Paul Beesley | d2fcc4e | 2019-05-29 13:59:40 +0100 | [diff] [blame] | 1 | Arm Development Platform Build Options |
| 2 | ====================================== |
| 3 | |
| 4 | Arm Platform Build Options |
| 5 | -------------------------- |
| 6 | |
| 7 | - ``ARM_BL31_IN_DRAM``: Boolean option to select loading of BL31 in TZC secured |
| 8 | DRAM. By default, BL31 is in the secure SRAM. Set this flag to 1 to load |
| 9 | BL31 in TZC secured DRAM. If TSP is present, then setting this option also |
| 10 | sets the TSP location to DRAM and ignores the ``ARM_TSP_RAM_LOCATION`` build |
| 11 | flag. |
| 12 | |
| 13 | - ``ARM_CONFIG_CNTACR``: boolean option to unlock access to the ``CNTBase<N>`` |
| 14 | frame registers by setting the ``CNTCTLBase.CNTACR<N>`` register bits. The |
| 15 | frame number ``<N>`` is defined by ``PLAT_ARM_NSTIMER_FRAME_ID``, which |
| 16 | should match the frame used by the Non-Secure image (normally the Linux |
| 17 | kernel). Default is true (access to the frame is allowed). |
| 18 | |
| 19 | - ``ARM_DISABLE_TRUSTED_WDOG``: boolean option to disable the Trusted Watchdog. |
| 20 | By default, Arm platforms use a watchdog to trigger a system reset in case |
| 21 | an error is encountered during the boot process (for example, when an image |
| 22 | could not be loaded or authenticated). The watchdog is enabled in the early |
| 23 | platform setup hook at BL1 and disabled in the BL1 prepare exit hook. The |
| 24 | Trusted Watchdog may be disabled at build time for testing or development |
| 25 | purposes. |
| 26 | |
| 27 | - ``ARM_LINUX_KERNEL_AS_BL33``: The Linux kernel expects registers x0-x3 to |
| 28 | have specific values at boot. This boolean option allows the Trusted Firmware |
| 29 | to have a Linux kernel image as BL33 by preparing the registers to these |
| 30 | values before jumping to BL33. This option defaults to 0 (disabled). For |
| 31 | AArch64 ``RESET_TO_BL31`` and for AArch32 ``RESET_TO_SP_MIN`` must be 1 when |
| 32 | using it. If this option is set to 1, ``ARM_PRELOADED_DTB_BASE`` must be set |
| 33 | to the location of a device tree blob (DTB) already loaded in memory. The |
| 34 | Linux Image address must be specified using the ``PRELOADED_BL33_BASE`` |
| 35 | option. |
| 36 | |
| 37 | - ``ARM_PLAT_MT``: This flag determines whether the Arm platform layer has to |
| 38 | cater for the multi-threading ``MT`` bit when accessing MPIDR. When this flag |
| 39 | is set, the functions which deal with MPIDR assume that the ``MT`` bit in |
| 40 | MPIDR is set and access the bit-fields in MPIDR accordingly. Default value of |
| 41 | this flag is 0. Note that this option is not used on FVP platforms. |
| 42 | |
| 43 | - ``ARM_RECOM_STATE_ID_ENC``: The PSCI1.0 specification recommends an encoding |
| 44 | for the construction of composite state-ID in the power-state parameter. |
| 45 | The existing PSCI clients currently do not support this encoding of |
| 46 | State-ID yet. Hence this flag is used to configure whether to use the |
| 47 | recommended State-ID encoding or not. The default value of this flag is 0, |
| 48 | in which case the platform is configured to expect NULL in the State-ID |
| 49 | field of power-state parameter. |
| 50 | |
| 51 | - ``ARM_ROTPK_LOCATION``: used when ``TRUSTED_BOARD_BOOT=1``. It specifies the |
laurenw-arm | 97d9c32 | 2022-12-01 16:54:50 -0600 | [diff] [blame] | 52 | location of the ROTPK returned by the function ``plat_get_rotpk_info()`` |
Paul Beesley | d2fcc4e | 2019-05-29 13:59:40 +0100 | [diff] [blame] | 53 | for Arm platforms. Depending on the selected option, the proper private key |
| 54 | must be specified using the ``ROT_KEY`` option when building the Trusted |
| 55 | Firmware. This private key will be used by the certificate generation tool |
| 56 | to sign the BL2 and Trusted Key certificates. Available options for |
| 57 | ``ARM_ROTPK_LOCATION`` are: |
| 58 | |
| 59 | - ``regs`` : return the ROTPK hash stored in the Trusted root-key storage |
Max Shvetsov | 06dba29 | 2019-12-06 11:50:12 +0000 | [diff] [blame] | 60 | registers. |
Paul Beesley | d2fcc4e | 2019-05-29 13:59:40 +0100 | [diff] [blame] | 61 | - ``devel_rsa`` : return a development public key hash embedded in the BL1 |
| 62 | and BL2 binaries. This hash has been obtained from the RSA public key |
| 63 | ``arm_rotpk_rsa.der``, located in ``plat/arm/board/common/rotpk``. To use |
| 64 | this option, ``arm_rotprivk_rsa.pem`` must be specified as ``ROT_KEY`` |
| 65 | when creating the certificates. |
| 66 | - ``devel_ecdsa`` : return a development public key hash embedded in the BL1 |
| 67 | and BL2 binaries. This hash has been obtained from the ECDSA public key |
| 68 | ``arm_rotpk_ecdsa.der``, located in ``plat/arm/board/common/rotpk``. To |
| 69 | use this option, ``arm_rotprivk_ecdsa.pem`` must be specified as |
| 70 | ``ROT_KEY`` when creating the certificates. |
laurenw-arm | 97d9c32 | 2022-12-01 16:54:50 -0600 | [diff] [blame] | 71 | - ``devel_full_dev_rsa_key`` : returns a development public key embedded in |
| 72 | the BL1 and BL2 binaries. This key has been obtained from the RSA public |
| 73 | key ``arm_rotpk_rsa.der``, located in ``plat/arm/board/common/rotpk``. |
Paul Beesley | d2fcc4e | 2019-05-29 13:59:40 +0100 | [diff] [blame] | 74 | |
laurenw-arm | 97d9c32 | 2022-12-01 16:54:50 -0600 | [diff] [blame] | 75 | - ``ARM_ROTPK_HASH``: used when ``ARM_ROTPK_LOCATION=devel_*``, excluding |
| 76 | ``devel_full_dev_rsa_key``. Specifies the location of the ROTPK hash. Not |
| 77 | expected to be a build option. This defaults to |
| 78 | ``plat/arm/board/common/rotpk/*_sha256.bin`` depending on the specified |
| 79 | algorithm. Providing ``ROT_KEY`` enforces generation of the hash from the |
| 80 | ``ROT_KEY`` and overwrites the default hash file. |
Max Shvetsov | 06dba29 | 2019-12-06 11:50:12 +0000 | [diff] [blame] | 81 | |
Paul Beesley | d2fcc4e | 2019-05-29 13:59:40 +0100 | [diff] [blame] | 82 | - ``ARM_TSP_RAM_LOCATION``: location of the TSP binary. Options: |
| 83 | |
| 84 | - ``tsram`` : Trusted SRAM (default option when TBB is not enabled) |
| 85 | - ``tdram`` : Trusted DRAM (if available) |
| 86 | - ``dram`` : Secure region in DRAM (default option when TBB is enabled, |
| 87 | configured by the TrustZone controller) |
| 88 | |
| 89 | - ``ARM_XLAT_TABLES_LIB_V1``: boolean option to compile TF-A with version 1 |
| 90 | of the translation tables library instead of version 2. It is set to 0 by |
| 91 | default, which selects version 2. |
| 92 | |
| 93 | - ``ARM_CRYPTOCELL_INTEG`` : bool option to enable TF-A to invoke Arm® |
| 94 | TrustZone® CryptoCell functionality for Trusted Board Boot on capable Arm |
| 95 | platforms. If this option is specified, then the path to the CryptoCell |
| 96 | SBROM library must be specified via ``CCSBROM_LIB_PATH`` flag. |
| 97 | |
Mikael Olsson | 7da6619 | 2021-02-12 17:30:22 +0100 | [diff] [blame] | 98 | - ``ARM_ETHOSN_NPU_DRIVER``: boolean option to enable a SiP service that can |
Mikael Olsson | 3288b46 | 2022-08-15 17:12:58 +0200 | [diff] [blame] | 99 | configure an Arm® Ethos™-N NPU. To use this service the target platform's |
Mikael Olsson | 7da6619 | 2021-02-12 17:30:22 +0100 | [diff] [blame] | 100 | ``HW_CONFIG`` must include the device tree nodes for the NPU. Currently, only |
| 101 | the Arm Juno platform has this included in its ``HW_CONFIG`` and the platform |
| 102 | only loads the ``HW_CONFIG`` in AArch64 builds. Default is 0. |
| 103 | |
Bjorn Engstrom | 74c5f87 | 2022-08-26 09:45:45 +0200 | [diff] [blame] | 104 | - ``ARM_ETHOSN_NPU_TZMP1``: boolean option to enable TZMP1 support for the |
Rob Hughes | 9a2177a | 2023-01-17 16:10:26 +0000 | [diff] [blame] | 105 | Arm® Ethos™-N NPU. Requires ``ARM_ETHOSN_NPU_DRIVER`` and |
| 106 | ``TRUSTED_BOARD_BOOT`` to be enabled. |
| 107 | |
Rob Hughes | 7a354bd | 2023-02-20 12:03:52 +0000 | [diff] [blame] | 108 | - ``ARM_ETHOSN_NPU_FW``: location of the NPU firmware binary |
| 109 | (```ethosn.bin```). This firmware image will be included in the FIP and |
| 110 | loaded at runtime. |
Bjorn Engstrom | 74c5f87 | 2022-08-26 09:45:45 +0200 | [diff] [blame] | 111 | |
Olivier Deprez | bcaa068 | 2020-04-01 21:28:26 +0200 | [diff] [blame] | 112 | - ``ARM_SPMC_MANIFEST_DTS`` : path to an alternate manifest file used as the |
| 113 | SPMC Core manifest. Valid when ``SPD=spmd`` is selected. |
| 114 | |
Balint Dobszay | 9f68976 | 2021-03-26 15:19:11 +0100 | [diff] [blame] | 115 | - ``ARM_BL2_SP_LIST_DTS``: Path to DTS file snippet to override the hardcoded |
| 116 | SP nodes in tb_fw_config. |
| 117 | |
Arunachalam Ganapathy | 47d514d | 2020-12-08 16:35:18 +0000 | [diff] [blame] | 118 | - ``OPTEE_SP_FW_CONFIG``: DTC build flag to include OP-TEE as SP in tb_fw_config |
| 119 | device tree. This flag is defined only when ``ARM_SPMC_MANIFEST_DTS`` manifest |
| 120 | file name contains pattern optee_sp. |
| 121 | |
Davidson K | 9a94914 | 2021-03-10 12:07:15 +0530 | [diff] [blame] | 122 | - ``TS_SP_FW_CONFIG``: DTC build flag to include Trusted Services (Crypto and |
Davidson K | ea84e43 | 2021-08-10 19:25:57 +0530 | [diff] [blame] | 123 | internal-trusted-storage) as SP in tb_fw_config device tree. |
Davidson K | 9a94914 | 2021-03-10 12:07:15 +0530 | [diff] [blame] | 124 | |
Manish V Badarkhe | 19ae29b | 2021-03-10 18:33:36 +0000 | [diff] [blame] | 125 | - ``ARM_GPT_SUPPORT``: Enable GPT parser to get the entry address and length of |
| 126 | the various partitions present in the GPT image. This support is available |
| 127 | only for the BL2 component, and it is disabled by default. |
| 128 | The following diagram shows the view of the FIP partition inside the GPT |
| 129 | image: |
| 130 | |
| 131 | |FIP in a GPT image| |
| 132 | |
Paul Beesley | d2fcc4e | 2019-05-29 13:59:40 +0100 | [diff] [blame] | 133 | For a better understanding of these options, the Arm development platform memory |
| 134 | map is explained in the :ref:`Firmware Design`. |
| 135 | |
| 136 | .. _build_options_arm_css_platform: |
| 137 | |
| 138 | Arm CSS Platform-Specific Build Options |
| 139 | --------------------------------------- |
| 140 | |
| 141 | - ``CSS_DETECT_PRE_1_7_0_SCP``: Boolean flag to detect SCP version |
| 142 | incompatibility. Version 1.7.0 of the SCP firmware made a non-backwards |
| 143 | compatible change to the MTL protocol, used for AP/SCP communication. |
| 144 | TF-A no longer supports earlier SCP versions. If this option is set to 1 |
| 145 | then TF-A will detect if an earlier version is in use. Default is 1. |
| 146 | |
| 147 | - ``CSS_LOAD_SCP_IMAGES``: Boolean flag, which when set, adds SCP_BL2 and |
| 148 | SCP_BL2U to the FIP and FWU_FIP respectively, and enables them to be loaded |
| 149 | during boot. Default is 1. |
| 150 | |
| 151 | - ``CSS_USE_SCMI_SDS_DRIVER``: Boolean flag which selects SCMI/SDS drivers |
| 152 | instead of SCPI/BOM driver for communicating with the SCP during power |
| 153 | management operations and for SCP RAM Firmware transfer. If this option |
| 154 | is set to 1, then SCMI/SDS drivers will be used. Default is 0. |
| 155 | |
Vijayenthiran Subramaniam | bc48991 | 2019-12-26 17:45:58 +0530 | [diff] [blame] | 156 | - ``CSS_SGI_CHIP_COUNT``: Configures the number of chips on a SGI/RD platform |
| 157 | which supports multi-chip operation. If ``CSS_SGI_CHIP_COUNT`` is set to any |
| 158 | valid value greater than 1, the platform code performs required configuration |
| 159 | to support multi-chip operation. |
| 160 | |
Aditya Angadi | 0640222 | 2021-03-20 12:06:15 +0530 | [diff] [blame] | 161 | - ``CSS_SGI_PLATFORM_VARIANT``: Selects the variant of a SGI/RD platform. A |
| 162 | particular SGI/RD platform may have multiple variants which may differ in |
| 163 | core count, cluster count or other peripherals. This build option is used |
| 164 | to select the appropriate platform variant for the build. The range of |
| 165 | valid values is platform specific. |
| 166 | |
Pranav Madhu | e317328 | 2022-07-27 12:49:24 +0530 | [diff] [blame] | 167 | - ``CSS_SYSTEM_GRACEFUL_RESET``: Build option to enable graceful powerdown of |
| 168 | CPU core on reset. This build option can be used on CSS platforms that |
| 169 | require all the CPUs to execute the CPU specific power down sequence to |
| 170 | complete a warm reboot sequence in which only the CPUs are power cycled. |
| 171 | |
Chris Kay | 91dd253 | 2023-06-05 17:22:54 +0100 | [diff] [blame] | 172 | Arm FVP Build Options |
| 173 | --------------------- |
| 174 | |
| 175 | - ``FVP_TRUSTED_SRAM_SIZE``: Size (in kilobytes) of the Trusted SRAM region to |
| 176 | utilize when building for the FVP platform. This option defaults to 256. |
| 177 | |
Manish V Badarkhe | c894c60 | 2023-06-22 09:55:00 +0100 | [diff] [blame] | 178 | Arm Juno Build Options |
| 179 | ---------------------- |
| 180 | |
| 181 | - ``JUNO_AARCH32_EL3_RUNTIME``: This build flag enables you to execute EL3 |
| 182 | runtime software in AArch32 mode, which is required to run AArch32 on Juno. |
| 183 | By default this flag is set to '0'. Enabling this flag builds BL1 and BL2 in |
| 184 | AArch64 and facilitates the loading of ``SP_MIN`` and BL33 as AArch32 executable |
| 185 | images. |
| 186 | |
Paul Beesley | d2fcc4e | 2019-05-29 13:59:40 +0100 | [diff] [blame] | 187 | -------------- |
| 188 | |
Manish V Badarkhe | 19ae29b | 2021-03-10 18:33:36 +0000 | [diff] [blame] | 189 | .. |FIP in a GPT image| image:: ../../resources/diagrams/FIP_in_a_GPT_image.png |
| 190 | |
Bjorn Engstrom | 74c5f87 | 2022-08-26 09:45:45 +0200 | [diff] [blame] | 191 | *Copyright (c) 2019-2023, Arm Limited. All rights reserved.* |