buildroot/boot/arm-trusted-firmware/Config.in
Thomas Petazzoni 5f432df7e2 boot/arm-trusted-firmware: change ENABLE_STACK_PROTECTOR value when disabled
Since commit
cf176128ec ("boot/arm-trusted-firmware:
add SSP option"), we are passing ENABLE_STACK_PROTECTOR=none when we
want to disable SSP usage in TF-A. While this works fine in recent
versions of TF-A, older versions such as TF-A will end up passing
-fstack-protector-none in this situation, which fails as this is not a
valid gcc option (the valid gcc option is -fno-stack-protector).

To solve this, we pass ENABLE_STACK_PROTECTOR=0 which was in older
TF-A versions used to say "don't do anything with SSP", and is also
still supported in newer versions of TF-A.

Fixes:

 https://gitlab.com/buildroot.org/buildroot/-/jobs/1478738580

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-08-08 21:54:32 +02:00

216 lines
6.6 KiB
Plaintext

config BR2_TARGET_ARM_TRUSTED_FIRMWARE
bool "ARM Trusted Firmware (ATF)"
depends on (BR2_ARM_CPU_ARMV8A || BR2_ARM_CPU_ARMV7A) && \
(BR2_TARGET_UBOOT || BR2_TARGET_EDK2)
help
Enable this option if you want to build the ATF for your ARM
based embedded device.
https://github.com/ARM-software/arm-trusted-firmware
if BR2_TARGET_ARM_TRUSTED_FIRMWARE
choice
prompt "ATF Version"
help
Select the specific ATF version you want to use
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_LATEST_VERSION
bool "v2.5"
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_VERSION
bool "Custom version"
help
This option allows to use a specific official versions
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_TARBALL
bool "Custom tarball"
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_GIT
bool "Custom Git repository"
endchoice
if BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_TARBALL
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_TARBALL_LOCATION
string "URL of custom ATF tarball"
endif
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_VERSION_VALUE
string "ATF version"
depends on BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_VERSION
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_VERSION
string
default "v2.5" if BR2_TARGET_ARM_TRUSTED_FIRMWARE_LATEST_VERSION
default "custom" if BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_TARBALL
default BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_REPO_VERSION \
if BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_GIT
default BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_VERSION_VALUE \
if BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_VERSION
if BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_GIT
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_REPO_URL
string "URL of custom repository"
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_REPO_VERSION
string "Custom repository version"
help
Revision to use in the typical format used by Git
E.G. a sha id, a tag, ..
endif
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_PLATFORM
string "ATF platform"
help
Target plaform to build for.
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_FIP
bool "Build FIP image"
help
This option enables building the FIP image (Firmware Image
Package). This is typically the image format used by
platforms were ATF encapsulates the second stage bootloader
(such as U-Boot).
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_BL31
bool "Build BL31 image"
help
This option enables building the BL31 image. This is
typically used on platforms where another bootloader (e.g
U-Boot) encapsulates ATF BL31.
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_BL31_UBOOT
bool "Build BL31 U-Boot image"
select BR2_TARGET_ARM_TRUSTED_FIRMWARE_BL31
help
Generates a U-Boot image named atf-uboot.ub containing
bl31.bin. This is used for example by the Xilinx version of
U-Boot SPL to load ATF on the ZynqMP SoC.
choice
prompt "BL32"
default BR2_TARGET_ARM_TRUSTED_FIRMWARE_BL32_DEFAULT
help
Select BL32 stage for the trusted firmware
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_BL32_DEFAULT
bool "Default"
help
With this option selected, ATF will not use any BL32 stage,
unless if one is explicitly chosen using the SPD (for
AArch64) or AARCH32_SP (for AArch32) variables, which can be
passed through
BR2_TARGET_ARM_TRUSTED_FIRMWARE_ADDITIONAL_VARIABLES.
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_BL32_OPTEE
bool "OP-TEE OS"
depends on BR2_TARGET_OPTEE_OS
help
This option allows to embed OP-TEE OS as the BL32 part of
the ARM Trusted Firmware boot sequence.
endchoice
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_UBOOT_AS_BL33
bool "Use U-Boot as BL33"
depends on BR2_TARGET_UBOOT
help
This option allows to embed u-boot.bin as the BL33 part of
the ARM Trusted Firmware. It ensures that the u-boot package
gets built before ATF, and that the appropriate BL33
variable pointing to u-boot.bin is passed when building ATF.
if BR2_TARGET_ARM_TRUSTED_FIRMWARE_UBOOT_AS_BL33
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_UBOOT_BL33_IMAGE
string "U-Boot BL33 image name"
default "u-boot.bin"
help
Name of the U-Boot BL33 image to include in ATF, it must
have been installed to BINARIES_DIR by the U-Boot package.
endif
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_EDK2_AS_BL33
bool "Use EDK2 as BL33"
depends on BR2_TARGET_EDK2
help
This option allows to embed EDK2 as the BL33 part of
the ARM Trusted Firmware. It ensures that the EDK2 package
gets built before ATF, and that the appropriate BL33
variable pointing to the EDK2 is passed when building ATF.
Do not choose this option if you intend to build ATF and EDK2
for the 'qemu_sbsa' platform. In this case, due to the EDK2
build system, the dependency between ATF and EDK is reversed.
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_ADDITIONAL_TARGETS
string "Additional ATF make targets"
help
Additional targets for the ATF build
E.G. When using the QorIQ custom ATF repository from NXP,
the target 'pbl' can be used to build the pbl binary.
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_ADDITIONAL_VARIABLES
string "Additional ATF build variables"
help
Additional parameters for the ATF build
E.G. 'DEBUG=1 LOG_LEVEL=20'
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_DEBUG
bool "Build in debug mode"
help
Enable this option to build ATF with DEBUG=1.
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_IMAGES
string "Binary boot images"
default "*.bin"
help
Names of generated image files that are installed in the
output images/ directory.
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_NEEDS_DTC
bool "Needs dtc"
select BR2_PACKAGE_HOST_DTC
help
Select this option if your ATF board configuration
requires the Device Tree compiler to be available.
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_NEEDS_ARM32_TOOLCHAIN
bool "Needs arm-none-eabi toolchain"
depends on BR2_aarch64
depends on BR2_HOSTARCH = "x86_64"
help
Select this option if your ATF board configuration requires
an ARM32 bare metal toolchain to be available.
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_SSP
bool "Build with SSP"
default y
depends on BR2_TOOLCHAIN_HAS_SSP
depends on !BR2_SSP_NONE
help
Say 'y' here if you want to build ATF with SSP.
Your board must have SSP support in ATF: it must have an
implementation for plat_get_stack_protector_canary().
If you say 'y', the SSP level will be the level selected
by the global SSP setting.
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_SSP_LEVEL
string
# While newer versions of TF-A support "none" as
# ENABLE_STACK_PROTECTOR value, older versions (e.g 2.0) only
# supported "0" to disable SSP.
default "0" if !BR2_TARGET_ARM_TRUSTED_FIRMWARE_SSP
default "default" if BR2_SSP_REGULAR
default "strong" if BR2_SSP_STRONG
default "all" if BR2_SSP_ALL
endif