xref: /rk3399_ARM-atf/docs/getting_started/build-options.rst (revision 3f3c341ae58321ec1b86162916d80b6db9187759) 
1Build Options
2=============
3
4The TF-A build system supports the following build options. Unless mentioned
5otherwise, these options are expected to be specified at the build command
6line and are not to be modified in any component makefiles. Note that the
7build system doesn't track dependency for build options. Therefore, if any of
8the build options are changed from a previous build, a clean build must be
9performed.
10
11.. _build_options_common:
12
13Common build options
14--------------------
15
16-  ``AARCH32_INSTRUCTION_SET``: Choose the AArch32 instruction set that the
17   compiler should use. Valid values are T32 and A32. It defaults to T32 due to
18   code having a smaller resulting size.
19
20-  ``AARCH32_SP`` : Choose the AArch32 Secure Payload component to be built as
21   as the BL32 image when ``ARCH=aarch32``. The value should be the path to the
22   directory containing the SP source, relative to the ``bl32/``; the directory
23   is expected to contain a makefile called ``<aarch32_sp-value>.mk``.
24
25-  ``ARCH`` : Choose the target build architecture for TF-A. It can take either
26   ``aarch64`` or ``aarch32`` as values. By default, it is defined to
27   ``aarch64``.
28
29-  ``ARM_ARCH_MAJOR``: The major version of Arm Architecture to target when
30   compiling TF-A. Its value must be numeric, and defaults to 8 . See also,
31   *Armv8 Architecture Extensions* and *Armv7 Architecture Extensions* in
32   :ref:`Firmware Design`.
33
34-  ``ARM_ARCH_MINOR``: The minor version of Arm Architecture to target when
35   compiling TF-A. Its value must be a numeric, and defaults to 0. See also,
36   *Armv8 Architecture Extensions* in :ref:`Firmware Design`.
37
38-  ``BL2``: This is an optional build option which specifies the path to BL2
39   image for the ``fip`` target. In this case, the BL2 in the TF-A will not be
40   built.
41
42-  ``BL2U``: This is an optional build option which specifies the path to
43   BL2U image. In this case, the BL2U in TF-A will not be built.
44
45-  ``BL2_AT_EL3``: This is an optional build option that enables the use of
46   BL2 at EL3 execution level.
47
48-  ``BL2_IN_XIP_MEM``: In some use-cases BL2 will be stored in eXecute In Place
49   (XIP) memory, like BL1. In these use-cases, it is necessary to initialize
50   the RW sections in RAM, while leaving the RO sections in place. This option
51   enable this use-case. For now, this option is only supported when BL2_AT_EL3
52   is set to '1'.
53
54-  ``BL31``: This is an optional build option which specifies the path to
55   BL31 image for the ``fip`` target. In this case, the BL31 in TF-A will not
56   be built.
57
58-  ``BL31_KEY``: This option is used when ``GENERATE_COT=1``. It specifies the
59   file that contains the BL31 private key in PEM format. If ``SAVE_KEYS=1``,
60   this file name will be used to save the key.
61
62-  ``BL32``: This is an optional build option which specifies the path to
63   BL32 image for the ``fip`` target. In this case, the BL32 in TF-A will not
64   be built.
65
66-  ``BL32_EXTRA1``: This is an optional build option which specifies the path to
67   Trusted OS Extra1 image for the  ``fip`` target.
68
69-  ``BL32_EXTRA2``: This is an optional build option which specifies the path to
70   Trusted OS Extra2 image for the ``fip`` target.
71
72-  ``BL32_KEY``: This option is used when ``GENERATE_COT=1``. It specifies the
73   file that contains the BL32 private key in PEM format. If ``SAVE_KEYS=1``,
74   this file name will be used to save the key.
75
76-  ``BL33``: Path to BL33 image in the host file system. This is mandatory for
77   ``fip`` target in case TF-A BL2 is used.
78
79-  ``BL33_KEY``: This option is used when ``GENERATE_COT=1``. It specifies the
80   file that contains the BL33 private key in PEM format. If ``SAVE_KEYS=1``,
81   this file name will be used to save the key.
82
83-  ``BRANCH_PROTECTION``: Numeric value to enable ARMv8.3 Pointer Authentication
84   and ARMv8.5 Branch Target Identification support for TF-A BL images themselves.
85   If enabled, it is needed to use a compiler that supports the option
86   ``-mbranch-protection``. Selects the branch protection features to use:
87-  0: Default value turns off all types of branch protection
88-  1: Enables all types of branch protection features
89-  2: Return address signing to its standard level
90-  3: Extend the signing to include leaf functions
91
92   The table below summarizes ``BRANCH_PROTECTION`` values, GCC compilation options
93   and resulting PAuth/BTI features.
94
95   +-------+--------------+-------+-----+
96   | Value |  GCC option  | PAuth | BTI |
97   +=======+==============+=======+=====+
98   |   0   |     none     |   N   |  N  |
99   +-------+--------------+-------+-----+
100   |   1   |   standard   |   Y   |  Y  |
101   +-------+--------------+-------+-----+
102   |   2   |   pac-ret    |   Y   |  N  |
103   +-------+--------------+-------+-----+
104   |   3   | pac-ret+leaf |   Y   |  N  |
105   +-------+--------------+-------+-----+
106
107   This option defaults to 0 and this is an experimental feature.
108   Note that Pointer Authentication is enabled for Non-secure world
109   irrespective of the value of this option if the CPU supports it.
110
111-  ``BUILD_MESSAGE_TIMESTAMP``: String used to identify the time and date of the
112   compilation of each build. It must be set to a C string (including quotes
113   where applicable). Defaults to a string that contains the time and date of
114   the compilation.
115
116-  ``BUILD_STRING``: Input string for VERSION_STRING, which allows the TF-A
117   build to be uniquely identified. Defaults to the current git commit id.
118
119-  ``CFLAGS``: Extra user options appended on the compiler's command line in
120   addition to the options set by the build system.
121
122-  ``COLD_BOOT_SINGLE_CPU``: This option indicates whether the platform may
123   release several CPUs out of reset. It can take either 0 (several CPUs may be
124   brought up) or 1 (only one CPU will ever be brought up during cold reset).
125   Default is 0. If the platform always brings up a single CPU, there is no
126   need to distinguish between primary and secondary CPUs and the boot path can
127   be optimised. The ``plat_is_my_cpu_primary()`` and
128   ``plat_secondary_cold_boot_setup()`` platform porting interfaces do not need
129   to be implemented in this case.
130
131-  ``CRASH_REPORTING``: A non-zero value enables a console dump of processor
132   register state when an unexpected exception occurs during execution of
133   BL31. This option defaults to the value of ``DEBUG`` - i.e. by default
134   this is only enabled for a debug build of the firmware.
135
136-  ``CREATE_KEYS``: This option is used when ``GENERATE_COT=1``. It tells the
137   certificate generation tool to create new keys in case no valid keys are
138   present or specified. Allowed options are '0' or '1'. Default is '1'.
139
140-  ``CTX_INCLUDE_AARCH32_REGS`` : Boolean option that, when set to 1, will cause
141   the AArch32 system registers to be included when saving and restoring the
142   CPU context. The option must be set to 0 for AArch64-only platforms (that
143   is on hardware that does not implement AArch32, or at least not at EL1 and
144   higher ELs). Default value is 1.
145
146-  ``CTX_INCLUDE_FPREGS``: Boolean option that, when set to 1, will cause the FP
147   registers to be included when saving and restoring the CPU context. Default
148   is 0.
149
150-  ``CTX_INCLUDE_PAUTH_REGS``: Boolean option that, when set to 1, enables
151   Pointer Authentication for Secure world. This will cause the ARMv8.3-PAuth
152   registers to be included when saving and restoring the CPU context as
153   part of world switch. Default value is 0 and this is an experimental feature.
154   Note that Pointer Authentication is enabled for Non-secure world irrespective
155   of the value of this flag if the CPU supports it.
156
157-  ``DEBUG``: Chooses between a debug and release build. It can take either 0
158   (release) or 1 (debug) as values. 0 is the default.
159
160-  ``DISABLE_BIN_GENERATION``: Boolean option to disable the generation
161   of the binary image. If set to 1, then only the ELF image is built.
162   0 is the default.
163
164-  ``DYN_DISABLE_AUTH``: Provides the capability to dynamically disable Trusted
165   Board Boot authentication at runtime. This option is meant to be enabled only
166   for development platforms. ``TRUSTED_BOARD_BOOT`` flag must be set if this
167   flag has to be enabled. 0 is the default.
168
169-  ``E``: Boolean option to make warnings into errors. Default is 1.
170
171-  ``EL3_PAYLOAD_BASE``: This option enables booting an EL3 payload instead of
172   the normal boot flow. It must specify the entry point address of the EL3
173   payload. Please refer to the "Booting an EL3 payload" section for more
174   details.
175
176-  ``ENABLE_AMU``: Boolean option to enable Activity Monitor Unit extensions.
177   This is an optional architectural feature available on v8.4 onwards. Some
178   v8.2 implementations also implement an AMU and this option can be used to
179   enable this feature on those systems as well. Default is 0.
180
181-  ``ENABLE_ASSERTIONS``: This option controls whether or not calls to ``assert()``
182   are compiled out. For debug builds, this option defaults to 1, and calls to
183   ``assert()`` are left in place. For release builds, this option defaults to 0
184   and calls to ``assert()`` function are compiled out. This option can be set
185   independently of ``DEBUG``. It can also be used to hide any auxiliary code
186   that is only required for the assertion and does not fit in the assertion
187   itself.
188
189-  ``ENABLE_BACKTRACE``: This option controls whether to enables backtrace
190   dumps or not. It is supported in both AArch64 and AArch32. However, in
191   AArch32 the format of the frame records are not defined in the AAPCS and they
192   are defined by the implementation. This implementation of backtrace only
193   supports the format used by GCC when T32 interworking is disabled. For this
194   reason enabling this option in AArch32 will force the compiler to only
195   generate A32 code. This option is enabled by default only in AArch64 debug
196   builds, but this behaviour can be overridden in each platform's Makefile or
197   in the build command line.
198
199-  ``ENABLE_LTO``: Boolean option to enable Link Time Optimization (LTO)
200   support in GCC for TF-A. This option is currently only supported for
201   AArch64. Default is 0.
202
203-  ``ENABLE_MPAM_FOR_LOWER_ELS``: Boolean option to enable lower ELs to use MPAM
204   feature. MPAM is an optional Armv8.4 extension that enables various memory
205   system components and resources to define partitions; software running at
206   various ELs can assign themselves to desired partition to control their
207   performance aspects.
208
209   When this option is set to ``1``, EL3 allows lower ELs to access their own
210   MPAM registers without trapping into EL3. This option doesn't make use of
211   partitioning in EL3, however. Platform initialisation code should configure
212   and use partitions in EL3 as required. This option defaults to ``0``.
213
214-  ``ENABLE_PIE``: Boolean option to enable Position Independent Executable(PIE)
215   support within generic code in TF-A. This option is currently only supported
216   in BL31. Default is 0.
217
218-  ``ENABLE_PMF``: Boolean option to enable support for optional Performance
219   Measurement Framework(PMF). Default is 0.
220
221-  ``ENABLE_PSCI_STAT``: Boolean option to enable support for optional PSCI
222   functions ``PSCI_STAT_RESIDENCY`` and ``PSCI_STAT_COUNT``. Default is 0.
223   In the absence of an alternate stat collection backend, ``ENABLE_PMF`` must
224   be enabled. If ``ENABLE_PMF`` is set, the residency statistics are tracked in
225   software.
226
227-  ``ENABLE_RUNTIME_INSTRUMENTATION``: Boolean option to enable runtime
228   instrumentation which injects timestamp collection points into TF-A to
229   allow runtime performance to be measured. Currently, only PSCI is
230   instrumented. Enabling this option enables the ``ENABLE_PMF`` build option
231   as well. Default is 0.
232
233-  ``ENABLE_SPE_FOR_LOWER_ELS`` : Boolean option to enable Statistical Profiling
234   extensions. This is an optional architectural feature for AArch64.
235   The default is 1 but is automatically disabled when the target architecture
236   is AArch32.
237
238-  ``ENABLE_SPM`` : Boolean option to enable the SPCI-based Secure Partition
239   Manager (SPM) implementation.
240   Refer to the :ref:`Secure Partition Manager` guide for more details about
241   this feature. Default is 0.
242
243-  ``ENABLE_SVE_FOR_NS``: Boolean option to enable Scalable Vector Extension
244   (SVE) for the Non-secure world only. SVE is an optional architectural feature
245   for AArch64. Note that when SVE is enabled for the Non-secure world, access
246   to SIMD and floating-point functionality from the Secure world is disabled.
247   This is to avoid corruption of the Non-secure world data in the Z-registers
248   which are aliased by the SIMD and FP registers. The build option is not
249   compatible with the ``CTX_INCLUDE_FPREGS`` build option, and will raise an
250   assert on platforms where SVE is implemented and ``ENABLE_SVE_FOR_NS`` set to
251   1. The default is 1 but is automatically disabled when the target
252   architecture is AArch32.
253
254-  ``ENABLE_STACK_PROTECTOR``: String option to enable the stack protection
255   checks in GCC. Allowed values are "all", "strong", "default" and "none". The
256   default value is set to "none". "strong" is the recommended stack protection
257   level if this feature is desired. "none" disables the stack protection. For
258   all values other than "none", the ``plat_get_stack_protector_canary()``
259   platform hook needs to be implemented. The value is passed as the last
260   component of the option ``-fstack-protector-$ENABLE_STACK_PROTECTOR``.
261
262-  ``ERROR_DEPRECATED``: This option decides whether to treat the usage of
263   deprecated platform APIs, helper functions or drivers within Trusted
264   Firmware as error. It can take the value 1 (flag the use of deprecated
265   APIs as error) or 0. The default is 0.
266
267-  ``EL3_EXCEPTION_HANDLING``: When set to ``1``, enable handling of exceptions
268   targeted at EL3. When set ``0`` (default), no exceptions are expected or
269   handled at EL3, and a panic will result. This is supported only for AArch64
270   builds.
271
272-  ``FAULT_INJECTION_SUPPORT``: ARMv8.4 extensions introduced support for fault
273   injection from lower ELs, and this build option enables lower ELs to use
274   Error Records accessed via System Registers to inject faults. This is
275   applicable only to AArch64 builds.
276
277   This feature is intended for testing purposes only, and is advisable to keep
278   disabled for production images.
279
280-  ``FIP_NAME``: This is an optional build option which specifies the FIP
281   filename for the ``fip`` target. Default is ``fip.bin``.
282
283-  ``FWU_FIP_NAME``: This is an optional build option which specifies the FWU
284   FIP filename for the ``fwu_fip`` target. Default is ``fwu_fip.bin``.
285
286-  ``GENERATE_COT``: Boolean flag used to build and execute the ``cert_create``
287   tool to create certificates as per the Chain of Trust described in
288   :ref:`Trusted Board Boot`. The build system then calls ``fiptool`` to
289   include the certificates in the FIP and FWU_FIP. Default value is '0'.
290
291   Specify both ``TRUSTED_BOARD_BOOT=1`` and ``GENERATE_COT=1`` to include support
292   for the Trusted Board Boot feature in the BL1 and BL2 images, to generate
293   the corresponding certificates, and to include those certificates in the
294   FIP and FWU_FIP.
295
296   Note that if ``TRUSTED_BOARD_BOOT=0`` and ``GENERATE_COT=1``, the BL1 and BL2
297   images will not include support for Trusted Board Boot. The FIP will still
298   include the corresponding certificates. This FIP can be used to verify the
299   Chain of Trust on the host machine through other mechanisms.
300
301   Note that if ``TRUSTED_BOARD_BOOT=1`` and ``GENERATE_COT=0``, the BL1 and BL2
302   images will include support for Trusted Board Boot, but the FIP and FWU_FIP
303   will not include the corresponding certificates, causing a boot failure.
304
305-  ``GICV2_G0_FOR_EL3``: Unlike GICv3, the GICv2 architecture doesn't have
306   inherent support for specific EL3 type interrupts. Setting this build option
307   to ``1`` assumes GICv2 *Group 0* interrupts are expected to target EL3, both
308   by `platform abstraction layer`__ and `Interrupt Management Framework`__.
309   This allows GICv2 platforms to enable features requiring EL3 interrupt type.
310   This also means that all GICv2 Group 0 interrupts are delivered to EL3, and
311   the Secure Payload interrupts needs to be synchronously handed over to Secure
312   EL1 for handling. The default value of this option is ``0``, which means the
313   Group 0 interrupts are assumed to be handled by Secure EL1.
314
315   .. __: `platform-interrupt-controller-API.rst`
316   .. __: `interrupt-framework-design.rst`
317
318-  ``HANDLE_EA_EL3_FIRST``: When set to ``1``, External Aborts and SError
319   Interrupts will be always trapped in EL3 i.e. in BL31 at runtime. When set to
320   ``0`` (default), these exceptions will be trapped in the current exception
321   level (or in EL1 if the current exception level is EL0).
322
323-  ``HW_ASSISTED_COHERENCY``: On most Arm systems to-date, platform-specific
324   software operations are required for CPUs to enter and exit coherency.
325   However, newer systems exist where CPUs' entry to and exit from coherency
326   is managed in hardware. Such systems require software to only initiate these
327   operations, and the rest is managed in hardware, minimizing active software
328   management. In such systems, this boolean option enables TF-A to carry out
329   build and run-time optimizations during boot and power management operations.
330   This option defaults to 0 and if it is enabled, then it implies
331   ``WARMBOOT_ENABLE_DCACHE_EARLY`` is also enabled.
332
333   If this flag is disabled while the platform which TF-A is compiled for
334   includes cores that manage coherency in hardware, then a compilation error is
335   generated. This is based on the fact that a system cannot have, at the same
336   time, cores that manage coherency in hardware and cores that don't. In other
337   words, a platform cannot have, at the same time, cores that require
338   ``HW_ASSISTED_COHERENCY=1`` and cores that require
339   ``HW_ASSISTED_COHERENCY=0``.
340
341   Note that, when ``HW_ASSISTED_COHERENCY`` is enabled, version 2 of
342   translation library (xlat tables v2) must be used; version 1 of translation
343   library is not supported.
344
345-  ``JUNO_AARCH32_EL3_RUNTIME``: This build flag enables you to execute EL3
346   runtime software in AArch32 mode, which is required to run AArch32 on Juno.
347   By default this flag is set to '0'. Enabling this flag builds BL1 and BL2 in
348   AArch64 and facilitates the loading of ``SP_MIN`` and BL33 as AArch32 executable
349   images.
350
351-  ``KEY_ALG``: This build flag enables the user to select the algorithm to be
352   used for generating the PKCS keys and subsequent signing of the certificate.
353   It accepts 3 values: ``rsa``, ``rsa_1_5`` and ``ecdsa``. The option
354   ``rsa_1_5`` is the legacy PKCS#1 RSA 1.5 algorithm which is not TBBR
355   compliant and is retained only for compatibility. The default value of this
356   flag is ``rsa`` which is the TBBR compliant PKCS#1 RSA 2.1 scheme.
357
358-  ``KEY_SIZE``: This build flag enables the user to select the key size for
359   the algorithm specified by ``KEY_ALG``. The valid values for ``KEY_SIZE``
360   depend on the chosen algorithm and the cryptographic module.
361
362   +-----------+------------------------------------+
363   |  KEY_ALG  |        Possible key sizes          |
364   +===========+====================================+
365   |    rsa    | 1024 , 2048 (default), 3072, 4096* |
366   +-----------+------------------------------------+
367   |   ecdsa   |            unavailable             |
368   +-----------+------------------------------------+
369
370   * Only 2048 bits size is available with CryptoCell 712 SBROM release 1.
371     Only 3072 bits size is available with CryptoCell 712 SBROM release 2.
372
373-  ``HASH_ALG``: This build flag enables the user to select the secure hash
374   algorithm. It accepts 3 values: ``sha256``, ``sha384`` and ``sha512``.
375   The default value of this flag is ``sha256``.
376
377-  ``LDFLAGS``: Extra user options appended to the linkers' command line in
378   addition to the one set by the build system.
379
380-  ``LOG_LEVEL``: Chooses the log level, which controls the amount of console log
381   output compiled into the build. This should be one of the following:
382
383   ::
384
385       0  (LOG_LEVEL_NONE)
386       10 (LOG_LEVEL_ERROR)
387       20 (LOG_LEVEL_NOTICE)
388       30 (LOG_LEVEL_WARNING)
389       40 (LOG_LEVEL_INFO)
390       50 (LOG_LEVEL_VERBOSE)
391
392   All log output up to and including the selected log level is compiled into
393   the build. The default value is 40 in debug builds and 20 in release builds.
394
395-  ``NON_TRUSTED_WORLD_KEY``: This option is used when ``GENERATE_COT=1``. It
396   specifies the file that contains the Non-Trusted World private key in PEM
397   format. If ``SAVE_KEYS=1``, this file name will be used to save the key.
398
399-  ``NS_BL2U``: Path to NS_BL2U image in the host file system. This image is
400   optional. It is only needed if the platform makefile specifies that it
401   is required in order to build the ``fwu_fip`` target.
402
403-  ``NS_TIMER_SWITCH``: Enable save and restore for non-secure timer register
404   contents upon world switch. It can take either 0 (don't save and restore) or
405   1 (do save and restore). 0 is the default. An SPD may set this to 1 if it
406   wants the timer registers to be saved and restored.
407
408-  ``OVERRIDE_LIBC``: This option allows platforms to override the default libc
409   for the BL image. It can be either 0 (include) or 1 (remove). The default
410   value is 0.
411
412-  ``PL011_GENERIC_UART``: Boolean option to indicate the PL011 driver that
413   the underlying hardware is not a full PL011 UART but a minimally compliant
414   generic UART, which is a subset of the PL011. The driver will not access
415   any register that is not part of the SBSA generic UART specification.
416   Default value is 0 (a full PL011 compliant UART is present).
417
418-  ``PLAT``: Choose a platform to build TF-A for. The chosen platform name
419   must be subdirectory of any depth under ``plat/``, and must contain a
420   platform makefile named ``platform.mk``. For example, to build TF-A for the
421   Arm Juno board, select PLAT=juno.
422
423-  ``PRELOADED_BL33_BASE``: This option enables booting a preloaded BL33 image
424   instead of the normal boot flow. When defined, it must specify the entry
425   point address for the preloaded BL33 image. This option is incompatible with
426   ``EL3_PAYLOAD_BASE``. If both are defined, ``EL3_PAYLOAD_BASE`` has priority
427   over ``PRELOADED_BL33_BASE``.
428
429-  ``PROGRAMMABLE_RESET_ADDRESS``: This option indicates whether the reset
430   vector address can be programmed or is fixed on the platform. It can take
431   either 0 (fixed) or 1 (programmable). Default is 0. If the platform has a
432   programmable reset address, it is expected that a CPU will start executing
433   code directly at the right address, both on a cold and warm reset. In this
434   case, there is no need to identify the entrypoint on boot and the boot path
435   can be optimised. The ``plat_get_my_entrypoint()`` platform porting interface
436   does not need to be implemented in this case.
437
438-  ``PSCI_EXTENDED_STATE_ID``: As per PSCI1.0 Specification, there are 2 formats
439   possible for the PSCI power-state parameter: original and extended State-ID
440   formats. This flag if set to 1, configures the generic PSCI layer to use the
441   extended format. The default value of this flag is 0, which means by default
442   the original power-state format is used by the PSCI implementation. This flag
443   should be specified by the platform makefile and it governs the return value
444   of PSCI_FEATURES API for CPU_SUSPEND smc function id. When this option is
445   enabled on Arm platforms, the option ``ARM_RECOM_STATE_ID_ENC`` needs to be
446   set to 1 as well.
447
448-  ``RAS_EXTENSION``: When set to ``1``, enable Armv8.2 RAS features. RAS features
449   are an optional extension for pre-Armv8.2 CPUs, but are mandatory for Armv8.2
450   or later CPUs.
451
452   When ``RAS_EXTENSION`` is set to ``1``, ``HANDLE_EA_EL3_FIRST`` must also be
453   set to ``1``.
454
455   This option is disabled by default.
456
457-  ``RESET_TO_BL31``: Enable BL31 entrypoint as the CPU reset vector instead
458   of the BL1 entrypoint. It can take the value 0 (CPU reset to BL1
459   entrypoint) or 1 (CPU reset to BL31 entrypoint).
460   The default value is 0.
461
462-  ``RESET_TO_SP_MIN``: SP_MIN is the minimal AArch32 Secure Payload provided
463   in TF-A. This flag configures SP_MIN entrypoint as the CPU reset vector
464   instead of the BL1 entrypoint. It can take the value 0 (CPU reset to BL1
465   entrypoint) or 1 (CPU reset to SP_MIN entrypoint). The default value is 0.
466
467-  ``ROT_KEY``: This option is used when ``GENERATE_COT=1``. It specifies the
468   file that contains the ROT private key in PEM format. If ``SAVE_KEYS=1``, this
469   file name will be used to save the key.
470
471-  ``SAVE_KEYS``: This option is used when ``GENERATE_COT=1``. It tells the
472   certificate generation tool to save the keys used to establish the Chain of
473   Trust. Allowed options are '0' or '1'. Default is '0' (do not save).
474
475-  ``SCP_BL2``: Path to SCP_BL2 image in the host file system. This image is optional.
476   If a SCP_BL2 image is present then this option must be passed for the ``fip``
477   target.
478
479-  ``SCP_BL2_KEY``: This option is used when ``GENERATE_COT=1``. It specifies the
480   file that contains the SCP_BL2 private key in PEM format. If ``SAVE_KEYS=1``,
481   this file name will be used to save the key.
482
483-  ``SCP_BL2U``: Path to SCP_BL2U image in the host file system. This image is
484   optional. It is only needed if the platform makefile specifies that it
485   is required in order to build the ``fwu_fip`` target.
486
487-  ``SDEI_SUPPORT``: Setting this to ``1`` enables support for Software
488   Delegated Exception Interface to BL31 image. This defaults to ``0``.
489
490   When set to ``1``, the build option ``EL3_EXCEPTION_HANDLING`` must also be
491   set to ``1``.
492
493-  ``SEPARATE_CODE_AND_RODATA``: Whether code and read-only data should be
494   isolated on separate memory pages. This is a trade-off between security and
495   memory usage. See "Isolating code and read-only data on separate memory
496   pages" section in :ref:`Firmware Design`. This flag is disabled by default and
497   affects all BL images.
498
499-  ``SPD``: Choose a Secure Payload Dispatcher component to be built into TF-A.
500   This build option is only valid if ``ARCH=aarch64``. The value should be
501   the path to the directory containing the SPD source, relative to
502   ``services/spd/``; the directory is expected to contain a makefile called
503   ``<spd-value>.mk``.
504
505-  ``SPIN_ON_BL1_EXIT``: This option introduces an infinite loop in BL1. It can
506   take either 0 (no loop) or 1 (add a loop). 0 is the default. This loop stops
507   execution in BL1 just before handing over to BL31. At this point, all
508   firmware images have been loaded in memory, and the MMU and caches are
509   turned off. Refer to the "Debugging options" section for more details.
510
511-  ``SPM_MM`` : Boolean option to enable the Management Mode (MM)-based Secure
512   Partition Manager (SPM) implementation. The default value is ``0``.
513
514-  ``SP_MIN_WITH_SECURE_FIQ``: Boolean flag to indicate the SP_MIN handles
515   secure interrupts (caught through the FIQ line). Platforms can enable
516   this directive if they need to handle such interruption. When enabled,
517   the FIQ are handled in monitor mode and non secure world is not allowed
518   to mask these events. Platforms that enable FIQ handling in SP_MIN shall
519   implement the api ``sp_min_plat_fiq_handler()``. The default value is 0.
520
521-  ``TRUSTED_BOARD_BOOT``: Boolean flag to include support for the Trusted Board
522   Boot feature. When set to '1', BL1 and BL2 images include support to load
523   and verify the certificates and images in a FIP, and BL1 includes support
524   for the Firmware Update. The default value is '0'. Generation and inclusion
525   of certificates in the FIP and FWU_FIP depends upon the value of the
526   ``GENERATE_COT`` option.
527
528   .. warning::
529      This option depends on ``CREATE_KEYS`` to be enabled. If the keys
530      already exist in disk, they will be overwritten without further notice.
531
532-  ``TRUSTED_WORLD_KEY``: This option is used when ``GENERATE_COT=1``. It
533   specifies the file that contains the Trusted World private key in PEM
534   format. If ``SAVE_KEYS=1``, this file name will be used to save the key.
535
536-  ``TSP_INIT_ASYNC``: Choose BL32 initialization method as asynchronous or
537   synchronous, (see "Initializing a BL32 Image" section in
538   :ref:`Firmware Design`). It can take the value 0 (BL32 is initialized using
539   synchronous method) or 1 (BL32 is initialized using asynchronous method).
540   Default is 0.
541
542-  ``TSP_NS_INTR_ASYNC_PREEMPT``: A non zero value enables the interrupt
543   routing model which routes non-secure interrupts asynchronously from TSP
544   to EL3 causing immediate preemption of TSP. The EL3 is responsible
545   for saving and restoring the TSP context in this routing model. The
546   default routing model (when the value is 0) is to route non-secure
547   interrupts to TSP allowing it to save its context and hand over
548   synchronously to EL3 via an SMC.
549
550   .. note::
551      When ``EL3_EXCEPTION_HANDLING`` is ``1``, ``TSP_NS_INTR_ASYNC_PREEMPT``
552      must also be set to ``1``.
553
554-  ``USE_ARM_LINK``: This flag determines whether to enable support for ARM
555   linker. When the ``LINKER`` build variable points to the armlink linker,
556   this flag is enabled automatically. To enable support for armlink, platforms
557   will have to provide a scatter file for the BL image. Currently, Tegra
558   platforms use the armlink support to compile BL3-1 images.
559
560-  ``USE_COHERENT_MEM``: This flag determines whether to include the coherent
561   memory region in the BL memory map or not (see "Use of Coherent memory in
562   TF-A" section in :ref:`Firmware Design`). It can take the value 1
563   (Coherent memory region is included) or 0 (Coherent memory region is
564   excluded). Default is 1.
565
566-  ``USE_ROMLIB``: This flag determines whether library at ROM will be used.
567   This feature creates a library of functions to be placed in ROM and thus
568   reduces SRAM usage. Refer to :ref:`Library at ROM` for further details. Default
569   is 0.
570
571-  ``V``: Verbose build. If assigned anything other than 0, the build commands
572   are printed. Default is 0.
573
574-  ``VERSION_STRING``: String used in the log output for each TF-A image.
575   Defaults to a string formed by concatenating the version number, build type
576   and build string.
577
578-  ``W``: Warning level. Some compiler warning options of interest have been
579   regrouped and put in the root Makefile. This flag can take the values 0 to 3,
580   each level enabling more warning options. Default is 0.
581
582-  ``WARMBOOT_ENABLE_DCACHE_EARLY`` : Boolean option to enable D-cache early on
583   the CPU after warm boot. This is applicable for platforms which do not
584   require interconnect programming to enable cache coherency (eg: single
585   cluster platforms). If this option is enabled, then warm boot path
586   enables D-caches immediately after enabling MMU. This option defaults to 0.
587
588Debugging options
589-----------------
590
591To compile a debug version and make the build more verbose use
592
593.. code:: shell
594
595    make PLAT=<platform> DEBUG=1 V=1 all
596
597AArch64 GCC uses DWARF version 4 debugging symbols by default. Some tools (for
598example DS-5) might not support this and may need an older version of DWARF
599symbols to be emitted by GCC. This can be achieved by using the
600``-gdwarf-<version>`` flag, with the version being set to 2 or 3. Setting the
601version to 2 is recommended for DS-5 versions older than 5.16.
602
603When debugging logic problems it might also be useful to disable all compiler
604optimizations by using ``-O0``.
605
606.. warning::
607   Using ``-O0`` could cause output images to be larger and base addresses
608   might need to be recalculated (see the **Memory layout on Arm development
609   platforms** section in the :ref:`Firmware Design`).
610
611Extra debug options can be passed to the build system by setting ``CFLAGS`` or
612``LDFLAGS``:
613
614.. code:: shell
615
616    CFLAGS='-O0 -gdwarf-2'                                     \
617    make PLAT=<platform> DEBUG=1 V=1 all
618
619Note that using ``-Wl,`` style compilation driver options in ``CFLAGS`` will be
620ignored as the linker is called directly.
621
622It is also possible to introduce an infinite loop to help in debugging the
623post-BL2 phase of TF-A. This can be done by rebuilding BL1 with the
624``SPIN_ON_BL1_EXIT=1`` build flag. Refer to the :ref:`build_options_common`
625section. In this case, the developer may take control of the target using a
626debugger when indicated by the console output. When using DS-5, the following
627commands can be used:
628
629::
630
631    # Stop target execution
632    interrupt
633
634    #
635    # Prepare your debugging environment, e.g. set breakpoints
636    #
637
638    # Jump over the debug loop
639    set var $AARCH64::$Core::$PC = $AARCH64::$Core::$PC + 4
640
641    # Resume execution
642    continue
643
644--------------
645
646*Copyright (c) 2019, Arm Limited. All rights reserved.*
647