xref: /rk3399_ARM-atf/make_helpers/constraints.mk (revision d9712f9cae10fdeb8696ffcd3ca35d58666ea9dd) 
1#
2# Copyright (c) 2025, Arm Limited. All rights reserved.
3#
4# SPDX-License-Identifier: BSD-3-Clause
5#
6
7ifneq ($(AARCH32_INSTRUCTION_SET),$(filter $(AARCH32_INSTRUCTION_SET),A32 T32))
8         $(error Error: Unknown AArch32 instruction set ${AARCH32_INSTRUCTION_SET})
9endif
10
11ifneq (${ENABLE_RME},0)
12	ifneq (${ARCH},aarch64)
13                $(error ENABLE_RME requires AArch64)
14	endif
15	ifeq ($(SPMC_AT_EL3),1)
16                $(error SPMC_AT_EL3 and ENABLE_RME cannot both be enabled.)
17	endif
18
19	ifneq (${SPD}, none)
20		ifneq (${SPD}, spmd)
21                        $(error ENABLE_RME is incompatible with SPD=${SPD}. Use SPD=spmd)
22		endif
23	endif
24endif
25
26ifeq (${CTX_INCLUDE_EL2_REGS}, 1)
27	ifeq (${SPD},none)
28		ifeq (${ENABLE_RME},0)
29                        $(error CTX_INCLUDE_EL2_REGS is available only when SPD \
30                        or RME is enabled)
31		endif
32	endif
33endif
34
35################################################################################
36# Verify FEAT_RME, FEAT_SCTLR2 and FEAT_TCR2 are enabled if FEAT_MEC is enabled.
37################################################################################
38
39ifneq (${ENABLE_FEAT_MEC},0)
40    ifeq (${ENABLE_RME},0)
41        $(error FEAT_RME must be enabled when FEAT_MEC is enabled.)
42    endif
43    ifeq (${ENABLE_FEAT_TCR2},0)
44        $(error FEAT_TCR2 must be enabled when FEAT_MEC is enabled.)
45    endif
46    ifeq (${ENABLE_FEAT_SCTLR2},0)
47        $(error FEAT_SCTLR2 must be enabled when FEAT_MEC is enabled.)
48    endif
49endif
50
51# Handle all invalid build configurations with SPMD usage.
52ifeq (${ENABLE_SPMD_LP}, 1)
53ifneq (${SPD},spmd)
54        $(error Error: ENABLE_SPMD_LP requires SPD=spmd.)
55endif
56ifeq ($(SPMC_AT_EL3),1)
57        $(error SPMC at EL3 not supported when enabling SPMD Logical partitions.)
58endif
59endif
60
61ifneq (${SPD},none)
62ifeq (${ARCH},aarch32)
63        $(error "Error: SPD is incompatible with AArch32.")
64endif
65ifdef EL3_PAYLOAD_BASE
66        $(warning "SPD and EL3_PAYLOAD_BASE are incompatible build options.")
67        $(warning "The SPD and its BL32 companion will be present but ignored.")
68endif
69ifeq (${SPD},spmd)
70ifeq ($(SPMD_SPM_AT_SEL2),1)
71        ifeq ($(SPMC_AT_EL3),1)
72                $(error SPM cannot be enabled in both S-EL2 and EL3.)
73        endif
74        ifeq ($(CTX_INCLUDE_SVE_REGS),1)
75                $(error SVE context management not needed with Hafnium SPMC.)
76        endif
77endif
78
79ifeq ($(SPMC_AT_EL3_SEL0_SP),1)
80        ifneq ($(SPMC_AT_EL3),1)
81                $(error SEL0 SP cannot be enabled without SPMC at EL3)
82        endif
83endif
84endif #(SPD=spmd)
85endif #(SPD!=none)
86
87# USE_DEBUGFS experimental feature recommended only in debug builds
88ifeq (${USE_DEBUGFS},1)
89        ifeq (${DEBUG},1)
90                $(warning DEBUGFS experimental feature is enabled.)
91        else
92                $(warning DEBUGFS experimental, recommended in DEBUG builds ONLY)
93        endif
94endif #(USE_DEBUGFS)
95
96# USE_SPINLOCK_CAS requires AArch64 build
97ifeq (${USE_SPINLOCK_CAS},1)
98        ifneq (${ARCH},aarch64)
99               $(error USE_SPINLOCK_CAS requires AArch64)
100        endif
101endif #(USE_SPINLOCK_CAS)
102
103ifdef EL3_PAYLOAD_BASE
104	ifdef PRELOADED_BL33_BASE
105                $(warning "PRELOADED_BL33_BASE and EL3_PAYLOAD_BASE are \
106                incompatible build options. EL3_PAYLOAD_BASE has priority.")
107	endif
108	ifneq (${GENERATE_COT},0)
109                $(error "GENERATE_COT and EL3_PAYLOAD_BASE are incompatible \
110                build options.")
111	endif
112	ifneq (${TRUSTED_BOARD_BOOT},0)
113                $(error "TRUSTED_BOARD_BOOT and EL3_PAYLOAD_BASE are \
114                incompatible \ build options.")
115	endif
116endif #(EL3_PAYLOAD_BASE)
117
118ifeq (${NEED_BL33},yes)
119	ifdef EL3_PAYLOAD_BASE
120                $(warning "BL33 image is not needed when option \
121                BL33_PAYLOAD_BASE is used and won't be added to the FIP file.")
122	endif
123	ifdef PRELOADED_BL33_BASE
124                $(warning "BL33 image is not needed when option \
125                PRELOADED_BL33_BASE is used and won't be added to the FIP file.")
126	endif
127endif #(NEED_BL33)
128
129# When building for systems with hardware-assisted coherency, there's no need to
130# use USE_COHERENT_MEM. Require that USE_COHERENT_MEM must be set to 0 too.
131ifeq ($(HW_ASSISTED_COHERENCY)-$(USE_COHERENT_MEM),1-1)
132        $(error USE_COHERENT_MEM cannot be enabled with HW_ASSISTED_COHERENCY)
133endif
134
135#For now, BL2_IN_XIP_MEM is only supported when RESET_TO_BL2 is 1.
136ifeq ($(RESET_TO_BL2)-$(BL2_IN_XIP_MEM),0-1)
137        $(error "BL2_IN_XIP_MEM is only supported when RESET_TO_BL2 is enabled")
138endif
139
140# RAS_EXTENSION is deprecated, provide alternate build options
141ifeq ($(RAS_EXTENSION),1)
142        $(error "RAS_EXTENSION is now deprecated, please use ENABLE_FEAT_RAS \
143        and HANDLE_EA_EL3_FIRST_NS instead")
144endif
145
146
147# When FAULT_INJECTION_SUPPORT is used, require that FEAT_RAS is enabled
148ifeq ($(FAULT_INJECTION_SUPPORT),1)
149	ifeq ($(ENABLE_FEAT_RAS),0)
150                $(error For FAULT_INJECTION_SUPPORT, ENABLE_FEAT_RAS must not be 0)
151	endif
152endif #(FAULT_INJECTION_SUPPORT)
153
154# DYN_DISABLE_AUTH can be set only when TRUSTED_BOARD_BOOT=1
155ifeq ($(DYN_DISABLE_AUTH), 1)
156	ifeq (${TRUSTED_BOARD_BOOT}, 0)
157                $(error "TRUSTED_BOARD_BOOT must be enabled for DYN_DISABLE_AUTH \
158                to be set.")
159	endif
160endif #(DYN_DISABLE_AUTH)
161
162# SDEI_IN_FCONF is only supported when SDEI_SUPPORT is enabled.
163ifeq ($(SDEI_SUPPORT)-$(SDEI_IN_FCONF),0-1)
164        $(error "SDEI_IN_FCONF is only supported when SDEI_SUPPORT is enabled")
165endif
166
167# If pointer authentication is used in the firmware, make sure that all the
168# registers associated to it are also saved and restored.
169# Not doing it would leak the value of the keys used by EL3 to EL1 and S-EL1.
170ifneq ($(ENABLE_PAUTH),0)
171	ifeq ($(CTX_INCLUDE_PAUTH_REGS),0)
172                $(error Pointer Authentication requires CTX_INCLUDE_PAUTH_REGS to be enabled)
173	endif
174endif #(ENABLE_PAUTH)
175
176ifneq ($(CTX_INCLUDE_PAUTH_REGS),0)
177	ifneq (${ARCH},aarch64)
178                $(error CTX_INCLUDE_PAUTH_REGS requires AArch64)
179	endif
180endif #(CTX_INCLUDE_PAUTH_REGS)
181
182# Check ENABLE_FEAT_PAUTH_LR
183ifneq (${ENABLE_FEAT_PAUTH_LR},0)
184
185# Make sure PAUTH is enabled
186ifeq (${ENABLE_PAUTH},0)
187        $(error Error: PAUTH_LR cannot be used without PAUTH (see BRANCH_PROTECTION))
188endif
189
190# Make sure SCTLR2 is enabled
191ifeq (${ENABLE_FEAT_SCTLR2},0)
192        $(error Error: PAUTH_LR cannot be used without ENABLE_FEAT_SCTLR2)
193endif
194
195# FEAT_PAUTH_LR is only supported in aarch64 state
196ifneq (${ARCH},aarch64)
197        $(error ENABLE_FEAT_PAUTH_LR requires AArch64)
198endif
199
200# Currently, FEAT_PAUTH_LR is only supported by arm/clang compilers
201# TODO implement for GCC when support is added
202ifeq ($($(ARCH)-cc-id),arm-clang)
203        arch-features	:= $(arch-features)+pauth-lr
204else
205        $(error Error: ENABLE_FEAT_PAUTH_LR not supported for GCC compiler)
206endif
207
208endif # ${ENABLE_FEAT_PAUTH_LR}
209
210ifeq ($(FEATURE_DETECTION),1)
211        $(info FEATURE_DETECTION is an experimental feature)
212endif #(FEATURE_DETECTION)
213
214ifneq ($(ENABLE_SME2_FOR_NS), 0)
215	ifeq (${ENABLE_SME_FOR_NS}, 0)
216                $(warning "ENABLE_SME2_FOR_NS requires ENABLE_SME_FOR_NS also \
217                to be set")
218                $(warning "Forced ENABLE_SME_FOR_NS=1")
219                override ENABLE_SME_FOR_NS	:= 1
220	endif
221endif #(ENABLE_SME2_FOR_NS)
222
223ifeq (${ARM_XLAT_TABLES_LIB_V1}, 1)
224	ifeq (${ALLOW_RO_XLAT_TABLES}, 1)
225                $(error "ALLOW_RO_XLAT_TABLES requires translation tables \
226                library v2")
227	endif
228endif #(ARM_XLAT_TABLES_LIB_V1)
229
230ifneq (${DECRYPTION_SUPPORT},none)
231	ifeq (${TRUSTED_BOARD_BOOT}, 0)
232                $(error TRUSTED_BOARD_BOOT must be enabled for DECRYPTION_SUPPORT \
233                to be set)
234	endif
235endif #(DECRYPTION_SUPPORT)
236
237# Ensure that no Aarch64-only features are enabled in Aarch32 build
238ifeq (${ARCH},aarch32)
239        ifneq (${ENABLE_LTO},0)
240                $(error "ENABLE_LTO is not supported with ARCH=aarch32")
241        endif
242
243	# SME/SVE only supported on AArch64
244	ifneq (${ENABLE_SME_FOR_NS},0)
245                $(error "ENABLE_SME_FOR_NS cannot be used with ARCH=aarch32")
246	endif
247
248	ifeq (${ENABLE_SVE_FOR_NS},1)
249		# Warning instead of error due to CI dependency on this
250                $(error "ENABLE_SVE_FOR_NS cannot be used with ARCH=aarch32")
251	endif
252
253	# BRBE is not supported in AArch32
254	ifeq (${ENABLE_BRBE_FOR_NS},1)
255                $(error "ENABLE_BRBE_FOR_NS cannot be used with ARCH=aarch32")
256	endif
257
258	# FEAT_RNG_TRAP is not supported in AArch32
259	ifneq (${ENABLE_FEAT_RNG_TRAP},0)
260                $(error "ENABLE_FEAT_RNG_TRAP cannot be used with ARCH=aarch32")
261	endif
262
263	ifneq (${ENABLE_FEAT_FPMR},0)
264                $(error "ENABLE_FEAT_FPMR cannot be used with ARCH=aarch32")
265	endif
266
267	ifeq (${ARCH_FEATURE_AVAILABILITY},1)
268                $(error "ARCH_FEATURE_AVAILABILITY cannot be used with ARCH=aarch32")
269	endif
270	# FEAT_MOPS is only supported on AArch64
271	ifneq (${ENABLE_FEAT_MOPS},0)
272                $(error "ENABLE_FEAT_MOPS cannot be used with ARCH=aarch32")
273	endif
274	ifneq (${ENABLE_FEAT_GCIE},0)
275                $(error "ENABLE_FEAT_GCIE cannot be used with ARCH=aarch32")
276	endif
277endif #(ARCH=aarch32)
278
279ifneq (${ENABLE_FEAT_FPMR},0)
280	ifeq (${ENABLE_FEAT_FGT},0)
281                $(error "ENABLE_FEAT_FPMR requires ENABLE_FEAT_FGT")
282	endif
283	ifeq (${ENABLE_FEAT_HCX},0)
284                $(error "ENABLE_FEAT_FPMR requires ENABLE_FEAT_HCX")
285	endif
286endif #(ENABLE_FEAT_FPMR)
287
288ifneq (${ENABLE_SME_FOR_NS},0)
289	ifeq (${ENABLE_SVE_FOR_NS},0)
290                $(error "ENABLE_SME_FOR_NS requires ENABLE_SVE_FOR_NS")
291	endif
292endif #(ENABLE_SME_FOR_NS)
293
294# Secure SME/SVE requires the non-secure component as well
295ifeq (${ENABLE_SME_FOR_SWD},1)
296	ifeq (${ENABLE_SME_FOR_NS},0)
297                $(error "ENABLE_SME_FOR_SWD requires ENABLE_SME_FOR_NS")
298	endif
299	ifeq (${ENABLE_SVE_FOR_SWD},0)
300                $(error "ENABLE_SME_FOR_SWD requires ENABLE_SVE_FOR_SWD")
301	endif
302endif #(ENABLE_SME_FOR_SWD)
303
304# Enabling SVE for SWD requires enabling SVE for NWD due to ENABLE_FEAT
305# mechanism.
306ifeq (${ENABLE_SVE_FOR_SWD},1)
307    ifeq (${ENABLE_SVE_FOR_NS},0)
308        $(error "ENABLE_SVE_FOR_SWD requires ENABLE_SVE_FOR_NS")
309    endif
310endif
311
312# Enabling FEAT_MOPS requires access to hcrx_el2 registers which is
313# available only when FEAT_HCX is enabled.
314ifneq (${ENABLE_FEAT_MOPS},0)
315    ifeq (${ENABLE_FEAT_HCX},0)
316        $(error "ENABLE_FEAT_MOPS requires ENABLE_FEAT_HCX")
317    endif
318endif
319
320# Enabling SVE for both the worlds typically requires the context
321# management of SVE registers. The only exception being SPMC at S-EL2.
322ifeq (${ENABLE_SVE_FOR_SWD}, 1)
323    ifneq (${ENABLE_SVE_FOR_NS}, 0)
324        ifeq (${CTX_INCLUDE_SVE_REGS}-$(SPMD_SPM_AT_SEL2),0-0)
325            $(warning "ENABLE_SVE_FOR_SWD and ENABLE_SVE_FOR_NS together require CTX_INCLUDE_SVE_REGS")
326        endif
327    endif
328endif
329
330# Enabling SVE in either world while enabling CTX_INCLUDE_FPREGS requires
331# CTX_INCLUDE_SVE_REGS to be enabled due to architectural dependency between FP
332# and SVE registers.
333ifeq (${CTX_INCLUDE_FPREGS}, 1)
334    ifneq (${ENABLE_SVE_FOR_NS},0)
335        ifeq (${CTX_INCLUDE_SVE_REGS},0)
336            # Warning instead of error due to CI dependency on this
337            $(warning "CTX_INCLUDE_FPREGS and ENABLE_SVE_FOR_NS together require CTX_INCLUDE_SVE_REGS")
338            $(warning "Forced ENABLE_SVE_FOR_NS=0")
339            override ENABLE_SVE_FOR_NS	:= 0
340        endif
341    endif
342endif #(CTX_INCLUDE_FPREGS)
343
344# SVE context management is only required if secure world has access to SVE/FP
345# functionality.
346ifeq (${CTX_INCLUDE_SVE_REGS},1)
347    ifeq (${ENABLE_SVE_FOR_SWD},0)
348        $(error "CTX_INCLUDE_SVE_REGS requires ENABLE_SVE_FOR_SWD to also be enabled")
349    endif
350endif
351
352# SME cannot be used with CTX_INCLUDE_FPREGS since SPM does its own context
353# management including FPU registers.
354ifeq (${CTX_INCLUDE_FPREGS},1)
355    ifneq (${ENABLE_SME_FOR_NS},0)
356        $(error "ENABLE_SME_FOR_NS cannot be used with CTX_INCLUDE_FPREGS")
357    endif
358endif #(CTX_INCLUDE_FPREGS)
359
360ifeq ($(DRTM_SUPPORT),1)
361        $(info DRTM_SUPPORT is an experimental feature)
362endif
363
364ifeq (${HOB_LIST},1)
365        $(warning HOB_LIST is an experimental feature)
366endif
367
368ifeq (${TRANSFER_LIST},1)
369        $(info TRANSFER_LIST is an experimental feature)
370endif
371
372ifeq (${ENABLE_RME},1)
373	ifneq (${SEPARATE_CODE_AND_RODATA},1)
374                $(error `ENABLE_RME=1` requires `SEPARATE_CODE_AND_RODATA=1`)
375	endif
376endif
377
378ifeq ($(PSA_CRYPTO),1)
379        $(info PSA_CRYPTO is an experimental feature)
380endif
381
382ifeq ($(DICE_PROTECTION_ENVIRONMENT),1)
383        $(info DICE_PROTECTION_ENVIRONMENT is an experimental feature)
384endif
385
386ifeq (${LFA_SUPPORT},1)
387        $(warning LFA_SUPPORT is an experimental feature)
388endif #(LFA_SUPPORT)
389