Add support for pointer authentication
The previous commit added the infrastructure to load and save
ARMv8.3-PAuth registers during Non-secure <-> Secure world switches, but
didn't actually enable pointer authentication in the firmware.
This patch adds the functionality needed for platforms to provide
authentication keys for the firmware, and a new option (ENABLE_PAUTH) to
enable pointer authentication in the firmware itself. This option is
disabled by default, and it requires CTX_INCLUDE_PAUTH_REGS to be
enabled.
Change-Id: I35127ec271e1198d43209044de39fa712ef202a5
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
diff --git a/docs/user-guide.rst b/docs/user-guide.rst
index 70c1d5a..b420127 100644
--- a/docs/user-guide.rst
+++ b/docs/user-guide.rst
@@ -362,7 +362,7 @@
the ARMv8.3-PAuth registers to be included when saving and restoring the CPU
context. Note that if the hardware supports this extension and this option is
set to 0 the value of the registers will be leaked between Secure and
- Non-secure worlds. The default is 0.
+ Non-secure worlds if PAuth is used on both sides. The default is 0.
- ``DEBUG``: Chooses between a debug and release build. It can take either 0
(release) or 1 (debug) as values. 0 is the default.
@@ -411,6 +411,13 @@
partitioning in EL3, however. Platform initialisation code should configure
and use partitions in EL3 as required. This option defaults to ``0``.
+- ``ENABLE_PAUTH``: Boolean option to enable ARMv8.3 Pointer Authentication
+ (``ARMv8.3-PAuth``) support in the Trusted Firmware itself. Note that this
+ option doesn't affect the saving of the registers introduced with this
+ extension, they are always saved if they are detected regardless of the value
+ of this option. If enabled, it is needed to use a compiler that supports the
+ option ``-msign-return-address``. It defaults to 0.
+
- ``ENABLE_PIE``: Boolean option to enable Position Independent Executable(PIE)
support within generic code in TF-A. This option is currently only supported
in BL31. Default is 0.