aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSandrine Bailleux <sandrine.bailleux@arm.com>2020-05-20 08:11:13 +0000
committerTrustedFirmware Code Review <review@review.trustedfirmware.org>2020-05-20 08:11:13 +0000
commitc6ef55c541d7d26df2ffb1b32ed788d301224302 (patch)
treebc2ee835f4b07fa5c6185b8922cbe31aa98cd4a5
parentf1a1653ce17861441383ae58a3df929cb521c9d8 (diff)
parent359acf7746e70e7e0ceddc75de08c59c167e2ab6 (diff)
downloadtrusted-firmware-a-c6ef55c541d7d26df2ffb1b32ed788d301224302.tar.gz
Merge "Tegra: enable stack protection" into integration
-rw-r--r--plat/nvidia/tegra/common/tegra_common.mk5
-rw-r--r--plat/nvidia/tegra/common/tegra_stack_protector.c28
-rw-r--r--plat/nvidia/tegra/platform.mk3
3 files changed, 36 insertions, 0 deletions
diff --git a/plat/nvidia/tegra/common/tegra_common.mk b/plat/nvidia/tegra/common/tegra_common.mk
index c946a7597b..79cc03ac96 100644
--- a/plat/nvidia/tegra/common/tegra_common.mk
+++ b/plat/nvidia/tegra/common/tegra_common.mk
@@ -1,5 +1,6 @@
#
# Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2020, NVIDIA Corporation. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -32,3 +33,7 @@ BL31_SOURCES += drivers/delay_timer/delay_timer.c \
${COMMON_DIR}/tegra_platform.c \
${COMMON_DIR}/tegra_pm.c \
${COMMON_DIR}/tegra_sip_calls.c
+
+ifneq ($(ENABLE_STACK_PROTECTOR), 0)
+BL31_SOURCES += ${COMMON_DIR}/tegra_stack_protector.c
+endif
diff --git a/plat/nvidia/tegra/common/tegra_stack_protector.c b/plat/nvidia/tegra/common/tegra_stack_protector.c
new file mode 100644
index 0000000000..f6c459a8e2
--- /dev/null
+++ b/plat/nvidia/tegra/common/tegra_stack_protector.c
@@ -0,0 +1,28 @@
+/*
+ * Copyright (c) 2020, NVIDIA Corporation. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <stdint.h>
+
+#include <arch_helpers.h>
+#include <lib/mmio.h>
+#include <plat/common/platform.h>
+#include <platform_def.h>
+
+u_register_t plat_get_stack_protector_canary(void)
+{
+ u_register_t seed;
+
+ /*
+ * Ideally, a random number should be returned instead. As the
+ * platform does not have any random number generator, this is
+ * better than nothing, but not really secure.
+ */
+ seed = mmio_read_32(TEGRA_MISC_BASE + HARDWARE_REVISION_OFFSET);
+ seed <<= 32;
+ seed |= mmio_read_32(TEGRA_TMRUS_BASE);
+
+ return seed ^ read_cntpct_el0();
+}
diff --git a/plat/nvidia/tegra/platform.mk b/plat/nvidia/tegra/platform.mk
index e03e1f37b7..aedd3c6ff3 100644
--- a/plat/nvidia/tegra/platform.mk
+++ b/plat/nvidia/tegra/platform.mk
@@ -49,6 +49,9 @@ ENABLE_TEGRA_WDT_LEGACY_FIQ_HANDLING ?= 0
# Flag to allow relocation of BL32 image to TZDRAM during boot
RELOCATE_BL32_IMAGE ?= 0
+# Enable stack protection
+ENABLE_STACK_PROTECTOR := strong
+
include plat/nvidia/tegra/common/tegra_common.mk
include ${SOC_DIR}/platform_${TARGET_SOC}.mk