2 files changed, 128 insertions, 10 deletions
diff --git a/lib/el3_runtime/aarch64/context.S b/lib/el3_runtime/aarch64/context.S
index 707e6dbd4..4489e908b 100644
--- a/lib/el3_runtime/aarch64/context.S
+++ b/lib/el3_runtime/aarch64/context.S
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -14,6 +14,13 @@
 	.global	fpregs_context_save
 	.global	fpregs_context_restore
 #endif
+#if CTX_INCLUDE_PAUTH_REGS
+	.global	pauth_context_restore
+	.global	pauth_context_save
+#endif
+#if ENABLE_PAUTH
+	.global	pauth_load_bl_apiakey
+#endif
 	.global	save_gp_registers
 	.global	restore_gp_registers
 	.global	restore_gp_registers_eret
@@ -299,6 +306,96 @@ func fpregs_context_restore
 endfunc fpregs_context_restore
 #endif /* CTX_INCLUDE_FPREGS */
 
+#if CTX_INCLUDE_PAUTH_REGS
+/* -----------------------------------------------------
+ * The following function strictly follows the AArch64
+ * PCS to use x9-x17 (temporary caller-saved registers)
+ * to save the ARMv8.3-PAuth register context. It assumes
+ * that 'sp' is pointing to a 'cpu_context_t' structure
+ * to where the register context will be saved.
+ * -----------------------------------------------------
+ */
+func pauth_context_save
+	add	x11, sp, #CTX_PAUTH_REGS_OFFSET
+
+	mrs	x9, APIAKeyLo_EL1
+	mrs	x10, APIAKeyHi_EL1
+	stp	x9, x10, [x11, #CTX_PACIAKEY_LO]
+
+	mrs	x9, APIBKeyLo_EL1
+	mrs	x10, APIBKeyHi_EL1
+	stp	x9, x10, [x11, #CTX_PACIBKEY_LO]
+
+	mrs	x9, APDAKeyLo_EL1
+	mrs	x10, APDAKeyHi_EL1
+	stp	x9, x10, [x11, #CTX_PACDAKEY_LO]
+
+	mrs	x9, APDBKeyLo_EL1
+	mrs	x10, APDBKeyHi_EL1
+	stp	x9, x10, [x11, #CTX_PACDBKEY_LO]
+
+	mrs	x9, APGAKeyLo_EL1
+	mrs	x10, APGAKeyHi_EL1
+	stp	x9, x10, [x11, #CTX_PACGAKEY_LO]
+
+	ret
+endfunc pauth_context_save
+
+/* -----------------------------------------------------
+ * The following function strictly follows the AArch64
+ * PCS to use x9-x17 (temporary caller-saved registers)
+ * to restore the ARMv8.3-PAuth register context. It assumes
+ * that 'sp' is pointing to a 'cpu_context_t' structure
+ * from where the register context will be restored.
+ * -----------------------------------------------------
+ */
+func pauth_context_restore
+	add	x11, sp, #CTX_PAUTH_REGS_OFFSET
+
+	ldp	x9, x10, [x11, #CTX_PACIAKEY_LO]
+	msr	APIAKeyLo_EL1, x9
+	msr	APIAKeyHi_EL1, x10
+
+	ldp	x9, x10, [x11, #CTX_PACIAKEY_LO]
+	msr	APIBKeyLo_EL1, x9
+	msr	APIBKeyHi_EL1, x10
+
+	ldp	x9, x10, [x11, #CTX_PACDAKEY_LO]
+	msr	APDAKeyLo_EL1, x9
+	msr	APDAKeyHi_EL1, x10
+
+	ldp	x9, x10, [x11, #CTX_PACDBKEY_LO]
+	msr	APDBKeyLo_EL1, x9
+	msr	APDBKeyHi_EL1, x10
+
+	ldp	x9, x10, [x11, #CTX_PACGAKEY_LO]
+	msr	APGAKeyLo_EL1, x9
+	msr	APGAKeyHi_EL1, x10
+
+	ret
+endfunc pauth_context_restore
+#endif /* CTX_INCLUDE_PAUTH_REGS */
+
+/* -----------------------------------------------------
+ * The following function strictly follows the AArch64
+ * PCS to use x9-x17 (temporary caller-saved registers)
+ * to load the APIA key used by the firmware.
+ * -----------------------------------------------------
+ */
+#if ENABLE_PAUTH
+func pauth_load_bl_apiakey
+	/* Load instruction key A used by the Trusted Firmware. */
+	adrp	x11, plat_apiakey
+	add	x11, x11, :lo12:plat_apiakey
+	ldp	x9, x10, [x11, #0]
+
+	msr	APIAKeyLo_EL1, x9
+	msr	APIAKeyHi_EL1, x10
+
+	ret
+endfunc pauth_load_bl_apiakey
+#endif /* ENABLE_PAUTH */
+
 /* -----------------------------------------------------
  * The following functions are used to save and restore
  * all the general purpose registers. Ideally we would
@@ -332,9 +429,10 @@ func save_gp_registers
 	ret
 endfunc save_gp_registers
 
-/*
+/* -----------------------------------------------------
  * This function restores all general purpose registers except x30 from the
  * CPU context. x30 register must be explicitly restored by the caller.
+ * -----------------------------------------------------
  */
 func restore_gp_registers
 	ldp	x0, x1, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X0]
@@ -357,9 +455,10 @@ func restore_gp_registers
 	ret
 endfunc restore_gp_registers
 
-/*
+/* -----------------------------------------------------
  * Restore general purpose registers (including x30), and exit EL3 via. ERET to
  * a lower exception level.
+ * -----------------------------------------------------
  */
 func restore_gp_registers_eret
 	bl	restore_gp_registers
@@ -377,12 +476,12 @@ func restore_gp_registers_eret
 	eret
 endfunc	restore_gp_registers_eret
 
-	/* -----------------------------------------------------
-	 * This routine assumes that the SP_EL3 is pointing to
-	 * a valid context structure from where the gp regs and
-	 * other special registers can be retrieved.
-	 * -----------------------------------------------------
-	 */
+/* -----------------------------------------------------
+ * This routine assumes that the SP_EL3 is pointing to
+ * a valid context structure from where the gp regs and
+ * other special registers can be retrieved.
+ * -----------------------------------------------------
+ */
 func el3_exit
 	/* -----------------------------------------------------
 	 * Save the current SP_EL0 i.e. the EL3 runtime stack
@@ -410,9 +509,14 @@ func el3_exit
 	cmp	x17, xzr
 	beq	1f
 	blr	x17
+1:
+#endif
+
+#if CTX_INCLUDE_PAUTH_REGS
+	/* Restore ARMv8.3-PAuth registers */
+	bl	pauth_context_restore
 #endif
 
-1:
 	/* Restore saved general purpose registers and return */
 	b	restore_gp_registers_eret
 endfunc el3_exit
diff --git a/lib/el3_runtime/aarch64/context_mgmt.c b/lib/el3_runtime/aarch64/context_mgmt.c
index 0a72aeb67..89d7ed682 100644
--- a/lib/el3_runtime/aarch64/context_mgmt.c
+++ b/lib/el3_runtime/aarch64/context_mgmt.c
@@ -122,6 +122,20 @@ void cm_setup_context(cpu_context_t *ctx, const entry_point_info_t *ep)
 	scr_el3 |= SCR_FIEN_BIT;
 #endif
 
+#if !CTX_INCLUDE_PAUTH_REGS
+	/*
+	 * If the pointer authentication registers aren't saved during world
+	 * switches the value of the registers can be leaked from the Secure to
+	 * the Non-secure world. To prevent this, rather than enabling pointer
+	 * authentication everywhere, we only enable it in the Non-secure world.
+	 *
+	 * If the Secure world wants to use pointer authentication,
+	 * CTX_INCLUDE_PAUTH_REGS must be set to 1.
+	 */
+	if (security_state == NON_SECURE)
+		scr_el3 |= SCR_API_BIT | SCR_APK_BIT;
+#endif /* !CTX_INCLUDE_PAUTH_REGS */
+
 #ifdef IMAGE_BL31
 	/*
 	 * SCR_EL3.IRQ, SCR_EL3.FIQ: Enable the physical FIQ and IRQ routing as