TSP: Enable pointer authentication support

The size increase after enabling options related to ARMv8.3-PAuth is: +----------------------------+-------+-------+-------+--------+ | | text | bss | data | rodata | +----------------------------+-------+-------+-------+--------+ | CTX_INCLUDE_PAUTH_REGS = 1 | +40 | +0 | +0 | +0 | | | 0.4% | | | | +----------------------------+-------+-------+-------+--------+ | ENABLE_PAUTH = 1 | +352 | +0 | +16 | +0 | | | 3.1% | | 15.8% | | +----------------------------+-------+-------+-------+--------+ Results calculated with the following build configuration: make PLAT=fvp SPD=tspd DEBUG=1 \ SDEI_SUPPORT=1 \ EL3_EXCEPTION_HANDLING=1 \ TSP_NS_INTR_ASYNC_PREEMPT=1 \ CTX_INCLUDE_PAUTH_REGS=1 \ ENABLE_PAUTH=1 Change-Id: I6cc1fe0b2345c547dcef66f98758c4eb55fe5ee4 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2019-02-26 11:41:03 +00:00 · 2019-02-26 11:41:03 +00:00 · 67b6ff9f8c
parent 88cfd9a604
commit 67b6ff9f8c
4 changed files with 42 additions and 7 deletions
--- a/bl32/tsp/aarch64/tsp_entrypoint.S
+++ b/bl32/tsp/aarch64/tsp_entrypoint.S
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */
@ -122,12 +122,21 @@ func tsp_entrypoint _align=3
 #endif

 	/* ---------------------------------------------
-	 * Perform early platform setup & platform
-	 * specific early arch. setup e.g. mmu setup
+	 * Perform TSP setup
 	 * ---------------------------------------------
 	 */
-	bl	tsp_early_platform_setup
-	bl	tsp_plat_arch_setup
+	bl	tsp_setup
+
+	/* ---------------------------------------------
+	 * Enable pointer authentication
+	 * ---------------------------------------------
+	 */
+#if ENABLE_PAUTH
+	mrs	x0, sctlr_el1
+	orr	x0, x0, #SCTLR_EnIA_BIT
+	msr	sctlr_el1, x0
+	isb
+#endif /* ENABLE_PAUTH */

 	/* ---------------------------------------------
 	 * Jump to main function.
--- a/bl32/tsp/tsp.mk
+++ b/bl32/tsp/tsp.mk
@ -1,5 +1,5 @@
 #
-# Copyright (c) 2013-2016, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved.
 #
 # SPDX-License-Identifier: BSD-3-Clause
 #
@ -17,6 +17,11 @@ BL32_SOURCES		+=	bl32/tsp/tsp_main.c			\

 BL32_LINKERFILE		:=	bl32/tsp/tsp.ld.S

+# This flag determines whether pointer authentication is used in the TSP or not
+ifeq ($(ENABLE_PAUTH),1)
+BL32_CFLAGS		+=	-msign-return-address=non-leaf
+endif
+
 # This flag determines if the TSPD initializes BL32 in tspd_init() (synchronous
 # method) or configures BL31 to pass control to BL32 instead of BL33
 # (asynchronous method).
--- a/bl32/tsp/tsp_main.c
+++ b/bl32/tsp/tsp_main.c
@ -71,6 +71,26 @@ static tsp_args_t *set_smc_args(uint64_t arg0,
 	return pcpu_smc_args;
 }

+/*******************************************************************************
+ * Setup function for TSP.
+ ******************************************************************************/
+void tsp_setup(void)
+{
+	/* Perform early platform-specific setup */
+	tsp_early_platform_setup();
+
+	/*
+	 * Update pointer authentication key before the MMU is enabled. It is
+	 * saved in the rodata section, that can be writen before enabling the
+	 * MMU. This function must be called after the console is initialized
+	 * in the early platform setup.
+	 */
+	bl_handle_pauth();
+
+	/* Perform late platform-specific setup */
+	tsp_plat_arch_setup();
+}
+
 /*******************************************************************************
 * TSP main entry point where it gets the opportunity to initialize its secure
 * state/applications. Once the state is initialized, it must return to the
--- a/include/bl32/tsp/tsp.h
+++ b/include/bl32/tsp/tsp.h
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013-2017, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */
@ -104,6 +104,7 @@ typedef struct tsp_vectors {
 	tsp_vector_isn_t abort_yield_smc_entry;
 } tsp_vectors_t;

+void tsp_setup(void);

 #endif /* __ASSEMBLY__ */