09acc7cbc9
Commit ccac9a5bbb
("boot/arm-trusted-firmware: don't force
ENABLE_STACK_PROTECTOR") fixed a build failure but also effectively
disabled SSP entirely for ATF. This is because ENABLE_STACK_PROTECTOR is
set to 0 unconditionally in make_helpers/defaults.mk, overwriting any
environment set value. So we must pass ENABLE_STACK_PROTECTOR in
MAKE_OPTS for it to be effective. But to avoid said build failure we
can't pass ENABLE_STACK_PROTECTOR=0.
Only pass ENABLE_STACK_PROTECTOR when
BR2_TARGET_ARM_TRUSTED_FIRMWARE_SSP is enabled. Drop SSP_LEVEL value for
the !BR2_TARGET_ARM_TRUSTED_FIRMWARE_SSP case which is now unused.
Cc: Dick Olsson <hi@senzilla.io>
Cc: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
234 lines
7.0 KiB
Plaintext
234 lines
7.0 KiB
Plaintext
config BR2_TARGET_ARM_TRUSTED_FIRMWARE
|
|
bool "ARM Trusted Firmware (ATF)"
|
|
depends on (BR2_ARM_CPU_ARMV8A || BR2_ARM_CPU_ARMV7A)
|
|
help
|
|
Enable this option if you want to build the ATF for your ARM
|
|
based embedded device.
|
|
|
|
https://github.com/ARM-software/arm-trusted-firmware
|
|
|
|
if BR2_TARGET_ARM_TRUSTED_FIRMWARE
|
|
choice
|
|
prompt "ATF Version"
|
|
help
|
|
Select the specific ATF version you want to use
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_LATEST_VERSION
|
|
bool "v2.7"
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_VERSION
|
|
bool "Custom version"
|
|
help
|
|
This option allows to use a specific official versions
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_TARBALL
|
|
bool "Custom tarball"
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_GIT
|
|
bool "Custom Git repository"
|
|
|
|
endchoice
|
|
|
|
if BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_TARBALL
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_TARBALL_LOCATION
|
|
string "URL of custom ATF tarball"
|
|
|
|
endif
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_VERSION_VALUE
|
|
string "ATF version"
|
|
depends on BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_VERSION
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_VERSION
|
|
string
|
|
default "v2.7" if BR2_TARGET_ARM_TRUSTED_FIRMWARE_LATEST_VERSION
|
|
default "custom" if BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_TARBALL
|
|
default BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_REPO_VERSION \
|
|
if BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_GIT
|
|
default BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_VERSION_VALUE \
|
|
if BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_VERSION
|
|
|
|
if BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_GIT
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_REPO_URL
|
|
string "URL of custom repository"
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_REPO_VERSION
|
|
string "Custom repository version"
|
|
help
|
|
Revision to use in the typical format used by Git
|
|
E.G. a sha id, a tag, ..
|
|
|
|
endif
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_PLATFORM
|
|
string "ATF platform"
|
|
help
|
|
Target plaform to build for.
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_TARGET_BOARD
|
|
string "ATF target board"
|
|
help
|
|
Target board to build for. In many cases, this can be left
|
|
empty.
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_DTS_PATH
|
|
string "Device Tree Source file paths"
|
|
help
|
|
Space-separated list of paths to device tree source files
|
|
that will be copied to fdts/ before starting the build.
|
|
|
|
To use this device tree source file, the ATF configuration
|
|
file must refer to it.
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_FIP
|
|
bool "Build FIP image"
|
|
help
|
|
This option enables building the FIP image (Firmware Image
|
|
Package). This is typically the image format used by
|
|
platforms were ATF encapsulates the second stage bootloader
|
|
(such as U-Boot).
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_BL31
|
|
bool "Build BL31 image"
|
|
help
|
|
This option enables building the BL31 image. This is
|
|
typically used on platforms where another bootloader (e.g
|
|
U-Boot) encapsulates ATF BL31.
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_BL31_UBOOT
|
|
bool "Build BL31 U-Boot image"
|
|
select BR2_TARGET_ARM_TRUSTED_FIRMWARE_BL31
|
|
help
|
|
Generates a U-Boot image named atf-uboot.ub containing
|
|
bl31.bin. This is used for example by the Xilinx version of
|
|
U-Boot SPL to load ATF on the ZynqMP SoC.
|
|
|
|
choice
|
|
prompt "BL32"
|
|
default BR2_TARGET_ARM_TRUSTED_FIRMWARE_BL32_DEFAULT
|
|
help
|
|
Select BL32 stage for the trusted firmware
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_BL32_DEFAULT
|
|
bool "Default"
|
|
help
|
|
With this option selected, ATF will not use any BL32 stage,
|
|
unless if one is explicitly chosen using the SPD (for
|
|
AArch64) or AARCH32_SP (for AArch32) variables, which can be
|
|
passed through
|
|
BR2_TARGET_ARM_TRUSTED_FIRMWARE_ADDITIONAL_VARIABLES.
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_BL32_OPTEE
|
|
bool "OP-TEE OS"
|
|
depends on BR2_TARGET_OPTEE_OS
|
|
help
|
|
This option allows to embed OP-TEE OS as the BL32 part of
|
|
the ARM Trusted Firmware boot sequence.
|
|
|
|
endchoice
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_UBOOT_AS_BL33
|
|
bool "Use U-Boot as BL33"
|
|
depends on BR2_TARGET_UBOOT
|
|
help
|
|
This option allows to embed u-boot.bin as the BL33 part of
|
|
the ARM Trusted Firmware. It ensures that the u-boot package
|
|
gets built before ATF, and that the appropriate BL33
|
|
variable pointing to u-boot.bin is passed when building ATF.
|
|
|
|
if BR2_TARGET_ARM_TRUSTED_FIRMWARE_UBOOT_AS_BL33
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_UBOOT_BL33_IMAGE
|
|
string "U-Boot BL33 image name"
|
|
default "u-boot.bin"
|
|
help
|
|
Name of the U-Boot BL33 image to include in ATF, it must
|
|
have been installed to BINARIES_DIR by the U-Boot package.
|
|
|
|
endif
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_EDK2_AS_BL33
|
|
bool "Use EDK2 as BL33"
|
|
depends on BR2_TARGET_EDK2
|
|
help
|
|
This option allows to embed EDK2 as the BL33 part of
|
|
the ARM Trusted Firmware. It ensures that the EDK2 package
|
|
gets built before ATF, and that the appropriate BL33
|
|
variable pointing to the EDK2 is passed when building ATF.
|
|
|
|
Do not choose this option if you intend to build ATF and EDK2
|
|
for the 'qemu_sbsa' platform. In this case, due to the EDK2
|
|
build system, the dependency between ATF and EDK is reversed.
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_RCW
|
|
bool "Include NXP RCW in BL2"
|
|
depends on BR2_PACKAGE_HOST_QORIQ_RCW
|
|
help
|
|
Include the NXP RCW (Reset Control Word) in BL2. See
|
|
package/qoriq-rcw/ for more details. This is mostly useful
|
|
on NXP LayerScape platforms.
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_ADDITIONAL_TARGETS
|
|
string "Additional ATF make targets"
|
|
help
|
|
Additional targets for the ATF build
|
|
E.G. When using the QorIQ custom ATF repository from NXP,
|
|
the target 'pbl' can be used to build the pbl binary.
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_ADDITIONAL_VARIABLES
|
|
string "Additional ATF build variables"
|
|
help
|
|
Additional parameters for the ATF build
|
|
E.G. 'DEBUG=1 LOG_LEVEL=20'
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_DEBUG
|
|
bool "Build in debug mode"
|
|
help
|
|
Enable this option to build ATF with DEBUG=1.
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_IMAGES
|
|
string "Binary boot images"
|
|
default "*.bin"
|
|
help
|
|
Names of generated image files that are installed in the
|
|
output images/ directory.
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_NEEDS_DTC
|
|
bool "Needs dtc"
|
|
select BR2_PACKAGE_HOST_DTC
|
|
help
|
|
Select this option if your ATF board configuration
|
|
requires the Device Tree compiler to be available.
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_NEEDS_ARM32_TOOLCHAIN
|
|
bool "Needs arm-none-eabi toolchain"
|
|
depends on BR2_aarch64
|
|
depends on BR2_HOSTARCH = "x86_64"
|
|
help
|
|
Select this option if your ATF board configuration requires
|
|
an ARM32 bare metal toolchain to be available.
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_SSP
|
|
bool "Build with SSP"
|
|
default y
|
|
depends on BR2_TOOLCHAIN_HAS_SSP
|
|
depends on !BR2_SSP_NONE
|
|
help
|
|
Say 'y' here if you want to build ATF with SSP.
|
|
|
|
Your board must have SSP support in ATF: it must have an
|
|
implementation for plat_get_stack_protector_canary().
|
|
|
|
If you say 'y', the SSP level will be the level selected
|
|
by the global SSP setting.
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_SSP_LEVEL
|
|
string
|
|
default "default" if BR2_SSP_REGULAR
|
|
default "strong" if BR2_SSP_STRONG
|
|
default "all" if BR2_SSP_ALL
|
|
|
|
endif
|