refactor(build): put the cross referencing of options together
We have an immense number of incompatible options and several places to
check them, making things hard to follow and leading to some
duplication. Previous attempts at reordering helped in the short term
but things have slowly deteriorated again.
Tackle this by introducing a single file to do all cross referencing of
all options. This should remove any ambiguity as to where these go.
No functional change besides relative ordering in the top-level Makefile.
Change-Id: Ic57d46bf602bd34d3af45a05e4ac8ca0dfcd1f7b
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
diff --git a/Makefile b/Makefile
index 88c7b69..f916d01 100644
--- a/Makefile
+++ b/Makefile
@@ -183,8 +183,6 @@
TF_CFLAGS_aarch32 += -marm
else ifeq (${AARCH32_INSTRUCTION_SET},T32)
TF_CFLAGS_aarch32 += -mthumb
-else
- $(error Error: Unknown AArch32 instruction set ${AARCH32_INSTRUCTION_SET})
endif #(AARCH32_INSTRUCTION_SET)
TF_CFLAGS_aarch32 += -mno-unaligned-access
@@ -545,17 +543,22 @@
# Pauth support. As it's not secure, it must be reimplemented for real platforms
BL_COMMON_SOURCES += lib/extensions/pauth/pauth.c
endif
+#
+ifneq (${ENABLE_FEAT_PAUTH_LR},0)
+# Currently, FEAT_PAUTH_LR is only supported by arm/clang compilers
+# TODO implement for GCC when support is added
+ifeq ($($(ARCH)-cc-id),arm-clang)
+ arch-features := $(arch-features)+pauth-lr
+else
+ $(error Error: ENABLE_FEAT_PAUTH_LR not supported for GCC compiler)
+endif
+endif
################################################################################
# RME dependent flags configuration, Enable optional features for RME.
################################################################################
# FEAT_RME
ifeq (${ENABLE_RME},1)
- # RME requires AARCH64
- ifneq (${ARCH},aarch64)
- $(error ENABLE_RME requires AArch64)
- endif
-
# RME requires el2 context to be saved for now.
CTX_INCLUDE_EL2_REGS := 1
CTX_INCLUDE_AARCH32_REGS := 0
@@ -573,47 +576,10 @@
# Include rmmd Makefile if RME is enabled
################################################################################
ifneq (${ENABLE_RME},0)
- ifneq (${ARCH},aarch64)
- $(error ENABLE_RME requires AArch64)
- endif
- ifeq ($(SPMC_AT_EL3),1)
- $(error SPMC_AT_EL3 and ENABLE_RME cannot both be enabled.)
- endif
-
- ifneq (${SPD}, none)
- ifneq (${SPD}, spmd)
- $(error ENABLE_RME is incompatible with SPD=${SPD}. Use SPD=spmd)
- endif
- endif
include services/std_svc/rmmd/rmmd.mk
$(warning "RME is an experimental feature")
endif
-ifeq (${CTX_INCLUDE_EL2_REGS}, 1)
- ifeq (${SPD},none)
- ifeq (${ENABLE_RME},0)
- $(error CTX_INCLUDE_EL2_REGS is available only when SPD \
- or RME is enabled)
- endif
- endif
-endif
-
-################################################################################
-# Verify FEAT_RME, FEAT_SCTLR2 and FEAT_TCR2 are enabled if FEAT_MEC is enabled.
-################################################################################
-
-ifneq (${ENABLE_FEAT_MEC},0)
- ifeq (${ENABLE_RME},0)
- $(error FEAT_RME must be enabled when FEAT_MEC is enabled.)
- endif
- ifeq (${ENABLE_FEAT_TCR2},0)
- $(error FEAT_TCR2 must be enabled when FEAT_MEC is enabled.)
- endif
- ifeq (${ENABLE_FEAT_SCTLR2},0)
- $(error FEAT_SCTLR2 must be enabled when FEAT_MEC is enabled.)
- endif
-endif
-
################################################################################
# Make 128-Bit sysreg read/writes availabe when FEAT_D128 is enabled.
################################################################################
@@ -746,58 +712,7 @@
################################################################################
# Check incompatible options and dependencies
################################################################################
-
-# Handle all invalid build configurations with SPMD usage.
-ifeq (${ENABLE_SPMD_LP}, 1)
-ifneq (${SPD},spmd)
- $(error Error: ENABLE_SPMD_LP requires SPD=spmd.)
-endif
-ifeq ($(SPMC_AT_EL3),1)
- $(error SPMC at EL3 not supported when enabling SPMD Logical partitions.)
-endif
-endif
-
-ifneq (${SPD},none)
-ifeq (${ARCH},aarch32)
- $(error "Error: SPD is incompatible with AArch32.")
-endif
-ifdef EL3_PAYLOAD_BASE
- $(warning "SPD and EL3_PAYLOAD_BASE are incompatible build options.")
- $(warning "The SPD and its BL32 companion will be present but ignored.")
-endif
-ifeq (${SPD},spmd)
-ifeq ($(SPMD_SPM_AT_SEL2),1)
- ifeq ($(SPMC_AT_EL3),1)
- $(error SPM cannot be enabled in both S-EL2 and EL3.)
- endif
- ifeq ($(CTX_INCLUDE_SVE_REGS),1)
- $(error SVE context management not needed with Hafnium SPMC.)
- endif
-endif
-
-ifeq ($(SPMC_AT_EL3_SEL0_SP),1)
- ifneq ($(SPMC_AT_EL3),1)
- $(error SEL0 SP cannot be enabled without SPMC at EL3)
- endif
-endif
-endif #(SPD=spmd)
-endif #(SPD!=none)
-
-# USE_DEBUGFS experimental feature recommended only in debug builds
-ifeq (${USE_DEBUGFS},1)
- ifeq (${DEBUG},1)
- $(warning DEBUGFS experimental feature is enabled.)
- else
- $(warning DEBUGFS experimental, recommended in DEBUG builds ONLY)
- endif
-endif #(USE_DEBUGFS)
-
-# USE_SPINLOCK_CAS requires AArch64 build
-ifeq (${USE_SPINLOCK_CAS},1)
- ifneq (${ARCH},aarch64)
- $(error USE_SPINLOCK_CAS requires AArch64)
- endif
-endif #(USE_SPINLOCK_CAS)
+include ${MAKE_HELPERS_DIRECTORY}constraints.mk
# The cert_create tool cannot generate certificates individually, so we use the
# target 'certificates' to create them all
@@ -814,65 +729,6 @@
FWU_FIP_DEPS += enctool
endif #(DECRYPTION_SUPPORT)
-ifdef EL3_PAYLOAD_BASE
- ifdef PRELOADED_BL33_BASE
- $(warning "PRELOADED_BL33_BASE and EL3_PAYLOAD_BASE are \
- incompatible build options. EL3_PAYLOAD_BASE has priority.")
- endif
- ifneq (${GENERATE_COT},0)
- $(error "GENERATE_COT and EL3_PAYLOAD_BASE are incompatible \
- build options.")
- endif
- ifneq (${TRUSTED_BOARD_BOOT},0)
- $(error "TRUSTED_BOARD_BOOT and EL3_PAYLOAD_BASE are \
- incompatible \ build options.")
- endif
-endif #(EL3_PAYLOAD_BASE)
-
-ifeq (${NEED_BL33},yes)
- ifdef EL3_PAYLOAD_BASE
- $(warning "BL33 image is not needed when option \
- BL33_PAYLOAD_BASE is used and won't be added to the FIP file.")
- endif
- ifdef PRELOADED_BL33_BASE
- $(warning "BL33 image is not needed when option \
- PRELOADED_BL33_BASE is used and won't be added to the FIP file.")
- endif
-endif #(NEED_BL33)
-
-# When building for systems with hardware-assisted coherency, there's no need to
-# use USE_COHERENT_MEM. Require that USE_COHERENT_MEM must be set to 0 too.
-ifeq ($(HW_ASSISTED_COHERENCY)-$(USE_COHERENT_MEM),1-1)
- $(error USE_COHERENT_MEM cannot be enabled with HW_ASSISTED_COHERENCY)
-endif
-
-#For now, BL2_IN_XIP_MEM is only supported when RESET_TO_BL2 is 1.
-ifeq ($(RESET_TO_BL2)-$(BL2_IN_XIP_MEM),0-1)
- $(error "BL2_IN_XIP_MEM is only supported when RESET_TO_BL2 is enabled")
-endif
-
-# RAS_EXTENSION is deprecated, provide alternate build options
-ifeq ($(RAS_EXTENSION),1)
- $(error "RAS_EXTENSION is now deprecated, please use ENABLE_FEAT_RAS \
- and HANDLE_EA_EL3_FIRST_NS instead")
-endif
-
-
-# When FAULT_INJECTION_SUPPORT is used, require that FEAT_RAS is enabled
-ifeq ($(FAULT_INJECTION_SUPPORT),1)
- ifeq ($(ENABLE_FEAT_RAS),0)
- $(error For FAULT_INJECTION_SUPPORT, ENABLE_FEAT_RAS must not be 0)
- endif
-endif #(FAULT_INJECTION_SUPPORT)
-
-# DYN_DISABLE_AUTH can be set only when TRUSTED_BOARD_BOOT=1
-ifeq ($(DYN_DISABLE_AUTH), 1)
- ifeq (${TRUSTED_BOARD_BOOT}, 0)
- $(error "TRUSTED_BOARD_BOOT must be enabled for DYN_DISABLE_AUTH \
- to be set.")
- endif
-endif #(DYN_DISABLE_AUTH)
-
ifeq ($(MEASURED_BOOT)-$(TRUSTED_BOARD_BOOT),1-1)
# Support authentication verification and hash calculation
CRYPTO_SUPPORT := 3
@@ -893,231 +749,6 @@
CRYPTO_LIB := $(BUILD_PLAT)/lib/libmbedtls.a
endif
-# SDEI_IN_FCONF is only supported when SDEI_SUPPORT is enabled.
-ifeq ($(SDEI_SUPPORT)-$(SDEI_IN_FCONF),0-1)
- $(error "SDEI_IN_FCONF is only supported when SDEI_SUPPORT is enabled")
-endif
-
-# If pointer authentication is used in the firmware, make sure that all the
-# registers associated to it are also saved and restored.
-# Not doing it would leak the value of the keys used by EL3 to EL1 and S-EL1.
-ifneq ($(ENABLE_PAUTH),0)
- ifeq ($(CTX_INCLUDE_PAUTH_REGS),0)
- $(error Pointer Authentication requires CTX_INCLUDE_PAUTH_REGS to be enabled)
- endif
-endif #(ENABLE_PAUTH)
-
-ifneq ($(CTX_INCLUDE_PAUTH_REGS),0)
- ifneq (${ARCH},aarch64)
- $(error CTX_INCLUDE_PAUTH_REGS requires AArch64)
- endif
-endif #(CTX_INCLUDE_PAUTH_REGS)
-
-# Check ENABLE_FEAT_PAUTH_LR
-ifneq (${ENABLE_FEAT_PAUTH_LR},0)
-
-# Make sure PAUTH is enabled
-ifeq (${ENABLE_PAUTH},0)
- $(error Error: PAUTH_LR cannot be used without PAUTH (see BRANCH_PROTECTION))
-endif
-
-# Make sure SCTLR2 is enabled
-ifeq (${ENABLE_FEAT_SCTLR2},0)
- $(error Error: PAUTH_LR cannot be used without ENABLE_FEAT_SCTLR2)
-endif
-
-# FEAT_PAUTH_LR is only supported in aarch64 state
-ifneq (${ARCH},aarch64)
- $(error ENABLE_FEAT_PAUTH_LR requires AArch64)
-endif
-
-# Currently, FEAT_PAUTH_LR is only supported by arm/clang compilers
-# TODO implement for GCC when support is added
-ifeq ($($(ARCH)-cc-id),arm-clang)
- arch-features := $(arch-features)+pauth-lr
-else
- $(error Error: ENABLE_FEAT_PAUTH_LR not supported for GCC compiler)
-endif
-
-endif # ${ENABLE_FEAT_PAUTH_LR}
-
-ifeq ($(FEATURE_DETECTION),1)
- $(info FEATURE_DETECTION is an experimental feature)
-endif #(FEATURE_DETECTION)
-
-ifneq ($(ENABLE_SME2_FOR_NS), 0)
- ifeq (${ENABLE_SME_FOR_NS}, 0)
- $(warning "ENABLE_SME2_FOR_NS requires ENABLE_SME_FOR_NS also \
- to be set")
- $(warning "Forced ENABLE_SME_FOR_NS=1")
- override ENABLE_SME_FOR_NS := 1
- endif
-endif #(ENABLE_SME2_FOR_NS)
-
-ifeq (${ARM_XLAT_TABLES_LIB_V1}, 1)
- ifeq (${ALLOW_RO_XLAT_TABLES}, 1)
- $(error "ALLOW_RO_XLAT_TABLES requires translation tables \
- library v2")
- endif
-endif #(ARM_XLAT_TABLES_LIB_V1)
-
-ifneq (${DECRYPTION_SUPPORT},none)
- ifeq (${TRUSTED_BOARD_BOOT}, 0)
- $(error TRUSTED_BOARD_BOOT must be enabled for DECRYPTION_SUPPORT \
- to be set)
- endif
-endif #(DECRYPTION_SUPPORT)
-
-# Ensure that no Aarch64-only features are enabled in Aarch32 build
-ifeq (${ARCH},aarch32)
-
- # SME/SVE only supported on AArch64
- ifneq (${ENABLE_SME_FOR_NS},0)
- $(error "ENABLE_SME_FOR_NS cannot be used with ARCH=aarch32")
- endif
-
- ifeq (${ENABLE_SVE_FOR_NS},1)
- # Warning instead of error due to CI dependency on this
- $(error "ENABLE_SVE_FOR_NS cannot be used with ARCH=aarch32")
- endif
-
- # BRBE is not supported in AArch32
- ifeq (${ENABLE_BRBE_FOR_NS},1)
- $(error "ENABLE_BRBE_FOR_NS cannot be used with ARCH=aarch32")
- endif
-
- # FEAT_RNG_TRAP is not supported in AArch32
- ifneq (${ENABLE_FEAT_RNG_TRAP},0)
- $(error "ENABLE_FEAT_RNG_TRAP cannot be used with ARCH=aarch32")
- endif
-
- ifneq (${ENABLE_FEAT_FPMR},0)
- $(error "ENABLE_FEAT_FPMR cannot be used with ARCH=aarch32")
- endif
-
- ifeq (${ARCH_FEATURE_AVAILABILITY},1)
- $(error "ARCH_FEATURE_AVAILABILITY cannot be used with ARCH=aarch32")
- endif
- # FEAT_MOPS is only supported on AArch64
- ifneq (${ENABLE_FEAT_MOPS},0)
- $(error "ENABLE_FEAT_MOPS cannot be used with ARCH=aarch32")
- endif
- ifneq (${ENABLE_FEAT_GCIE},0)
- $(error "ENABLE_FEAT_GCIE cannot be used with ARCH=aarch32")
- endif
-endif #(ARCH=aarch32)
-
-ifneq (${ENABLE_FEAT_FPMR},0)
- ifeq (${ENABLE_FEAT_FGT},0)
- $(error "ENABLE_FEAT_FPMR requires ENABLE_FEAT_FGT")
- endif
- ifeq (${ENABLE_FEAT_HCX},0)
- $(error "ENABLE_FEAT_FPMR requires ENABLE_FEAT_HCX")
- endif
-endif #(ENABLE_FEAT_FPMR)
-
-ifneq (${ENABLE_SME_FOR_NS},0)
- ifeq (${ENABLE_SVE_FOR_NS},0)
- $(error "ENABLE_SME_FOR_NS requires ENABLE_SVE_FOR_NS")
- endif
-endif #(ENABLE_SME_FOR_NS)
-
-# Secure SME/SVE requires the non-secure component as well
-ifeq (${ENABLE_SME_FOR_SWD},1)
- ifeq (${ENABLE_SME_FOR_NS},0)
- $(error "ENABLE_SME_FOR_SWD requires ENABLE_SME_FOR_NS")
- endif
- ifeq (${ENABLE_SVE_FOR_SWD},0)
- $(error "ENABLE_SME_FOR_SWD requires ENABLE_SVE_FOR_SWD")
- endif
-endif #(ENABLE_SME_FOR_SWD)
-
-# Enabling SVE for SWD requires enabling SVE for NWD due to ENABLE_FEAT
-# mechanism.
-ifeq (${ENABLE_SVE_FOR_SWD},1)
- ifeq (${ENABLE_SVE_FOR_NS},0)
- $(error "ENABLE_SVE_FOR_SWD requires ENABLE_SVE_FOR_NS")
- endif
-endif
-
-# Enabling FEAT_MOPS requires access to hcrx_el2 registers which is
-# available only when FEAT_HCX is enabled.
-ifneq (${ENABLE_FEAT_MOPS},0)
- ifeq (${ENABLE_FEAT_HCX},0)
- $(error "ENABLE_FEAT_MOPS requires ENABLE_FEAT_HCX")
- endif
-endif
-
-# Enabling SVE for both the worlds typically requires the context
-# management of SVE registers. The only exception being SPMC at S-EL2.
-ifeq (${ENABLE_SVE_FOR_SWD}, 1)
- ifneq (${ENABLE_SVE_FOR_NS}, 0)
- ifeq (${CTX_INCLUDE_SVE_REGS}-$(SPMD_SPM_AT_SEL2),0-0)
- $(warning "ENABLE_SVE_FOR_SWD and ENABLE_SVE_FOR_NS together require CTX_INCLUDE_SVE_REGS")
- endif
- endif
-endif
-
-# Enabling SVE in either world while enabling CTX_INCLUDE_FPREGS requires
-# CTX_INCLUDE_SVE_REGS to be enabled due to architectural dependency between FP
-# and SVE registers.
-ifeq (${CTX_INCLUDE_FPREGS}, 1)
- ifneq (${ENABLE_SVE_FOR_NS},0)
- ifeq (${CTX_INCLUDE_SVE_REGS},0)
- # Warning instead of error due to CI dependency on this
- $(warning "CTX_INCLUDE_FPREGS and ENABLE_SVE_FOR_NS together require CTX_INCLUDE_SVE_REGS")
- $(warning "Forced ENABLE_SVE_FOR_NS=0")
- override ENABLE_SVE_FOR_NS := 0
- endif
- endif
-endif #(CTX_INCLUDE_FPREGS)
-
-# SVE context management is only required if secure world has access to SVE/FP
-# functionality.
-ifeq (${CTX_INCLUDE_SVE_REGS},1)
- ifeq (${ENABLE_SVE_FOR_SWD},0)
- $(error "CTX_INCLUDE_SVE_REGS requires ENABLE_SVE_FOR_SWD to also be enabled")
- endif
-endif
-
-# SME cannot be used with CTX_INCLUDE_FPREGS since SPM does its own context
-# management including FPU registers.
-ifeq (${CTX_INCLUDE_FPREGS},1)
- ifneq (${ENABLE_SME_FOR_NS},0)
- $(error "ENABLE_SME_FOR_NS cannot be used with CTX_INCLUDE_FPREGS")
- endif
-endif #(CTX_INCLUDE_FPREGS)
-
-ifeq ($(DRTM_SUPPORT),1)
- $(info DRTM_SUPPORT is an experimental feature)
-endif
-
-ifeq (${HOB_LIST},1)
- $(warning HOB_LIST is an experimental feature)
-endif
-
-ifeq (${TRANSFER_LIST},1)
- $(info TRANSFER_LIST is an experimental feature)
-endif
-
-ifeq (${ENABLE_RME},1)
- ifneq (${SEPARATE_CODE_AND_RODATA},1)
- $(error `ENABLE_RME=1` requires `SEPARATE_CODE_AND_RODATA=1`)
- endif
-endif
-
-ifeq ($(PSA_CRYPTO),1)
- $(info PSA_CRYPTO is an experimental feature)
-endif
-
-ifeq ($(DICE_PROTECTION_ENVIRONMENT),1)
- $(info DICE_PROTECTION_ENVIRONMENT is an experimental feature)
-endif
-
-ifeq (${LFA_SUPPORT},1)
- $(warning LFA_SUPPORT is an experimental feature)
-endif #(LFA_SUPPORT)
-
################################################################################
# Process platform overrideable behaviour
################################################################################
diff --git a/make_helpers/constraints.mk b/make_helpers/constraints.mk
new file mode 100644
index 0000000..9e2e221
--- /dev/null
+++ b/make_helpers/constraints.mk
@@ -0,0 +1,385 @@
+#
+# Copyright (c) 2025, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+
+ifneq ($(AARCH32_INSTRUCTION_SET),$(filter $(AARCH32_INSTRUCTION_SET),A32 T32))
+ $(error Error: Unknown AArch32 instruction set ${AARCH32_INSTRUCTION_SET})
+endif
+
+ifneq (${ENABLE_RME},0)
+ ifneq (${ARCH},aarch64)
+ $(error ENABLE_RME requires AArch64)
+ endif
+ ifeq ($(SPMC_AT_EL3),1)
+ $(error SPMC_AT_EL3 and ENABLE_RME cannot both be enabled.)
+ endif
+
+ ifneq (${SPD}, none)
+ ifneq (${SPD}, spmd)
+ $(error ENABLE_RME is incompatible with SPD=${SPD}. Use SPD=spmd)
+ endif
+ endif
+endif
+
+ifeq (${CTX_INCLUDE_EL2_REGS}, 1)
+ ifeq (${SPD},none)
+ ifeq (${ENABLE_RME},0)
+ $(error CTX_INCLUDE_EL2_REGS is available only when SPD \
+ or RME is enabled)
+ endif
+ endif
+endif
+
+################################################################################
+# Verify FEAT_RME, FEAT_SCTLR2 and FEAT_TCR2 are enabled if FEAT_MEC is enabled.
+################################################################################
+
+ifneq (${ENABLE_FEAT_MEC},0)
+ ifeq (${ENABLE_RME},0)
+ $(error FEAT_RME must be enabled when FEAT_MEC is enabled.)
+ endif
+ ifeq (${ENABLE_FEAT_TCR2},0)
+ $(error FEAT_TCR2 must be enabled when FEAT_MEC is enabled.)
+ endif
+ ifeq (${ENABLE_FEAT_SCTLR2},0)
+ $(error FEAT_SCTLR2 must be enabled when FEAT_MEC is enabled.)
+ endif
+endif
+
+# Handle all invalid build configurations with SPMD usage.
+ifeq (${ENABLE_SPMD_LP}, 1)
+ifneq (${SPD},spmd)
+ $(error Error: ENABLE_SPMD_LP requires SPD=spmd.)
+endif
+ifeq ($(SPMC_AT_EL3),1)
+ $(error SPMC at EL3 not supported when enabling SPMD Logical partitions.)
+endif
+endif
+
+ifneq (${SPD},none)
+ifeq (${ARCH},aarch32)
+ $(error "Error: SPD is incompatible with AArch32.")
+endif
+ifdef EL3_PAYLOAD_BASE
+ $(warning "SPD and EL3_PAYLOAD_BASE are incompatible build options.")
+ $(warning "The SPD and its BL32 companion will be present but ignored.")
+endif
+ifeq (${SPD},spmd)
+ifeq ($(SPMD_SPM_AT_SEL2),1)
+ ifeq ($(SPMC_AT_EL3),1)
+ $(error SPM cannot be enabled in both S-EL2 and EL3.)
+ endif
+ ifeq ($(CTX_INCLUDE_SVE_REGS),1)
+ $(error SVE context management not needed with Hafnium SPMC.)
+ endif
+endif
+
+ifeq ($(SPMC_AT_EL3_SEL0_SP),1)
+ ifneq ($(SPMC_AT_EL3),1)
+ $(error SEL0 SP cannot be enabled without SPMC at EL3)
+ endif
+endif
+endif #(SPD=spmd)
+endif #(SPD!=none)
+
+# USE_DEBUGFS experimental feature recommended only in debug builds
+ifeq (${USE_DEBUGFS},1)
+ ifeq (${DEBUG},1)
+ $(warning DEBUGFS experimental feature is enabled.)
+ else
+ $(warning DEBUGFS experimental, recommended in DEBUG builds ONLY)
+ endif
+endif #(USE_DEBUGFS)
+
+# USE_SPINLOCK_CAS requires AArch64 build
+ifeq (${USE_SPINLOCK_CAS},1)
+ ifneq (${ARCH},aarch64)
+ $(error USE_SPINLOCK_CAS requires AArch64)
+ endif
+endif #(USE_SPINLOCK_CAS)
+
+ifdef EL3_PAYLOAD_BASE
+ ifdef PRELOADED_BL33_BASE
+ $(warning "PRELOADED_BL33_BASE and EL3_PAYLOAD_BASE are \
+ incompatible build options. EL3_PAYLOAD_BASE has priority.")
+ endif
+ ifneq (${GENERATE_COT},0)
+ $(error "GENERATE_COT and EL3_PAYLOAD_BASE are incompatible \
+ build options.")
+ endif
+ ifneq (${TRUSTED_BOARD_BOOT},0)
+ $(error "TRUSTED_BOARD_BOOT and EL3_PAYLOAD_BASE are \
+ incompatible \ build options.")
+ endif
+endif #(EL3_PAYLOAD_BASE)
+
+ifeq (${NEED_BL33},yes)
+ ifdef EL3_PAYLOAD_BASE
+ $(warning "BL33 image is not needed when option \
+ BL33_PAYLOAD_BASE is used and won't be added to the FIP file.")
+ endif
+ ifdef PRELOADED_BL33_BASE
+ $(warning "BL33 image is not needed when option \
+ PRELOADED_BL33_BASE is used and won't be added to the FIP file.")
+ endif
+endif #(NEED_BL33)
+
+# When building for systems with hardware-assisted coherency, there's no need to
+# use USE_COHERENT_MEM. Require that USE_COHERENT_MEM must be set to 0 too.
+ifeq ($(HW_ASSISTED_COHERENCY)-$(USE_COHERENT_MEM),1-1)
+ $(error USE_COHERENT_MEM cannot be enabled with HW_ASSISTED_COHERENCY)
+endif
+
+#For now, BL2_IN_XIP_MEM is only supported when RESET_TO_BL2 is 1.
+ifeq ($(RESET_TO_BL2)-$(BL2_IN_XIP_MEM),0-1)
+ $(error "BL2_IN_XIP_MEM is only supported when RESET_TO_BL2 is enabled")
+endif
+
+# RAS_EXTENSION is deprecated, provide alternate build options
+ifeq ($(RAS_EXTENSION),1)
+ $(error "RAS_EXTENSION is now deprecated, please use ENABLE_FEAT_RAS \
+ and HANDLE_EA_EL3_FIRST_NS instead")
+endif
+
+
+# When FAULT_INJECTION_SUPPORT is used, require that FEAT_RAS is enabled
+ifeq ($(FAULT_INJECTION_SUPPORT),1)
+ ifeq ($(ENABLE_FEAT_RAS),0)
+ $(error For FAULT_INJECTION_SUPPORT, ENABLE_FEAT_RAS must not be 0)
+ endif
+endif #(FAULT_INJECTION_SUPPORT)
+
+# DYN_DISABLE_AUTH can be set only when TRUSTED_BOARD_BOOT=1
+ifeq ($(DYN_DISABLE_AUTH), 1)
+ ifeq (${TRUSTED_BOARD_BOOT}, 0)
+ $(error "TRUSTED_BOARD_BOOT must be enabled for DYN_DISABLE_AUTH \
+ to be set.")
+ endif
+endif #(DYN_DISABLE_AUTH)
+
+# SDEI_IN_FCONF is only supported when SDEI_SUPPORT is enabled.
+ifeq ($(SDEI_SUPPORT)-$(SDEI_IN_FCONF),0-1)
+ $(error "SDEI_IN_FCONF is only supported when SDEI_SUPPORT is enabled")
+endif
+
+# If pointer authentication is used in the firmware, make sure that all the
+# registers associated to it are also saved and restored.
+# Not doing it would leak the value of the keys used by EL3 to EL1 and S-EL1.
+ifneq ($(ENABLE_PAUTH),0)
+ ifeq ($(CTX_INCLUDE_PAUTH_REGS),0)
+ $(error Pointer Authentication requires CTX_INCLUDE_PAUTH_REGS to be enabled)
+ endif
+endif #(ENABLE_PAUTH)
+
+ifneq ($(CTX_INCLUDE_PAUTH_REGS),0)
+ ifneq (${ARCH},aarch64)
+ $(error CTX_INCLUDE_PAUTH_REGS requires AArch64)
+ endif
+endif #(CTX_INCLUDE_PAUTH_REGS)
+
+# Check ENABLE_FEAT_PAUTH_LR
+ifneq (${ENABLE_FEAT_PAUTH_LR},0)
+
+# Make sure PAUTH is enabled
+ifeq (${ENABLE_PAUTH},0)
+ $(error Error: PAUTH_LR cannot be used without PAUTH (see BRANCH_PROTECTION))
+endif
+
+# Make sure SCTLR2 is enabled
+ifeq (${ENABLE_FEAT_SCTLR2},0)
+ $(error Error: PAUTH_LR cannot be used without ENABLE_FEAT_SCTLR2)
+endif
+
+# FEAT_PAUTH_LR is only supported in aarch64 state
+ifneq (${ARCH},aarch64)
+ $(error ENABLE_FEAT_PAUTH_LR requires AArch64)
+endif
+
+# Currently, FEAT_PAUTH_LR is only supported by arm/clang compilers
+# TODO implement for GCC when support is added
+ifeq ($($(ARCH)-cc-id),arm-clang)
+ arch-features := $(arch-features)+pauth-lr
+else
+ $(error Error: ENABLE_FEAT_PAUTH_LR not supported for GCC compiler)
+endif
+
+endif # ${ENABLE_FEAT_PAUTH_LR}
+
+ifeq ($(FEATURE_DETECTION),1)
+ $(info FEATURE_DETECTION is an experimental feature)
+endif #(FEATURE_DETECTION)
+
+ifneq ($(ENABLE_SME2_FOR_NS), 0)
+ ifeq (${ENABLE_SME_FOR_NS}, 0)
+ $(warning "ENABLE_SME2_FOR_NS requires ENABLE_SME_FOR_NS also \
+ to be set")
+ $(warning "Forced ENABLE_SME_FOR_NS=1")
+ override ENABLE_SME_FOR_NS := 1
+ endif
+endif #(ENABLE_SME2_FOR_NS)
+
+ifeq (${ARM_XLAT_TABLES_LIB_V1}, 1)
+ ifeq (${ALLOW_RO_XLAT_TABLES}, 1)
+ $(error "ALLOW_RO_XLAT_TABLES requires translation tables \
+ library v2")
+ endif
+endif #(ARM_XLAT_TABLES_LIB_V1)
+
+ifneq (${DECRYPTION_SUPPORT},none)
+ ifeq (${TRUSTED_BOARD_BOOT}, 0)
+ $(error TRUSTED_BOARD_BOOT must be enabled for DECRYPTION_SUPPORT \
+ to be set)
+ endif
+endif #(DECRYPTION_SUPPORT)
+
+# Ensure that no Aarch64-only features are enabled in Aarch32 build
+ifeq (${ARCH},aarch32)
+
+ # SME/SVE only supported on AArch64
+ ifneq (${ENABLE_SME_FOR_NS},0)
+ $(error "ENABLE_SME_FOR_NS cannot be used with ARCH=aarch32")
+ endif
+
+ ifeq (${ENABLE_SVE_FOR_NS},1)
+ # Warning instead of error due to CI dependency on this
+ $(error "ENABLE_SVE_FOR_NS cannot be used with ARCH=aarch32")
+ endif
+
+ # BRBE is not supported in AArch32
+ ifeq (${ENABLE_BRBE_FOR_NS},1)
+ $(error "ENABLE_BRBE_FOR_NS cannot be used with ARCH=aarch32")
+ endif
+
+ # FEAT_RNG_TRAP is not supported in AArch32
+ ifneq (${ENABLE_FEAT_RNG_TRAP},0)
+ $(error "ENABLE_FEAT_RNG_TRAP cannot be used with ARCH=aarch32")
+ endif
+
+ ifneq (${ENABLE_FEAT_FPMR},0)
+ $(error "ENABLE_FEAT_FPMR cannot be used with ARCH=aarch32")
+ endif
+
+ ifeq (${ARCH_FEATURE_AVAILABILITY},1)
+ $(error "ARCH_FEATURE_AVAILABILITY cannot be used with ARCH=aarch32")
+ endif
+ # FEAT_MOPS is only supported on AArch64
+ ifneq (${ENABLE_FEAT_MOPS},0)
+ $(error "ENABLE_FEAT_MOPS cannot be used with ARCH=aarch32")
+ endif
+ ifneq (${ENABLE_FEAT_GCIE},0)
+ $(error "ENABLE_FEAT_GCIE cannot be used with ARCH=aarch32")
+ endif
+endif #(ARCH=aarch32)
+
+ifneq (${ENABLE_FEAT_FPMR},0)
+ ifeq (${ENABLE_FEAT_FGT},0)
+ $(error "ENABLE_FEAT_FPMR requires ENABLE_FEAT_FGT")
+ endif
+ ifeq (${ENABLE_FEAT_HCX},0)
+ $(error "ENABLE_FEAT_FPMR requires ENABLE_FEAT_HCX")
+ endif
+endif #(ENABLE_FEAT_FPMR)
+
+ifneq (${ENABLE_SME_FOR_NS},0)
+ ifeq (${ENABLE_SVE_FOR_NS},0)
+ $(error "ENABLE_SME_FOR_NS requires ENABLE_SVE_FOR_NS")
+ endif
+endif #(ENABLE_SME_FOR_NS)
+
+# Secure SME/SVE requires the non-secure component as well
+ifeq (${ENABLE_SME_FOR_SWD},1)
+ ifeq (${ENABLE_SME_FOR_NS},0)
+ $(error "ENABLE_SME_FOR_SWD requires ENABLE_SME_FOR_NS")
+ endif
+ ifeq (${ENABLE_SVE_FOR_SWD},0)
+ $(error "ENABLE_SME_FOR_SWD requires ENABLE_SVE_FOR_SWD")
+ endif
+endif #(ENABLE_SME_FOR_SWD)
+
+# Enabling SVE for SWD requires enabling SVE for NWD due to ENABLE_FEAT
+# mechanism.
+ifeq (${ENABLE_SVE_FOR_SWD},1)
+ ifeq (${ENABLE_SVE_FOR_NS},0)
+ $(error "ENABLE_SVE_FOR_SWD requires ENABLE_SVE_FOR_NS")
+ endif
+endif
+
+# Enabling FEAT_MOPS requires access to hcrx_el2 registers which is
+# available only when FEAT_HCX is enabled.
+ifneq (${ENABLE_FEAT_MOPS},0)
+ ifeq (${ENABLE_FEAT_HCX},0)
+ $(error "ENABLE_FEAT_MOPS requires ENABLE_FEAT_HCX")
+ endif
+endif
+
+# Enabling SVE for both the worlds typically requires the context
+# management of SVE registers. The only exception being SPMC at S-EL2.
+ifeq (${ENABLE_SVE_FOR_SWD}, 1)
+ ifneq (${ENABLE_SVE_FOR_NS}, 0)
+ ifeq (${CTX_INCLUDE_SVE_REGS}-$(SPMD_SPM_AT_SEL2),0-0)
+ $(warning "ENABLE_SVE_FOR_SWD and ENABLE_SVE_FOR_NS together require CTX_INCLUDE_SVE_REGS")
+ endif
+ endif
+endif
+
+# Enabling SVE in either world while enabling CTX_INCLUDE_FPREGS requires
+# CTX_INCLUDE_SVE_REGS to be enabled due to architectural dependency between FP
+# and SVE registers.
+ifeq (${CTX_INCLUDE_FPREGS}, 1)
+ ifneq (${ENABLE_SVE_FOR_NS},0)
+ ifeq (${CTX_INCLUDE_SVE_REGS},0)
+ # Warning instead of error due to CI dependency on this
+ $(warning "CTX_INCLUDE_FPREGS and ENABLE_SVE_FOR_NS together require CTX_INCLUDE_SVE_REGS")
+ $(warning "Forced ENABLE_SVE_FOR_NS=0")
+ override ENABLE_SVE_FOR_NS := 0
+ endif
+ endif
+endif #(CTX_INCLUDE_FPREGS)
+
+# SVE context management is only required if secure world has access to SVE/FP
+# functionality.
+ifeq (${CTX_INCLUDE_SVE_REGS},1)
+ ifeq (${ENABLE_SVE_FOR_SWD},0)
+ $(error "CTX_INCLUDE_SVE_REGS requires ENABLE_SVE_FOR_SWD to also be enabled")
+ endif
+endif
+
+# SME cannot be used with CTX_INCLUDE_FPREGS since SPM does its own context
+# management including FPU registers.
+ifeq (${CTX_INCLUDE_FPREGS},1)
+ ifneq (${ENABLE_SME_FOR_NS},0)
+ $(error "ENABLE_SME_FOR_NS cannot be used with CTX_INCLUDE_FPREGS")
+ endif
+endif #(CTX_INCLUDE_FPREGS)
+
+ifeq ($(DRTM_SUPPORT),1)
+ $(info DRTM_SUPPORT is an experimental feature)
+endif
+
+ifeq (${HOB_LIST},1)
+ $(warning HOB_LIST is an experimental feature)
+endif
+
+ifeq (${TRANSFER_LIST},1)
+ $(info TRANSFER_LIST is an experimental feature)
+endif
+
+ifeq (${ENABLE_RME},1)
+ ifneq (${SEPARATE_CODE_AND_RODATA},1)
+ $(error `ENABLE_RME=1` requires `SEPARATE_CODE_AND_RODATA=1`)
+ endif
+endif
+
+ifeq ($(PSA_CRYPTO),1)
+ $(info PSA_CRYPTO is an experimental feature)
+endif
+
+ifeq ($(DICE_PROTECTION_ENVIRONMENT),1)
+ $(info DICE_PROTECTION_ENVIRONMENT is an experimental feature)
+endif
+
+ifeq (${LFA_SUPPORT},1)
+ $(warning LFA_SUPPORT is an experimental feature)
+endif #(LFA_SUPPORT)