diff options
| author | Alexei Fedorov <Alexei.Fedorov@arm.com> | 2019-05-24 12:17:09 +0100 |
|---|---|---|
| committer | Alexei Fedorov <Alexei.Fedorov@arm.com> | 2019-05-24 14:44:45 +0100 |
| commit | 9fc59639e649f614318f78ae2ca103fe102405ec (patch) | |
| tree | dc3edbb0a38dcc6b033c088dbaa156cfec653baa /Makefile | |
| parent | ced1711297347f24fee45e75e73c7767507a0982 (diff) | |
Add support for Branch Target Identification
This patch adds the functionality needed for platforms to provide
Branch Target Identification (BTI) extension, introduced to AArch64
in Armv8.5-A by adding BTI instruction used to mark valid targets
for indirect branches. The patch sets new GP bit [50] to the stage 1
Translation Table Block and Page entries to denote guarded EL3 code
pages which will cause processor to trap instructions in protected
pages trying to perform an indirect branch to any instruction other
than BTI.
BTI feature is selected by BRANCH_PROTECTION option which supersedes
the previous ENABLE_PAUTH used for Armv8.3-A Pointer Authentication
and is disabled by default. Enabling BTI requires compiler support
and was tested with GCC versions 9.0.0, 9.0.1 and 10.0.0.
The assembly macros and helpers are modified to accommodate the BTI
instruction.
This is an experimental feature.
Note. The previous ENABLE_PAUTH build option to enable PAuth in EL3
is now made as an internal flag and BRANCH_PROTECTION flag should be
used instead to enable Pointer Authentication.
Note. USE_LIBROM=1 option is currently not supported.
Change-Id: Ifaf4438609b16647dc79468b70cd1f47a623362e
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Diffstat (limited to 'Makefile')
| -rw-r--r-- | Makefile | 64 |
1 files changed, 48 insertions, 16 deletions
@@ -117,6 +117,29 @@ ifneq (${GENERATE_COT},0) FWU_FIP_DEPS += fwu_certificates endif +# Process BRANCH_PROTECTION value and set +# Pointer Authentication and Branch Target Identification flags +ifeq (${BRANCH_PROTECTION},0) + # Default value turns off all types of branch protection + BP_OPTION := none +else ifneq (${ARCH},aarch64) + $(error BRANCH_PROTECTION requires AArch64) +else ifeq (${BRANCH_PROTECTION},1) + # Enables all types of branch protection features + BP_OPTION := standard + ENABLE_BTI := 1 + ENABLE_PAUTH := 1 +else ifeq (${BRANCH_PROTECTION},2) + # Return address signing to its standard level + BP_OPTION := pac-ret + ENABLE_PAUTH := 1 +else ifeq (${BRANCH_PROTECTION},3) + # Extend the signing to include leaf functions + BP_OPTION := pac-ret+leaf + ENABLE_PAUTH := 1 +else + $(error Unknown BRANCH_PROTECTION value ${BRANCH_PROTECTION}) +endif ################################################################################ # Toolchain @@ -189,6 +212,10 @@ endif TF_CFLAGS_aarch32 += -mno-unaligned-access TF_CFLAGS_aarch64 += -mgeneral-regs-only -mstrict-align +ifneq (${BP_OPTION},none) +TF_CFLAGS_aarch64 += -mbranch-protection=${BP_OPTION} +endif + ASFLAGS_aarch32 = $(march32-directive) ASFLAGS_aarch64 = $(march64-directive) @@ -451,26 +478,30 @@ ifeq ($(DYN_DISABLE_AUTH), 1) endif # If pointer authentication is used in the firmware, make sure that all the -# registers associated to it are also saved and restored. Not doing it would -# leak the value of the key used by EL3 to EL1 and S-EL1. +# registers associated to it are also saved and restored. +# Not doing it would leak the value of the keys used by EL3 to EL1 and S-EL1. ifeq ($(ENABLE_PAUTH),1) - ifneq ($(ARCH),aarch64) - $(error ENABLE_PAUTH=1 requires AArch64) - else ifeq ($(CTX_INCLUDE_PAUTH_REGS),0) - $(error ENABLE_PAUTH=1 requires CTX_INCLUDE_PAUTH_REGS=1) - else - $(info ENABLE_PAUTH and CTX_INCLUDE_PAUTH_REGS are experimental features) + ifeq ($(CTX_INCLUDE_PAUTH_REGS),0) + $(error Pointer Authentication requires CTX_INCLUDE_PAUTH_REGS=1) endif -else - ifeq ($(CTX_INCLUDE_PAUTH_REGS),1) - ifneq ($(ARCH),aarch64) - $(error CTX_INCLUDE_PAUTH_REGS=1 requires AArch64) - else - $(info CTX_INCLUDE_PAUTH_REGS is an experimental feature) - endif +endif + +ifeq ($(CTX_INCLUDE_PAUTH_REGS),1) + ifneq (${ARCH},aarch64) + $(error CTX_INCLUDE_PAUTH_REGS requires AArch64) + else + $(info CTX_INCLUDE_PAUTH_REGS is an experimental feature) endif endif +ifeq ($(ENABLE_PAUTH),1) + $(info Pointer Authentication is an experimental feature) +endif + +ifeq ($(ENABLE_BTI),1) + $(info Branch Protection is an experimental feature) +endif + ################################################################################ # Process platform overrideable behaviour ################################################################################ @@ -599,7 +630,6 @@ $(eval $(call assert_boolean,EL3_EXCEPTION_HANDLING)) $(eval $(call assert_boolean,ENABLE_AMU)) $(eval $(call assert_boolean,ENABLE_ASSERTIONS)) $(eval $(call assert_boolean,ENABLE_MPAM_FOR_LOWER_ELS)) -$(eval $(call assert_boolean,ENABLE_PAUTH)) $(eval $(call assert_boolean,ENABLE_PIE)) $(eval $(call assert_boolean,ENABLE_PMF)) $(eval $(call assert_boolean,ENABLE_PSCI_STAT)) @@ -635,6 +665,7 @@ $(eval $(call assert_boolean,BL2_IN_XIP_MEM)) $(eval $(call assert_numeric,ARM_ARCH_MAJOR)) $(eval $(call assert_numeric,ARM_ARCH_MINOR)) +$(eval $(call assert_numeric,BRANCH_PROTECTION)) ################################################################################ # Add definitions to the cpp preprocessor based on the current build options. @@ -651,6 +682,7 @@ $(eval $(call add_define,CTX_INCLUDE_PAUTH_REGS)) $(eval $(call add_define,EL3_EXCEPTION_HANDLING)) $(eval $(call add_define,ENABLE_AMU)) $(eval $(call add_define,ENABLE_ASSERTIONS)) +$(eval $(call add_define,ENABLE_BTI)) $(eval $(call add_define,ENABLE_MPAM_FOR_LOWER_ELS)) $(eval $(call add_define,ENABLE_PAUTH)) $(eval $(call add_define,ENABLE_PIE)) |