From 84ef9cd812faba6c52f7dc78544c0b5f45781759 Mon Sep 17 00:00:00 2001
From: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Date: Mon, 29 Jun 2020 10:32:53 +0100
Subject: [PATCH] make, doc: Add build option to create chain of trust at
 runtime

Added a build option 'COT_DESC_IN_DTB' to create chain of trust
at runtime using fconf.

Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I92b257ac4ece8bbf56f05a41d1e4056e2422ab89
---
 Makefile                               | 6 ++++++
 docs/getting_started/build-options.rst | 7 +++++++
 make_helpers/defaults.mk               | 3 +++
 3 files changed, 16 insertions(+)

diff --git a/Makefile b/Makefile
index becbf0341..65ebb9372 100644
--- a/Makefile
+++ b/Makefile
@@ -659,6 +659,10 @@ $(error "SDEI_IN_FCONF is an experimental feature and is only supported when \
 	SDEI_SUPPORT is enabled")
 endif
 
+ifeq ($(COT_DESC_IN_DTB),1)
+    $(info CoT in device tree is an experimental feature)
+endif
+
 # If pointer authentication is used in the firmware, make sure that all the
 # registers associated to it are also saved and restored.
 # Not doing it would leak the value of the keys used by EL3 to EL1 and S-EL1.
@@ -903,6 +907,7 @@ $(eval $(call assert_boolean,ENCRYPT_BL31))
 $(eval $(call assert_boolean,ENCRYPT_BL32))
 $(eval $(call assert_boolean,ERRATA_SPECULATIVE_AT))
 $(eval $(call assert_boolean,RAS_TRAP_LOWER_EL_ERR_ACCESS))
+$(eval $(call assert_boolean,COT_DESC_IN_DTB))
 
 $(eval $(call assert_numeric,ARM_ARCH_MAJOR))
 $(eval $(call assert_numeric,ARM_ARCH_MINOR))
@@ -983,6 +988,7 @@ $(eval $(call add_define,BL2_INV_DCACHE))
 $(eval $(call add_define,USE_SPINLOCK_CAS))
 $(eval $(call add_define,ERRATA_SPECULATIVE_AT))
 $(eval $(call add_define,RAS_TRAP_LOWER_EL_ERR_ACCESS))
+$(eval $(call add_define,COT_DESC_IN_DTB))
 
 ifeq (${SANITIZE_UB},trap)
         $(eval $(call add_define,MONITOR_TRAPS))
diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst
index 81903e140..bfc50dfe7 100644
--- a/docs/getting_started/build-options.rst
+++ b/docs/getting_started/build-options.rst
@@ -648,6 +648,13 @@ Common build options
    configuration device tree, instead of static structure in the code base.
    This is currently an experimental feature.
 
+-  ``COT_DESC_IN_DTB``: This flag determines whether to create COT descriptors
+   at runtime using fconf. If this flag is enabled, COT descriptors are
+   statically captured in tb_fw_config file in the form of device tree nodes
+   and properties. Currently, COT descriptors used by BL2 are moved to the
+   device tree and COT descriptors used by BL1 are retained in the code
+   base statically. This is currently an experimental feature.
+
 -  ``SDEI_IN_FCONF``: This flag determines whether to configure SDEI setup in
    runtime using firmware configuration framework. The platform specific SDEI
    shared and private events configuration is retrieved from device tree rather
diff --git a/make_helpers/defaults.mk b/make_helpers/defaults.mk
index 6db228f2d..9a6fd58fb 100644
--- a/make_helpers/defaults.mk
+++ b/make_helpers/defaults.mk
@@ -305,3 +305,6 @@ ERRATA_SPECULATIVE_AT           := 0
 
 # Trap RAS error record access from lower EL
 RAS_TRAP_LOWER_EL_ERR_ACCESS	:= 0
+
+# Build option to create cot descriptors using fconf
+COT_DESC_IN_DTB			:= 0