Merge "make, doc: Add build option to create chain of trust at runtime" into integration

12293ba7 · Sandrine Bailleux · TrustedFirmware Code Review · 25311527 · 84ef9cd8 · 12293ba7
Commit 12293ba7 authored Jul 10, 2020 by Sandrine Bailleux Committed by TrustedFirmware Code Review Jul 10, 2020
--- a/Makefile
+++ b/Makefile
@@ -659,6 +659,10 @@ $(error "SDEI_IN_FCONF is an experimental feature and is only supported when \
 	SDEI_SUPPORT is enabled")
 endif
+ifeq ($(COT_DESC_IN_DTB),1)
+    $(info CoT in device tree is an experimental feature)
+endif
 # If pointer authentication is used in the firmware, make sure that all the
 # registers associated to it are also saved and restored.
 # Not doing it would leak the value of the keys used by EL3 to EL1 and S-EL1.
@@ -903,6 +907,7 @@ $(eval $(call assert_boolean,ENCRYPT_BL31))
 $(eval $(call assert_boolean,ENCRYPT_BL32))
 $(eval $(call assert_boolean,ERRATA_SPECULATIVE_AT))
 $(eval $(call assert_boolean,RAS_TRAP_LOWER_EL_ERR_ACCESS))
+$(eval $(call assert_boolean,COT_DESC_IN_DTB))
 $(eval $(call assert_numeric,ARM_ARCH_MAJOR))
 $(eval $(call assert_numeric,ARM_ARCH_MINOR))
@@ -983,6 +988,7 @@ $(eval $(call add_define,BL2_INV_DCACHE))
 $(eval $(call add_define,USE_SPINLOCK_CAS))
 $(eval $(call add_define,ERRATA_SPECULATIVE_AT))
 $(eval $(call add_define,RAS_TRAP_LOWER_EL_ERR_ACCESS))
+$(eval $(call add_define,COT_DESC_IN_DTB))
 ifeq (${SANITIZE_UB},trap)
        $(eval $(call add_define,MONITOR_TRAPS))

--- a/docs/getting_started/build-options.rst
+++ b/docs/getting_started/build-options.rst
@@ -648,6 +648,13 @@ Common build options
   configuration device tree, instead of static structure in the code base.
   This is currently an experimental feature.
+-  ``COT_DESC_IN_DTB``: This flag determines whether to create COT descriptors
+   at runtime using fconf. If this flag is enabled, COT descriptors are
+   statically captured in tb_fw_config file in the form of device tree nodes
+   and properties. Currently, COT descriptors used by BL2 are moved to the
+   device tree and COT descriptors used by BL1 are retained in the code
+   base statically. This is currently an experimental feature.
 -  ``SDEI_IN_FCONF``: This flag determines whether to configure SDEI setup in
   runtime using firmware configuration framework. The platform specific SDEI
   shared and private events configuration is retrieved from device tree rather

--- a/make_helpers/defaults.mk
+++ b/make_helpers/defaults.mk
@@ -305,3 +305,6 @@ ERRATA_SPECULATIVE_AT           := 0
 # Trap RAS error record access from lower EL
 RAS_TRAP_LOWER_EL_ERR_ACCESS	:= 0
+# Build option to create cot descriptors using fconf
+COT_DESC_IN_DTB			:= 0