TF-A: Add ARMv8.5 'bti' build option
This patch adds BRANCH_PROTECTION = 4 'bti' build option
which turns on branch target identification mechanism.
Change-Id: I32464a6b51726a100519f449a95aea5331f0e82d
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
diff --git a/Makefile b/Makefile
index bc5604b..160cd44 100644
--- a/Makefile
+++ b/Makefile
@@ -121,6 +121,10 @@
# Extend the signing to include leaf functions
BP_OPTION := pac-ret+leaf
ENABLE_PAUTH := 1
+else ifeq (${BRANCH_PROTECTION},4)
+ # Turn on branch target identification mechanism
+ BP_OPTION := bti
+ ENABLE_BTI := 1
else
$(error Unknown BRANCH_PROTECTION value ${BRANCH_PROTECTION})
endif
diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst
index f207886..81903e1 100644
--- a/docs/getting_started/build-options.rst
+++ b/docs/getting_started/build-options.rst
@@ -88,6 +88,7 @@
- 1: Enables all types of branch protection features
- 2: Return address signing to its standard level
- 3: Extend the signing to include leaf functions
+- 4: Turn on branch target identification mechanism
The table below summarizes ``BRANCH_PROTECTION`` values, GCC compilation options
and resulting PAuth/BTI features.
@@ -103,6 +104,8 @@
+-------+--------------+-------+-----+
| 3 | pac-ret+leaf | Y | N |
+-------+--------------+-------+-----+
+ | 4 | bti | N | Y |
+ +-------+--------------+-------+-----+
This option defaults to 0 and this is an experimental feature.
Note that Pointer Authentication is enabled for Non-secure world