refactor(cm): introduce INIT_UNUSED_NS_EL2 macro

Introducing INIT_UNUSED_NS_EL2 macro which guards the code that
disables the unused EL2 when a platform hands off from EL3
to NS-EL1 instead of NS-EL2. Platforms without NS-EL2 in use
must enable this flag.

BREAKING CHANGE: Initialisation code for handoff from EL3 to NS-EL1
disabled by default. Platforms which do that need to enable this macro
going forward

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I61431cc4f7e2feb568d472828e5fd79cc73e51f5

4 files changed, 17 insertions, 1 deletions

diff --git a/Makefile b/Makefile
index f55dfdd11..e0f8426b7 100644
--- a/Makefile
+++ b/Makefile
@@ -1240,6 +1240,7 @@ $(eval $(call assert_booleans,\
 	CONDITIONAL_CMO \
 	PSA_CRYPTO	\
 	ENABLE_CONSOLE_GETC \
+	INIT_UNUSED_NS_EL2	\
 )))
 
 # Numeric_Flags
@@ -1432,6 +1433,7 @@ $(eval $(call add_defines,\
 	ENABLE_SPMD_LP \
 	PSA_CRYPTO	\
 	ENABLE_CONSOLE_GETC \
+	INIT_UNUSED_NS_EL2	\
 )))
 
 ifeq (${SANITIZE_UB},trap)
diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst
index 43b13d613..4b5482930 100644
--- a/docs/getting_started/build-options.rst
+++ b/docs/getting_started/build-options.rst
@@ -677,6 +677,10 @@ Common build options
    invert this behavior. Lower addresses will be printed at the top and higher
    addresses at the bottom.
 
+-  ``INIT_UNUSED_NS_EL2``: This build flag guards code that disables EL2
+   safely in scenario where NS-EL2 is present but unused. This flag is set to 0
+   by default. Platforms without NS-EL2 in use must enable this flag.
+
 -  ``KEY_ALG``: This build flag enables the user to select the algorithm to be
    used for generating the PKCS keys and subsequent signing of the certificate.
    It accepts 5 values: ``rsa``, ``rsa_1_5``, ``ecdsa``, ``ecdsa-brainpool-regular``
diff --git a/lib/el3_runtime/aarch64/context_mgmt.c b/lib/el3_runtime/aarch64/context_mgmt.c
index 623189840..fdd1388cb 100644
--- a/lib/el3_runtime/aarch64/context_mgmt.c
+++ b/lib/el3_runtime/aarch64/context_mgmt.c
@@ -711,6 +711,7 @@ static __unused void enable_pauth_el2(void)
 	write_hcr_el2(hcr_el2);
 }
 
+#if INIT_UNUSED_NS_EL2
 /*******************************************************************************
  * Enable architecture extensions in-place at EL2 on first entry to Non-secure
  * world when EL2 is empty and unused.
@@ -757,6 +758,7 @@ static void manage_extensions_nonsecure_el2_unused(void)
 #endif /* ENABLE_PAUTH */
 #endif /* IMAGE_BL31 */
 }
+#endif /* INIT_UNUSED_NS_EL2 */
 
 /*******************************************************************************
  * Enable architecture extensions on first entry to Secure world.
@@ -809,8 +811,9 @@ void cm_init_my_context(const entry_point_info_t *ep)
 }
 
 /* EL2 present but unused, need to disable safely. SCTLR_EL2 can be ignored */
-static __unused void init_nonsecure_el2_unused(cpu_context_t *ctx)
+static void init_nonsecure_el2_unused(cpu_context_t *ctx)
 {
+#if INIT_UNUSED_NS_EL2
 	u_register_t hcr_el2 = HCR_RESET_VAL;
 	u_register_t mdcr_el2;
 	u_register_t scr_el3;
@@ -909,6 +912,7 @@ static __unused void init_nonsecure_el2_unused(cpu_context_t *ctx)
 	write_cnthp_ctl_el2(CNTHP_CTL_RESET_VAL & ~(CNTHP_CTL_ENABLE_BIT));
 
 	manage_extensions_nonsecure_el2_unused();
+#endif /* INIT_UNUSED_NS_EL2 */
 }
 
 /*******************************************************************************
diff --git a/make_helpers/defaults.mk b/make_helpers/defaults.mk
index e02917c8a..f0f157c1f 100644
--- a/make_helpers/defaults.mk
+++ b/make_helpers/defaults.mk
@@ -367,3 +367,9 @@ PSA_CRYPTO			:= 0
 # Disabled by default because it constitutes an attack vector into TF-A. It
 # should only be enabled if there is a use case for it.
 ENABLE_CONSOLE_GETC		:= 0
+
+# Build option to disable EL2 when it is not used.
+# Most platforms switch from EL3 to NS-EL2 and hence the unused NS-EL2
+# functions must be enabled by platforms if they require it.
+# Disabled by default.
+INIT_UNUSED_NS_EL2		:= 0