TF-A: Add support for ARMv8.3-PAuth in BL1 SMC calls and BL2U

This patch adds support for ARMv8.3-PAuth in BL1 SMC calls and BL2U image for firmware updates by programming APIAKey_EL1 registers and enabling Pointer Authentication in EL3 and EL1 respectively. Change-Id: I875d952aba8242caf74fb5f4f2d2af6f0c768c08 Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
2025-05-03 09:29:57 +00:00 · 2019-10-01 13:58:23 +01:00 · 2019-10-01 13:58:23 +01:00 · 530ceda572
commit 530ceda572
parent ace23683be
4 changed files with 54 additions and 2 deletions
--- a/bl1/aarch64/bl1_exceptions.S
+++ b/bl1/aarch64/bl1_exceptions.S
@ -226,6 +226,15 @@ smc_handler:
 	 */
 	bl	save_gp_pmcr_pauth_regs
 #if ENABLE_PAUTH
 	/* -----------------------------------------------------
 	 * Load and program stored APIAKey firmware key.
 	 * Re-enable pointer authentication in EL3, as it was
 	 * disabled before jumping to the next boot image.
 	 * -----------------------------------------------------
 	 */
 	bl	pauth_load_bl1_apiakey_enable
 #endif
 	/* -----------------------------------------------------
 	 * Populate the parameters for the SMC handler. We
 	 * already have x0-x4 in place. x5 will point to a
--- a/bl1/bl1_main.c
+++ b/bl1/bl1_main.c
@ -31,6 +31,10 @@ DEFINE_SVC_UUID2(bl1_svc_uid,
 static void bl1_load_bl2(void);
 #if ENABLE_PAUTH
 uint64_t bl1_apiakey[2];
 #endif
 /*******************************************************************************
 * Helper utility to calculate the BL2 memory layout taking into consideration
 * the BL1 RW data assuming that it is at the top of the memory layout.
@ -131,6 +135,12 @@ void bl1_main(void)
 	/* Perform platform setup in BL1. */
 	bl1_platform_setup();
 #if ENABLE_PAUTH
 	/* Store APIAKey_EL1 key */
 	bl1_apiakey[0] = read_apiakeylo_el1();
 	bl1_apiakey[1] = read_apiakeyhi_el1();
 #endif /* ENABLE_PAUTH */
 	/* Get the image id of next image to load and run. */
 	image_id = bl1_plat_get_next_image_id();
--- a/bl2u/aarch64/bl2u_entrypoint.S
+++ b/bl2u/aarch64/bl2u_entrypoint.S
@ -102,6 +102,15 @@ func bl2u_entrypoint
 	bl	bl2u_early_platform_setup
 	bl	bl2u_plat_arch_setup
 #if ENABLE_PAUTH
 	/* ---------------------------------------------
 	 * Program APIAKey_EL1
 	 * and enable pointer authentication.
 	 * ---------------------------------------------
 	 */
 	bl	pauth_init_enable_el1
 #endif
 	/* ---------------------------------------------
 	 * Jump to bl2u_main function.
 	 * ---------------------------------------------
--- a/lib/extensions/pauth/pauth_helpers.S
+++ b/lib/extensions/pauth/pauth_helpers.S
@ -13,6 +13,7 @@
 	.global	pauth_init_enable_el3
 	.global	pauth_disable_el3
 	.globl	pauth_load_bl31_apiakey
 	.globl	pauth_load_bl1_apiakey_enable
 /* -------------------------------------------------------------
 * Program APIAKey_EL1 and enable pointer authentication in EL1
@ -97,9 +98,9 @@ func pauth_disable_el3
 endfunc pauth_disable_el3
 /* -------------------------------------------------------------
- * The following function strictly follows the AArch64 PCS
+ * The following functions strictly follow the AArch64 PCS
 * to use x9-x17 (temporary caller-saved registers) to load
- * the APIAKey_EL1 used by the firmware.
+ * the APIAKey_EL1 and enable pointer authentication.
 * -------------------------------------------------------------
 */
 func pauth_load_bl31_apiakey
@ -115,3 +116,26 @@ func pauth_load_bl31_apiakey
 	isb
 	ret
 endfunc pauth_load_bl31_apiakey
 func pauth_load_bl1_apiakey_enable
 	/* Load instruction key A used by the Trusted Firmware */
 	adrp	x9, bl1_apiakey
 	add	x9, x9, :lo12:bl1_apiakey
 	ldp	x10, x11, [x9]
 	/* Program instruction key A */
 	msr	APIAKeyLo_EL1, x10
 	msr	APIAKeyHi_EL1, x11
 	/* Enable pointer authentication */
 	mrs	x9, sctlr_el3
 	orr	x9, x9, #SCTLR_EnIA_BIT
 #if ENABLE_BTI
 	 /* Enable PAC branch type compatibility */
 	bic	x9, x9, #SCTLR_BT_BIT
 #endif
 	msr	sctlr_el3, x9
 	isb
 	ret
 endfunc pauth_load_bl1_apiakey_enable