feat(cpufeat): enable FEAT_PAuth to FEAT_STATE_CHECKED
FEAT_PAuth is the second to last feature to be a boolean choice - it's
either unconditionally compiled in and must be present in hardware or
it's not compiled in. FEAT_PAuth is architected to be backwards
compatible - a subset of the branch guarding instructions (pacia/autia)
execute as NOPs when PAuth is not present. That subset is used with
`-mbranch-protection=standard` and -march pre-8.3. This patch adds the
necessary logic to also check accesses of the non-backward compatible
registers and allow a fully checked implementation.
Note that a checked support requires -march to be pre 8.3, as otherwise
the compiler will include branch protection instructions that are not
NOPs without PAuth (eg retaa) which cannot be checked.
Change-Id: Id942c20cae9d15d25b3d72b8161333642574ddaa
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
diff --git a/bl2/bl2_main.c b/bl2/bl2_main.c
index 4ff73d7..dbe9453 100644
--- a/bl2/bl2_main.c
+++ b/bl2/bl2_main.c
@@ -120,12 +120,12 @@
disable_mmu_icache_secure();
#endif /* !__aarch64__ */
-#if ENABLE_PAUTH
/*
* Disable pointer authentication before running next boot image
*/
- pauth_disable_el1();
-#endif /* ENABLE_PAUTH */
+ if (is_feat_pauth_supported()) {
+ pauth_disable_el1();
+ }
#if ENABLE_RUNTIME_INSTRUMENTATION
PMF_CAPTURE_TIMESTAMP(bl_svc, BL2_EXIT, PMF_CACHE_MAINT);
@@ -148,12 +148,12 @@
#endif
console_flush();
-#if ENABLE_PAUTH
/*
* Disable pointer authentication before running next boot image
*/
- pauth_disable_el3();
-#endif /* ENABLE_PAUTH */
+ if (is_feat_pauth_supported()) {
+ pauth_disable_el3();
+ }
bl2_run_next_image(next_bl_ep_info);
#endif /* BL2_RUNS_AT_EL3 */