diff options
Diffstat (limited to 'bl31')
-rw-r--r-- | bl31/aarch64/bl31_entrypoint.S | 30 | ||||
-rw-r--r-- | bl31/aarch64/ea_delegate.S | 18 | ||||
-rw-r--r-- | bl31/aarch64/runtime_exceptions.S | 25 | ||||
-rw-r--r-- | bl31/bl31.mk | 4 | ||||
-rw-r--r-- | bl31/bl31_main.c | 21 |
5 files changed, 85 insertions, 13 deletions
diff --git a/bl31/aarch64/bl31_entrypoint.S b/bl31/aarch64/bl31_entrypoint.S index c41773b886..8e9528b474 100644 --- a/bl31/aarch64/bl31_entrypoint.S +++ b/bl31/aarch64/bl31_entrypoint.S @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013-2018, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -87,29 +87,39 @@ func bl31_entrypoint bl fixup_gdt_reloc #endif /* ENABLE_PIE */ - /* --------------------------------------------- - * Perform platform specific early arch. setup - * --------------------------------------------- + /* -------------------------------------------------------------------- + * Perform BL31 setup + * -------------------------------------------------------------------- */ mov x0, x20 mov x1, x21 mov x2, x22 mov x3, x23 - bl bl31_early_platform_setup2 - bl bl31_plat_arch_setup + bl bl31_setup + + /* -------------------------------------------------------------------- + * Enable pointer authentication + * -------------------------------------------------------------------- + */ +#if ENABLE_PAUTH + mrs x0, sctlr_el3 + orr x0, x0, #SCTLR_EnIA_BIT + msr sctlr_el3, x0 + isb +#endif /* ENABLE_PAUTH */ - /* --------------------------------------------- + /* -------------------------------------------------------------------- * Jump to main function. - * --------------------------------------------- + * -------------------------------------------------------------------- */ bl bl31_main - /* ------------------------------------------------------------- + /* -------------------------------------------------------------------- * Clean the .data & .bss sections to main memory. This ensures * that any global data which was initialised by the primary CPU * is visible to secondary CPUs before they enable their data * caches and participate in coherency. - * ------------------------------------------------------------- + * -------------------------------------------------------------------- */ adr x0, __DATA_START__ adr x1, __DATA_END__ diff --git a/bl31/aarch64/ea_delegate.S b/bl31/aarch64/ea_delegate.S index 0c8cfa8f92..40c3191ac5 100644 --- a/bl31/aarch64/ea_delegate.S +++ b/bl31/aarch64/ea_delegate.S @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2018-2019, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -68,6 +68,14 @@ func enter_lower_el_sync_ea /* Save GP registers */ bl save_gp_registers + /* Save ARMv8.3-PAuth registers and load firmware key */ +#if CTX_INCLUDE_PAUTH_REGS + bl pauth_context_save +#endif +#if ENABLE_PAUTH + bl pauth_load_bl_apiakey +#endif + /* Setup exception class and syndrome arguments for platform handler */ mov x0, #ERROR_EA_SYNC mrs x1, esr_el3 @@ -98,6 +106,14 @@ func enter_lower_el_async_ea /* Save GP registers */ bl save_gp_registers + /* Save ARMv8.3-PAuth registers and load firmware key */ +#if CTX_INCLUDE_PAUTH_REGS + bl pauth_context_save +#endif +#if ENABLE_PAUTH + bl pauth_load_bl_apiakey +#endif + /* Setup exception class and syndrome arguments for platform handler */ mov x0, #ERROR_EA_ASYNC mrs x1, esr_el3 diff --git a/bl31/aarch64/runtime_exceptions.S b/bl31/aarch64/runtime_exceptions.S index 4f53b8e70d..aa9d0079be 100644 --- a/bl31/aarch64/runtime_exceptions.S +++ b/bl31/aarch64/runtime_exceptions.S @@ -120,7 +120,17 @@ * --------------------------------------------------------------------- */ .macro handle_interrupt_exception label + bl save_gp_registers + + /* Save ARMv8.3-PAuth registers and load firmware key */ +#if CTX_INCLUDE_PAUTH_REGS + bl pauth_context_save +#endif +#if ENABLE_PAUTH + bl pauth_load_bl_apiakey +#endif + /* Save the EL3 system registers needed to return from this exception */ mrs x0, spsr_el3 mrs x1, elr_el3 @@ -320,14 +330,25 @@ smc_handler32: tbnz x0, #FUNCID_CC_SHIFT, smc_prohibited smc_handler64: + /* NOTE: The code below must preserve x0-x4 */ + + /* Save general purpose registers */ + bl save_gp_registers + + /* Save ARMv8.3-PAuth registers and load firmware key */ +#if CTX_INCLUDE_PAUTH_REGS + bl pauth_context_save +#endif +#if ENABLE_PAUTH + bl pauth_load_bl_apiakey +#endif + /* * Populate the parameters for the SMC handler. * We already have x0-x4 in place. x5 will point to a cookie (not used * now). x6 will point to the context structure (SP_EL3) and x7 will * contain flags we need to pass to the handler. */ - bl save_gp_registers - mov x5, xzr mov x6, sp diff --git a/bl31/bl31.mk b/bl31/bl31.mk index c9ba926c59..10feae161f 100644 --- a/bl31/bl31.mk +++ b/bl31/bl31.mk @@ -75,6 +75,10 @@ ifeq (${ENABLE_MPAM_FOR_LOWER_ELS},1) BL31_SOURCES += lib/extensions/mpam/mpam.c endif +ifeq (${ENABLE_PAUTH},1) +BL31_CFLAGS += -msign-return-address=non-leaf +endif + ifeq (${WORKAROUND_CVE_2017_5715},1) BL31_SOURCES += lib/cpus/aarch64/wa_cve_2017_5715_bpiall.S \ lib/cpus/aarch64/wa_cve_2017_5715_mmu.S diff --git a/bl31/bl31_main.c b/bl31/bl31_main.c index da35f75eda..aca16d6779 100644 --- a/bl31/bl31_main.c +++ b/bl31/bl31_main.c @@ -64,6 +64,27 @@ void __init bl31_lib_init(void) } /******************************************************************************* + * Setup function for BL31. + ******************************************************************************/ +void bl31_setup(u_register_t arg0, u_register_t arg1, u_register_t arg2, + u_register_t arg3) +{ + /* Perform early platform-specific setup */ + bl31_early_platform_setup2(arg0, arg1, arg2, arg3); + + /* + * Update pointer authentication key before the MMU is enabled. It is + * saved in the rodata section, that can be writen before enabling the + * MMU. This function must be called after the console is initialized + * in the early platform setup. + */ + bl_handle_pauth(); + + /* Perform late platform-specific setup */ + bl31_plat_arch_setup(); +} + +/******************************************************************************* * BL31 is responsible for setting up the runtime services for the primary cpu * before passing control to the bootloader or an Operating System. This * function calls runtime_svc_init() which initializes all registered runtime |