Merge "TF-A: Add support for ARMv8.3-PAuth in BL1 SMC calls and BL2U" into integration
diff --git a/bl1/aarch64/bl1_exceptions.S b/bl1/aarch64/bl1_exceptions.S
index 3e72e39..9bba6ee 100644
--- a/bl1/aarch64/bl1_exceptions.S
+++ b/bl1/aarch64/bl1_exceptions.S
@@ -226,6 +226,15 @@
*/
bl save_gp_pmcr_pauth_regs
+#if ENABLE_PAUTH
+ /* -----------------------------------------------------
+ * Load and program stored APIAKey firmware key.
+ * Re-enable pointer authentication in EL3, as it was
+ * disabled before jumping to the next boot image.
+ * -----------------------------------------------------
+ */
+ bl pauth_load_bl1_apiakey_enable
+#endif
/* -----------------------------------------------------
* Populate the parameters for the SMC handler. We
* already have x0-x4 in place. x5 will point to a
diff --git a/bl1/bl1_main.c b/bl1/bl1_main.c
index 2bb8511..cd6fe7d 100644
--- a/bl1/bl1_main.c
+++ b/bl1/bl1_main.c
@@ -31,6 +31,10 @@
static void bl1_load_bl2(void);
+#if ENABLE_PAUTH
+uint64_t bl1_apiakey[2];
+#endif
+
/*******************************************************************************
* Helper utility to calculate the BL2 memory layout taking into consideration
* the BL1 RW data assuming that it is at the top of the memory layout.
@@ -131,6 +135,12 @@
/* Perform platform setup in BL1. */
bl1_platform_setup();
+#if ENABLE_PAUTH
+ /* Store APIAKey_EL1 key */
+ bl1_apiakey[0] = read_apiakeylo_el1();
+ bl1_apiakey[1] = read_apiakeyhi_el1();
+#endif /* ENABLE_PAUTH */
+
/* Get the image id of next image to load and run. */
image_id = bl1_plat_get_next_image_id();
diff --git a/bl2u/aarch64/bl2u_entrypoint.S b/bl2u/aarch64/bl2u_entrypoint.S
index 452869e..3e37b44 100644
--- a/bl2u/aarch64/bl2u_entrypoint.S
+++ b/bl2u/aarch64/bl2u_entrypoint.S
@@ -102,6 +102,15 @@
bl bl2u_early_platform_setup
bl bl2u_plat_arch_setup
+#if ENABLE_PAUTH
+ /* ---------------------------------------------
+ * Program APIAKey_EL1
+ * and enable pointer authentication.
+ * ---------------------------------------------
+ */
+ bl pauth_init_enable_el1
+#endif
+
/* ---------------------------------------------
* Jump to bl2u_main function.
* ---------------------------------------------
diff --git a/lib/extensions/pauth/pauth_helpers.S b/lib/extensions/pauth/pauth_helpers.S
index c6808de..d483c7d 100644
--- a/lib/extensions/pauth/pauth_helpers.S
+++ b/lib/extensions/pauth/pauth_helpers.S
@@ -13,6 +13,7 @@
.global pauth_init_enable_el3
.global pauth_disable_el3
.globl pauth_load_bl31_apiakey
+ .globl pauth_load_bl1_apiakey_enable
/* -------------------------------------------------------------
* Program APIAKey_EL1 and enable pointer authentication in EL1
@@ -97,9 +98,9 @@
endfunc pauth_disable_el3
/* -------------------------------------------------------------
- * The following function strictly follows the AArch64 PCS
+ * The following functions strictly follow the AArch64 PCS
* to use x9-x17 (temporary caller-saved registers) to load
- * the APIAKey_EL1 used by the firmware.
+ * the APIAKey_EL1 and enable pointer authentication.
* -------------------------------------------------------------
*/
func pauth_load_bl31_apiakey
@@ -115,3 +116,26 @@
isb
ret
endfunc pauth_load_bl31_apiakey
+
+func pauth_load_bl1_apiakey_enable
+ /* Load instruction key A used by the Trusted Firmware */
+ adrp x9, bl1_apiakey
+ add x9, x9, :lo12:bl1_apiakey
+ ldp x10, x11, [x9]
+
+ /* Program instruction key A */
+ msr APIAKeyLo_EL1, x10
+ msr APIAKeyHi_EL1, x11
+
+ /* Enable pointer authentication */
+ mrs x9, sctlr_el3
+ orr x9, x9, #SCTLR_EnIA_BIT
+
+#if ENABLE_BTI
+ /* Enable PAC branch type compatibility */
+ bic x9, x9, #SCTLR_BT_BIT
+#endif
+ msr sctlr_el3, x9
+ isb
+ ret
+endfunc pauth_load_bl1_apiakey_enable
