1# 2# Copyright (c) 2025, Arm Limited. All rights reserved. 3# 4# SPDX-License-Identifier: BSD-3-Clause 5# 6 7ifneq ($(AARCH32_INSTRUCTION_SET),$(filter $(AARCH32_INSTRUCTION_SET),A32 T32)) 8 $(error Error: Unknown AArch32 instruction set ${AARCH32_INSTRUCTION_SET}) 9endif 10 11# Make sure RME configuration is valid 12ifeq (${ENABLE_RME},1) 13 ifneq (${SEPARATE_CODE_AND_RODATA},1) 14 $(error ENABLE_RME requires SEPARATE_CODE_AND_RODATA) 15 endif 16 17 ifneq (${ARCH},aarch64) 18 $(error ENABLE_RME requires AArch64) 19 endif 20 21 ifeq ($(SPMC_AT_EL3),1) 22 $(error SPMC_AT_EL3 and ENABLE_RME cannot both be enabled.) 23 endif 24 25 ifneq (${SPD}, none) 26 ifneq (${SPD}, spmd) 27 $(error ENABLE_RME is incompatible with SPD=${SPD}. Use SPD=spmd) 28 endif 29 endif 30else 31 ifeq (${ENABLE_FEAT_RME_GDI},1) 32 $(error ENABLE_FEAT_RME_GDI requires ENABLE_RME) 33 endif 34endif 35 36ifeq (${CTX_INCLUDE_EL2_REGS}, 1) 37 ifeq (${SPD},none) 38 ifeq (${ENABLE_RME},0) 39 $(error CTX_INCLUDE_EL2_REGS is available only when SPD \ 40 or RME is enabled) 41 endif 42 endif 43endif 44 45################################################################################ 46# Verify FEAT_RME, FEAT_SCTLR2 and FEAT_TCR2 are enabled if FEAT_MEC is enabled. 47################################################################################ 48 49ifneq (${ENABLE_FEAT_MEC},0) 50 ifeq (${ENABLE_RME},0) 51 $(error FEAT_RME must be enabled when FEAT_MEC is enabled.) 52 endif 53 ifeq (${ENABLE_FEAT_TCR2},0) 54 $(error FEAT_TCR2 must be enabled when FEAT_MEC is enabled.) 55 endif 56 ifeq (${ENABLE_FEAT_SCTLR2},0) 57 $(error FEAT_SCTLR2 must be enabled when FEAT_MEC is enabled.) 58 endif 59endif 60 61# Handle all invalid build configurations with SPMD usage. 62ifeq (${ENABLE_SPMD_LP}, 1) 63ifneq (${SPD},spmd) 64 $(error Error: ENABLE_SPMD_LP requires SPD=spmd.) 65endif 66ifeq ($(SPMC_AT_EL3),1) 67 $(error SPMC at EL3 not supported when enabling SPMD Logical partitions.) 68endif 69endif 70 71ifneq (${SPD},none) 72ifeq (${ARCH},aarch32) 73 $(error "Error: SPD is incompatible with AArch32.") 74endif 75ifdef EL3_PAYLOAD_BASE 76 $(warning "SPD and EL3_PAYLOAD_BASE are incompatible build options.") 77 $(warning "The SPD and its BL32 companion will be present but ignored.") 78endif 79ifeq (${SPD},spmd) 80ifeq ($(SPMD_SPM_AT_SEL2),1) 81 ifeq ($(SPMC_AT_EL3),1) 82 $(error SPM cannot be enabled in both S-EL2 and EL3.) 83 endif 84 ifeq ($(CTX_INCLUDE_SVE_REGS),1) 85 $(error SVE context management not needed with Hafnium SPMC.) 86 endif 87endif 88 89ifeq ($(SPMC_AT_EL3_SEL0_SP),1) 90 ifneq ($(SPMC_AT_EL3),1) 91 $(error SEL0 SP cannot be enabled without SPMC at EL3) 92 endif 93endif 94endif #(SPD=spmd) 95endif #(SPD!=none) 96 97# USE_DEBUGFS experimental feature recommended only in debug builds 98ifeq (${USE_DEBUGFS},1) 99 ifeq (${DEBUG},1) 100 $(warning DEBUGFS experimental feature is enabled.) 101 else 102 $(warning DEBUGFS experimental, recommended in DEBUG builds ONLY) 103 endif 104endif #(USE_DEBUGFS) 105 106# USE_SPINLOCK_CAS requires AArch64 build 107ifeq (${USE_SPINLOCK_CAS},1) 108 ifneq (${ARCH},aarch64) 109 $(error USE_SPINLOCK_CAS requires AArch64) 110 endif 111endif #(USE_SPINLOCK_CAS) 112 113ifdef EL3_PAYLOAD_BASE 114 ifdef PRELOADED_BL33_BASE 115 $(warning "PRELOADED_BL33_BASE and EL3_PAYLOAD_BASE are \ 116 incompatible build options. EL3_PAYLOAD_BASE has priority.") 117 endif 118 ifneq (${GENERATE_COT},0) 119 $(error "GENERATE_COT and EL3_PAYLOAD_BASE are incompatible \ 120 build options.") 121 endif 122 ifneq (${TRUSTED_BOARD_BOOT},0) 123 $(error "TRUSTED_BOARD_BOOT and EL3_PAYLOAD_BASE are \ 124 incompatible \ build options.") 125 endif 126endif #(EL3_PAYLOAD_BASE) 127 128ifeq (${NEED_BL33},yes) 129 ifdef EL3_PAYLOAD_BASE 130 $(warning "BL33 image is not needed when option \ 131 BL33_PAYLOAD_BASE is used and won't be added to the FIP file.") 132 endif 133 ifdef PRELOADED_BL33_BASE 134 $(warning "BL33 image is not needed when option \ 135 PRELOADED_BL33_BASE is used and won't be added to the FIP file.") 136 endif 137endif #(NEED_BL33) 138 139# When building for systems with hardware-assisted coherency, there's no need to 140# use USE_COHERENT_MEM. Require that USE_COHERENT_MEM must be set to 0 too. 141ifeq ($(HW_ASSISTED_COHERENCY)-$(USE_COHERENT_MEM),1-1) 142 $(error USE_COHERENT_MEM cannot be enabled with HW_ASSISTED_COHERENCY) 143endif 144 145#For now, BL2_IN_XIP_MEM is only supported when RESET_TO_BL2 is 1. 146ifeq ($(RESET_TO_BL2)-$(BL2_IN_XIP_MEM),0-1) 147 $(error "BL2_IN_XIP_MEM is only supported when RESET_TO_BL2 is enabled") 148endif 149 150# RAS_EXTENSION is deprecated, provide alternate build options 151ifeq ($(RAS_EXTENSION),1) 152 $(error "RAS_EXTENSION is now deprecated, please use ENABLE_FEAT_RAS \ 153 and HANDLE_EA_EL3_FIRST_NS instead") 154endif 155 156 157# When FAULT_INJECTION_SUPPORT is used, require that FEAT_RAS is enabled 158ifeq ($(FAULT_INJECTION_SUPPORT),1) 159 ifeq ($(ENABLE_FEAT_RAS),0) 160 $(error For FAULT_INJECTION_SUPPORT, ENABLE_FEAT_RAS must not be 0) 161 endif 162endif #(FAULT_INJECTION_SUPPORT) 163 164# DYN_DISABLE_AUTH can be set only when TRUSTED_BOARD_BOOT=1 165ifeq ($(DYN_DISABLE_AUTH), 1) 166 ifeq (${TRUSTED_BOARD_BOOT}, 0) 167 $(error "TRUSTED_BOARD_BOOT must be enabled for DYN_DISABLE_AUTH \ 168 to be set.") 169 endif 170endif #(DYN_DISABLE_AUTH) 171 172# SDEI_IN_FCONF is only supported when SDEI_SUPPORT is enabled. 173ifeq ($(SDEI_SUPPORT)-$(SDEI_IN_FCONF),0-1) 174 $(error "SDEI_IN_FCONF is only supported when SDEI_SUPPORT is enabled") 175endif 176 177# If pointer authentication is used in the firmware, make sure that all the 178# registers associated to it are also saved and restored. 179# Not doing it would leak the value of the keys used by EL3 to EL1 and S-EL1. 180ifneq ($(ENABLE_PAUTH),0) 181 ifeq ($(CTX_INCLUDE_PAUTH_REGS),0) 182 $(error Pointer Authentication requires CTX_INCLUDE_PAUTH_REGS to be enabled) 183 endif 184endif #(ENABLE_PAUTH) 185 186ifneq ($(CTX_INCLUDE_PAUTH_REGS),0) 187 ifneq (${ARCH},aarch64) 188 $(error CTX_INCLUDE_PAUTH_REGS requires AArch64) 189 endif 190endif #(CTX_INCLUDE_PAUTH_REGS) 191 192# Check ENABLE_FEAT_PAUTH_LR 193ifneq (${ENABLE_FEAT_PAUTH_LR},0) 194 195# Make sure PAUTH is enabled 196ifeq (${ENABLE_PAUTH},0) 197 $(error Error: PAUTH_LR cannot be used without PAUTH (see BRANCH_PROTECTION)) 198endif 199 200# Make sure SCTLR2 is enabled 201ifeq (${ENABLE_FEAT_SCTLR2},0) 202 $(error Error: PAUTH_LR cannot be used without ENABLE_FEAT_SCTLR2) 203endif 204 205# FEAT_PAUTH_LR is only supported in aarch64 state 206ifneq (${ARCH},aarch64) 207 $(error ENABLE_FEAT_PAUTH_LR requires AArch64) 208endif 209 210endif # ${ENABLE_FEAT_PAUTH_LR} 211 212ifeq ($(FEATURE_DETECTION),1) 213 $(info FEATURE_DETECTION is an experimental feature) 214endif #(FEATURE_DETECTION) 215 216ifneq ($(ENABLE_SME2_FOR_NS), 0) 217 ifeq (${ENABLE_SME_FOR_NS}, 0) 218 $(warning "ENABLE_SME2_FOR_NS requires ENABLE_SME_FOR_NS also \ 219 to be set") 220 $(warning "Forced ENABLE_SME_FOR_NS=1") 221 override ENABLE_SME_FOR_NS := 1 222 endif 223endif #(ENABLE_SME2_FOR_NS) 224 225ifeq (${ARM_XLAT_TABLES_LIB_V1}, 1) 226 ifeq (${ALLOW_RO_XLAT_TABLES}, 1) 227 $(error "ALLOW_RO_XLAT_TABLES requires translation tables \ 228 library v2") 229 endif 230endif #(ARM_XLAT_TABLES_LIB_V1) 231 232ifneq (${DECRYPTION_SUPPORT},none) 233 ifeq (${TRUSTED_BOARD_BOOT}, 0) 234 $(error TRUSTED_BOARD_BOOT must be enabled for DECRYPTION_SUPPORT \ 235 to be set) 236 endif 237endif #(DECRYPTION_SUPPORT) 238 239# Ensure that no Aarch64-only features are enabled in Aarch32 build 240ifeq (${ARCH},aarch32) 241 ifneq (${ENABLE_LTO},0) 242 $(error "ENABLE_LTO is not supported with ARCH=aarch32") 243 endif 244 ifneq (${EL3_EXCEPTION_HANDLING},0) 245 $(error "EL3_EXCEPTION_HANDLING is not supported outside BL31") 246 endif 247 248 ifeq (${CRASH_REPORTING},1) 249 $(error "CRASH_REPORTING is not supported with ARCH=aarch32") 250 endif 251 252 # SME/SVE only supported on AArch64 253 ifneq (${ENABLE_SME_FOR_NS},0) 254 $(error "ENABLE_SME_FOR_NS cannot be used with ARCH=aarch32") 255 endif 256 257 ifeq (${ENABLE_SVE_FOR_NS},1) 258 # Warning instead of error due to CI dependency on this 259 $(error "ENABLE_SVE_FOR_NS cannot be used with ARCH=aarch32") 260 endif 261 262 # BRBE is not supported in AArch32 263 ifeq (${ENABLE_BRBE_FOR_NS},1) 264 $(error "ENABLE_BRBE_FOR_NS cannot be used with ARCH=aarch32") 265 endif 266 267 # FEAT_RNG_TRAP is not supported in AArch32 268 ifneq (${ENABLE_FEAT_RNG_TRAP},0) 269 $(error "ENABLE_FEAT_RNG_TRAP cannot be used with ARCH=aarch32") 270 endif 271 272 ifneq (${ENABLE_FEAT_FPMR},0) 273 $(error "ENABLE_FEAT_FPMR cannot be used with ARCH=aarch32") 274 endif 275 276 ifeq (${ARCH_FEATURE_AVAILABILITY},1) 277 $(error "ARCH_FEATURE_AVAILABILITY cannot be used with ARCH=aarch32") 278 endif 279 # FEAT_MOPS is only supported on AArch64 280 ifneq (${ENABLE_FEAT_MOPS},0) 281 $(error "ENABLE_FEAT_MOPS cannot be used with ARCH=aarch32") 282 endif 283 ifneq (${ENABLE_FEAT_GCIE},0) 284 $(error "ENABLE_FEAT_GCIE cannot be used with ARCH=aarch32") 285 endif 286 ifneq (${ENABLE_FEAT_CPA2},0) 287 $(error "ENABLE_FEAT_CPA2 cannot be used with ARCH=aarch32") 288 endif 289 ifneq (${PLATFORM_NODE_COUNT},1) 290 $(error "NUMA AWARE PER CPU is not supported with ARCH=aarch32") 291 endif 292endif #(ARCH=aarch32) 293 294ifneq (${ENABLE_FEAT_FPMR},0) 295 ifeq (${ENABLE_FEAT_FGT},0) 296 $(error "ENABLE_FEAT_FPMR requires ENABLE_FEAT_FGT") 297 endif 298 ifeq (${ENABLE_FEAT_HCX},0) 299 $(error "ENABLE_FEAT_FPMR requires ENABLE_FEAT_HCX") 300 endif 301endif #(ENABLE_FEAT_FPMR) 302 303ifneq (${ENABLE_FEAT_CPA2},0) 304 ifeq (${ENABLE_FEAT_SCTLR2},0) 305 $(error "Error: ENABLE_FEAT_CPA2 cannot be used without ENABLE_FEAT_SCTLR2") 306 endif 307endif #${ENABLE_FEAT_CPA2} 308 309ifneq (${ENABLE_SME_FOR_NS},0) 310 ifeq (${ENABLE_SVE_FOR_NS},0) 311 $(error "ENABLE_SME_FOR_NS requires ENABLE_SVE_FOR_NS") 312 endif 313endif #(ENABLE_SME_FOR_NS) 314 315# Secure SME/SVE requires the non-secure component as well 316ifeq (${ENABLE_SME_FOR_SWD},1) 317 ifeq (${ENABLE_SME_FOR_NS},0) 318 $(error "ENABLE_SME_FOR_SWD requires ENABLE_SME_FOR_NS") 319 endif 320 ifeq (${ENABLE_SVE_FOR_SWD},0) 321 $(error "ENABLE_SME_FOR_SWD requires ENABLE_SVE_FOR_SWD") 322 endif 323endif #(ENABLE_SME_FOR_SWD) 324 325# Enabling SVE for SWD requires enabling SVE for NWD due to ENABLE_FEAT 326# mechanism. 327ifeq (${ENABLE_SVE_FOR_SWD},1) 328 ifeq (${ENABLE_SVE_FOR_NS},0) 329 $(error "ENABLE_SVE_FOR_SWD requires ENABLE_SVE_FOR_NS") 330 endif 331endif 332 333# Enabling FEAT_MOPS requires access to hcrx_el2 registers which is 334# available only when FEAT_HCX is enabled. 335ifneq (${ENABLE_FEAT_MOPS},0) 336 ifeq (${ENABLE_FEAT_HCX},0) 337 $(error "ENABLE_FEAT_MOPS requires ENABLE_FEAT_HCX") 338 endif 339endif 340 341# Enabling SVE for both the worlds typically requires the context 342# management of SVE registers. The only exception being SPMC at S-EL2. 343ifeq (${ENABLE_SVE_FOR_SWD}, 1) 344 ifneq (${ENABLE_SVE_FOR_NS}, 0) 345 ifeq (${CTX_INCLUDE_SVE_REGS}-$(SPMD_SPM_AT_SEL2),0-0) 346 $(warning "ENABLE_SVE_FOR_SWD and ENABLE_SVE_FOR_NS together require CTX_INCLUDE_SVE_REGS") 347 endif 348 endif 349endif 350 351# Enabling SVE in either world while enabling CTX_INCLUDE_FPREGS requires 352# CTX_INCLUDE_SVE_REGS to be enabled due to architectural dependency between FP 353# and SVE registers. 354ifeq (${CTX_INCLUDE_FPREGS}, 1) 355 ifneq (${ENABLE_SVE_FOR_NS},0) 356 ifeq (${CTX_INCLUDE_SVE_REGS},0) 357 # Warning instead of error due to CI dependency on this 358 $(warning "CTX_INCLUDE_FPREGS and ENABLE_SVE_FOR_NS together require CTX_INCLUDE_SVE_REGS") 359 $(warning "Forced ENABLE_SVE_FOR_NS=0") 360 override ENABLE_SVE_FOR_NS := 0 361 endif 362 endif 363endif #(CTX_INCLUDE_FPREGS) 364 365# SVE context management is only required if secure world has access to SVE/FP 366# functionality. 367# Enabling CTX_INCLUDE_SVE_REGS requires CTX_INCLUDE_FPREGS to be enabled due 368# to architectural dependency between FP and SVE registers. 369ifeq (${CTX_INCLUDE_SVE_REGS},1) 370 ifeq (${ENABLE_SVE_FOR_SWD},0) 371 $(error "CTX_INCLUDE_SVE_REGS requires ENABLE_SVE_FOR_SWD to also be enabled") 372 endif 373 ifeq (${CTX_INCLUDE_FPREGS},0) 374 $(error "CTX_INCLUDE_SVE_REGS requires CTX_INCLUDE_FPREGS to also be enabled") 375 endif #(CTX_INCLUDE_FPREGS) 376endif #(CTX_INCLUDE_SVE_REGS) 377 378# SME cannot be used with CTX_INCLUDE_FPREGS since SPM does its own context 379# management including FPU registers. 380ifeq (${CTX_INCLUDE_FPREGS},1) 381 ifneq (${ENABLE_SME_FOR_NS},0) 382 $(error "ENABLE_SME_FOR_NS cannot be used with CTX_INCLUDE_FPREGS") 383 endif 384endif #(CTX_INCLUDE_FPREGS) 385 386ifeq ($(DRTM_SUPPORT),1) 387 $(info DRTM_SUPPORT is an experimental feature) 388endif 389 390ifeq (${HOB_LIST},1) 391 $(warning HOB_LIST is an experimental feature) 392endif 393 394ifeq (${TRANSFER_LIST},1) 395 $(info TRANSFER_LIST is an experimental feature) 396endif 397 398ifeq ($(PSA_CRYPTO),1) 399 $(info PSA_CRYPTO is an experimental feature) 400endif 401 402ifeq ($(DICE_PROTECTION_ENVIRONMENT),1) 403 $(info DICE_PROTECTION_ENVIRONMENT is an experimental feature) 404endif 405 406ifeq (${LFA_SUPPORT},1) 407 $(warning LFA_SUPPORT is an experimental feature) 408endif #(LFA_SUPPORT) 409 410ifneq (${ENABLE_FEAT_MPAM_PE_BW_CTRL},0) 411 ifeq (${ENABLE_FEAT_MPAM},0) 412 $(error "ENABLE_FEAT_MPAM_PW_BW_CTRL requires ENABLE_FEAT_MPAM") 413 endif 414endif #(ENABLE_FEAT_MPAM_PE_BW_CTRL) 415 416ifneq (${DYNAMIC_WORKAROUND_CVE_2018_3639},0) 417 ifeq (${WORKAROUND_CVE_2018_3639},0) 418 $(error Error: WORKAROUND_CVE_2018_3639 must be 1 if DYNAMIC_WORKAROUND_CVE_2018_3639 is 1) 419 endif 420endif 421 422# Handle all deprecated build options. 423ifeq (${ERROR_DEPRECATED}, 1) 424 ifneq (${NS_TIMER_SWITCH},0) 425 $(error "NS_TIMER_SWITCH breaks Linux preemption model, hence deprecated") 426 endif 427 ifneq (${SPM_MM},0) 428 $(error "SPM_MM build option is deprecated") 429 endif 430endif 431 432ifneq (${ENABLE_FEAT_IDTE3},0) 433 $(info FEAT_IDTE3 is an experimental feature) 434endif #(ENABLE_FEAT_IDTE3) 435