aarch64,smc: remove KernelAllowSMCCalls

Remove the KernelAllowSMCCalls cmake option together with configurable
CONFIG_ALLOW_SMC_CALLS. Instead, provide CONFIG_ALLOW_SMC_CALLS as
always-on to user space, together with a deprecation warning.

The rationale is that system initialisation can either delete or not
pass on the initial SMC caps and achieve the same behaviour as
CONFIG_ALLOW_SMC_CALLS being off.

Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>

libsel4/arch_include/arm/sel4/arch/deprecated.h

@@ -8,4 +8,6 @@
 
 #include <sel4/config.h>
 
-/* nothing here */
+#if defined(CONFIG_ARCH_AARCH64) && !defined(CONFIG_ALLOW_SMC_CALLS)
+#define CONFIG_ALLOW_SMC_CALLS SEL4_DEPRECATE_MACRO(1)
+#endif

src/arch/arm/config.cmake

@@ -234,18 +234,6 @@ config_option(
 )
 mark_as_advanced(KernelAArch64SErrorIgnore)
 
-config_option(
-    KernelAllowSMCCalls
-    ALLOW_SMC_CALLS
-    "Allow components to make SMC calls. \
-    WARNING: Allowing SMC calls causes a couple of issues. Since seL4 cannot \
-    pre-empt the secure monitor, the WCET is no longer guaranteed. Also, since the \
-    secure monitor is a higher privilege level and can make any change in the \
-    system, the proofs can no longer be guaranteed."
-    DEFAULT OFF
-    DEPENDS "KernelSel4ArchAarch64"
-)
-
 config_choice(
     KernelArmTLSReg
     ARM_TLS_REG

src/arch/arm/kernel/boot.c

@@ -164,7 +164,7 @@ BOOT_CODE static void init_smmu(cap_t root_cnode_cap)
 
 #endif
 
-#ifdef CONFIG_ALLOW_SMC_CALLS
+#ifdef CONFIG_ARCH_AARCH64
 BOOT_CODE static void init_smc(cap_t root_cnode_cap)
 {
     /* Provide the SMC cap*/
@@ -451,7 +451,7 @@ static BOOT_CODE bool_t try_init_kernel(
     /* initialise the SMMU and provide the SMMU control caps*/
     init_smmu(root_cnode_cap);
 #endif
-#ifdef CONFIG_ALLOW_SMC_CALLS
+#ifdef CONFIG_ARCH_AARCH64
     init_smc(root_cnode_cap);
 #endif