diff options
author | Alexei Fedorov <Alexei.Fedorov@arm.com> | 2020-01-08 14:02:18 +0000 |
---|---|---|
committer | Alexei Fedorov <Alexei.Fedorov@arm.com> | 2020-01-08 14:02:18 +0000 |
commit | 52fd7337cde13d945dfb2f5b90b89bd76772fe9c (patch) | |
tree | d97d286bf69bb900dfffd886fc7b827de65fa16e | |
parent | 584b3cb3aba5423c31496a4f46ea6a58e44dd7d9 (diff) | |
download | tf-a-tests-52fd7337cde13d945dfb2f5b90b89bd76772fe9c.tar.gz |
TFTF: Enable ARMv8.3-PAuth in FWU tests.
This patch adds ARMv8.3-PAuth support for FWU tests.
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Change-Id: I36a0a2a3870db51cda0a09bd8fd8004e2d01d2bc
-rw-r--r-- | Makefile | 4 | ||||
-rw-r--r-- | fwu/ns_bl1u/aarch64/ns_bl1u_entrypoint.S | 8 | ||||
-rw-r--r-- | fwu/ns_bl1u/ns_bl1u.mk | 10 | ||||
-rw-r--r-- | fwu/ns_bl1u/ns_bl1u_main.c | 8 | ||||
-rw-r--r-- | fwu/ns_bl2u/aarch64/ns_bl2u_entrypoint.S | 16 | ||||
-rw-r--r-- | fwu/ns_bl2u/ns_bl2u.mk | 9 | ||||
-rw-r--r-- | include/lib/extensions/pauth.h | 3 | ||||
-rw-r--r-- | lib/extensions/pauth/aarch64/pauth_helpers.S | 27 |
8 files changed, 77 insertions, 8 deletions
@@ -1,5 +1,5 @@ # -# Copyright (c) 2018-2019, Arm Limited. All rights reserved. +# Copyright (c) 2018-2020, Arm Limited. All rights reserved. # # SPDX-License-Identifier: BSD-3-Clause # @@ -225,6 +225,8 @@ TFTF_LDFLAGS += ${COMMON_LDFLAGS} ifeq (${ENABLE_PAUTH},1) TFTF_CFLAGS += -mbranch-protection=pac-ret +NS_BL1U_CFLAGS += -mbranch-protection=pac-ret +NS_BL2U_CFLAGS += -mbranch-protection=pac-ret endif NS_BL1U_SOURCES += ${PLAT_SOURCES} ${LIBC_SRCS} diff --git a/fwu/ns_bl1u/aarch64/ns_bl1u_entrypoint.S b/fwu/ns_bl1u/aarch64/ns_bl1u_entrypoint.S index a2e9027b4..d971e4ad6 100644 --- a/fwu/ns_bl1u/aarch64/ns_bl1u_entrypoint.S +++ b/fwu/ns_bl1u/aarch64/ns_bl1u_entrypoint.S @@ -63,6 +63,14 @@ func ns_bl1u_entrypoint bl tftf_early_platform_setup bl tftf_plat_arch_setup +#if ENABLE_PAUTH + /* --------------------------------------------------------------------- + * Program APIAKey_EL1 and enable pointer authentication. + * --------------------------------------------------------------------- + */ + bl pauth_init_enable +#endif /* ENABLE_PAUTH */ + /* --------------------------------------------------------------------- * Jump to main function. * --------------------------------------------------------------------- diff --git a/fwu/ns_bl1u/ns_bl1u.mk b/fwu/ns_bl1u/ns_bl1u.mk index cf2b4a8ed..7bdb03429 100644 --- a/fwu/ns_bl1u/ns_bl1u.mk +++ b/fwu/ns_bl1u/ns_bl1u.mk @@ -1,5 +1,5 @@ # -# Copyright (c) 2018, Arm Limited. All rights reserved. +# Copyright (c) 2018-2020, Arm Limited. All rights reserved. # # SPDX-License-Identifier: BSD-3-Clause # @@ -15,6 +15,7 @@ NS_BL1U_INCLUDES := \ -Iinclude/common/${ARCH} \ -Iinclude/lib \ -Iinclude/lib/${ARCH} \ + -Iinclude/lib/extensions \ -Iinclude/lib/utils \ -Iinclude/lib/xlat_tables \ -Iinclude/plat/common \ @@ -51,6 +52,12 @@ ifeq (${FWU_BL_TEST},1) NS_BL1U_SOURCES += fwu/ns_bl1u/ns_bl1u_tests.c endif +ifeq (${ENABLE_PAUTH},1) +# ARMv8.3 Pointer Authentication support files +NS_BL1U_SOURCES += lib/extensions/pauth/aarch64/pauth.c \ + lib/extensions/pauth/aarch64/pauth_helpers.S +endif + NS_BL1U_LINKERFILE := fwu/ns_bl1u/ns_bl1u.ld.S # NS_BL1U requires accessing the flash. Force-enable it. @@ -67,4 +74,5 @@ ifeq (${ARCH},aarch32) $(eval $(call add_define,NS_BL1U_DEFINES,AARCH32)) else $(eval $(call add_define,NS_BL1U_DEFINES,AARCH64)) + $(eval $(call add_define,NS_BL1U_DEFINES,ENABLE_PAUTH)) endif diff --git a/fwu/ns_bl1u/ns_bl1u_main.c b/fwu/ns_bl1u/ns_bl1u_main.c index 55cea903c..67ae82b29 100644 --- a/fwu/ns_bl1u/ns_bl1u_main.c +++ b/fwu/ns_bl1u/ns_bl1u_main.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018, Arm Limited. All rights reserved. + * Copyright (c) 2018-2019, Arm Limited. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -14,6 +14,7 @@ #include <io_storage.h> #include <mmio.h> #include <nvm.h> +#include <pauth.h> #include <platform.h> #include <platform_def.h> #include <smccc.h> @@ -211,6 +212,11 @@ void ns_bl1u_main(void) } } +#if ENABLE_PAUTH + /* Disable pointer authentication before jumping to NS_BL2U */ + pauth_disable(); +#endif + /* * Clean and invalidate the caches. * And disable the MMU before jumping to NS_BL2U. diff --git a/fwu/ns_bl2u/aarch64/ns_bl2u_entrypoint.S b/fwu/ns_bl2u/aarch64/ns_bl2u_entrypoint.S index 0828f5b91..28d6dface 100644 --- a/fwu/ns_bl2u/aarch64/ns_bl2u_entrypoint.S +++ b/fwu/ns_bl2u/aarch64/ns_bl2u_entrypoint.S @@ -48,13 +48,21 @@ func ns_bl2u_entrypoint bl platform_set_stack /* --------------------------------------------------------------------- - * Perform early platform setup & platforms specific early architectural - * setup, e.g. MMU setup. - * ---------------------------------------------------------------------- - */ + * Perform early platform setup & platforms specific early architectural + * setup, e.g. MMU setup. + * --------------------------------------------------------------------- + */ bl tftf_early_platform_setup bl tftf_plat_arch_setup +#if ENABLE_PAUTH + /* --------------------------------------------------------------------- + * Program APIAKey_EL1 and enable pointer authentication. + * --------------------------------------------------------------------- + */ + bl pauth_init_enable +#endif /* ENABLE_PAUTH */ + /* --------------------------------------------------------------------- * Jump to main function. * --------------------------------------------------------------------- diff --git a/fwu/ns_bl2u/ns_bl2u.mk b/fwu/ns_bl2u/ns_bl2u.mk index dd9e6630d..209e78b77 100644 --- a/fwu/ns_bl2u/ns_bl2u.mk +++ b/fwu/ns_bl2u/ns_bl2u.mk @@ -1,5 +1,5 @@ # -# Copyright (c) 2018, Arm Limited. All rights reserved. +# Copyright (c) 2018-2020, Arm Limited. All rights reserved. # # SPDX-License-Identifier: BSD-3-Clause # @@ -47,6 +47,12 @@ NS_BL2U_SOURCES += fwu/ns_bl2u/${ARCH}/ns_bl2u_entrypoint.S \ NS_BL2U_SOURCES += ${COMPILER_RT_SRCS} +ifeq (${ENABLE_PAUTH},1) +# ARMv8.3 Pointer Authentication support files +NS_BL2U_SOURCES += lib/extensions/pauth/aarch64/pauth.c \ + lib/extensions/pauth/aarch64/pauth_helpers.S +endif + NS_BL2U_LINKERFILE := fwu/ns_bl2u/ns_bl2u.ld.S # NS_BL2U requires accessing the flash. Force-enable it. @@ -63,4 +69,5 @@ ifeq (${ARCH},aarch32) $(eval $(call add_define,NS_BL2U_DEFINES,AARCH32)) else $(eval $(call add_define,NS_BL2U_DEFINES,AARCH64)) + $(eval $(call add_define,NS_BL2U_DEFINES,ENABLE_PAUTH)) endif diff --git a/include/lib/extensions/pauth.h b/include/lib/extensions/pauth.h index a4da00990..d072f5c57 100644 --- a/include/lib/extensions/pauth.h +++ b/include/lib/extensions/pauth.h @@ -15,6 +15,9 @@ uint128_t init_apkey(void); /* Program APIAKey_EL1 key and enable ARMv8.3-PAuth */ void pauth_init_enable(void); + +/* Disable ARMv8.3-PAuth */ +void pauth_disable(void); #endif /* __aarch64__ */ #endif /* PAUTH_H */ diff --git a/lib/extensions/pauth/aarch64/pauth_helpers.S b/lib/extensions/pauth/aarch64/pauth_helpers.S index e15cac90f..88ef9f518 100644 --- a/lib/extensions/pauth/aarch64/pauth_helpers.S +++ b/lib/extensions/pauth/aarch64/pauth_helpers.S @@ -8,6 +8,7 @@ #include <asm_macros.S> .global pauth_init_enable + .global pauth_disable /* ----------------------------------------------------------- * Program APIAKey_EL1 key and enable Pointer Authentication @@ -51,3 +52,29 @@ enable_exit: ldp x29, x30, [sp], #16 ret endfunc pauth_init_enable + +/* ----------------------------------------------------------- + * Disable pointer authentication in EL1/EL2 + * ----------------------------------------------------------- + */ +func pauth_disable + /* Detect Current Exception level */ + mrs x0, CurrentEL + cmp x0, #(MODE_EL1 << MODE_EL_SHIFT) + b.eq disable_el1 + + /* Disable EL2 pointer authentication */ + mrs x0, sctlr_el2 + bic x0, x0, #SCTLR_EnIA_BIT + msr sctlr_el2, x0 + isb + ret + + /* Disable EL1 pointer authentication */ +disable_el1: + mrs x0, sctlr_el1 + bic x0, x0, #SCTLR_EnIA_BIT + msr sctlr_el1, x0 + isb + ret +endfunc pauth_disable |