From d1de6b2b57d9e52c3b08c63ae4ce2d1e6703ce70 Mon Sep 17 00:00:00 2001 From: Leo Yan Date: Wed, 15 May 2024 18:29:15 +0100 Subject: [PATCH] feat(tc): enable stack protector Enable the compiler's stack protector for detecting stack overflow issues. Though TC platform can generate RNG from RSE via MHU channel, the stack protector canary is used prior to MHU channel initialization. Thus, currently here simply returns a value of the combination of a timer's value and a compile-time constant. Signed-off-by: Leo Yan Signed-off-by: Icen Zeyada Change-Id: I68fcc7782637b2b6b4dbbc81bc15df8c5ce0040b --- plat/arm/board/tc/platform.mk | 5 +++++ plat/arm/board/tc/tc_stack_protector.c | 30 ++++++++++++++++++++++++++ 2 files changed, 35 insertions(+) create mode 100644 plat/arm/board/tc/tc_stack_protector.c diff --git a/plat/arm/board/tc/platform.mk b/plat/arm/board/tc/platform.mk index 1ec7c44f5..b2b32531c 100644 --- a/plat/arm/board/tc/platform.mk +++ b/plat/arm/board/tc/platform.mk @@ -160,6 +160,11 @@ INTERCONNECT_SOURCES := ${TC_BASE}/tc_interconnect.c \ PLAT_BL_COMMON_SOURCES += ${TC_BASE}/tc_plat.c \ ${TC_BASE}/include/tc_helpers.S + +ifneq (${ENABLE_STACK_PROTECTOR},0) +PLAT_BL_COMMON_SOURCES += ${TC_BASE}/tc_stack_protector.c +endif + BL1_SOURCES += ${INTERCONNECT_SOURCES} \ ${TC_CPU_SOURCES} \ ${TC_BASE}/tc_trusted_boot.c \ diff --git a/plat/arm/board/tc/tc_stack_protector.c b/plat/arm/board/tc/tc_stack_protector.c new file mode 100644 index 000000000..89701fb6f --- /dev/null +++ b/plat/arm/board/tc/tc_stack_protector.c @@ -0,0 +1,30 @@ +/* + * Copyright (c) 2024, ARM Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include + +#include +#include + +#define RANDOM_CANARY_VALUE ((u_register_t) 3288484550995823360ULL) + +u_register_t plat_get_stack_protector_canary(void) +{ + /* + * On the Total Compute platform, it can generate RNG via MHU channel + * and communicate with RSE. But the stack protector canary function + * is needed prior to MHU channel gets ready. + * + * Since now MHU module cannot distinguish if MHU channel has been + * initialized or not, if it arbitrarily tries to send message, it will + * cause panic. For this reason, this function cannot rollback to + * dummy random number based on the MHU failure. + * + * For above reasons, simply return a value of the combination of a + * timer's value and a compile-time constant. + */ + return RANDOM_CANARY_VALUE ^ read_cntpct_el0(); +}