FWU_FIP_DEPS += fwu_certificates
endif
+# Process BRANCH_PROTECTION value and set
+# Pointer Authentication and Branch Target Identification flags
+ifeq (${BRANCH_PROTECTION},0)
+ # Default value turns off all types of branch protection
+ BP_OPTION := none
+else ifneq (${ARCH},aarch64)
+ $(error BRANCH_PROTECTION requires AArch64)
+else ifeq (${BRANCH_PROTECTION},1)
+ # Enables all types of branch protection features
+ BP_OPTION := standard
+ ENABLE_BTI := 1
+ ENABLE_PAUTH := 1
+else ifeq (${BRANCH_PROTECTION},2)
+ # Return address signing to its standard level
+ BP_OPTION := pac-ret
+ ENABLE_PAUTH := 1
+else ifeq (${BRANCH_PROTECTION},3)
+ # Extend the signing to include leaf functions
+ BP_OPTION := pac-ret+leaf
+ ENABLE_PAUTH := 1
+else
+ $(error Unknown BRANCH_PROTECTION value ${BRANCH_PROTECTION})
+endif
################################################################################
# Toolchain
TF_CFLAGS_aarch32 += -mno-unaligned-access
TF_CFLAGS_aarch64 += -mgeneral-regs-only -mstrict-align
+ifneq (${BP_OPTION},none)
+TF_CFLAGS_aarch64 += -mbranch-protection=${BP_OPTION}
+endif
+
ASFLAGS_aarch32 = $(march32-directive)
ASFLAGS_aarch64 = $(march64-directive)
WARNING1 := -Wextra
-WARNING1 += -Wunused -Wno-unused-parameter
WARNING1 += -Wmissing-declarations
WARNING1 += -Wmissing-format-attribute
WARNING1 += -Wmissing-prototypes
WARNING1 += -Wold-style-definition
-WARNING1 += -Wunused-but-set-variable
WARNING1 += -Wunused-const-variable
WARNING2 := -Waggregate-return
WARNING2 += -Wcast-align
-WARNING2 += -Wdisabled-optimization
WARNING2 += -Wnested-externs
WARNING2 += -Wshadow
WARNING2 += -Wlogical-op
WARNING2 += -Wmissing-field-initializers
WARNING2 += -Wsign-compare
-WARNING2 += -Wmaybe-uninitialized
WARNING3 := -Wbad-function-cast
WARNING3 += -Wcast-qual
WARNING3 += -Wpointer-arith
WARNING3 += -Wredundant-decls
WARNING3 += -Wswitch-default
-WARNING3 += -Wpacked-bitfield-compat
-WARNING3 += -Wvla
ifeq (${W},1)
WARNINGS := $(WARNING1)
WARNINGS := $(WARNING1) $(WARNING2) $(WARNING3)
endif
+WARNINGS += -Wunused -Wno-unused-parameter \
+ -Wdisabled-optimization \
+ -Wvla
+
+ifeq ($(findstring clang,$(notdir $(CC))),)
+WARNINGS += -Wunused-but-set-variable \
+ -Wmaybe-uninitialized \
+ -Wpacked-bitfield-compat
+endif
+
ifneq (${E},0)
ERRORS := -Werror
endif
endif
# If pointer authentication is used in the firmware, make sure that all the
-# registers associated to it are also saved and restored. Not doing it would
-# leak the value of the key used by EL3 to EL1 and S-EL1.
+# registers associated to it are also saved and restored.
+# Not doing it would leak the value of the keys used by EL3 to EL1 and S-EL1.
ifeq ($(ENABLE_PAUTH),1)
- ifneq ($(ARCH),aarch64)
- $(error ENABLE_PAUTH=1 requires AArch64)
- else ifeq ($(CTX_INCLUDE_PAUTH_REGS),0)
- $(error ENABLE_PAUTH=1 requires CTX_INCLUDE_PAUTH_REGS=1)
- else
- $(info ENABLE_PAUTH and CTX_INCLUDE_PAUTH_REGS are experimental features)
+ ifeq ($(CTX_INCLUDE_PAUTH_REGS),0)
+ $(error Pointer Authentication requires CTX_INCLUDE_PAUTH_REGS=1)
endif
-else
- ifeq ($(CTX_INCLUDE_PAUTH_REGS),1)
- ifneq ($(ARCH),aarch64)
- $(error CTX_INCLUDE_PAUTH_REGS=1 requires AArch64)
- else
- $(info CTX_INCLUDE_PAUTH_REGS is an experimental feature)
- endif
+endif
+
+ifeq ($(CTX_INCLUDE_PAUTH_REGS),1)
+ ifneq (${ARCH},aarch64)
+ $(error CTX_INCLUDE_PAUTH_REGS requires AArch64)
+ else
+ $(info CTX_INCLUDE_PAUTH_REGS is an experimental feature)
endif
endif
+ifeq ($(ENABLE_PAUTH),1)
+ $(info Pointer Authentication is an experimental feature)
+endif
+
+ifeq ($(ENABLE_BTI),1)
+ $(info Branch Protection is an experimental feature)
+endif
+
################################################################################
# Process platform overrideable behaviour
################################################################################
$(eval $(call assert_boolean,ENABLE_AMU))
$(eval $(call assert_boolean,ENABLE_ASSERTIONS))
$(eval $(call assert_boolean,ENABLE_MPAM_FOR_LOWER_ELS))
-$(eval $(call assert_boolean,ENABLE_PAUTH))
$(eval $(call assert_boolean,ENABLE_PIE))
$(eval $(call assert_boolean,ENABLE_PMF))
$(eval $(call assert_boolean,ENABLE_PSCI_STAT))
$(eval $(call assert_numeric,ARM_ARCH_MAJOR))
$(eval $(call assert_numeric,ARM_ARCH_MINOR))
+$(eval $(call assert_numeric,BRANCH_PROTECTION))
################################################################################
# Add definitions to the cpp preprocessor based on the current build options.
$(eval $(call add_define,EL3_EXCEPTION_HANDLING))
$(eval $(call add_define,ENABLE_AMU))
$(eval $(call add_define,ENABLE_ASSERTIONS))
+$(eval $(call add_define,ENABLE_BTI))
$(eval $(call add_define,ENABLE_MPAM_FOR_LOWER_ELS))
$(eval $(call add_define,ENABLE_PAUTH))
$(eval $(call add_define,ENABLE_PIE))
${Q}cscope -b -q -k
help:
- @echo "usage: ${MAKE} PLAT=<${PLATFORM_LIST}> [OPTIONS] [TARGET]"
+ @echo "usage: ${MAKE} [PLAT=<platform>] [OPTIONS] [TARGET]"
@echo ""
@echo "PLAT is used to specify which platform you wish to build."
@echo "If no platform is specified, PLAT defaults to: ${DEFAULT_PLAT}"
@echo ""
+ @echo "platform = ${PLATFORM_LIST}"
+ @echo ""
@echo "Please refer to the User Guide for a list of all supported options."
@echo "Note that the build system doesn't track dependencies for build "
@echo "options. Therefore, if any of the build options are changed "
projects / project / bcm63xx / atf.git / blobdiff