diff options
author | Antonio Nino Diaz <antonio.ninodiaz@arm.com> | 2019-01-30 20:29:50 +0000 |
---|---|---|
committer | Antonio Nino Diaz <antonio.ninodiaz@arm.com> | 2019-02-27 11:58:09 +0000 |
commit | cd7d6b0eb161c4b24f4ff19822cbb26c3f59a3f5 (patch) | |
tree | 1e0d27910f82ee85e64af16ef318db8c3ae35313 | |
parent | ff6844c3de9b34a09f358a3204264059834e2b1d (diff) | |
download | trusted-firmware-a-cd7d6b0eb161c4b24f4ff19822cbb26c3f59a3f5.tar.gz |
BL1: Enable pointer authentication support
The size increase after enabling options related to ARMv8.3-PAuth is:
+----------------------------+-------+-------+-------+--------+
| | text | bss | data | rodata |
+----------------------------+-------+-------+-------+--------+
| CTX_INCLUDE_PAUTH_REGS = 1 | +108 | +192 | +0 | +0 |
| | 0.5% | 0.8% | | |
+----------------------------+-------+-------+-------+--------+
| ENABLE_PAUTH = 1 | +748 | +192 | +16 | +0 |
| | 3.7% | 0.8% | 7.0% | |
+----------------------------+-------+-------+-------+--------+
Results calculated with the following build configuration:
make PLAT=fvp SPD=tspd DEBUG=1 \
SDEI_SUPPORT=1 \
EL3_EXCEPTION_HANDLING=1 \
TSP_NS_INTR_ASYNC_PREEMPT=1 \
CTX_INCLUDE_PAUTH_REGS=1 \
ENABLE_PAUTH=1
Change-Id: I3a7d02feb6a6d212be32a01432b0c7c1a261f567
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-rw-r--r-- | bl1/aarch32/bl1_entrypoint.S | 8 | ||||
-rw-r--r-- | bl1/aarch64/bl1_entrypoint.S | 42 | ||||
-rw-r--r-- | bl1/bl1.mk | 6 | ||||
-rw-r--r-- | bl1/bl1_main.c | 24 | ||||
-rw-r--r-- | include/bl1/bl1.h | 3 |
5 files changed, 63 insertions, 20 deletions
diff --git a/bl1/aarch32/bl1_entrypoint.S b/bl1/aarch32/bl1_entrypoint.S index 3f0cbaf4be..6a155660b6 100644 --- a/bl1/aarch32/bl1_entrypoint.S +++ b/bl1/aarch32/bl1_entrypoint.S @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016-2018, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2016-2019, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -52,12 +52,10 @@ func bl1_entrypoint _exception_vectors=bl1_vector_table /* ----------------------------------------------------- - * Perform early platform setup & platform - * specific early arch. setup e.g. mmu setup + * Perform BL1 setup * ----------------------------------------------------- */ - bl bl1_early_platform_setup - bl bl1_plat_arch_setup + bl bl1_setup /* ----------------------------------------------------- * Jump to main function. diff --git a/bl1/aarch64/bl1_entrypoint.S b/bl1/aarch64/bl1_entrypoint.S index f7e02e9740..0f8d5aaca8 100644 --- a/bl1/aarch64/bl1_entrypoint.S +++ b/bl1/aarch64/bl1_entrypoint.S @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013-2017, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -32,24 +32,42 @@ func bl1_entrypoint _init_c_runtime=1 \ _exception_vectors=bl1_exceptions - /* --------------------------------------------- - * Architectural init. can be generic e.g. - * enabling stack alignment and platform spec- - * ific e.g. MMU & page table setup as per the - * platform memory map. Perform the latter here - * and the former in bl1_main. - * --------------------------------------------- + /* -------------------------------------------------------------------- + * Perform BL1 setup + * -------------------------------------------------------------------- */ - bl bl1_early_platform_setup - bl bl1_plat_arch_setup + bl bl1_setup - /* -------------------------------------------------- + /* -------------------------------------------------------------------- + * Enable pointer authentication + * -------------------------------------------------------------------- + */ +#if ENABLE_PAUTH + mrs x0, sctlr_el3 + orr x0, x0, #SCTLR_EnIA_BIT + msr sctlr_el3, x0 + isb +#endif /* ENABLE_PAUTH */ + + /* -------------------------------------------------------------------- * Initialize platform and jump to our c-entry point * for this type of reset. - * -------------------------------------------------- + * -------------------------------------------------------------------- */ bl bl1_main + /* -------------------------------------------------------------------- + * Disable pointer authentication before jumping to BL31 or that will + * cause an authentication failure during the early platform init. + * -------------------------------------------------------------------- + */ +#if ENABLE_PAUTH + mrs x0, sctlr_el3 + bic x0, x0, #SCTLR_EnIA_BIT + msr sctlr_el3, x0 + isb +#endif /* ENABLE_PAUTH */ + /* -------------------------------------------------- * Do the transition to next boot image. * -------------------------------------------------- diff --git a/bl1/bl1.mk b/bl1/bl1.mk index ec7d7280b7..7f1a823064 100644 --- a/bl1/bl1.mk +++ b/bl1/bl1.mk @@ -1,5 +1,5 @@ # -# Copyright (c) 2013-2018, ARM Limited and Contributors. All rights reserved. +# Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved. # # SPDX-License-Identifier: BSD-3-Clause # @@ -21,6 +21,10 @@ BL1_SOURCES += lib/cpus/aarch64/dsu_helpers.S \ lib/el3_runtime/aarch64/context.S endif +ifeq (${ENABLE_PAUTH},1) +BL1_CFLAGS += -msign-return-address=non-leaf +endif + ifeq (${TRUSTED_BOARD_BOOT},1) BL1_SOURCES += bl1/bl1_fwu.c endif diff --git a/bl1/bl1_main.c b/bl1/bl1_main.c index d2c2b41735..fce14f55f0 100644 --- a/bl1/bl1_main.c +++ b/bl1/bl1_main.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013-2018, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -52,6 +52,28 @@ void bl1_calc_bl2_mem_layout(const meminfo_t *bl1_mem_layout, } /******************************************************************************* + * Setup function for BL1. + ******************************************************************************/ +void bl1_setup(void) +{ + /* Perform early platform-specific setup */ + bl1_early_platform_setup(); + +#ifdef AARCH64 + /* + * Update pointer authentication key before the MMU is enabled. It is + * saved in the rodata section, that can be writen before enabling the + * MMU. This function must be called after the console is initialized + * in the early platform setup. + */ + bl_handle_pauth(); +#endif /* AARCH64 */ + + /* Perform late platform-specific setup */ + bl1_plat_arch_setup(); +} + +/******************************************************************************* * Function to perform late architectural and platform specific initialization. * It also queries the platform to load and run next BL image. Only called * by the primary cpu after a cold boot. diff --git a/include/bl1/bl1.h b/include/bl1/bl1.h index 7b5d87572b..937b8c7e8c 100644 --- a/include/bl1/bl1.h +++ b/include/bl1/bl1.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -83,6 +83,7 @@ register_t bl1_smc_handler(unsigned int smc_fid, void bl1_print_next_bl_ep_info(const struct entry_point_info *bl_ep_info); +void bl1_setup(void); void bl1_main(void); void bl1_plat_prepare_exit(entry_point_info_t *ep_info); |