| # |
| # Copyright (c) 2020, Arm Limited. All rights reserved. |
| # |
| # SPDX-License-Identifier: BSD-3-Clause |
| # |
| |
| # Default, static values for build variables, listed in alphabetic order. |
| # Dependencies between build options, if any, are handled in the top-level |
| # Makefile, after this file is included. This ensures that the former is better |
| # poised to handle dependencies, as all build variables would have a default |
| # value by then. |
| |
| # Flag to enable Branch Target Identification in the TFTF. |
| # Internal flag not meant for direct setting. |
| # Use BRANCH_PROTECTION to enable BTI. |
| ENABLE_BTI := 0 |
| |
| # Enable Pointer Authentication support in the TFTF. |
| # Internal flag not meant for direct setting. |
| # Use BRANCH_PROTECTION to enable PAUTH. |
| ENABLE_PAUTH := 0 |
| |
| # Process BRANCH_PROTECTION value and set |
| # Pointer Authentication and Branch Target Identification flags |
| ifeq (${BRANCH_PROTECTION},0) |
| # Default value turns off all types of branch protection |
| BP_OPTION := none |
| else ifneq (${ARCH},aarch64) |
| $(error BRANCH_PROTECTION requires AArch64) |
| else ifeq (${BRANCH_PROTECTION},1) |
| # Enables all types of branch protection features |
| BP_OPTION := standard |
| ENABLE_BTI := 1 |
| ENABLE_PAUTH := 1 |
| else ifeq (${BRANCH_PROTECTION},2) |
| # Return address signing to its standard level |
| BP_OPTION := pac-ret |
| ENABLE_PAUTH := 1 |
| else ifeq (${BRANCH_PROTECTION},3) |
| # Extend the signing to include leaf functions |
| BP_OPTION := pac-ret+leaf |
| ENABLE_PAUTH := 1 |
| else ifeq (${BRANCH_PROTECTION},4) |
| # Turn on branch target identification mechanism |
| BP_OPTION := bti |
| ENABLE_BTI := 1 |
| else |
| $(error Unknown BRANCH_PROTECTION value ${BRANCH_PROTECTION}) |
| endif |