Commit 84ef9cd8 authored by Manish V Badarkhe's avatar Manish V Badarkhe
Browse files

make, doc: Add build option to create chain of trust at runtime



Added a build option 'COT_DESC_IN_DTB' to create chain of trust
at runtime using fconf.
Signed-off-by: default avatarManish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I92b257ac4ece8bbf56f05a41d1e4056e2422ab89
parent b5fb6917
......@@ -659,6 +659,10 @@ $(error "SDEI_IN_FCONF is an experimental feature and is only supported when \
SDEI_SUPPORT is enabled")
endif
ifeq ($(COT_DESC_IN_DTB),1)
$(info CoT in device tree is an experimental feature)
endif
# If pointer authentication is used in the firmware, make sure that all the
# registers associated to it are also saved and restored.
# Not doing it would leak the value of the keys used by EL3 to EL1 and S-EL1.
......@@ -903,6 +907,7 @@ $(eval $(call assert_boolean,ENCRYPT_BL31))
$(eval $(call assert_boolean,ENCRYPT_BL32))
$(eval $(call assert_boolean,ERRATA_SPECULATIVE_AT))
$(eval $(call assert_boolean,RAS_TRAP_LOWER_EL_ERR_ACCESS))
$(eval $(call assert_boolean,COT_DESC_IN_DTB))
$(eval $(call assert_numeric,ARM_ARCH_MAJOR))
$(eval $(call assert_numeric,ARM_ARCH_MINOR))
......@@ -983,6 +988,7 @@ $(eval $(call add_define,BL2_INV_DCACHE))
$(eval $(call add_define,USE_SPINLOCK_CAS))
$(eval $(call add_define,ERRATA_SPECULATIVE_AT))
$(eval $(call add_define,RAS_TRAP_LOWER_EL_ERR_ACCESS))
$(eval $(call add_define,COT_DESC_IN_DTB))
ifeq (${SANITIZE_UB},trap)
$(eval $(call add_define,MONITOR_TRAPS))
......
......@@ -648,6 +648,13 @@ Common build options
configuration device tree, instead of static structure in the code base.
This is currently an experimental feature.
- ``COT_DESC_IN_DTB``: This flag determines whether to create COT descriptors
at runtime using fconf. If this flag is enabled, COT descriptors are
statically captured in tb_fw_config file in the form of device tree nodes
and properties. Currently, COT descriptors used by BL2 are moved to the
device tree and COT descriptors used by BL1 are retained in the code
base statically. This is currently an experimental feature.
- ``SDEI_IN_FCONF``: This flag determines whether to configure SDEI setup in
runtime using firmware configuration framework. The platform specific SDEI
shared and private events configuration is retrieved from device tree rather
......
......@@ -305,3 +305,6 @@ ERRATA_SPECULATIVE_AT := 0
# Trap RAS error record access from lower EL
RAS_TRAP_LOWER_EL_ERR_ACCESS := 0
# Build option to create cot descriptors using fconf
COT_DESC_IN_DTB := 0
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment