BL1: Enable pointer authentication support

The size increase after enabling options related to ARMv8.3-PAuth is:

+----------------------------+-------+-------+-------+--------+
|                            |  text |  bss  |  data | rodata |
+----------------------------+-------+-------+-------+--------+
| CTX_INCLUDE_PAUTH_REGS = 1 |  +108 |  +192 |   +0  |   +0   |
|                            |  0.5% |  0.8% |       |        |
+----------------------------+-------+-------+-------+--------+
| ENABLE_PAUTH = 1           |  +748 |  +192 |  +16  |   +0   |
|                            |  3.7% |  0.8% |  7.0% |        |
+----------------------------+-------+-------+-------+--------+

Results calculated with the following build configuration:

    make PLAT=fvp SPD=tspd DEBUG=1 \
    SDEI_SUPPORT=1                 \
    EL3_EXCEPTION_HANDLING=1       \
    TSP_NS_INTR_ASYNC_PREEMPT=1    \
    CTX_INCLUDE_PAUTH_REGS=1       \
    ENABLE_PAUTH=1

Change-Id: I3a7d02feb6a6d212be32a01432b0c7c1a261f567
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

diff --git a/bl1/aarch32/bl1_entrypoint.S b/bl1/aarch32/bl1_entrypoint.S
index 3f0cbaf4be9f244a156b8fd382c040d4cfe7652f..6a155660b6b3c6e740539f3e4e2a38229f575a2c 100644 (file)
--- a/bl1/aarch32/bl1_entrypoint.S
+++ b/bl1/aarch32/bl1_entrypoint.S
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2016-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2016-2019, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -52,12 +52,10 @@ func bl1_entrypoint
                _exception_vectors=bl1_vector_table
 
        /* -----------------------------------------------------
-        * Perform early platform setup & platform
-        * specific early arch. setup e.g. mmu setup
+        * Perform BL1 setup
         * -----------------------------------------------------
         */
-       bl      bl1_early_platform_setup
-       bl      bl1_plat_arch_setup
+       bl      bl1_setup
 
        /* -----------------------------------------------------
         * Jump to main function.

diff --git a/bl1/aarch64/bl1_entrypoint.S b/bl1/aarch64/bl1_entrypoint.S
index f7e02e974073400be00647d2cf369ea4fa5b6ea4..0f8d5aaca858a9f1ce250fc47d6a813171751fd5 100644 (file)
--- a/bl1/aarch64/bl1_entrypoint.S
+++ b/bl1/aarch64/bl1_entrypoint.S
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013-2017, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -32,24 +32,42 @@ func bl1_entrypoint
                _init_c_runtime=1                               \
                _exception_vectors=bl1_exceptions
 
-       /* ---------------------------------------------
-        * Architectural init. can be generic e.g.
-        * enabling stack alignment and platform spec-
-        * ific e.g. MMU & page table setup as per the
-        * platform memory map. Perform the latter here
-        * and the former in bl1_main.
-        * ---------------------------------------------
+       /* --------------------------------------------------------------------
+        * Perform BL1 setup
+        * --------------------------------------------------------------------
         */
-       bl      bl1_early_platform_setup
-       bl      bl1_plat_arch_setup
+       bl      bl1_setup
 
-       /* --------------------------------------------------
+       /* --------------------------------------------------------------------
+        * Enable pointer authentication
+        * --------------------------------------------------------------------
+        */
+#if ENABLE_PAUTH
+       mrs     x0, sctlr_el3
+       orr     x0, x0, #SCTLR_EnIA_BIT
+       msr     sctlr_el3, x0
+       isb
+#endif /* ENABLE_PAUTH */
+
+       /* --------------------------------------------------------------------
         * Initialize platform and jump to our c-entry point
         * for this type of reset.
-        * --------------------------------------------------
+        * --------------------------------------------------------------------
         */
        bl      bl1_main
 
+       /* --------------------------------------------------------------------
+        * Disable pointer authentication before jumping to BL31 or that will
+        * cause an authentication failure during the early platform init.
+        * --------------------------------------------------------------------
+        */
+#if ENABLE_PAUTH
+       mrs     x0, sctlr_el3
+       bic     x0, x0, #SCTLR_EnIA_BIT
+       msr     sctlr_el3, x0
+       isb
+#endif /* ENABLE_PAUTH */
+
        /* --------------------------------------------------
         * Do the transition to next boot image.
         * --------------------------------------------------

diff --git a/bl1/bl1.mk b/bl1/bl1.mk
index ec7d7280b798c3b230f1355e9757365fb22e1813..7f1a8230642af573e8f088d0eb976591cf8913ff 100644 (file)
--- a/bl1/bl1.mk
+++ b/bl1/bl1.mk
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2013-2018, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved.
 #
 # SPDX-License-Identifier: BSD-3-Clause
 #
@@ -21,6 +21,10 @@ BL1_SOURCES          +=      lib/cpus/aarch64/dsu_helpers.S          \
                                lib/el3_runtime/aarch64/context.S
 endif
 
+ifeq (${ENABLE_PAUTH},1)
+BL1_CFLAGS             +=      -msign-return-address=non-leaf
+endif
+
 ifeq (${TRUSTED_BOARD_BOOT},1)
 BL1_SOURCES            +=      bl1/bl1_fwu.c
 endif

diff --git a/bl1/bl1_main.c b/bl1/bl1_main.c
index d2c2b417358d26450bcf985ae3cadf810c613d2e..fce14f55f0f53d67392bf3c27ddfcb9f53c82dcf 100644 (file)
--- a/bl1/bl1_main.c
+++ b/bl1/bl1_main.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -51,6 +51,28 @@ void bl1_calc_bl2_mem_layout(const meminfo_t *bl1_mem_layout,
        flush_dcache_range((unsigned long)bl2_mem_layout, sizeof(meminfo_t));
 }
 
+/*******************************************************************************
+ * Setup function for BL1.
+ ******************************************************************************/
+void bl1_setup(void)
+{
+       /* Perform early platform-specific setup */
+       bl1_early_platform_setup();
+
+#ifdef AARCH64
+       /*
+        * Update pointer authentication key before the MMU is enabled. It is
+        * saved in the rodata section, that can be writen before enabling the
+        * MMU. This function must be called after the console is initialized
+        * in the early platform setup.
+        */
+       bl_handle_pauth();
+#endif /* AARCH64 */
+
+       /* Perform late platform-specific setup */
+       bl1_plat_arch_setup();
+}
+
 /*******************************************************************************
  * Function to perform late architectural and platform specific initialization.
  * It also queries the platform to load and run next BL image. Only called

diff --git a/include/bl1/bl1.h b/include/bl1/bl1.h
index 7b5d87572b3b7d81a1597bf64ce4b281cbce726a..937b8c7e8c12e0bde4b3bb991e22e9b5acc60500 100644 (file)
--- a/include/bl1/bl1.h
+++ b/include/bl1/bl1.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -83,6 +83,7 @@ register_t bl1_smc_handler(unsigned int smc_fid,
 
 void bl1_print_next_bl_ep_info(const struct entry_point_info *bl_ep_info);
 
+void bl1_setup(void);
 void bl1_main(void);
 void bl1_plat_prepare_exit(entry_point_info_t *ep_info);