diff options
| author | Antonio Nino Diaz <antonio.ninodiaz@arm.com> | 2019-02-19 11:53:51 +0000 |
|---|---|---|
| committer | Antonio Nino Diaz <antonio.ninodiaz@arm.com> | 2019-02-27 11:58:09 +0000 |
| commit | b86048c40cb7d9ccd7aeac1681945676a6dc36ff (patch) | |
| tree | 3a501b3395633ab07d312068c1dacd591493c7ac /docs/user-guide.rst | |
| parent | 5283962ebaf77850d68bb457608ede5174e43159 (diff) | |
| download | platform_external_arm-trusted-firmware-b86048c40cb7d9ccd7aeac1681945676a6dc36ff.tar.gz platform_external_arm-trusted-firmware-b86048c40cb7d9ccd7aeac1681945676a6dc36ff.tar.bz2 platform_external_arm-trusted-firmware-b86048c40cb7d9ccd7aeac1681945676a6dc36ff.zip | |
Add support for pointer authentication
The previous commit added the infrastructure to load and save
ARMv8.3-PAuth registers during Non-secure <-> Secure world switches, but
didn't actually enable pointer authentication in the firmware.
This patch adds the functionality needed for platforms to provide
authentication keys for the firmware, and a new option (ENABLE_PAUTH) to
enable pointer authentication in the firmware itself. This option is
disabled by default, and it requires CTX_INCLUDE_PAUTH_REGS to be
enabled.
Change-Id: I35127ec271e1198d43209044de39fa712ef202a5
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Diffstat (limited to 'docs/user-guide.rst')
| -rw-r--r-- | docs/user-guide.rst | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/docs/user-guide.rst b/docs/user-guide.rst index 70c1d5a91..b42012757 100644 --- a/docs/user-guide.rst +++ b/docs/user-guide.rst @@ -362,7 +362,7 @@ Common build options the ARMv8.3-PAuth registers to be included when saving and restoring the CPU context. Note that if the hardware supports this extension and this option is set to 0 the value of the registers will be leaked between Secure and - Non-secure worlds. The default is 0. + Non-secure worlds if PAuth is used on both sides. The default is 0. - ``DEBUG``: Chooses between a debug and release build. It can take either 0 (release) or 1 (debug) as values. 0 is the default. @@ -411,6 +411,13 @@ Common build options partitioning in EL3, however. Platform initialisation code should configure and use partitions in EL3 as required. This option defaults to ``0``. +- ``ENABLE_PAUTH``: Boolean option to enable ARMv8.3 Pointer Authentication + (``ARMv8.3-PAuth``) support in the Trusted Firmware itself. Note that this + option doesn't affect the saving of the registers introduced with this + extension, they are always saved if they are detected regardless of the value + of this option. If enabled, it is needed to use a compiler that supports the + option ``-msign-return-address``. It defaults to 0. + - ``ENABLE_PIE``: Boolean option to enable Position Independent Executable(PIE) support within generic code in TF-A. This option is currently only supported in BL31. Default is 0. |