diff options
| author | Antonio Niño Díaz <antonio.ninodiaz@arm.com> | 2019-02-27 14:32:35 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-02-27 14:32:35 +0000 |
| commit | 57bc6424cd7021e64d2af876b7d79b685893a208 (patch) | |
| tree | 7ac40b1632b32078b667add460c4f1a3a0b5ed5b /lib | |
| parent | fc159c62ed6779bbf64882535e245629dd059e98 (diff) | |
| parent | 67b6ff9f8ccd84cea1627d738f3e2d4eb0a789e1 (diff) | |
| download | platform_external_arm-trusted-firmware-57bc6424cd7021e64d2af876b7d79b685893a208.tar.gz platform_external_arm-trusted-firmware-57bc6424cd7021e64d2af876b7d79b685893a208.tar.bz2 platform_external_arm-trusted-firmware-57bc6424cd7021e64d2af876b7d79b685893a208.zip | |
Merge pull request #1829 from antonio-nino-diaz-arm/an/pauth
Add Pointer Authentication (ARMv8.3-PAuth) support to the TF
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/el3_runtime/aarch64/context.S | 124 | ||||
| -rw-r--r-- | lib/el3_runtime/aarch64/context_mgmt.c | 14 |
2 files changed, 128 insertions, 10 deletions
diff --git a/lib/el3_runtime/aarch64/context.S b/lib/el3_runtime/aarch64/context.S index 707e6dbd4..4489e908b 100644 --- a/lib/el3_runtime/aarch64/context.S +++ b/lib/el3_runtime/aarch64/context.S @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013-2018, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -14,6 +14,13 @@ .global fpregs_context_save .global fpregs_context_restore #endif +#if CTX_INCLUDE_PAUTH_REGS + .global pauth_context_restore + .global pauth_context_save +#endif +#if ENABLE_PAUTH + .global pauth_load_bl_apiakey +#endif .global save_gp_registers .global restore_gp_registers .global restore_gp_registers_eret @@ -299,6 +306,96 @@ func fpregs_context_restore endfunc fpregs_context_restore #endif /* CTX_INCLUDE_FPREGS */ +#if CTX_INCLUDE_PAUTH_REGS +/* ----------------------------------------------------- + * The following function strictly follows the AArch64 + * PCS to use x9-x17 (temporary caller-saved registers) + * to save the ARMv8.3-PAuth register context. It assumes + * that 'sp' is pointing to a 'cpu_context_t' structure + * to where the register context will be saved. + * ----------------------------------------------------- + */ +func pauth_context_save + add x11, sp, #CTX_PAUTH_REGS_OFFSET + + mrs x9, APIAKeyLo_EL1 + mrs x10, APIAKeyHi_EL1 + stp x9, x10, [x11, #CTX_PACIAKEY_LO] + + mrs x9, APIBKeyLo_EL1 + mrs x10, APIBKeyHi_EL1 + stp x9, x10, [x11, #CTX_PACIBKEY_LO] + + mrs x9, APDAKeyLo_EL1 + mrs x10, APDAKeyHi_EL1 + stp x9, x10, [x11, #CTX_PACDAKEY_LO] + + mrs x9, APDBKeyLo_EL1 + mrs x10, APDBKeyHi_EL1 + stp x9, x10, [x11, #CTX_PACDBKEY_LO] + + mrs x9, APGAKeyLo_EL1 + mrs x10, APGAKeyHi_EL1 + stp x9, x10, [x11, #CTX_PACGAKEY_LO] + + ret +endfunc pauth_context_save + +/* ----------------------------------------------------- + * The following function strictly follows the AArch64 + * PCS to use x9-x17 (temporary caller-saved registers) + * to restore the ARMv8.3-PAuth register context. It assumes + * that 'sp' is pointing to a 'cpu_context_t' structure + * from where the register context will be restored. + * ----------------------------------------------------- + */ +func pauth_context_restore + add x11, sp, #CTX_PAUTH_REGS_OFFSET + + ldp x9, x10, [x11, #CTX_PACIAKEY_LO] + msr APIAKeyLo_EL1, x9 + msr APIAKeyHi_EL1, x10 + + ldp x9, x10, [x11, #CTX_PACIAKEY_LO] + msr APIBKeyLo_EL1, x9 + msr APIBKeyHi_EL1, x10 + + ldp x9, x10, [x11, #CTX_PACDAKEY_LO] + msr APDAKeyLo_EL1, x9 + msr APDAKeyHi_EL1, x10 + + ldp x9, x10, [x11, #CTX_PACDBKEY_LO] + msr APDBKeyLo_EL1, x9 + msr APDBKeyHi_EL1, x10 + + ldp x9, x10, [x11, #CTX_PACGAKEY_LO] + msr APGAKeyLo_EL1, x9 + msr APGAKeyHi_EL1, x10 + + ret +endfunc pauth_context_restore +#endif /* CTX_INCLUDE_PAUTH_REGS */ + +/* ----------------------------------------------------- + * The following function strictly follows the AArch64 + * PCS to use x9-x17 (temporary caller-saved registers) + * to load the APIA key used by the firmware. + * ----------------------------------------------------- + */ +#if ENABLE_PAUTH +func pauth_load_bl_apiakey + /* Load instruction key A used by the Trusted Firmware. */ + adrp x11, plat_apiakey + add x11, x11, :lo12:plat_apiakey + ldp x9, x10, [x11, #0] + + msr APIAKeyLo_EL1, x9 + msr APIAKeyHi_EL1, x10 + + ret +endfunc pauth_load_bl_apiakey +#endif /* ENABLE_PAUTH */ + /* ----------------------------------------------------- * The following functions are used to save and restore * all the general purpose registers. Ideally we would @@ -332,9 +429,10 @@ func save_gp_registers ret endfunc save_gp_registers -/* +/* ----------------------------------------------------- * This function restores all general purpose registers except x30 from the * CPU context. x30 register must be explicitly restored by the caller. + * ----------------------------------------------------- */ func restore_gp_registers ldp x0, x1, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X0] @@ -357,9 +455,10 @@ func restore_gp_registers ret endfunc restore_gp_registers -/* +/* ----------------------------------------------------- * Restore general purpose registers (including x30), and exit EL3 via. ERET to * a lower exception level. + * ----------------------------------------------------- */ func restore_gp_registers_eret bl restore_gp_registers @@ -377,12 +476,12 @@ func restore_gp_registers_eret eret endfunc restore_gp_registers_eret - /* ----------------------------------------------------- - * This routine assumes that the SP_EL3 is pointing to - * a valid context structure from where the gp regs and - * other special registers can be retrieved. - * ----------------------------------------------------- - */ +/* ----------------------------------------------------- + * This routine assumes that the SP_EL3 is pointing to + * a valid context structure from where the gp regs and + * other special registers can be retrieved. + * ----------------------------------------------------- + */ func el3_exit /* ----------------------------------------------------- * Save the current SP_EL0 i.e. the EL3 runtime stack @@ -410,9 +509,14 @@ func el3_exit cmp x17, xzr beq 1f blr x17 +1: +#endif + +#if CTX_INCLUDE_PAUTH_REGS + /* Restore ARMv8.3-PAuth registers */ + bl pauth_context_restore #endif -1: /* Restore saved general purpose registers and return */ b restore_gp_registers_eret endfunc el3_exit diff --git a/lib/el3_runtime/aarch64/context_mgmt.c b/lib/el3_runtime/aarch64/context_mgmt.c index b956491e3..83f6e4895 100644 --- a/lib/el3_runtime/aarch64/context_mgmt.c +++ b/lib/el3_runtime/aarch64/context_mgmt.c @@ -122,6 +122,20 @@ void cm_setup_context(cpu_context_t *ctx, const entry_point_info_t *ep) scr_el3 |= SCR_FIEN_BIT; #endif +#if !CTX_INCLUDE_PAUTH_REGS + /* + * If the pointer authentication registers aren't saved during world + * switches the value of the registers can be leaked from the Secure to + * the Non-secure world. To prevent this, rather than enabling pointer + * authentication everywhere, we only enable it in the Non-secure world. + * + * If the Secure world wants to use pointer authentication, + * CTX_INCLUDE_PAUTH_REGS must be set to 1. + */ + if (security_state == NON_SECURE) + scr_el3 |= SCR_API_BIT | SCR_APK_BIT; +#endif /* !CTX_INCLUDE_PAUTH_REGS */ + #ifdef IMAGE_BL31 /* * SCR_EL3.IRQ, SCR_EL3.FIQ: Enable the physical FIQ and IRQ routing as |