TF-A Tests: Enable PAuth on warm boot path
This patch provides the following features and makes
modifications listed below:
- `plat_init_apiakey()` function is replaced with `init_apkey()`
which returns 128-bit value and uses Generic timer physical counter
value to increase the randomness of the generated key.
The new function can be used for generation of all ARMv8.3-PAuth keys.
- Source file `pauth.c` moved from `plat/common/aarch64`
to `lib/extensions/pauth/aarch64` folder which contains PAuth specific
code.
- Individual APIAKey key generation for each CPU on every warm boot.
- Per-CPU storage of APIAKey added in `tftf_suspend_context` structure.
- APIAKey key is saved/restored in arch context on entry/exit from
suspended state.
- Added `pauth_init_enable()` function which generates, programs
and enables APIAKey in EL1/EL2.
- Changes in documentation related to ARMv8.3-PAuth support.
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Change-Id: I964b8f964bb541cbb0b2f772cb0b07aed055fe36
diff --git a/tftf/framework/main.c b/tftf/framework/main.c
index e84e450..a2e84b7 100644
--- a/tftf/framework/main.c
+++ b/tftf/framework/main.c
@@ -12,6 +12,7 @@
#include <irq.h>
#include <mmio.h>
#include <nvm.h>
+#include <pauth.h>
#include <plat_topology.h>
#include <platform.h>
#include <platform_def.h>
@@ -528,19 +529,12 @@
#if ENABLE_PAUTH
assert(is_armv8_3_pauth_apa_api_present());
- uint64_t *apiakey = plat_init_apiakey();
-
- write_apiakeylo_el1(apiakey[0]);
- write_apiakeyhi_el1(apiakey[1]);
-
- if (IS_IN_EL2()) {
- write_sctlr_el2(read_sctlr_el2() | SCTLR_EnIA_BIT);
- } else {
- assert(IS_IN_EL1());
- write_sctlr_el1(read_sctlr_el1() | SCTLR_EnIA_BIT);
- }
-
- isb();
+ /*
+ * Program APIAKey_EL1 key and enable ARMv8.3-PAuth here as this
+ * function doesn't return, and RETAA instuction won't be executed,
+ * what would cause translation fault otherwise.
+ */
+ pauth_init_enable();
#endif /* ENABLE_PAUTH */
tftf_platform_setup();