1# 2# Copyright (c) 2025, Arm Limited. All rights reserved. 3# 4# SPDX-License-Identifier: BSD-3-Clause 5# 6 7ifneq ($(AARCH32_INSTRUCTION_SET),$(filter $(AARCH32_INSTRUCTION_SET),A32 T32)) 8 $(error Error: Unknown AArch32 instruction set ${AARCH32_INSTRUCTION_SET}) 9endif 10 11ifneq (${ENABLE_RME},0) 12 ifneq (${ARCH},aarch64) 13 $(error ENABLE_RME requires AArch64) 14 endif 15 ifeq ($(SPMC_AT_EL3),1) 16 $(error SPMC_AT_EL3 and ENABLE_RME cannot both be enabled.) 17 endif 18 19 ifneq (${SPD}, none) 20 ifneq (${SPD}, spmd) 21 $(error ENABLE_RME is incompatible with SPD=${SPD}. Use SPD=spmd) 22 endif 23 endif 24endif 25 26ifeq (${CTX_INCLUDE_EL2_REGS}, 1) 27 ifeq (${SPD},none) 28 ifeq (${ENABLE_RME},0) 29 $(error CTX_INCLUDE_EL2_REGS is available only when SPD \ 30 or RME is enabled) 31 endif 32 endif 33endif 34 35################################################################################ 36# Verify FEAT_RME, FEAT_SCTLR2 and FEAT_TCR2 are enabled if FEAT_MEC is enabled. 37################################################################################ 38 39ifneq (${ENABLE_FEAT_MEC},0) 40 ifeq (${ENABLE_RME},0) 41 $(error FEAT_RME must be enabled when FEAT_MEC is enabled.) 42 endif 43 ifeq (${ENABLE_FEAT_TCR2},0) 44 $(error FEAT_TCR2 must be enabled when FEAT_MEC is enabled.) 45 endif 46 ifeq (${ENABLE_FEAT_SCTLR2},0) 47 $(error FEAT_SCTLR2 must be enabled when FEAT_MEC is enabled.) 48 endif 49endif 50 51# Handle all invalid build configurations with SPMD usage. 52ifeq (${ENABLE_SPMD_LP}, 1) 53ifneq (${SPD},spmd) 54 $(error Error: ENABLE_SPMD_LP requires SPD=spmd.) 55endif 56ifeq ($(SPMC_AT_EL3),1) 57 $(error SPMC at EL3 not supported when enabling SPMD Logical partitions.) 58endif 59endif 60 61ifneq (${SPD},none) 62ifeq (${ARCH},aarch32) 63 $(error "Error: SPD is incompatible with AArch32.") 64endif 65ifdef EL3_PAYLOAD_BASE 66 $(warning "SPD and EL3_PAYLOAD_BASE are incompatible build options.") 67 $(warning "The SPD and its BL32 companion will be present but ignored.") 68endif 69ifeq (${SPD},spmd) 70ifeq ($(SPMD_SPM_AT_SEL2),1) 71 ifeq ($(SPMC_AT_EL3),1) 72 $(error SPM cannot be enabled in both S-EL2 and EL3.) 73 endif 74 ifeq ($(CTX_INCLUDE_SVE_REGS),1) 75 $(error SVE context management not needed with Hafnium SPMC.) 76 endif 77endif 78 79ifeq ($(SPMC_AT_EL3_SEL0_SP),1) 80 ifneq ($(SPMC_AT_EL3),1) 81 $(error SEL0 SP cannot be enabled without SPMC at EL3) 82 endif 83endif 84endif #(SPD=spmd) 85endif #(SPD!=none) 86 87# USE_DEBUGFS experimental feature recommended only in debug builds 88ifeq (${USE_DEBUGFS},1) 89 ifeq (${DEBUG},1) 90 $(warning DEBUGFS experimental feature is enabled.) 91 else 92 $(warning DEBUGFS experimental, recommended in DEBUG builds ONLY) 93 endif 94endif #(USE_DEBUGFS) 95 96# USE_SPINLOCK_CAS requires AArch64 build 97ifeq (${USE_SPINLOCK_CAS},1) 98 ifneq (${ARCH},aarch64) 99 $(error USE_SPINLOCK_CAS requires AArch64) 100 endif 101endif #(USE_SPINLOCK_CAS) 102 103ifdef EL3_PAYLOAD_BASE 104 ifdef PRELOADED_BL33_BASE 105 $(warning "PRELOADED_BL33_BASE and EL3_PAYLOAD_BASE are \ 106 incompatible build options. EL3_PAYLOAD_BASE has priority.") 107 endif 108 ifneq (${GENERATE_COT},0) 109 $(error "GENERATE_COT and EL3_PAYLOAD_BASE are incompatible \ 110 build options.") 111 endif 112 ifneq (${TRUSTED_BOARD_BOOT},0) 113 $(error "TRUSTED_BOARD_BOOT and EL3_PAYLOAD_BASE are \ 114 incompatible \ build options.") 115 endif 116endif #(EL3_PAYLOAD_BASE) 117 118ifeq (${NEED_BL33},yes) 119 ifdef EL3_PAYLOAD_BASE 120 $(warning "BL33 image is not needed when option \ 121 BL33_PAYLOAD_BASE is used and won't be added to the FIP file.") 122 endif 123 ifdef PRELOADED_BL33_BASE 124 $(warning "BL33 image is not needed when option \ 125 PRELOADED_BL33_BASE is used and won't be added to the FIP file.") 126 endif 127endif #(NEED_BL33) 128 129# When building for systems with hardware-assisted coherency, there's no need to 130# use USE_COHERENT_MEM. Require that USE_COHERENT_MEM must be set to 0 too. 131ifeq ($(HW_ASSISTED_COHERENCY)-$(USE_COHERENT_MEM),1-1) 132 $(error USE_COHERENT_MEM cannot be enabled with HW_ASSISTED_COHERENCY) 133endif 134 135#For now, BL2_IN_XIP_MEM is only supported when RESET_TO_BL2 is 1. 136ifeq ($(RESET_TO_BL2)-$(BL2_IN_XIP_MEM),0-1) 137 $(error "BL2_IN_XIP_MEM is only supported when RESET_TO_BL2 is enabled") 138endif 139 140# RAS_EXTENSION is deprecated, provide alternate build options 141ifeq ($(RAS_EXTENSION),1) 142 $(error "RAS_EXTENSION is now deprecated, please use ENABLE_FEAT_RAS \ 143 and HANDLE_EA_EL3_FIRST_NS instead") 144endif 145 146 147# When FAULT_INJECTION_SUPPORT is used, require that FEAT_RAS is enabled 148ifeq ($(FAULT_INJECTION_SUPPORT),1) 149 ifeq ($(ENABLE_FEAT_RAS),0) 150 $(error For FAULT_INJECTION_SUPPORT, ENABLE_FEAT_RAS must not be 0) 151 endif 152endif #(FAULT_INJECTION_SUPPORT) 153 154# DYN_DISABLE_AUTH can be set only when TRUSTED_BOARD_BOOT=1 155ifeq ($(DYN_DISABLE_AUTH), 1) 156 ifeq (${TRUSTED_BOARD_BOOT}, 0) 157 $(error "TRUSTED_BOARD_BOOT must be enabled for DYN_DISABLE_AUTH \ 158 to be set.") 159 endif 160endif #(DYN_DISABLE_AUTH) 161 162# SDEI_IN_FCONF is only supported when SDEI_SUPPORT is enabled. 163ifeq ($(SDEI_SUPPORT)-$(SDEI_IN_FCONF),0-1) 164 $(error "SDEI_IN_FCONF is only supported when SDEI_SUPPORT is enabled") 165endif 166 167# If pointer authentication is used in the firmware, make sure that all the 168# registers associated to it are also saved and restored. 169# Not doing it would leak the value of the keys used by EL3 to EL1 and S-EL1. 170ifneq ($(ENABLE_PAUTH),0) 171 ifeq ($(CTX_INCLUDE_PAUTH_REGS),0) 172 $(error Pointer Authentication requires CTX_INCLUDE_PAUTH_REGS to be enabled) 173 endif 174endif #(ENABLE_PAUTH) 175 176ifneq ($(CTX_INCLUDE_PAUTH_REGS),0) 177 ifneq (${ARCH},aarch64) 178 $(error CTX_INCLUDE_PAUTH_REGS requires AArch64) 179 endif 180endif #(CTX_INCLUDE_PAUTH_REGS) 181 182# Check ENABLE_FEAT_PAUTH_LR 183ifneq (${ENABLE_FEAT_PAUTH_LR},0) 184 185# Make sure PAUTH is enabled 186ifeq (${ENABLE_PAUTH},0) 187 $(error Error: PAUTH_LR cannot be used without PAUTH (see BRANCH_PROTECTION)) 188endif 189 190# Make sure SCTLR2 is enabled 191ifeq (${ENABLE_FEAT_SCTLR2},0) 192 $(error Error: PAUTH_LR cannot be used without ENABLE_FEAT_SCTLR2) 193endif 194 195# FEAT_PAUTH_LR is only supported in aarch64 state 196ifneq (${ARCH},aarch64) 197 $(error ENABLE_FEAT_PAUTH_LR requires AArch64) 198endif 199 200endif # ${ENABLE_FEAT_PAUTH_LR} 201 202ifeq ($(FEATURE_DETECTION),1) 203 $(info FEATURE_DETECTION is an experimental feature) 204endif #(FEATURE_DETECTION) 205 206ifneq ($(ENABLE_SME2_FOR_NS), 0) 207 ifeq (${ENABLE_SME_FOR_NS}, 0) 208 $(warning "ENABLE_SME2_FOR_NS requires ENABLE_SME_FOR_NS also \ 209 to be set") 210 $(warning "Forced ENABLE_SME_FOR_NS=1") 211 override ENABLE_SME_FOR_NS := 1 212 endif 213endif #(ENABLE_SME2_FOR_NS) 214 215ifeq (${ARM_XLAT_TABLES_LIB_V1}, 1) 216 ifeq (${ALLOW_RO_XLAT_TABLES}, 1) 217 $(error "ALLOW_RO_XLAT_TABLES requires translation tables \ 218 library v2") 219 endif 220endif #(ARM_XLAT_TABLES_LIB_V1) 221 222ifneq (${DECRYPTION_SUPPORT},none) 223 ifeq (${TRUSTED_BOARD_BOOT}, 0) 224 $(error TRUSTED_BOARD_BOOT must be enabled for DECRYPTION_SUPPORT \ 225 to be set) 226 endif 227endif #(DECRYPTION_SUPPORT) 228 229# Ensure that no Aarch64-only features are enabled in Aarch32 build 230ifeq (${ARCH},aarch32) 231 ifneq (${ENABLE_LTO},0) 232 $(error "ENABLE_LTO is not supported with ARCH=aarch32") 233 endif 234 ifneq (${EL3_EXCEPTION_HANDLING},0) 235 $(error "EL3_EXCEPTION_HANDLING is not supported outside BL31") 236 endif 237 238 ifeq (${CRASH_REPORTING},1) 239 $(error "CRASH_REPORTING is not supported with ARCH=aarch32") 240 endif 241 242 # SME/SVE only supported on AArch64 243 ifneq (${ENABLE_SME_FOR_NS},0) 244 $(error "ENABLE_SME_FOR_NS cannot be used with ARCH=aarch32") 245 endif 246 247 ifeq (${ENABLE_SVE_FOR_NS},1) 248 # Warning instead of error due to CI dependency on this 249 $(error "ENABLE_SVE_FOR_NS cannot be used with ARCH=aarch32") 250 endif 251 252 # BRBE is not supported in AArch32 253 ifeq (${ENABLE_BRBE_FOR_NS},1) 254 $(error "ENABLE_BRBE_FOR_NS cannot be used with ARCH=aarch32") 255 endif 256 257 # FEAT_RNG_TRAP is not supported in AArch32 258 ifneq (${ENABLE_FEAT_RNG_TRAP},0) 259 $(error "ENABLE_FEAT_RNG_TRAP cannot be used with ARCH=aarch32") 260 endif 261 262 ifneq (${ENABLE_FEAT_FPMR},0) 263 $(error "ENABLE_FEAT_FPMR cannot be used with ARCH=aarch32") 264 endif 265 266 ifeq (${ARCH_FEATURE_AVAILABILITY},1) 267 $(error "ARCH_FEATURE_AVAILABILITY cannot be used with ARCH=aarch32") 268 endif 269 # FEAT_MOPS is only supported on AArch64 270 ifneq (${ENABLE_FEAT_MOPS},0) 271 $(error "ENABLE_FEAT_MOPS cannot be used with ARCH=aarch32") 272 endif 273 ifneq (${ENABLE_FEAT_GCIE},0) 274 $(error "ENABLE_FEAT_GCIE cannot be used with ARCH=aarch32") 275 endif 276 ifneq (${ENABLE_FEAT_CPA2},0) 277 $(error "ENABLE_FEAT_CPA2 cannot be used with ARCH=aarch32") 278 endif 279endif #(ARCH=aarch32) 280 281ifneq (${ENABLE_FEAT_FPMR},0) 282 ifeq (${ENABLE_FEAT_FGT},0) 283 $(error "ENABLE_FEAT_FPMR requires ENABLE_FEAT_FGT") 284 endif 285 ifeq (${ENABLE_FEAT_HCX},0) 286 $(error "ENABLE_FEAT_FPMR requires ENABLE_FEAT_HCX") 287 endif 288endif #(ENABLE_FEAT_FPMR) 289 290ifneq (${ENABLE_FEAT_CPA2},0) 291 ifeq (${ENABLE_FEAT_SCTLR2},0) 292 $(error "Error: ENABLE_FEAT_CPA2 cannot be used without ENABLE_FEAT_SCTLR2") 293 endif 294endif #${ENABLE_FEAT_CPA2} 295 296ifneq (${ENABLE_SME_FOR_NS},0) 297 ifeq (${ENABLE_SVE_FOR_NS},0) 298 $(error "ENABLE_SME_FOR_NS requires ENABLE_SVE_FOR_NS") 299 endif 300endif #(ENABLE_SME_FOR_NS) 301 302# Secure SME/SVE requires the non-secure component as well 303ifeq (${ENABLE_SME_FOR_SWD},1) 304 ifeq (${ENABLE_SME_FOR_NS},0) 305 $(error "ENABLE_SME_FOR_SWD requires ENABLE_SME_FOR_NS") 306 endif 307 ifeq (${ENABLE_SVE_FOR_SWD},0) 308 $(error "ENABLE_SME_FOR_SWD requires ENABLE_SVE_FOR_SWD") 309 endif 310endif #(ENABLE_SME_FOR_SWD) 311 312# Enabling SVE for SWD requires enabling SVE for NWD due to ENABLE_FEAT 313# mechanism. 314ifeq (${ENABLE_SVE_FOR_SWD},1) 315 ifeq (${ENABLE_SVE_FOR_NS},0) 316 $(error "ENABLE_SVE_FOR_SWD requires ENABLE_SVE_FOR_NS") 317 endif 318endif 319 320# Enabling FEAT_MOPS requires access to hcrx_el2 registers which is 321# available only when FEAT_HCX is enabled. 322ifneq (${ENABLE_FEAT_MOPS},0) 323 ifeq (${ENABLE_FEAT_HCX},0) 324 $(error "ENABLE_FEAT_MOPS requires ENABLE_FEAT_HCX") 325 endif 326endif 327 328# Enabling SVE for both the worlds typically requires the context 329# management of SVE registers. The only exception being SPMC at S-EL2. 330ifeq (${ENABLE_SVE_FOR_SWD}, 1) 331 ifneq (${ENABLE_SVE_FOR_NS}, 0) 332 ifeq (${CTX_INCLUDE_SVE_REGS}-$(SPMD_SPM_AT_SEL2),0-0) 333 $(warning "ENABLE_SVE_FOR_SWD and ENABLE_SVE_FOR_NS together require CTX_INCLUDE_SVE_REGS") 334 endif 335 endif 336endif 337 338# Enabling SVE in either world while enabling CTX_INCLUDE_FPREGS requires 339# CTX_INCLUDE_SVE_REGS to be enabled due to architectural dependency between FP 340# and SVE registers. 341ifeq (${CTX_INCLUDE_FPREGS}, 1) 342 ifneq (${ENABLE_SVE_FOR_NS},0) 343 ifeq (${CTX_INCLUDE_SVE_REGS},0) 344 # Warning instead of error due to CI dependency on this 345 $(warning "CTX_INCLUDE_FPREGS and ENABLE_SVE_FOR_NS together require CTX_INCLUDE_SVE_REGS") 346 $(warning "Forced ENABLE_SVE_FOR_NS=0") 347 override ENABLE_SVE_FOR_NS := 0 348 endif 349 endif 350endif #(CTX_INCLUDE_FPREGS) 351 352# SVE context management is only required if secure world has access to SVE/FP 353# functionality. 354# Enabling CTX_INCLUDE_SVE_REGS requires CTX_INCLUDE_FPREGS to be enabled due 355# to architectural dependency between FP and SVE registers. 356ifeq (${CTX_INCLUDE_SVE_REGS},1) 357 ifeq (${ENABLE_SVE_FOR_SWD},0) 358 $(error "CTX_INCLUDE_SVE_REGS requires ENABLE_SVE_FOR_SWD to also be enabled") 359 endif 360 ifeq (${CTX_INCLUDE_FPREGS},0) 361 $(error "CTX_INCLUDE_SVE_REGS requires CTX_INCLUDE_FPREGS to also be enabled") 362 endif #(CTX_INCLUDE_FPREGS) 363endif #(CTX_INCLUDE_SVE_REGS) 364 365# SME cannot be used with CTX_INCLUDE_FPREGS since SPM does its own context 366# management including FPU registers. 367ifeq (${CTX_INCLUDE_FPREGS},1) 368 ifneq (${ENABLE_SME_FOR_NS},0) 369 $(error "ENABLE_SME_FOR_NS cannot be used with CTX_INCLUDE_FPREGS") 370 endif 371endif #(CTX_INCLUDE_FPREGS) 372 373ifeq ($(DRTM_SUPPORT),1) 374 $(info DRTM_SUPPORT is an experimental feature) 375endif 376 377ifeq (${HOB_LIST},1) 378 $(warning HOB_LIST is an experimental feature) 379endif 380 381ifeq (${TRANSFER_LIST},1) 382 $(info TRANSFER_LIST is an experimental feature) 383endif 384 385ifeq (${ENABLE_RME},1) 386 ifneq (${SEPARATE_CODE_AND_RODATA},1) 387 $(error `ENABLE_RME=1` requires `SEPARATE_CODE_AND_RODATA=1`) 388 endif 389endif 390 391ifeq ($(PSA_CRYPTO),1) 392 $(info PSA_CRYPTO is an experimental feature) 393endif 394 395ifeq ($(DICE_PROTECTION_ENVIRONMENT),1) 396 $(info DICE_PROTECTION_ENVIRONMENT is an experimental feature) 397endif 398 399ifeq (${LFA_SUPPORT},1) 400 $(warning LFA_SUPPORT is an experimental feature) 401endif #(LFA_SUPPORT) 402 403ifneq (${ENABLE_FEAT_MPAM_PE_BW_CTRL},0) 404 ifeq (${ENABLE_FEAT_MPAM},0) 405 $(error "ENABLE_FEAT_MPAM_PW_BW_CTRL requires ENABLE_FEAT_MPAM") 406 endif 407endif #(ENABLE_FEAT_MPAM_PE_BW_CTRL) 408 409# Handle all deprecated build options. 410ifeq (${ERROR_DEPRECATED}, 1) 411 ifneq (${NS_TIMER_SWITCH},0) 412 $(error "NS_TIMER_SWITCH breaks Linux preemption model, hence deprecated") 413 endif 414endif 415 416ifneq (${DYNAMIC_WORKAROUND_CVE_2018_3639},0) 417 ifeq (${WORKAROUND_CVE_2018_3639},0) 418 $(error Error: WORKAROUND_CVE_2018_3639 must be 1 if DYNAMIC_WORKAROUND_CVE_2018_3639 is 1) 419 endif 420endif 421