TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TF-A / tf-a-tests / 719714f1895399e6d64049bed3b03c2597d95402^! / . / lib / extensions / pauth / aarch64 / pauth_helpers.S
commit719714f1895399e6d64049bed3b03c2597d95402[log] [tgz]
authorAlexei Fedorov <Alexei.Fedorov@arm.com>Thu Oct 03 10:57:53 2019 +0100
committerAlexei Fedorov <Alexei.Fedorov@arm.com>Fri Oct 04 14:20:21 2019 +0100
treeeb40c8e9ffd2dae7a99f42a8a72254c6152a85f3
parente73248e004d971adb6259000d463c929f756a345 [diff] [blame]
TF-A Tests: Enable PAuth on warm boot path

This patch provides the following features and makes
modifications listed below:
- `plat_init_apiakey()` function is replaced with `init_apkey()`
  which returns 128-bit value and uses Generic timer physical counter
  value to increase the randomness of the generated key.
  The new function can be used for generation of all ARMv8.3-PAuth keys.
- Source file `pauth.c` moved from `plat/common/aarch64`
  to `lib/extensions/pauth/aarch64` folder which contains PAuth specific
  code.
- Individual APIAKey key generation for each CPU on every warm boot.
- Per-CPU storage of APIAKey added in `tftf_suspend_context` structure.
- APIAKey key is saved/restored in arch context on entry/exit from
  suspended state.
- Added `pauth_init_enable()` function which generates, programs
  and enables APIAKey in EL1/EL2.
- Changes in documentation related to ARMv8.3-PAuth support.

Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Change-Id: I964b8f964bb541cbb0b2f772cb0b07aed055fe36

diff --git a/lib/extensions/pauth/aarch64/pauth_helpers.S b/lib/extensions/pauth/aarch64/pauth_helpers.S
new file mode 100644
index 0000000..e15cac9
--- /dev/null
+++ b/lib/extensions/pauth/aarch64/pauth_helpers.S

@@ -0,0 +1,53 @@
+/*
+ * Copyright (c) 2019, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <arch.h>
+#include <asm_macros.S>
+
+	.global	pauth_init_enable
+
+/* -----------------------------------------------------------
+ * Program APIAKey_EL1 key and enable Pointer Authentication
+ * of instruction addresses in the current translation regime
+ * for the calling CPU.
+ * -----------------------------------------------------------
+ */
+func pauth_init_enable
+	stp	x29, x30, [sp, #-16]!
+
+	/* Initialize platform key */
+	bl	init_apkey
+
+	/*
+	 * Program instruction key A used by
+	 * the Trusted Firmware Test Framework
+	 */
+	msr	APIAKeyLo_EL1, x0
+	msr	APIAKeyHi_EL1, x1
+
+	/* Detect Current Exception level */
+	mrs	x0, CurrentEL
+	cmp	x0, #(MODE_EL1 << MODE_EL_SHIFT)
+	b.eq	enable_el1
+
+	/* Enable EL2 pointer authentication */
+	mrs	x0, sctlr_el2
+	orr	x0, x0, #SCTLR_EnIA_BIT
+	msr	sctlr_el2, x0
+	b	enable_exit
+
+	/* Enable EL1 pointer authentication */
+enable_el1:
+	mrs	x0, sctlr_el1
+	orr	x0, x0, #SCTLR_EnIA_BIT
+	msr	sctlr_el1, x0
+
+enable_exit:
+	isb
+
+	ldp	x29, x30, [sp], #16
+	ret
+endfunc pauth_init_enable