diff options
Diffstat (limited to 'docs/user-guide.rst')
| -rw-r--r-- | docs/user-guide.rst | 23 |
1 files changed, 19 insertions, 4 deletions
diff --git a/docs/user-guide.rst b/docs/user-guide.rst index d175ebd11..95fa22e08 100644 --- a/docs/user-guide.rst +++ b/docs/user-guide.rst @@ -345,9 +345,9 @@ Common build options the ``ENABLE_PMF`` build option as well. Default is 0. - ``ENABLE_SPE_FOR_LOWER_ELS`` : Boolean option to enable Statistical Profiling - extensions. This is an optional architectural feature available only for - AArch64 8.2 onwards. This option defaults to 1 but is automatically - disabled when the target architecture is AArch32 or AArch64 8.0/8.1. + extensions. This is an optional architectural feature for AArch64. + The default is 1 but is automatically disabled when the target architecture + is AArch32. - ``ENABLE_STACK_PROTECTOR``: String option to enable the stack protection checks in GCC. Allowed values are "all", "strong" and "0" (default). @@ -362,6 +362,11 @@ Common build options Firmware as error. It can take the value 1 (flag the use of deprecated APIs as error) or 0. The default is 0. +- ``EL3_EXCEPTION_HANDLING``: When set to ``1``, enable handling of exceptions + targeted at EL3. When set ``0`` (default), no exceptions are expected or + handled at EL3, and a panic will result. This is supported only for AArch64 + builds. + - ``FIP_NAME``: This is an optional build option which specifies the FIP filename for the ``fip`` target. Default is ``fip.bin``. @@ -421,11 +426,15 @@ Common build options - ``KEY_ALG``: This build flag enables the user to select the algorithm to be used for generating the PKCS keys and subsequent signing of the certificate. - It accepts 3 values viz ``rsa``, ``rsa_1_5``, ``ecdsa``. The ``rsa_1_5`` is + It accepts 3 values viz. ``rsa``, ``rsa_1_5``, ``ecdsa``. The ``rsa_1_5`` is the legacy PKCS#1 RSA 1.5 algorithm which is not TBBR compliant and is retained only for compatibility. The default value of this flag is ``rsa`` which is the TBBR compliant PKCS#1 RSA 2.1 scheme. +- ``HASH_ALG``: This build flag enables the user to select the secure hash + algorithm. It accepts 3 values viz. ``sha256``, ``sha384``, ``sha512``. + The default value of this flag is ``sha256``. + - ``LDFLAGS``: Extra user options appended to the linkers' command line in addition to the one set by the build system. @@ -530,6 +539,12 @@ Common build options optional. It is only needed if the platform makefile specifies that it is required in order to build the ``fwu_fip`` target. +- ``SDEI_SUPPORT``: Setting this to ``1`` enables support for Software + Delegated Exception Interface to BL31 image. This defaults to ``0``. + + When set to ``1``, the build option ``EL3_EXCEPTION_HANDLING`` must also be + set to ``1``. + - ``SEPARATE_CODE_AND_RODATA``: Whether code and read-only data should be isolated on separate memory pages. This is a trade-off between security and memory usage. See "Isolating code and read-only data on separate memory |