aboutsummaryrefslogtreecommitdiff
path: root/docs/getting_started/user-guide.rst
diff options
context:
space:
mode:
Diffstat (limited to 'docs/getting_started/user-guide.rst')
-rw-r--r--docs/getting_started/user-guide.rst31
1 files changed, 30 insertions, 1 deletions
diff --git a/docs/getting_started/user-guide.rst b/docs/getting_started/user-guide.rst
index b447f14938..3828d0b4e7 100644
--- a/docs/getting_started/user-guide.rst
+++ b/docs/getting_started/user-guide.rst
@@ -287,6 +287,12 @@ Common build options
enable this use-case. For now, this option is only supported when BL2_AT_EL3
is set to '1'.
+- ``BL2_INV_DCACHE``: This is an optional build option which control dcache
+ invalidation upon BL2 entry. Some platform cannot handle cache operations
+ during entry as the coherency unit is not yet initialized. This may cause
+ crashing. Leaving this option to '1' (default) will allow the operation.
+ This option is only relevant when BL2_AT_EL3 is set to '1'.
+
- ``BL31``: This is an optional build option which specifies the path to
BL31 image for the ``fip`` target. In this case, the BL31 in TF-A will not
be built.
@@ -383,6 +389,13 @@ Common build options
registers to be included when saving and restoring the CPU context. Default
is 0.
+- ``CTX_INCLUDE_MTE_REGS``: Enables register saving/reloading support for
+ ARMv8.5 Memory Tagging Extension. A value of 0 will disable
+ saving/reloading and restrict the use of MTE to the normal world if the
+ CPU has support, while a value of 1 enables the saving/reloading, allowing
+ the use of MTE in both the secure and non-secure worlds. Default is 0
+ (disabled) and this feature is experimental.
+
- ``CTX_INCLUDE_PAUTH_REGS``: Boolean option that, when set to 1, enables
Pointer Authentication for Secure world. This will cause the ARMv8.3-PAuth
registers to be included when saving and restoring the CPU context as
@@ -684,6 +697,21 @@ Common build options
file that contains the ROT private key in PEM format. If ``SAVE_KEYS=1``, this
file name will be used to save the key.
+- ``SANITIZE_UB``: This option enables the Undefined Behaviour sanitizer. It
+ can take 3 values: 'off' (default), 'on' and 'trap'. When using 'trap',
+ gcc and clang will insert calls to ``__builtin_trap`` on detected
+ undefined behaviour, which defaults to a ``brk`` instruction. When using
+ 'on', undefined behaviour is translated to a call to special handlers which
+ prints the exact location of the problem and its cause and then panics.
+
+ .. note::
+ Because of the space penalty of the Undefined Behaviour sanitizer,
+ this option will increase the size of the binary. Depending on the
+ memory constraints of the target platform, it may not be possible to
+ enable the sanitizer for all images (BL1 and BL2 are especially
+ likely to be memory constrained). We recommend that the
+ sanitizer is enabled only in debug builds.
+
- ``SAVE_KEYS``: This option is used when ``GENERATE_COT=1``. It tells the
certificate generation tool to save the keys used to establish the Chain of
Trust. Allowed options are '0' or '1'. Default is '0' (do not save).
@@ -798,6 +826,7 @@ Common build options
cluster platforms). If this option is enabled, then warm boot path
enables D-caches immediately after enabling MMU. This option defaults to 0.
+
Arm development platform specific build options
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -1154,7 +1183,7 @@ images with support for these features:
is important to use a version that is compatible with TF-A and fixes any
known security vulnerabilities. See `mbed TLS Security Center`_ for more
information. The latest version of TF-A is tested with tag
- ``mbedtls-2.16.0``.
+ ``mbedtls-2.16.2``.
The ``drivers/auth/mbedtls/mbedtls_*.mk`` files contain the list of mbed TLS
source files the modules depend upon.