1#-------------------------------------------------------------------------------
2# Copyright (c) 2022-2023, Arm Limited. All rights reserved.
3#
4# SPDX-License-Identifier: BSD-3-Clause
5#
6#-------------------------------------------------------------------------------
7
8if(POLICY CMP0123)
9    cmake_policy(SET CMP0123 NEW)
10endif()
11
12if(NOT COMMAND tfm_invalid_config)
13    function(tfm_invalid_config)
14        if (${ARGV})
15            string (REPLACE ";" " " ARGV_STRING "${ARGV}")
16            string (REPLACE "STREQUAL"     "=" ARGV_STRING "${ARGV_STRING}")
17            string (REPLACE "GREATER"      ">" ARGV_STRING "${ARGV_STRING}")
18            string (REPLACE "LESS"         "<" ARGV_STRING "${ARGV_STRING}")
19            string (REPLACE "VERSION_LESS" "<" ARGV_STRING "${ARGV_STRING}")
20            string (REPLACE "EQUAL"        "=" ARGV_STRING "${ARGV_STRING}")
21            string (REPLACE "IN_LIST"      "in" ARGV_STRING "${ARGV_STRING}")
22
23            message(FATAL_ERROR "INVALID CONFIG: ${ARGV_STRING}")
24        endif()
25    endfunction()
26endif()
27
28########################## FPU and MVE #########################################
29
30tfm_invalid_config(NOT CMAKE_C_COMPILER_ID STREQUAL "GNU" AND (CONFIG_TFM_ENABLE_MVE OR CONFIG_TFM_ENABLE_MVE_FP))
31tfm_invalid_config((NOT CMAKE_C_COMPILER_ID STREQUAL "GNU" AND NOT CMAKE_C_COMPILER_ID STREQUAL "ARMClang") AND CONFIG_TFM_ENABLE_FP)
32tfm_invalid_config((NOT CONFIG_TFM_FP_ARCH) AND (CONFIG_TFM_ENABLE_FP OR CONFIG_TFM_ENABLE_MVE_FP))
33tfm_invalid_config((CMAKE_C_COMPILER_ID STREQUAL "ARMClang") AND (NOT CONFIG_TFM_FP_ARCH_ASM) AND CONFIG_TFM_ENABLE_FP)
34tfm_invalid_config((NOT CONFIG_TFM_ENABLE_FP AND NOT CONFIG_TFM_ENABLE_MVE AND NOT CONFIG_TFM_ENABLE_MVE_FP) AND CONFIG_TFM_LAZY_STACKING)
35tfm_invalid_config((CONFIG_TFM_ENABLE_FP OR CONFIG_TFM_ENABLE_MVE OR CONFIG_TFM_ENABLE_MVE_FP) AND NOT CONFIG_TFM_ENABLE_CP10CP11)
36
37###################### Check compiler for FP vulnerability #####################
38
39# Check compiler with mitigation for the VLLDM instruction security vulnerability or not.
40# For more information, please check https://developer.arm.com/support/arm-security-updates/vlldm-instruction-security-vulnerability.
41if (CONFIG_TFM_FLOAT_ABI STREQUAL "hard")
42    # Create test C file.
43    file(WRITE ${CMAKE_CURRENT_BINARY_DIR}/cvetest.c "int x;")
44    # Compile with mitigation -mfix-cmse-cve-2021-35465.
45    if (CMAKE_C_COMPILER_ID STREQUAL "ARMClang")
46        # This flag is dedicated for this check.
47        # Check command will fail if C flags consist of keyword other than cpu/arch type.
48        # Toolchain file shall define a dedicated CP_CHECK_C_FLAGS to collect cpu/arch type
49        # if CMAKE_C_FLAGS is appended with other flags already before this check.
50        if(NOT DEFINED CP_CHECK_C_FLAGS)
51            set(CP_CHECK_C_FLAGS ${CMAKE_C_FLAGS})
52        endif()
53
54        execute_process (
55            COMMAND ${CMAKE_C_COMPILER} --target=${CROSS_COMPILE} ${CP_CHECK_C_FLAGS} -mcmse -mfix-cmse-cve-2021-35465 -S ${CMAKE_CURRENT_BINARY_DIR}/cvetest.c -o ${CMAKE_CURRENT_BINARY_DIR}/cvetest.s
56            RESULT_VARIABLE ret
57            ERROR_VARIABLE err
58        )
59    else()
60        execute_process (
61            COMMAND ${CMAKE_C_COMPILER} -mfix-cmse-cve-2021-35465 -S ${CMAKE_CURRENT_BINARY_DIR}/cvetest.c -o ${CMAKE_CURRENT_BINARY_DIR}/cvetest.s
62            RESULT_VARIABLE ret
63            ERROR_VARIABLE err
64        )
65    endif()
66    file(REMOVE ${CMAKE_CURRENT_BINARY_DIR}/cvetest.c)
67    # Check result
68    if(NOT ret EQUAL 0)
69        message(FATAL_ERROR "To enable FPU usage in SPE and NSPE both, please use the compiler with '-mfix-cmse-cve-2021-35465' support")
70    else()
71        file(REMOVE ${CMAKE_CURRENT_BINARY_DIR}/cvetest.s)
72    endif()
73endif()
74