From 302b4dfb8fb0041959b8593a098ccae6c61e3238 Mon Sep 17 00:00:00 2001 From: Venkatesh Yadav Abbarapu Date: Tue, 20 Jul 2021 22:27:32 -0600 Subject: [PATCH] feat(plat/versal): add support for SLS mitigation This patch adds the option HARDEN_SLS_ALL that can be used to enable the -mharden-sls=all, which mitigates the straight-line speculation vulnerability. Enable this by adding the option HARDEN_SLS_ALL=1, default this will be disabled. Signed-off-by: Venkatesh Yadav Abbarapu Change-Id: I0d498d9e96903fcb879993ad491949f6f17769b2 --- docs/plat/xilinx-versal.rst | 5 +++++ plat/xilinx/versal/platform.mk | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/docs/plat/xilinx-versal.rst b/docs/plat/xilinx-versal.rst index 3d4c4a4e1..d65b048e5 100644 --- a/docs/plat/xilinx-versal.rst +++ b/docs/plat/xilinx-versal.rst @@ -24,6 +24,11 @@ To build TF-A for JTAG DCC console make RESET_TO_BL31=1 CROSS_COMPILE=aarch64-none-elf- PLAT=versal bl31 VERSAL_CONSOLE=dcc ``` +To build TF-A with Straight-Line Speculation(SLS) +```bash +make RESET_TO_BL31=1 CROSS_COMPILE=aarch64-none-elf- PLAT=versal bl31 HARDEN_SLS_ALL=1 +``` + Xilinx Versal platform specific build options --------------------------------------------- diff --git a/plat/xilinx/versal/platform.mk b/plat/xilinx/versal/platform.mk index a0b317fe8..a8b2c948a 100644 --- a/plat/xilinx/versal/platform.mk +++ b/plat/xilinx/versal/platform.mk @@ -9,6 +9,7 @@ SEPARATE_CODE_AND_RODATA := 1 override RESET_TO_BL31 := 1 PL011_GENERIC_UART := 1 IPI_CRC_CHECK := 0 +HARDEN_SLS_ALL := 0 ifdef VERSAL_ATF_MEM_BASE $(eval $(call add_define,VERSAL_ATF_MEM_BASE)) @@ -87,3 +88,7 @@ BL31_SOURCES += drivers/arm/cci/cci.c \ plat/xilinx/versal/pm_service/pm_svc_main.c \ plat/xilinx/versal/pm_service/pm_api_sys.c \ plat/xilinx/versal/pm_service/pm_client.c + +ifeq ($(HARDEN_SLS_ALL), 1) +TF_CFLAGS_aarch64 += -mharden-sls=all +endif