kumquat-buildroot/boot/arm-trusted-firmware/Config.in
Baruch Siach 09acc7cbc9 boot/arm-trusted-firmware: fix SSP support
Commit ccac9a5bbb ("boot/arm-trusted-firmware: don't force
ENABLE_STACK_PROTECTOR") fixed a build failure but also effectively
disabled SSP entirely for ATF. This is because ENABLE_STACK_PROTECTOR is
set to 0 unconditionally in make_helpers/defaults.mk, overwriting any
environment set value. So we must pass ENABLE_STACK_PROTECTOR in
MAKE_OPTS for it to be effective. But to avoid said build failure we
can't pass ENABLE_STACK_PROTECTOR=0.

Only pass ENABLE_STACK_PROTECTOR when
BR2_TARGET_ARM_TRUSTED_FIRMWARE_SSP is enabled. Drop SSP_LEVEL value for
the !BR2_TARGET_ARM_TRUSTED_FIRMWARE_SSP case which is now unused.

Cc: Dick Olsson <hi@senzilla.io>
Cc: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-10-17 10:30:08 +02:00

234 lines
7.0 KiB
Plaintext

config BR2_TARGET_ARM_TRUSTED_FIRMWARE
bool "ARM Trusted Firmware (ATF)"
depends on (BR2_ARM_CPU_ARMV8A || BR2_ARM_CPU_ARMV7A)
help
Enable this option if you want to build the ATF for your ARM
based embedded device.
https://github.com/ARM-software/arm-trusted-firmware
if BR2_TARGET_ARM_TRUSTED_FIRMWARE
choice
prompt "ATF Version"
help
Select the specific ATF version you want to use
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_LATEST_VERSION
bool "v2.7"
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_VERSION
bool "Custom version"
help
This option allows to use a specific official versions
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_TARBALL
bool "Custom tarball"
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_GIT
bool "Custom Git repository"
endchoice
if BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_TARBALL
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_TARBALL_LOCATION
string "URL of custom ATF tarball"
endif
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_VERSION_VALUE
string "ATF version"
depends on BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_VERSION
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_VERSION
string
default "v2.7" if BR2_TARGET_ARM_TRUSTED_FIRMWARE_LATEST_VERSION
default "custom" if BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_TARBALL
default BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_REPO_VERSION \
if BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_GIT
default BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_VERSION_VALUE \
if BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_VERSION
if BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_GIT
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_REPO_URL
string "URL of custom repository"
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_REPO_VERSION
string "Custom repository version"
help
Revision to use in the typical format used by Git
E.G. a sha id, a tag, ..
endif
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_PLATFORM
string "ATF platform"
help
Target plaform to build for.
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_TARGET_BOARD
string "ATF target board"
help
Target board to build for. In many cases, this can be left
empty.
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_DTS_PATH
string "Device Tree Source file paths"
help
Space-separated list of paths to device tree source files
that will be copied to fdts/ before starting the build.
To use this device tree source file, the ATF configuration
file must refer to it.
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_FIP
bool "Build FIP image"
help
This option enables building the FIP image (Firmware Image
Package). This is typically the image format used by
platforms were ATF encapsulates the second stage bootloader
(such as U-Boot).
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_BL31
bool "Build BL31 image"
help
This option enables building the BL31 image. This is
typically used on platforms where another bootloader (e.g
U-Boot) encapsulates ATF BL31.
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_BL31_UBOOT
bool "Build BL31 U-Boot image"
select BR2_TARGET_ARM_TRUSTED_FIRMWARE_BL31
help
Generates a U-Boot image named atf-uboot.ub containing
bl31.bin. This is used for example by the Xilinx version of
U-Boot SPL to load ATF on the ZynqMP SoC.
choice
prompt "BL32"
default BR2_TARGET_ARM_TRUSTED_FIRMWARE_BL32_DEFAULT
help
Select BL32 stage for the trusted firmware
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_BL32_DEFAULT
bool "Default"
help
With this option selected, ATF will not use any BL32 stage,
unless if one is explicitly chosen using the SPD (for
AArch64) or AARCH32_SP (for AArch32) variables, which can be
passed through
BR2_TARGET_ARM_TRUSTED_FIRMWARE_ADDITIONAL_VARIABLES.
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_BL32_OPTEE
bool "OP-TEE OS"
depends on BR2_TARGET_OPTEE_OS
help
This option allows to embed OP-TEE OS as the BL32 part of
the ARM Trusted Firmware boot sequence.
endchoice
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_UBOOT_AS_BL33
bool "Use U-Boot as BL33"
depends on BR2_TARGET_UBOOT
help
This option allows to embed u-boot.bin as the BL33 part of
the ARM Trusted Firmware. It ensures that the u-boot package
gets built before ATF, and that the appropriate BL33
variable pointing to u-boot.bin is passed when building ATF.
if BR2_TARGET_ARM_TRUSTED_FIRMWARE_UBOOT_AS_BL33
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_UBOOT_BL33_IMAGE
string "U-Boot BL33 image name"
default "u-boot.bin"
help
Name of the U-Boot BL33 image to include in ATF, it must
have been installed to BINARIES_DIR by the U-Boot package.
endif
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_EDK2_AS_BL33
bool "Use EDK2 as BL33"
depends on BR2_TARGET_EDK2
help
This option allows to embed EDK2 as the BL33 part of
the ARM Trusted Firmware. It ensures that the EDK2 package
gets built before ATF, and that the appropriate BL33
variable pointing to the EDK2 is passed when building ATF.
Do not choose this option if you intend to build ATF and EDK2
for the 'qemu_sbsa' platform. In this case, due to the EDK2
build system, the dependency between ATF and EDK is reversed.
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_RCW
bool "Include NXP RCW in BL2"
depends on BR2_PACKAGE_HOST_QORIQ_RCW
help
Include the NXP RCW (Reset Control Word) in BL2. See
package/qoriq-rcw/ for more details. This is mostly useful
on NXP LayerScape platforms.
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_ADDITIONAL_TARGETS
string "Additional ATF make targets"
help
Additional targets for the ATF build
E.G. When using the QorIQ custom ATF repository from NXP,
the target 'pbl' can be used to build the pbl binary.
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_ADDITIONAL_VARIABLES
string "Additional ATF build variables"
help
Additional parameters for the ATF build
E.G. 'DEBUG=1 LOG_LEVEL=20'
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_DEBUG
bool "Build in debug mode"
help
Enable this option to build ATF with DEBUG=1.
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_IMAGES
string "Binary boot images"
default "*.bin"
help
Names of generated image files that are installed in the
output images/ directory.
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_NEEDS_DTC
bool "Needs dtc"
select BR2_PACKAGE_HOST_DTC
help
Select this option if your ATF board configuration
requires the Device Tree compiler to be available.
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_NEEDS_ARM32_TOOLCHAIN
bool "Needs arm-none-eabi toolchain"
depends on BR2_aarch64
depends on BR2_HOSTARCH = "x86_64"
help
Select this option if your ATF board configuration requires
an ARM32 bare metal toolchain to be available.
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_SSP
bool "Build with SSP"
default y
depends on BR2_TOOLCHAIN_HAS_SSP
depends on !BR2_SSP_NONE
help
Say 'y' here if you want to build ATF with SSP.
Your board must have SSP support in ATF: it must have an
implementation for plat_get_stack_protector_canary().
If you say 'y', the SSP level will be the level selected
by the global SSP setting.
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_SSP_LEVEL
string
default "default" if BR2_SSP_REGULAR
default "strong" if BR2_SSP_STRONG
default "all" if BR2_SSP_ALL
endif