Refactor ARMv8.3 Pointer Authentication support code
This patch provides the following features and makes modifications
listed below:
- Individual APIAKey key generation for each CPU.
- New key generation on every BL31 warm boot and TSP CPU On event.
- Per-CPU storage of APIAKey added in percpu_data[]
of cpu_data structure.
- `plat_init_apiakey()` function replaced with `plat_init_apkey()`
which returns 128-bit value and uses Generic timer physical counter
value to increase the randomness of the generated key.
The new function can be used for generation of all ARMv8.3-PAuth keys
- ARMv8.3-PAuth specific code placed in `lib\extensions\pauth`.
- New `pauth_init_enable_el1()` and `pauth_init_enable_el3()` functions
generate, program and enable APIAKey_EL1 for EL1 and EL3 respectively;
pauth_disable_el1()` and `pauth_disable_el3()` functions disable
PAuth for EL1 and EL3 respectively;
`pauth_load_bl31_apiakey()` loads saved per-CPU APIAKey_EL1 from
cpu-data structure.
- Combined `save_gp_pauth_registers()` function replaces calls to
`save_gp_registers()` and `pauth_context_save()`;
`restore_gp_pauth_registers()` replaces `pauth_context_restore()`
and `restore_gp_registers()` calls.
- `restore_gp_registers_eret()` function removed with corresponding
code placed in `el3_exit()`.
- Fixed the issue when `pauth_t pauth_ctx` structure allocated space
for 12 uint64_t PAuth registers instead of 10 by removal of macro
CTX_PACGAKEY_END from `include/lib/el3_runtime/aarch64/context.h`
and assigning its value to CTX_PAUTH_REGS_END.
- Use of MODE_SP_ELX and MODE_SP_EL0 macro definitions
in `msr spsel` instruction instead of hard-coded values.
- Changes in documentation related to ARMv8.3-PAuth and ARMv8.5-BTI.
Change-Id: Id18b81cc46f52a783a7e6a09b9f149b6ce803211
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
diff --git a/bl2/aarch64/bl2_el3_entrypoint.S b/bl2/aarch64/bl2_el3_entrypoint.S
index 261d295..6fe2dd9 100644
--- a/bl2/aarch64/bl2_el3_entrypoint.S
+++ b/bl2/aarch64/bl2_el3_entrypoint.S
@@ -43,22 +43,12 @@
*/
bl bl2_el3_setup
- /* ---------------------------------------------
- * Enable pointer authentication
- * ---------------------------------------------
- */
#if ENABLE_PAUTH
- mrs x0, sctlr_el3
- orr x0, x0, #SCTLR_EnIA_BIT
-#if ENABLE_BTI
/* ---------------------------------------------
- * Enable PAC branch type compatibility
+ * Program APIAKey_EL1 and enable pointer authentication.
* ---------------------------------------------
*/
- bic x0, x0, #SCTLR_BT_BIT
-#endif /* ENABLE_BTI */
- msr sctlr_el3, x0
- isb
+ bl pauth_init_enable_el3
#endif /* ENABLE_PAUTH */
/* ---------------------------------------------
@@ -87,16 +77,13 @@
tlbi alle3
bl bl2_el3_plat_prepare_exit
+#if ENABLE_PAUTH
/* ---------------------------------------------
- * Disable pointer authentication before jumping to BL31 or that will
- * cause an authentication failure during the early platform init.
+ * Disable pointer authentication before jumping
+ * to next boot image.
* ---------------------------------------------
*/
-#if ENABLE_PAUTH
- mrs x0, sctlr_el3
- bic x0, x0, #SCTLR_EnIA_BIT
- msr sctlr_el3, x0
- isb
+ bl pauth_disable_el3
#endif /* ENABLE_PAUTH */
ldp x0, x1, [x20, #ENTRY_POINT_INFO_PC_OFFSET]
diff --git a/bl2/aarch64/bl2_entrypoint.S b/bl2/aarch64/bl2_entrypoint.S
index 5e5b83b..a021e42 100644
--- a/bl2/aarch64/bl2_entrypoint.S
+++ b/bl2/aarch64/bl2_entrypoint.S
@@ -117,22 +117,13 @@
mov x3, x23
bl bl2_setup
- /* ---------------------------------------------
- * Enable pointer authentication
- * ---------------------------------------------
- */
#if ENABLE_PAUTH
- mrs x0, sctlr_el1
- orr x0, x0, #SCTLR_EnIA_BIT
-#if ENABLE_BTI
/* ---------------------------------------------
- * Enable PAC branch type compatibility
+ * Program APIAKey_EL1
+ * and enable pointer authentication.
* ---------------------------------------------
*/
- bic x0, x0, #(SCTLR_BT0_BIT | SCTLR_BT1_BIT)
-#endif /* ENABLE_BTI */
- msr sctlr_el1, x0
- isb
+ bl pauth_init_enable_el1
#endif /* ENABLE_PAUTH */
/* ---------------------------------------------
diff --git a/bl2/bl2_main.c b/bl2/bl2_main.c
index 79b0e71..802c174 100644
--- a/bl2/bl2_main.c
+++ b/bl2/bl2_main.c
@@ -4,13 +4,17 @@
* SPDX-License-Identifier: BSD-3-Clause
*/
+#include <assert.h>
+
#include <arch_helpers.h>
+#include <arch_features.h>
#include <bl1/bl1.h>
#include <bl2/bl2.h>
#include <common/bl_common.h>
#include <common/debug.h>
#include <drivers/auth/auth_mod.h>
#include <drivers/console.h>
+#include <lib/extensions/pauth.h>
#include <plat/common/platform.h>
#include "bl2_private.h"
@@ -31,18 +35,16 @@
/* Perform early platform-specific setup */
bl2_early_platform_setup2(arg0, arg1, arg2, arg3);
-#ifdef __aarch64__
- /*
- * Update pointer authentication key before the MMU is enabled. It is
- * saved in the rodata section, that can be writen before enabling the
- * MMU. This function must be called after the console is initialized
- * in the early platform setup.
- */
- bl_handle_pauth();
-#endif /* __aarch64__ */
-
/* Perform late platform-specific setup */
bl2_plat_arch_setup();
+
+#if CTX_INCLUDE_PAUTH_REGS
+ /*
+ * Assert that the ARMv8.3-PAuth registers are present or an access
+ * fault will be triggered when they are being saved or restored.
+ */
+ assert(is_armv8_3_pauth_present());
+#endif /* CTX_INCLUDE_PAUTH_REGS */
}
#else /* if BL2_AT_EL3 */
@@ -55,18 +57,16 @@
/* Perform early platform-specific setup */
bl2_el3_early_platform_setup(arg0, arg1, arg2, arg3);
-#ifdef __aarch64__
- /*
- * Update pointer authentication key before the MMU is enabled. It is
- * saved in the rodata section, that can be writen before enabling the
- * MMU. This function must be called after the console is initialized
- * in the early platform setup.
- */
- bl_handle_pauth();
-#endif /* __aarch64__ */
-
/* Perform late platform-specific setup */
bl2_el3_plat_arch_setup();
+
+#if CTX_INCLUDE_PAUTH_REGS
+ /*
+ * Assert that the ARMv8.3-PAuth registers are present or an access
+ * fault will be triggered when they are being saved or restored.
+ */
+ assert(is_armv8_3_pauth_present());
+#endif /* CTX_INCLUDE_PAUTH_REGS */
}
#endif /* BL2_AT_EL3 */
@@ -108,6 +108,13 @@
console_flush();
+#if ENABLE_PAUTH
+ /*
+ * Disable pointer authentication before running next boot image
+ */
+ pauth_disable_el1();
+#endif /* ENABLE_PAUTH */
+
/*
* Run next BL image via an SMC to BL1. Information on how to pass
* control to the BL32 (if present) and BL33 software images will
@@ -119,6 +126,13 @@
print_entry_point_info(next_bl_ep_info);
console_flush();
+#if ENABLE_PAUTH
+ /*
+ * Disable pointer authentication before running next boot image
+ */
+ pauth_disable_el3();
+#endif /* ENABLE_PAUTH */
+
bl2_run_next_image(next_bl_ep_info);
#endif /* BL2_AT_EL3 */
}