BL31: Enable pointer authentication support

The size increase after enabling options related to ARMv8.3-PAuth is: +----------------------------+-------+-------+-------+--------+ | | text | bss | data | rodata | +----------------------------+-------+-------+-------+--------+ | CTX_INCLUDE_PAUTH_REGS = 1 | +192 | +1536 | +0 | +0 | | | 0.3% | 3.1% | | | +----------------------------+-------+-------+-------+--------+ | ENABLE_PAUTH = 1 | +1848 | +1536 | +16 | +0 | | | 3.3% | 3.1% | 3.1% | | +----------------------------+-------+-------+-------+--------+ Results calculated with the following build configuration: make PLAT=fvp SPD=tspd DEBUG=1 \ SDEI_SUPPORT=1 \ EL3_EXCEPTION_HANDLING=1 \ TSP_NS_INTR_ASYNC_PREEMPT=1 \ CTX_INCLUDE_PAUTH_REGS=1 \ ENABLE_PAUTH=1 Change-Id: I43db7e509a4f39da6599ec2faa690d197573ec1b Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2025-04-16 09:34:18 +00:00 · 2019-01-31 11:01:26 +00:00 · 2019-01-31 11:01:26 +00:00 · 88cfd9a604
commit 88cfd9a604
parent dcbfa11bd9
4 changed files with 48 additions and 11 deletions
--- a/bl31/aarch64/bl31_entrypoint.S
+++ b/bl31/aarch64/bl31_entrypoint.S
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */
@ -87,29 +87,39 @@ func bl31_entrypoint
 	bl	fixup_gdt_reloc
 #endif /* ENABLE_PIE */

-	/* ---------------------------------------------
-	 * Perform platform specific early arch. setup
-	 * ---------------------------------------------
+	/* --------------------------------------------------------------------
+	 * Perform BL31 setup
+	 * --------------------------------------------------------------------
 	 */
 	mov	x0, x20
 	mov	x1, x21
 	mov	x2, x22
 	mov	x3, x23
-	bl	bl31_early_platform_setup2
-	bl	bl31_plat_arch_setup
+	bl	bl31_setup

-	/* ---------------------------------------------
+	/* --------------------------------------------------------------------
+	 * Enable pointer authentication
+	 * --------------------------------------------------------------------
+	 */
+#if ENABLE_PAUTH
+	mrs	x0, sctlr_el3
+	orr	x0, x0, #SCTLR_EnIA_BIT
+	msr	sctlr_el3, x0
+	isb
+#endif /* ENABLE_PAUTH */
+
+	/* --------------------------------------------------------------------
 	 * Jump to main function.
-	 * ---------------------------------------------
+	 * --------------------------------------------------------------------
 	 */
 	bl	bl31_main

-	/* -------------------------------------------------------------
+	/* --------------------------------------------------------------------
 	 * Clean the .data & .bss sections to main memory. This ensures
 	 * that any global data which was initialised by the primary CPU
 	 * is visible to secondary CPUs before they enable their data
 	 * caches and participate in coherency.
-	 * -------------------------------------------------------------
+	 * --------------------------------------------------------------------
 	 */
 	adr	x0, __DATA_START__
 	adr	x1, __DATA_END__
--- a/bl31/bl31.mk
+++ b/bl31/bl31.mk
@ -75,6 +75,10 @@ ifeq (${ENABLE_MPAM_FOR_LOWER_ELS},1)
 BL31_SOURCES		+=	lib/extensions/mpam/mpam.c
 endif

+ifeq (${ENABLE_PAUTH},1)
+BL31_CFLAGS		+=	-msign-return-address=non-leaf
+endif
+
 ifeq (${WORKAROUND_CVE_2017_5715},1)
 BL31_SOURCES		+=	lib/cpus/aarch64/wa_cve_2017_5715_bpiall.S	\
 				lib/cpus/aarch64/wa_cve_2017_5715_mmu.S
--- a/bl31/bl31_main.c
+++ b/bl31/bl31_main.c
@ -63,6 +63,27 @@ void __init bl31_lib_init(void)
 	cm_init();
 }

+/*******************************************************************************
+ * Setup function for BL31.
+ ******************************************************************************/
+void bl31_setup(u_register_t arg0, u_register_t arg1, u_register_t arg2,
+		u_register_t arg3)
+{
+	/* Perform early platform-specific setup */
+	bl31_early_platform_setup2(arg0, arg1, arg2, arg3);
+
+	/*
+	 * Update pointer authentication key before the MMU is enabled. It is
+	 * saved in the rodata section, that can be writen before enabling the
+	 * MMU. This function must be called after the console is initialized
+	 * in the early platform setup.
+	 */
+	bl_handle_pauth();
+
+	/* Perform late platform-specific setup */
+	bl31_plat_arch_setup();
+}
+
 /*******************************************************************************
 * BL31 is responsible for setting up the runtime services for the primary cpu
 * before passing control to the bootloader or an Operating System. This
--- a/include/bl31/bl31.h
+++ b/include/bl31/bl31.h
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */
@ -12,6 +12,8 @@
 /*******************************************************************************
 * Function prototypes
 ******************************************************************************/
+void bl31_setup(u_register_t arg0, u_register_t arg1, u_register_t arg2,
+		u_register_t arg3);
 void bl31_next_el_arch_setup(uint32_t security_state);
 void bl31_set_next_image_type(uint32_t security_state);
 uint32_t bl31_get_next_image_type(void);