TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TF-A / tf-a-tests / 7fac162cd9439783ef60aaf266d22ad454445ace^! / . / docs / getting_started
commit7fac162cd9439783ef60aaf266d22ad454445ace[log] [tgz]
authorAlexei Fedorov <Alexei.Fedorov@arm.com>Fri Jun 19 14:25:43 2020 +0100
committerAlexei Fedorov <Alexei.Fedorov@arm.com>Tue Aug 18 14:52:49 2020 +0000
tree0696ee3d15d1e4fcdfe3f1172f0c2c3dddc06ada
parentd6fdb6b10147038d99643a7547821c3cff76ce76 [diff]
TFTF: Add ARMv8.5 BTI support in makefiles

This patch adds 'BRANCH_PROTECTION' build option in
TFTF makefiles which corresponds to that in TF-A.
The option values are documented in 'build-options.rst'

Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Change-Id: Iad5083aee339cec574acf5e7ab1fd8142877a122

diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst
index 95724e7..8815466 100644
--- a/docs/getting_started/build-options.rst
+++ b/docs/getting_started/build-options.rst

@@ -30,6 +30,37 @@
 -  ``ARM_ARCH_MINOR``: The minor version of Arm Architecture to target when
    compiling TF-A Tests. Its value must be a numeric, and defaults to 0.
 
+-  ``BRANCH_PROTECTION``: Numeric value to enable ARMv8.3 Pointer Authentication
+   (``ARMv8.3-PAuth``) and ARMv8.5 Branch Target Identification (``ARMv8.5-BTI``)
+   support in the Trusted Firmware-A Test Framework itself.
+   If enabled, it is needed to use a compiler that supports the option
+   ``-mbranch-protection`` (GCC 9 and later).
+   Selects the branch protection features to use:
+-  0: Default value turns off all types of branch protection
+-  1: Enables all types of branch protection features
+-  2: Return address signing to its standard level
+-  3: Extend the signing to include leaf functions
+-  4: Turn on branch target identification mechanism
+
+   The table below summarizes ``BRANCH_PROTECTION`` values, GCC compilation
+   options and resulting PAuth/BTI features.
+
+   +-------+--------------+-------+-----+
+   | Value |  GCC option  | PAuth | BTI |
+   +=======+==============+=======+=====+
+   |   0   |     none     |   N   |  N  |
+   +-------+--------------+-------+-----+
+   |   1   |   standard   |   Y   |  Y  |
+   +-------+--------------+-------+-----+
+   |   2   |   pac-ret    |   Y   |  N  |
+   +-------+--------------+-------+-----+
+   |   3   | pac-ret+leaf |   Y   |  N  |
+   +-------+--------------+-------+-----+
+   |   4   |     bti      |   N   |  Y  |
+   +-------+--------------+-------+-----+
+
+   This option defaults to 0 and this is an experimental feature.
+
 -  ``DEBUG``: Chooses between a debug and a release build. A debug build
    typically embeds assertions checking the validity of some assumptions and its
    output is more verbose. The option can take either 0 (release) or 1 (debug)
@@ -90,11 +121,6 @@
 TFTF-specific Build Options
 ---------------------------
 
--  ``ENABLE_PAUTH``: Boolean option to enable ARMv8.3 Pointer Authentication
-   (``ARMv8.3-PAuth``) support in the Trusted Firmware-A Test Framework itself.
-   If enabled, it is needed to use a compiler that supports the option
-   ``-mbranch-protection`` (GCC 9 and later). It defaults to 0.
-
 -  ``NEW_TEST_SESSION``: Choose whether a new test session should be started
    every time or whether the framework should determine whether a previous
    session was interrupted and resume it. It can take either 1 (always