|author||Antonio Nino Diaz <email@example.com>||2019-02-19 11:53:51 +0000|
|committer||Antonio Nino Diaz <firstname.lastname@example.org>||2019-02-27 11:58:09 +0000|
Add support for pointer authentication
The previous commit added the infrastructure to load and save ARMv8.3-PAuth registers during Non-secure <-> Secure world switches, but didn't actually enable pointer authentication in the firmware. This patch adds the functionality needed for platforms to provide authentication keys for the firmware, and a new option (ENABLE_PAUTH) to enable pointer authentication in the firmware itself. This option is disabled by default, and it requires CTX_INCLUDE_PAUTH_REGS to be enabled. Change-Id: I35127ec271e1198d43209044de39fa712ef202a5 Signed-off-by: Antonio Nino Diaz <email@example.com>
Diffstat (limited to 'docs/firmware-design.rst')
1 files changed, 5 insertions, 0 deletions
diff --git a/docs/firmware-design.rst b/docs/firmware-design.rst
index 808afeedb9..ead7297d9d 100644
@@ -2566,6 +2566,11 @@ Armv8.3-A
must be set to 1. This will add all pointer authentication system registers
to the context that is saved when doing a world switch.
+ The Trusted Firmware itself has support for pointer authentication at runtime
+ that can be enabled by setting both options ``ENABLE_PAUTH`` and
+ ``CTX_INCLUDE_PAUTH_REGS`` to 1. This enables pointer authentication in BL1,
+ BL2, BL31, and the TSP if it is used.