Add support for pointer authentication
The previous commit added the infrastructure to load and save
ARMv8.3-PAuth registers during Non-secure <-> Secure world switches, but
didn't actually enable pointer authentication in the firmware.
This patch adds the functionality needed for platforms to provide
authentication keys for the firmware, and a new option (ENABLE_PAUTH) to
enable pointer authentication in the firmware itself. This option is
disabled by default, and it requires CTX_INCLUDE_PAUTH_REGS to be
enabled.
Change-Id: I35127ec271e1198d43209044de39fa712ef202a5
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
diff --git a/bl31/aarch64/ea_delegate.S b/bl31/aarch64/ea_delegate.S
index d5ecfc5..40c3191 100644
--- a/bl31/aarch64/ea_delegate.S
+++ b/bl31/aarch64/ea_delegate.S
@@ -68,9 +68,13 @@
/* Save GP registers */
bl save_gp_registers
+ /* Save ARMv8.3-PAuth registers and load firmware key */
#if CTX_INCLUDE_PAUTH_REGS
bl pauth_context_save
#endif
+#if ENABLE_PAUTH
+ bl pauth_load_bl_apiakey
+#endif
/* Setup exception class and syndrome arguments for platform handler */
mov x0, #ERROR_EA_SYNC
@@ -102,9 +106,13 @@
/* Save GP registers */
bl save_gp_registers
+ /* Save ARMv8.3-PAuth registers and load firmware key */
#if CTX_INCLUDE_PAUTH_REGS
bl pauth_context_save
#endif
+#if ENABLE_PAUTH
+ bl pauth_load_bl_apiakey
+#endif
/* Setup exception class and syndrome arguments for platform handler */
mov x0, #ERROR_EA_ASYNC
diff --git a/bl31/aarch64/runtime_exceptions.S b/bl31/aarch64/runtime_exceptions.S
index cea7a8a..aa9d007 100644
--- a/bl31/aarch64/runtime_exceptions.S
+++ b/bl31/aarch64/runtime_exceptions.S
@@ -123,9 +123,13 @@
bl save_gp_registers
+ /* Save ARMv8.3-PAuth registers and load firmware key */
#if CTX_INCLUDE_PAUTH_REGS
bl pauth_context_save
#endif
+#if ENABLE_PAUTH
+ bl pauth_load_bl_apiakey
+#endif
/* Save the EL3 system registers needed to return from this exception */
mrs x0, spsr_el3
@@ -331,9 +335,13 @@
/* Save general purpose registers */
bl save_gp_registers
+ /* Save ARMv8.3-PAuth registers and load firmware key */
#if CTX_INCLUDE_PAUTH_REGS
bl pauth_context_save
#endif
+#if ENABLE_PAUTH
+ bl pauth_load_bl_apiakey
+#endif
/*
* Populate the parameters for the SMC handler.