Merge changes from topic "af/add_branch_protection_makefiles"
* changes:
TFTF: Add ARMv8.5 BTI support in makefiles
TFTF: Add ARMv8.5 BTI support in xlat_tables_v2 library
TFTF: Add ARMv8.5 BTI support in assembler files
TFTF: Add ARMv8.5 BTI-related definitions
diff --git a/Makefile b/Makefile
index fea13db..a229d0a 100644
--- a/Makefile
+++ b/Makefile
@@ -149,13 +149,20 @@
################################################################################
$(eval $(call assert_boolean,DEBUG))
$(eval $(call assert_boolean,ENABLE_ASSERTIONS))
-$(eval $(call assert_boolean,ENABLE_PAUTH))
$(eval $(call assert_boolean,FIRMWARE_UPDATE))
$(eval $(call assert_boolean,FWU_BL_TEST))
$(eval $(call assert_boolean,NEW_TEST_SESSION))
$(eval $(call assert_boolean,USE_NVM))
################################################################################
+# Process build options
+################################################################################
+
+# Process BRANCH_PROTECTION value and set
+# Pointer Authentication and Branch Target Identification flags
+include branch_protection.mk
+
+################################################################################
# Add definitions to the cpp preprocessor based on the current build options.
# This is done after including the platform specific makefile to allow the
# platform to overwrite the default options
@@ -164,6 +171,7 @@
$(eval $(call add_define,TFTF_DEFINES,ARM_ARCH_MINOR))
$(eval $(call add_define,TFTF_DEFINES,DEBUG))
$(eval $(call add_define,TFTF_DEFINES,ENABLE_ASSERTIONS))
+$(eval $(call add_define,TFTF_DEFINES,ENABLE_BTI))
$(eval $(call add_define,TFTF_DEFINES,ENABLE_PAUTH))
$(eval $(call add_define,TFTF_DEFINES,LOG_LEVEL))
$(eval $(call add_define,TFTF_DEFINES,NEW_TEST_SESSION))
@@ -230,10 +238,14 @@
TFTF_ASFLAGS += ${COMMON_ASFLAGS}
TFTF_LDFLAGS += ${COMMON_LDFLAGS}
-ifeq (${ENABLE_PAUTH},1)
-TFTF_CFLAGS += -mbranch-protection=pac-ret
-NS_BL1U_CFLAGS += -mbranch-protection=pac-ret
-NS_BL2U_CFLAGS += -mbranch-protection=pac-ret
+ifneq (${BP_OPTION},none)
+TFTF_CFLAGS += -mbranch-protection=${BP_OPTION}
+NS_BL1U_CFLAGS += -mbranch-protection=${BP_OPTION}
+NS_BL2U_CFLAGS += -mbranch-protection=${BP_OPTION}
+CACTUS_MM_CFLAGS += -mbranch-protection=${BP_OPTION}
+CACTUS_CFLAGS += -mbranch-protection=${BP_OPTION}
+IVY_CFLAGS += -mbranch-protection=${BP_OPTION}
+QUARK_CFLAGS += -mbranch-protection=${BP_OPTION}
endif
#####################################################################################
diff --git a/branch_protection.mk b/branch_protection.mk
new file mode 100644
index 0000000..c16cdad
--- /dev/null
+++ b/branch_protection.mk
@@ -0,0 +1,52 @@
+#
+# Copyright (c) 2020, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+
+# Default, static values for build variables, listed in alphabetic order.
+# Dependencies between build options, if any, are handled in the top-level
+# Makefile, after this file is included. This ensures that the former is better
+# poised to handle dependencies, as all build variables would have a default
+# value by then.
+
+# Select the branch protection features to use.
+BRANCH_PROTECTION := 0
+
+# Flag to enable Branch Target Identification in the TFTF.
+# Internal flag not meant for direct setting.
+# Use BRANCH_PROTECTION to enable BTI.
+ENABLE_BTI := 0
+
+# Enable Pointer Authentication support in the TFTF.
+# Internal flag not meant for direct setting.
+# Use BRANCH_PROTECTION to enable PAUTH.
+ENABLE_PAUTH := 0
+
+# Process BRANCH_PROTECTION value and set
+# Pointer Authentication and Branch Target Identification flags
+ifeq (${BRANCH_PROTECTION},0)
+ # Default value turns off all types of branch protection
+ BP_OPTION := none
+else ifneq (${ARCH},aarch64)
+ $(error BRANCH_PROTECTION requires AArch64)
+else ifeq (${BRANCH_PROTECTION},1)
+ # Enables all types of branch protection features
+ BP_OPTION := standard
+ ENABLE_BTI := 1
+ ENABLE_PAUTH := 1
+else ifeq (${BRANCH_PROTECTION},2)
+ # Return address signing to its standard level
+ BP_OPTION := pac-ret
+ ENABLE_PAUTH := 1
+else ifeq (${BRANCH_PROTECTION},3)
+ # Extend the signing to include leaf functions
+ BP_OPTION := pac-ret+leaf
+ ENABLE_PAUTH := 1
+else ifeq (${BRANCH_PROTECTION},4)
+ # Turn on branch target identification mechanism
+ BP_OPTION := bti
+ ENABLE_BTI := 1
+else
+ $(error Unknown BRANCH_PROTECTION value ${BRANCH_PROTECTION})
+endif
diff --git a/defaults.mk b/defaults.mk
index cf90aaf..ca44b47 100644
--- a/defaults.mk
+++ b/defaults.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2018-2019, Arm Limited. All rights reserved.
+# Copyright (c) 2018-2020, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -26,9 +26,6 @@
# Build platform
DEFAULT_PLAT := fvp
-# Enable Pointer Authentication support in the TFTF
-ENABLE_PAUTH := 0
-
# Whether the Firmware Update images (i.e. NS_BL1U and NS_BL2U images) should be
# built. The platform makefile is free to override this value.
FIRMWARE_UPDATE := 0
diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst
index 95724e7..8815466 100644
--- a/docs/getting_started/build-options.rst
+++ b/docs/getting_started/build-options.rst
@@ -30,6 +30,37 @@
- ``ARM_ARCH_MINOR``: The minor version of Arm Architecture to target when
compiling TF-A Tests. Its value must be a numeric, and defaults to 0.
+- ``BRANCH_PROTECTION``: Numeric value to enable ARMv8.3 Pointer Authentication
+ (``ARMv8.3-PAuth``) and ARMv8.5 Branch Target Identification (``ARMv8.5-BTI``)
+ support in the Trusted Firmware-A Test Framework itself.
+ If enabled, it is needed to use a compiler that supports the option
+ ``-mbranch-protection`` (GCC 9 and later).
+ Selects the branch protection features to use:
+- 0: Default value turns off all types of branch protection
+- 1: Enables all types of branch protection features
+- 2: Return address signing to its standard level
+- 3: Extend the signing to include leaf functions
+- 4: Turn on branch target identification mechanism
+
+ The table below summarizes ``BRANCH_PROTECTION`` values, GCC compilation
+ options and resulting PAuth/BTI features.
+
+ +-------+--------------+-------+-----+
+ | Value | GCC option | PAuth | BTI |
+ +=======+==============+=======+=====+
+ | 0 | none | N | N |
+ +-------+--------------+-------+-----+
+ | 1 | standard | Y | Y |
+ +-------+--------------+-------+-----+
+ | 2 | pac-ret | Y | N |
+ +-------+--------------+-------+-----+
+ | 3 | pac-ret+leaf | Y | N |
+ +-------+--------------+-------+-----+
+ | 4 | bti | N | Y |
+ +-------+--------------+-------+-----+
+
+ This option defaults to 0 and this is an experimental feature.
+
- ``DEBUG``: Chooses between a debug and a release build. A debug build
typically embeds assertions checking the validity of some assumptions and its
output is more verbose. The option can take either 0 (release) or 1 (debug)
@@ -90,11 +121,6 @@
TFTF-specific Build Options
---------------------------
-- ``ENABLE_PAUTH``: Boolean option to enable ARMv8.3 Pointer Authentication
- (``ARMv8.3-PAuth``) support in the Trusted Firmware-A Test Framework itself.
- If enabled, it is needed to use a compiler that supports the option
- ``-mbranch-protection`` (GCC 9 and later). It defaults to 0.
-
- ``NEW_TEST_SESSION``: Choose whether a new test session should be started
every time or whether the framework should determine whether a previous
session was interrupted and resume it. It can take either 1 (always
diff --git a/fwu/ns_bl1u/ns_bl1u.mk b/fwu/ns_bl1u/ns_bl1u.mk
index 7e0e767..2b45b8d 100644
--- a/fwu/ns_bl1u/ns_bl1u.mk
+++ b/fwu/ns_bl1u/ns_bl1u.mk
@@ -4,6 +4,7 @@
# SPDX-License-Identifier: BSD-3-Clause
#
+include branch_protection.mk
include lib/xlat_tables_v2/xlat_tables.mk
include lib/compiler-rt/compiler-rt.mk
@@ -67,9 +68,8 @@
$(eval $(call add_define,NS_BL1U_DEFINES,ARM_ARCH_MINOR))
$(eval $(call add_define,NS_BL1U_DEFINES,DEBUG))
$(eval $(call add_define,NS_BL1U_DEFINES,ENABLE_ASSERTIONS))
+$(eval $(call add_define,NS_BL1U_DEFINES,ENABLE_BTI))
+$(eval $(call add_define,NS_BL1U_DEFINES,ENABLE_PAUTH))
$(eval $(call add_define,NS_BL1U_DEFINES,FWU_BL_TEST))
$(eval $(call add_define,NS_BL1U_DEFINES,LOG_LEVEL))
$(eval $(call add_define,NS_BL1U_DEFINES,PLAT_${PLAT}))
-ifeq (${ARCH},aarch64)
- $(eval $(call add_define,NS_BL1U_DEFINES,ENABLE_PAUTH))
-endif
diff --git a/fwu/ns_bl2u/ns_bl2u.mk b/fwu/ns_bl2u/ns_bl2u.mk
index b6e616e..0864313 100644
--- a/fwu/ns_bl2u/ns_bl2u.mk
+++ b/fwu/ns_bl2u/ns_bl2u.mk
@@ -4,6 +4,7 @@
# SPDX-License-Identifier: BSD-3-Clause
#
+include branch_protection.mk
include lib/xlat_tables_v2/xlat_tables.mk
include lib/compiler-rt/compiler-rt.mk
@@ -62,9 +63,8 @@
$(eval $(call add_define,NS_BL2U_DEFINES,ARM_ARCH_MINOR))
$(eval $(call add_define,NS_BL2U_DEFINES,DEBUG))
$(eval $(call add_define,NS_BL2U_DEFINES,ENABLE_ASSERTIONS))
+$(eval $(call add_define,NS_BL2U_DEFINES,ENABLE_BTI))
+$(eval $(call add_define,NS_BL2U_DEFINES,ENABLE_PAUTH))
$(eval $(call add_define,NS_BL2U_DEFINES,FWU_BL_TEST))
$(eval $(call add_define,NS_BL2U_DEFINES,LOG_LEVEL))
$(eval $(call add_define,NS_BL2U_DEFINES,PLAT_${PLAT}))
-ifeq (${ARCH},aarch64)
- $(eval $(call add_define,NS_BL2U_DEFINES,ENABLE_PAUTH))
-endif
diff --git a/include/common/aarch64/asm_macros.S b/include/common/aarch64/asm_macros.S
index 5298ae0..d829133 100644
--- a/include/common/aarch64/asm_macros.S
+++ b/include/common/aarch64/asm_macros.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -192,4 +192,26 @@
b \label_error
.endm
+ /*
+ * Helper macro to read system register value into x0
+ */
+ .macro read reg:req
+#if ENABLE_BTI
+ bti j
+#endif
+ mrs x0, \reg
+ ret
+ .endm
+
+ /*
+ * Helper macro to write value from x1 to system register
+ */
+ .macro write reg:req
+#if ENABLE_BTI
+ bti j
+#endif
+ msr \reg, x1
+ ret
+ .endm
+
#endif /* __ASM_MACROS_S__ */
diff --git a/include/common/asm_macros_common.S b/include/common/asm_macros_common.S
index d38dcce..1cf94f4 100644
--- a/include/common/asm_macros_common.S
+++ b/include/common/asm_macros_common.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -7,6 +7,12 @@
#ifndef __ASM_MACROS_COMMON_S__
#define __ASM_MACROS_COMMON_S__
+#include <lib/utils_def.h>
+
+#if ENABLE_BTI && !ARM_ARCH_AT_LEAST(8, 5)
+#error Branch Target Identification requires ARM_ARCH_MINOR >= 5
+#endif
+
/*
* This macro is used to create a function label and place the
* code into a separate text section based on the function name
diff --git a/include/lib/aarch64/arch.h b/include/lib/aarch64/arch.h
index 718964e..2d2a892 100644
--- a/include/lib/aarch64/arch.h
+++ b/include/lib/aarch64/arch.h
@@ -235,6 +235,11 @@
#define SSBS_UNAVAILABLE ULL(0) /* No architectural SSBS support */
+#define ID_AA64PFR1_EL1_BT_SHIFT U(0)
+#define ID_AA64PFR1_EL1_BT_MASK ULL(0xf)
+
+#define BTI_IMPLEMENTED ULL(1) /* The BTI mechanism is implemented */
+
#define ID_AA64PFR1_EL1_MTE_SHIFT U(8)
#define ID_AA64PFR1_EL1_MTE_MASK ULL(0xf)
diff --git a/include/lib/aarch64/arch_features.h b/include/lib/aarch64/arch_features.h
index fc9e8d4..15eb784 100644
--- a/include/lib/aarch64/arch_features.h
+++ b/include/lib/aarch64/arch_features.h
@@ -62,6 +62,12 @@
ID_AA64MMFR2_EL1_ST_MASK) == 1U;
}
+static inline bool is_armv8_5_bti_present(void)
+{
+ return ((read_id_aa64pfr1_el1() >> ID_AA64PFR1_EL1_BT_SHIFT) &
+ ID_AA64PFR1_EL1_BT_MASK) == BTI_IMPLEMENTED;
+}
+
static inline unsigned int get_armv8_5_mte_support(void)
{
return ((read_id_aa64pfr1_el1() >> ID_AA64PFR1_EL1_MTE_SHIFT) &
diff --git a/include/lib/xlat_tables/xlat_tables_defs.h b/include/lib/xlat_tables/xlat_tables_defs.h
index 8a5ce53..1fd3c83 100644
--- a/include/lib/xlat_tables/xlat_tables_defs.h
+++ b/include/lib/xlat_tables/xlat_tables_defs.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2020, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -62,6 +62,11 @@
#define OSH (U(0x2) << 6)
#define ISH (U(0x3) << 6)
+#ifdef __aarch64__
+/* Guarded Page bit */
+#define GP (ULL(1) << 50)
+#endif
+
#define TABLE_ADDR_MASK ULL(0x0000FFFFFFFFF000)
/*
diff --git a/lib/aarch64/cache_helpers.S b/lib/aarch64/cache_helpers.S
index 9c40b9d..de9c8e4 100644
--- a/lib/aarch64/cache_helpers.S
+++ b/lib/aarch64/cache_helpers.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2014, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2020, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -30,7 +30,7 @@
dc \op, x0
add x0, x0, x2
cmp x0, x1
- b.lo loop_\op
+ b.lo loop_\op
dsb sy
exit_loop_\op:
ret
@@ -91,6 +91,9 @@
cbz x3, exit
adr x14, dcsw_loop_table // compute inner loop address
add x14, x14, x0, lsl #5 // inner loop is 8x32-bit instructions
+#if ENABLE_BTI
+ add x14, x14, x0, lsl #2 // inner loop is + "bti j" instruction
+#endif
mov x0, x9
mov w8, #1
loop1:
@@ -116,6 +119,9 @@
br x14 // jump to DC operation specific loop
.macro dcsw_loop _op
+#if ENABLE_BTI
+ bti j
+#endif
loop2_\_op:
lsl w7, w6, w2 // w7 = aligned max set number
@@ -134,7 +140,7 @@
level_done:
add x10, x10, #2 // increment cache number
cmp x3, x10
- b.hi loop1
+ b.hi loop1
msr csselr_el1, xzr // select cache level 0 in csselr
dsb sy // barrier to complete final cache operation
isb
diff --git a/lib/extensions/amu/aarch64/amu_helpers.S b/lib/extensions/amu/aarch64/amu_helpers.S
index 862a713..061f3fd 100644
--- a/lib/extensions/amu/aarch64/amu_helpers.S
+++ b/lib/extensions/amu/aarch64/amu_helpers.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017, Arm Limited. All rights reserved.
+ * Copyright (c) 2017-2020, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -18,35 +18,29 @@
* and return it in `x0`.
*/
func amu_group0_cnt_read_internal
+ adr x1, 1f
#if ENABLE_ASSERTIONS
/*
* It can be dangerous to call this function with an
* out of bounds index. Ensure `idx` is valid.
*/
- mov x1, x0
- lsr x1, x1, #2
- cmp x1, #0
+ tst x0, #~3
ASM_ASSERT(eq)
#endif
-
/*
* Given `idx` calculate address of mrs/ret instruction pair
* in the table below.
*/
- adr x1, 1f
- lsl x0, x0, #3 /* each mrs/ret sequence is 8 bytes */
- add x1, x1, x0
+ add x1, x1, x0, lsl #3 /* each mrs/ret sequence is 8 bytes */
+#if ENABLE_BTI
+ add x1, x1, x0, lsl #2 /* + "bti j" instruction */
+#endif
br x1
-1:
- mrs x0, AMEVCNTR00_EL0 /* index 0 */
- ret
- mrs x0, AMEVCNTR01_EL0 /* index 1 */
- ret
- mrs x0, AMEVCNTR02_EL0 /* index 2 */
- ret
- mrs x0, AMEVCNTR03_EL0 /* index 3 */
- ret
+1: read AMEVCNTR00_EL0 /* index 0 */
+ read AMEVCNTR01_EL0 /* index 1 */
+ read AMEVCNTR02_EL0 /* index 2 */
+ read AMEVCNTR03_EL0 /* index 3 */
endfunc amu_group0_cnt_read_internal
/*
@@ -56,57 +50,39 @@
* and return it in `x0`.
*/
func amu_group1_cnt_read_internal
+ adr x1, 1f
#if ENABLE_ASSERTIONS
/*
* It can be dangerous to call this function with an
* out of bounds index. Ensure `idx` is valid.
*/
- mov x1, x0
- lsr x1, x1, #4
- cmp x1, #0
+ tst x0, #~0xF
ASM_ASSERT(eq)
#endif
-
/*
* Given `idx` calculate address of mrs/ret instruction pair
* in the table below.
*/
- adr x1, 1f
- lsl x0, x0, #3 /* each mrs/ret sequence is 8 bytes */
- add x1, x1, x0
+ add x1, x1, x0, lsl #3 /* each mrs/ret sequence is 8 bytes */
+#if ENABLE_BTI
+ add x1, x1, x0, lsl #2 /* + "bti j" instruction */
+#endif
br x1
-1:
- mrs x0, AMEVCNTR10_EL0 /* index 0 */
- ret
- mrs x0, AMEVCNTR11_EL0 /* index 1 */
- ret
- mrs x0, AMEVCNTR12_EL0 /* index 2 */
- ret
- mrs x0, AMEVCNTR13_EL0 /* index 3 */
- ret
- mrs x0, AMEVCNTR14_EL0 /* index 4 */
- ret
- mrs x0, AMEVCNTR15_EL0 /* index 5 */
- ret
- mrs x0, AMEVCNTR16_EL0 /* index 6 */
- ret
- mrs x0, AMEVCNTR17_EL0 /* index 7 */
- ret
- mrs x0, AMEVCNTR18_EL0 /* index 8 */
- ret
- mrs x0, AMEVCNTR19_EL0 /* index 9 */
- ret
- mrs x0, AMEVCNTR1A_EL0 /* index 10 */
- ret
- mrs x0, AMEVCNTR1B_EL0 /* index 11 */
- ret
- mrs x0, AMEVCNTR1C_EL0 /* index 12 */
- ret
- mrs x0, AMEVCNTR1D_EL0 /* index 13 */
- ret
- mrs x0, AMEVCNTR1E_EL0 /* index 14 */
- ret
- mrs x0, AMEVCNTR1F_EL0 /* index 15 */
- ret
+1: read AMEVCNTR10_EL0 /* index 0 */
+ read AMEVCNTR11_EL0 /* index 1 */
+ read AMEVCNTR12_EL0 /* index 2 */
+ read AMEVCNTR13_EL0 /* index 3 */
+ read AMEVCNTR14_EL0 /* index 4 */
+ read AMEVCNTR15_EL0 /* index 5 */
+ read AMEVCNTR16_EL0 /* index 6 */
+ read AMEVCNTR17_EL0 /* index 7 */
+ read AMEVCNTR18_EL0 /* index 8 */
+ read AMEVCNTR19_EL0 /* index 9 */
+ read AMEVCNTR1A_EL0 /* index 10 */
+ read AMEVCNTR1B_EL0 /* index 11 */
+ read AMEVCNTR1C_EL0 /* index 12 */
+ read AMEVCNTR1D_EL0 /* index 13 */
+ read AMEVCNTR1E_EL0 /* index 14 */
+ read AMEVCNTR1F_EL0 /* index 15 */
endfunc amu_group1_cnt_read_internal
diff --git a/lib/xlat_tables_v2/xlat_tables_core.c b/lib/xlat_tables_v2/xlat_tables_core.c
index 933b17a..c3dd445 100644
--- a/lib/xlat_tables_v2/xlat_tables_core.c
+++ b/lib/xlat_tables_v2/xlat_tables_core.c
@@ -1,9 +1,10 @@
/*
- * Copyright (c) 2017-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2020, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
+#include <arch_features.h>
#include <arch_helpers.h>
#include <assert.h>
#include <debug.h>
@@ -193,6 +194,15 @@
if (mem_type == MT_MEMORY) {
desc |= LOWER_ATTRS(ATTR_IWBWA_OWBWA_NTR_INDEX | ISH);
+#if ENABLE_BTI
+ /* Check if Branch Target Identification is implemented */
+ if (is_armv8_5_bti_present() &&
+ ((attr & (MT_TYPE_MASK | MT_RW |
+ MT_EXECUTE_NEVER)) == MT_CODE)) {
+ /* Set GP bit for block and page code entries */
+ desc |= GP;
+ }
+#endif
} else {
assert(mem_type == MT_NON_CACHEABLE);
desc |= LOWER_ATTRS(ATTR_NON_CACHEABLE_INDEX | OSH);
diff --git a/lib/xlat_tables_v2/xlat_tables_utils.c b/lib/xlat_tables_v2/xlat_tables_utils.c
index 41c01ae..168d492 100644
--- a/lib/xlat_tables_v2/xlat_tables_utils.c
+++ b/lib/xlat_tables_v2/xlat_tables_utils.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2020, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -94,6 +94,13 @@
}
printf(((LOWER_ATTRS(NS) & desc) != 0ULL) ? "-NS" : "-S");
+
+#ifdef __aarch64__
+ /* Check Guarded Page bit */
+ if ((desc & GP) != 0ULL) {
+ printf("-GP");
+ }
+#endif
}
static const char * const level_spacers[] = {
diff --git a/spm/cactus/cactus.mk b/spm/cactus/cactus.mk
index d98cd2a..60f6974 100644
--- a/spm/cactus/cactus.mk
+++ b/spm/cactus/cactus.mk
@@ -4,6 +4,7 @@
# SPDX-License-Identifier: BSD-3-Clause
#
+include branch_protection.mk
include lib/xlat_tables_v2/xlat_tables.mk
CACTUS_DTB := $(BUILD_PLAT)/cactus.dtb
@@ -53,11 +54,15 @@
CACTUS_DEFINES :=
+$(eval $(call add_define,CACTUS_DEFINES,ARM_ARCH_MAJOR))
+$(eval $(call add_define,CACTUS_DEFINES,ARM_ARCH_MINOR))
$(eval $(call add_define,CACTUS_DEFINES,DEBUG))
+$(eval $(call add_define,CACTUS_DEFINES,ENABLE_ASSERTIONS))
+$(eval $(call add_define,CACTUS_DEFINES,ENABLE_BTI))
+$(eval $(call add_define,CACTUS_DEFINES,ENABLE_PAUTH))
$(eval $(call add_define,CACTUS_DEFINES,FVP_CLUSTER_COUNT))
$(eval $(call add_define,CACTUS_DEFINES,FVP_MAX_CPUS_PER_CLUSTER))
$(eval $(call add_define,CACTUS_DEFINES,FVP_MAX_PE_PER_CPU))
-$(eval $(call add_define,CACTUS_DEFINES,ENABLE_ASSERTIONS))
$(eval $(call add_define,CACTUS_DEFINES,LOG_LEVEL))
$(eval $(call add_define,CACTUS_DEFINES,PLAT_${PLAT}))
diff --git a/spm/cactus_mm/cactus_mm.mk b/spm/cactus_mm/cactus_mm.mk
index 6d69061..3156c1c 100644
--- a/spm/cactus_mm/cactus_mm.mk
+++ b/spm/cactus_mm/cactus_mm.mk
@@ -4,6 +4,8 @@
# SPDX-License-Identifier: BSD-3-Clause
#
+include branch_protection.mk
+
CACTUS_MM_INCLUDES := \
-Iinclude \
-Iinclude/common \
@@ -52,7 +54,11 @@
# that is done.
CACTUS_MM_DEFINES += -DENABLE_ASSERTIONS=0
+$(eval $(call add_define,CACTUS_MM_DEFINES,ARM_ARCH_MAJOR))
+$(eval $(call add_define,CACTUS_MM_DEFINES,ARM_ARCH_MINOR))
$(eval $(call add_define,CACTUS_MM_DEFINES,DEBUG))
+$(eval $(call add_define,CACTUS_MM_DEFINES,ENABLE_BTI))
+$(eval $(call add_define,CACTUS_MM_DEFINES,ENABLE_PAUTH))
$(eval $(call add_define,CACTUS_MM_DEFINES,FVP_CLUSTER_COUNT))
$(eval $(call add_define,CACTUS_MM_DEFINES,FVP_MAX_CPUS_PER_CLUSTER))
$(eval $(call add_define,CACTUS_MM_DEFINES,FVP_MAX_PE_PER_CPU))
diff --git a/spm/ivy/ivy.mk b/spm/ivy/ivy.mk
index afc89f4..a500049 100644
--- a/spm/ivy/ivy.mk
+++ b/spm/ivy/ivy.mk
@@ -4,6 +4,7 @@
# SPDX-License-Identifier: BSD-3-Clause
#
+include branch_protection.mk
include lib/sprt/sprt_client.mk
IVY_DTB := $(BUILD_PLAT)/ivy.dtb
@@ -50,8 +51,12 @@
IVY_DEFINES :=
+$(eval $(call add_define,IVY_DEFINES,ARM_ARCH_MAJOR))
+$(eval $(call add_define,IVY_DEFINES,ARM_ARCH_MINOR))
$(eval $(call add_define,IVY_DEFINES,DEBUG))
$(eval $(call add_define,IVY_DEFINES,ENABLE_ASSERTIONS))
+$(eval $(call add_define,IVY_DEFINES,ENABLE_BTI))
+$(eval $(call add_define,IVY_DEFINES,ENABLE_PAUTH))
$(eval $(call add_define,IVY_DEFINES,FVP_CLUSTER_COUNT))
$(eval $(call add_define,IVY_DEFINES,FVP_MAX_CPUS_PER_CLUSTER))
$(eval $(call add_define,IVY_DEFINES,FVP_MAX_PE_PER_CPU))
diff --git a/spm/quark/quark.mk b/spm/quark/quark.mk
index ec4a3ed..0fe1646 100644
--- a/spm/quark/quark.mk
+++ b/spm/quark/quark.mk
@@ -4,6 +4,7 @@
# SPDX-License-Identifier: BSD-3-Clause
#
+include branch_protection.mk
include lib/sprt/sprt_client.mk
QUARK_DTB := $(BUILD_PLAT)/quark.dtb
@@ -47,8 +48,12 @@
QUARK_DEFINES :=
+$(eval $(call add_define,QUARK_DEFINES,ARM_ARCH_MAJOR))
+$(eval $(call add_define,QUARK_DEFINES,ARM_ARCH_MINOR))
$(eval $(call add_define,QUARK_DEFINES,DEBUG))
$(eval $(call add_define,QUARK_DEFINES,ENABLE_ASSERTIONS))
+$(eval $(call add_define,QUARK_DEFINES,ENABLE_BTI))
+$(eval $(call add_define,QUARK_DEFINES,ENABLE_PAUTH))
$(eval $(call add_define,QUARK_DEFINES,FVP_CLUSTER_COUNT))
$(eval $(call add_define,QUARK_DEFINES,FVP_MAX_CPUS_PER_CLUSTER))
$(eval $(call add_define,QUARK_DEFINES,FVP_MAX_PE_PER_CPU))