TSP: Enable pointer authentication support

The size increase after enabling options related to ARMv8.3-PAuth is:

+----------------------------+-------+-------+-------+--------+
|                            |  text |  bss  |  data | rodata |
+----------------------------+-------+-------+-------+--------+
| CTX_INCLUDE_PAUTH_REGS = 1 |   +40 |   +0  |   +0  |   +0   |
|                            |  0.4% |       |       |        |
+----------------------------+-------+-------+-------+--------+
| ENABLE_PAUTH = 1           |  +352 |    +0 |  +16  |   +0   |
|                            |  3.1% |       | 15.8% |        |
+----------------------------+-------+-------+-------+--------+

Results calculated with the following build configuration:

    make PLAT=fvp SPD=tspd DEBUG=1 \
    SDEI_SUPPORT=1                 \
    EL3_EXCEPTION_HANDLING=1       \
    TSP_NS_INTR_ASYNC_PREEMPT=1    \
    CTX_INCLUDE_PAUTH_REGS=1       \
    ENABLE_PAUTH=1

Change-Id: I6cc1fe0b2345c547dcef66f98758c4eb55fe5ee4
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

diff --git a/bl32/tsp/aarch64/tsp_entrypoint.S b/bl32/tsp/aarch64/tsp_entrypoint.S
index 48f6981bb2190d6ba9a4df230a77ebb0e38ebf01..710b4588487b2f4517d97ba44326c74ab2c839f2 100644 (file)
--- a/bl32/tsp/aarch64/tsp_entrypoint.S
+++ b/bl32/tsp/aarch64/tsp_entrypoint.S
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -122,12 +122,21 @@ func tsp_entrypoint _align=3
 #endif
 
        /* ---------------------------------------------
-        * Perform early platform setup & platform
-        * specific early arch. setup e.g. mmu setup
+        * Perform TSP setup
         * ---------------------------------------------
         */
-       bl      tsp_early_platform_setup
-       bl      tsp_plat_arch_setup
+       bl      tsp_setup
+
+       /* ---------------------------------------------
+        * Enable pointer authentication
+        * ---------------------------------------------
+        */
+#if ENABLE_PAUTH
+       mrs     x0, sctlr_el1
+       orr     x0, x0, #SCTLR_EnIA_BIT
+       msr     sctlr_el1, x0
+       isb
+#endif /* ENABLE_PAUTH */
 
        /* ---------------------------------------------
         * Jump to main function.

diff --git a/bl32/tsp/tsp.mk b/bl32/tsp/tsp.mk
index 4ea3dfb9f1699b695e5f0cdda9576a5c9cc5580d..b1fe7ff600e930f28360019f7a5ea477cd1ac4f3 100644 (file)
--- a/bl32/tsp/tsp.mk
+++ b/bl32/tsp/tsp.mk
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2013-2016, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved.
 #
 # SPDX-License-Identifier: BSD-3-Clause
 #
@@ -17,6 +17,11 @@ BL32_SOURCES         +=      bl32/tsp/tsp_main.c                     \
 
 BL32_LINKERFILE                :=      bl32/tsp/tsp.ld.S
 
+# This flag determines whether pointer authentication is used in the TSP or not
+ifeq ($(ENABLE_PAUTH),1)
+BL32_CFLAGS            +=      -msign-return-address=non-leaf
+endif
+
 # This flag determines if the TSPD initializes BL32 in tspd_init() (synchronous
 # method) or configures BL31 to pass control to BL32 instead of BL33
 # (asynchronous method).

diff --git a/bl32/tsp/tsp_main.c b/bl32/tsp/tsp_main.c
index 407ed47881fc49dee9d46e0f4fc01eb7d19c70aa..30bf6ffc8da66e7fca6d181fb9eb2fd4dd295944 100644 (file)
--- a/bl32/tsp/tsp_main.c
+++ b/bl32/tsp/tsp_main.c
@@ -71,6 +71,26 @@ static tsp_args_t *set_smc_args(uint64_t arg0,
        return pcpu_smc_args;
 }
 
+/*******************************************************************************
+ * Setup function for TSP.
+ ******************************************************************************/
+void tsp_setup(void)
+{
+       /* Perform early platform-specific setup */
+       tsp_early_platform_setup();
+
+       /*
+        * Update pointer authentication key before the MMU is enabled. It is
+        * saved in the rodata section, that can be writen before enabling the
+        * MMU. This function must be called after the console is initialized
+        * in the early platform setup.
+        */
+       bl_handle_pauth();
+
+       /* Perform late platform-specific setup */
+       tsp_plat_arch_setup();
+}
+
 /*******************************************************************************
  * TSP main entry point where it gets the opportunity to initialize its secure
  * state/applications. Once the state is initialized, it must return to the

diff --git a/include/bl32/tsp/tsp.h b/include/bl32/tsp/tsp.h
index ed4792e5806f3322796c41fab3ec6594c7c5ec9a..18d3079e2200c7242fb153bbc45254b4dc13d0d5 100644 (file)
--- a/include/bl32/tsp/tsp.h
+++ b/include/bl32/tsp/tsp.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013-2017, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -104,6 +104,7 @@ typedef struct tsp_vectors {
        tsp_vector_isn_t abort_yield_smc_entry;
 } tsp_vectors_t;
 
+void tsp_setup(void);
 
 #endif /* __ASSEMBLY__ */