TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TF-A / tf-a-tests / 7fac162cd9439783ef60aaf266d22ad454445ace^! / . / branch_protection.mk
commit7fac162cd9439783ef60aaf266d22ad454445ace[log] [tgz]
authorAlexei Fedorov <Alexei.Fedorov@arm.com>Fri Jun 19 14:25:43 2020 +0100
committerAlexei Fedorov <Alexei.Fedorov@arm.com>Tue Aug 18 14:52:49 2020 +0000
tree0696ee3d15d1e4fcdfe3f1172f0c2c3dddc06ada
parentd6fdb6b10147038d99643a7547821c3cff76ce76 [diff] [blame]
TFTF: Add ARMv8.5 BTI support in makefiles

This patch adds 'BRANCH_PROTECTION' build option in
TFTF makefiles which corresponds to that in TF-A.
The option values are documented in 'build-options.rst'

Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Change-Id: Iad5083aee339cec574acf5e7ab1fd8142877a122

diff --git a/branch_protection.mk b/branch_protection.mk
new file mode 100644
index 0000000..c16cdad
--- /dev/null
+++ b/branch_protection.mk

@@ -0,0 +1,52 @@
+#
+# Copyright (c) 2020, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+
+# Default, static values for build variables, listed in alphabetic order.
+# Dependencies between build options, if any, are handled in the top-level
+# Makefile, after this file is included. This ensures that the former is better
+# poised to handle dependencies, as all build variables would have a default
+# value by then.
+
+# Select the branch protection features to use.
+BRANCH_PROTECTION	:= 0
+
+# Flag to enable Branch Target Identification in the TFTF.
+# Internal flag not meant for direct setting.
+# Use BRANCH_PROTECTION to enable BTI.
+ENABLE_BTI		:= 0
+
+# Enable Pointer Authentication support in the TFTF.
+# Internal flag not meant for direct setting.
+# Use BRANCH_PROTECTION to enable PAUTH.
+ENABLE_PAUTH		:= 0
+
+# Process BRANCH_PROTECTION value and set
+# Pointer Authentication and Branch Target Identification flags
+ifeq (${BRANCH_PROTECTION},0)
+	# Default value turns off all types of branch protection
+	BP_OPTION := none
+else ifneq (${ARCH},aarch64)
+        $(error BRANCH_PROTECTION requires AArch64)
+else ifeq (${BRANCH_PROTECTION},1)
+	# Enables all types of branch protection features
+	BP_OPTION := standard
+	ENABLE_BTI := 1
+	ENABLE_PAUTH := 1
+else ifeq (${BRANCH_PROTECTION},2)
+	# Return address signing to its standard level
+	BP_OPTION := pac-ret
+	ENABLE_PAUTH := 1
+else ifeq (${BRANCH_PROTECTION},3)
+	# Extend the signing to include leaf functions
+	BP_OPTION := pac-ret+leaf
+	ENABLE_PAUTH := 1
+else ifeq (${BRANCH_PROTECTION},4)
+	# Turn on branch target identification mechanism
+	BP_OPTION := bti
+	ENABLE_BTI := 1
+else
+        $(error Unknown BRANCH_PROTECTION value ${BRANCH_PROTECTION})
+endif