Add support for pointer authentication
The previous commit added the infrastructure to load and save
ARMv8.3-PAuth registers during Non-secure <-> Secure world switches, but
didn't actually enable pointer authentication in the firmware.
This patch adds the functionality needed for platforms to provide
authentication keys for the firmware, and a new option (ENABLE_PAUTH) to
enable pointer authentication in the firmware itself. This option is
disabled by default, and it requires CTX_INCLUDE_PAUTH_REGS to be
enabled.
Change-Id: I35127ec271e1198d43209044de39fa712ef202a5
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
diff --git a/lib/el3_runtime/aarch64/context.S b/lib/el3_runtime/aarch64/context.S
index f5fed72..4489e90 100644
--- a/lib/el3_runtime/aarch64/context.S
+++ b/lib/el3_runtime/aarch64/context.S
@@ -18,6 +18,9 @@
.global pauth_context_restore
.global pauth_context_save
#endif
+#if ENABLE_PAUTH
+ .global pauth_load_bl_apiakey
+#endif
.global save_gp_registers
.global restore_gp_registers
.global restore_gp_registers_eret
@@ -374,6 +377,26 @@
#endif /* CTX_INCLUDE_PAUTH_REGS */
/* -----------------------------------------------------
+ * The following function strictly follows the AArch64
+ * PCS to use x9-x17 (temporary caller-saved registers)
+ * to load the APIA key used by the firmware.
+ * -----------------------------------------------------
+ */
+#if ENABLE_PAUTH
+func pauth_load_bl_apiakey
+ /* Load instruction key A used by the Trusted Firmware. */
+ adrp x11, plat_apiakey
+ add x11, x11, :lo12:plat_apiakey
+ ldp x9, x10, [x11, #0]
+
+ msr APIAKeyLo_EL1, x9
+ msr APIAKeyHi_EL1, x10
+
+ ret
+endfunc pauth_load_bl_apiakey
+#endif /* ENABLE_PAUTH */
+
+/* -----------------------------------------------------
* The following functions are used to save and restore
* all the general purpose registers. Ideally we would
* only save and restore the callee saved registers when