mirror of
https://github.com/ARM-software/arm-trusted-firmware.git
synced 2026-07-02 15:02:37 +00:00
The ERRATA_SME_POWER_DOWN flag doesn't account for the recommended state
ID encoding, only for the default one. This patch makes it work by
removing the generic flag and incorporating the functionality into the
CPU and platform layers.
The ERRATA_SME_POWER_DOWN is an awkward fix in generic code to a
platform problem. The PSCI layer shouldn't care about any CPU's inner
workings but it does. This isn't ideal once the issue is fixed since
we'll have to carry the "legacy" fix in generic code.
This patch is marked as breaking since the ERRATA_SME_POWER_DOWN flag is
removed and a couple of lines are required if CPU hotplug encounters a
powerdown with live SME state (CPU suspend will work as before). This
will get discovered with a panic at EL3 so this patch leaves a comment
to be able to trace it back.
Change-Id: Ia52865f527e81a8be3727093ed370901e55c5fef
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
(cherry picked from commit 93c7e70191)
461 lines
13 KiB
Makefile
461 lines
13 KiB
Makefile
#
|
|
# Copyright (c) 2016-2025, Arm Limited. All rights reserved.
|
|
#
|
|
# SPDX-License-Identifier: BSD-3-Clause
|
|
#
|
|
|
|
# Default, static values for build variables, listed in alphabetic order.
|
|
# Dependencies between build options, if any, are handled in the top-level
|
|
# Makefile, after this file is included. This ensures that the former is better
|
|
# poised to handle dependencies, as all build variables would have a default
|
|
# value by then.
|
|
|
|
# Warning level to give to the compiler
|
|
W := 0
|
|
|
|
# Use T32 by default
|
|
AARCH32_INSTRUCTION_SET := T32
|
|
|
|
# The AArch32 Secure Payload to be built as BL32 image
|
|
AARCH32_SP := none
|
|
|
|
# The Target build architecture. Supported values are: aarch64, aarch32.
|
|
ARCH := aarch64
|
|
|
|
# ARM Architecture feature modifiers: none by default
|
|
ARM_ARCH_FEATURE := none
|
|
|
|
# ARM Architecture major and minor versions: 8.0 by default.
|
|
ARM_ARCH_MAJOR := 8
|
|
ARM_ARCH_MINOR := 0
|
|
|
|
# Base commit to perform code check on
|
|
BASE_COMMIT := origin/master
|
|
|
|
# Execute BL2 at EL3
|
|
RESET_TO_BL2 := 0
|
|
|
|
# Only use SP packages if SP layout JSON is defined
|
|
BL2_ENABLE_SP_LOAD := 0
|
|
|
|
# BL2 image is stored in XIP memory, for now, this option is only supported
|
|
# when RESET_TO_BL2 is 1.
|
|
BL2_IN_XIP_MEM := 0
|
|
|
|
# Do dcache invalidate upon BL2 entry at EL3
|
|
BL2_INV_DCACHE := 1
|
|
|
|
# Select the branch protection features to use.
|
|
BRANCH_PROTECTION := 0
|
|
|
|
# By default, consider that the platform may release several CPUs out of reset.
|
|
# The platform Makefile is free to override this value.
|
|
COLD_BOOT_SINGLE_CPU := 0
|
|
|
|
# Flag to compile in coreboot support code. Exclude by default. The coreboot
|
|
# Makefile system will set this when compiling TF as part of a coreboot image.
|
|
COREBOOT := 0
|
|
|
|
# For Chain of Trust
|
|
CREATE_KEYS := 1
|
|
|
|
# Build flag to include AArch32 registers in cpu context save and restore during
|
|
# world switch. This flag must be set to 0 for AArch64-only platforms.
|
|
CTX_INCLUDE_AARCH32_REGS := 1
|
|
|
|
# Include FP registers in cpu context
|
|
CTX_INCLUDE_FPREGS := 0
|
|
|
|
# Include SVE registers in cpu context
|
|
CTX_INCLUDE_SVE_REGS := 0
|
|
|
|
# Debug build
|
|
DEBUG := 0
|
|
|
|
# By default disable authenticated decryption support.
|
|
DECRYPTION_SUPPORT := none
|
|
|
|
# Build platform
|
|
DEFAULT_PLAT := fvp
|
|
|
|
# Disable the generation of the binary image (ELF only).
|
|
DISABLE_BIN_GENERATION := 0
|
|
|
|
# Enable capability to disable authentication dynamically. Only meant for
|
|
# development platforms.
|
|
DYN_DISABLE_AUTH := 0
|
|
|
|
# Enable the Maximum Power Mitigation Mechanism on supporting cores.
|
|
ENABLE_MPMM := 0
|
|
|
|
# Flag to Enable Position Independant support (PIE)
|
|
ENABLE_PIE := 0
|
|
|
|
# Flag to enable Performance Measurement Framework
|
|
ENABLE_PMF := 0
|
|
|
|
# Flag to enable PSCI STATs functionality
|
|
ENABLE_PSCI_STAT := 0
|
|
|
|
# Flag to enable runtime instrumentation using PMF
|
|
ENABLE_RUNTIME_INSTRUMENTATION := 0
|
|
|
|
# Flag to enable stack corruption protection
|
|
ENABLE_STACK_PROTECTOR := 0
|
|
|
|
# Flag to enable exception handling in EL3
|
|
EL3_EXCEPTION_HANDLING := 0
|
|
|
|
# Flag to include all errata for all CPUs TF-A implements workarounds for
|
|
# Its supposed to be used only for testing.
|
|
ENABLE_ERRATA_ALL := 0
|
|
|
|
# By default BL31 encryption disabled
|
|
ENCRYPT_BL31 := 0
|
|
|
|
# By default BL32 encryption disabled
|
|
ENCRYPT_BL32 := 0
|
|
|
|
# Default dummy firmware encryption key
|
|
ENC_KEY := 1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef
|
|
|
|
# Default dummy nonce for firmware encryption
|
|
ENC_NONCE := 1234567890abcdef12345678
|
|
|
|
# Build flag to treat usage of deprecated platform and framework APIs as error.
|
|
ERROR_DEPRECATED := 0
|
|
|
|
# Fault injection support
|
|
FAULT_INJECTION_SUPPORT := 0
|
|
|
|
# Flag to enable architectural features detection mechanism
|
|
FEATURE_DETECTION := 0
|
|
|
|
# Byte alignment that each component in FIP is aligned to
|
|
FIP_ALIGN := 0
|
|
|
|
# Default FIP file name
|
|
FIP_NAME := fip.bin
|
|
|
|
# Default FWU_FIP file name
|
|
FWU_FIP_NAME := fwu_fip.bin
|
|
|
|
# Default BL2 FIP file name
|
|
BL2_FIP_NAME := bl2_fip.bin
|
|
|
|
# By default firmware encryption with SSK
|
|
FW_ENC_STATUS := 0
|
|
|
|
# For Chain of Trust
|
|
GENERATE_COT := 0
|
|
|
|
# Default number of 512 blocks per bitlock
|
|
RME_GPT_BITLOCK_BLOCK := 1
|
|
|
|
# Default maximum size of GPT contiguous block
|
|
RME_GPT_MAX_BLOCK := 512
|
|
|
|
# Hint platform interrupt control layer that Group 0 interrupts are for EL3. By
|
|
# default, they are for Secure EL1.
|
|
GICV2_G0_FOR_EL3 := 0
|
|
|
|
# Generic implementation of a GICvX driver
|
|
USE_GIC_DRIVER := 0
|
|
|
|
# Route NS External Aborts to EL3. Disabled by default; External Aborts are handled
|
|
# by lower ELs.
|
|
HANDLE_EA_EL3_FIRST_NS := 0
|
|
|
|
# Enable Handoff protocol using transfer lists
|
|
TRANSFER_LIST := 0
|
|
|
|
# Enable HOB list to generate boot information
|
|
HOB_LIST := 0
|
|
|
|
# Enables support for the gcc compiler option "-mharden-sls=all".
|
|
# By default, disables all SLS hardening.
|
|
HARDEN_SLS := 0
|
|
|
|
# Secure hash algorithm flag, accepts 3 values: sha256, sha384 and sha512.
|
|
# The default value is sha256.
|
|
HASH_ALG := sha256
|
|
|
|
# Whether system coherency is managed in hardware, without explicit software
|
|
# operations.
|
|
HW_ASSISTED_COHERENCY := 0
|
|
|
|
# Flag to enable trapping of implementation defined sytem registers
|
|
IMPDEF_SYSREG_TRAP := 0
|
|
|
|
# Set the default algorithm for the generation of Trusted Board Boot keys
|
|
KEY_ALG := rsa
|
|
|
|
# Set the default key size in case KEY_ALG is rsa
|
|
ifeq ($(KEY_ALG),rsa)
|
|
KEY_SIZE := 2048
|
|
endif
|
|
|
|
# Option to build TF with Measured Boot support
|
|
MEASURED_BOOT := 0
|
|
|
|
# Option to build TF with Discrete TPM support
|
|
DISCRETE_TPM := 0
|
|
|
|
# Option to enable the DICE Protection Environmnet as a Measured Boot backend
|
|
DICE_PROTECTION_ENVIRONMENT :=0
|
|
|
|
# NS timer register save and restore (deprecated)
|
|
NS_TIMER_SWITCH := 0
|
|
|
|
# Include lib/libc in the final image
|
|
OVERRIDE_LIBC := 0
|
|
|
|
# Build PL011 UART driver in minimal generic UART mode
|
|
PL011_GENERIC_UART := 0
|
|
|
|
# By default, consider that the platform's reset address is not programmable.
|
|
# The platform Makefile is free to override this value.
|
|
PROGRAMMABLE_RESET_ADDRESS := 0
|
|
|
|
# Flag used to choose the power state format: Extended State-ID or Original
|
|
PSCI_EXTENDED_STATE_ID := 0
|
|
|
|
# Enable PSCI OS-initiated mode support
|
|
PSCI_OS_INIT_MODE := 0
|
|
|
|
# SMCCC_ARCH_FEATURE_AVAILABILITY support
|
|
ARCH_FEATURE_AVAILABILITY := 0
|
|
|
|
# By default, BL1 acts as the reset handler, not BL31
|
|
RESET_TO_BL31 := 0
|
|
|
|
# For Chain of Trust
|
|
SAVE_KEYS := 0
|
|
|
|
# Software Delegated Exception support
|
|
SDEI_SUPPORT := 0
|
|
|
|
# Number of UUIDs allowed for a physical partition
|
|
SPMC_AT_EL3_PARTITION_MAX_UUIDS := 4
|
|
|
|
# True Random Number firmware Interface support
|
|
TRNG_SUPPORT := 0
|
|
|
|
# Check to see if Errata ABI is supported
|
|
ERRATA_ABI_SUPPORT := 0
|
|
|
|
# Check to enable Errata ABI for platforms with non-arm interconnect
|
|
ERRATA_NON_ARM_INTERCONNECT := 0
|
|
|
|
# SMCCC PCI support
|
|
SMC_PCI_SUPPORT := 0
|
|
|
|
# Whether code and read-only data should be put on separate memory pages. The
|
|
# platform Makefile is free to override this value.
|
|
SEPARATE_CODE_AND_RODATA := 0
|
|
|
|
# Put NOBITS sections (.bss, stacks, page tables, and coherent memory) in a
|
|
# separate memory region, which may be discontiguous from the rest of BL31.
|
|
SEPARATE_NOBITS_REGION := 0
|
|
|
|
# Put BL2 NOLOAD sections (.bss, stacks, page tables) in a separate memory
|
|
# region, platform Makefile is free to override this value.
|
|
SEPARATE_BL2_NOLOAD_REGION := 0
|
|
|
|
# Put RW DATA sections (.rwdata) in a separate memory region, which may be
|
|
# discontiguous from the rest of BL31.
|
|
SEPARATE_RWDATA_REGION := 0
|
|
|
|
# Put SIMD context data structures in a separate memory region. Platforms
|
|
# have the choice to put it outside of default BSS region of EL3 firmware.
|
|
SEPARATE_SIMD_SECTION := 0
|
|
|
|
# If the BL31 image initialisation code is recalimed after use for the secondary
|
|
# cores stack
|
|
RECLAIM_INIT_CODE := 0
|
|
|
|
# SPD choice
|
|
SPD := none
|
|
|
|
# Enable the Management Mode (MM)-based Secure Partition Manager implementation
|
|
SPM_MM := 0
|
|
|
|
# Use the FF-A SPMC implementation in EL3.
|
|
SPMC_AT_EL3 := 0
|
|
|
|
# Enable SEL0 SP when SPMC is enabled at EL3
|
|
SPMC_AT_EL3_SEL0_SP :=0
|
|
|
|
# Use SPM at S-EL2 as a default config for SPMD
|
|
SPMD_SPM_AT_SEL2 := 1
|
|
|
|
# Flag to introduce an infinite loop in BL1 just before it exits into the next
|
|
# image. This is meant to help debugging the post-BL2 phase.
|
|
SPIN_ON_BL1_EXIT := 0
|
|
|
|
# Flags to build TF with Trusted Boot support
|
|
TRUSTED_BOARD_BOOT := 0
|
|
|
|
# Build option to choose whether Trusted Firmware uses Coherent memory or not.
|
|
USE_COHERENT_MEM := 1
|
|
|
|
# Build option to add debugfs support
|
|
USE_DEBUGFS := 0
|
|
|
|
# Build option to enable passing the FDT in x0 to BL33, following the kernel
|
|
# convention.
|
|
USE_KERNEL_DT_CONVENTION := 0
|
|
|
|
# Build option to fconf based io
|
|
ARM_IO_IN_DTB := 0
|
|
|
|
# Build option to support SDEI through fconf
|
|
SDEI_IN_FCONF := 0
|
|
|
|
# Build option to support Secure Interrupt descriptors through fconf
|
|
SEC_INT_DESC_IN_FCONF := 0
|
|
|
|
# Build option to choose whether Trusted Firmware uses library at ROM
|
|
USE_ROMLIB := 0
|
|
|
|
# Build option to choose whether the xlat tables of BL images can be read-only.
|
|
# Note that this only serves as a higher level option to PLAT_RO_XLAT_TABLES,
|
|
# which is the per BL-image option that actually enables the read-only tables
|
|
# API. The reason for having this additional option is to have a common high
|
|
# level makefile where we can check for incompatible features/build options.
|
|
ALLOW_RO_XLAT_TABLES := 0
|
|
|
|
# Chain of trust.
|
|
COT := tbbr
|
|
|
|
# Use tbbr_oid.h instead of platform_oid.h
|
|
USE_TBBR_DEFS := 1
|
|
|
|
# Whether to enable D-Cache early during warm boot. This is usually
|
|
# applicable for platforms wherein interconnect programming is not
|
|
# required to enable cache coherency after warm reset (eg: single cluster
|
|
# platforms).
|
|
WARMBOOT_ENABLE_DCACHE_EARLY := 0
|
|
|
|
# Default SVE vector length to maximum architected value
|
|
SVE_VECTOR_LEN := 2048
|
|
|
|
SANITIZE_UB := off
|
|
|
|
# For ARMv8.1 (AArch64) platforms, enabling this option selects the spinlock
|
|
# implementation variant using the ARMv8.1-LSE compare-and-swap instruction.
|
|
# Default: disabled
|
|
USE_SPINLOCK_CAS := 0
|
|
|
|
# Enable Link Time Optimization
|
|
ENABLE_LTO := 0
|
|
|
|
# This option will include EL2 registers in cpu context save and restore during
|
|
# EL2 firmware entry/exit. Internal flag not meant for direct setting.
|
|
# Use SPD=spmd and SPMD_SPM_AT_SEL2=1 or ENABLE_RME=1 to enable
|
|
# CTX_INCLUDE_EL2_REGS.
|
|
CTX_INCLUDE_EL2_REGS := 0
|
|
|
|
# Select workaround for AT speculative behaviour.
|
|
ERRATA_SPECULATIVE_AT := 0
|
|
|
|
# Trap RAS error record access from Non secure
|
|
RAS_TRAP_NS_ERR_REC_ACCESS := 0
|
|
|
|
# Build option to create cot descriptors using fconf
|
|
COT_DESC_IN_DTB := 0
|
|
|
|
# Build option to provide OpenSSL directory path
|
|
OPENSSL_DIR := /usr
|
|
|
|
# Select the openssl binary provided in OPENSSL_DIR variable
|
|
ifeq ("$(wildcard ${OPENSSL_DIR}/bin)", "")
|
|
OPENSSL_BIN_PATH = ${OPENSSL_DIR}/apps
|
|
else
|
|
OPENSSL_BIN_PATH = ${OPENSSL_DIR}/bin
|
|
endif
|
|
|
|
# Build option to use the SP804 timer instead of the generic one
|
|
USE_SP804_TIMER := 0
|
|
|
|
# Build option to define number of firmware banks, used in firmware update
|
|
# metadata structure.
|
|
NR_OF_FW_BANKS := 2
|
|
|
|
# Build option to define number of images in firmware bank, used in firmware
|
|
# update metadata structure.
|
|
NR_OF_IMAGES_IN_FW_BANK := 1
|
|
|
|
# Disable Firmware update support by default
|
|
PSA_FWU_SUPPORT := 0
|
|
|
|
# Enable image description in FWU metadata by default when PSA_FWU_SUPPORT
|
|
# is enabled.
|
|
ifeq ($(PSA_FWU_SUPPORT),1)
|
|
PSA_FWU_METADATA_FW_STORE_DESC := 1
|
|
else
|
|
PSA_FWU_METADATA_FW_STORE_DESC := 0
|
|
endif
|
|
|
|
# Dynamic Root of Trust for Measurement support
|
|
DRTM_SUPPORT := 0
|
|
|
|
# Check platform if cache management operations should be performed.
|
|
# Disabled by default.
|
|
CONDITIONAL_CMO := 0
|
|
|
|
# By default, disable SPMD Logical partitions
|
|
ENABLE_SPMD_LP := 0
|
|
|
|
# By default, disable PSA crypto (use MbedTLS legacy crypto API).
|
|
PSA_CRYPTO := 0
|
|
|
|
# getc() support from the console(s).
|
|
# Disabled by default because it constitutes an attack vector into TF-A. It
|
|
# should only be enabled if there is a use case for it.
|
|
ENABLE_CONSOLE_GETC := 0
|
|
|
|
# Build option to disable EL2 when it is not used.
|
|
# Most platforms switch from EL3 to NS-EL2 and hence the unused NS-EL2
|
|
# functions must be enabled by platforms if they require it.
|
|
# Disabled by default.
|
|
INIT_UNUSED_NS_EL2 := 0
|
|
|
|
# Disable including MPAM EL2 registers in context by default since currently
|
|
# it's only enabled for NS world
|
|
CTX_INCLUDE_MPAM_REGS := 0
|
|
|
|
# Enable context memory usage reporting during BL31 setup.
|
|
PLATFORM_REPORT_CTX_MEM_USE := 0
|
|
|
|
# Request a custom addition to the BL31 linker script
|
|
PLAT_EXTRA_LD_SCRIPT := 0
|
|
|
|
# Enable early console
|
|
EARLY_CONSOLE := 0
|
|
|
|
# Allow platforms to save/restore DSU PMU registers over a power cycle.
|
|
# Disabled by default and must be enabled by individual platforms.
|
|
PRESERVE_DSU_PMU_REGS := 0
|
|
|
|
# Enable RMMD to forward attestation requests from RMM to EL3.
|
|
RMMD_ENABLE_EL3_TOKEN_SIGN := 0
|
|
|
|
# Enable RMMD to program and manage IDE Keys at the PCIe Root Port(RP).
|
|
# This flag is temporary and it is expected once the interface is
|
|
# finalized, this flag will be removed.
|
|
RMMD_ENABLE_IDE_KEY_PROG := 0
|
|
|
|
# Live firmware activation support
|
|
LFA_SUPPORT := 0
|
|
|
|
# Enable support for arm DSU driver.
|
|
USE_DSU_DRIVER := 0
|
|
|
|
# Define the separation of BL2 flag, by default it is disabled.
|
|
SEPARATE_BL2_FIP := 0
|
|
|
|
# Disable NUMA awareness for per-CPU framework by default. Platforms should
|
|
# enable this feature by setting PLATFORM_NODE_COUNT > 1
|
|
PLATFORM_NODE_COUNT := 1
|