config BR2_TARGET_ARM_TRUSTED_FIRMWARE bool "ARM Trusted Firmware (ATF)" depends on (BR2_ARM_CPU_ARMV8A || BR2_ARM_CPU_ARMV7A) && \ (BR2_TARGET_UBOOT || BR2_TARGET_EDK2) help Enable this option if you want to build the ATF for your ARM based embedded device. https://github.com/ARM-software/arm-trusted-firmware if BR2_TARGET_ARM_TRUSTED_FIRMWARE choice prompt "ATF Version" help Select the specific ATF version you want to use config BR2_TARGET_ARM_TRUSTED_FIRMWARE_LATEST_VERSION bool "v2.7" config BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_VERSION bool "Custom version" help This option allows to use a specific official versions config BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_TARBALL bool "Custom tarball" config BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_GIT bool "Custom Git repository" endchoice if BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_TARBALL config BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_TARBALL_LOCATION string "URL of custom ATF tarball" endif config BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_VERSION_VALUE string "ATF version" depends on BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_VERSION config BR2_TARGET_ARM_TRUSTED_FIRMWARE_VERSION string default "v2.7" if BR2_TARGET_ARM_TRUSTED_FIRMWARE_LATEST_VERSION default "custom" if BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_TARBALL default BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_REPO_VERSION \ if BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_GIT default BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_VERSION_VALUE \ if BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_VERSION if BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_GIT config BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_REPO_URL string "URL of custom repository" config BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_REPO_VERSION string "Custom repository version" help Revision to use in the typical format used by Git E.G. a sha id, a tag, .. endif config BR2_TARGET_ARM_TRUSTED_FIRMWARE_PLATFORM string "ATF platform" help Target plaform to build for. config BR2_TARGET_ARM_TRUSTED_FIRMWARE_TARGET_BOARD string "ATF target board" help Target board to build for. In many cases, this can be left empty. config BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_DTS_PATH string "Device Tree Source file paths" help Space-separated list of paths to device tree source files that will be copied to fdts/ before starting the build. To use this device tree source file, the ATF configuration file must refer to it. config BR2_TARGET_ARM_TRUSTED_FIRMWARE_FIP bool "Build FIP image" help This option enables building the FIP image (Firmware Image Package). This is typically the image format used by platforms were ATF encapsulates the second stage bootloader (such as U-Boot). config BR2_TARGET_ARM_TRUSTED_FIRMWARE_BL31 bool "Build BL31 image" help This option enables building the BL31 image. This is typically used on platforms where another bootloader (e.g U-Boot) encapsulates ATF BL31. config BR2_TARGET_ARM_TRUSTED_FIRMWARE_BL31_UBOOT bool "Build BL31 U-Boot image" select BR2_TARGET_ARM_TRUSTED_FIRMWARE_BL31 help Generates a U-Boot image named atf-uboot.ub containing bl31.bin. This is used for example by the Xilinx version of U-Boot SPL to load ATF on the ZynqMP SoC. choice prompt "BL32" default BR2_TARGET_ARM_TRUSTED_FIRMWARE_BL32_DEFAULT help Select BL32 stage for the trusted firmware config BR2_TARGET_ARM_TRUSTED_FIRMWARE_BL32_DEFAULT bool "Default" help With this option selected, ATF will not use any BL32 stage, unless if one is explicitly chosen using the SPD (for AArch64) or AARCH32_SP (for AArch32) variables, which can be passed through BR2_TARGET_ARM_TRUSTED_FIRMWARE_ADDITIONAL_VARIABLES. config BR2_TARGET_ARM_TRUSTED_FIRMWARE_BL32_OPTEE bool "OP-TEE OS" depends on BR2_TARGET_OPTEE_OS help This option allows to embed OP-TEE OS as the BL32 part of the ARM Trusted Firmware boot sequence. endchoice config BR2_TARGET_ARM_TRUSTED_FIRMWARE_UBOOT_AS_BL33 bool "Use U-Boot as BL33" depends on BR2_TARGET_UBOOT help This option allows to embed u-boot.bin as the BL33 part of the ARM Trusted Firmware. It ensures that the u-boot package gets built before ATF, and that the appropriate BL33 variable pointing to u-boot.bin is passed when building ATF. if BR2_TARGET_ARM_TRUSTED_FIRMWARE_UBOOT_AS_BL33 config BR2_TARGET_ARM_TRUSTED_FIRMWARE_UBOOT_BL33_IMAGE string "U-Boot BL33 image name" default "u-boot.bin" help Name of the U-Boot BL33 image to include in ATF, it must have been installed to BINARIES_DIR by the U-Boot package. endif config BR2_TARGET_ARM_TRUSTED_FIRMWARE_EDK2_AS_BL33 bool "Use EDK2 as BL33" depends on BR2_TARGET_EDK2 help This option allows to embed EDK2 as the BL33 part of the ARM Trusted Firmware. It ensures that the EDK2 package gets built before ATF, and that the appropriate BL33 variable pointing to the EDK2 is passed when building ATF. Do not choose this option if you intend to build ATF and EDK2 for the 'qemu_sbsa' platform. In this case, due to the EDK2 build system, the dependency between ATF and EDK is reversed. config BR2_TARGET_ARM_TRUSTED_FIRMWARE_ADDITIONAL_TARGETS string "Additional ATF make targets" help Additional targets for the ATF build E.G. When using the QorIQ custom ATF repository from NXP, the target 'pbl' can be used to build the pbl binary. config BR2_TARGET_ARM_TRUSTED_FIRMWARE_ADDITIONAL_VARIABLES string "Additional ATF build variables" help Additional parameters for the ATF build E.G. 'DEBUG=1 LOG_LEVEL=20' config BR2_TARGET_ARM_TRUSTED_FIRMWARE_DEBUG bool "Build in debug mode" help Enable this option to build ATF with DEBUG=1. config BR2_TARGET_ARM_TRUSTED_FIRMWARE_IMAGES string "Binary boot images" default "*.bin" help Names of generated image files that are installed in the output images/ directory. config BR2_TARGET_ARM_TRUSTED_FIRMWARE_NEEDS_DTC bool "Needs dtc" select BR2_PACKAGE_HOST_DTC help Select this option if your ATF board configuration requires the Device Tree compiler to be available. config BR2_TARGET_ARM_TRUSTED_FIRMWARE_NEEDS_ARM32_TOOLCHAIN bool "Needs arm-none-eabi toolchain" depends on BR2_aarch64 depends on BR2_HOSTARCH = "x86_64" help Select this option if your ATF board configuration requires an ARM32 bare metal toolchain to be available. config BR2_TARGET_ARM_TRUSTED_FIRMWARE_SSP bool "Build with SSP" default y depends on BR2_TOOLCHAIN_HAS_SSP depends on !BR2_SSP_NONE help Say 'y' here if you want to build ATF with SSP. Your board must have SSP support in ATF: it must have an implementation for plat_get_stack_protector_canary(). If you say 'y', the SSP level will be the level selected by the global SSP setting. config BR2_TARGET_ARM_TRUSTED_FIRMWARE_SSP_LEVEL string # While newer versions of TF-A support "none" as # ENABLE_STACK_PROTECTOR value, older versions (e.g 2.0) only # supported "0" to disable SSP. default "0" if !BR2_TARGET_ARM_TRUSTED_FIRMWARE_SSP default "default" if BR2_SSP_REGULAR default "strong" if BR2_SSP_STRONG default "all" if BR2_SSP_ALL endif