BL31: Enable pointer authentication support
The size increase after enabling options related to ARMv8.3-PAuth is:
+----------------------------+-------+-------+-------+--------+
| | text | bss | data | rodata |
+----------------------------+-------+-------+-------+--------+
| CTX_INCLUDE_PAUTH_REGS = 1 | +192 | +1536 | +0 | +0 |
| | 0.3% | 3.1% | | |
+----------------------------+-------+-------+-------+--------+
| ENABLE_PAUTH = 1 | +1848 | +1536 | +16 | +0 |
| | 3.3% | 3.1% | 3.1% | |
+----------------------------+-------+-------+-------+--------+
Results calculated with the following build configuration:
make PLAT=fvp SPD=tspd DEBUG=1 \
SDEI_SUPPORT=1 \
EL3_EXCEPTION_HANDLING=1 \
TSP_NS_INTR_ASYNC_PREEMPT=1 \
CTX_INCLUDE_PAUTH_REGS=1 \
ENABLE_PAUTH=1
Change-Id: I43db7e509a4f39da6599ec2faa690d197573ec1b
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
diff --git a/bl31/aarch64/bl31_entrypoint.S b/bl31/aarch64/bl31_entrypoint.S
index c41773b..8e9528b 100644
--- a/bl31/aarch64/bl31_entrypoint.S
+++ b/bl31/aarch64/bl31_entrypoint.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -87,29 +87,39 @@
bl fixup_gdt_reloc
#endif /* ENABLE_PIE */
- /* ---------------------------------------------
- * Perform platform specific early arch. setup
- * ---------------------------------------------
+ /* --------------------------------------------------------------------
+ * Perform BL31 setup
+ * --------------------------------------------------------------------
*/
mov x0, x20
mov x1, x21
mov x2, x22
mov x3, x23
- bl bl31_early_platform_setup2
- bl bl31_plat_arch_setup
+ bl bl31_setup
+
+ /* --------------------------------------------------------------------
+ * Enable pointer authentication
+ * --------------------------------------------------------------------
+ */
+#if ENABLE_PAUTH
+ mrs x0, sctlr_el3
+ orr x0, x0, #SCTLR_EnIA_BIT
+ msr sctlr_el3, x0
+ isb
+#endif /* ENABLE_PAUTH */
- /* ---------------------------------------------
+ /* --------------------------------------------------------------------
* Jump to main function.
- * ---------------------------------------------
+ * --------------------------------------------------------------------
*/
bl bl31_main
- /* -------------------------------------------------------------
+ /* --------------------------------------------------------------------
* Clean the .data & .bss sections to main memory. This ensures
* that any global data which was initialised by the primary CPU
* is visible to secondary CPUs before they enable their data
* caches and participate in coherency.
- * -------------------------------------------------------------
+ * --------------------------------------------------------------------
*/
adr x0, __DATA_START__
adr x1, __DATA_END__
diff --git a/bl31/bl31.mk b/bl31/bl31.mk
index c9ba926..10feae1 100644
--- a/bl31/bl31.mk
+++ b/bl31/bl31.mk
@@ -75,6 +75,10 @@
BL31_SOURCES += lib/extensions/mpam/mpam.c
endif
+ifeq (${ENABLE_PAUTH},1)
+BL31_CFLAGS += -msign-return-address=non-leaf
+endif
+
ifeq (${WORKAROUND_CVE_2017_5715},1)
BL31_SOURCES += lib/cpus/aarch64/wa_cve_2017_5715_bpiall.S \
lib/cpus/aarch64/wa_cve_2017_5715_mmu.S
diff --git a/bl31/bl31_main.c b/bl31/bl31_main.c
index da35f75..aca16d6 100644
--- a/bl31/bl31_main.c
+++ b/bl31/bl31_main.c
@@ -64,6 +64,27 @@
}
/*******************************************************************************
+ * Setup function for BL31.
+ ******************************************************************************/
+void bl31_setup(u_register_t arg0, u_register_t arg1, u_register_t arg2,
+ u_register_t arg3)
+{
+ /* Perform early platform-specific setup */
+ bl31_early_platform_setup2(arg0, arg1, arg2, arg3);
+
+ /*
+ * Update pointer authentication key before the MMU is enabled. It is
+ * saved in the rodata section, that can be writen before enabling the
+ * MMU. This function must be called after the console is initialized
+ * in the early platform setup.
+ */
+ bl_handle_pauth();
+
+ /* Perform late platform-specific setup */
+ bl31_plat_arch_setup();
+}
+
+/*******************************************************************************
* BL31 is responsible for setting up the runtime services for the primary cpu
* before passing control to the bootloader or an Operating System. This
* function calls runtime_svc_init() which initializes all registered runtime
diff --git a/include/bl31/bl31.h b/include/bl31/bl31.h
index 08c555d..3deb0a5 100644
--- a/include/bl31/bl31.h
+++ b/include/bl31/bl31.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -12,6 +12,8 @@
/*******************************************************************************
* Function prototypes
******************************************************************************/
+void bl31_setup(u_register_t arg0, u_register_t arg1, u_register_t arg2,
+ u_register_t arg3);
void bl31_next_el_arch_setup(uint32_t security_state);
void bl31_set_next_image_type(uint32_t security_state);
uint32_t bl31_get_next_image_type(void);