make, doc: Add build option to create chain of trust at runtime
Added a build option 'COT_DESC_IN_DTB' to create chain of trust at runtime using fconf. Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com> Change-Id: I92b257ac4ece8bbf56f05a41d1e4056e2422ab89
This commit is contained in:
parent
b5fb69173b
commit
84ef9cd812
6
Makefile
6
Makefile
|
@ -659,6 +659,10 @@ $(error "SDEI_IN_FCONF is an experimental feature and is only supported when \
|
|||
SDEI_SUPPORT is enabled")
|
||||
endif
|
||||
|
||||
ifeq ($(COT_DESC_IN_DTB),1)
|
||||
$(info CoT in device tree is an experimental feature)
|
||||
endif
|
||||
|
||||
# If pointer authentication is used in the firmware, make sure that all the
|
||||
# registers associated to it are also saved and restored.
|
||||
# Not doing it would leak the value of the keys used by EL3 to EL1 and S-EL1.
|
||||
|
@ -903,6 +907,7 @@ $(eval $(call assert_boolean,ENCRYPT_BL31))
|
|||
$(eval $(call assert_boolean,ENCRYPT_BL32))
|
||||
$(eval $(call assert_boolean,ERRATA_SPECULATIVE_AT))
|
||||
$(eval $(call assert_boolean,RAS_TRAP_LOWER_EL_ERR_ACCESS))
|
||||
$(eval $(call assert_boolean,COT_DESC_IN_DTB))
|
||||
|
||||
$(eval $(call assert_numeric,ARM_ARCH_MAJOR))
|
||||
$(eval $(call assert_numeric,ARM_ARCH_MINOR))
|
||||
|
@ -983,6 +988,7 @@ $(eval $(call add_define,BL2_INV_DCACHE))
|
|||
$(eval $(call add_define,USE_SPINLOCK_CAS))
|
||||
$(eval $(call add_define,ERRATA_SPECULATIVE_AT))
|
||||
$(eval $(call add_define,RAS_TRAP_LOWER_EL_ERR_ACCESS))
|
||||
$(eval $(call add_define,COT_DESC_IN_DTB))
|
||||
|
||||
ifeq (${SANITIZE_UB},trap)
|
||||
$(eval $(call add_define,MONITOR_TRAPS))
|
||||
|
|
|
@ -648,6 +648,13 @@ Common build options
|
|||
configuration device tree, instead of static structure in the code base.
|
||||
This is currently an experimental feature.
|
||||
|
||||
- ``COT_DESC_IN_DTB``: This flag determines whether to create COT descriptors
|
||||
at runtime using fconf. If this flag is enabled, COT descriptors are
|
||||
statically captured in tb_fw_config file in the form of device tree nodes
|
||||
and properties. Currently, COT descriptors used by BL2 are moved to the
|
||||
device tree and COT descriptors used by BL1 are retained in the code
|
||||
base statically. This is currently an experimental feature.
|
||||
|
||||
- ``SDEI_IN_FCONF``: This flag determines whether to configure SDEI setup in
|
||||
runtime using firmware configuration framework. The platform specific SDEI
|
||||
shared and private events configuration is retrieved from device tree rather
|
||||
|
|
|
@ -305,3 +305,6 @@ ERRATA_SPECULATIVE_AT := 0
|
|||
|
||||
# Trap RAS error record access from lower EL
|
||||
RAS_TRAP_LOWER_EL_ERR_ACCESS := 0
|
||||
|
||||
# Build option to create cot descriptors using fconf
|
||||
COT_DESC_IN_DTB := 0
|
||||
|
|
Loading…
Reference in New Issue