Allow disabling authentication dynamically
This patch allows platforms to dynamically disable authentication of
images during cold boot. This capability is controlled via the
DYN_DISABLE_AUTH build flag and is only meant for development
purposes.
Change-Id: Ia3df8f898824319bb76d5cc855b5ad6c3d227260
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
diff --git a/Makefile b/Makefile
index b7116a7..17630fb 100644
--- a/Makefile
+++ b/Makefile
@@ -401,6 +401,16 @@
endif
endif
+# DYN_DISABLE_AUTH can be set only when TRUSTED_BOARD_BOOT=1 and LOAD_IMAGE_V2=1
+ifeq ($(DYN_DISABLE_AUTH), 1)
+ ifeq (${TRUSTED_BOARD_BOOT}, 0)
+ $(error "TRUSTED_BOARD_BOOT must be enabled for DYN_DISABLE_AUTH to be set.")
+ endif
+ ifeq (${LOAD_IMAGE_V2}, 0)
+ $(error "DYN_DISABLE_AUTH is only supported for LOAD_IMAGE_V2.")
+ endif
+endif
+
################################################################################
# Process platform overrideable behaviour
################################################################################
@@ -517,6 +527,7 @@
$(eval $(call assert_boolean,CTX_INCLUDE_FPREGS))
$(eval $(call assert_boolean,DEBUG))
$(eval $(call assert_boolean,DISABLE_PEDANTIC))
+$(eval $(call assert_boolean,DYN_DISABLE_AUTH))
$(eval $(call assert_boolean,EL3_EXCEPTION_HANDLING))
$(eval $(call assert_boolean,ENABLE_AMU))
$(eval $(call assert_boolean,ENABLE_ASSERTIONS))
@@ -620,6 +631,11 @@
$(eval $(call add_define,AARCH64))
endif
+# Define the DYN_DISABLE_AUTH flag only if set.
+ifeq (${DYN_DISABLE_AUTH},1)
+$(eval $(call add_define,DYN_DISABLE_AUTH))
+endif
+
################################################################################
# Build targets
################################################################################