aboutsummaryrefslogtreecommitdiff
path: root/bl31
diff options
context:
space:
mode:
Diffstat (limited to 'bl31')
-rw-r--r--bl31/aarch64/bl31_entrypoint.S30
-rw-r--r--bl31/aarch64/ea_delegate.S18
-rw-r--r--bl31/aarch64/runtime_exceptions.S25
-rw-r--r--bl31/bl31.mk4
-rw-r--r--bl31/bl31_main.c21
5 files changed, 85 insertions, 13 deletions
diff --git a/bl31/aarch64/bl31_entrypoint.S b/bl31/aarch64/bl31_entrypoint.S
index c41773b886..8e9528b474 100644
--- a/bl31/aarch64/bl31_entrypoint.S
+++ b/bl31/aarch64/bl31_entrypoint.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -87,29 +87,39 @@ func bl31_entrypoint
bl fixup_gdt_reloc
#endif /* ENABLE_PIE */
- /* ---------------------------------------------
- * Perform platform specific early arch. setup
- * ---------------------------------------------
+ /* --------------------------------------------------------------------
+ * Perform BL31 setup
+ * --------------------------------------------------------------------
*/
mov x0, x20
mov x1, x21
mov x2, x22
mov x3, x23
- bl bl31_early_platform_setup2
- bl bl31_plat_arch_setup
+ bl bl31_setup
+
+ /* --------------------------------------------------------------------
+ * Enable pointer authentication
+ * --------------------------------------------------------------------
+ */
+#if ENABLE_PAUTH
+ mrs x0, sctlr_el3
+ orr x0, x0, #SCTLR_EnIA_BIT
+ msr sctlr_el3, x0
+ isb
+#endif /* ENABLE_PAUTH */
- /* ---------------------------------------------
+ /* --------------------------------------------------------------------
* Jump to main function.
- * ---------------------------------------------
+ * --------------------------------------------------------------------
*/
bl bl31_main
- /* -------------------------------------------------------------
+ /* --------------------------------------------------------------------
* Clean the .data & .bss sections to main memory. This ensures
* that any global data which was initialised by the primary CPU
* is visible to secondary CPUs before they enable their data
* caches and participate in coherency.
- * -------------------------------------------------------------
+ * --------------------------------------------------------------------
*/
adr x0, __DATA_START__
adr x1, __DATA_END__
diff --git a/bl31/aarch64/ea_delegate.S b/bl31/aarch64/ea_delegate.S
index 0c8cfa8f92..40c3191ac5 100644
--- a/bl31/aarch64/ea_delegate.S
+++ b/bl31/aarch64/ea_delegate.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2018-2019, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -68,6 +68,14 @@ func enter_lower_el_sync_ea
/* Save GP registers */
bl save_gp_registers
+ /* Save ARMv8.3-PAuth registers and load firmware key */
+#if CTX_INCLUDE_PAUTH_REGS
+ bl pauth_context_save
+#endif
+#if ENABLE_PAUTH
+ bl pauth_load_bl_apiakey
+#endif
+
/* Setup exception class and syndrome arguments for platform handler */
mov x0, #ERROR_EA_SYNC
mrs x1, esr_el3
@@ -98,6 +106,14 @@ func enter_lower_el_async_ea
/* Save GP registers */
bl save_gp_registers
+ /* Save ARMv8.3-PAuth registers and load firmware key */
+#if CTX_INCLUDE_PAUTH_REGS
+ bl pauth_context_save
+#endif
+#if ENABLE_PAUTH
+ bl pauth_load_bl_apiakey
+#endif
+
/* Setup exception class and syndrome arguments for platform handler */
mov x0, #ERROR_EA_ASYNC
mrs x1, esr_el3
diff --git a/bl31/aarch64/runtime_exceptions.S b/bl31/aarch64/runtime_exceptions.S
index 4f53b8e70d..aa9d0079be 100644
--- a/bl31/aarch64/runtime_exceptions.S
+++ b/bl31/aarch64/runtime_exceptions.S
@@ -120,7 +120,17 @@
* ---------------------------------------------------------------------
*/
.macro handle_interrupt_exception label
+
bl save_gp_registers
+
+ /* Save ARMv8.3-PAuth registers and load firmware key */
+#if CTX_INCLUDE_PAUTH_REGS
+ bl pauth_context_save
+#endif
+#if ENABLE_PAUTH
+ bl pauth_load_bl_apiakey
+#endif
+
/* Save the EL3 system registers needed to return from this exception */
mrs x0, spsr_el3
mrs x1, elr_el3
@@ -320,14 +330,25 @@ smc_handler32:
tbnz x0, #FUNCID_CC_SHIFT, smc_prohibited
smc_handler64:
+ /* NOTE: The code below must preserve x0-x4 */
+
+ /* Save general purpose registers */
+ bl save_gp_registers
+
+ /* Save ARMv8.3-PAuth registers and load firmware key */
+#if CTX_INCLUDE_PAUTH_REGS
+ bl pauth_context_save
+#endif
+#if ENABLE_PAUTH
+ bl pauth_load_bl_apiakey
+#endif
+
/*
* Populate the parameters for the SMC handler.
* We already have x0-x4 in place. x5 will point to a cookie (not used
* now). x6 will point to the context structure (SP_EL3) and x7 will
* contain flags we need to pass to the handler.
*/
- bl save_gp_registers
-
mov x5, xzr
mov x6, sp
diff --git a/bl31/bl31.mk b/bl31/bl31.mk
index c9ba926c59..10feae161f 100644
--- a/bl31/bl31.mk
+++ b/bl31/bl31.mk
@@ -75,6 +75,10 @@ ifeq (${ENABLE_MPAM_FOR_LOWER_ELS},1)
BL31_SOURCES += lib/extensions/mpam/mpam.c
endif
+ifeq (${ENABLE_PAUTH},1)
+BL31_CFLAGS += -msign-return-address=non-leaf
+endif
+
ifeq (${WORKAROUND_CVE_2017_5715},1)
BL31_SOURCES += lib/cpus/aarch64/wa_cve_2017_5715_bpiall.S \
lib/cpus/aarch64/wa_cve_2017_5715_mmu.S
diff --git a/bl31/bl31_main.c b/bl31/bl31_main.c
index da35f75eda..aca16d6779 100644
--- a/bl31/bl31_main.c
+++ b/bl31/bl31_main.c
@@ -64,6 +64,27 @@ void __init bl31_lib_init(void)
}
/*******************************************************************************
+ * Setup function for BL31.
+ ******************************************************************************/
+void bl31_setup(u_register_t arg0, u_register_t arg1, u_register_t arg2,
+ u_register_t arg3)
+{
+ /* Perform early platform-specific setup */
+ bl31_early_platform_setup2(arg0, arg1, arg2, arg3);
+
+ /*
+ * Update pointer authentication key before the MMU is enabled. It is
+ * saved in the rodata section, that can be writen before enabling the
+ * MMU. This function must be called after the console is initialized
+ * in the early platform setup.
+ */
+ bl_handle_pauth();
+
+ /* Perform late platform-specific setup */
+ bl31_plat_arch_setup();
+}
+
+/*******************************************************************************
* BL31 is responsible for setting up the runtime services for the primary cpu
* before passing control to the bootloader or an Operating System. This
* function calls runtime_svc_init() which initializes all registered runtime