BL1: Enable pointer authentication support
The size increase after enabling options related to ARMv8.3-PAuth is:
+----------------------------+-------+-------+-------+--------+
| | text | bss | data | rodata |
+----------------------------+-------+-------+-------+--------+
| CTX_INCLUDE_PAUTH_REGS = 1 | +108 | +192 | +0 | +0 |
| | 0.5% | 0.8% | | |
+----------------------------+-------+-------+-------+--------+
| ENABLE_PAUTH = 1 | +748 | +192 | +16 | +0 |
| | 3.7% | 0.8% | 7.0% | |
+----------------------------+-------+-------+-------+--------+
Results calculated with the following build configuration:
make PLAT=fvp SPD=tspd DEBUG=1 \
SDEI_SUPPORT=1 \
EL3_EXCEPTION_HANDLING=1 \
TSP_NS_INTR_ASYNC_PREEMPT=1 \
CTX_INCLUDE_PAUTH_REGS=1 \
ENABLE_PAUTH=1
Change-Id: I3a7d02feb6a6d212be32a01432b0c7c1a261f567
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
diff --git a/bl1/aarch32/bl1_entrypoint.S b/bl1/aarch32/bl1_entrypoint.S
index 3f0cbaf..6a15566 100644
--- a/bl1/aarch32/bl1_entrypoint.S
+++ b/bl1/aarch32/bl1_entrypoint.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2016-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2016-2019, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -52,12 +52,10 @@
_exception_vectors=bl1_vector_table
/* -----------------------------------------------------
- * Perform early platform setup & platform
- * specific early arch. setup e.g. mmu setup
+ * Perform BL1 setup
* -----------------------------------------------------
*/
- bl bl1_early_platform_setup
- bl bl1_plat_arch_setup
+ bl bl1_setup
/* -----------------------------------------------------
* Jump to main function.
diff --git a/bl1/aarch64/bl1_entrypoint.S b/bl1/aarch64/bl1_entrypoint.S
index f7e02e9..0f8d5aa 100644
--- a/bl1/aarch64/bl1_entrypoint.S
+++ b/bl1/aarch64/bl1_entrypoint.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2017, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -32,24 +32,42 @@
_init_c_runtime=1 \
_exception_vectors=bl1_exceptions
- /* ---------------------------------------------
- * Architectural init. can be generic e.g.
- * enabling stack alignment and platform spec-
- * ific e.g. MMU & page table setup as per the
- * platform memory map. Perform the latter here
- * and the former in bl1_main.
- * ---------------------------------------------
+ /* --------------------------------------------------------------------
+ * Perform BL1 setup
+ * --------------------------------------------------------------------
*/
- bl bl1_early_platform_setup
- bl bl1_plat_arch_setup
+ bl bl1_setup
- /* --------------------------------------------------
+ /* --------------------------------------------------------------------
+ * Enable pointer authentication
+ * --------------------------------------------------------------------
+ */
+#if ENABLE_PAUTH
+ mrs x0, sctlr_el3
+ orr x0, x0, #SCTLR_EnIA_BIT
+ msr sctlr_el3, x0
+ isb
+#endif /* ENABLE_PAUTH */
+
+ /* --------------------------------------------------------------------
* Initialize platform and jump to our c-entry point
* for this type of reset.
- * --------------------------------------------------
+ * --------------------------------------------------------------------
*/
bl bl1_main
+ /* --------------------------------------------------------------------
+ * Disable pointer authentication before jumping to BL31 or that will
+ * cause an authentication failure during the early platform init.
+ * --------------------------------------------------------------------
+ */
+#if ENABLE_PAUTH
+ mrs x0, sctlr_el3
+ bic x0, x0, #SCTLR_EnIA_BIT
+ msr sctlr_el3, x0
+ isb
+#endif /* ENABLE_PAUTH */
+
/* --------------------------------------------------
* Do the transition to next boot image.
* --------------------------------------------------
diff --git a/bl1/bl1.mk b/bl1/bl1.mk
index ec7d728..7f1a823 100644
--- a/bl1/bl1.mk
+++ b/bl1/bl1.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2013-2018, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -21,6 +21,10 @@
lib/el3_runtime/aarch64/context.S
endif
+ifeq (${ENABLE_PAUTH},1)
+BL1_CFLAGS += -msign-return-address=non-leaf
+endif
+
ifeq (${TRUSTED_BOARD_BOOT},1)
BL1_SOURCES += bl1/bl1_fwu.c
endif
diff --git a/bl1/bl1_main.c b/bl1/bl1_main.c
index d2c2b41..fce14f5 100644
--- a/bl1/bl1_main.c
+++ b/bl1/bl1_main.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -52,6 +52,28 @@
}
/*******************************************************************************
+ * Setup function for BL1.
+ ******************************************************************************/
+void bl1_setup(void)
+{
+ /* Perform early platform-specific setup */
+ bl1_early_platform_setup();
+
+#ifdef AARCH64
+ /*
+ * Update pointer authentication key before the MMU is enabled. It is
+ * saved in the rodata section, that can be writen before enabling the
+ * MMU. This function must be called after the console is initialized
+ * in the early platform setup.
+ */
+ bl_handle_pauth();
+#endif /* AARCH64 */
+
+ /* Perform late platform-specific setup */
+ bl1_plat_arch_setup();
+}
+
+/*******************************************************************************
* Function to perform late architectural and platform specific initialization.
* It also queries the platform to load and run next BL image. Only called
* by the primary cpu after a cold boot.
diff --git a/include/bl1/bl1.h b/include/bl1/bl1.h
index 7b5d875..937b8c7 100644
--- a/include/bl1/bl1.h
+++ b/include/bl1/bl1.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -83,6 +83,7 @@
void bl1_print_next_bl_ep_info(const struct entry_point_info *bl_ep_info);
+void bl1_setup(void);
void bl1_main(void);
void bl1_plat_prepare_exit(entry_point_info_t *ep_info);