Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / 25cda671e7fa47580eb6cdb88ba3d1b748ee4e39^! / . / Makefile
commit25cda671e7fa47580eb6cdb88ba3d1b748ee4e39[log] [tgz]
authorAntonio Nino Diaz <antonio.ninodiaz@arm.com>Tue Feb 19 11:53:51 2019 +0000
committerAntonio Nino Diaz <antonio.ninodiaz@arm.com>Wed Feb 27 11:58:09 2019 +0000
tree3a501b3395633ab07d312068c1dacd591493c7ac
parent594811bf074e7c8855f333ca93865970f14bbc0b [diff] [blame]
Add support for pointer authentication

The previous commit added the infrastructure to load and save
ARMv8.3-PAuth registers during Non-secure <-> Secure world switches, but
didn't actually enable pointer authentication in the firmware.

This patch adds the functionality needed for platforms to provide
authentication keys for the firmware, and a new option (ENABLE_PAUTH) to
enable pointer authentication in the firmware itself. This option is
disabled by default, and it requires CTX_INCLUDE_PAUTH_REGS to be
enabled.

Change-Id: I35127ec271e1198d43209044de39fa712ef202a5
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

diff --git a/Makefile b/Makefile
index ebc8850..7b0ef5b 100644
--- a/Makefile
+++ b/Makefile

@@ -184,6 +184,14 @@
 ASFLAGS_aarch32		=	$(march32-directive)
 ASFLAGS_aarch64		=	-march=armv8-a
 
+# Set the compiler to ARMv8.3 mode so that it uses all the ARMv8.3-PAuth
+# instructions. Keeping it in 8.0 would make the compiler emit
+# backwards-compatible hint instructions, which needs more space.
+ifeq (${ENABLE_PAUTH},1)
+TF_CFLAGS_aarch64	+=	-march=armv8.3-a
+ASFLAGS_aarch64		+=	-march=armv8.3-a
+endif
+
 WARNING1 := -Wextra
 WARNING1 += -Wunused -Wno-unused-parameter
 WARNING1 += -Wmissing-declarations
@@ -459,6 +467,15 @@
     endif
 endif
 
+# If pointer authentication is used in the firmware, make sure that all the
+# registers associated to it are also saved and restored. Not doing it would
+# leak the value of the key used by EL3 to EL1 and S-EL1.
+ifeq ($(ENABLE_PAUTH),1)
+    ifeq ($(CTX_INCLUDE_PAUTH_REGS),0)
+        $(error ENABLE_PAUTH=1 requires CTX_INCLUDE_PAUTH_REGS=1)
+    endif
+endif
+
 ################################################################################
 # Process platform overrideable behaviour
 ################################################################################
@@ -587,6 +604,7 @@
 $(eval $(call assert_boolean,ENABLE_AMU))
 $(eval $(call assert_boolean,ENABLE_ASSERTIONS))
 $(eval $(call assert_boolean,ENABLE_MPAM_FOR_LOWER_ELS))
+$(eval $(call assert_boolean,ENABLE_PAUTH))
 $(eval $(call assert_boolean,ENABLE_PIE))
 $(eval $(call assert_boolean,ENABLE_PMF))
 $(eval $(call assert_boolean,ENABLE_PSCI_STAT))
@@ -639,6 +657,7 @@
 $(eval $(call add_define,ENABLE_AMU))
 $(eval $(call add_define,ENABLE_ASSERTIONS))
 $(eval $(call add_define,ENABLE_MPAM_FOR_LOWER_ELS))
+$(eval $(call add_define,ENABLE_PAUTH))
 $(eval $(call add_define,ENABLE_PIE))
 $(eval $(call add_define,ENABLE_PMF))
 $(eval $(call add_define,ENABLE_PSCI_STAT))