diff options
author | Varun Wadekar <vwadekar@nvidia.com> | 2020-05-16 22:10:09 -0700 |
---|---|---|
committer | Varun Wadekar <vwadekar@nvidia.com> | 2020-05-16 22:44:52 -0700 |
commit | 359acf7746e70e7e0ceddc75de08c59c167e2ab6 (patch) | |
tree | 1748124213449afab4304e6b089f5b2b19f92135 | |
parent | 1a04b2e536c2d9512188d6cd730cf4d5d84e8dcd (diff) | |
download | trusted-firmware-a-359acf7746e70e7e0ceddc75de08c59c167e2ab6.tar.gz |
Tegra: enable stack protection
This patch sets ENABLE_STACK_PROTECTOR=strong and implements
the platform support to generate a stack protection canary value.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: Ia8afe464b5645917b1c77d49305d19c7cd01866a
-rw-r--r-- | plat/nvidia/tegra/common/tegra_common.mk | 5 | ||||
-rw-r--r-- | plat/nvidia/tegra/common/tegra_stack_protector.c | 28 | ||||
-rw-r--r-- | plat/nvidia/tegra/platform.mk | 3 |
3 files changed, 36 insertions, 0 deletions
diff --git a/plat/nvidia/tegra/common/tegra_common.mk b/plat/nvidia/tegra/common/tegra_common.mk index c946a7597b..79cc03ac96 100644 --- a/plat/nvidia/tegra/common/tegra_common.mk +++ b/plat/nvidia/tegra/common/tegra_common.mk @@ -1,5 +1,6 @@ # # Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved. +# Copyright (c) 2020, NVIDIA Corporation. All rights reserved. # # SPDX-License-Identifier: BSD-3-Clause # @@ -32,3 +33,7 @@ BL31_SOURCES += drivers/delay_timer/delay_timer.c \ ${COMMON_DIR}/tegra_platform.c \ ${COMMON_DIR}/tegra_pm.c \ ${COMMON_DIR}/tegra_sip_calls.c + +ifneq ($(ENABLE_STACK_PROTECTOR), 0) +BL31_SOURCES += ${COMMON_DIR}/tegra_stack_protector.c +endif diff --git a/plat/nvidia/tegra/common/tegra_stack_protector.c b/plat/nvidia/tegra/common/tegra_stack_protector.c new file mode 100644 index 0000000000..f6c459a8e2 --- /dev/null +++ b/plat/nvidia/tegra/common/tegra_stack_protector.c @@ -0,0 +1,28 @@ +/* + * Copyright (c) 2020, NVIDIA Corporation. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include <stdint.h> + +#include <arch_helpers.h> +#include <lib/mmio.h> +#include <plat/common/platform.h> +#include <platform_def.h> + +u_register_t plat_get_stack_protector_canary(void) +{ + u_register_t seed; + + /* + * Ideally, a random number should be returned instead. As the + * platform does not have any random number generator, this is + * better than nothing, but not really secure. + */ + seed = mmio_read_32(TEGRA_MISC_BASE + HARDWARE_REVISION_OFFSET); + seed <<= 32; + seed |= mmio_read_32(TEGRA_TMRUS_BASE); + + return seed ^ read_cntpct_el0(); +} diff --git a/plat/nvidia/tegra/platform.mk b/plat/nvidia/tegra/platform.mk index e03e1f37b7..aedd3c6ff3 100644 --- a/plat/nvidia/tegra/platform.mk +++ b/plat/nvidia/tegra/platform.mk @@ -49,6 +49,9 @@ ENABLE_TEGRA_WDT_LEGACY_FIQ_HANDLING ?= 0 # Flag to allow relocation of BL32 image to TZDRAM during boot RELOCATE_BL32_IMAGE ?= 0 +# Enable stack protection +ENABLE_STACK_PROTECTOR := strong + include plat/nvidia/tegra/common/tegra_common.mk include ${SOC_DIR}/platform_${TARGET_SOC}.mk |