make, doc: Add build option to create chain of trust at runtime

Added a build option 'COT_DESC_IN_DTB' to create chain of trust at runtime using fconf. Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com> Change-Id: I92b257ac4ece8bbf56f05a41d1e4056e2422ab89
2020-06-29 10:32:53 +01:00 · 2020-06-29 10:32:53 +01:00 · 84ef9cd812
parent b5fb69173b
commit 84ef9cd812
3 changed files with 16 additions and 0 deletions
--- a/6
+++ b/6
@ -659,6 +659,10 @@ $(error "SDEI_IN_FCONF is an experimental feature and is only supported when \
 	SDEI_SUPPORT is enabled")
 endif

+ifeq ($(COT_DESC_IN_DTB),1)
+    $(info CoT in device tree is an experimental feature)
+endif
+
 # If pointer authentication is used in the firmware, make sure that all the
 # registers associated to it are also saved and restored.
 # Not doing it would leak the value of the keys used by EL3 to EL1 and S-EL1.
@ -903,6 +907,7 @@ $(eval $(call assert_boolean,ENCRYPT_BL31))
 $(eval $(call assert_boolean,ENCRYPT_BL32))
 $(eval $(call assert_boolean,ERRATA_SPECULATIVE_AT))
 $(eval $(call assert_boolean,RAS_TRAP_LOWER_EL_ERR_ACCESS))
+$(eval $(call assert_boolean,COT_DESC_IN_DTB))

 $(eval $(call assert_numeric,ARM_ARCH_MAJOR))
 $(eval $(call assert_numeric,ARM_ARCH_MINOR))
@ -983,6 +988,7 @@ $(eval $(call add_define,BL2_INV_DCACHE))
 $(eval $(call add_define,USE_SPINLOCK_CAS))
 $(eval $(call add_define,ERRATA_SPECULATIVE_AT))
 $(eval $(call add_define,RAS_TRAP_LOWER_EL_ERR_ACCESS))
+$(eval $(call add_define,COT_DESC_IN_DTB))

 ifeq (${SANITIZE_UB},trap)
        $(eval $(call add_define,MONITOR_TRAPS))
--- a/docs/getting_started/build-options.rst
+++ b/docs/getting_started/build-options.rst
@ -648,6 +648,13 @@ Common build options
   configuration device tree, instead of static structure in the code base.
   This is currently an experimental feature.

+-  ``COT_DESC_IN_DTB``: This flag determines whether to create COT descriptors
+   at runtime using fconf. If this flag is enabled, COT descriptors are
+   statically captured in tb_fw_config file in the form of device tree nodes
+   and properties. Currently, COT descriptors used by BL2 are moved to the
+   device tree and COT descriptors used by BL1 are retained in the code
+   base statically. This is currently an experimental feature.
+
 -  ``SDEI_IN_FCONF``: This flag determines whether to configure SDEI setup in
   runtime using firmware configuration framework. The platform specific SDEI
   shared and private events configuration is retrieved from device tree rather
--- a/make_helpers/defaults.mk
+++ b/make_helpers/defaults.mk
@ -305,3 +305,6 @@ ERRATA_SPECULATIVE_AT           := 0

 # Trap RAS error record access from lower EL
 RAS_TRAP_LOWER_EL_ERR_ACCESS	:= 0
+
+# Build option to create cot descriptors using fconf
+COT_DESC_IN_DTB			:= 0