From 530ceda57288aa931d0c8ba7b3066340d587cc9b Mon Sep 17 00:00:00 2001 From: Alexei Fedorov Date: Tue, 1 Oct 2019 13:58:23 +0100 Subject: TF-A: Add support for ARMv8.3-PAuth in BL1 SMC calls and BL2U This patch adds support for ARMv8.3-PAuth in BL1 SMC calls and BL2U image for firmware updates by programming APIAKey_EL1 registers and enabling Pointer Authentication in EL3 and EL1 respectively. Change-Id: I875d952aba8242caf74fb5f4f2d2af6f0c768c08 Signed-off-by: Alexei Fedorov --- bl1/aarch64/bl1_exceptions.S | 9 +++++++++ bl1/bl1_main.c | 10 ++++++++++ 2 files changed, 19 insertions(+) (limited to 'bl1') diff --git a/bl1/aarch64/bl1_exceptions.S b/bl1/aarch64/bl1_exceptions.S index 3e72e39f..9bba6eef 100644 --- a/bl1/aarch64/bl1_exceptions.S +++ b/bl1/aarch64/bl1_exceptions.S @@ -226,6 +226,15 @@ smc_handler: */ bl save_gp_pmcr_pauth_regs +#if ENABLE_PAUTH + /* ----------------------------------------------------- + * Load and program stored APIAKey firmware key. + * Re-enable pointer authentication in EL3, as it was + * disabled before jumping to the next boot image. + * ----------------------------------------------------- + */ + bl pauth_load_bl1_apiakey_enable +#endif /* ----------------------------------------------------- * Populate the parameters for the SMC handler. We * already have x0-x4 in place. x5 will point to a diff --git a/bl1/bl1_main.c b/bl1/bl1_main.c index 2bb85114..cd6fe7d5 100644 --- a/bl1/bl1_main.c +++ b/bl1/bl1_main.c @@ -31,6 +31,10 @@ DEFINE_SVC_UUID2(bl1_svc_uid, static void bl1_load_bl2(void); +#if ENABLE_PAUTH +uint64_t bl1_apiakey[2]; +#endif + /******************************************************************************* * Helper utility to calculate the BL2 memory layout taking into consideration * the BL1 RW data assuming that it is at the top of the memory layout. @@ -131,6 +135,12 @@ void bl1_main(void) /* Perform platform setup in BL1. */ bl1_platform_setup(); +#if ENABLE_PAUTH + /* Store APIAKey_EL1 key */ + bl1_apiakey[0] = read_apiakeylo_el1(); + bl1_apiakey[1] = read_apiakeyhi_el1(); +#endif /* ENABLE_PAUTH */ + /* Get the image id of next image to load and run. */ image_id = bl1_plat_get_next_image_id(); -- cgit v1.2.3