diff --git a/bl31/aarch64/bl31_entrypoint.S b/bl31/aarch64/bl31_entrypoint.S index c41773b..8e9528b 100644 --- a/bl31/aarch64/bl31_entrypoint.S +++ b/bl31/aarch64/bl31_entrypoint.S @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013-2018, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -87,29 +87,39 @@ bl fixup_gdt_reloc #endif /* ENABLE_PIE */ - /* --------------------------------------------- - * Perform platform specific early arch. setup - * --------------------------------------------- + /* -------------------------------------------------------------------- + * Perform BL31 setup + * -------------------------------------------------------------------- */ mov x0, x20 mov x1, x21 mov x2, x22 mov x3, x23 - bl bl31_early_platform_setup2 - bl bl31_plat_arch_setup + bl bl31_setup - /* --------------------------------------------- + /* -------------------------------------------------------------------- + * Enable pointer authentication + * -------------------------------------------------------------------- + */ +#if ENABLE_PAUTH + mrs x0, sctlr_el3 + orr x0, x0, #SCTLR_EnIA_BIT + msr sctlr_el3, x0 + isb +#endif /* ENABLE_PAUTH */ + + /* -------------------------------------------------------------------- * Jump to main function. - * --------------------------------------------- + * -------------------------------------------------------------------- */ bl bl31_main - /* ------------------------------------------------------------- + /* -------------------------------------------------------------------- * Clean the .data & .bss sections to main memory. This ensures * that any global data which was initialised by the primary CPU * is visible to secondary CPUs before they enable their data * caches and participate in coherency. - * ------------------------------------------------------------- + * -------------------------------------------------------------------- */ adr x0, __DATA_START__ adr x1, __DATA_END__ diff --git a/bl31/bl31.mk b/bl31/bl31.mk index c9ba926..10feae1 100644 --- a/bl31/bl31.mk +++ b/bl31/bl31.mk @@ -75,6 +75,10 @@ BL31_SOURCES += lib/extensions/mpam/mpam.c endif +ifeq (${ENABLE_PAUTH},1) +BL31_CFLAGS += -msign-return-address=non-leaf +endif + ifeq (${WORKAROUND_CVE_2017_5715},1) BL31_SOURCES += lib/cpus/aarch64/wa_cve_2017_5715_bpiall.S \ lib/cpus/aarch64/wa_cve_2017_5715_mmu.S diff --git a/bl31/bl31_main.c b/bl31/bl31_main.c index da35f75..aca16d6 100644 --- a/bl31/bl31_main.c +++ b/bl31/bl31_main.c @@ -64,6 +64,27 @@ } /******************************************************************************* + * Setup function for BL31. + ******************************************************************************/ +void bl31_setup(u_register_t arg0, u_register_t arg1, u_register_t arg2, + u_register_t arg3) +{ + /* Perform early platform-specific setup */ + bl31_early_platform_setup2(arg0, arg1, arg2, arg3); + + /* + * Update pointer authentication key before the MMU is enabled. It is + * saved in the rodata section, that can be writen before enabling the + * MMU. This function must be called after the console is initialized + * in the early platform setup. + */ + bl_handle_pauth(); + + /* Perform late platform-specific setup */ + bl31_plat_arch_setup(); +} + +/******************************************************************************* * BL31 is responsible for setting up the runtime services for the primary cpu * before passing control to the bootloader or an Operating System. This * function calls runtime_svc_init() which initializes all registered runtime diff --git a/include/bl31/bl31.h b/include/bl31/bl31.h index 08c555d..3deb0a5 100644 --- a/include/bl31/bl31.h +++ b/include/bl31/bl31.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013-2018, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -12,6 +12,8 @@ /******************************************************************************* * Function prototypes ******************************************************************************/ +void bl31_setup(u_register_t arg0, u_register_t arg1, u_register_t arg2, + u_register_t arg3); void bl31_next_el_arch_setup(uint32_t security_state); void bl31_set_next_image_type(uint32_t security_state); uint32_t bl31_get_next_image_type(void);