make, doc: Add build option to create chain of trust at runtime

Added a build option 'COT_DESC_IN_DTB' to create chain of trust at runtime using fconf. Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com> Change-Id: I92b257ac4ece8bbf56f05a41d1e4056e2422ab89
4 years ago · 84ef9cd812
3 changed files with 16 additions and 0 deletions
--- a/6
+++ b/6
@ -659,6 +659,10 @@ $(error "SDEI_IN_FCONF is an experimental feature and is only supported when \
 	SDEI_SUPPORT is enabled")
 endif
 ifeq ($(COT_DESC_IN_DTB),1)
    $(info CoT in device tree is an experimental feature)
 endif
 # If pointer authentication is used in the firmware, make sure that all the
 # registers associated to it are also saved and restored.
 # Not doing it would leak the value of the keys used by EL3 to EL1 and S-EL1.
@ -903,6 +907,7 @@ $(eval $(call assert_boolean,ENCRYPT_BL31))
 $(eval $(call assert_boolean,ENCRYPT_BL32))
 $(eval $(call assert_boolean,ERRATA_SPECULATIVE_AT))
 $(eval $(call assert_boolean,RAS_TRAP_LOWER_EL_ERR_ACCESS))
 $(eval $(call assert_boolean,COT_DESC_IN_DTB))
 $(eval $(call assert_numeric,ARM_ARCH_MAJOR))
 $(eval $(call assert_numeric,ARM_ARCH_MINOR))
@ -983,6 +988,7 @@ $(eval $(call add_define,BL2_INV_DCACHE))
 $(eval $(call add_define,USE_SPINLOCK_CAS))
 $(eval $(call add_define,ERRATA_SPECULATIVE_AT))
 $(eval $(call add_define,RAS_TRAP_LOWER_EL_ERR_ACCESS))
 $(eval $(call add_define,COT_DESC_IN_DTB))
 ifeq (${SANITIZE_UB},trap)
        $(eval $(call add_define,MONITOR_TRAPS))
--- a/docs/getting_started/build-options.rst
+++ b/docs/getting_started/build-options.rst
@ -648,6 +648,13 @@ Common build options
   configuration device tree, instead of static structure in the code base.
   This is currently an experimental feature.
 -  ``COT_DESC_IN_DTB``: This flag determines whether to create COT descriptors
   at runtime using fconf. If this flag is enabled, COT descriptors are
   statically captured in tb_fw_config file in the form of device tree nodes
   and properties. Currently, COT descriptors used by BL2 are moved to the
   device tree and COT descriptors used by BL1 are retained in the code
   base statically. This is currently an experimental feature.
 -  ``SDEI_IN_FCONF``: This flag determines whether to configure SDEI setup in
   runtime using firmware configuration framework. The platform specific SDEI
   shared and private events configuration is retrieved from device tree rather
--- a/make_helpers/defaults.mk
+++ b/make_helpers/defaults.mk
@ -305,3 +305,6 @@ ERRATA_SPECULATIVE_AT           := 0
 # Trap RAS error record access from lower EL
 RAS_TRAP_LOWER_EL_ERR_ACCESS	:= 0
 # Build option to create cot descriptors using fconf
 COT_DESC_IN_DTB			:= 0