diff options
Diffstat (limited to 'bl2')
| -rw-r--r-- | bl2/aarch64/bl2_el3_entrypoint.S | 25 | ||||
| -rw-r--r-- | bl2/aarch64/bl2_entrypoint.S | 15 | ||||
| -rw-r--r-- | bl2/bl2_main.c | 54 |
3 files changed, 43 insertions, 51 deletions
diff --git a/bl2/aarch64/bl2_el3_entrypoint.S b/bl2/aarch64/bl2_el3_entrypoint.S index 261d2957..6fe2dd92 100644 --- a/bl2/aarch64/bl2_el3_entrypoint.S +++ b/bl2/aarch64/bl2_el3_entrypoint.S @@ -43,22 +43,12 @@ func bl2_entrypoint */ bl bl2_el3_setup - /* --------------------------------------------- - * Enable pointer authentication - * --------------------------------------------- - */ #if ENABLE_PAUTH - mrs x0, sctlr_el3 - orr x0, x0, #SCTLR_EnIA_BIT -#if ENABLE_BTI /* --------------------------------------------- - * Enable PAC branch type compatibility + * Program APIAKey_EL1 and enable pointer authentication. * --------------------------------------------- */ - bic x0, x0, #SCTLR_BT_BIT -#endif /* ENABLE_BTI */ - msr sctlr_el3, x0 - isb + bl pauth_init_enable_el3 #endif /* ENABLE_PAUTH */ /* --------------------------------------------- @@ -87,16 +77,13 @@ func bl2_run_next_image tlbi alle3 bl bl2_el3_plat_prepare_exit +#if ENABLE_PAUTH /* --------------------------------------------- - * Disable pointer authentication before jumping to BL31 or that will - * cause an authentication failure during the early platform init. + * Disable pointer authentication before jumping + * to next boot image. * --------------------------------------------- */ -#if ENABLE_PAUTH - mrs x0, sctlr_el3 - bic x0, x0, #SCTLR_EnIA_BIT - msr sctlr_el3, x0 - isb + bl pauth_disable_el3 #endif /* ENABLE_PAUTH */ ldp x0, x1, [x20, #ENTRY_POINT_INFO_PC_OFFSET] diff --git a/bl2/aarch64/bl2_entrypoint.S b/bl2/aarch64/bl2_entrypoint.S index 5e5b83b1..a021e424 100644 --- a/bl2/aarch64/bl2_entrypoint.S +++ b/bl2/aarch64/bl2_entrypoint.S @@ -117,22 +117,13 @@ func bl2_entrypoint mov x3, x23 bl bl2_setup - /* --------------------------------------------- - * Enable pointer authentication - * --------------------------------------------- - */ #if ENABLE_PAUTH - mrs x0, sctlr_el1 - orr x0, x0, #SCTLR_EnIA_BIT -#if ENABLE_BTI /* --------------------------------------------- - * Enable PAC branch type compatibility + * Program APIAKey_EL1 + * and enable pointer authentication. * --------------------------------------------- */ - bic x0, x0, #(SCTLR_BT0_BIT | SCTLR_BT1_BIT) -#endif /* ENABLE_BTI */ - msr sctlr_el1, x0 - isb + bl pauth_init_enable_el1 #endif /* ENABLE_PAUTH */ /* --------------------------------------------- diff --git a/bl2/bl2_main.c b/bl2/bl2_main.c index 79b0e717..802c1746 100644 --- a/bl2/bl2_main.c +++ b/bl2/bl2_main.c @@ -4,13 +4,17 @@ * SPDX-License-Identifier: BSD-3-Clause */ +#include <assert.h> + #include <arch_helpers.h> +#include <arch_features.h> #include <bl1/bl1.h> #include <bl2/bl2.h> #include <common/bl_common.h> #include <common/debug.h> #include <drivers/auth/auth_mod.h> #include <drivers/console.h> +#include <lib/extensions/pauth.h> #include <plat/common/platform.h> #include "bl2_private.h" @@ -31,18 +35,16 @@ void bl2_setup(u_register_t arg0, u_register_t arg1, u_register_t arg2, /* Perform early platform-specific setup */ bl2_early_platform_setup2(arg0, arg1, arg2, arg3); -#ifdef __aarch64__ - /* - * Update pointer authentication key before the MMU is enabled. It is - * saved in the rodata section, that can be writen before enabling the - * MMU. This function must be called after the console is initialized - * in the early platform setup. - */ - bl_handle_pauth(); -#endif /* __aarch64__ */ - /* Perform late platform-specific setup */ bl2_plat_arch_setup(); + +#if CTX_INCLUDE_PAUTH_REGS + /* + * Assert that the ARMv8.3-PAuth registers are present or an access + * fault will be triggered when they are being saved or restored. + */ + assert(is_armv8_3_pauth_present()); +#endif /* CTX_INCLUDE_PAUTH_REGS */ } #else /* if BL2_AT_EL3 */ @@ -55,18 +57,16 @@ void bl2_el3_setup(u_register_t arg0, u_register_t arg1, u_register_t arg2, /* Perform early platform-specific setup */ bl2_el3_early_platform_setup(arg0, arg1, arg2, arg3); -#ifdef __aarch64__ - /* - * Update pointer authentication key before the MMU is enabled. It is - * saved in the rodata section, that can be writen before enabling the - * MMU. This function must be called after the console is initialized - * in the early platform setup. - */ - bl_handle_pauth(); -#endif /* __aarch64__ */ - /* Perform late platform-specific setup */ bl2_el3_plat_arch_setup(); + +#if CTX_INCLUDE_PAUTH_REGS + /* + * Assert that the ARMv8.3-PAuth registers are present or an access + * fault will be triggered when they are being saved or restored. + */ + assert(is_armv8_3_pauth_present()); +#endif /* CTX_INCLUDE_PAUTH_REGS */ } #endif /* BL2_AT_EL3 */ @@ -108,6 +108,13 @@ void bl2_main(void) console_flush(); +#if ENABLE_PAUTH + /* + * Disable pointer authentication before running next boot image + */ + pauth_disable_el1(); +#endif /* ENABLE_PAUTH */ + /* * Run next BL image via an SMC to BL1. Information on how to pass * control to the BL32 (if present) and BL33 software images will @@ -119,6 +126,13 @@ void bl2_main(void) print_entry_point_info(next_bl_ep_info); console_flush(); +#if ENABLE_PAUTH + /* + * Disable pointer authentication before running next boot image + */ + pauth_disable_el3(); +#endif /* ENABLE_PAUTH */ + bl2_run_next_image(next_bl_ep_info); #endif /* BL2_AT_EL3 */ } |