Commit 01920cfd authored by Jeenu Viswambharan's avatar Jeenu Viswambharan
Browse files

docs: Reorder build options alphabetically



At present, build options in the user guide aren't listed in any
specific order. Ordering them alphabetically is a standard practice, and
is also easier on the reader.

Contents unchanged.

Change-Id: Ibc36f3a2a576edb86c1a402430d2ef5adcb2f144
Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
parent d19ce2cb
...@@ -168,142 +168,131 @@ performed. ...@@ -168,142 +168,131 @@ performed.
#### Common build options #### Common build options
* `SCP_BL2`: Path to SCP_BL2 image in the host file system. This image is optional. * `AARCH32_SP` : Choose the AArch32 Secure Payload component to be built as
If a SCP_BL2 image is present then this option must be passed for the `fip` as the BL32 image when `ARCH=aarch32`. The value should be the path to the
target. directory containing the SP source, relative to the `bl32/`; the directory
is expected to contain a makefile called `<aarch32_sp-value>.mk`.
* `BL33`: Path to BL33 image in the host file system. This is mandatory for * `ARCH` : Choose the target build architecture for ARM Trusted Firmware.
`fip` target in case the BL2 from ARM Trusted Firmware is used. It can take either `aarch64` or `aarch32` as values. By default, it is
defined to `aarch64`.
* `ARM_CCI_PRODUCT_ID`: Choice of ARM CCI product used by the platform. This
is used to determine the number of valid slave interfaces available in the
ARM CCI driver. Default is 400 (that is, CCI-400).
* `ARM_GIC_ARCH`: Choice of ARM GIC architecture version used by the ARM
Legacy GIC driver for implementing the platform GIC API. This API is used
by the interrupt management framework. Default is 2 (that is, version 2.0).
This build option is deprecated.
* `ASM_ASSERTION`: This flag determines whether the assertion checks within
assembly source files are enabled or not. This option defaults to the
value of `DEBUG` - that is, by default this is only enabled for a debug
build of the firmware.
* `BL2`: This is an optional build option which specifies the path to BL2 * `BL2`: This is an optional build option which specifies the path to BL2
image for the `fip` target. In this case, the BL2 in the ARM Trusted image for the `fip` target. In this case, the BL2 in the ARM Trusted
Firmware will not be built. Firmware will not be built.
* `BL2U`: This is an optional build option which specifies the path to
BL2U image. In this case, the BL2U in the ARM Trusted Firmware will not
be built.
* `BL31`: This is an optional build option which specifies the path to * `BL31`: This is an optional build option which specifies the path to
BL31 image for the `fip` target. In this case, the BL31 in the ARM BL31 image for the `fip` target. In this case, the BL31 in the ARM
Trusted Firmware will not be built. Trusted Firmware will not be built.
* `BL31_KEY`: This option is used when `GENERATE_COT=1`. It specifies the
file that contains the BL31 private key in PEM format. If `SAVE_KEYS=1`,
this file name will be used to save the key.
* `BL32`: This is an optional build option which specifies the path to * `BL32`: This is an optional build option which specifies the path to
BL32 image for the `fip` target. In this case, the BL32 in the ARM BL32 image for the `fip` target. In this case, the BL32 in the ARM
Trusted Firmware will not be built. Trusted Firmware will not be built.
* `FIP_NAME`: This is an optional build option which specifies the FIP * `BL32_KEY`: This option is used when `GENERATE_COT=1`. It specifies the
filename for the `fip` target. Default is `fip.bin`. file that contains the BL32 private key in PEM format. If `SAVE_KEYS=1`,
this file name will be used to save the key.
* `FWU_FIP_NAME`: This is an optional build option which specifies the FWU
FIP filename for the `fwu_fip` target. Default is `fwu_fip.bin`.
* `BL2U`: This is an optional build option which specifies the path to
BL2U image. In this case, the BL2U in the ARM Trusted Firmware will not
be built.
* `SCP_BL2U`: Path to SCP_BL2U image in the host file system. This image is
optional. It is only needed if the platform makefile specifies that it
is required in order to build the `fwu_fip` target.
* `NS_BL2U`: Path to NS_BL2U image in the host file system. This image is
optional. It is only needed if the platform makefile specifies that it
is required in order to build the `fwu_fip` target.
* `DEBUG`: Chooses between a debug and release build. It can take either 0
(release) or 1 (debug) as values. 0 is the default.
* `LOG_LEVEL`: Chooses the log level, which controls the amount of console log
output compiled into the build. This should be one of the following:
0 (LOG_LEVEL_NONE) * `BL33`: Path to BL33 image in the host file system. This is mandatory for
10 (LOG_LEVEL_NOTICE) `fip` target in case the BL2 from ARM Trusted Firmware is used.
20 (LOG_LEVEL_ERROR)
30 (LOG_LEVEL_WARNING)
40 (LOG_LEVEL_INFO)
50 (LOG_LEVEL_VERBOSE)
All log output up to and including the log level is compiled into the build. * `BL33_KEY`: This option is used when `GENERATE_COT=1`. It specifies the
The default value is 40 in debug builds and 20 in release builds. file that contains the BL33 private key in PEM format. If `SAVE_KEYS=1`,
this file name will be used to save the key.
* `NS_TIMER_SWITCH`: Enable save and restore for non-secure timer register * `BUILD_MESSAGE_TIMESTAMP`: String used to identify the time and date of the
contents upon world switch. It can take either 0 (don't save and restore) or compilation of each build. It must be set to a C string (including quotes
1 (do save and restore). 0 is the default. An SPD may set this to 1 if it where applicable). Defaults to a string that contains the time and date of
wants the timer registers to be saved and restored. the compilation.
* `PLAT`: Choose a platform to build ARM Trusted Firmware for. The chosen * `BUILD_STRING`: Input string for VERSION_STRING, which allows the TF build
platform name must be subdirectory of any depth under `plat/`, and must to be uniquely identified. Defaults to the current git commit id.
contain a platform makefile named `platform.mk`.
* `ARCH` : Choose the target build architecture for ARM Trusted Firmware. * `COLD_BOOT_SINGLE_CPU`: This option indicates whether the platform may
It can take either `aarch64` or `aarch32` as values. By default, it is release several CPUs out of reset. It can take either 0 (several CPUs may be
defined to `aarch64`. brought up) or 1 (only one CPU will ever be brought up during cold reset).
Default is 0. If the platform always brings up a single CPU, there is no
need to distinguish between primary and secondary CPUs and the boot path can
be optimised. The `plat_is_my_cpu_primary()` and
`plat_secondary_cold_boot_setup()` platform porting interfaces do not need
to be implemented in this case.
* `SPD`: Choose a Secure Payload Dispatcher component to be built into the * `CRASH_REPORTING`: A non-zero value enables a console dump of processor
Trusted Firmware. This build option is only valid if `ARCH=aarch64`. The register state when an unexpected exception occurs during execution of
value should be the path to the directory containing the SPD source, BL31. This option defaults to the value of `DEBUG` - i.e. by default
relative to `services/spd/`; the directory is expected to this is only enabled for a debug build of the firmware.
contain a makefile called `<spd-value>.mk`.
* `AARCH32_SP` : Choose the AArch32 Secure Payload component to be built as * `CREATE_KEYS`: This option is used when `GENERATE_COT=1`. It tells the
as the BL32 image when `ARCH=aarch32`. The value should be the path to the certificate generation tool to create new keys in case no valid keys are
directory containing the SP source, relative to the `bl32/`; the directory present or specified. Allowed options are '0' or '1'. Default is '1'.
is expected to contain a makefile called `<aarch32_sp-value>.mk`.
* `V`: Verbose build. If assigned anything other than 0, the build commands * `CTX_INCLUDE_AARCH32_REGS` : Boolean option that, when set to 1, will cause
are printed. Default is 0. the AArch32 system registers to be included when saving and restoring the
CPU context. The option must be set to 0 for AArch64-only platforms (that
is on hardware that does not implement AArch32, or at least not at EL1 and
higher ELs). Default value is 1.
* `ARM_GIC_ARCH`: Choice of ARM GIC architecture version used by the ARM * `CTX_INCLUDE_FPREGS`: Boolean option that, when set to 1, will cause the FP
Legacy GIC driver for implementing the platform GIC API. This API is used registers to be included when saving and restoring the CPU context. Default
by the interrupt management framework. Default is 2 (that is, version 2.0). is 0.
This build option is deprecated.
* `ARM_CCI_PRODUCT_ID`: Choice of ARM CCI product used by the platform. This * `DEBUG`: Chooses between a debug and release build. It can take either 0
is used to determine the number of valid slave interfaces available in the (release) or 1 (debug) as values. 0 is the default.
ARM CCI driver. Default is 400 (that is, CCI-400).
* `RESET_TO_BL31`: Enable BL31 entrypoint as the CPU reset vector instead * `DISABLE_PEDANTIC`: When set to 1 it will disable the -pedantic option in
of the BL1 entrypoint. It can take the value 0 (CPU reset to BL1 the GCC command line. Default is 0.
entrypoint) or 1 (CPU reset to BL31 entrypoint).
The default value is 0.
* `RESET_TO_SP_MIN`: SP_MIN is the minimal AArch32 Secure Payload provided in * `EL3_PAYLOAD_BASE`: This option enables booting an EL3 payload instead of
ARM Trusted Firmware. This flag configures SP_MIN entrypoint as the CPU the normal boot flow. It must specify the entry point address of the EL3
reset vector instead of the BL1 entrypoint. It can take the value 0 (CPU payload. Please refer to the "Booting an EL3 payload" section for more
reset to BL1 entrypoint) or 1 (CPU reset to SP_MIN entrypoint). The default details.
value is 0.
* `CRASH_REPORTING`: A non-zero value enables a console dump of processor * `ENABLE_PMF`: Boolean option to enable support for optional Performance
register state when an unexpected exception occurs during execution of Measurement Framework(PMF). Default is 0.
BL31. This option defaults to the value of `DEBUG` - i.e. by default
this is only enabled for a debug build of the firmware.
* `ASM_ASSERTION`: This flag determines whether the assertion checks within * `ENABLE_PSCI_STAT`: Boolean option to enable support for optional PSCI
assembly source files are enabled or not. This option defaults to the functions `PSCI_STAT_RESIDENCY` and `PSCI_STAT_COUNT`. Default is 0.
value of `DEBUG` - that is, by default this is only enabled for a debug Enabling this option enables the `ENABLE_PMF` build option as well.
build of the firmware. The PMF is used for collecting the statistics.
* `TSP_INIT_ASYNC`: Choose BL32 initialization method as asynchronous or * `ENABLE_RUNTIME_INSTRUMENTATION`: Boolean option to enable runtime
synchronous, (see "Initializing a BL32 Image" section in [Firmware instrumentation which injects timestamp collection points into
Design]). It can take the value 0 (BL32 is initialized using Trusted Firmware to allow runtime performance to be measured.
synchronous method) or 1 (BL32 is initialized using asynchronous method). Currently, only PSCI is instrumented. Enabling this option enables
Default is 0. the `ENABLE_PMF` build option as well. Default is 0.
* `USE_COHERENT_MEM`: This flag determines whether to include the coherent * `ERROR_DEPRECATED`: This option decides whether to treat the usage of
memory region in the BL memory map or not (see "Use of Coherent memory in deprecated platform APIs, helper functions or drivers within Trusted
Trusted Firmware" section in [Firmware Design]). It can take the value 1 Firmware as error. It can take the value 1 (flag the use of deprecated
(Coherent memory region is included) or 0 (Coherent memory region is APIs as error) or 0. The default is 0.
excluded). Default is 1.
* `TSP_NS_INTR_ASYNC_PREEMPT`: A non zero value enables the interrupt * `FIP_NAME`: This is an optional build option which specifies the FIP
routing model which routes non-secure interrupts asynchronously from TSP filename for the `fip` target. Default is `fip.bin`.
to EL3 causing immediate preemption of TSP. The EL3 is responsible
for saving and restoring the TSP context in this routing model. The
default routing model (when the value is 0) is to route non-secure
interrupts to TSP allowing it to save its context and hand over
synchronously to EL3 via an SMC.
* `TRUSTED_BOARD_BOOT`: Boolean flag to include support for the Trusted Board * `FWU_FIP_NAME`: This is an optional build option which specifies the FWU
Boot feature. When set to '1', BL1 and BL2 images include support to load FIP filename for the `fwu_fip` target. Default is `fwu_fip.bin`.
and verify the certificates and images in a FIP, and BL1 includes support
for the Firmware Update. The default value is '0'. Generation and inclusion
of certificates in the FIP and FWU_FIP depends upon the value of the
`GENERATE_COT` option.
* `GENERATE_COT`: Boolean flag used to build and execute the `cert_create` * `GENERATE_COT`: Boolean flag used to build and execute the `cert_create`
tool to create certificates as per the Chain of Trust described in tool to create certificates as per the Chain of Trust described in
...@@ -324,44 +313,56 @@ performed. ...@@ -324,44 +313,56 @@ performed.
images will include support for Trusted Board Boot, but the FIP and FWU_FIP images will include support for Trusted Board Boot, but the FIP and FWU_FIP
will not include the corresponding certificates, causing a boot failure. will not include the corresponding certificates, causing a boot failure.
* `CREATE_KEYS`: This option is used when `GENERATE_COT=1`. It tells the * `HANDLE_EA_EL3_FIRST`: When defined External Aborts and SError Interrupts
certificate generation tool to create new keys in case no valid keys are will be always trapped in EL3 i.e. in BL31 at runtime.
present or specified. Allowed options are '0' or '1'. Default is '1'.
* `SAVE_KEYS`: This option is used when `GENERATE_COT=1`. It tells the * `LOAD_IMAGE_V2`: Boolean option to enable support for new version (v2) of
certificate generation tool to save the keys used to establish the Chain of image loading, which provides more flexibility and scalability around what
Trust. Allowed options are '0' or '1'. Default is '0' (do not save). images are loaded and executed during boot. Default is 0.
Note: `TRUSTED_BOARD_BOOT` is currently not supported when `LOAD_IMAGE_V2`
is enabled.
Note: This option depends on 'CREATE_KEYS' to be enabled. If the keys * `LOG_LEVEL`: Chooses the log level, which controls the amount of console log
already exist in disk, they will be overwritten without further notice. output compiled into the build. This should be one of the following:
* `ROT_KEY`: This option is used when `GENERATE_COT=1`. It specifies the 0 (LOG_LEVEL_NONE)
file that contains the ROT private key in PEM format. If `SAVE_KEYS=1`, this 10 (LOG_LEVEL_NOTICE)
file name will be used to save the key. 20 (LOG_LEVEL_ERROR)
30 (LOG_LEVEL_WARNING)
40 (LOG_LEVEL_INFO)
50 (LOG_LEVEL_VERBOSE)
* `TRUSTED_WORLD_KEY`: This option is used when `GENERATE_COT=1`. It All log output up to and including the log level is compiled into the build.
specifies the file that contains the Trusted World private key in PEM The default value is 40 in debug builds and 20 in release builds.
format. If `SAVE_KEYS=1`, this file name will be used to save the key.
* `NON_TRUSTED_WORLD_KEY`: This option is used when `GENERATE_COT=1`. It * `NON_TRUSTED_WORLD_KEY`: This option is used when `GENERATE_COT=1`. It
specifies the file that contains the Non-Trusted World private key in PEM specifies the file that contains the Non-Trusted World private key in PEM
format. If `SAVE_KEYS=1`, this file name will be used to save the key. format. If `SAVE_KEYS=1`, this file name will be used to save the key.
* `SCP_BL2_KEY`: This option is used when `GENERATE_COT=1`. It specifies the * `NS_BL2U`: Path to NS_BL2U image in the host file system. This image is
file that contains the SCP_BL2 private key in PEM format. If `SAVE_KEYS=1`, optional. It is only needed if the platform makefile specifies that it
this file name will be used to save the key. is required in order to build the `fwu_fip` target.
* `BL31_KEY`: This option is used when `GENERATE_COT=1`. It specifies the * `NS_TIMER_SWITCH`: Enable save and restore for non-secure timer register
file that contains the BL31 private key in PEM format. If `SAVE_KEYS=1`, contents upon world switch. It can take either 0 (don't save and restore) or
this file name will be used to save the key. 1 (do save and restore). 0 is the default. An SPD may set this to 1 if it
wants the timer registers to be saved and restored.
* `BL32_KEY`: This option is used when `GENERATE_COT=1`. It specifies the * `PL011_GENERIC_UART`: Boolean option to indicate the PL011 driver that
file that contains the BL32 private key in PEM format. If `SAVE_KEYS=1`, the underlying hardware is not a full PL011 UART but a minimally compliant
this file name will be used to save the key. generic UART, which is a subset of the PL011. The driver will not access
any register that is not part of the SBSA generic UART specification.
Default value is 0 (a full PL011 compliant UART is present).
* `BL33_KEY`: This option is used when `GENERATE_COT=1`. It specifies the * `PLAT`: Choose a platform to build ARM Trusted Firmware for. The chosen
file that contains the BL33 private key in PEM format. If `SAVE_KEYS=1`, platform name must be subdirectory of any depth under `plat/`, and must
this file name will be used to save the key. contain a platform makefile named `platform.mk`.
* `PRELOADED_BL33_BASE`: This option enables booting a preloaded BL33 image
instead of the normal boot flow. When defined, it must specify the entry
point address for the preloaded BL33 image. This option is incompatible with
`EL3_PAYLOAD_BASE`. If both are defined, `EL3_PAYLOAD_BASE` has priority
over `PRELOADED_BL33_BASE`.
* `PROGRAMMABLE_RESET_ADDRESS`: This option indicates whether the reset * `PROGRAMMABLE_RESET_ADDRESS`: This option indicates whether the reset
vector address can be programmed or is fixed on the platform. It can take vector address can be programmed or is fixed on the platform. It can take
...@@ -372,15 +373,6 @@ performed. ...@@ -372,15 +373,6 @@ performed.
can be optimised. The `plat_get_my_entrypoint()` platform porting interface can be optimised. The `plat_get_my_entrypoint()` platform porting interface
does not need to be implemented in this case. does not need to be implemented in this case.
* `COLD_BOOT_SINGLE_CPU`: This option indicates whether the platform may
release several CPUs out of reset. It can take either 0 (several CPUs may be
brought up) or 1 (only one CPU will ever be brought up during cold reset).
Default is 0. If the platform always brings up a single CPU, there is no
need to distinguish between primary and secondary CPUs and the boot path can
be optimised. The `plat_is_my_cpu_primary()` and
`plat_secondary_cold_boot_setup()` platform porting interfaces do not need
to be implemented in this case.
* `PSCI_EXTENDED_STATE_ID`: As per PSCI1.0 Specification, there are 2 formats * `PSCI_EXTENDED_STATE_ID`: As per PSCI1.0 Specification, there are 2 formats
possible for the PSCI power-state parameter viz original and extended possible for the PSCI power-state parameter viz original and extended
State-ID formats. This flag if set to 1, configures the generic PSCI layer State-ID formats. This flag if set to 1, configures the generic PSCI layer
...@@ -390,10 +382,48 @@ performed. ...@@ -390,10 +382,48 @@ performed.
and it governs the return value of PSCI_FEATURES API for CPU_SUSPEND and it governs the return value of PSCI_FEATURES API for CPU_SUSPEND
smc function id. smc function id.
* `ERROR_DEPRECATED`: This option decides whether to treat the usage of * `RESET_TO_BL31`: Enable BL31 entrypoint as the CPU reset vector instead
deprecated platform APIs, helper functions or drivers within Trusted of the BL1 entrypoint. It can take the value 0 (CPU reset to BL1
Firmware as error. It can take the value 1 (flag the use of deprecated entrypoint) or 1 (CPU reset to BL31 entrypoint).
APIs as error) or 0. The default is 0. The default value is 0.
* `RESET_TO_SP_MIN`: SP_MIN is the minimal AArch32 Secure Payload provided in
ARM Trusted Firmware. This flag configures SP_MIN entrypoint as the CPU
reset vector instead of the BL1 entrypoint. It can take the value 0 (CPU
reset to BL1 entrypoint) or 1 (CPU reset to SP_MIN entrypoint). The default
value is 0.
* `ROT_KEY`: This option is used when `GENERATE_COT=1`. It specifies the
file that contains the ROT private key in PEM format. If `SAVE_KEYS=1`, this
file name will be used to save the key.
* `SAVE_KEYS`: This option is used when `GENERATE_COT=1`. It tells the
certificate generation tool to save the keys used to establish the Chain of
Trust. Allowed options are '0' or '1'. Default is '0' (do not save).
* `SCP_BL2`: Path to SCP_BL2 image in the host file system. This image is optional.
If a SCP_BL2 image is present then this option must be passed for the `fip`
target.
* `SCP_BL2_KEY`: This option is used when `GENERATE_COT=1`. It specifies the
file that contains the SCP_BL2 private key in PEM format. If `SAVE_KEYS=1`,
this file name will be used to save the key.
* `SCP_BL2U`: Path to SCP_BL2U image in the host file system. This image is
optional. It is only needed if the platform makefile specifies that it
is required in order to build the `fwu_fip` target.
* `SEPARATE_CODE_AND_RODATA`: Whether code and read-only data should be
isolated on separate memory pages. This is a trade-off between security and
memory usage. See "Isolating code and read-only data on separate memory
pages" section in [Firmware Design]. This flag is disabled by default and
affects all BL images.
* `SPD`: Choose a Secure Payload Dispatcher component to be built into the
Trusted Firmware. This build option is only valid if `ARCH=aarch64`. The
value should be the path to the directory containing the SPD source,
relative to `services/spd/`; the directory is expected to
contain a makefile called `<spd-value>.mk`.
* `SPIN_ON_BL1_EXIT`: This option introduces an infinite loop in BL1. It can * `SPIN_ON_BL1_EXIT`: This option introduces an infinite loop in BL1. It can
take either 0 (no loop) or 1 (add a loop). 0 is the default. This loop stops take either 0 (no loop) or 1 (add a loop). 0 is the default. This loop stops
...@@ -401,86 +431,84 @@ performed. ...@@ -401,86 +431,84 @@ performed.
firmware images have been loaded in memory, and the MMU and caches are firmware images have been loaded in memory, and the MMU and caches are
turned off. Refer to the "Debugging options" section for more details. turned off. Refer to the "Debugging options" section for more details.
* `EL3_PAYLOAD_BASE`: This option enables booting an EL3 payload instead of * `TRUSTED_BOARD_BOOT`: Boolean flag to include support for the Trusted Board
the normal boot flow. It must specify the entry point address of the EL3 Boot feature. When set to '1', BL1 and BL2 images include support to load
payload. Please refer to the "Booting an EL3 payload" section for more and verify the certificates and images in a FIP, and BL1 includes support
details. for the Firmware Update. The default value is '0'. Generation and inclusion
of certificates in the FIP and FWU_FIP depends upon the value of the
`GENERATE_COT` option.
* `PRELOADED_BL33_BASE`: This option enables booting a preloaded BL33 image Note: This option depends on 'CREATE_KEYS' to be enabled. If the keys
instead of the normal boot flow. When defined, it must specify the entry already exist in disk, they will be overwritten without further notice.
point address for the preloaded BL33 image. This option is incompatible with
`EL3_PAYLOAD_BASE`. If both are defined, `EL3_PAYLOAD_BASE` has priority
over `PRELOADED_BL33_BASE`.
* `PL011_GENERIC_UART`: Boolean option to indicate the PL011 driver that * `TRUSTED_WORLD_KEY`: This option is used when `GENERATE_COT=1`. It
the underlying hardware is not a full PL011 UART but a minimally compliant specifies the file that contains the Trusted World private key in PEM
generic UART, which is a subset of the PL011. The driver will not access format. If `SAVE_KEYS=1`, this file name will be used to save the key.
any register that is not part of the SBSA generic UART specification.
Default value is 0 (a full PL011 compliant UART is present).
* `CTX_INCLUDE_AARCH32_REGS` : Boolean option that, when set to 1, will cause * `TSP_INIT_ASYNC`: Choose BL32 initialization method as asynchronous or
the AArch32 system registers to be included when saving and restoring the synchronous, (see "Initializing a BL32 Image" section in [Firmware
CPU context. The option must be set to 0 for AArch64-only platforms (that Design]). It can take the value 0 (BL32 is initialized using
is on hardware that does not implement AArch32, or at least not at EL1 and synchronous method) or 1 (BL32 is initialized using asynchronous method).
higher ELs). Default value is 1. Default is 0.
* `CTX_INCLUDE_FPREGS`: Boolean option that, when set to 1, will cause the FP * `TSP_NS_INTR_ASYNC_PREEMPT`: A non zero value enables the interrupt
registers to be included when saving and restoring the CPU context. Default routing model which routes non-secure interrupts asynchronously from TSP
is 0. to EL3 causing immediate preemption of TSP. The EL3 is responsible
for saving and restoring the TSP context in this routing model. The
default routing model (when the value is 0) is to route non-secure
interrupts to TSP allowing it to save its context and hand over
synchronously to EL3 via an SMC.
* `DISABLE_PEDANTIC`: When set to 1 it will disable the -pedantic option in * `USE_COHERENT_MEM`: This flag determines whether to include the coherent
the GCC command line. Default is 0. memory region in the BL memory map or not (see "Use of Coherent memory in
Trusted Firmware" section in [Firmware Design]). It can take the value 1
(Coherent memory region is included) or 0 (Coherent memory region is
excluded). Default is 1.
* `BUILD_STRING`: Input string for VERSION_STRING, which allows the TF build * `V`: Verbose build. If assigned anything other than 0, the build commands
to be uniquely identified. Defaults to the current git commit id. are printed. Default is 0.
* `VERSION_STRING`: String used in the log output for each TF image. Defaults * `VERSION_STRING`: String used in the log output for each TF image. Defaults
to a string formed by concatenating the version number, build type and build to a string formed by concatenating the version number, build type and build
string. string.
* `BUILD_MESSAGE_TIMESTAMP`: String used to identify the time and date of the #### ARM development platform specific build options
compilation of each build. It must be set to a C string (including quotes
where applicable). Defaults to a string that contains the time and date of
the compilation.
* `HANDLE_EA_EL3_FIRST`: When defined External Aborts and SError Interrupts
will be always trapped in EL3 i.e. in BL31 at runtime.
* `ENABLE_PMF`: Boolean option to enable support for optional Performance
Measurement Framework(PMF). Default is 0.
* `ENABLE_PSCI_STAT`: Boolean option to enable support for optional PSCI
functions `PSCI_STAT_RESIDENCY` and `PSCI_STAT_COUNT`. Default is 0.
Enabling this option enables the `ENABLE_PMF` build option as well.
The PMF is used for collecting the statistics.
* `SEPARATE_CODE_AND_RODATA`: Whether code and read-only data should be
isolated on separate memory pages. This is a trade-off between security and
memory usage. See "Isolating code and read-only data on separate memory
pages" section in [Firmware Design]. This flag is disabled by default and
affects all BL images.
* `LOAD_IMAGE_V2`: Boolean option to enable support for new version (v2) of * 'ARM_BL31_IN_DRAM': Boolean option to select loading of BL31 in TZC secured
image loading, which provides more flexibility and scalability around what DRAM. By default, BL31 is in the secure SRAM. Set this flag to 1 to load
images are loaded and executed during boot. Default is 0. BL31 in TZC secured DRAM. If TSP is present, then setting this option also
Note: `TRUSTED_BOARD_BOOT` is currently not supported when `LOAD_IMAGE_V2` sets the TSP location to DRAM and ignores the `ARM_TSP_RAM_LOCATION` build
is enabled. flag.
* `ENABLE_RUNTIME_INSTRUMENTATION`: Boolean option to enable runtime * `ARM_BOARD_OPTIMISE_MEM`: Boolean option to enable or disable optimisation
instrumentation which injects timestamp collection points into of the memory reserved for each image. This affects the maximum size of each
Trusted Firmware to allow runtime performance to be measured. BL image as well as the number of allocated memory regions and translation
Currently, only PSCI is instrumented. Enabling this option enables tables. By default this flag is 0, which means it uses the default
the `ENABLE_PMF` build option as well. Default is 0. unoptimised values for these macros. ARM development platforms that wish to
optimise memory usage need to set this flag to 1 and must override the
related macros.
#### ARM development platform specific build options * `ARM_CONFIG_CNTACR`: boolean option to unlock access to the CNTBase<N>
frame registers by setting the CNTCTLBase.CNTACR<N> register bits. The
frame number <N> is defined by 'PLAT_ARM_NSTIMER_FRAME_ID', which should
match the frame used by the Non-Secure image (normally the Linux kernel).
Default is true (access to the frame is allowed).
* `ARM_TSP_RAM_LOCATION`: location of the TSP binary. Options: * `ARM_DISABLE_TRUSTED_WDOG`: boolean option to disable the Trusted Watchdog.
- `tsram` : Trusted SRAM (default option) By default, ARM platforms use a watchdog to trigger a system reset in case
- `tdram` : Trusted DRAM (if available) an error is encountered during the boot process (for example, when an image
- `dram` : Secure region in DRAM (configured by the TrustZone controller) could not be loaded or authenticated). The watchdog is enabled in the early
platform setup hook at BL1 and disabled in the BL1 prepare exit hook. The
Trusted Watchdog may be disabled at build time for testing or development
purposes.
For a better understanding of these options, the ARM development platform memory * `ARM_RECOM_STATE_ID_ENC`: The PSCI1.0 specification recommends an encoding
map is explained in the [Firmware Design]. for the construction of composite state-ID in the power-state parameter.
The existing PSCI clients currently do not support this encoding of
State-ID yet. Hence this flag is used to configure whether to use the
recommended State-ID encoding or not. The default value of this flag is 0,
in which case the platform is configured to expect NULL in the State-ID
field of power-state parameter.
* `ARM_ROTPK_LOCATION`: used when `TRUSTED_BOARD_BOOT=1`. It specifies the * `ARM_ROTPK_LOCATION`: used when `TRUSTED_BOARD_BOOT=1`. It specifies the
location of the ROTPK hash returned by the function `plat_get_rotpk_info()` location of the ROTPK hash returned by the function `plat_get_rotpk_info()`
...@@ -499,41 +527,13 @@ map is explained in the [Firmware Design]. ...@@ -499,41 +527,13 @@ map is explained in the [Firmware Design].
this option, `arm_rotprivk_rsa.pem` must be specified as `ROT_KEY` when this option, `arm_rotprivk_rsa.pem` must be specified as `ROT_KEY` when
creating the certificates. creating the certificates.
* `ARM_RECOM_STATE_ID_ENC`: The PSCI1.0 specification recommends an encoding * `ARM_TSP_RAM_LOCATION`: location of the TSP binary. Options:
for the construction of composite state-ID in the power-state parameter. - `tsram` : Trusted SRAM (default option)
The existing PSCI clients currently do not support this encoding of - `tdram` : Trusted DRAM (if available)
State-ID yet. Hence this flag is used to configure whether to use the - `dram` : Secure region in DRAM (configured by the TrustZone controller)
recommended State-ID encoding or not. The default value of this flag is 0,
in which case the platform is configured to expect NULL in the State-ID
field of power-state parameter.
* `ARM_DISABLE_TRUSTED_WDOG`: boolean option to disable the Trusted Watchdog.
By default, ARM platforms use a watchdog to trigger a system reset in case
an error is encountered during the boot process (for example, when an image
could not be loaded or authenticated). The watchdog is enabled in the early
platform setup hook at BL1 and disabled in the BL1 prepare exit hook. The
Trusted Watchdog may be disabled at build time for testing or development
purposes.
* `ARM_CONFIG_CNTACR`: boolean option to unlock access to the CNTBase<N>
frame registers by setting the CNTCTLBase.CNTACR<N> register bits. The
frame number <N> is defined by 'PLAT_ARM_NSTIMER_FRAME_ID', which should
match the frame used by the Non-Secure image (normally the Linux kernel).
Default is true (access to the frame is allowed).
* `ARM_BOARD_OPTIMISE_MEM`: Boolean option to enable or disable optimisation
of the memory reserved for each image. This affects the maximum size of each
BL image as well as the number of allocated memory regions and translation
tables. By default this flag is 0, which means it uses the default
unoptimised values for these macros. ARM development platforms that wish to
optimise memory usage need to set this flag to 1 and must override the
related macros.
* 'ARM_BL31_IN_DRAM': Boolean option to select loading of BL31 in TZC secured For a better understanding of these options, the ARM development platform memory
DRAM. By default, BL31 is in the secure SRAM. Set this flag to 1 to load map is explained in the [Firmware Design].
BL31 in TZC secured DRAM. If TSP is present, then setting this option also
sets the TSP location to DRAM and ignores the `ARM_TSP_RAM_LOCATION` build
flag.
#### ARM CSS platform specific build options #### ARM CSS platform specific build options
...@@ -550,23 +550,11 @@ map is explained in the [Firmware Design]. ...@@ -550,23 +550,11 @@ map is explained in the [Firmware Design].
#### ARM FVP platform specific build options #### ARM FVP platform specific build options
* `FVP_USE_GIC_DRIVER` : Selects the GIC driver to be built. Options:
- `FVP_GICV2` : The GICv2 only driver is selected
- `FVP_GICV3` : The GICv3 only driver is selected (default option)
- `FVP_GICV3_LEGACY`: The Legacy GICv3 driver is selected (deprecated)
Note: If Trusted Firmware is compiled with this option on FVPs with
GICv3 hardware, then it configures the hardware to run in GICv2
emulation mode
* `FVP_CLUSTER_COUNT` : Configures the cluster count to be used to * `FVP_CLUSTER_COUNT` : Configures the cluster count to be used to
build the topology tree within Trusted Firmware. By default the build the topology tree within Trusted Firmware. By default the
Trusted Firmware is configured for dual cluster topology and this option Trusted Firmware is configured for dual cluster topology and this option
can be used to override the default value. can be used to override the default value.
* `FVP_USE_SP804_TIMER` : Use the SP804 timer instead of the Generic Timer
for functions that wait for an arbitrary time length (udelay and mdelay).
The default value is 0.
* `FVP_INTERCONNECT_DRIVER`: Selects the interconnect driver to be built. The * `FVP_INTERCONNECT_DRIVER`: Selects the interconnect driver to be built. The
default interconnect driver depends on the value of `FVP_CLUSTER_COUNT` as default interconnect driver depends on the value of `FVP_CLUSTER_COUNT` as
explained in the options below: explained in the options below:
...@@ -575,6 +563,18 @@ map is explained in the [Firmware Design]. ...@@ -575,6 +563,18 @@ map is explained in the [Firmware Design].
- `FVP_CCN` : The CCN driver is selected. This is the default - `FVP_CCN` : The CCN driver is selected. This is the default
if `FVP_CLUSTER_COUNT` > 2. if `FVP_CLUSTER_COUNT` > 2.
* `FVP_USE_GIC_DRIVER` : Selects the GIC driver to be built. Options:
- `FVP_GICV2` : The GICv2 only driver is selected
- `FVP_GICV3` : The GICv3 only driver is selected (default option)
- `FVP_GICV3_LEGACY`: The Legacy GICv3 driver is selected (deprecated)
Note: If Trusted Firmware is compiled with this option on FVPs with
GICv3 hardware, then it configures the hardware to run in GICv2
emulation mode
* `FVP_USE_SP804_TIMER` : Use the SP804 timer instead of the Generic Timer
for functions that wait for an arbitrary time length (udelay and mdelay).
The default value is 0.
### Debugging options ### Debugging options
To compile a debug version and make the build more verbose use To compile a debug version and make the build more verbose use
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment