docs(security): update info on use of OpenSSL 3.0
OpenSSL 3.0 is a pre-requisite since v2.7 and can be installed
on the operating system by updating the previous version.
However, this may not be convenient for everyone, as some may
want to keep their previous versions of OpenSSL.
This update on the docs shows that there is an alternative to
install OpenSSL on the system by using a local build of
OpenSSL 3.0 and pointing both the build and run commands to
that build.
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: Ib9ad9ee5c333f7b04e2747ae02433aa66e6397f3
diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst
index 26d5458..b291d62 100644
--- a/docs/getting_started/build-options.rst
+++ b/docs/getting_started/build-options.rst
@@ -974,9 +974,10 @@
bit, to trap access to the RAS ERR and RAS ERX registers from lower ELs.
This flag is disabled by default.
-- ``OPENSSL_DIR``: This flag is used to provide the installed openssl directory
- path on the host machine which is used to build certificate generation and
- firmware encryption tool.
+- ``OPENSSL_DIR``: This option is used to provide the path to a directory on the
+ host machine where a custom installation of OpenSSL is located, which is used
+ to build the certificate generation, firmware encryption and FIP tools. If
+ this option is not set, the default OS installation will be used.
- ``USE_SP804_TIMER``: Use the SP804 timer instead of the Generic Timer for
functions that wait for an arbitrary time length (udelay and mdelay). The