diff --git a/Makefile b/Makefile index 0193c29..bd52c0b 100644 --- a/Makefile +++ b/Makefile @@ -472,6 +472,10 @@ endif BL31_CFLAGS += -fpie BL31_LDFLAGS += $(PIE_LDFLAGS) +ifeq ($(ARCH),aarch64) + BL32_CFLAGS += -fpie + BL32_LDFLAGS += $(PIE_LDFLAGS) +endif endif # Include the CPU specific operations makefile, which provides default diff --git a/bl32/tsp/aarch64/tsp_entrypoint.S b/bl32/tsp/aarch64/tsp_entrypoint.S index 1d3ec21..ebc5c2c 100644 --- a/bl32/tsp/aarch64/tsp_entrypoint.S +++ b/bl32/tsp/aarch64/tsp_entrypoint.S @@ -1,9 +1,11 @@ /* - * Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2013-2020, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ +#include + #include #include #include @@ -46,6 +48,24 @@ func tsp_entrypoint _align=3 +#if ENABLE_PIE + /* + * ------------------------------------------------------------ + * If PIE is enabled fixup the Global descriptor Table only + * once during primary core cold boot path. + * + * Compile time base address, required for fixup, is calculated + * using "pie_fixup" label present within first page. + * ------------------------------------------------------------ + */ + pie_fixup: + ldr x0, =pie_fixup + and x0, x0, #~(PAGE_SIZE - 1) + mov_imm x1, (BL32_LIMIT - BL32_BASE) + add x1, x1, x0 + bl fixup_gdt_reloc +#endif /* ENABLE_PIE */ + /* --------------------------------------------- * Set the exception vector to something sane. * --------------------------------------------- diff --git a/bl32/tsp/tsp.ld.S b/bl32/tsp/tsp.ld.S index e9a1df1..592e245 100644 --- a/bl32/tsp/tsp.ld.S +++ b/bl32/tsp/tsp.ld.S @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013-2018, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2013-2020, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -36,6 +36,17 @@ .rodata . : { __RODATA_START__ = .; *(.rodata*) + + /* + * Keep the .got section in the RO section as it is patched + * prior to enabling the MMU and having the .got in RO is better for + * security. GOT is a table of addresses so ensure 8-byte alignment. + */ + . = ALIGN(8); + __GOT_START__ = .; + *(.got) + __GOT_END__ = .; + . = ALIGN(PAGE_SIZE); __RODATA_END__ = .; } >RAM @@ -45,7 +56,19 @@ *tsp_entrypoint.o(.text*) *(.text*) *(.rodata*) + + /* + * Keep the .got section in the RO section as it is patched + * prior to enabling the MMU and having the .got in RO is better for + * security. GOT is a table of addresses so ensure 8-byte alignment. + */ + . = ALIGN(8); + __GOT_START__ = .; + *(.got) + __GOT_END__ = .; + *(.vectors) + __RO_END_UNALIGNED__ = .; /* * Memory page(s) mapped to this section will be marked as @@ -69,6 +92,17 @@ __DATA_END__ = .; } >RAM + /* + * .rela.dyn needs to come after .data for the read-elf utility to parse + * this section correctly. Ensure 8-byte alignment so that the fields of + * RELA data structure are aligned. + */ + . = ALIGN(8); + __RELA_START__ = .; + .rela.dyn . : { + } >RAM + __RELA_END__ = .; + #ifdef TSP_PROGBITS_LIMIT ASSERT(. <= TSP_PROGBITS_LIMIT, "TSP progbits has exceeded its limit.") #endif @@ -129,6 +163,10 @@ __RW_END__ = .; __BL32_END__ = .; + /DISCARD/ : { + *(.dynsym .dynstr .hash .gnu.hash) + } + __BSS_SIZE__ = SIZEOF(.bss); #if USE_COHERENT_MEM __COHERENT_RAM_UNALIGNED_SIZE__ = diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst index cac7e31..fc45455 100644 --- a/docs/getting_started/build-options.rst +++ b/docs/getting_started/build-options.rst @@ -213,7 +213,7 @@ - ``ENABLE_PIE``: Boolean option to enable Position Independent Executable(PIE) support within generic code in TF-A. This option is currently only supported - in BL2_AT_EL3 and BL31. Default is 0. + in BL2_AT_EL3, BL31, and BL32 (TSP). Default is 0. - ``ENABLE_PMF``: Boolean option to enable support for optional Performance Measurement Framework(PMF). Default is 0.