1# Default configuration values for OP-TEE core (all platforms). 2# 3# Platform-specific overrides are in core/arch/arm32/plat-*/conf.mk. 4# Some subsystem-specific defaults are not here but rather in */sub.mk. 5# 6# Configuration values may be assigned from multiple sources. 7# From higher to lower priority: 8# 9# 1. Make arguments ('make CFG_FOO=bar...') 10# 2. The file specified by $(CFG_OPTEE_CONFIG) (if defined) 11# 3. The environment ('CFG_FOO=bar make...') 12# 4. The platform-specific configuration file: core/arch/arm32/plat-*/conf.mk 13# 5. This file 14# 6. Subsystem-specific makefiles (*/sub.mk) 15# 16# Actual values used during the build are output to $(out-dir)/conf.mk 17# (CFG_* variables only). 18 19# Cross-compiler prefix and suffix 20CROSS_COMPILE ?= arm-linux-gnueabihf- 21CROSS_COMPILE32 ?= $(CROSS_COMPILE) 22CROSS_COMPILE64 ?= aarch64-linux-gnu- 23COMPILER ?= gcc 24 25# For convenience 26ifdef CFLAGS 27CFLAGS32 ?= $(CFLAGS) 28CFLAGS64 ?= $(CFLAGS) 29endif 30 31# Compiler warning level. 32# Supported values: undefined, 1, 2 and 3. 3 gives more warnings. 33WARNS ?= 3 34 35# Path to the Python interpreter used by the build system. 36# This variable is set to the default python3 interpreter in the user's 37# path. But build environments that require more explicit control can 38# set the path to a specific interpreter through this variable. 39PYTHON3 ?= python3 40 41# Define DEBUG=1 to compile without optimization (forces -O0) 42# DEBUG=1 43ifeq ($(DEBUG),1) 44# For backwards compatibility 45$(call force,CFG_CC_OPT_LEVEL,0) 46$(call force,CFG_DEBUG_INFO,y) 47endif 48 49# CFG_CC_OPT_LEVEL sets compiler optimization level passed with -O directive. 50# Optimize for size by default, usually gives good performance too. 51CFG_CC_OPT_LEVEL ?= s 52 53# Enabling CFG_DEBUG_INFO makes debug information embedded in core. 54CFG_DEBUG_INFO ?= y 55 56# If y, enable debug features of the TEE core (assertions and lock checks 57# are enabled, panic and assert messages are more verbose, data and prefetch 58# aborts show a stack dump). When disabled, the NDEBUG directive is defined 59# so assertions are disabled. 60CFG_TEE_CORE_DEBUG ?= y 61 62# Log levels for the TEE core. Defines which core messages are displayed 63# on the secure console. Disabling core log (level set to 0) also disables 64# logs from the TAs. 65# 0: none 66# 1: error 67# 2: error + info 68# 3: error + info + debug 69# 4: error + info + debug + flow 70CFG_TEE_CORE_LOG_LEVEL ?= 2 71 72# TA log level 73# If user-mode library libutils.a is built with CFG_TEE_TA_LOG_LEVEL=0, 74# TA tracing is disabled regardless of the value of CFG_TEE_TA_LOG_LEVEL 75# when the TA is built. 76CFG_TEE_TA_LOG_LEVEL ?= 1 77 78# TA enablement 79# When defined to "y", TA traces are output according to 80# CFG_TEE_TA_LOG_LEVEL. Otherwise, they are not output at all 81CFG_TEE_CORE_TA_TRACE ?= y 82 83# If y, enable the memory leak detection feature in the bget memory allocator. 84# When this feature is enabled, calling mdbg_check(1) will print a list of all 85# the currently allocated buffers and the location of the allocation (file and 86# line number). 87# Note: make sure the log level is high enough for the messages to show up on 88# the secure console! For instance: 89# - To debug user-mode (TA) allocations: build OP-TEE *and* the TA with: 90# $ make CFG_TEE_TA_MALLOC_DEBUG=y CFG_TEE_TA_LOG_LEVEL=3 91# - To debug TEE core allocations: build OP-TEE with: 92# $ make CFG_TEE_CORE_MALLOC_DEBUG=y CFG_TEE_CORE_LOG_LEVEL=3 93CFG_TEE_CORE_MALLOC_DEBUG ?= n 94CFG_TEE_TA_MALLOC_DEBUG ?= n 95# Prints an error message and dumps the stack on failed memory allocations 96# using malloc() and friends. 97CFG_CORE_DUMP_OOM ?= $(CFG_TEE_CORE_MALLOC_DEBUG) 98 99# Mask to select which messages are prefixed with long debugging information 100# (severity, core ID, thread ID, component name, function name, line number) 101# based on the message level. If BIT(level) is set, the long prefix is shown. 102# Otherwise a short prefix is used (severity and component name only). 103# Levels: 0=none 1=error 2=info 3=debug 4=flow 104CFG_MSG_LONG_PREFIX_MASK ?= 0x1a 105 106# PRNG configuration 107# If CFG_WITH_SOFTWARE_PRNG is enabled, crypto provider provided 108# software PRNG implementation is used. 109# Otherwise, you need to implement hw_get_random_bytes() for your platform 110CFG_WITH_SOFTWARE_PRNG ?= y 111 112# Number of threads 113CFG_NUM_THREADS ?= 2 114 115# API implementation version 116CFG_TEE_API_VERSION ?= GPD-1.1-dev 117 118# Implementation description (implementation-dependent) 119CFG_TEE_IMPL_DESCR ?= OPTEE 120 121# Should OPTEE_SMC_CALL_GET_OS_REVISION return a build identifier to Normal 122# World? 123CFG_OS_REV_REPORTS_GIT_SHA1 ?= y 124 125# The following values are not extracted from the "git describe" output because 126# we might be outside of a Git environment, or the tree may have been cloned 127# with limited depth not including any tag, so there is really no guarantee 128# that TEE_IMPL_VERSION contains the major and minor revision numbers. 129CFG_OPTEE_REVISION_MAJOR ?= 3 130CFG_OPTEE_REVISION_MINOR ?= 20 131CFG_OPTEE_REVISION_EXTRA ?= 132 133# Trusted OS implementation version 134TEE_IMPL_VERSION ?= $(shell git describe --always --dirty=-dev 2>/dev/null || \ 135 echo Unknown_$(CFG_OPTEE_REVISION_MAJOR).$(CFG_OPTEE_REVISION_MINOR))$(CFG_OPTEE_REVISION_EXTRA) 136ifeq ($(CFG_OS_REV_REPORTS_GIT_SHA1),y) 137TEE_IMPL_GIT_SHA1 := 0x$(shell git rev-parse --short=8 HEAD 2>/dev/null || echo 0) 138else 139TEE_IMPL_GIT_SHA1 := 0x0 140endif 141 142# Trusted OS implementation manufacturer name 143CFG_TEE_MANUFACTURER ?= LINARO 144 145# Trusted firmware version 146CFG_TEE_FW_IMPL_VERSION ?= FW_IMPL_UNDEF 147 148# Trusted OS implementation manufacturer name 149CFG_TEE_FW_MANUFACTURER ?= FW_MAN_UNDEF 150 151# Rich Execution Environment (REE) file system support: normal world OS 152# provides the actual storage. 153# This is the default FS when enabled (i.e., the one used when 154# TEE_STORAGE_PRIVATE is passed to the trusted storage API) 155CFG_REE_FS ?= y 156 157# RPMB file system support 158CFG_RPMB_FS ?= n 159 160# Enable roll-back protection of REE file system using RPMB. 161# Roll-back protection only works if CFG_RPMB_FS = y. 162CFG_REE_FS_INTEGRITY_RPMB ?= $(CFG_RPMB_FS) 163$(eval $(call cfg-depends-all,CFG_REE_FS_INTEGRITY_RPMB,CFG_RPMB_FS)) 164 165# Device identifier used when CFG_RPMB_FS = y. 166# The exact meaning of this value is platform-dependent. On Linux, the 167# tee-supplicant process will open /dev/mmcblk<id>rpmb 168CFG_RPMB_FS_DEV_ID ?= 0 169 170# This config variable determines the number of entries read in from RPMB at 171# once whenever a function traverses the RPMB FS. Increasing the default value 172# has the following consequences: 173# - More memory required on heap. A single FAT entry currently has a size of 174# 256 bytes. 175# - Potentially significant speed-ups for RPMB I/O. Depending on how many 176# entries a function needs to traverse, the number of time-consuming RPMB 177# read-in operations can be reduced. 178# Chosing a proper value is both platform- (available memory) and use-case- 179# dependent (potential number of FAT fs entries), so overwrite in platform 180# config files 181CFG_RPMB_FS_RD_ENTRIES ?= 8 182 183# Enables caching of FAT FS entries when set to a value greater than zero. 184# When enabled, the cache stores the first 'CFG_RPMB_FS_CACHE_ENTRIES' FAT FS 185# entries. The cache is populated when FAT FS entries are initially read in. 186# When traversing the FAT FS entries, we read from the cache instead of reading 187# in the entries from RPMB storage. Consequently, when a FAT FS entry is 188# written, the cache is updated. In scenarios where an estimate of the number 189# of FAT FS entries can be made, the cache may be specifically tailored to 190# store all entries. The caching can improve RPMB I/O at the cost 191# of additional memory. 192# Without caching, we temporarily require 193# CFG_RPMB_FS_RD_ENTRIES*sizeof(struct rpmb_fat_entry) bytes of heap memory 194# while traversing the FAT FS (e.g. in read_fat). 195# For example 8*256 bytes = 2kB while in read_fat. 196# With caching, we constantly require up to 197# CFG_RPMB_FS_CACHE_ENTRIES*sizeof(struct rpmb_fat_entry) bytes of heap memory 198# depending on how many elements are in the cache, and additional temporary 199# CFG_RPMB_FS_RD_ENTRIES*sizeof(struct rpmb_fat_entry) bytes of heap memory 200# in case the cache is too small to hold all elements when traversing. 201CFG_RPMB_FS_CACHE_ENTRIES ?= 0 202 203# Print RPMB data frames sent to and received from the RPMB device 204CFG_RPMB_FS_DEBUG_DATA ?= n 205 206# Clear RPMB content at cold boot 207CFG_RPMB_RESET_FAT ?= n 208 209# Use a hard coded RPMB key instead of deriving it from the platform HUK 210CFG_RPMB_TESTKEY ?= n 211 212# Enables RPMB key programming by the TEE, in case the RPMB partition has not 213# been configured yet. 214# !!! Security warning !!! 215# Do *NOT* enable this in product builds, as doing so would allow the TEE to 216# leak the RPMB key. 217# This option is useful in the following situations: 218# - Testing 219# - RPMB key provisioning in a controlled environment (factory setup) 220CFG_RPMB_WRITE_KEY ?= n 221 222_CFG_WITH_SECURE_STORAGE := $(call cfg-one-enabled,CFG_REE_FS CFG_RPMB_FS) 223 224# Signing key for OP-TEE TA's 225# When performing external HSM signing for TA's TA_SIGN_KEY can be set to dummy 226# key and then set TA_PUBLIC_KEY to match public key from the HSM. 227# TA_PUBLIC_KEY's public key will be embedded into OP-TEE OS. 228TA_SIGN_KEY ?= keys/default_ta.pem 229TA_PUBLIC_KEY ?= $(TA_SIGN_KEY) 230 231# Subkeys is a complement to the normal TA_SIGN_KEY where a subkey is used 232# to verify a TA instead. To sign a TA using a previously prepared subkey 233# two new options are added, TA_SUBKEY_ARGS and TA_SUBKEY_DEPS. It is 234# typically used by assigning the following in the TA Makefile: 235# BINARY = <TA-uuid-string> 236# TA_SIGN_KEY = subkey.pem 237# TA_SUBKEY_ARGS = --subkey subkey.bin --name subkey_ta 238# TA_SUBKEY_DEPS = subkey.bin 239# See the documentation for more details on subkeys. 240 241# Include lib/libutils/isoc in the build? Most platforms need this, but some 242# may not because they obtain the isoc functions from elsewhere 243CFG_LIBUTILS_WITH_ISOC ?= y 244 245# Enables floating point support for user TAs 246# ARM32: EABI defines both a soft-float ABI and a hard-float ABI, 247# hard-float is basically a super set of soft-float. Hard-float 248# requires all the support routines provided for soft-float, but the 249# compiler may choose to optimize to not use some of them and use 250# the floating-point registers instead. 251# ARM64: EABI doesn't define a soft-float ABI, everything is hard-float (or 252# nothing with ` -mgeneral-regs-only`) 253# With CFG_TA_FLOAT_SUPPORT enabled TA code is free use floating point types 254CFG_TA_FLOAT_SUPPORT ?= y 255 256# Stack unwinding: print a stack dump to the console on core or TA abort, or 257# when a TA panics. 258# If CFG_UNWIND is enabled, both the kernel and user mode call stacks can be 259# unwound (not paged TAs, however). 260# Note that 32-bit ARM code needs unwind tables for this to work, so enabling 261# this option will increase the size of the 32-bit TEE binary by a few KB. 262# Similarly, TAs have to be compiled with -funwind-tables (default when the 263# option is set) otherwise they can't be unwound. 264# Warning: since the unwind sequence for user-mode (TA) code is implemented in 265# the privileged layer of OP-TEE, enabling this feature will weaken the 266# user/kernel isolation. Therefore it should be disabled in release builds. 267ifeq ($(CFG_TEE_CORE_DEBUG),y) 268CFG_UNWIND ?= y 269endif 270 271# Enable support for dynamically loaded user TAs 272CFG_WITH_USER_TA ?= y 273 274# Choosing the architecture(s) of user-mode libraries (used by TAs) 275# 276# Platforms may define a list of supported architectures for user-mode code 277# by setting $(supported-ta-targets). Valid values are "ta_arm32", "ta_arm64", 278# "ta_arm32 ta_arm64" and "ta_arm64 ta_arm32". 279# $(supported-ta-targets) defaults to "ta_arm32" when the TEE core is 32-bits, 280# and "ta_arm32 ta_arm64" when it is 64-bits (that is, when CFG_ARM64_core=y). 281# The first entry in $(supported-ta-targets) has a special role, see 282# CFG_USER_TA_TARGET_<ta-name> below. 283# 284# CFG_USER_TA_TARGETS may be defined to restrict $(supported-ta-targets) or 285# change the order of the values. 286# 287# The list of TA architectures is ultimately stored in $(ta-targets). 288 289# CFG_USER_TA_TARGET_<ta-name> (for example, CFG_USER_TA_TARGET_avb), if 290# defined, selects the unique TA architecture mode for building the in-tree TA 291# <ta-name>. Can be either ta_arm32 or ta_arm64. 292# By default, in-tree TAs are built using the first architecture specified in 293# $(ta-targets). 294 295# Address Space Layout Randomization for user-mode Trusted Applications 296# 297# When this flag is enabled, the ELF loader will introduce a random offset 298# when mapping the application in user space. ASLR makes the exploitation of 299# memory corruption vulnerabilities more difficult. 300CFG_TA_ASLR ?= y 301 302# How much ASLR may shift the base address (in pages). The base address is 303# randomly shifted by an integer number of pages comprised between these two 304# values. Bigger ranges are more secure because they make the addresses harder 305# to guess at the expense of using more memory for the page tables. 306CFG_TA_ASLR_MIN_OFFSET_PAGES ?= 0 307CFG_TA_ASLR_MAX_OFFSET_PAGES ?= 128 308 309# Address Space Layout Randomization for TEE Core 310# 311# When this flag is enabled, the early init code will introduce a random 312# offset when mapping TEE Core. ASLR makes the exploitation of memory 313# corruption vulnerabilities more difficult. 314CFG_CORE_ASLR ?= y 315 316# Stack Protection for TEE Core 317# This flag enables the compiler stack protection mechanisms -fstack-protector. 318# It will check the stack canary value before returning from a function to 319# prevent buffer overflow attacks. Stack protector canary logic will be added 320# for vulnerable functions that contain: 321# - A character array larger than 8 bytes. 322# - An 8-bit integer array larger than 8 bytes. 323# - A call to alloca() with either a variable size or a constant size bigger 324# than 8 bytes. 325CFG_CORE_STACK_PROTECTOR ?= n 326# This enable stack protector flag -fstack-protector-strong. Stack protector 327# canary logic will be added for vulnerable functions that contain: 328# - An array of any size and type. 329# - A call to alloca(). 330# - A local variable that has its address taken. 331CFG_CORE_STACK_PROTECTOR_STRONG ?= y 332# This enable stack protector flag -fstack-protector-all. Stack protector canary 333# logic will be added to all functions regardless of their vulnerability. 334CFG_CORE_STACK_PROTECTOR_ALL ?= n 335# Stack Protection for TA 336CFG_TA_STACK_PROTECTOR ?= n 337CFG_TA_STACK_PROTECTOR_STRONG ?= y 338CFG_TA_STACK_PROTECTOR_ALL ?= n 339 340_CFG_CORE_STACK_PROTECTOR := $(call cfg-one-enabled, CFG_CORE_STACK_PROTECTOR \ 341 CFG_CORE_STACK_PROTECTOR_STRONG \ 342 CFG_CORE_STACK_PROTECTOR_ALL) 343_CFG_TA_STACK_PROTECTOR := $(call cfg-one-enabled, CFG_TA_STACK_PROTECTOR \ 344 CFG_TA_STACK_PROTECTOR_STRONG \ 345 CFG_TA_STACK_PROTECTOR_ALL) 346 347# Load user TAs from the REE filesystem via tee-supplicant 348CFG_REE_FS_TA ?= y 349 350# Pre-authentication of TA binaries loaded from the REE filesystem 351# 352# - If CFG_REE_FS_TA_BUFFERED=y: load TA binary into a temporary buffer in the 353# "Secure DDR" pool, check the signature, then process the file only if it is 354# valid. 355# - If disabled: hash the binaries as they are being processed and verify the 356# signature as a last step. 357CFG_REE_FS_TA_BUFFERED ?= n 358$(eval $(call cfg-depends-all,CFG_REE_FS_TA_BUFFERED,CFG_REE_FS_TA)) 359 360# When CFG_REE_FS=y and CFG_RPMB_FS=y: 361# Allow secure storage in the REE FS to be entirely deleted without causing 362# anti-rollback errors. That is, rm /data/tee/dirf.db or rm -rf /data/tee (or 363# whatever path is configured in tee-supplicant as CFG_TEE_FS_PARENT_PATH) 364# can be used to reset the secure storage to a clean, empty state. 365# Typically used for testing only since it weakens storage security. 366CFG_REE_FS_ALLOW_RESET ?= n 367 368# Support for loading user TAs from a special section in the TEE binary. 369# Such TAs are available even before tee-supplicant is available (hence their 370# name), but note that many services exported to TAs may need tee-supplicant, 371# so early use is limited to a subset of the TEE Internal Core API (crypto...) 372# To use this feature, set EARLY_TA_PATHS to the paths to one or more TA ELF 373# file(s). For example: 374# $ make ... \ 375# EARLY_TA_PATHS="path/to/8aaaf200-2450-11e4-abe2-0002a5d5c51b.stripped.elf \ 376# path/to/cb3e5ba0-adf1-11e0-998b-0002a5d5c51b.stripped.elf" 377# Typical build steps: 378# $ make ta_dev_kit CFG_EARLY_TA=y # Create the dev kit (user mode libraries, 379# # headers, makefiles), ready to build TAs. 380# # CFG_EARLY_TA=y is optional, it prevents 381# # later library recompilations. 382# <build some TAs> 383# $ make EARLY_TA_PATHS=<paths> # Build OP-TEE and embbed the TA(s) 384# 385# Another option is CFG_IN_TREE_EARLY_TAS which is used to point at 386# in-tree TAs. CFG_IN_TREE_EARLY_TAS is formatted as: 387# <name-of-ta>/<uuid> 388# for instance avb/023f8f1a-292a-432b-8fc4-de8471358067 389ifneq ($(EARLY_TA_PATHS)$(CFG_IN_TREE_EARLY_TAS),) 390$(call force,CFG_EARLY_TA,y) 391else 392CFG_EARLY_TA ?= n 393endif 394 395ifeq ($(CFG_EARLY_TA),y) 396$(call force,CFG_EMBEDDED_TS,y) 397endif 398 399ifneq ($(SP_PATHS),) 400$(call force,CFG_EMBEDDED_TS,y) 401else 402CFG_SECURE_PARTITION ?= n 403endif 404 405ifeq ($(CFG_SECURE_PARTITION),y) 406$(call force,CFG_EMBEDDED_TS,y) 407endif 408 409ifeq ($(CFG_EMBEDDED_TS),y) 410$(call force,CFG_ZLIB,y) 411endif 412 413# By default the early TAs are compressed in the TEE binary, it is possible to 414# not compress them with CFG_EARLY_TA_COMPRESS=n 415CFG_EARLY_TA_COMPRESS ?= y 416 417# Enable paging, requires SRAM, can't be enabled by default 418CFG_WITH_PAGER ?= n 419 420# Use the pager for user TAs 421CFG_PAGED_USER_TA ?= $(CFG_WITH_PAGER) 422 423# If paging of user TAs, that is, R/W paging default to enable paging of 424# TAG and IV in order to reduce heap usage. 425CFG_CORE_PAGE_TAG_AND_IV ?= $(CFG_PAGED_USER_TA) 426 427# Runtime lock dependency checker: ensures that a proper locking hierarchy is 428# used in the TEE core when acquiring and releasing mutexes. Any violation will 429# cause a panic as soon as the invalid locking condition is detected. If 430# CFG_UNWIND and CFG_LOCKDEP_RECORD_STACK are both enabled, the algorithm 431# records the call stacks when locks are taken, and prints them when a 432# potential deadlock is found. 433# Expect a significant performance impact when enabling this. 434CFG_LOCKDEP ?= n 435CFG_LOCKDEP_RECORD_STACK ?= y 436 437# BestFit algorithm in bget reduces the fragmentation of the heap when running 438# with the pager enabled or lockdep 439CFG_CORE_BGET_BESTFIT ?= $(call cfg-one-enabled, CFG_WITH_PAGER CFG_LOCKDEP) 440 441# Enable support for detected undefined behavior in C 442# Uses a lot of memory, can't be enabled by default 443CFG_CORE_SANITIZE_UNDEFINED ?= n 444 445# Enable Kernel Address sanitizer, has a huge performance impact, uses a 446# lot of memory and need platform specific adaptations, can't be enabled by 447# default 448CFG_CORE_SANITIZE_KADDRESS ?= n 449 450# Add stack guards before/after stacks and periodically check them 451CFG_WITH_STACK_CANARIES ?= y 452 453# Use compiler instrumentation to troubleshoot stack overflows. 454# When enabled, most C functions check the stack pointer against the current 455# stack limits on entry and panic immediately if it is out of range. 456CFG_CORE_DEBUG_CHECK_STACKS ?= n 457 458# Use when the default stack allocations are not sufficient. 459CFG_STACK_THREAD_EXTRA ?= 0 460CFG_STACK_TMP_EXTRA ?= 0 461 462# Device Tree support 463# 464# When CFG_DT is enabled core embeds the FDT library (libfdt) allowing 465# device tree blob (DTB) parsing from the core. 466# 467# When CFG_DT is enabled, the TEE _start function expects to find 468# the address of a DTB in register X2/R2 provided by the early boot stage 469# or value 0 if boot stage provides no DTB. 470# 471# When CFG_EXTERNAL_DT is enabled, the external device tree ABI is implemented 472# and the external device tree is expected to be used/modified. Its value 473# defaults to CFG_DT. 474# 475# When CFG_MAP_EXT_DT_SECURE is enabled the external device tree is expected to 476# be in the secure memory. 477# 478# When CFG_EMBED_DTB is enabled, CFG_EMBED_DTB_SOURCE_FILE shall define the 479# relative path of a DTS file located in core/arch/$(ARCH)/dts. 480# The DTS file is compiled into a DTB file which content is embedded in a 481# read-only section of the core. 482ifneq ($(strip $(CFG_EMBED_DTB_SOURCE_FILE)),) 483CFG_EMBED_DTB ?= y 484endif 485ifeq ($(CFG_EMBED_DTB),y) 486$(call force,CFG_DT,y) 487endif 488CFG_EMBED_DTB ?= n 489CFG_DT ?= n 490CFG_EXTERNAL_DT ?= $(CFG_DT) 491CFG_MAP_EXT_DT_SECURE ?= n 492ifeq ($(CFG_MAP_EXT_DT_SECURE),y) 493$(call force,CFG_DT,y) 494endif 495 496# Maximum size of the Device Tree Blob, has to be large enough to allow 497# editing of the supplied DTB. 498CFG_DTB_MAX_SIZE ?= 0x10000 499 500# Maximum size of the init info data passed to Secure Partitions. 501CFG_SP_INIT_INFO_MAX_SIZE ?= 0x1000 502 503# Device Tree Overlay support. 504# CFG_EXTERNAL_DTB_OVERLAY allows to append a DTB overlay into an existing 505# external DTB. The overlay is created when no valid DTB overlay is found. 506# CFG_GENERATE_DTB_OVERLAY allows to create a DTB overlay at external 507# DTB location. 508# External DTB location (physical address) is provided either by boot 509# argument arg2 or from CFG_DT_ADDR if defined. 510# A subsequent boot stage can then merge the generated overlay DTB into a main 511# DTB using the standard fdt_overlay_apply() method. 512CFG_EXTERNAL_DTB_OVERLAY ?= n 513CFG_GENERATE_DTB_OVERLAY ?= n 514 515ifeq (y-y,$(CFG_EXTERNAL_DTB_OVERLAY)-$(CFG_GENERATE_DTB_OVERLAY)) 516$(error CFG_EXTERNAL_DTB_OVERLAY and CFG_GENERATE_DTB_OVERLAY are exclusive) 517endif 518_CFG_USE_DTB_OVERLAY := $(call cfg-one-enabled,CFG_EXTERNAL_DTB_OVERLAY \ 519 CFG_GENERATE_DTB_OVERLAY) 520 521# All embedded tests are supposed to be disabled by default, this flag 522# is used to control the default value of all other embedded tests 523CFG_ENABLE_EMBEDDED_TESTS ?= n 524 525# Enable core self tests and related pseudo TAs 526CFG_TEE_CORE_EMBED_INTERNAL_TESTS ?= $(CFG_ENABLE_EMBEDDED_TESTS) 527 528# Compiles bget_main_test() to be called from a test TA 529CFG_TA_BGET_TEST ?= $(CFG_ENABLE_EMBEDDED_TESTS) 530 531# CFG_DT_DRIVER_EMBEDDED_TEST when enabled embedb DT driver probing tests. 532# This also requires embeddeding a DTB with expected content. 533# Defautl disable CFG_DRIVERS_CLK_EARLY_PROBE to probe clocks as other drivers. 534# A probe deferral test mandates CFG_DRIVERS_DT_RECURSIVE_PROBE=n. 535CFG_DT_DRIVER_EMBEDDED_TEST ?= n 536ifeq ($(CFG_DT_DRIVER_EMBEDDED_TEST),y) 537CFG_DRIVERS_CLK ?= y 538CFG_DRIVERS_RSTCTRL ?= y 539CFG_DRIVERS_CLK_EARLY_PROBE ?= n 540$(call force,CFG_DRIVERS_DT_RECURSIVE_PROBE,n,Mandated by CFG_DT_DRIVER_EMBEDDED_TEST) 541endif 542 543# CFG_DRIVERS_DT_RECURSIVE_PROBE when enabled forces a recursive subnode 544# parsing in the embedded DTB for driver probing. The alternative is 545# an exploration based on compatible drivers found. It is default disabled. 546CFG_DRIVERS_DT_RECURSIVE_PROBE ?= n 547 548# This option enables OP-TEE to respond to SMP boot request: the Rich OS 549# issues this to request OP-TEE to release secondaries cores out of reset, 550# with specific core number and non-secure entry address. 551CFG_BOOT_SECONDARY_REQUEST ?= n 552 553# Default heap size for Core, 64 kB 554CFG_CORE_HEAP_SIZE ?= 65536 555 556# Default size of nexus heap. 16 kB. Used only if CFG_VIRTUALIZATION 557# is enabled 558CFG_CORE_NEX_HEAP_SIZE ?= 16384 559 560# TA profiling. 561# When this option is enabled, OP-TEE can execute Trusted Applications 562# instrumented with GCC's -pg flag and will output profiling information 563# in gmon.out format to /tmp/gmon-<ta_uuid>.out (path is defined in 564# tee-supplicant) 565# Note: this does not work well with shared libraries at the moment for a 566# couple of reasons: 567# 1. The profiling code assumes a unique executable section in the TA VA space. 568# 2. The code used to detect at run time if the TA is intrumented assumes that 569# the TA is linked statically. 570CFG_TA_GPROF_SUPPORT ?= n 571 572# TA function tracing. 573# When this option is enabled, OP-TEE can execute Trusted Applications 574# instrumented with GCC's -pg flag and will output function tracing 575# information in ftrace.out format to /tmp/ftrace-<ta_uuid>.out (path is 576# defined in tee-supplicant) 577CFG_FTRACE_SUPPORT ?= n 578 579# How to make room when the function tracing buffer is full? 580# 'shift': shift the previously stored data by the amount needed in order 581# to always keep the latest logs (slower, especially with big buffer sizes) 582# 'wrap': discard the previous data and start at the beginning of the buffer 583# again (fast, but can result in a mostly empty buffer) 584# 'stop': stop logging new data 585CFG_FTRACE_BUF_WHEN_FULL ?= shift 586$(call cfg-check-value,FTRACE_BUF_WHEN_FULL,shift stop wrap) 587$(call force,_CFG_FTRACE_BUF_WHEN_FULL_$(CFG_FTRACE_BUF_WHEN_FULL),y) 588 589# Function tracing: unit to be used when displaying durations 590# 0: always display durations in microseconds 591# >0: if duration is greater or equal to the specified value (in microseconds), 592# display it in milliseconds 593CFG_FTRACE_US_MS ?= 10000 594 595# Core syscall function tracing. 596# When this option is enabled, OP-TEE core is instrumented with GCC's 597# -pg flag and will output syscall function graph in user TA ftrace 598# buffer 599CFG_SYSCALL_FTRACE ?= n 600$(call cfg-depends-all,CFG_SYSCALL_FTRACE,CFG_FTRACE_SUPPORT) 601 602# Enable to compile user TA libraries with profiling (-pg). 603# Depends on CFG_TA_GPROF_SUPPORT or CFG_FTRACE_SUPPORT. 604CFG_ULIBS_MCOUNT ?= n 605# Profiling/tracing of syscall wrapper (utee_*) 606CFG_SYSCALL_WRAPPERS_MCOUNT ?= $(CFG_ULIBS_MCOUNT) 607 608ifeq (y,$(filter y,$(CFG_ULIBS_MCOUNT) $(CFG_SYSCALL_WRAPPERS_MCOUNT))) 609ifeq (,$(filter y,$(CFG_TA_GPROF_SUPPORT) $(CFG_FTRACE_SUPPORT))) 610$(error Cannot instrument user libraries if user mode profiling is disabled) 611endif 612endif 613 614# Build libutee, libutils, libmbedtls as shared libraries. 615# - Static libraries are still generated when this is enabled, but TAs will use 616# the shared libraries unless explicitly linked with the -static flag. 617# - Shared libraries are made of two files: for example, libutee is 618# libutee.so and 527f1a47-b92c-4a74-95bd-72f19f4a6f74.ta. The '.so' file 619# is a totally standard shared object, and should be used to link against. 620# The '.ta' file is a signed version of the '.so' and should be installed 621# in the same way as TAs so that they can be found at runtime. 622CFG_ULIBS_SHARED ?= n 623 624ifeq (y-y,$(CFG_TA_GPROF_SUPPORT)-$(CFG_ULIBS_SHARED)) 625$(error CFG_TA_GPROF_SUPPORT and CFG_ULIBS_SHARED are currently incompatible) 626endif 627 628# CFG_GP_SOCKETS 629# Enable Global Platform Sockets support 630CFG_GP_SOCKETS ?= y 631 632# Enable Secure Data Path support in OP-TEE core (TA may be invoked with 633# invocation parameters referring to specific secure memories). 634CFG_SECURE_DATA_PATH ?= n 635 636# Enable storage for TAs in secure storage, depends on CFG_REE_FS=y 637# TA binaries are stored encrypted in the REE FS and are protected by 638# metadata in secure storage. 639CFG_SECSTOR_TA ?= $(call cfg-all-enabled,CFG_REE_FS CFG_WITH_USER_TA) 640$(eval $(call cfg-depends-all,CFG_SECSTOR_TA,CFG_REE_FS CFG_WITH_USER_TA)) 641 642# Enable the pseudo TA that managages TA storage in secure storage 643CFG_SECSTOR_TA_MGMT_PTA ?= $(call cfg-all-enabled,CFG_SECSTOR_TA) 644$(eval $(call cfg-depends-all,CFG_SECSTOR_TA_MGMT_PTA,CFG_SECSTOR_TA)) 645 646# Enable the pseudo TA for misc. auxilary services, extending existing 647# GlobalPlatform TEE Internal Core API (for example, re-seeding RNG entropy 648# pool etc...) 649CFG_SYSTEM_PTA ?= $(CFG_WITH_USER_TA) 650$(eval $(call cfg-depends-all,CFG_SYSTEM_PTA,CFG_WITH_USER_TA)) 651 652# Enable the pseudo TA for enumeration of TEE based devices for the normal 653# world OS. 654CFG_DEVICE_ENUM_PTA ?= y 655 656# The attestation pseudo TA provides an interface to request measurements of 657# a TA or the TEE binary. 658CFG_ATTESTATION_PTA ?= n 659$(eval $(call cfg-depends-all,CFG_ATTESTATION_PTA,_CFG_WITH_SECURE_STORAGE)) 660 661# RSA key size (in bits) for the attestation PTA. Must be at least 528 given 662# other algorithm parameters (RSA PSS with SHA-256 and 32-byte salt), but 663# note that such a low value is not secure. 664# See https://tools.ietf.org/html/rfc8017#section-8.1.1 and 665# https://tools.ietf.org/html/rfc8017#section-9.1.1 666# emLen >= hlen + sLen + 2 = 32 + 32 + 2 = 66 667# emLen = ceil((modBits - 1) / 8) => emLen is the key size in bytes 668CFG_ATTESTATION_PTA_KEY_SIZE ?= 3072 669 670# Define the number of cores per cluster used in calculating core position. 671# The cluster number is shifted by this value and added to the core ID, 672# so its value represents log2(cores/cluster). 673# Default is 2**(2) = 4 cores per cluster. 674CFG_CORE_CLUSTER_SHIFT ?= 2 675 676# Define the number of threads per core used in calculating processing 677# element's position. The core number is shifted by this value and added to 678# the thread ID, so its value represents log2(threads/core). 679# Default is 2**(0) = 1 threads per core. 680CFG_CORE_THREAD_SHIFT ?= 0 681 682# Enable support for dynamic shared memory (shared memory anywhere in 683# non-secure memory). 684CFG_CORE_DYN_SHM ?= y 685 686# Enable support for reserved shared memory (shared memory in a carved out 687# memory area). 688CFG_CORE_RESERVED_SHM ?= y 689 690# Enables support for larger physical addresses, that is, it will define 691# paddr_t as a 64-bit type. 692CFG_CORE_LARGE_PHYS_ADDR ?= n 693 694# Define the maximum size, in bits, for big numbers in the Internal Core API 695# Arithmetical functions. This does *not* influence the key size that may be 696# manipulated through the Cryptographic API. 697# Set this to a lower value to reduce the TA memory footprint. 698CFG_TA_BIGNUM_MAX_BITS ?= 2048 699 700# Define the maximum size, in bits, for big numbers in the TEE core (privileged 701# layer). 702# This value is an upper limit for the key size in any cryptographic algorithm 703# implemented by the TEE core. 704# Set this to a lower value to reduce the memory footprint. 705CFG_CORE_BIGNUM_MAX_BITS ?= 4096 706 707# Not used since libmpa was removed. Force the values to catch build scripts 708# that would set = n. 709$(call force,CFG_TA_MBEDTLS_MPI,y) 710$(call force,CFG_TA_MBEDTLS,y) 711 712# Compile the TA library mbedTLS with self test functions, the functions 713# need to be called to test anything 714CFG_TA_MBEDTLS_SELF_TEST ?= y 715 716# By default use tomcrypt as the main crypto lib providing an implementation 717# for the API in <crypto/crypto.h> 718# CFG_CRYPTOLIB_NAME is used as libname and 719# CFG_CRYPTOLIB_DIR is used as libdir when compiling the library 720# 721# It's also possible to configure to use mbedtls instead of tomcrypt. 722# Then the variables should be assigned as "CFG_CRYPTOLIB_NAME=mbedtls" and 723# "CFG_CRYPTOLIB_DIR=lib/libmbedtls" respectively. 724CFG_CRYPTOLIB_NAME ?= tomcrypt 725CFG_CRYPTOLIB_DIR ?= core/lib/libtomcrypt 726 727# Not used since libmpa was removed. Force the value to catch build scripts 728# that would set = n. 729$(call force,CFG_CORE_MBEDTLS_MPI,y) 730 731# Enable virtualization support. OP-TEE will not work without compatible 732# hypervisor if this option is enabled. 733CFG_VIRTUALIZATION ?= n 734 735ifeq ($(CFG_VIRTUALIZATION),y) 736$(call force,CFG_CORE_RODATA_NOEXEC,y) 737$(call force,CFG_CORE_RWDATA_NOEXEC,y) 738 739# Default number of virtual guests 740CFG_VIRT_GUEST_COUNT ?= 2 741endif 742 743# Enables backwards compatible derivation of RPMB and SSK keys 744CFG_CORE_HUK_SUBKEY_COMPAT ?= y 745 746# Use SoC specific tee_otp_get_die_id() implementation for SSK key generation. 747# This option depends on CFG_CORE_HUK_SUBKEY_COMPAT=y. 748CFG_CORE_HUK_SUBKEY_COMPAT_USE_OTP_DIE_ID ?= n 749 750# Compress and encode conf.mk into the TEE core, and show the encoded string on 751# boot (with severity TRACE_INFO). 752CFG_SHOW_CONF_ON_BOOT ?= n 753 754# Enables support for passing a TPM Event Log stored in secure memory 755# to a TA or FF-A SP, so a TPM Service could use it to extend any measurement 756# taken before the service was up and running. 757CFG_CORE_TPM_EVENT_LOG ?= n 758 759# When enabled, CFG_SCMI_MSG_DRIVERS embeds SCMI message drivers in the core. 760# Refer to the supported SCMI features embedded upon CFG_SCMI_MSG_* 761# 762# CFG_SCMI_MSG_CLOCK embeds SCMI clock protocol support. 763# CFG_SCMI_MSG_RESET_DOMAIN embeds SCMI reset domain protocol support. 764# CFG_SCMI_MSG_SMT embeds a SMT header in shared device memory buffers 765# CFG_SCMI_MSG_VOLTAGE_DOMAIN embeds SCMI voltage domain protocol support. 766# CFG_SCMI_MSG_SMT_FASTCALL_ENTRY embeds fastcall SMC entry with SMT memory 767# CFG_SCMI_MSG_SMT_INTERRUPT_ENTRY embeds interrupt entry with SMT memory 768# CFG_SCMI_MSG_SMT_THREAD_ENTRY embeds threaded entry with SMT memory 769# CFG_SCMI_MSG_SHM_MSG embeds a MSG header in cached shared memory buffer 770CFG_SCMI_MSG_DRIVERS ?= n 771ifeq ($(CFG_SCMI_MSG_DRIVERS),y) 772CFG_SCMI_MSG_CLOCK ?= n 773CFG_SCMI_MSG_RESET_DOMAIN ?= n 774CFG_SCMI_MSG_SHM_MSG ?= n 775CFG_SCMI_MSG_SMT ?= n 776CFG_SCMI_MSG_SMT_FASTCALL_ENTRY ?= n 777CFG_SCMI_MSG_SMT_INTERRUPT_ENTRY ?= n 778CFG_SCMI_MSG_SMT_THREAD_ENTRY ?= n 779CFG_SCMI_MSG_THREAD_ENTRY ?= n 780CFG_SCMI_MSG_VOLTAGE_DOMAIN ?= n 781$(eval $(call cfg-depends-all,CFG_SCMI_MSG_SMT_FASTCALL_ENTRY,CFG_SCMI_MSG_SMT)) 782$(eval $(call cfg-depends-all,CFG_SCMI_MSG_SMT_INTERRUPT_ENTRY,CFG_SCMI_MSG_SMT)) 783$(eval $(call cfg-depends-one,CFG_SCMI_MSG_SMT_THREAD_ENTRY,CFG_SCMI_MSG_SMT CFG_SCMI_MSG_SHM_MSG)) 784ifeq ($(CFG_SCMI_MSG_SMT),y) 785_CFG_SCMI_PTA_SMT_HEADER := y 786endif 787ifeq ($(CFG_SCMI_MSG_SHM_MSG),y) 788_CFG_SCMI_PTA_MSG_HEADER := y 789endif 790endif 791 792# CFG_SCMI_SCPFW, when enabled, embeds the reference SCMI server implementation 793# from SCP-firmware package as an built-in SCMI stack in core. This 794# configuration mandates target product identifier is configured with 795# CFG_SCMI_SCPFW_PRODUCT and the SCP-firmware source tree path with 796# CFG_SCP_FIRMWARE. 797CFG_SCMI_SCPFW ?= n 798 799ifeq ($(CFG_SCMI_SCPFW),y) 800$(call force,CFG_SCMI_PTA,y,Required by CFG_SCMI_SCPFW) 801ifeq (,$(CFG_SCMI_SCPFW_PRODUCT)) 802$(error CFG_SCMI_SCPFW=y requires CFG_SCMI_SCPFW_PRODUCT configuration) 803endif 804ifeq (,$(wildcard $(CFG_SCP_FIRMWARE)/CMakeLists.txt)) 805$(error CFG_SCMI_SCPFW=y requires CFG_SCP_FIRMWARE configuration) 806endif 807endif #CFG_SCMI_SCPFW 808 809ifeq ($(CFG_SCMI_MSG_DRIVERS)-$(CFG_SCMI_SCPFW),y-y) 810$(error CFG_SCMI_MSG_DRIVERS=y and CFG_SCMI_SCPFW=y are mutually exclusive) 811endif 812 813# Enable SCMI PTA interface for REE SCMI agents 814CFG_SCMI_PTA ?= n 815ifeq ($(CFG_SCMI_PTA),y) 816_CFG_SCMI_PTA_SMT_HEADER ?= n 817_CFG_SCMI_PTA_MSG_HEADER ?= n 818endif 819 820ifneq ($(CFG_STMM_PATH),) 821$(call force,CFG_WITH_STMM_SP,y) 822else 823CFG_WITH_STMM_SP ?= n 824endif 825ifeq ($(CFG_WITH_STMM_SP),y) 826$(call force,CFG_ZLIB,y) 827endif 828 829# When enabled checks that buffers passed to the GP Internal Core API 830# comply with the rules added as annotations as part of the definition of 831# the API. For example preventing buffers in non-secure shared memory when 832# not allowed. 833CFG_TA_STRICT_ANNOTATION_CHECKS ?= y 834 835# When enabled accepts the DES key sizes excluding parity bits as in 836# the GP Internal API Specification v1.0 837CFG_COMPAT_GP10_DES ?= y 838 839# Defines a limit for many levels TAs may call each others. 840CFG_CORE_MAX_SYSCALL_RECURSION ?= 4 841 842# Pseudo-TA to export hardware RNG output to Normal World 843# RNG characteristics are platform specific 844CFG_HWRNG_PTA ?= n 845ifeq ($(CFG_HWRNG_PTA),y) 846# Output rate of hw_get_random_bytes() in bytes per second, 0: not rate-limited 847CFG_HWRNG_RATE ?= 0 848# Quality/entropy of hw_get_random_bytes() per 1024 bits of output data, in bits 849ifeq (,$(CFG_HWRNG_QUALITY)) 850$(error CFG_HWRNG_QUALITY not defined) 851endif 852endif 853 854# CFG_PREALLOC_RPC_CACHE, when enabled, makes core to preallocate 855# shared memory for each secure thread. When disabled, RPC shared 856# memory is released once the secure thread has completed is execution. 857ifeq ($(CFG_WITH_PAGER),y) 858CFG_PREALLOC_RPC_CACHE ?= n 859endif 860CFG_PREALLOC_RPC_CACHE ?= y 861 862# When enabled, CFG_DRIVERS_CLK embeds a clock framework in OP-TEE core. 863# This clock framework allows to describe clock tree and provides functions to 864# get and configure the clocks. 865# CFG_DRIVERS_CLK_DT embeds devicetree clock parsing support 866# CFG_DRIVERS_CLK_FIXED add support for "fixed-clock" compatible clocks 867# CFG_DRIVERS_CLK_EARLY_PROBE makes clocks probed at early_init initcall level. 868CFG_DRIVERS_CLK ?= n 869CFG_DRIVERS_CLK_DT ?= $(call cfg-all-enabled,CFG_DRIVERS_CLK CFG_DT) 870CFG_DRIVERS_CLK_FIXED ?= $(CFG_DRIVERS_CLK_DT) 871CFG_DRIVERS_CLK_EARLY_PROBE ?= $(CFG_DRIVERS_CLK_DT) 872 873$(eval $(call cfg-depends-all,CFG_DRIVERS_CLK_DT,CFG_DRIVERS_CLK CFG_DT)) 874$(eval $(call cfg-depends-all,CFG_DRIVERS_CLK_FIXED,CFG_DRIVERS_CLK_DT)) 875 876# When enabled, CFG_DRIVERS_RSTCTRL embeds a reset controller framework in 877# OP-TEE core to provide reset controls on subsystems of the devices. 878CFG_DRIVERS_RSTCTRL ?= n 879 880# The purpose of this flag is to show a print when booting up the device that 881# indicates whether the board runs a standard developer configuration or not. 882# A developer configuration doesn't necessarily has to be secure. The intention 883# is that the one making products based on OP-TEE should override this flag in 884# plat-xxx/conf.mk for the platform they're basing their products on after 885# they've finalized implementing stubbed functionality (see OP-TEE 886# documentation/Porting guidelines) as well as vendor specific security 887# configuration. 888CFG_WARN_INSECURE ?= y 889 890# Enables warnings for declarations mixed with statements 891CFG_WARN_DECL_AFTER_STATEMENT ?= y 892 893# Branch Target Identification (part of the ARMv8.5 Extensions) provides a 894# mechanism to limit the set of locations to which computed branch instructions 895# such as BR or BLR can jump. To make use of BTI in TEE core and ldelf on CPU's 896# that support it, enable this option. A GCC toolchain built with 897# --enable-standard-branch-protection is needed to use this option. 898CFG_CORE_BTI ?= n 899 900$(eval $(call cfg-depends-all,CFG_CORE_BTI,CFG_ARM64_core)) 901 902# To make use of BTI in user space libraries and TA's on CPU's that support it, 903# enable this option. 904CFG_TA_BTI ?= $(CFG_CORE_BTI) 905 906$(eval $(call cfg-depends-all,CFG_TA_BTI,CFG_ARM64_core)) 907 908ifeq (y-y,$(CFG_VIRTUALIZATION)-$(call cfg-one-enabled, CFG_TA_BTI CFG_CORE_BTI)) 909$(error CFG_VIRTUALIZATION and BTI are currently incompatible) 910endif 911 912ifeq (y-y,$(CFG_PAGED_USER_TA)-$(CFG_TA_BTI)) 913$(error CFG_PAGED_USER_TA and CFG_TA_BTI are currently incompatible) 914endif 915 916# Memory Tagging Extension (part of the ARMv8.5 Extensions) implements lock 917# and key access to memory. This is a hardware supported alternative to 918# CFG_CORE_SANITIZE_KADDRESS which covers both S-EL1 and S-EL0. 919CFG_MEMTAG ?= n 920 921$(eval $(call cfg-depends-all,CFG_MEMTAG,CFG_ARM64_core)) 922ifeq (y-y,$(CFG_CORE_SANITIZE_KADDRESS)-$(CFG_MEMTAG)) 923$(error CFG_CORE_SANITIZE_KADDRESS and CFG_MEMTAG are not compatible) 924endif 925ifeq (y-y,$(CFG_WITH_PAGER)-$(CFG_MEMTAG)) 926$(error CFG_WITH_PAGER and CFG_MEMTAG are not compatible) 927endif 928 929# CFG_CORE_ASYNC_NOTIF is defined by the platform to enable enables support 930# for sending asynchronous notifications to normal world. Note that an 931# interrupt ID must be configurged by the platform too. Currently is only 932# CFG_CORE_ASYNC_NOTIF_GIC_INTID defined. 933CFG_CORE_ASYNC_NOTIF ?= n 934 935$(eval $(call cfg-enable-all-depends,CFG_MEMPOOL_REPORT_LAST_OFFSET, \ 936 CFG_WITH_STATS)) 937 938# Pointer Authentication (part of ARMv8.3 Extensions) provides instructions 939# for signing and authenticating pointers against secret keys. These can 940# be used to mitigate ROP (Return oriented programming) attacks. This is 941# currently done by instructing the compiler to add paciasp/autiasp at the 942# begging and end of functions to sign and verify ELR. 943# 944# The CFG_CORE_PAUTH enables these instructions for the core parts 945# executing at EL1, with one secret key per thread and one secret key per 946# physical CPU. 947# 948# The CFG_TA_PAUTH option enables these instructions for TA's at EL0. When 949# this option is enabled, TEE core will initialize secret keys per TA. 950CFG_CORE_PAUTH ?= n 951CFG_TA_PAUTH ?= $(CFG_CORE_PAUTH) 952 953$(eval $(call cfg-depends-all,CFG_CORE_PAUTH,CFG_ARM64_core)) 954$(eval $(call cfg-depends-all,CFG_TA_PAUTH,CFG_ARM64_core)) 955 956ifeq (y-y,$(CFG_VIRTUALIZATION)-$(CFG_CORE_PAUTH)) 957$(error CFG_VIRTUALIZATION and CFG_CORE_PAUTH are currently incompatible) 958endif 959ifeq (y-y,$(CFG_VIRTUALIZATION)-$(CFG_TA_PAUTH)) 960$(error CFG_VIRTUALIZATION and CFG_TA_PAUTH are currently incompatible) 961endif 962 963ifeq (y-y,$(CFG_TA_GPROF_SUPPORT)-$(CFG_TA_PAUTH)) 964$(error CFG_TA_GPROF_SUPPORT and CFG_TA_PAUTH are currently incompatible) 965endif 966 967ifeq (y-y,$(CFG_FTRACE_SUPPORT)-$(CFG_TA_PAUTH)) 968$(error CFG_FTRACE_SUPPORT and CFG_TA_PAUTH are currently incompatible) 969endif 970 971# Enable support for generic watchdog registration 972# This watchdog will then be usable by non-secure world through SMC calls. 973CFG_WDT ?= n 974 975# Enable watchdog SMC handling compatible with arm-smc-wdt Linux driver 976# When enabled, CFG_WDT_SM_HANDLER_ID must be defined with a SMC ID 977CFG_WDT_SM_HANDLER ?= n 978 979$(eval $(call cfg-enable-all-depends,CFG_WDT_SM_HANDLER,CFG_WDT)) 980ifeq (y-,$(CFG_WDT_SM_HANDLER)-$(CFG_WDT_SM_HANDLER_ID)) 981$(error CFG_WDT_SM_HANDLER_ID must be defined when enabling CFG_WDT_SM_HANDLER) 982endif 983 984# Allow using the udelay/mdelay function for platforms without ARM generic timer 985# extension. When set to 'n', the plat_get_freq() function must be defined by 986# the platform code 987CFG_CORE_HAS_GENERIC_TIMER ?= y 988 989# Enable RTC API 990CFG_DRIVERS_RTC ?= n 991 992# Enable PTA for RTC access from non-secure world 993CFG_RTC_PTA ?= n 994 995# Enable TPM2 996CFG_DRIVERS_TPM2 ?= n 997CFG_DRIVERS_TPM2_MMIO ?= n 998ifeq ($(CFG_CORE_TPM_EVENT_LOG),y) 999CFG_CORE_TCG_PROVIDER ?= $(CFG_DRIVERS_TPM2) 1000endif 1001 1002# Enable the FF-A SPMC tests in xtests 1003CFG_SPMC_TESTS ?= n 1004 1005# Allocate the translation tables needed to map the S-EL0 application 1006# loaded 1007CFG_CORE_PREALLOC_EL0_TBLS ?= n 1008ifeq (y-y,$(CFG_CORE_PREALLOC_EL0_TBLS)-$(CFG_WITH_PAGER)) 1009$(error "CFG_WITH_PAGER can't support CFG_CORE_PREALLOC_EL0_TBLS") 1010endif 1011 1012# User TA runtime context dump. 1013# When this option is enabled, OP-TEE provides a debug method for 1014# developer to dump user TA's runtime context, including TA's heap stats. 1015# Developer can open a stats PTA session and then invoke command 1016# STATS_CMD_TA_STATS to get the context of loaded TAs. 1017CFG_TA_STATS ?= n 1018 1019# Enables best effort mitigations against fault injected when the hardware 1020# is tampered with. Details in lib/libutils/ext/include/fault_mitigation.h 1021CFG_FAULT_MITIGATION ?= y 1022 1023# Enable TEE Internal Core API v1.1 compatibility for in-tree TAs 1024CFG_TA_OPTEE_CORE_API_COMPAT_1_1 ?= y 1025