TFTF: Enable ARMv8.3-PAuth in FWU tests.
This patch adds ARMv8.3-PAuth support for FWU tests.
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Change-Id: I36a0a2a3870db51cda0a09bd8fd8004e2d01d2bc
diff --git a/Makefile b/Makefile
index 100e241..8f08b2f 100644
--- a/Makefile
+++ b/Makefile
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2018-2019, Arm Limited. All rights reserved.
+# Copyright (c) 2018-2020, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -225,6 +225,8 @@
ifeq (${ENABLE_PAUTH},1)
TFTF_CFLAGS += -mbranch-protection=pac-ret
+NS_BL1U_CFLAGS += -mbranch-protection=pac-ret
+NS_BL2U_CFLAGS += -mbranch-protection=pac-ret
endif
NS_BL1U_SOURCES += ${PLAT_SOURCES} ${LIBC_SRCS}
diff --git a/fwu/ns_bl1u/aarch64/ns_bl1u_entrypoint.S b/fwu/ns_bl1u/aarch64/ns_bl1u_entrypoint.S
index a2e9027..d971e4a 100644
--- a/fwu/ns_bl1u/aarch64/ns_bl1u_entrypoint.S
+++ b/fwu/ns_bl1u/aarch64/ns_bl1u_entrypoint.S
@@ -63,6 +63,14 @@
bl tftf_early_platform_setup
bl tftf_plat_arch_setup
+#if ENABLE_PAUTH
+ /* ---------------------------------------------------------------------
+ * Program APIAKey_EL1 and enable pointer authentication.
+ * ---------------------------------------------------------------------
+ */
+ bl pauth_init_enable
+#endif /* ENABLE_PAUTH */
+
/* ---------------------------------------------------------------------
* Jump to main function.
* ---------------------------------------------------------------------
diff --git a/fwu/ns_bl1u/ns_bl1u.mk b/fwu/ns_bl1u/ns_bl1u.mk
index cf2b4a8..7bdb034 100644
--- a/fwu/ns_bl1u/ns_bl1u.mk
+++ b/fwu/ns_bl1u/ns_bl1u.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2018, Arm Limited. All rights reserved.
+# Copyright (c) 2018-2020, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -15,6 +15,7 @@
-Iinclude/common/${ARCH} \
-Iinclude/lib \
-Iinclude/lib/${ARCH} \
+ -Iinclude/lib/extensions \
-Iinclude/lib/utils \
-Iinclude/lib/xlat_tables \
-Iinclude/plat/common \
@@ -51,6 +52,12 @@
NS_BL1U_SOURCES += fwu/ns_bl1u/ns_bl1u_tests.c
endif
+ifeq (${ENABLE_PAUTH},1)
+# ARMv8.3 Pointer Authentication support files
+NS_BL1U_SOURCES += lib/extensions/pauth/aarch64/pauth.c \
+ lib/extensions/pauth/aarch64/pauth_helpers.S
+endif
+
NS_BL1U_LINKERFILE := fwu/ns_bl1u/ns_bl1u.ld.S
# NS_BL1U requires accessing the flash. Force-enable it.
@@ -67,4 +74,5 @@
$(eval $(call add_define,NS_BL1U_DEFINES,AARCH32))
else
$(eval $(call add_define,NS_BL1U_DEFINES,AARCH64))
+ $(eval $(call add_define,NS_BL1U_DEFINES,ENABLE_PAUTH))
endif
diff --git a/fwu/ns_bl1u/ns_bl1u_main.c b/fwu/ns_bl1u/ns_bl1u_main.c
index 55cea90..67ae82b 100644
--- a/fwu/ns_bl1u/ns_bl1u_main.c
+++ b/fwu/ns_bl1u/ns_bl1u_main.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -14,6 +14,7 @@
#include <io_storage.h>
#include <mmio.h>
#include <nvm.h>
+#include <pauth.h>
#include <platform.h>
#include <platform_def.h>
#include <smccc.h>
@@ -211,6 +212,11 @@
}
}
+#if ENABLE_PAUTH
+ /* Disable pointer authentication before jumping to NS_BL2U */
+ pauth_disable();
+#endif
+
/*
* Clean and invalidate the caches.
* And disable the MMU before jumping to NS_BL2U.
diff --git a/fwu/ns_bl2u/aarch64/ns_bl2u_entrypoint.S b/fwu/ns_bl2u/aarch64/ns_bl2u_entrypoint.S
index 0828f5b..28d6dfa 100644
--- a/fwu/ns_bl2u/aarch64/ns_bl2u_entrypoint.S
+++ b/fwu/ns_bl2u/aarch64/ns_bl2u_entrypoint.S
@@ -48,13 +48,21 @@
bl platform_set_stack
/* ---------------------------------------------------------------------
- * Perform early platform setup & platforms specific early architectural
- * setup, e.g. MMU setup.
- * ----------------------------------------------------------------------
- */
+ * Perform early platform setup & platforms specific early architectural
+ * setup, e.g. MMU setup.
+ * ---------------------------------------------------------------------
+ */
bl tftf_early_platform_setup
bl tftf_plat_arch_setup
+#if ENABLE_PAUTH
+ /* ---------------------------------------------------------------------
+ * Program APIAKey_EL1 and enable pointer authentication.
+ * ---------------------------------------------------------------------
+ */
+ bl pauth_init_enable
+#endif /* ENABLE_PAUTH */
+
/* ---------------------------------------------------------------------
* Jump to main function.
* ---------------------------------------------------------------------
diff --git a/fwu/ns_bl2u/ns_bl2u.mk b/fwu/ns_bl2u/ns_bl2u.mk
index dd9e663..209e78b 100644
--- a/fwu/ns_bl2u/ns_bl2u.mk
+++ b/fwu/ns_bl2u/ns_bl2u.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2018, Arm Limited. All rights reserved.
+# Copyright (c) 2018-2020, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -47,6 +47,12 @@
NS_BL2U_SOURCES += ${COMPILER_RT_SRCS}
+ifeq (${ENABLE_PAUTH},1)
+# ARMv8.3 Pointer Authentication support files
+NS_BL2U_SOURCES += lib/extensions/pauth/aarch64/pauth.c \
+ lib/extensions/pauth/aarch64/pauth_helpers.S
+endif
+
NS_BL2U_LINKERFILE := fwu/ns_bl2u/ns_bl2u.ld.S
# NS_BL2U requires accessing the flash. Force-enable it.
@@ -63,4 +69,5 @@
$(eval $(call add_define,NS_BL2U_DEFINES,AARCH32))
else
$(eval $(call add_define,NS_BL2U_DEFINES,AARCH64))
+ $(eval $(call add_define,NS_BL2U_DEFINES,ENABLE_PAUTH))
endif
diff --git a/include/lib/extensions/pauth.h b/include/lib/extensions/pauth.h
index a4da009..d072f5c 100644
--- a/include/lib/extensions/pauth.h
+++ b/include/lib/extensions/pauth.h
@@ -15,6 +15,9 @@
/* Program APIAKey_EL1 key and enable ARMv8.3-PAuth */
void pauth_init_enable(void);
+
+/* Disable ARMv8.3-PAuth */
+void pauth_disable(void);
#endif /* __aarch64__ */
#endif /* PAUTH_H */
diff --git a/lib/extensions/pauth/aarch64/pauth_helpers.S b/lib/extensions/pauth/aarch64/pauth_helpers.S
index e15cac9..88ef9f5 100644
--- a/lib/extensions/pauth/aarch64/pauth_helpers.S
+++ b/lib/extensions/pauth/aarch64/pauth_helpers.S
@@ -8,6 +8,7 @@
#include <asm_macros.S>
.global pauth_init_enable
+ .global pauth_disable
/* -----------------------------------------------------------
* Program APIAKey_EL1 key and enable Pointer Authentication
@@ -51,3 +52,29 @@
ldp x29, x30, [sp], #16
ret
endfunc pauth_init_enable
+
+/* -----------------------------------------------------------
+ * Disable pointer authentication in EL1/EL2
+ * -----------------------------------------------------------
+ */
+func pauth_disable
+ /* Detect Current Exception level */
+ mrs x0, CurrentEL
+ cmp x0, #(MODE_EL1 << MODE_EL_SHIFT)
+ b.eq disable_el1
+
+ /* Disable EL2 pointer authentication */
+ mrs x0, sctlr_el2
+ bic x0, x0, #SCTLR_EnIA_BIT
+ msr sctlr_el2, x0
+ isb
+ ret
+
+ /* Disable EL1 pointer authentication */
+disable_el1:
+ mrs x0, sctlr_el1
+ bic x0, x0, #SCTLR_EnIA_BIT
+ msr sctlr_el1, x0
+ isb
+ ret
+endfunc pauth_disable