From cd7d6b0eb161c4b24f4ff19822cbb26c3f59a3f5 Mon Sep 17 00:00:00 2001
From: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Date: Wed, 30 Jan 2019 20:29:50 +0000
Subject: [PATCH] BL1: Enable pointer authentication support

The size increase after enabling options related to ARMv8.3-PAuth is:

+----------------------------+-------+-------+-------+--------+
|                            |  text |  bss  |  data | rodata |
+----------------------------+-------+-------+-------+--------+
| CTX_INCLUDE_PAUTH_REGS = 1 |  +108 |  +192 |   +0  |   +0   |
|                            |  0.5% |  0.8% |       |        |
+----------------------------+-------+-------+-------+--------+
| ENABLE_PAUTH = 1           |  +748 |  +192 |  +16  |   +0   |
|                            |  3.7% |  0.8% |  7.0% |        |
+----------------------------+-------+-------+-------+--------+

Results calculated with the following build configuration:

    make PLAT=fvp SPD=tspd DEBUG=1 \
    SDEI_SUPPORT=1                 \
    EL3_EXCEPTION_HANDLING=1       \
    TSP_NS_INTR_ASYNC_PREEMPT=1    \
    CTX_INCLUDE_PAUTH_REGS=1       \
    ENABLE_PAUTH=1

Change-Id: I3a7d02feb6a6d212be32a01432b0c7c1a261f567
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
---
 bl1/aarch32/bl1_entrypoint.S |  8 +++----
 bl1/aarch64/bl1_entrypoint.S | 42 +++++++++++++++++++++++++-----------
 bl1/bl1.mk                   |  6 +++++-
 bl1/bl1_main.c               | 24 ++++++++++++++++++++-
 include/bl1/bl1.h            |  3 ++-
 5 files changed, 63 insertions(+), 20 deletions(-)

diff --git a/bl1/aarch32/bl1_entrypoint.S b/bl1/aarch32/bl1_entrypoint.S
index 3f0cbaf4b..6a155660b 100644
--- a/bl1/aarch32/bl1_entrypoint.S
+++ b/bl1/aarch32/bl1_entrypoint.S
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2016-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2016-2019, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -52,12 +52,10 @@ func bl1_entrypoint
 		_exception_vectors=bl1_vector_table
 
 	/* -----------------------------------------------------
-	 * Perform early platform setup & platform
-	 * specific early arch. setup e.g. mmu setup
+	 * Perform BL1 setup
 	 * -----------------------------------------------------
 	 */
-	bl	bl1_early_platform_setup
-	bl	bl1_plat_arch_setup
+	bl	bl1_setup
 
 	/* -----------------------------------------------------
 	 * Jump to main function.
diff --git a/bl1/aarch64/bl1_entrypoint.S b/bl1/aarch64/bl1_entrypoint.S
index f7e02e974..0f8d5aaca 100644
--- a/bl1/aarch64/bl1_entrypoint.S
+++ b/bl1/aarch64/bl1_entrypoint.S
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013-2017, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -32,24 +32,42 @@ func bl1_entrypoint
 		_init_c_runtime=1				\
 		_exception_vectors=bl1_exceptions
 
-	/* ---------------------------------------------
-	 * Architectural init. can be generic e.g.
-	 * enabling stack alignment and platform spec-
-	 * ific e.g. MMU & page table setup as per the
-	 * platform memory map. Perform the latter here
-	 * and the former in bl1_main.
-	 * ---------------------------------------------
+	/* --------------------------------------------------------------------
+	 * Perform BL1 setup
+	 * --------------------------------------------------------------------
 	 */
-	bl	bl1_early_platform_setup
-	bl	bl1_plat_arch_setup
+	bl	bl1_setup
 
-	/* --------------------------------------------------
+	/* --------------------------------------------------------------------
+	 * Enable pointer authentication
+	 * --------------------------------------------------------------------
+	 */
+#if ENABLE_PAUTH
+	mrs	x0, sctlr_el3
+	orr	x0, x0, #SCTLR_EnIA_BIT
+	msr	sctlr_el3, x0
+	isb
+#endif /* ENABLE_PAUTH */
+
+	/* --------------------------------------------------------------------
 	 * Initialize platform and jump to our c-entry point
 	 * for this type of reset.
-	 * --------------------------------------------------
+	 * --------------------------------------------------------------------
 	 */
 	bl	bl1_main
 
+	/* --------------------------------------------------------------------
+	 * Disable pointer authentication before jumping to BL31 or that will
+	 * cause an authentication failure during the early platform init.
+	 * --------------------------------------------------------------------
+	 */
+#if ENABLE_PAUTH
+	mrs	x0, sctlr_el3
+	bic	x0, x0, #SCTLR_EnIA_BIT
+	msr	sctlr_el3, x0
+	isb
+#endif /* ENABLE_PAUTH */
+
 	/* --------------------------------------------------
 	 * Do the transition to next boot image.
 	 * --------------------------------------------------
diff --git a/bl1/bl1.mk b/bl1/bl1.mk
index ec7d7280b..7f1a82306 100644
--- a/bl1/bl1.mk
+++ b/bl1/bl1.mk
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2013-2018, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved.
 #
 # SPDX-License-Identifier: BSD-3-Clause
 #
@@ -21,6 +21,10 @@ BL1_SOURCES		+=	lib/cpus/aarch64/dsu_helpers.S		\
 				lib/el3_runtime/aarch64/context.S
 endif
 
+ifeq (${ENABLE_PAUTH},1)
+BL1_CFLAGS		+=	-msign-return-address=non-leaf
+endif
+
 ifeq (${TRUSTED_BOARD_BOOT},1)
 BL1_SOURCES		+=	bl1/bl1_fwu.c
 endif
diff --git a/bl1/bl1_main.c b/bl1/bl1_main.c
index d2c2b4173..fce14f55f 100644
--- a/bl1/bl1_main.c
+++ b/bl1/bl1_main.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -51,6 +51,28 @@ void bl1_calc_bl2_mem_layout(const meminfo_t *bl1_mem_layout,
 	flush_dcache_range((unsigned long)bl2_mem_layout, sizeof(meminfo_t));
 }
 
+/*******************************************************************************
+ * Setup function for BL1.
+ ******************************************************************************/
+void bl1_setup(void)
+{
+	/* Perform early platform-specific setup */
+	bl1_early_platform_setup();
+
+#ifdef AARCH64
+	/*
+	 * Update pointer authentication key before the MMU is enabled. It is
+	 * saved in the rodata section, that can be writen before enabling the
+	 * MMU. This function must be called after the console is initialized
+	 * in the early platform setup.
+	 */
+	bl_handle_pauth();
+#endif /* AARCH64 */
+
+	/* Perform late platform-specific setup */
+	bl1_plat_arch_setup();
+}
+
 /*******************************************************************************
  * Function to perform late architectural and platform specific initialization.
  * It also queries the platform to load and run next BL image. Only called
diff --git a/include/bl1/bl1.h b/include/bl1/bl1.h
index 7b5d87572..937b8c7e8 100644
--- a/include/bl1/bl1.h
+++ b/include/bl1/bl1.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -83,6 +83,7 @@ register_t bl1_smc_handler(unsigned int smc_fid,
 
 void bl1_print_next_bl_ep_info(const struct entry_point_info *bl_ep_info);
 
+void bl1_setup(void);
 void bl1_main(void);
 void bl1_plat_prepare_exit(entry_point_info_t *ep_info);