diff options
| author | Antonio Nino Diaz <antonio.ninodiaz@arm.com> | 2019-02-19 11:53:51 +0000 |
|---|---|---|
| committer | Antonio Nino Diaz <antonio.ninodiaz@arm.com> | 2019-02-27 11:58:09 +0000 |
| commit | b86048c40cb7d9ccd7aeac1681945676a6dc36ff (patch) | |
| tree | 3a501b3395633ab07d312068c1dacd591493c7ac /Makefile | |
| parent | 5283962ebaf77850d68bb457608ede5174e43159 (diff) | |
Add support for pointer authentication
The previous commit added the infrastructure to load and save
ARMv8.3-PAuth registers during Non-secure <-> Secure world switches, but
didn't actually enable pointer authentication in the firmware.
This patch adds the functionality needed for platforms to provide
authentication keys for the firmware, and a new option (ENABLE_PAUTH) to
enable pointer authentication in the firmware itself. This option is
disabled by default, and it requires CTX_INCLUDE_PAUTH_REGS to be
enabled.
Change-Id: I35127ec271e1198d43209044de39fa712ef202a5
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Diffstat (limited to 'Makefile')
| -rw-r--r-- | Makefile | 19 |
1 files changed, 19 insertions, 0 deletions
@@ -184,6 +184,14 @@ TF_CFLAGS_aarch64 += -mgeneral-regs-only -mstrict-align ASFLAGS_aarch32 = $(march32-directive) ASFLAGS_aarch64 = -march=armv8-a +# Set the compiler to ARMv8.3 mode so that it uses all the ARMv8.3-PAuth +# instructions. Keeping it in 8.0 would make the compiler emit +# backwards-compatible hint instructions, which needs more space. +ifeq (${ENABLE_PAUTH},1) +TF_CFLAGS_aarch64 += -march=armv8.3-a +ASFLAGS_aarch64 += -march=armv8.3-a +endif + WARNING1 := -Wextra WARNING1 += -Wunused -Wno-unused-parameter WARNING1 += -Wmissing-declarations @@ -459,6 +467,15 @@ ifeq ($(DYN_DISABLE_AUTH), 1) endif endif +# If pointer authentication is used in the firmware, make sure that all the +# registers associated to it are also saved and restored. Not doing it would +# leak the value of the key used by EL3 to EL1 and S-EL1. +ifeq ($(ENABLE_PAUTH),1) + ifeq ($(CTX_INCLUDE_PAUTH_REGS),0) + $(error ENABLE_PAUTH=1 requires CTX_INCLUDE_PAUTH_REGS=1) + endif +endif + ################################################################################ # Process platform overrideable behaviour ################################################################################ @@ -587,6 +604,7 @@ $(eval $(call assert_boolean,EL3_EXCEPTION_HANDLING)) $(eval $(call assert_boolean,ENABLE_AMU)) $(eval $(call assert_boolean,ENABLE_ASSERTIONS)) $(eval $(call assert_boolean,ENABLE_MPAM_FOR_LOWER_ELS)) +$(eval $(call assert_boolean,ENABLE_PAUTH)) $(eval $(call assert_boolean,ENABLE_PIE)) $(eval $(call assert_boolean,ENABLE_PMF)) $(eval $(call assert_boolean,ENABLE_PSCI_STAT)) @@ -639,6 +657,7 @@ $(eval $(call add_define,EL3_EXCEPTION_HANDLING)) $(eval $(call add_define,ENABLE_AMU)) $(eval $(call add_define,ENABLE_ASSERTIONS)) $(eval $(call add_define,ENABLE_MPAM_FOR_LOWER_ELS)) +$(eval $(call add_define,ENABLE_PAUTH)) $(eval $(call add_define,ENABLE_PIE)) $(eval $(call add_define,ENABLE_PMF)) $(eval $(call add_define,ENABLE_PSCI_STAT)) |