mirror of
https://git.busybox.net/buildroot.git
synced 2024-12-01 09:23:29 +08:00
5f432df7e2
Since commit
cf176128ec
("boot/arm-trusted-firmware:
add SSP option"), we are passing ENABLE_STACK_PROTECTOR=none when we
want to disable SSP usage in TF-A. While this works fine in recent
versions of TF-A, older versions such as TF-A will end up passing
-fstack-protector-none in this situation, which fails as this is not a
valid gcc option (the valid gcc option is -fno-stack-protector).
To solve this, we pass ENABLE_STACK_PROTECTOR=0 which was in older
TF-A versions used to say "don't do anything with SSP", and is also
still supported in newer versions of TF-A.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/1478738580
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
216 lines
6.6 KiB
Plaintext
216 lines
6.6 KiB
Plaintext
config BR2_TARGET_ARM_TRUSTED_FIRMWARE
|
|
bool "ARM Trusted Firmware (ATF)"
|
|
depends on (BR2_ARM_CPU_ARMV8A || BR2_ARM_CPU_ARMV7A) && \
|
|
(BR2_TARGET_UBOOT || BR2_TARGET_EDK2)
|
|
help
|
|
Enable this option if you want to build the ATF for your ARM
|
|
based embedded device.
|
|
|
|
https://github.com/ARM-software/arm-trusted-firmware
|
|
|
|
if BR2_TARGET_ARM_TRUSTED_FIRMWARE
|
|
choice
|
|
prompt "ATF Version"
|
|
help
|
|
Select the specific ATF version you want to use
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_LATEST_VERSION
|
|
bool "v2.5"
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_VERSION
|
|
bool "Custom version"
|
|
help
|
|
This option allows to use a specific official versions
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_TARBALL
|
|
bool "Custom tarball"
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_GIT
|
|
bool "Custom Git repository"
|
|
|
|
endchoice
|
|
|
|
if BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_TARBALL
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_TARBALL_LOCATION
|
|
string "URL of custom ATF tarball"
|
|
|
|
endif
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_VERSION_VALUE
|
|
string "ATF version"
|
|
depends on BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_VERSION
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_VERSION
|
|
string
|
|
default "v2.5" if BR2_TARGET_ARM_TRUSTED_FIRMWARE_LATEST_VERSION
|
|
default "custom" if BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_TARBALL
|
|
default BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_REPO_VERSION \
|
|
if BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_GIT
|
|
default BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_VERSION_VALUE \
|
|
if BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_VERSION
|
|
|
|
if BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_GIT
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_REPO_URL
|
|
string "URL of custom repository"
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_REPO_VERSION
|
|
string "Custom repository version"
|
|
help
|
|
Revision to use in the typical format used by Git
|
|
E.G. a sha id, a tag, ..
|
|
|
|
endif
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_PLATFORM
|
|
string "ATF platform"
|
|
help
|
|
Target plaform to build for.
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_FIP
|
|
bool "Build FIP image"
|
|
help
|
|
This option enables building the FIP image (Firmware Image
|
|
Package). This is typically the image format used by
|
|
platforms were ATF encapsulates the second stage bootloader
|
|
(such as U-Boot).
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_BL31
|
|
bool "Build BL31 image"
|
|
help
|
|
This option enables building the BL31 image. This is
|
|
typically used on platforms where another bootloader (e.g
|
|
U-Boot) encapsulates ATF BL31.
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_BL31_UBOOT
|
|
bool "Build BL31 U-Boot image"
|
|
select BR2_TARGET_ARM_TRUSTED_FIRMWARE_BL31
|
|
help
|
|
Generates a U-Boot image named atf-uboot.ub containing
|
|
bl31.bin. This is used for example by the Xilinx version of
|
|
U-Boot SPL to load ATF on the ZynqMP SoC.
|
|
|
|
choice
|
|
prompt "BL32"
|
|
default BR2_TARGET_ARM_TRUSTED_FIRMWARE_BL32_DEFAULT
|
|
help
|
|
Select BL32 stage for the trusted firmware
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_BL32_DEFAULT
|
|
bool "Default"
|
|
help
|
|
With this option selected, ATF will not use any BL32 stage,
|
|
unless if one is explicitly chosen using the SPD (for
|
|
AArch64) or AARCH32_SP (for AArch32) variables, which can be
|
|
passed through
|
|
BR2_TARGET_ARM_TRUSTED_FIRMWARE_ADDITIONAL_VARIABLES.
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_BL32_OPTEE
|
|
bool "OP-TEE OS"
|
|
depends on BR2_TARGET_OPTEE_OS
|
|
help
|
|
This option allows to embed OP-TEE OS as the BL32 part of
|
|
the ARM Trusted Firmware boot sequence.
|
|
|
|
endchoice
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_UBOOT_AS_BL33
|
|
bool "Use U-Boot as BL33"
|
|
depends on BR2_TARGET_UBOOT
|
|
help
|
|
This option allows to embed u-boot.bin as the BL33 part of
|
|
the ARM Trusted Firmware. It ensures that the u-boot package
|
|
gets built before ATF, and that the appropriate BL33
|
|
variable pointing to u-boot.bin is passed when building ATF.
|
|
|
|
if BR2_TARGET_ARM_TRUSTED_FIRMWARE_UBOOT_AS_BL33
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_UBOOT_BL33_IMAGE
|
|
string "U-Boot BL33 image name"
|
|
default "u-boot.bin"
|
|
help
|
|
Name of the U-Boot BL33 image to include in ATF, it must
|
|
have been installed to BINARIES_DIR by the U-Boot package.
|
|
|
|
endif
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_EDK2_AS_BL33
|
|
bool "Use EDK2 as BL33"
|
|
depends on BR2_TARGET_EDK2
|
|
help
|
|
This option allows to embed EDK2 as the BL33 part of
|
|
the ARM Trusted Firmware. It ensures that the EDK2 package
|
|
gets built before ATF, and that the appropriate BL33
|
|
variable pointing to the EDK2 is passed when building ATF.
|
|
|
|
Do not choose this option if you intend to build ATF and EDK2
|
|
for the 'qemu_sbsa' platform. In this case, due to the EDK2
|
|
build system, the dependency between ATF and EDK is reversed.
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_ADDITIONAL_TARGETS
|
|
string "Additional ATF make targets"
|
|
help
|
|
Additional targets for the ATF build
|
|
E.G. When using the QorIQ custom ATF repository from NXP,
|
|
the target 'pbl' can be used to build the pbl binary.
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_ADDITIONAL_VARIABLES
|
|
string "Additional ATF build variables"
|
|
help
|
|
Additional parameters for the ATF build
|
|
E.G. 'DEBUG=1 LOG_LEVEL=20'
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_DEBUG
|
|
bool "Build in debug mode"
|
|
help
|
|
Enable this option to build ATF with DEBUG=1.
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_IMAGES
|
|
string "Binary boot images"
|
|
default "*.bin"
|
|
help
|
|
Names of generated image files that are installed in the
|
|
output images/ directory.
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_NEEDS_DTC
|
|
bool "Needs dtc"
|
|
select BR2_PACKAGE_HOST_DTC
|
|
help
|
|
Select this option if your ATF board configuration
|
|
requires the Device Tree compiler to be available.
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_NEEDS_ARM32_TOOLCHAIN
|
|
bool "Needs arm-none-eabi toolchain"
|
|
depends on BR2_aarch64
|
|
depends on BR2_HOSTARCH = "x86_64"
|
|
help
|
|
Select this option if your ATF board configuration requires
|
|
an ARM32 bare metal toolchain to be available.
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_SSP
|
|
bool "Build with SSP"
|
|
default y
|
|
depends on BR2_TOOLCHAIN_HAS_SSP
|
|
depends on !BR2_SSP_NONE
|
|
help
|
|
Say 'y' here if you want to build ATF with SSP.
|
|
|
|
Your board must have SSP support in ATF: it must have an
|
|
implementation for plat_get_stack_protector_canary().
|
|
|
|
If you say 'y', the SSP level will be the level selected
|
|
by the global SSP setting.
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_SSP_LEVEL
|
|
string
|
|
# While newer versions of TF-A support "none" as
|
|
# ENABLE_STACK_PROTECTOR value, older versions (e.g 2.0) only
|
|
# supported "0" to disable SSP.
|
|
default "0" if !BR2_TARGET_ARM_TRUSTED_FIRMWARE_SSP
|
|
default "default" if BR2_SSP_REGULAR
|
|
default "strong" if BR2_SSP_STRONG
|
|
default "all" if BR2_SSP_ALL
|
|
|
|
endif
|