fix: remove "experimental" tag for stable features
there are features which are marked as experimental even though they
are stable and used for quite some time.
Following features are no longer marked as experimental
- SPMD
- MEASURED_BOOT
- FCONF and associated build flags
- DECRYPTION_SUPPORT and associated build flags
- ENABLE_PAUTH
- ENABLE_BTI
- USE_SPINLOCK_CAS
- GICv3 Multichip support
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I4bb653d9c413c66095ec31f0b8aefeb13ea04ee9
diff --git a/docs/about/features.rst b/docs/about/features.rst
index f5fc1e0..4b7fbe5 100644
--- a/docs/about/features.rst
+++ b/docs/about/features.rst
@@ -74,7 +74,7 @@
loading of a hardware configuration (for example, a kernel device tree)
as part of the FIP, to be passed through the firmware stages.
This feature is now incorporated inside the firmware configuration framework
- (fconf), which is still flagged as experimental.
+ (fconf).
- Support for alternative boot flows, for example to support platforms where
the EL3 Runtime Software is loaded using other firmware or a separate
@@ -94,9 +94,7 @@
- Support for ARMv8.3 pointer authentication in the normal and secure worlds.
The use of pointer authentication in the normal world is enabled whenever
architectural support is available, without the need for additional build
- flags. Use of pointer authentication in the secure world remains an
- experimental configuration at this time and requires the
- ``BRANCH_PROTECTION`` option to be set to non-zero.
+ flags.
- Position-Independent Executable (PIE) support. Currently for BL2, BL31, and
TSP, with further support to be added in a future release.
diff --git a/docs/design/firmware-design.rst b/docs/design/firmware-design.rst
index c12e73f..ef500ff 100644
--- a/docs/design/firmware-design.rst
+++ b/docs/design/firmware-design.rst
@@ -2616,8 +2616,6 @@
``CTX_INCLUDE_PAUTH_REGS`` to 1. This enables pointer authentication in BL1,
BL2, BL31, and the TSP if it is used.
- These options are experimental features.
-
Note that Pointer Authentication is enabled for Non-secure world irrespective
of the value of these build flags if the CPU supports it.
@@ -2629,8 +2627,7 @@
~~~~~~~~~
- Branch Target Identification feature is selected by ``BRANCH_PROTECTION``
- option set to 1. This option defaults to 0 and this is an experimental
- feature.
+ option set to 1. This option defaults to 0.
- Memory Tagging Extension feature is unconditionally enabled for both worlds
(at EL0 and S-EL0) if it is only supported at EL0. If instead it is
diff --git a/docs/design/trusted-board-boot.rst b/docs/design/trusted-board-boot.rst
index 96cf24c..46177d7 100644
--- a/docs/design/trusted-board-boot.rst
+++ b/docs/design/trusted-board-boot.rst
@@ -239,9 +239,6 @@
R060_TBBR_FUNCTION as specified in the `Trusted Board Boot Requirements (TBBR)`_
document.
-Note that due to security considerations and complexity of this feature, it is
-marked as experimental.
-
Firmware Encryption Tool
------------------------
diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst
index 1259881..8b5e92e 100644
--- a/docs/getting_started/build-options.rst
+++ b/docs/getting_started/build-options.rst
@@ -120,7 +120,7 @@
| 4 | bti | N | Y |
+-------+--------------+-------+-----+
- This option defaults to 0 and this is an experimental feature.
+ This option defaults to 0.
Note that Pointer Authentication is enabled for Non-secure world
irrespective of the value of this option if the CPU supports it.
@@ -181,7 +181,7 @@
- ``CTX_INCLUDE_PAUTH_REGS``: Boolean option that, when set to 1, enables
Pointer Authentication for Secure world. This will cause the ARMv8.3-PAuth
registers to be included when saving and restoring the CPU context as
- part of world switch. Default value is 0 and this is an experimental feature.
+ part of world switch. Default value is 0.
Note that Pointer Authentication is enabled for Non-secure world irrespective
of the value of this flag if the CPU supports it.
@@ -192,7 +192,7 @@
authenticated decryption algorithm to be used to decrypt firmware/s during
boot. It accepts 2 values: ``aes_gcm`` and ``none``. The default value of
this flag is ``none`` to disable firmware decryption which is an optional
- feature as per TBBR. Also, it is an experimental feature.
+ feature as per TBBR.
- ``DISABLE_BIN_GENERATION``: Boolean option to disable the generation
of the binary image. If set to 1, then only the ELF image is built.
@@ -312,20 +312,18 @@
component of the option ``-fstack-protector-$ENABLE_STACK_PROTECTOR``.
- ``ENCRYPT_BL31``: Binary flag to enable encryption of BL31 firmware. This
- flag depends on ``DECRYPTION_SUPPORT`` build flag which is marked as
- experimental.
+ flag depends on ``DECRYPTION_SUPPORT`` build flag.
- ``ENCRYPT_BL32``: Binary flag to enable encryption of Secure BL32 payload.
- This flag depends on ``DECRYPTION_SUPPORT`` build flag which is marked as
- experimental.
+ This flag depends on ``DECRYPTION_SUPPORT`` build flag.
- ``ENC_KEY``: A 32-byte (256-bit) symmetric key in hex string format. It could
either be SSK or BSSK depending on ``FW_ENC_STATUS`` flag. This value depends
- on ``DECRYPTION_SUPPORT`` build flag which is marked as experimental.
+ on ``DECRYPTION_SUPPORT`` build flag.
- ``ENC_NONCE``: A 12-byte (96-bit) encryption nonce or Initialization Vector
(IV) in hex string format. This value depends on ``DECRYPTION_SUPPORT``
- build flag which is marked as experimental.
+ build flag.
- ``ERROR_DEPRECATED``: This option decides whether to treat the usage of
deprecated platform APIs, helper functions or drivers within Trusted
@@ -364,8 +362,7 @@
1: Encryption is done with Binding Secret Symmetric Key (BSSK) which is
unique per device.
- This flag depends on ``DECRYPTION_SUPPORT`` build flag which is marked as
- experimental.
+ This flag depends on ``DECRYPTION_SUPPORT`` build flag.
- ``GENERATE_COT``: Boolean flag used to build and execute the ``cert_create``
tool to create certificates as per the Chain of Trust described in
@@ -484,8 +481,7 @@
in order to provide trust that the code taking the measurements and recording
them has not been tampered with.
- This option defaults to 0 and is an experimental feature in the stage of
- development.
+ This option defaults to 0.
- ``NON_TRUSTED_WORLD_KEY``: This option is used when ``GENERATE_COT=1``. It
specifies the file that contains the Non-Trusted World private key in PEM
@@ -695,26 +691,25 @@
- ``ARM_IO_IN_DTB``: This flag determines whether to use IO based on the
firmware configuration framework. This will move the io_policies into a
configuration device tree, instead of static structure in the code base.
- This is currently an experimental feature.
- ``COT_DESC_IN_DTB``: This flag determines whether to create COT descriptors
at runtime using fconf. If this flag is enabled, COT descriptors are
statically captured in tb_fw_config file in the form of device tree nodes
and properties. Currently, COT descriptors used by BL2 are moved to the
device tree and COT descriptors used by BL1 are retained in the code
- base statically. This is currently an experimental feature.
+ base statically.
- ``SDEI_IN_FCONF``: This flag determines whether to configure SDEI setup in
runtime using firmware configuration framework. The platform specific SDEI
shared and private events configuration is retrieved from device tree rather
- than static C structures at compile time. This is currently an experimental
- feature and is only supported if SDEI_SUPPORT build flag is enabled.
+ than static C structures at compile time. This is only supported if
+ SDEI_SUPPORT build flag is enabled.
- ``SEC_INT_DESC_IN_FCONF``: This flag determines whether to configure Group 0
and Group1 secure interrupts using the firmware configuration framework. The
platform specific secure interrupt property descriptor is retrieved from
device tree in runtime rather than depending on static C structure at compile
- time. This is currently an experimental feature.
+ time.
- ``USE_ROMLIB``: This flag determines whether library at ROM will be used.
This feature creates a library of functions to be placed in ROM and thus
diff --git a/docs/getting_started/porting-guide.rst b/docs/getting_started/porting-guide.rst
index 6569a47..57eba3c 100644
--- a/docs/getting_started/porting-guide.rst
+++ b/docs/getting_started/porting-guide.rst
@@ -891,8 +891,7 @@
On success the function should return 0 and a negative error code otherwise.
-Note that this API depends on ``DECRYPTION_SUPPORT`` build flag which is
-marked as experimental.
+Note that this API depends on ``DECRYPTION_SUPPORT`` build flag.
Function : plat_fwu_set_images_source() [when PSA_FWU_SUPPORT == 1]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~