refactor(cpufeat): convert FEAT_PAuth setup to C

An oversimplified view of FEAT_PAuth is that it's a symmetric encryption
of the LR. PAC instructions execute as NOPs until explicitly turned on.
So in a function that turns PAuth on, the signing would have executed as
a NOP and the authentication will encrypt the address, leading to a
failure. That's why enablement is in assembly - we have full control of
when pointer authentications happen.

However, assembly is hard to read, is opaque to the compiler for
optimisations, and we need to call into C anyway for the platform hook
to get the key. So convert it to C. We can instruct the compiler to not
generate branch protection for the enable function only and as long as
the caller doesn't do branch protection (and all callers are entrypoints
written in assembly) everything will work.

Change-Id: I8917a26e1293033c910e3058664e3ca9207359b7
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
diff --git a/lib/extensions/pauth/pauth.c b/lib/extensions/pauth/pauth.c
new file mode 100644
index 0000000..c6c6e10
--- /dev/null
+++ b/lib/extensions/pauth/pauth.c
@@ -0,0 +1,79 @@
+/*
+ * Copyright (c) 2025, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+#include <arch.h>
+#include <arch_features.h>
+#include <arch_helpers.h>
+#include <lib/extensions/pauth.h>
+
+void __no_pauth pauth_init_enable_el3(void)
+{
+	if (is_feat_pauth_supported()) {
+		pauth_init();
+		pauth_enable_el3();
+	}
+}
+
+void __no_pauth pauth_init_enable_el1(void)
+{
+	if (is_feat_pauth_supported()) {
+		pauth_init();
+		pauth_enable_el1();
+	}
+}
+
+void pauth_init(void)
+{
+	uint128_t keys = plat_init_apkey();
+	uint64_t key_lo = LO_64(keys);
+	uint64_t key_hi = HI_64(keys);
+
+	/* Program instruction key A used by the Trusted Firmware */
+	write_apiakeylo_el1(key_lo);
+	write_apiakeyhi_el1(key_hi);
+}
+
+/*
+ * Begin checking function calls at the current EL. This function must not have
+ * PAuth guards because the signing will be a NOP and attempting to authenticate
+ * will fail. Includes an ISB to avoid accidental failures.
+ */
+void __no_pauth pauth_enable_el3(void)
+{
+	write_sctlr_el3(read_sctlr_el3() | SCTLR_EnIA_BIT);
+	isb();
+}
+
+void __no_pauth pauth_enable_el1(void)
+{
+	write_sctlr_el1(read_sctlr_el1() | SCTLR_EnIA_BIT);
+	isb();
+}
+
+/* Enable PAuth for EL2 */
+void pauth_enable_el2(void)
+{
+	u_register_t hcr_el2 = read_hcr_el2();
+	/*
+	 * For Armv8.3 pointer authentication feature, disable traps to EL2 when
+	 * accessing key registers or using pointer authentication instructions
+	 * from lower ELs.
+	 */
+	hcr_el2 |= (HCR_API_BIT | HCR_APK_BIT);
+
+	write_hcr_el2(hcr_el2);
+}
+
+void __no_pauth pauth_disable_el1(void)
+{
+	write_sctlr_el1(read_sctlr_el1() & ~SCTLR_EnIA_BIT);
+	isb(); /* usually called by caller, here it's for compatibility */
+}
+
+void __no_pauth pauth_disable_el3(void)
+{
+	write_sctlr_el3(read_sctlr_el3() & ~SCTLR_EnIA_BIT);
+	isb(); /* usually called by caller, here it's for compatibility */
+}