diff options
Diffstat (limited to 'docs/getting_started/user-guide.rst')
-rw-r--r-- | docs/getting_started/user-guide.rst | 31 |
1 files changed, 30 insertions, 1 deletions
diff --git a/docs/getting_started/user-guide.rst b/docs/getting_started/user-guide.rst index b447f14938..3828d0b4e7 100644 --- a/docs/getting_started/user-guide.rst +++ b/docs/getting_started/user-guide.rst @@ -287,6 +287,12 @@ Common build options enable this use-case. For now, this option is only supported when BL2_AT_EL3 is set to '1'. +- ``BL2_INV_DCACHE``: This is an optional build option which control dcache + invalidation upon BL2 entry. Some platform cannot handle cache operations + during entry as the coherency unit is not yet initialized. This may cause + crashing. Leaving this option to '1' (default) will allow the operation. + This option is only relevant when BL2_AT_EL3 is set to '1'. + - ``BL31``: This is an optional build option which specifies the path to BL31 image for the ``fip`` target. In this case, the BL31 in TF-A will not be built. @@ -383,6 +389,13 @@ Common build options registers to be included when saving and restoring the CPU context. Default is 0. +- ``CTX_INCLUDE_MTE_REGS``: Enables register saving/reloading support for + ARMv8.5 Memory Tagging Extension. A value of 0 will disable + saving/reloading and restrict the use of MTE to the normal world if the + CPU has support, while a value of 1 enables the saving/reloading, allowing + the use of MTE in both the secure and non-secure worlds. Default is 0 + (disabled) and this feature is experimental. + - ``CTX_INCLUDE_PAUTH_REGS``: Boolean option that, when set to 1, enables Pointer Authentication for Secure world. This will cause the ARMv8.3-PAuth registers to be included when saving and restoring the CPU context as @@ -684,6 +697,21 @@ Common build options file that contains the ROT private key in PEM format. If ``SAVE_KEYS=1``, this file name will be used to save the key. +- ``SANITIZE_UB``: This option enables the Undefined Behaviour sanitizer. It + can take 3 values: 'off' (default), 'on' and 'trap'. When using 'trap', + gcc and clang will insert calls to ``__builtin_trap`` on detected + undefined behaviour, which defaults to a ``brk`` instruction. When using + 'on', undefined behaviour is translated to a call to special handlers which + prints the exact location of the problem and its cause and then panics. + + .. note:: + Because of the space penalty of the Undefined Behaviour sanitizer, + this option will increase the size of the binary. Depending on the + memory constraints of the target platform, it may not be possible to + enable the sanitizer for all images (BL1 and BL2 are especially + likely to be memory constrained). We recommend that the + sanitizer is enabled only in debug builds. + - ``SAVE_KEYS``: This option is used when ``GENERATE_COT=1``. It tells the certificate generation tool to save the keys used to establish the Chain of Trust. Allowed options are '0' or '1'. Default is '0' (do not save). @@ -798,6 +826,7 @@ Common build options cluster platforms). If this option is enabled, then warm boot path enables D-caches immediately after enabling MMU. This option defaults to 0. + Arm development platform specific build options ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -1154,7 +1183,7 @@ images with support for these features: is important to use a version that is compatible with TF-A and fixes any known security vulnerabilities. See `mbed TLS Security Center`_ for more information. The latest version of TF-A is tested with tag - ``mbedtls-2.16.0``. + ``mbedtls-2.16.2``. The ``drivers/auth/mbedtls/mbedtls_*.mk`` files contain the list of mbed TLS source files the modules depend upon. |