diff --git a/Makefile b/Makefile index 8e2fd8169..1cce234a7 100644 --- a/Makefile +++ b/Makefile @@ -150,69 +150,6 @@ PYTHON ?= python3 # Variables for use with documentation build using Sphinx tool DOCS_PATH ?= docs -################################################################################ -# Process BRANCH_PROTECTION value and set -# Pointer Authentication and Branch Target Identification flags -################################################################################ -ifeq (${BRANCH_PROTECTION},0) - # Default value turns off all types of branch protection - BP_OPTION := none -else ifneq (${ARCH},aarch64) - $(error BRANCH_PROTECTION requires AArch64) -else ifeq (${BRANCH_PROTECTION},1) - # Enables all types of branch protection features - BP_OPTION := standard - ENABLE_BTI := 1 - ENABLE_PAUTH := 1 -else ifeq (${BRANCH_PROTECTION},2) - # Return address signing to its standard level - BP_OPTION := pac-ret - ENABLE_PAUTH := 1 -else ifeq (${BRANCH_PROTECTION},3) - # Extend the signing to include leaf functions - BP_OPTION := pac-ret+leaf - ENABLE_PAUTH := 1 -else ifeq (${BRANCH_PROTECTION},4) - # Turn on branch target identification mechanism - BP_OPTION := bti - ENABLE_BTI := 1 -else - $(error Unknown BRANCH_PROTECTION value ${BRANCH_PROTECTION}) -endif #(BRANCH_PROTECTION) - -################################################################################ -# RME dependent flags configuration -################################################################################ -# FEAT_RME -ifeq (${ENABLE_RME},1) - # RME doesn't support PIE - ifneq (${ENABLE_PIE},0) - $(error ENABLE_RME does not support PIE) - endif - - # RME doesn't support BRBE - ifneq (${ENABLE_BRBE_FOR_NS},0) - $(error ENABLE_RME does not support BRBE.) - endif - - # RME requires AARCH64 - ifneq (${ARCH},aarch64) - $(error ENABLE_RME requires AArch64) - endif - - # RME requires el2 context to be saved for now. - CTX_INCLUDE_EL2_REGS := 1 - CTX_INCLUDE_AARCH32_REGS := 0 - ARM_ARCH_MAJOR := 8 - ARM_ARCH_MINOR := 5 - ENABLE_FEAT_ECV = 1 - ENABLE_FEAT_FGT = 1 - CTX_INCLUDE_PAUTH_REGS := 1 - - # RME enables CSV2_2 extension by default. - ENABLE_FEAT_CSV2_2 = 1 -endif #(FEAT_RME) - ################################################################################ # Compiler Configuration based on ARCH_MAJOR and ARCH_MINOR flags ################################################################################ @@ -228,39 +165,6 @@ endif #(ARM_ARCH_MAJOR) ################################################################################ arch-features = ${ARM_ARCH_FEATURE} -#################################################### -# Enable required options for Memory Stack Tagging. -#################################################### - -# Memory tagging is supported in architecture Armv8.5-A AArch64 and onwards -ifeq ($(ARCH), aarch64) - # Check if revision is greater than or equal to 8.5 - ifeq "8.5" "$(word 1, $(sort 8.5 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))" - mem_tag_arch_support = yes - endif -endif #(ARCH=aarch64) - -# Currently, these options are enabled only for clang and armclang compiler. -ifeq (${SUPPORT_STACK_MEMTAG},yes) - ifdef mem_tag_arch_support - # Check for armclang and clang compilers - ifneq ( ,$(filter $(notdir $(CC)),armclang clang)) - # Add "memtag" architecture feature modifier if not specified - ifeq ( ,$(findstring memtag,$(arch-features))) - arch-features := $(arch-features)+memtag - endif # memtag - ifeq ($(notdir $(CC)),armclang) - TF_CFLAGS += -mmemtag-stack - else ifeq ($(notdir $(CC)),clang) - TF_CFLAGS += -fsanitize=memtag - endif # armclang - endif - else - $(error "Error: stack memory tagging is not supported for \ - architecture ${ARCH},armv${ARM_ARCH_MAJOR}.${ARM_ARCH_MINOR}-a") - endif #(mem_tag_arch_support) -endif #(SUPPORT_STACK_MEMTAG) - # Set the compiler's architecture feature modifiers ifneq ($(arch-features), none) # Strip "none+" from arch-features @@ -334,10 +238,6 @@ endif #(AARCH32_INSTRUCTION_SET) TF_CFLAGS_aarch32 += -mno-unaligned-access TF_CFLAGS_aarch64 += -mgeneral-regs-only -mstrict-align -ifneq (${BP_OPTION},none) - TF_CFLAGS_aarch64 += -mbranch-protection=${BP_OPTION} -endif #(BP_OPTION) - ASFLAGS += $(march-directive) ############################################################################## @@ -500,6 +400,14 @@ DTC_FLAGS += -I dts -O dtb DTC_CPPFLAGS += -P -nostdinc -Iinclude -Ifdts -undef \ -x assembler-with-cpp $(DEFINES) +################################################################################ +# Setup ARCH_MAJOR/MINOR before parsing arch_features. +################################################################################ +ifeq (${ENABLE_RME},1) + ARM_ARCH_MAJOR := 8 + ARM_ARCH_MINOR := 6 +endif + ################################################################################ # Common sources and include directories ################################################################################ @@ -519,13 +427,6 @@ BL_COMMON_SOURCES += common/bl_common.c \ plat/common/${ARCH}/platform_helpers.S \ ${COMPILER_RT_SRCS} -# Pointer Authentication sources -ifeq (${ENABLE_PAUTH}, 1) -# arm/common/aarch64/arm_pauth.c contains a sample platform hook to complete the -# Pauth support. As it's not secure, it must be reimplemented for real platforms - BL_COMMON_SOURCES += lib/extensions/pauth/pauth_helpers.S -endif - ifeq ($(notdir $(CC)),armclang) BL_COMMON_SOURCES += lib/${ARCH}/armclang_printf.S endif @@ -543,6 +444,104 @@ INCLUDES += -Iinclude \ include common/backtrace/backtrace.mk +################################################################################ +# Process BRANCH_PROTECTION value and set +# Pointer Authentication and Branch Target Identification flags +################################################################################ +ifeq (${BRANCH_PROTECTION},0) + # Default value turns off all types of branch protection + BP_OPTION := none +else ifneq (${ARCH},aarch64) + $(error BRANCH_PROTECTION requires AArch64) +else ifeq (${BRANCH_PROTECTION},1) + # Enables all types of branch protection features + BP_OPTION := standard + ENABLE_BTI := 1 + ENABLE_PAUTH := 1 +else ifeq (${BRANCH_PROTECTION},2) + # Return address signing to its standard level + BP_OPTION := pac-ret + ENABLE_PAUTH := 1 +else ifeq (${BRANCH_PROTECTION},3) + # Extend the signing to include leaf functions + BP_OPTION := pac-ret+leaf + ENABLE_PAUTH := 1 +else ifeq (${BRANCH_PROTECTION},4) + # Turn on branch target identification mechanism + BP_OPTION := bti + ENABLE_BTI := 1 +else + $(error Unknown BRANCH_PROTECTION value ${BRANCH_PROTECTION}) +endif #(BRANCH_PROTECTION) + +ifeq ($(ENABLE_PAUTH),1) + CTX_INCLUDE_PAUTH_REGS := 1 +endif +ifneq (${BP_OPTION},none) + TF_CFLAGS_aarch64 += -mbranch-protection=${BP_OPTION} +endif #(BP_OPTION) + +# Pointer Authentication sources +ifeq (${ENABLE_PAUTH}, 1) +# arm/common/aarch64/arm_pauth.c contains a sample platform hook to complete the +# Pauth support. As it's not secure, it must be reimplemented for real platforms + BL_COMMON_SOURCES += lib/extensions/pauth/pauth_helpers.S +endif + +#################################################### +# Enable required options for Memory Stack Tagging. +#################################################### + +# Currently, these options are enabled only for clang and armclang compiler. +ifeq (${SUPPORT_STACK_MEMTAG},yes) + ifdef mem_tag_arch_support + # Check for armclang and clang compilers + ifneq ( ,$(filter $(notdir $(CC)),armclang clang)) + # Add "memtag" architecture feature modifier if not specified + ifeq ( ,$(findstring memtag,$(arch-features))) + arch-features := $(arch-features)+memtag + endif # memtag + ifeq ($(notdir $(CC)),armclang) + TF_CFLAGS += -mmemtag-stack + else ifeq ($(notdir $(CC)),clang) + TF_CFLAGS += -fsanitize=memtag + endif # armclang + endif + else + $(error "Error: stack memory tagging is not supported for \ + architecture ${ARCH},armv${ARM_ARCH_MAJOR}.${ARM_ARCH_MINOR}-a") + endif #(mem_tag_arch_support) +endif #(SUPPORT_STACK_MEMTAG) + +################################################################################ +# RME dependent flags configuration, Enable optional features for RME. +################################################################################ +# FEAT_RME +ifeq (${ENABLE_RME},1) + # RME doesn't support PIE + ifneq (${ENABLE_PIE},0) + $(error ENABLE_RME does not support PIE) + endif + + # RME doesn't support BRBE + ifneq (${ENABLE_BRBE_FOR_NS},0) + $(error ENABLE_RME does not support BRBE.) + endif + + # RME requires AARCH64 + ifneq (${ARCH},aarch64) + $(error ENABLE_RME requires AArch64) + endif + + # RME requires el2 context to be saved for now. + CTX_INCLUDE_EL2_REGS := 1 + CTX_INCLUDE_AARCH32_REGS := 0 + CTX_INCLUDE_PAUTH_REGS := 1 + + # RME enables CSV2_2 extension by default. + ENABLE_FEAT_CSV2_2 = 1 +endif #(FEAT_RME) + ################################################################################ # Generic definitions ################################################################################ diff --git a/docs/porting-guide.rst b/docs/porting-guide.rst index 5a017ce0f..f612e1ca5 100644 --- a/docs/porting-guide.rst +++ b/docs/porting-guide.rst @@ -3463,6 +3463,15 @@ build system. to ``no``. If any of the options ``EL3_PAYLOAD_BASE`` or ``PRELOADED_BL33_BASE`` are used, this flag will be set to ``no`` automatically. +- **ARM_ARCH_MAJOR and ARM_ARCH_MINOR** + By default, ARM_ARCH_MAJOR.ARM_ARCH_MINOR is set to 8.0 in ``defaults.mk``, + if the platform makefile/build defines or uses the correct ARM_ARCH_MAJOR and + ARM_ARCH_MINOR then mandatory Architectural features available for that Arch + version will be enabled by default and any optional Arch feature supported by + the Architecture and available in TF-A can be enabled from platform specific + makefile. Look up to ``arch_features.mk`` for details pertaining to mandatory + and optional Arch specific features. + Platform include paths ---------------------- diff --git a/make_helpers/arch_features.mk b/make_helpers/arch_features.mk index b799697fb..5cd89f0eb 100644 --- a/make_helpers/arch_features.mk +++ b/make_helpers/arch_features.mk @@ -1,41 +1,324 @@ # -# Copyright (c) 2022, Arm Limited. All rights reserved. +# Copyright (c) 2022-2023, Arm Limited. All rights reserved. # # SPDX-License-Identifier: BSD-3-Clause # -# This file lists all the checks related to the Architectural Feature -# Enablement flags, based on the Architectural version. +# This file lists all of the architectural features, and initializes +# and enables them based on the configured architecture version. + +# This file follows the following format: +# - By default disable any mandatory features. +# - Then Enable mandatory feature if applicable to an Arch Version. +# - Disable or enable any optional feature this would be enabled/disabled if needed by platform. + +# +################################################################################ +# Set mandatory features by default to zero. +################################################################################ +# + +#---- +# 8.1 +#---- + +# Flag to enable access to Privileged Access Never bit of PSTATE. +ENABLE_FEAT_PAN := 0 + +# Flag to enable Virtualization Host Extensions. +ENABLE_FEAT_VHE := 0 + +#---- +# 8.2 +#---- + +# Enable RAS Support. +ENABLE_FEAT_RAS := 0 + +#---- +# 8.3 +#---- + +# Flag to enable Pointer Authentication. Internal flag not meant for +# direct setting. Use BRANCH_PROTECTION to enable PAUTH. +ENABLE_PAUTH := 0 + +# Include pointer authentication (ARMv8.3-PAuth) registers in cpu context. This +# must be set to 1 if the platform wants to use this feature in the Secure +# world. It is not necessary for use in the Non-secure world. +CTX_INCLUDE_PAUTH_REGS := 0 + +#---- +# 8.4 +#---- + +# Flag to enable Secure EL-2 feature. +ENABLE_FEAT_SEL2 := 0 + +# Include nested virtualization control (Armv8.4-NV) registers in cpu context. +# This must be set to 1 if architecture implements Nested Virtualization +# Extension and platform wants to use this feature in the Secure world. +CTX_INCLUDE_NEVE_REGS := 0 + +# By default, disable trace filter control register access to lower non-secure +# exception levels, i.e. NS-EL2, or NS-EL1 if NS-EL2 is implemented, but +# trace filter control register access is unused if FEAT_TRF is implemented. +ENABLE_TRF_FOR_NS := 0 + +# Flag to enable Data Independent Timing instructions. +ENABLE_FEAT_DIT := 0 + +#---- +# 8.5 +#---- + +# Flag to enable access to the Random Number Generator registers. +ENABLE_FEAT_RNG := 0 + +# Flag to enable Speculation Barrier Instruction. +ENABLE_FEAT_SB := 0 + +# Flag to enable Branch Target Identification. +# Internal flag not meant for direct setting. +# Use BRANCH_PROTECTION to enable BTI. +ENABLE_BTI := 0 + +#---- +# 8.6 +#---- + +# Flag to enable access to the CNTPOFF_EL2 register. +ENABLE_FEAT_ECV := 0 + +# Flag to enable access to the HDFGRTR_EL2 register. +ENABLE_FEAT_FGT := 0 + +#---- +# 8.7 +#---- + +# Flag to enable access to the HCRX_EL2 register by setting SCR_EL3.HXEn. +ENABLE_FEAT_HCX := 0 + +#---- +# 8.9 +#---- + +# Flag to enable access to TCR2 (FEAT_TCR2). +ENABLE_FEAT_TCR2 := 0 + +# +################################################################################ +# Enable Mandatory features based on Arch versions. +################################################################################ +# # Enable the features which are mandatory from ARCH version 8.1 and upwards. ifeq "8.1" "$(word 1, $(sort 8.1 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))" -ENABLE_FEAT_PAN = 1 -ENABLE_FEAT_VHE = 1 +ENABLE_FEAT_PAN := 1 +ENABLE_FEAT_VHE := 1 endif # Enable the features which are mandatory from ARCH version 8.2 and upwards. ifeq "8.2" "$(word 1, $(sort 8.2 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))" -ENABLE_FEAT_RAS = 1 +ENABLE_FEAT_RAS := 1 endif # Enable the features which are mandatory from ARCH version 8.4 and upwards. ifeq "8.4" "$(word 1, $(sort 8.4 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))" -ENABLE_FEAT_DIT = 1 -ENABLE_FEAT_SEL2 = 1 +ENABLE_FEAT_SEL2 := 1 +CTX_INCLUDE_NEVE_REGS := 1 +ENABLE_TRF_FOR_NS := 1 +ENABLE_FEAT_DIT := 1 endif # Enable the features which are mandatory from ARCH version 8.5 and upwards. ifeq "8.5" "$(word 1, $(sort 8.5 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))" -ENABLE_FEAT_SB = 1 +ENABLE_FEAT_RNG := 1 +ENABLE_FEAT_SB := 1 + +# Enable Memory tagging, Branch Target Identification for aarch64 only. +ifeq ($(ARCH), aarch64) + mem_tag_arch_support := yes +endif #(ARCH=aarch64) + endif # Enable the features which are mandatory from ARCH version 8.6 and upwards. ifeq "8.6" "$(word 1, $(sort 8.6 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))" -ENABLE_FEAT_FGT = 1 -ENABLE_FEAT_ECV = 1 +ENABLE_FEAT_ECV := 1 +ENABLE_FEAT_FGT := 1 endif # Enable the features which are mandatory from ARCH version 8.7 and upwards. ifeq "8.7" "$(word 1, $(sort 8.7 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))" -ENABLE_FEAT_HCX = 1 +ENABLE_FEAT_HCX := 1 endif + +# Enable the features which are mandatory from ARCH version 8.9 and upwards. +ifeq "8.9" "$(word 1, $(sort 8.9 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))" +ENABLE_FEAT_TCR2 := 1 +endif + +# +################################################################################ +# Optional Features defaulted to 0 or 2, if they are not enabled from +# build option. Can also be disabled or enabled by platform if needed. +################################################################################ +# + +#---- +# 8.0 +#---- + +# Flag to enable CSV2_2 extension. +ENABLE_FEAT_CSV2_2 ?= 0 + +# By default, disable access of trace system registers from NS lower +# ELs i.e. NS-EL2, or NS-EL1 if NS-EL2 implemented but unused if +# system register trace is implemented. This feature is available if +# trace unit such as ETMv4.x, This feature is OPTIONAL and is only +# permitted in Armv8 implementations. +ENABLE_SYS_REG_TRACE_FOR_NS ?= 0 + +#---- +# 8.2 +#---- + +# Build option to enable/disable the Statistical Profiling Extension, +# keep it enabled by default for AArch64. +ifeq (${ARCH},aarch64) + ENABLE_SPE_FOR_NS ?= 2 +else ifeq (${ARCH},aarch32) + ifdef ENABLE_SPE_FOR_NS + $(error ENABLE_SPE_FOR_NS is not supported for AArch32) + else + ENABLE_SPE_FOR_NS := 0 + endif +endif + +# Enable SVE for non-secure world by default. +ifeq (${ARCH},aarch64) + ENABLE_SVE_FOR_NS ?= 2 +# SVE is only supported on AArch64 so disable it on AArch32. +else ifeq (${ARCH},aarch32) + ifdef ENABLE_SVE_FOR_NS + $(error ENABLE_SVE_FOR_NS is not supported for AArch32) + else + ENABLE_SVE_FOR_NS := 0 + endif +endif + +#---- +# 8.4 +#---- + +# Feature flags for supporting Activity monitor extensions. +ENABLE_FEAT_AMU ?= 0 +ENABLE_AMU_AUXILIARY_COUNTERS ?= 0 +ENABLE_AMU_FCONF ?= 0 +AMU_RESTRICT_COUNTERS ?= 0 + +# Build option to enable MPAM for lower ELs. +ENABLE_MPAM_FOR_LOWER_ELS ?= 0 + +#---- +# 8.5 +#---- + +# Flag to enable support for EL3 trapping of reads of the RNDR and RNDRRS +# registers, by setting SCR_EL3.TRNDR. +ENABLE_FEAT_RNG_TRAP ?= 0 + +# Include Memory Tagging Extension registers in cpu context. This must be set +# to 1 if the platform wants to use this feature in the Secure world and MTE is +# enabled at ELX. +CTX_INCLUDE_MTE_REGS ?= 0 + +#---- +# 8.6 +#---- + +# Flag to enable AMUv1p1 extension. +ENABLE_FEAT_AMUv1p1 ?= 0 + +# Flag to enable delayed trapping of WFE instruction (FEAT_TWED). +ENABLE_FEAT_TWED ?= 0 + +# In v8.6+ platforms with delayed trapping of WFE being supported +# via FEAT_TWED, this flag takes the delay value to be set in the +# SCR_EL3.TWEDEL(4bit) field, when FEAT_TWED is implemented. +# By default it takes 0, and need to be updated by the platforms. +TWED_DELAY ?= 0 + +# Disable MTPMU if FEAT_MTPMU is supported. +DISABLE_MTPMU ?= 0 + +#---- +# 8.9 +#---- + +# Flag to enable NoTagAccess memory region attribute for stage 2 of translation. +ENABLE_FEAT_MTE_PERM ?= 0 + +# Flag to enable access to Stage 2 Permission Indirection (FEAT_S2PIE). +ENABLE_FEAT_S2PIE ?= 0 + +# Flag to enable access to Stage 1 Permission Indirection (FEAT_S1PIE). +ENABLE_FEAT_S1PIE ?= 0 + +# Flag to enable access to Stage 2 Permission Overlay (FEAT_S2POE). +ENABLE_FEAT_S2POE ?= 0 + +# Flag to enable access to Stage 1 Permission Overlay (FEAT_S1POE). +ENABLE_FEAT_S1POE ?= 0 + +#---- +# 9.0 +#---- + +# Flag to enable Realm Management Extension (FEAT_RME). +ENABLE_RME ?= 0 + +# Scalable Matrix Extension for non-secure world. +ENABLE_SME_FOR_NS ?= 0 + +# Scalable Vector Extension for secure world. +ENABLE_SVE_FOR_SWD ?= 0 + +# By default, disable access of trace buffer control registers from NS +# lower ELs i.e. NS-EL2, or NS-EL1 if NS-EL2 implemented but unused +# if FEAT_TRBE is implemented. +# Note FEAT_TRBE is only supported on AArch64 - therefore do not enable in +# AArch32. +ifeq (${ARCH},aarch64) + ENABLE_TRBE_FOR_NS ?= 0 +else ifeq (${ARCH},aarch32) + ifdef ENABLE_TRBE_FOR_NS + $(error ENABLE_TRBE_FOR_NS is not supported for AArch32) + else + ENABLE_TRBE_FOR_NS := 0 + endif +endif + +#---- +# 9.2 +#---- + +# Scalable Matrix Extension version 2 for non-secure world. +ENABLE_SME2_FOR_NS ?= 0 + +# Scalable Matrix Extension for secure world. +ENABLE_SME_FOR_SWD ?= 0 + +# By default, disable access to branch record buffer control registers from NS +# lower ELs i.e. NS-EL2, or NS-EL1 if NS-EL2 implemented but unused +# if FEAT_BRBE is implemented. +ENABLE_BRBE_FOR_NS ?= 0 + +#---- +#9.4 +#---- + +# Flag to enable access to Guarded Control Stack (FEAT_GCS). +ENABLE_FEAT_GCS ?= 0 diff --git a/make_helpers/defaults.mk b/make_helpers/defaults.mk index 964e0f925..aaabb2771 100644 --- a/make_helpers/defaults.mk +++ b/make_helpers/defaults.mk @@ -63,16 +63,6 @@ CTX_INCLUDE_AARCH32_REGS := 1 # Include FP registers in cpu context CTX_INCLUDE_FPREGS := 0 -# Include pointer authentication (ARMv8.3-PAuth) registers in cpu context. This -# must be set to 1 if the platform wants to use this feature in the Secure -# world. It is not needed to use it in the Non-secure world. -CTX_INCLUDE_PAUTH_REGS := 0 - -# Include Nested virtualization control (Armv8.4-NV) registers in cpu context. -# This must be set to 1 if architecture implements Nested Virtualization -# Extension and platform wants to use this feature in the Secure world -CTX_INCLUDE_NEVE_REGS := 0 - # Debug build DEBUG := 0 @@ -85,17 +75,10 @@ DEFAULT_PLAT := fvp # Disable the generation of the binary image (ELF only). DISABLE_BIN_GENERATION := 0 -# Disable MTPMU if FEAT_MTPMU is supported. Default is 0 to keep backwards -# compatibility. -DISABLE_MTPMU := 0 - # Enable capability to disable authentication dynamically. Only meant for # development platforms. DYN_DISABLE_AUTH := 0 -# Build option to enable MPAM for lower ELs -ENABLE_MPAM_FOR_LOWER_ELS := 0 - # Enable the Maximum Power Mitigation Mechanism on supporting cores. ENABLE_MPMM := 0 @@ -111,9 +94,6 @@ ENABLE_PMF := 0 # Flag to enable PSCI STATs functionality ENABLE_PSCI_STAT := 0 -# Flag to enable Realm Management Extension (FEAT_RME) -ENABLE_RME := 0 - # Flag to enable runtime instrumentation using PMF ENABLE_RUNTIME_INSTRUMENTATION := 0 @@ -123,77 +103,6 @@ ENABLE_STACK_PROTECTOR := 0 # Flag to enable exception handling in EL3 EL3_EXCEPTION_HANDLING := 0 -# Flag to enable Branch Target Identification. -# Internal flag not meant for direct setting. -# Use BRANCH_PROTECTION to enable BTI. -ENABLE_BTI := 0 - -# Flag to enable Pointer Authentication. -# Internal flag not meant for direct setting. -# Use BRANCH_PROTECTION to enable PAUTH. -ENABLE_PAUTH := 0 - -# Flag to enable AMUv1p1 extension. -ENABLE_FEAT_AMUv1p1 := 0 - -# Flag to enable CSV2_2 extension. -ENABLE_FEAT_CSV2_2 := 0 - -# Flag to enable access to the HCRX_EL2 register by setting SCR_EL3.HXEn. -ENABLE_FEAT_HCX := 0 - -# Flag to enable access to the HDFGRTR_EL2 register -ENABLE_FEAT_FGT := 0 - -# Flag to enable access to the CNTPOFF_EL2 register -ENABLE_FEAT_ECV := 0 - -# Flag to enable use of the DIT feature. -ENABLE_FEAT_DIT := 0 - -# Flag to enable access to Privileged Access Never bit of PSTATE. -ENABLE_FEAT_PAN := 0 - -# Flag to enable access to the Random Number Generator registers -ENABLE_FEAT_RNG := 0 - -# Flag to enable support for EL3 trapping of reads of the RNDR and RNDRRS -# registers, by setting SCR_EL3.TRNDR. -ENABLE_FEAT_RNG_TRAP := 0 - -# Flag to enable Speculation Barrier Instruction -ENABLE_FEAT_SB := 0 - -# Flag to enable Secure EL-2 feature. -ENABLE_FEAT_SEL2 := 0 - -# Flag to enable Virtualization Host Extensions -ENABLE_FEAT_VHE := 0 - -# Flag to enable delayed trapping of WFE instruction (FEAT_TWED) -ENABLE_FEAT_TWED := 0 - -# Flag to enable access to TCR2 (FEAT_TCR2) -ENABLE_FEAT_TCR2 := 0 - -# Flag to enable access to Stage 2 Permission Indirection (FEAT_S2PIE) -ENABLE_FEAT_S2PIE := 0 - -# Flag to enable access to Stage 1 Permission Indirection (FEAT_S1PIE) -ENABLE_FEAT_S1PIE := 0 - -# Flag to enable access to Stage 2 Permission Overlay (FEAT_S2POE) -ENABLE_FEAT_S2POE := 0 - -# Flag to enable access to Stage 1 Permission Overlay (FEAT_S1POE) -ENABLE_FEAT_S1POE := 0 - -# Flag to enable access to Guarded Control Stack (FEAT_GCS) -ENABLE_FEAT_GCS := 0 - -# Flag to enable NoTagAccess memory region attribute for stage 2 of translation. -ENABLE_FEAT_MTE_PERM := 0 - # By default BL31 encryption disabled ENCRYPT_BL31 := 0 @@ -279,8 +188,7 @@ PSCI_EXTENDED_STATE_ID := 0 # Enable PSCI OS-initiated mode support PSCI_OS_INIT_MODE := 0 -# Enable RAS Support -ENABLE_FEAT_RAS := 0 +# Enable RAS Firmware First Handling Support RAS_FFH_SUPPORT := 0 # By default, BL1 acts as the reset handler, not BL31 @@ -379,40 +287,9 @@ V := 0 # platforms). WARMBOOT_ENABLE_DCACHE_EARLY := 0 -# Build option to enable/disable the Statistical Profiling Extensions -ENABLE_SPE_FOR_NS := 2 - -# SPE is only supported on AArch64 so disable it on AArch32. -ifeq (${ARCH},aarch32) - override ENABLE_SPE_FOR_NS := 0 -endif - -# Include Memory Tagging Extension registers in cpu context. This must be set -# to 1 if the platform wants to use this feature in the Secure world and MTE is -# enabled at ELX. -CTX_INCLUDE_MTE_REGS := 0 - -ENABLE_FEAT_AMU := 0 -ENABLE_AMU_AUXILIARY_COUNTERS := 0 -ENABLE_AMU_FCONF := 0 -AMU_RESTRICT_COUNTERS := 0 - -# Enable SVE for non-secure world by default -ENABLE_SVE_FOR_NS := 2 -# SVE is only supported on AArch64 so disable it on AArch32. -ifeq (${ARCH},aarch32) - override ENABLE_SVE_FOR_NS := 0 -endif -ENABLE_SVE_FOR_SWD := 0 - # Default SVE vector length to maximum architected value SVE_VECTOR_LEN := 2048 -# SME defaults to disabled -ENABLE_SME_FOR_NS := 0 -ENABLE_SME_FOR_SWD := 0 -ENABLE_SME2_FOR_NS := 0 - SANITIZE_UB := off # For ARMv8.1 (AArch64) platforms, enabling this option selects the spinlock @@ -467,38 +344,6 @@ NR_OF_IMAGES_IN_FW_BANK := 1 # Disable Firmware update support by default PSA_FWU_SUPPORT := 0 -# By default, disable access of trace buffer control registers from NS -# lower ELs i.e. NS-EL2, or NS-EL1 if NS-EL2 implemented but unused -# if FEAT_TRBE is implemented. -# Note FEAT_TRBE is only supported on AArch64 - therefore do not enable in -# AArch32. -ifneq (${ARCH},aarch32) - ENABLE_TRBE_FOR_NS := 0 -else - override ENABLE_TRBE_FOR_NS := 0 -endif - -# By default, disable access to branch record buffer control registers from NS -# lower ELs i.e. NS-EL2, or NS-EL1 if NS-EL2 implemented but unused -# if FEAT_BRBE is implemented. -ENABLE_BRBE_FOR_NS := 0 - -# By default, disable access of trace system registers from NS lower -# ELs i.e. NS-EL2, or NS-EL1 if NS-EL2 implemented but unused if -# system register trace is implemented. -ENABLE_SYS_REG_TRACE_FOR_NS := 0 - -# By default, disable trace filter control registers access to NS -# lower ELs, i.e. NS-EL2, or NS-EL1 if NS-EL2 implemented but unused -# if FEAT_TRF is implemented. -ENABLE_TRF_FOR_NS := 0 - -# In v8.6+ platforms with delayed trapping of WFE being supported -# via FEAT_TWED, this flag takes the delay value to be set in the -# SCR_EL3.TWEDEL(4bit) field, when FEAT_TWED is implemented. -# By default it takes 0, and need to be updated by the platforms. -TWED_DELAY := 0 - # By default, disable the mocking of RSS provided services PLAT_RSS_NOT_SUPPORTED := 0