diff options
-rw-r--r-- | Makefile | 5 | ||||
-rw-r--r-- | include/arch/aarch64/arch.h | 4 | ||||
-rw-r--r-- | include/arch/aarch64/arch_features.h | 6 | ||||
-rw-r--r-- | include/arch/aarch64/arch_helpers.h | 5 | ||||
-rw-r--r-- | plat/qemu/common/qemu_stack_protector.c | 16 |
5 files changed, 32 insertions, 4 deletions
@@ -242,6 +242,9 @@ endif $(info Arm Architecture Features specified: $(subst +, ,$(arch-features))) endif # arch-features +# Determine if FEAT_RNG is supported +ENABLE_FEAT_RNG = $(if $(findstring rng,${arch-features}),1,0) + ifneq ($(findstring armclang,$(notdir $(CC))),) TF_CFLAGS_aarch32 = -target arm-arm-none-eabi $(march32-directive) TF_CFLAGS_aarch64 = -target aarch64-arm-none-eabi $(march64-directive) @@ -940,6 +943,7 @@ $(eval $(call assert_booleans,\ RAS_TRAP_LOWER_EL_ERR_ACCESS \ COT_DESC_IN_DTB \ USE_SP804_TIMER \ + ENABLE_FEAT_RNG \ ))) $(eval $(call assert_numerics,\ @@ -1030,6 +1034,7 @@ $(eval $(call add_defines,\ RAS_TRAP_LOWER_EL_ERR_ACCESS \ COT_DESC_IN_DTB \ USE_SP804_TIMER \ + ENABLE_FEAT_RNG \ ))) ifeq (${SANITIZE_UB},trap) diff --git a/include/arch/aarch64/arch.h b/include/arch/aarch64/arch.h index 09e598a2db..2cdc7b2303 100644 --- a/include/arch/aarch64/arch.h +++ b/include/arch/aarch64/arch.h @@ -193,6 +193,10 @@ #define ID_AA64DFR0_MTPMU_MASK ULL(0xf) #define ID_AA64DFR0_MTPMU_SUPPORTED ULL(1) +/* ID_AA64ISAR0_EL1 definitions */ +#define ID_AA64ISAR0_RNDR_SHIFT U(60) +#define ID_AA64ISAR0_RNDR_MASK ULL(0xf) + /* ID_AA64ISAR1_EL1 definitions */ #define ID_AA64ISAR1_EL1 S3_0_C0_C6_1 #define ID_AA64ISAR1_GPI_SHIFT U(28) diff --git a/include/arch/aarch64/arch_features.h b/include/arch/aarch64/arch_features.h index 6b5d326960..671b3dc604 100644 --- a/include/arch/aarch64/arch_features.h +++ b/include/arch/aarch64/arch_features.h @@ -76,6 +76,12 @@ static inline unsigned long int get_armv8_6_ecv_support(void) ID_AA64MMFR0_EL1_ECV_MASK); } +static inline bool is_armv8_5_rng_present(void) +{ + return ((read_id_aa64isar0_el1() >> ID_AA64ISAR0_RNDR_SHIFT) & + ID_AA64ISAR0_RNDR_MASK); +} + /* * Return MPAM version: * diff --git a/include/arch/aarch64/arch_helpers.h b/include/arch/aarch64/arch_helpers.h index 5d1bc948c8..7fafafc5a0 100644 --- a/include/arch/aarch64/arch_helpers.h +++ b/include/arch/aarch64/arch_helpers.h @@ -245,6 +245,7 @@ void disable_mmu_icache_el3(void); DEFINE_SYSREG_RW_FUNCS(par_el1) DEFINE_SYSREG_READ_FUNC(id_pfr1_el1) +DEFINE_SYSREG_READ_FUNC(id_aa64isar0_el1) DEFINE_SYSREG_READ_FUNC(id_aa64isar1_el1) DEFINE_SYSREG_READ_FUNC(id_aa64pfr0_el1) DEFINE_SYSREG_READ_FUNC(id_aa64pfr1_el1) @@ -522,6 +523,10 @@ DEFINE_RENAME_SYSREG_RW_FUNCS(tfsr_el1, TFSR_EL1) DEFINE_RENAME_SYSREG_RW_FUNCS(rgsr_el1, RGSR_EL1) DEFINE_RENAME_SYSREG_RW_FUNCS(gcr_el1, GCR_EL1) +/* Armv8.5 FEAT_RNG Registers */ +DEFINE_SYSREG_READ_FUNC(rndr) +DEFINE_SYSREG_READ_FUNC(rndrrs) + /* DynamIQ Shared Unit power management */ DEFINE_RENAME_SYSREG_RW_FUNCS(clusterpwrdn_el1, CLUSTERPWRDN_EL1) diff --git a/plat/qemu/common/qemu_stack_protector.c b/plat/qemu/common/qemu_stack_protector.c index c226158ad6..15ce3d6d2c 100644 --- a/plat/qemu/common/qemu_stack_protector.c +++ b/plat/qemu/common/qemu_stack_protector.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2021, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -7,17 +7,25 @@ #include <stdint.h> #include <arch_helpers.h> +#include <arch_features.h> #include <plat/common/platform.h> #define RANDOM_CANARY_VALUE ((u_register_t) 3288484550995823360ULL) u_register_t plat_get_stack_protector_canary(void) { +#if ENABLE_FEAT_RNG + /* Use the RNDR instruction if the CPU supports it */ + if (is_armv8_5_rng_present()) { + return read_rndr(); + } +#endif + /* - * Ideally, a random number should be returned instead of the + * Ideally, a random number should be returned above. If a random + * number generator is not supported, return instead a * combination of a timer's value and a compile-time constant. - * As the virt platform does not have any random number generator, - * this is better than nothing but not necessarily really secure. + * This is better than nothing but not necessarily really secure. */ return RANDOM_CANARY_VALUE ^ read_cntpct_el0(); } |