Add ARMv8.3-PAuth registers to CPU context

ARMv8.3-PAuth adds functionality that supports address authentication of
the contents of a register before that register is used as the target of
an indirect branch, or as a load.

This feature is supported only in AArch64 state.

This feature is mandatory in ARMv8.3 implementations.

This feature adds several registers to EL1. A new option called
CTX_INCLUDE_PAUTH_REGS has been added to select if the TF needs to save
them during Non-secure <-> Secure world switches. This option must be
enabled if the hardware has the registers or the values will be leaked
during world switches.

To prevent leaks, this patch also disables pointer authentication in the
Secure world if CTX_INCLUDE_PAUTH_REGS is 0. Any attempt to use it will
be trapped in EL3.

Change-Id: I27beba9907b9a86c6df1d0c5bf6180c972830855
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

1 files changed, 6 insertions, 0 deletions

diff --git a/docs/user-guide.rst b/docs/user-guide.rst
index 4ff1c7270..70c1d5a91 100644
--- a/docs/user-guide.rst
+++ b/docs/user-guide.rst
@@ -358,6 +358,12 @@ Common build options
    registers to be included when saving and restoring the CPU context. Default
    is 0.
 
+-  ``CTX_INCLUDE_PAUTH_REGS``: Boolean option that, when set to 1, will cause
+   the ARMv8.3-PAuth registers to be included when saving and restoring the CPU
+   context. Note that if the hardware supports this extension and this option is
+   set to 0 the value of the registers will be leaked between Secure and
+   Non-secure worlds. The default is 0.
+
 -  ``DEBUG``: Chooses between a debug and release build. It can take either 0
    (release) or 1 (debug) as values. 0 is the default.