TSP: Enable pointer authentication support
The size increase after enabling options related to ARMv8.3-PAuth is:
+----------------------------+-------+-------+-------+--------+
| | text | bss | data | rodata |
+----------------------------+-------+-------+-------+--------+
| CTX_INCLUDE_PAUTH_REGS = 1 | +40 | +0 | +0 | +0 |
| | 0.4% | | | |
+----------------------------+-------+-------+-------+--------+
| ENABLE_PAUTH = 1 | +352 | +0 | +16 | +0 |
| | 3.1% | | 15.8% | |
+----------------------------+-------+-------+-------+--------+
Results calculated with the following build configuration:
make PLAT=fvp SPD=tspd DEBUG=1 \
SDEI_SUPPORT=1 \
EL3_EXCEPTION_HANDLING=1 \
TSP_NS_INTR_ASYNC_PREEMPT=1 \
CTX_INCLUDE_PAUTH_REGS=1 \
ENABLE_PAUTH=1
Change-Id: I6cc1fe0b2345c547dcef66f98758c4eb55fe5ee4
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
diff --git a/bl32/tsp/aarch64/tsp_entrypoint.S b/bl32/tsp/aarch64/tsp_entrypoint.S
index 48f6981..710b458 100644
--- a/bl32/tsp/aarch64/tsp_entrypoint.S
+++ b/bl32/tsp/aarch64/tsp_entrypoint.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -122,12 +122,21 @@
#endif
/* ---------------------------------------------
- * Perform early platform setup & platform
- * specific early arch. setup e.g. mmu setup
+ * Perform TSP setup
* ---------------------------------------------
*/
- bl tsp_early_platform_setup
- bl tsp_plat_arch_setup
+ bl tsp_setup
+
+ /* ---------------------------------------------
+ * Enable pointer authentication
+ * ---------------------------------------------
+ */
+#if ENABLE_PAUTH
+ mrs x0, sctlr_el1
+ orr x0, x0, #SCTLR_EnIA_BIT
+ msr sctlr_el1, x0
+ isb
+#endif /* ENABLE_PAUTH */
/* ---------------------------------------------
* Jump to main function.
diff --git a/bl32/tsp/tsp.mk b/bl32/tsp/tsp.mk
index 4ea3dfb..b1fe7ff 100644
--- a/bl32/tsp/tsp.mk
+++ b/bl32/tsp/tsp.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2013-2016, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -17,6 +17,11 @@
BL32_LINKERFILE := bl32/tsp/tsp.ld.S
+# This flag determines whether pointer authentication is used in the TSP or not
+ifeq ($(ENABLE_PAUTH),1)
+BL32_CFLAGS += -msign-return-address=non-leaf
+endif
+
# This flag determines if the TSPD initializes BL32 in tspd_init() (synchronous
# method) or configures BL31 to pass control to BL32 instead of BL33
# (asynchronous method).
diff --git a/bl32/tsp/tsp_main.c b/bl32/tsp/tsp_main.c
index 407ed47..30bf6ff 100644
--- a/bl32/tsp/tsp_main.c
+++ b/bl32/tsp/tsp_main.c
@@ -72,6 +72,26 @@
}
/*******************************************************************************
+ * Setup function for TSP.
+ ******************************************************************************/
+void tsp_setup(void)
+{
+ /* Perform early platform-specific setup */
+ tsp_early_platform_setup();
+
+ /*
+ * Update pointer authentication key before the MMU is enabled. It is
+ * saved in the rodata section, that can be writen before enabling the
+ * MMU. This function must be called after the console is initialized
+ * in the early platform setup.
+ */
+ bl_handle_pauth();
+
+ /* Perform late platform-specific setup */
+ tsp_plat_arch_setup();
+}
+
+/*******************************************************************************
* TSP main entry point where it gets the opportunity to initialize its secure
* state/applications. Once the state is initialized, it must return to the
* SPD with a pointer to the 'tsp_vector_table' jump table.