rpi3: Add support for the stack protector
It uses the hardware RNG in a similar way as Juno (it gets 128 bits of
entropy and does xor on them).
It is disabled by default.
Change-Id: I8b3adb61f5a5623716e0e8b6799404c68dd94c60
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
diff --git a/plat/rpi3/platform.mk b/plat/rpi3/platform.mk
index 3ad7114..2f18af6 100644
--- a/plat/rpi3/platform.mk
+++ b/plat/rpi3/platform.mk
@@ -90,6 +90,9 @@
# Disable the PSCI platform compatibility layer by default
ENABLE_PLAT_COMPAT := 0
+# Disable stack protector by default
+ENABLE_STACK_PROTECTOR := 0
+
# Reset to BL31 isn't supported
RESET_TO_BL31 := 0
@@ -146,6 +149,11 @@
$(error Error: AArch32 not supported on rpi3)
endif
+ifneq ($(ENABLE_STACK_PROTECTOR), 0)
+PLAT_BL_COMMON_SOURCES += plat/rpi3/rpi3_rng.c \
+ plat/rpi3/rpi3_stack_protector.c
+endif
+
ifeq (${SPD},opteed)
BL2_SOURCES += \
lib/optee/optee_utils.c
diff --git a/plat/rpi3/rpi3_stack_protector.c b/plat/rpi3/rpi3_stack_protector.c
new file mode 100644
index 0000000..d939cd3
--- /dev/null
+++ b/plat/rpi3/rpi3_stack_protector.c
@@ -0,0 +1,27 @@
+/*
+ * Copyright (c) 2017-2018, ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <sys/types.h>
+#include <utils.h>
+
+#include "rpi3_private.h"
+
+/* Get 128 bits of entropy and fuse the values together to form the canary. */
+#define TRNG_NBYTES 16U
+
+u_register_t plat_get_stack_protector_canary(void)
+{
+ size_t i;
+ u_register_t buf[TRNG_NBYTES / sizeof(u_register_t)];
+ u_register_t ret = 0U;
+
+ rpi3_rng_read(buf, sizeof(buf));
+
+ for (i = 0U; i < ARRAY_SIZE(buf); i++)
+ ret ^= buf[i];
+
+ return ret;
+}