BL31: Enable pointer authentication support

The size increase after enabling options related to ARMv8.3-PAuth is:

+----------------------------+-------+-------+-------+--------+
|                            |  text |  bss  |  data | rodata |
+----------------------------+-------+-------+-------+--------+
| CTX_INCLUDE_PAUTH_REGS = 1 |  +192 | +1536 |   +0  |   +0   |
|                            |  0.3% |  3.1% |       |        |
+----------------------------+-------+-------+-------+--------+
| ENABLE_PAUTH = 1           | +1848 | +1536 |  +16  |   +0   |
|                            |  3.3% |  3.1% |  3.1% |        |
+----------------------------+-------+-------+-------+--------+

Results calculated with the following build configuration:

    make PLAT=fvp SPD=tspd DEBUG=1 \
    SDEI_SUPPORT=1                 \
    EL3_EXCEPTION_HANDLING=1       \
    TSP_NS_INTR_ASYNC_PREEMPT=1    \
    CTX_INCLUDE_PAUTH_REGS=1       \
    ENABLE_PAUTH=1

Change-Id: I43db7e509a4f39da6599ec2faa690d197573ec1b
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
diff --git a/bl31/aarch64/bl31_entrypoint.S b/bl31/aarch64/bl31_entrypoint.S
index c41773b..8e9528b 100644
--- a/bl31/aarch64/bl31_entrypoint.S
+++ b/bl31/aarch64/bl31_entrypoint.S
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -87,29 +87,39 @@
 	bl	fixup_gdt_reloc
 #endif /* ENABLE_PIE */
 
-	/* ---------------------------------------------
-	 * Perform platform specific early arch. setup
-	 * ---------------------------------------------
+	/* --------------------------------------------------------------------
+	 * Perform BL31 setup
+	 * --------------------------------------------------------------------
 	 */
 	mov	x0, x20
 	mov	x1, x21
 	mov	x2, x22
 	mov	x3, x23
-	bl	bl31_early_platform_setup2
-	bl	bl31_plat_arch_setup
+	bl	bl31_setup
+
+	/* --------------------------------------------------------------------
+	 * Enable pointer authentication
+	 * --------------------------------------------------------------------
+	 */
+#if ENABLE_PAUTH
+	mrs	x0, sctlr_el3
+	orr	x0, x0, #SCTLR_EnIA_BIT
+	msr	sctlr_el3, x0
+	isb
+#endif /* ENABLE_PAUTH */
 
-	/* ---------------------------------------------
+	/* --------------------------------------------------------------------
 	 * Jump to main function.
-	 * ---------------------------------------------
+	 * --------------------------------------------------------------------
 	 */
 	bl	bl31_main
 
-	/* -------------------------------------------------------------
+	/* --------------------------------------------------------------------
 	 * Clean the .data & .bss sections to main memory. This ensures
 	 * that any global data which was initialised by the primary CPU
 	 * is visible to secondary CPUs before they enable their data
 	 * caches and participate in coherency.
-	 * -------------------------------------------------------------
+	 * --------------------------------------------------------------------
 	 */
 	adr	x0, __DATA_START__
 	adr	x1, __DATA_END__
diff --git a/bl31/bl31.mk b/bl31/bl31.mk
index c9ba926..10feae1 100644
--- a/bl31/bl31.mk
+++ b/bl31/bl31.mk
@@ -75,6 +75,10 @@
 BL31_SOURCES		+=	lib/extensions/mpam/mpam.c
 endif
 
+ifeq (${ENABLE_PAUTH},1)
+BL31_CFLAGS		+=	-msign-return-address=non-leaf
+endif
+
 ifeq (${WORKAROUND_CVE_2017_5715},1)
 BL31_SOURCES		+=	lib/cpus/aarch64/wa_cve_2017_5715_bpiall.S	\
 				lib/cpus/aarch64/wa_cve_2017_5715_mmu.S
diff --git a/bl31/bl31_main.c b/bl31/bl31_main.c
index da35f75..aca16d6 100644
--- a/bl31/bl31_main.c
+++ b/bl31/bl31_main.c
@@ -64,6 +64,27 @@
 }
 
 /*******************************************************************************
+ * Setup function for BL31.
+ ******************************************************************************/
+void bl31_setup(u_register_t arg0, u_register_t arg1, u_register_t arg2,
+		u_register_t arg3)
+{
+	/* Perform early platform-specific setup */
+	bl31_early_platform_setup2(arg0, arg1, arg2, arg3);
+
+	/*
+	 * Update pointer authentication key before the MMU is enabled. It is
+	 * saved in the rodata section, that can be writen before enabling the
+	 * MMU. This function must be called after the console is initialized
+	 * in the early platform setup.
+	 */
+	bl_handle_pauth();
+
+	/* Perform late platform-specific setup */
+	bl31_plat_arch_setup();
+}
+
+/*******************************************************************************
  * BL31 is responsible for setting up the runtime services for the primary cpu
  * before passing control to the bootloader or an Operating System. This
  * function calls runtime_svc_init() which initializes all registered runtime
diff --git a/include/bl31/bl31.h b/include/bl31/bl31.h
index 08c555d..3deb0a5 100644
--- a/include/bl31/bl31.h
+++ b/include/bl31/bl31.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -12,6 +12,8 @@
 /*******************************************************************************
  * Function prototypes
  ******************************************************************************/
+void bl31_setup(u_register_t arg0, u_register_t arg1, u_register_t arg2,
+		u_register_t arg3);
 void bl31_next_el_arch_setup(uint32_t security_state);
 void bl31_set_next_image_type(uint32_t security_state);
 uint32_t bl31_get_next_image_type(void);