make, doc: Add build option to create chain of trust at runtime
Added a build option 'COT_DESC_IN_DTB' to create chain of trust
at runtime using fconf.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I92b257ac4ece8bbf56f05a41d1e4056e2422ab89
diff --git a/Makefile b/Makefile
index becbf03..65ebb93 100644
--- a/Makefile
+++ b/Makefile
@@ -659,6 +659,10 @@
SDEI_SUPPORT is enabled")
endif
+ifeq ($(COT_DESC_IN_DTB),1)
+ $(info CoT in device tree is an experimental feature)
+endif
+
# If pointer authentication is used in the firmware, make sure that all the
# registers associated to it are also saved and restored.
# Not doing it would leak the value of the keys used by EL3 to EL1 and S-EL1.
@@ -903,6 +907,7 @@
$(eval $(call assert_boolean,ENCRYPT_BL32))
$(eval $(call assert_boolean,ERRATA_SPECULATIVE_AT))
$(eval $(call assert_boolean,RAS_TRAP_LOWER_EL_ERR_ACCESS))
+$(eval $(call assert_boolean,COT_DESC_IN_DTB))
$(eval $(call assert_numeric,ARM_ARCH_MAJOR))
$(eval $(call assert_numeric,ARM_ARCH_MINOR))
@@ -983,6 +988,7 @@
$(eval $(call add_define,USE_SPINLOCK_CAS))
$(eval $(call add_define,ERRATA_SPECULATIVE_AT))
$(eval $(call add_define,RAS_TRAP_LOWER_EL_ERR_ACCESS))
+$(eval $(call add_define,COT_DESC_IN_DTB))
ifeq (${SANITIZE_UB},trap)
$(eval $(call add_define,MONITOR_TRAPS))
diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst
index 81903e1..bfc50df 100644
--- a/docs/getting_started/build-options.rst
+++ b/docs/getting_started/build-options.rst
@@ -648,6 +648,13 @@
configuration device tree, instead of static structure in the code base.
This is currently an experimental feature.
+- ``COT_DESC_IN_DTB``: This flag determines whether to create COT descriptors
+ at runtime using fconf. If this flag is enabled, COT descriptors are
+ statically captured in tb_fw_config file in the form of device tree nodes
+ and properties. Currently, COT descriptors used by BL2 are moved to the
+ device tree and COT descriptors used by BL1 are retained in the code
+ base statically. This is currently an experimental feature.
+
- ``SDEI_IN_FCONF``: This flag determines whether to configure SDEI setup in
runtime using firmware configuration framework. The platform specific SDEI
shared and private events configuration is retrieved from device tree rather
diff --git a/make_helpers/defaults.mk b/make_helpers/defaults.mk
index 6db228f..9a6fd58 100644
--- a/make_helpers/defaults.mk
+++ b/make_helpers/defaults.mk
@@ -305,3 +305,6 @@
# Trap RAS error record access from lower EL
RAS_TRAP_LOWER_EL_ERR_ACCESS := 0
+
+# Build option to create cot descriptors using fconf
+COT_DESC_IN_DTB := 0