make, doc: Add build option to create chain of trust at runtime
Added a build option 'COT_DESC_IN_DTB' to create chain of trust
at runtime using fconf.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I92b257ac4ece8bbf56f05a41d1e4056e2422ab89
diff --git a/Makefile b/Makefile
index becbf03..65ebb93 100644
--- a/Makefile
+++ b/Makefile
@@ -659,6 +659,10 @@
SDEI_SUPPORT is enabled")
endif
+ifeq ($(COT_DESC_IN_DTB),1)
+ $(info CoT in device tree is an experimental feature)
+endif
+
# If pointer authentication is used in the firmware, make sure that all the
# registers associated to it are also saved and restored.
# Not doing it would leak the value of the keys used by EL3 to EL1 and S-EL1.
@@ -903,6 +907,7 @@
$(eval $(call assert_boolean,ENCRYPT_BL32))
$(eval $(call assert_boolean,ERRATA_SPECULATIVE_AT))
$(eval $(call assert_boolean,RAS_TRAP_LOWER_EL_ERR_ACCESS))
+$(eval $(call assert_boolean,COT_DESC_IN_DTB))
$(eval $(call assert_numeric,ARM_ARCH_MAJOR))
$(eval $(call assert_numeric,ARM_ARCH_MINOR))
@@ -983,6 +988,7 @@
$(eval $(call add_define,USE_SPINLOCK_CAS))
$(eval $(call add_define,ERRATA_SPECULATIVE_AT))
$(eval $(call add_define,RAS_TRAP_LOWER_EL_ERR_ACCESS))
+$(eval $(call add_define,COT_DESC_IN_DTB))
ifeq (${SANITIZE_UB},trap)
$(eval $(call add_define,MONITOR_TRAPS))