BL2_AT_EL3: Enable pointer authentication support

The size increase after enabling options related to ARMv8.3-PAuth is:

+----------------------------+-------+-------+-------+--------+
|                            |  text |  bss  |  data | rodata |
+----------------------------+-------+-------+-------+--------+
| CTX_INCLUDE_PAUTH_REGS = 1 |   +44 |   +0  |   +0  |   +0   |
|                            |  0.2% |       |       |        |
+----------------------------+-------+-------+-------+--------+
| ENABLE_PAUTH = 1           |  +712 |   +0  |  +16  |   +0   |
|                            |  3.1% |       |  0.9% |        |
+----------------------------+-------+-------+-------+--------+

The results are valid for the following build configuration:

    make PLAT=fvp SPD=tspd DEBUG=1 \
    BL2_AT_EL3=1                   \
    CTX_INCLUDE_PAUTH_REGS=1       \
    ENABLE_PAUTH=1

Change-Id: I1c0616e7dea30962a92b4fd113428bc30a018320
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

bl2/aarch32/bl2_el3_entrypoint.S

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2019, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -36,8 +36,11 @@ func bl2_entrypoint
 	mov	r2, r11
 	mov	r3, r12
 
-	bl	bl2_el3_early_platform_setup
+	/* ---------------------------------------------
-	bl	bl2_el3_plat_arch_setup
+	 * Perform BL2 setup
+	 * ---------------------------------------------
+	 */
+	bl	bl2_el3_setup
 
 	/* ---------------------------------------------
 	 * Jump to main function.

bl2/aarch64/bl2_el3_entrypoint.S

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2019, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -29,16 +29,31 @@ func bl2_entrypoint
 		_init_c_runtime=1                               \
 		_exception_vectors=bl2_el3_exceptions
 
-	/*
+	/* ---------------------------------------------
 	 * Restore parameters of boot rom
+	 * ---------------------------------------------
 	 */
 	mov	x0, x20
 	mov	x1, x21
 	mov	x2, x22
 	mov	x3, x23
 
-	bl	bl2_el3_early_platform_setup
+	/* ---------------------------------------------
-	bl	bl2_el3_plat_arch_setup
+	 * Perform BL2 setup
+	 * ---------------------------------------------
+	 */
+	bl	bl2_el3_setup
+
+	/* ---------------------------------------------
+	 * Enable pointer authentication
+	 * ---------------------------------------------
+	 */
+#if ENABLE_PAUTH
+	mrs	x0, sctlr_el3
+	orr	x0, x0, #SCTLR_EnIA_BIT
+	msr	sctlr_el3, x0
+	isb
+#endif /* ENABLE_PAUTH */
 
 	/* ---------------------------------------------
 	 * Jump to main function.
@@ -55,16 +70,29 @@ endfunc bl2_entrypoint
 
 func bl2_run_next_image
 	mov	x20,x0
-        /*
+	/* ---------------------------------------------
-         * MMU needs to be disabled because both BL2 and BL31 execute
+	 * MMU needs to be disabled because both BL2 and BL31 execute
-         * in EL3, and therefore share the same address space.
+	 * in EL3, and therefore share the same address space.
-         * BL31 will initialize the address space according to its
+	 * BL31 will initialize the address space according to its
-         * own requirement.
+	 * own requirement.
-         */
+	 * ---------------------------------------------
+	 */
 	bl	disable_mmu_icache_el3
 	tlbi	alle3
 	bl	bl2_el3_plat_prepare_exit
 
+	/* ---------------------------------------------
+	 * Disable pointer authentication before jumping to BL31 or that will
+	 * cause an authentication failure during the early platform init.
+	 * ---------------------------------------------
+	 */
+#if ENABLE_PAUTH
+	mrs	x0, sctlr_el3
+	bic	x0, x0, #SCTLR_EnIA_BIT
+	msr	sctlr_el3, x0
+	isb
+#endif /* ENABLE_PAUTH */
+
 	ldp	x0, x1, [x20, #ENTRY_POINT_INFO_PC_OFFSET]
 	msr	elr_el3, x0
 	msr	spsr_el3, x1

bl2/bl2_main.c

@@ -21,6 +21,7 @@
 #define NEXT_IMAGE	"BL31"
 #endif
 
+#if !BL2_AT_EL3
 /*******************************************************************************
  * Setup function for BL2.
  ******************************************************************************/
@@ -44,6 +45,31 @@ void bl2_setup(u_register_t arg0, u_register_t arg1, u_register_t arg2,
 	bl2_plat_arch_setup();
 }
 
+#else /* if BL2_AT_EL3 */
+/*******************************************************************************
+ * Setup function for BL2 when BL2_AT_EL3=1.
+ ******************************************************************************/
+void bl2_el3_setup(u_register_t arg0, u_register_t arg1, u_register_t arg2,
+		   u_register_t arg3)
+{
+	/* Perform early platform-specific setup */
+	bl2_el3_early_platform_setup(arg0, arg1, arg2, arg3);
+
+#ifdef AARCH64
+	/*
+	 * Update pointer authentication key before the MMU is enabled. It is
+	 * saved in the rodata section, that can be writen before enabling the
+	 * MMU. This function must be called after the console is initialized
+	 * in the early platform setup.
+	 */
+	bl_handle_pauth();
+#endif /* AARCH64 */
+
+	/* Perform late platform-specific setup */
+	bl2_el3_plat_arch_setup();
+}
+#endif /* BL2_AT_EL3 */
+
 /*******************************************************************************
  * The only thing to do in BL2 is to load further images and pass control to
  * next BL. The memory occupied by BL2 will be reclaimed by BL3x stages. BL2
@@ -88,11 +114,11 @@ void bl2_main(void)
 	 * be passed to next BL image as an argument.
 	 */
 	smc(BL1_SMC_RUN_IMAGE, (unsigned long)next_bl_ep_info, 0, 0, 0, 0, 0, 0);
-#else
+#else /* if BL2_AT_EL3 */
 	NOTICE("BL2: Booting " NEXT_IMAGE "\n");
 	print_entry_point_info(next_bl_ep_info);
 	console_flush();
 
 	bl2_run_next_image(next_bl_ep_info);
-#endif
+#endif /* BL2_AT_EL3 */
 }

include/bl2/bl2.h

@@ -11,6 +11,8 @@
 
 void bl2_setup(u_register_t arg0, u_register_t arg1, u_register_t arg2,
 	       u_register_t arg3);
+void bl2_el3_setup(u_register_t arg0, u_register_t arg1, u_register_t arg2,
+		   u_register_t arg3);
 void bl2_main(void);
 
 #endif /* BL2_H */