:00
# For Chain of Trust
SAVE_KEYS := 0
BL31: Add SDEI dispatcher The implementation currently supports only interrupt-based SDEI events, and supports all interfaces as defined by SDEI specification version 1.0 [1]. Introduce the build option SDEI_SUPPORT to include SDEI dispatcher in BL31. Update user guide and porting guide. SDEI documentation to follow. [1] http://infocenter.arm.com/help/topic/com.arm.doc.den0054a/ARM_DEN0054A_Software_Delegated_Exception_Interface.pdf Change-Id: I758b733084e4ea3b27ac77d0259705565842241a Co-authored-by: Yousuf A <yousuf.sait@arm.com> Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
2017-10-16 08:43:14 +01:00
# Software Delegated Exception support
feat(sme): enable SME functionality This patch adds two new compile time options to enable SME in TF-A: ENABLE_SME_FOR_NS and ENABLE_SME_FOR_SWD for use in non-secure and secure worlds respectively. Setting ENABLE_SME_FOR_NS=1 will enable SME for non-secure worlds and trap SME, SVE, and FPU/SIMD instructions in secure context. Setting ENABLE_SME_FOR_SWD=1 will disable these traps, but support for SME context management does not yet exist in SPM so building with SPD=spmd will fail. The existing ENABLE_SVE_FOR_NS and ENABLE_SVE_FOR_SWD options cannot be used with SME as it is a superset of SVE and will enable SVE and FPU/SIMD along with SME. Signed-off-by: John Powell <john.powell@arm.com> Change-Id: Iaaac9d22fe37b4a92315207891da848a8fd0ed73
2021-07-08 20:14:00 +01:00
SDEI_SUPPORT := 0
BL31: Add SDEI dispatcher The implementation currently supports only interrupt-based SDEI events, and supports all interfaces as defined by SDEI specification version 1.0 [1]. Introduce the build option SDEI_SUPPORT to include SDEI dispatcher in BL31. Update user guide and porting guide. SDEI documentation to follow. [1] http://infocenter.arm.com/help/topic/com.arm.doc.den0054a/ARM_DEN0054A_Software_Delegated_Exception_Interface.pdf Change-Id: I758b733084e4ea3b27ac77d0259705565842241a Co-authored-by: Yousuf A <yousuf.sait@arm.com> Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
2017-10-16 08:43:14 +01:00
Add TRNG Firmware Interface service This adds the TRNG Firmware Interface Service to the standard service dispatcher. This includes a method for dispatching entropy requests to platforms and includes an entropy pool implementation to avoid dropping any entropy requested from the platform. Change-Id: I71cadb3cb377a507652eca9e0d68714c973026e9 Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com> Signed-off-by: Andre Przywara <andre.przywara@arm.com>
2020-06-22 20:18:42 +01:00
# True Random Number firmware Interface
feat(sme): enable SME functionality This patch adds two new compile time options to enable SME in TF-A: ENABLE_SME_FOR_NS and ENABLE_SME_FOR_SWD for use in non-secure and secure worlds respectively. Setting ENABLE_SME_FOR_NS=1 will enable SME for non-secure worlds and trap SME, SVE, and FPU/SIMD instructions in secure context. Setting ENABLE_SME_FOR_SWD=1 will disable these traps, but support for SME context management does not yet exist in SPM so building with SPD=spmd will fail. The existing ENABLE_SVE_FOR_NS and ENABLE_SVE_FOR_SWD options cannot be used with SME as it is a superset of SVE and will enable SVE and FPU/SIMD along with SME. Signed-off-by: John Powell <john.powell@arm.com> Change-Id: Iaaac9d22fe37b4a92315207891da848a8fd0ed73
2021-07-08 20:14:00 +01:00
TRNG_SUPPORT := 0
Add TRNG Firmware Interface service This adds the TRNG Firmware Interface Service to the standard service dispatcher. This includes a method for dispatching entropy requests to platforms and includes an entropy pool implementation to avoid dropping any entropy requested from the platform. Change-Id: I71cadb3cb377a507652eca9e0d68714c973026e9 Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com> Signed-off-by: Andre Przywara <andre.przywara@arm.com>
2020-06-22 20:18:42 +01:00
SMCCC/PCI: Add initial PCI conduit definitions Add constants, structures and build definition for the new standard SMCCC PCI conduit. These are documented in DEN0115A. https://developer.arm.com/documentation/den0115/latest Signed-off-by: Jeremy Linton <jeremy.linton@arm.com> Change-Id: If667800a26b9ae88626e8d895674c9c2e8c09658
2020-11-18 16:12:41 +00:00
# SMCCC PCI support
feat(sme): enable SME functionality This patch adds two new compile time options to enable SME in TF-A: ENABLE_SME_FOR_NS and ENABLE_SME_FOR_SWD for use in non-secure and secure worlds respectively. Setting ENABLE_SME_FOR_NS=1 will enable SME for non-secure worlds and trap SME, SVE, and FPU/SIMD instructions in secure context. Setting ENABLE_SME_FOR_SWD=1 will disable these traps, but support for SME context management does not yet exist in SPM so building with SPD=spmd will fail. The existing ENABLE_SVE_FOR_NS and ENABLE_SVE_FOR_SWD options cannot be used with SME as it is a superset of SVE and will enable SVE and FPU/SIMD along with SME. Signed-off-by: John Powell <john.powell@arm.com> Change-Id: Iaaac9d22fe37b4a92315207891da848a8fd0ed73
2021-07-08 20:14:00 +01:00
SMC_PCI_SUPPORT := 0
SMCCC/PCI: Add initial PCI conduit definitions Add constants, structures and build definition for the new standard SMCCC PCI conduit. These are documented in DEN0115A. https://developer.arm.com/documentation/den0115/latest Signed-off-by: Jeremy Linton <jeremy.linton@arm.com> Change-Id: If667800a26b9ae88626e8d895674c9c2e8c09658
2020-11-18 16:12:41 +00:00
build: Reorder build variables alphabetically When build variables are assigned or processed en masse, they'd appear neater in alphabetical order. Static initializations are moved to a separate file, make_helpers/defaults.mk, which in itself is sorted alphabetically. No functional changes. Change-Id: I966010042b33de6b67592fb9ffcef8fc44d7d128 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
2016-10-24 14:31:51 +01:00
# Whether code and read-only data should be put on separate memory pages. The
# platform Makefile is free to override this value.
SEPARATE_CODE_AND_RODATA := 0
bl31: Split into two separate memory regions Some platforms are extremely memory constrained and must split BL31 between multiple non-contiguous areas in SRAM. Allow the NOBITS sections (.bss, stacks, page tables, and coherent memory) to be placed in a separate region of RAM from the loaded firmware image. Because the NOBITS region may be at a lower address than the rest of BL31, __RW_{START,END}__ and __BL31_{START,END}__ cannot include this region, or el3_entrypoint_common would attempt to invalidate the dcache for the entire address space. New symbols __NOBITS_{START,END}__ are added when SEPARATE_NOBITS_REGION is enabled, and the dcached for the NOBITS region is invalidated separately. Signed-off-by: Samuel Holland <samuel@sholland.org> Change-Id: Idedfec5e4dbee77e94f2fdd356e6ae6f4dc79d37
2018-10-18 03:40:18 +01:00
# Put NOBITS sections (.bss, stacks, page tables, and coherent memory) in a
# separate memory region, which may be discontiguous from the rest of BL31.
SEPARATE_NOBITS_REGION := 0
feat(bl2): add support to separate no-loadable sections Add new options SEPARATE_BL2_NOLOAD_REGION to separate no-loadable sections (.bss, stack, page tables) to a ram region specified by BL2_NOLOAD_START and BL2_NOLOAD_LIMIT. Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com> Change-Id: I844ee0fc405474af0aff978d292c826fbe0a82fd
2022-02-24 02:47:33 +00:00
# Put BL2 NOLOAD sections (.bss, stacks, page tables) in a separate memory
# region, platform Makefile is free to override this value.
SEPARATE_BL2_NOLOAD_REGION := 0
Introduce RECLAIM_INIT_CODE build flag This patch introduces a build flag "RECLAIM_INIT_CODE" to mark boot time code which allows platforms to place this memory in an appropriate section to be reclaimed later. This features is primarily targeted for BL31. Appropriate documentation updates are also done. Change-Id: If0ca062851614805d769c332c771083d46599194 Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
2018-09-18 11:45:51 +01:00
# If the BL31 image initialisation code is recalimed after use for the secondary
# cores stack
RECLAIM_INIT_CODE := 0
build: Reorder build variables alphabetically When build variables are assigned or processed en masse, they'd appear neater in alphabetical order. Static initializations are moved to a separate file, make_helpers/defaults.mk, which in itself is sorted alphabetically. No functional changes. Change-Id: I966010042b33de6b67592fb9ffcef8fc44d7d128 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
2016-10-24 14:31:51 +01:00
# SPD choice
SPD := none
Remove dependency between SPM_MM and ENABLE_SPM build flags There are two different implementations of Secure Partition management in TF-A. One is based on the "Management Mode" (MM) design, the other is based on the Secure Partition Client Interface (SPCI) specification. Currently there is a dependency between their build flags that shouldn't exist, making further development harder than it should be. This patch removes that dependency, making the two flags function independently. Before: ENABLE_SPM=1 is required for using either implementation. By default, the SPCI-based implementation is enabled and this is overridden if SPM_MM=1. After: ENABLE_SPM=1 enables the SPCI-based implementation. SPM_MM=1 enables the MM-based implementation. The two build flags are mutually exclusive. Note that the name of the ENABLE_SPM flag remains a bit ambiguous - this will be improved in a subsequent patch. For this patch the intention was to leave the name as-is so that it is easier to track the changes that were made. Change-Id: I8e64ee545d811c7000f27e8dc8ebb977d670608a Signed-off-by: Paul Beesley <paul.beesley@arm.com>
2019-09-16 12:29:03 +01:00
# Enable the Management Mode (MM)-based Secure Partition Manager implementation
SPM_MM := 0
SPM: Deprecate the current implementation The current SPM is a prototype that only supports one secure partition in EL0. The objective of SPM is to have multiple partitions. The current MM interface isn't adequate for this, so it is needed to modify heavily the code to add proper support for it. However, there are platforms which are already using this (like SGI) and removing the code would break it. For this reason, the current SPM code has been duplicated in order to temporarily preserve compatibility. All new improvements/changes to SPM will be done in the non-deprecated copy, that may change without notice. The new build option SPM_DEPRECATED has been introduced to select the SPM implementation. It defaults to 1, that selects the deprecated SPM. Change-Id: Ic9f80b53b450e97b4d3f47e4ef4a138ee8d87443 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-10-30 11:08:08 +00:00
feat(spmc): enable building of the SPMC at EL3 Introduce build flag for enabling the secure partition manager core, SPMC_AT_EL3. When enabled, the SPMC module will be included into the BL31 image. By default the flag is disabled. Signed-off-by: Marc Bonnici <marc.bonnici@arm.com> Change-Id: I5ea1b953e5880a07ffc91c4dea876a375850cf2a
2021-12-01 18:00:40 +00:00
# Use the FF-A SPMC implementation in EL3.
SPMC_AT_EL3 := 0
SPMD: add command line parameter to run SPM at S-EL2 or S-EL1 Added SPMD_SPM_AT_SEL2 build command line parameter. Set to 1 to run SPM at S-EL2. Set to 0 to run SPM at S-EL1 (pre-v8.4 or S-EL2 is disabled). Removed runtime EL from SPM core manifest. Change-Id: Icb4f5ea4c800f266880db1d410d63fe27a1171c0 Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com> Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
2020-02-25 13:55:00 +00:00
# Use SPM at S-EL2 as a default config for SPMD
SPMD_SPM_AT_SEL2 := 1
build: Reorder build variables alphabetically When build variables are assigned or processed en masse, they'd appear neater in alphabetical order. Static initializations are moved to a separate file, make_helpers/defaults.mk, which in itself is sorted alphabetically. No functional changes. Change-Id: I966010042b33de6b67592fb9ffcef8fc44d7d128 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
2016-10-24 14:31:51 +01:00
# Flag to introduce an infinite loop in BL1 just before it exits into the next
# image. This is meant to help debugging the post-BL2 phase.
SPIN_ON_BL1_EXIT := 0
# Flags to build TF with Trusted Boot support
TRUSTED_BOARD_BOOT := 0
tbbr: Use USE_TBBR_DEFS=1 by default Change-Id: I2885b0d8cb9bb16da1fa96a30e46cccde434dc42 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-09-25 09:41:08 +01:00
# Build option to choose whether Trusted Firmware uses Coherent memory or not.
build: Reorder build variables alphabetically When build variables are assigned or processed en masse, they'd appear neater in alphabetical order. Static initializations are moved to a separate file, make_helpers/defaults.mk, which in itself is sorted alphabetically. No functional changes. Change-Id: I966010042b33de6b67592fb9ffcef8fc44d7d128 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
2016-10-24 14:31:51 +01:00
USE_COHERENT_MEM := 1
debugfs: add 9p device interface The 9p interface provides abstraction layers allowing the software that uses devices to be independent from the hardware. This patch provides a file system abstraction to link drivers to their devices and propose a common interface to expose driver operations to higher layers. This file system can be used to access and configure a device by doing read/write operations. Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com> Signed-off-by: Olivier Deprez <olivier.deprez@arm.com> Change-Id: Ia9662393baf489855dc0c8f389fe4a0afbc9c255
2019-09-19 16:46:46 +01:00
# Build option to add debugfs support
USE_DEBUGFS := 0
fconf: Move platform io policies into fconf Use the firmware configuration framework to store the io_policies information inside the configuration device tree instead of the static structure in the code base. The io_policies required by BL1 can't be inside the dtb, as this one is loaded by BL1, and only available at BL2. This change currently only applies to FVP platform. Change-Id: Ic9c1ac3931a4a136aa36f7f58f66d3764c1bfca1 Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
2019-10-24 15:18:46 +01:00
# Build option to fconf based io
plat/arm/fvp: Support performing SDEI platform setup in runtime This patch introduces dynamic configuration for SDEI setup and is supported when the new build flag SDEI_IN_FCONF is enabled. Instead of using C arrays and processing the configuration at compile time, the config is moved to dts files. It will be retrieved at runtime during SDEI init, using the fconf layer. Change-Id: If5c35a7517ba00a9f258d7f3e7c8c20cee169a31 Signed-off-by: Balint Dobszay <balint.dobszay@arm.com> Co-authored-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
2019-12-18 14:28:00 +00:00
ARM_IO_IN_DTB := 0
# Build option to support SDEI through fconf
plat/fvp: Add support for dynamic description of secure interrupts Using the fconf framework, the Group 0 and Group 1 secure interrupt descriptors are moved to device tree and retrieved in runtime. This feature is enabled by the build flag SEC_INT_DESC_IN_FCONF. Change-Id: I360c63a83286c7ecc2426cd1ff1b4746d61e633c Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
2020-06-02 15:26:30 +01:00
SDEI_IN_FCONF := 0
# Build option to support Secure Interrupt descriptors through fconf
SEC_INT_DESC_IN_FCONF := 0
fconf: Move platform io policies into fconf Use the firmware configuration framework to store the io_policies information inside the configuration device tree instead of the static structure in the code base. The io_policies required by BL1 can't be inside the dtb, as this one is loaded by BL1, and only available at BL2. This change currently only applies to FVP platform. Change-Id: Ic9c1ac3931a4a136aa36f7f58f66d3764c1bfca1 Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
2019-10-24 15:18:46 +01:00
tbbr: Use USE_TBBR_DEFS=1 by default Change-Id: I2885b0d8cb9bb16da1fa96a30e46cccde434dc42 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-09-25 09:41:08 +01:00
# Build option to choose whether Trusted Firmware uses library at ROM
USE_ROMLIB := 0
Add support for romlib in the build system Romlib is a new image that is stored in ROM and contains the code of several libraries that can be shared between different images. All the functions within in the library are accessed using a jump table which allows to update the romlib image whithout changing the binary compatibility. This jump table can be also stored in RAM and it can allow to patch a romlib with potential bugs fixes.. Change-Id: If980ccdaca24b7aaca900e32acc68baf6f94ab35 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
2018-05-22 16:05:42 +01:00
Read-only xlat tables for BL31 memory This patch introduces a build flag which allows the xlat tables to be mapped in a read-only region within BL31 memory. It makes it much harder for someone who has acquired the ability to write to arbitrary secure memory addresses to gain control of the translation tables. The memory attributes of the descriptors describing the tables themselves are changed to read-only secure data. This change happens at the end of BL31 runtime setup. Until this point, the tables have read-write permissions. This gives a window of opportunity for changes to be made to the tables with the MMU on (e.g. reclaiming init code). No changes can be made to the tables with the MMU turned on from this point onwards. This change is also enabled for sp_min and tspd. To make all this possible, the base table was moved to .rodata. The penalty we pay is that now .rodata must be aligned to the size of the base table (512B alignment). Still, this is better than putting the base table with the higher level tables in the xlat_table section, as that would cost us a full 4KB page. Changing the tables from read-write to read-only cannot be done with the MMU on, as the break-before-make sequence would invalidate the descriptor which resolves the level 3 page table where that very descriptor is located. This would make the translation required for writing the changes impossible, generating an MMU fault. The caches are also flushed. Signed-off-by: Petre-Ionut Tudor <petre-ionut.tudor@arm.com> Change-Id: Ibe5de307e6dc94c67d6186139ac3973516430466
2019-11-07 15:18:03 +00:00
# Build option to choose whether the xlat tables of BL images can be read-only.
# Note that this only serves as a higher level option to PLAT_RO_XLAT_TABLES,
# which is the per BL-image option that actually enables the read-only tables
# API. The reason for having this additional option is to have a common high
# level makefile where we can check for incompatible features/build options.
ALLOW_RO_XLAT_TABLES := 0
Introduce COT build option Allows to select the chain of trust to use when the Trusted Boot feature is enabled. This affects both the cert_create tool and the firmware itself. Right now, the only available CoT is TBBR. Change-Id: I7ab54e66508a1416cb3fcd3dfb0f055696763b3d Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
2020-01-15 09:23:25 +00:00
# Chain of trust.
COT := tbbr
cert: move platform_oid.h to include/tools_share for all platforms Platforms aligned with TBBR are supposed to use their own OIDs, but defining the same macros with different OIDs does not provide any value (at least technically). For easier use of TBBR, this commit allows platforms to reuse the OIDs obtained by ARM Ltd. This will be useful for non-ARM vendors that do not need their own extension fields in their certificate files. The OIDs of ARM Ltd. have been moved to include/tools_share/tbbr_oid.h Platforms can include <tbbr_oid.h> instead of <platform_oid.h> by defining USE_TBBR_DEFS as 1. USE_TBBR_DEFS is 0 by default to keep the backward compatibility. For clarification, I inserted a blank line between headers from the include/ directory (#include <...>) and ones from a local directory (#include "..." ). Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
2017-05-22 04:11:24 +01:00
# Use tbbr_oid.h instead of platform_oid.h
tbbr: Use USE_TBBR_DEFS=1 by default Change-Id: I2885b0d8cb9bb16da1fa96a30e46cccde434dc42 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-09-25 09:41:08 +01:00
USE_TBBR_DEFS := 1
cert: move platform_oid.h to include/tools_share for all platforms Platforms aligned with TBBR are supposed to use their own OIDs, but defining the same macros with different OIDs does not provide any value (at least technically). For easier use of TBBR, this commit allows platforms to reuse the OIDs obtained by ARM Ltd. This will be useful for non-ARM vendors that do not need their own extension fields in their certificate files. The OIDs of ARM Ltd. have been moved to include/tools_share/tbbr_oid.h Platforms can include <tbbr_oid.h> instead of <platform_oid.h> by defining USE_TBBR_DEFS as 1. USE_TBBR_DEFS is 0 by default to keep the backward compatibility. For clarification, I inserted a blank line between headers from the include/ directory (#include <...>) and ones from a local directory (#include "..." ). Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
2017-05-22 04:11:24 +01:00
build: Reorder build variables alphabetically When build variables are assigned or processed en masse, they'd appear neater in alphabetical order. Static initializations are moved to a separate file, make_helpers/defaults.mk, which in itself is sorted alphabetically. No functional changes. Change-Id: I966010042b33de6b67592fb9ffcef8fc44d7d128 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
2016-10-24 14:31:51 +01:00
# Build verbosity
V := 0
PSCI: Build option to enable D-Caches early in warmboot This patch introduces a build option to enable D-cache early on the CPU after warm boot. This is applicable for platforms which do not require interconnect programming to enable cache coherency (eg: single cluster platforms). If this option is enabled, then warm boot path enables D-caches immediately after enabling MMU. Fixes ARM-Software/tf-issues#456 Change-Id: I44c8787d116d7217837ced3bcf0b1d3441c8d80e Signed-off-by: Soby Mathew <soby.mathew@arm.com>
2017-04-10 22:35:42 +01:00
# Whether to enable D-Cache early during warm boot. This is usually
# applicable for platforms wherein interconnect programming is not
# required to enable cache coherency after warm reset (eg: single cluster
# platforms).
WARMBOOT_ENABLE_DCACHE_EARLY := 0
aarch64: Enable Statistical Profiling Extensions for lower ELs SPE is only supported in non-secure state. Accesses to SPE specific registers from SEL1 will trap to EL3. During a world switch, before `TTBR` is modified the SPE profiling buffers are drained. This is to avoid a potential invalid memory access in SEL1. SPE is architecturally specified only for AArch64. Change-Id: I04a96427d9f9d586c331913d815fdc726855f6b0 Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
2017-05-23 09:32:49 +01:00
Change Statistical Profiling Extensions build option handling It is not possible to detect at compile-time whether support for an optional extension such as SPE should be enabled based on the ARM_ARCH_MINOR build option value. Therefore SPE is now enabled by default. Change-Id: I670db164366aa78a7095de70a0962f7c0328ab7c Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
2017-10-13 15:07:45 +01:00
# Build option to enable/disable the Statistical Profiling Extensions
aarch64: Enable Statistical Profiling Extensions for lower ELs SPE is only supported in non-secure state. Accesses to SPE specific registers from SEL1 will trap to EL3. During a world switch, before `TTBR` is modified the SPE profiling buffers are drained. This is to avoid a potential invalid memory access in SEL1. SPE is architecturally specified only for AArch64. Change-Id: I04a96427d9f9d586c331913d815fdc726855f6b0 Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
2017-05-23 09:32:49 +01:00
ENABLE_SPE_FOR_LOWER_ELS := 1
Change Statistical Profiling Extensions build option handling It is not possible to detect at compile-time whether support for an optional extension such as SPE should be enabled based on the ARM_ARCH_MINOR build option value. Therefore SPE is now enabled by default. Change-Id: I670db164366aa78a7095de70a0962f7c0328ab7c Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
2017-10-13 15:07:45 +01:00
# SPE is only supported on AArch64 so disable it on AArch32.
aarch64: Enable Statistical Profiling Extensions for lower ELs SPE is only supported in non-secure state. Accesses to SPE specific registers from SEL1 will trap to EL3. During a world switch, before `TTBR` is modified the SPE profiling buffers are drained. This is to avoid a potential invalid memory access in SEL1. SPE is architecturally specified only for AArch64. Change-Id: I04a96427d9f9d586c331913d815fdc726855f6b0 Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
2017-05-23 09:32:49 +01:00
ifeq (${ARCH},aarch32)
feat(sme): enable SME functionality This patch adds two new compile time options to enable SME in TF-A: ENABLE_SME_FOR_NS and ENABLE_SME_FOR_SWD for use in non-secure and secure worlds respectively. Setting ENABLE_SME_FOR_NS=1 will enable SME for non-secure worlds and trap SME, SVE, and FPU/SIMD instructions in secure context. Setting ENABLE_SME_FOR_SWD=1 will disable these traps, but support for SME context management does not yet exist in SPM so building with SPD=spmd will fail. The existing ENABLE_SVE_FOR_NS and ENABLE_SVE_FOR_SWD options cannot be used with SME as it is a superset of SVE and will enable SVE and FPU/SIMD along with SME. Signed-off-by: John Powell <john.powell@arm.com> Change-Id: Iaaac9d22fe37b4a92315207891da848a8fd0ed73
2021-07-08 20:14:00 +01:00
override ENABLE_SPE_FOR_LOWER_ELS := 0
aarch64: Enable Statistical Profiling Extensions for lower ELs SPE is only supported in non-secure state. Accesses to SPE specific registers from SEL1 will trap to EL3. During a world switch, before `TTBR` is modified the SPE profiling buffers are drained. This is to avoid a potential invalid memory access in SEL1. SPE is architecturally specified only for AArch64. Change-Id: I04a96427d9f9d586c331913d815fdc726855f6b0 Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
2017-05-23 09:32:49 +01:00
endif
Implement support for the Activity Monitor Unit on Cortex A75 The Cortex A75 has 5 AMU counters. The first three counters are fixed and the remaining two are programmable. A new build option is introduced, `ENABLE_AMU`. When set, the fixed counters will be enabled for use by lower ELs. The programmable counters are currently disabled. Change-Id: I4bd5208799bb9ed7d2596e8b0bfc87abbbe18740 Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
2017-10-16 11:40:10 +01:00
Enable MTE support in both secure and non-secure worlds This patch adds support for the new Memory Tagging Extension arriving in ARMv8.5. MTE support is now enabled by default on systems that support at EL0. To enable it at ELx for both the non-secure and the secure world, the compiler flag CTX_INCLUDE_MTE_REGS includes register saving and restoring when necessary in order to prevent register leakage between the worlds. Change-Id: I2d4ea993d6b11654ea0d4757d00ca20d23acf36c Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
2019-07-18 14:25:33 +01:00
# Include Memory Tagging Extension registers in cpu context. This must be set
# to 1 if the platform wants to use this feature in the Secure world and MTE is
# enabled at ELX.
Enable v8.6 AMU enhancements (FEAT_AMUv1p1) ARMv8.6 adds virtual offset registers to support virtualization of the event counters in EL1 and EL0. This patch enables support for this feature in EL3 firmware. Signed-off-by: John Powell <john.powell@arm.com> Change-Id: I7ee1f3d9f554930bf5ef6f3d492e932e6d95b217
2020-10-02 19:41:11 +01:00
CTX_INCLUDE_MTE_REGS := 0
Enable MTE support in both secure and non-secure worlds This patch adds support for the new Memory Tagging Extension arriving in ARMv8.5. MTE support is now enabled by default on systems that support at EL0. To enable it at ELx for both the non-secure and the secure world, the compiler flag CTX_INCLUDE_MTE_REGS includes register saving and restoring when necessary in order to prevent register leakage between the worlds. Change-Id: I2d4ea993d6b11654ea0d4757d00ca20d23acf36c Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
2019-07-18 14:25:33 +01:00
Implement support for the Activity Monitor Unit on Cortex A75 The Cortex A75 has 5 AMU counters. The first three counters are fixed and the remaining two are programmable. A new build option is introduced, `ENABLE_AMU`. When set, the fixed counters will be enabled for use by lower ELs. The programmable counters are currently disabled. Change-Id: I4bd5208799bb9ed7d2596e8b0bfc87abbbe18740 Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
2017-10-16 11:40:10 +01:00
ENABLE_AMU := 0
refactor(amu): conditionally compile auxiliary counter support This change reduces preprocessor dependencies on the `AMU_GROUP1_NR_COUNTERS` and `AMU_GROUP1_COUNTERS_MASK` definitions, as these values will eventually be discovered dynamically. In their stead, we introduce the `ENABLE_AMU_AUXILIARY_COUNTERS` build option, which will enable support for dynamically detecting and enabling auxiliary AMU counters. This substantially reduces the amount of memory used by platforms that know ahead of time that they do not have any auxiliary AMU counters. Change-Id: I3d998aff44ed5489af4857e337e97634d06e3ea1 Signed-off-by: Chris Kay <chris.kay@arm.com>
2021-05-25 10:42:56 +01:00
ENABLE_AMU_AUXILIARY_COUNTERS := 0
feat(amu): enable per-core AMU auxiliary counters This change makes AMU auxiliary counters configurable on a per-core basis, controlled by `ENABLE_AMU_AUXILIARY_COUNTERS`. Auxiliary counters can be described via the `HW_CONFIG` device tree if the `ENABLE_AMU_FCONF` build option is enabled, or the platform must otherwise implement the `plat_amu_topology` function. A new phandle property for `cpu` nodes (`amu`) has been introduced to the `HW_CONFIG` specification to allow CPUs to describe the view of their own AMU: ``` cpu0: cpu@0 { ... amu = <&cpu0_amu>; }; ``` Multiple cores may share an `amu` handle if they implement the same set of auxiliary counters. AMU counters are described for one or more AMUs through the use of a new `amus` node: ``` amus { cpu0_amu: amu-0 { #address-cells = <1>; #size-cells = <0>; counter@0 { reg = <0>; enable-at-el3; }; counter@n { reg = <n>; ... }; }; }; ``` This structure describes the **auxiliary** (group 1) AMU counters. Architected counters have architecturally-defined behaviour, and as such do not require DTB entries. These `counter` nodes support two properties: - The `reg` property represents the counter register index. - The presence of the `enable-at-el3` property determines whether the firmware should enable the counter prior to exiting EL3. Change-Id: Ie43aee010518c5725a3b338a4899b0857caf4c28 Signed-off-by: Chris Kay <chris.kay@arm.com>
2021-08-19 11:21:52 +01:00
ENABLE_AMU_FCONF := 0
Enable v8.6 AMU enhancements (FEAT_AMUv1p1) ARMv8.6 adds virtual offset registers to support virtualization of the event counters in EL1 and EL0. This patch enables support for this feature in EL3 firmware. Signed-off-by: John Powell <john.powell@arm.com> Change-Id: I7ee1f3d9f554930bf5ef6f3d492e932e6d95b217
2020-10-02 19:41:11 +01:00
AMU_RESTRICT_COUNTERS := 0
Enable SVE for Non-secure world This patch adds a new build option, ENABLE_SVE_FOR_NS, which when set to one EL3 will check to see if the Scalable Vector Extension (SVE) is implemented when entering and exiting the Non-secure world. If SVE is implemented, EL3 will do the following: - Entry to Non-secure world: SIMD, FP and SVE functionality is enabled. - Exit from Non-secure world: SIMD, FP and SVE functionality is disabled. As SIMD and FP registers are part of the SVE Z-registers then any use of SIMD / FP functionality would corrupt the SVE registers. The build option default is 1. The SVE functionality is only supported on AArch64 and so the build option is set to zero when the target archiecture is AArch32. This build option is not compatible with the CTX_INCLUDE_FPREGS - an assert will be raised on platforms where SVE is implemented and both ENABLE_SVE_FOR_NS and CTX_INCLUDE_FPREGS are set to 1. Also note this change prevents secure world use of FP&SIMD registers on SVE-enabled platforms. Existing Secure-EL1 Payloads will not work on such platforms unless ENABLE_SVE_FOR_NS is set to 0. Additionally, on the first entry into the Non-secure world the SVE functionality is enabled and the SVE Z-register length is set to the maximum size allowed by the architecture. This includes the use case where EL2 is implemented but not used. Change-Id: Ie2d733ddaba0b9bef1d7c9765503155188fe7dae Signed-off-by: David Cunado <david.cunado@arm.com>
2017-10-20 11:30:57 +01:00
feat(sme): enable SME functionality This patch adds two new compile time options to enable SME in TF-A: ENABLE_SME_FOR_NS and ENABLE_SME_FOR_SWD for use in non-secure and secure worlds respectively. Setting ENABLE_SME_FOR_NS=1 will enable SME for non-secure worlds and trap SME, SVE, and FPU/SIMD instructions in secure context. Setting ENABLE_SME_FOR_SWD=1 will disable these traps, but support for SME context management does not yet exist in SPM so building with SPD=spmd will fail. The existing ENABLE_SVE_FOR_NS and ENABLE_SVE_FOR_SWD options cannot be used with SME as it is a superset of SVE and will enable SVE and FPU/SIMD along with SME. Signed-off-by: John Powell <john.powell@arm.com> Change-Id: Iaaac9d22fe37b4a92315207891da848a8fd0ed73
2021-07-08 20:14:00 +01:00
# Enable SVE for non-secure world by default
ENABLE_SVE_FOR_NS := 1
fix(sve): disable ENABLE_SVE_FOR_NS for AARCH32 With patch [1], ENABLE_SVE_FOR_NS is always enable. Disable it for AARCH32 platforms, as the feature is not supported. The warning message is replaced with an error, and the second override is removed. [1] dc78e62d80e6 ("feat(sme): enable SME functionality") Change-Id: Ic9c5e2612c9e00bd0d37ca3b59537e39270c9799 Signed-off-by: Yann Gautier <yann.gautier@st.com>
2021-11-19 10:35:46 +00:00
# SVE is only supported on AArch64 so disable it on AArch32.
ifeq (${ARCH},aarch32)
override ENABLE_SVE_FOR_NS := 0
endif
feat(sme): enable SME functionality This patch adds two new compile time options to enable SME in TF-A: ENABLE_SME_FOR_NS and ENABLE_SME_FOR_SWD for use in non-secure and secure worlds respectively. Setting ENABLE_SME_FOR_NS=1 will enable SME for non-secure worlds and trap SME, SVE, and FPU/SIMD instructions in secure context. Setting ENABLE_SME_FOR_SWD=1 will disable these traps, but support for SME context management does not yet exist in SPM so building with SPD=spmd will fail. The existing ENABLE_SVE_FOR_NS and ENABLE_SVE_FOR_SWD options cannot be used with SME as it is a superset of SVE and will enable SVE and FPU/SIMD along with SME. Signed-off-by: John Powell <john.powell@arm.com> Change-Id: Iaaac9d22fe37b4a92315207891da848a8fd0ed73
2021-07-08 20:14:00 +01:00
ENABLE_SVE_FOR_SWD := 0
# SME defaults to disabled
ENABLE_SME_FOR_NS := 0
ENABLE_SME_FOR_SWD := 0
# If SME is enabled then force SVE off
ifeq (${ENABLE_SME_FOR_NS},1)
override ENABLE_SVE_FOR_NS := 0
override ENABLE_SVE_FOR_SWD := 0
Enable SVE for Non-secure world This patch adds a new build option, ENABLE_SVE_FOR_NS, which when set to one EL3 will check to see if the Scalable Vector Extension (SVE) is implemented when entering and exiting the Non-secure world. If SVE is implemented, EL3 will do the following: - Entry to Non-secure world: SIMD, FP and SVE functionality is enabled. - Exit from Non-secure world: SIMD, FP and SVE functionality is disabled. As SIMD and FP registers are part of the SVE Z-registers then any use of SIMD / FP functionality would corrupt the SVE registers. The build option default is 1. The SVE functionality is only supported on AArch64 and so the build option is set to zero when the target archiecture is AArch32. This build option is not compatible with the CTX_INCLUDE_FPREGS - an assert will be raised on platforms where SVE is implemented and both ENABLE_SVE_FOR_NS and CTX_INCLUDE_FPREGS are set to 1. Also note this change prevents secure world use of FP&SIMD registers on SVE-enabled platforms. Existing Secure-EL1 Payloads will not work on such platforms unless ENABLE_SVE_FOR_NS is set to 0. Additionally, on the first entry into the Non-secure world the SVE functionality is enabled and the SVE Z-register length is set to the maximum size allowed by the architecture. This includes the use case where EL2 is implemented but not used. Change-Id: Ie2d733ddaba0b9bef1d7c9765503155188fe7dae Signed-off-by: David Cunado <david.cunado@arm.com>
2017-10-20 11:30:57 +01:00
endif
Add UBSAN support and handlers This patch adds support for the Undefined Behaviour sanitizer. There are two types of support offered - minimalistic trapping support which essentially immediately crashes on undefined behaviour and full support with full debug messages. The full support relies on ubsan.c which has been adapted from code used by OPTEE. Change-Id: I417c810f4fc43dcb56db6a6a555bfd0b38440727 Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
2019-08-20 11:01:52 +01:00
SANITIZE_UB := off
Fix the CAS spinlock implementation Make the spinlock implementation use ARMv8.1-LSE CAS instruction based on a platform build option. The CAS-based implementation used to be unconditionally selected for all ARM8.1+ platforms. The previous CAS spinlock implementation had a bug wherein the spin_unlock() implementation had an `sev` after `stlr` which is not sufficient. A dsb is needed to ensure that the stlr completes prior to the sev. Having a dsb is heavyweight and a better solution would be to use load exclusive semantics to monitor the lock and wake up from wfe when a store happens to the lock. The patch implements the same. Change-Id: I5283ce4a889376e4cc01d1b9d09afa8229a2e522 Signed-off-by: Soby Mathew <soby.mathew@arm.com> Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
2019-09-25 14:03:41 +01:00
# For ARMv8.1 (AArch64) platforms, enabling this option selects the spinlock
# implementation variant using the ARMv8.1-LSE compare-and-swap instruction.
# Default: disabled
USE_SPINLOCK_CAS := 0
Enable Link Time Optimization in GCC This patch enables LTO for TF-A when compiled with GCC. LTO is disabled by default and is enabled by ENABLE_LTO=1 build option. LTO is enabled only for aarch64 as there seem to be a bug in the aarch32 compiler when LTO is enabled. The changes in the makefiles include: - Adding -flto and associated flags to enable LTO. - Using gcc as a wrapper at link time instead of ld. This is recommended when using LTO as gcc internally takes care of invoking the necessary plugins for LTO. - Adding switches to pass options to ld. - Adding a flag to disable fix for erratum cortex-a53-843419 unless explicitly enabled. This is needed because GCC seem to automatically add the erratum fix when used as a wrapper for LD. Additionally, this patch updates the TF-A user guide with the new build option. Signed-off-by: zelalem-aweke <zelalem.aweke@arm.com> Change-Id: I1188c11974da98434b7dc9344e058cd1eacf5468
2019-11-12 22:20:17 +00:00
# Enable Link Time Optimization
ENABLE_LTO := 0
SPMD: save/restore EL2 system registers. NOTE: Not all EL-2 system registers are saved/restored. This subset includes registers recognized by ARMv8.0 Change-Id: I9993c7d78d8f5f8e72d1c6c8d6fd871283aa3ce0 Signed-off-by: Jose Marinho <jose.marinho@arm.com> Signed-off-by: Olivier Deprez <olivier.deprez@arm.com> Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com> Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
2020-02-25 13:56:19 +00:00
# Build flag to include EL2 registers in cpu context save and restore during
# S-EL2 firmware entry/exit. This flag is to be used with SPD=spmd option.
# Default is 0.
CTX_INCLUDE_EL2_REGS := 0
Enable MTE support Enable MTE support by adding memory tag option in Makefile This option is available only when ARMv8.5-MemTag is implemented MTE options are added in latest clang and armclang compiler which support below options: for clang <version 11.0.0> 1. -march=arm8.5-a+memtag 2. -fsanitize=memtag for armclang <version 6.12> 1. -march=arm8.5-a+memtag 2. -mmemtag-stack Set the option SUPPORT_STACK_MEMTAG=yes to enable memory stack tagging. Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com> Change-Id: I4e0bbde4e9769ce03ead6f550158e22f32c1c413
2020-03-22 05:06:38 +00:00
# Enable Memory tag extension which is supported for architecture greater
# than Armv8.5-A
# By default it is set to "no"
SUPPORT_STACK_MEMTAG := no
Implement workaround for AT speculative behaviour During context switching from higher EL (EL2 or higher) to lower EL can cause incorrect translation in TLB due to speculative execution of AT instruction using out-of-context translation regime. Workaround is implemented as below during EL's (EL1 or EL2) "context_restore" operation: 1. Disable page table walk using SCTLR.M and TCR.EPD0 & EPD1 bits for EL1 or EL2 (stage1 and stage2 disabled) 2. Save all system registers except TCR and SCTLR (for EL1 and EL2) 3. Do memory barrier operation (isb) to ensure all system register writes are done. 4. Restore TCR and SCTLR registers (for EL1 and EL2) Errata details are available for various CPUs as below: Cortex-A76: 1165522 Cortex-A72: 1319367 Cortex-A57: 1319537 Cortex-A55: 1530923 Cortex-A53: 1530924 More details can be found in mail-chain: https://lists.trustedfirmware.org/pipermail/tf-a/2020-April/000445.html Currently, Workaround is implemented as build option which is default disabled. Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com> Change-Id: If8545e61f782cb0c2dda7ffbaf50681c825bd2f0
2020-04-28 04:53:32 +01:00
# Select workaround for AT speculative behaviour.
feat(sme): enable SME functionality This patch adds two new compile time options to enable SME in TF-A: ENABLE_SME_FOR_NS and ENABLE_SME_FOR_SWD for use in non-secure and secure worlds respectively. Setting ENABLE_SME_FOR_NS=1 will enable SME for non-secure worlds and trap SME, SVE, and FPU/SIMD instructions in secure context. Setting ENABLE_SME_FOR_SWD=1 will disable these traps, but support for SME context management does not yet exist in SPM so building with SPD=spmd will fail. The existing ENABLE_SVE_FOR_NS and ENABLE_SVE_FOR_SWD options cannot be used with SME as it is a superset of SVE and will enable SVE and FPU/SIMD along with SME. Signed-off-by: John Powell <john.powell@arm.com> Change-Id: Iaaac9d22fe37b4a92315207891da848a8fd0ed73
2021-07-08 20:14:00 +01:00
ERRATA_SPECULATIVE_AT := 0
Prevent RAS register access from lower ELs This patch adds a build config 'RAS_TRAP_LOWER_EL_ERR_ACCESS' to set SCR_EL3.TERR during CPU boot. This bit enables trapping RAS register accesses from EL1 or EL2 to EL3. RAS_TRAP_LOWER_EL_ERR_ACCESS is disabled by default. Signed-off-by: Varun Wadekar <vwadekar@nvidia.com> Change-Id: Ifb0fb0afedea7dd2a29a0b0491a1161ecd241438
2020-06-12 18:11:28 +01:00
# Trap RAS error record access from lower EL
RAS_TRAP_LOWER_EL_ERR_ACCESS := 0
make, doc: Add build option to create chain of trust at runtime Added a build option 'COT_DESC_IN_DTB' to create chain of trust at runtime using fconf. Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com> Change-Id: I92b257ac4ece8bbf56f05a41d1e4056e2422ab89
2020-06-29 10:32:53 +01:00
# Build option to create cot descriptors using fconf
COT_DESC_IN_DTB := 0
Makefile, doc: Make OPENSSL_DIR variable as build option for tools Openssl directory path is hardcoded to '/usr' in the makefile of certificate generation and firmware encryption tool using 'OPENSSL_DIR' variable. Hence changes are done to make 'OPENSSL_DIR' variable as a build option so that user can provide openssl directory path while building the certificate generation and firmware encryption tool. Also, updated the document for this newly created build option Change-Id: Ib1538370d2c59263417f5db3746d1087ee1c1339 Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
2020-07-29 10:58:44 +01:00
# Build option to provide openssl directory path
OPENSSL_DIR := /usr
plat/arm: Use common build flag for using generic sp804 driver SP804 TIMER is not platform specific, and current code base adds multiple defines to use this driver. Like FVP_USE_SP804_TIMER and FVP_VE_USE_SP804_TIMER. This patch removes platform specific build flag and adds generic flag `USE_SP804_TIMER` to be set to 1 by platform if needed. Change-Id: I5ab792c189885fd1b98ddd187f3a38ebdd0baba2 Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
2020-08-12 19:18:19 +01:00
# Build option to use the SP804 timer instead of the generic one
USE_SP804_TIMER := 0
feat(fwu_metadata): add FWU metadata header and build options Added a firmware update metadata structure as per section 4.1 in the specification document[1]. Also, added the build options used in defining the firmware update metadata structure. [1]: https://developer.arm.com/documentation/den0118/a/ Change-Id: I8f43264a46fde777ceae7fd2a5bb0326f1711928 Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
2021-03-16 10:01:27 +00:00
# Build option to define number of firmware banks, used in firmware update
# metadata structure.
NR_OF_FW_BANKS := 2
# Build option to define number of images in firmware bank, used in firmware
# update metadata structure.
NR_OF_IMAGES_IN_FW_BANK := 1
feat(fwu): initialize FWU driver in BL2 Initialized FWU driver module in BL2 component under build flag PSA_FWU_SUPPORT. Change-Id: I08b191599835925c355981d695667828561b9a21 Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
2021-06-25 23:28:59 +01:00
# Disable Firmware update support by default
PSA_FWU_SUPPORT := 0
feat(trbe): enable access to trace buffer control registers from lower NS EL Introduced a build flag 'ENABLE_TRBE_FOR_NS' to enable trace buffer control registers access in NS-EL2, or NS-EL1 (when NS-EL2 is implemented but unused). Change-Id: I285a672ccd395eebd377714c992bb21062a729cc Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
2021-07-02 09:10:56 +01:00
# By default, disable access of trace buffer control registers from NS
# lower ELs i.e. NS-EL2, or NS-EL1 if NS-EL2 implemented but unused
# if FEAT_TRBE is implemented.
# Note FEAT_TRBE is only supported on AArch64 - therefore do not enable in
# AArch32.
ifneq (${ARCH},aarch32)
feat(sme): enable SME functionality This patch adds two new compile time options to enable SME in TF-A: ENABLE_SME_FOR_NS and ENABLE_SME_FOR_SWD for use in non-secure and secure worlds respectively. Setting ENABLE_SME_FOR_NS=1 will enable SME for non-secure worlds and trap SME, SVE, and FPU/SIMD instructions in secure context. Setting ENABLE_SME_FOR_SWD=1 will disable these traps, but support for SME context management does not yet exist in SPM so building with SPD=spmd will fail. The existing ENABLE_SVE_FOR_NS and ENABLE_SVE_FOR_SWD options cannot be used with SME as it is a superset of SVE and will enable SVE and FPU/SIMD along with SME. Signed-off-by: John Powell <john.powell@arm.com> Change-Id: Iaaac9d22fe37b4a92315207891da848a8fd0ed73
2021-07-08 20:14:00 +01:00
ENABLE_TRBE_FOR_NS := 0
feat(trbe): enable access to trace buffer control registers from lower NS EL Introduced a build flag 'ENABLE_TRBE_FOR_NS' to enable trace buffer control registers access in NS-EL2, or NS-EL1 (when NS-EL2 is implemented but unused). Change-Id: I285a672ccd395eebd377714c992bb21062a729cc Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
2021-07-02 09:10:56 +01:00
else
feat(sme): enable SME functionality This patch adds two new compile time options to enable SME in TF-A: ENABLE_SME_FOR_NS and ENABLE_SME_FOR_SWD for use in non-secure and secure worlds respectively. Setting ENABLE_SME_FOR_NS=1 will enable SME for non-secure worlds and trap SME, SVE, and FPU/SIMD instructions in secure context. Setting ENABLE_SME_FOR_SWD=1 will disable these traps, but support for SME context management does not yet exist in SPM so building with SPD=spmd will fail. The existing ENABLE_SVE_FOR_NS and ENABLE_SVE_FOR_SWD options cannot be used with SME as it is a superset of SVE and will enable SVE and FPU/SIMD along with SME. Signed-off-by: John Powell <john.powell@arm.com> Change-Id: Iaaac9d22fe37b4a92315207891da848a8fd0ed73
2021-07-08 20:14:00 +01:00
override ENABLE_TRBE_FOR_NS := 0
feat(trbe): enable access to trace buffer control registers from lower NS EL Introduced a build flag 'ENABLE_TRBE_FOR_NS' to enable trace buffer control registers access in NS-EL2, or NS-EL1 (when NS-EL2 is implemented but unused). Change-Id: I285a672ccd395eebd377714c992bb21062a729cc Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
2021-07-02 09:10:56 +01:00
endif
feat(sys_reg_trace): enable trace system registers access from lower NS ELs Introduced a build flag 'ENABLE_SYS_REG_TRACE_FOR_NS' to enable trace system registers access in NS-EL2, or NS-EL1 (when NS-EL2 is implemented but unused). Change-Id: Idc1acede4186e101758cbf7bed5af7b634d7d18d Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
2021-06-29 11:44:20 +01:00
feat(brbe): add BRBE support for NS world This patch enables access to the branch record buffer control registers in non-secure EL2 and EL1 using the new build option ENABLE_BRBE_FOR_NS. It is disabled for all secure world, and cannot be used with ENABLE_RME. This option is disabled by default, however, the FVP platform makefile enables it for FVP builds. Signed-off-by: John Powell <john.powell@arm.com> Change-Id: I576a49d446a8a73286ea6417c16bd0b8de71fca0
2022-01-28 23:06:20 +00:00
# By default, disable access to branch record buffer control registers from NS
# lower ELs i.e. NS-EL2, or NS-EL1 if NS-EL2 implemented but unused
# if FEAT_BRBE is implemented.
ENABLE_BRBE_FOR_NS := 0
feat(sys_reg_trace): enable trace system registers access from lower NS ELs Introduced a build flag 'ENABLE_SYS_REG_TRACE_FOR_NS' to enable trace system registers access in NS-EL2, or NS-EL1 (when NS-EL2 is implemented but unused). Change-Id: Idc1acede4186e101758cbf7bed5af7b634d7d18d Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
2021-06-29 11:44:20 +01:00
# By default, disable access of trace system registers from NS lower
# ELs i.e. NS-EL2, or NS-EL1 if NS-EL2 implemented but unused if
# system register trace is implemented.
ENABLE_SYS_REG_TRACE_FOR_NS := 0
feat(trf): enable trace filter control register access from lower NS EL Introduced a build flag 'ENABLE_TRF_FOR_NS' to enable trace filter control registers access in NS-EL2, or NS-EL1 (when NS-EL2 is implemented but unused). Change-Id: If3f53b8173a5573424b9a405a4bd8c206ffdeb8c Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
2021-07-08 09:33:18 +01:00
# By default, disable trace filter control registers access to NS
# lower ELs, i.e. NS-EL2, or NS-EL1 if NS-EL2 implemented but unused
# if FEAT_TRF is implemented.
ENABLE_TRF_FOR_NS := 0
refactor(twed): improve TWED enablement in EL-3 The current implementation uses plat_arm API under generic code. "plat_arm" API is a convention used with Arm common platform layer and is reserved for that purpose. In addition, the function has a weak definition which is not encouraged in TF-A. Henceforth, removing the weak API with a configurable macro "TWED_DELAY" of numeric data type in generic code and simplifying the implementation. By default "TWED_DELAY" is defined to zero, and the delay value need to be explicitly set by the platforms during buildtime. Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com> Change-Id: I25cd6f628e863dc40415ced3a82d0662fdf2d75a
2022-03-28 15:28:55 +01:00
# In v8.6+ platforms with delayed trapping of WFE being supported
# via FEAT_TWED, this flag takes the delay value to be set in the
# SCR_EL3.TWEDEL(4bit) field, when FEAT_TWED is implemented.
# By default it takes 0, and need to be updated by the platforms.
TWED_DELAY := 0
feat(lib/psa): mock PSA APIs Introduce PLAT_RSS_NOT_SUPPORTED build config to provide a mocked version of PSA APIs. The goal is to test the RSS backend based measured boot and attestation token request integration on such a platform (AEM FVP) where RSS is otherwise unsupported. The mocked PSA API version does not send a request to the RSS, it only returns with success and hard-coded values. Signed-off-by: Tamas Ban <tamas.ban@arm.com> Change-Id: Ice8d174adf828c1df08fc589f0e17abd1e382a4d
2022-01-18 15:20:47 +00:00
# By default, disable the mocking of RSS provided services
PLAT_RSS_NOT_SUPPORTED := 0
build(drtm): add DRTM support build option Added DRTM support build option in the makefiles. This build option will be used by the DRTM implementation in the subsequent patches. Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com> Signed-off-by: Lucian Paul-Trifu <lucian.paultrifu@gmail.com> Change-Id: I15366f86b3ebd6ab2ebcb192753015d547cdddee
2022-03-02 12:06:35 +00:00
# Dynamic Root of Trust for Measurement support
DRTM_SUPPORT := 0