From 3768fecf8f70443a8d3a8b6e3b3a7aedfad84f57 Mon Sep 17 00:00:00 2001 From: Alexei Fedorov Date: Fri, 19 Jun 2020 14:33:49 +0100 Subject: [PATCH] TF-A: Add ARMv8.5 'bti' build option This patch adds BRANCH_PROTECTION = 4 'bti' build option which turns on branch target identification mechanism. Change-Id: I32464a6b51726a100519f449a95aea5331f0e82d Signed-off-by: Alexei Fedorov --- Makefile | 4 ++++ docs/getting_started/build-options.rst | 3 +++ 2 files changed, 7 insertions(+) diff --git a/Makefile b/Makefile index bc5604be2..160cd44cc 100644 --- a/Makefile +++ b/Makefile @@ -121,6 +121,10 @@ else ifeq (${BRANCH_PROTECTION},3) # Extend the signing to include leaf functions BP_OPTION := pac-ret+leaf ENABLE_PAUTH := 1 +else ifeq (${BRANCH_PROTECTION},4) + # Turn on branch target identification mechanism + BP_OPTION := bti + ENABLE_BTI := 1 else $(error Unknown BRANCH_PROTECTION value ${BRANCH_PROTECTION}) endif diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst index f207886fb..81903e140 100644 --- a/docs/getting_started/build-options.rst +++ b/docs/getting_started/build-options.rst @@ -88,6 +88,7 @@ Common build options - 1: Enables all types of branch protection features - 2: Return address signing to its standard level - 3: Extend the signing to include leaf functions +- 4: Turn on branch target identification mechanism The table below summarizes ``BRANCH_PROTECTION`` values, GCC compilation options and resulting PAuth/BTI features. @@ -103,6 +104,8 @@ Common build options +-------+--------------+-------+-----+ | 3 | pac-ret+leaf | Y | N | +-------+--------------+-------+-----+ + | 4 | bti | N | Y | + +-------+--------------+-------+-----+ This option defaults to 0 and this is an experimental feature. Note that Pointer Authentication is enabled for Non-secure world