Commit ed756252 authored by davidcunado-arm's avatar davidcunado-arm Committed by GitHub
Browse files

Merge pull request #886 from dp-arm/dp/stack-protector

Add support for GCC stack protection
parents 90e0ffd3 e6d2aea1
......@@ -90,6 +90,9 @@ ENABLE_PSCI_STAT := 0
# Flag to enable runtime instrumentation using PMF
ENABLE_RUNTIME_INSTRUMENTATION := 0
# Flag to enable stack corruption protection
ENABLE_STACK_PROTECTOR := 0
# Build flag to treat usage of deprecated platform and framework APIs as error.
ERROR_DEPRECATED := 0
......
/*
* Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* Neither the name of ARM nor the names of its contributors may be used
* to endorse or promote products derived from this software without specific
* prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#include <arch_helpers.h>
#include <platform.h>
#include <stdint.h>
#define RANDOM_CANARY_VALUE ((u_register_t) 3288484550995823360ULL)
u_register_t plat_get_stack_protector_canary(void)
{
/*
* Ideally, a random number should be returned instead of the
* combination of a timer's value and a compile-time constant. As the
* FVP does not have any random number generator, this is better than
* nothing but not necessarily really secure.
*/
return RANDOM_CANARY_VALUE ^ read_cntpct_el0();
}
#
# Copyright (c) 2013-2016, ARM Limited and Contributors. All rights reserved.
# Copyright (c) 2013-2017, ARM Limited and Contributors. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
......@@ -157,5 +157,9 @@ BL31_SOURCES += plat/arm/board/fvp/fvp_bl31_setup.c \
# Disable the PSCI platform compatibility layer
ENABLE_PLAT_COMPAT := 0
ifneq (${ENABLE_STACK_PROTECTOR},0)
PLAT_BL_COMMON_SOURCES += plat/arm/board/fvp/fvp_stack_protector.c
endif
include plat/arm/board/common/board_common.mk
include plat/arm/common/arm_common.mk
/*
* Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* Neither the name of ARM nor the names of its contributors may be used
* to endorse or promote products derived from this software without specific
* prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef __JUNO_DECL_H__
#define __JUNO_DECL_H__
int juno_getentropy(void *buf, size_t len);
#endif /* __JUNO_DECL_H__ */
/*
* Copyright (c) 2014-2016, ARM Limited and Contributors. All rights reserved.
* Copyright (c) 2014-2017, ARM Limited and Contributors. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
......@@ -74,6 +74,17 @@
#define TZC400_NSAID_SCP 11
#define TZC400_NSAID_CORESIGHT 12
/*******************************************************************************
* TRNG related constants
******************************************************************************/
#define TRNG_BASE 0x7FE60000ULL
#define TRNG_NOUTPUTS 4
#define TRNG_STATUS 0x10
#define TRNG_INTMASK 0x14
#define TRNG_CONFIG 0x18
#define TRNG_CONTROL 0x1C
#define TRNG_NBYTES 16 /* Number of bytes generated per round. */
/*******************************************************************************
* MMU-401 related constants
******************************************************************************/
......
/*
* Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* Neither the name of ARM nor the names of its contributors may be used
* to endorse or promote products derived from this software without specific
* prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#include <arch_helpers.h>
#include <debug.h>
#include <utils.h>
#include "juno_decl.h"
#include "juno_def.h"
u_register_t plat_get_stack_protector_canary(void)
{
u_register_t c[TRNG_NBYTES / sizeof(u_register_t)];
u_register_t ret = 0;
size_t i;
if (juno_getentropy(c, sizeof(c)) != 0) {
ERROR("Not enough entropy to initialize canary value\n");
panic();
}
/*
* On Juno we get 128-bits of entropy in one round.
* Fuse the values together to form the canary.
*/
for (i = 0; i < ARRAY_SIZE(c); i++)
ret ^= c[i];
return ret;
}
/*
* Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* Neither the name of ARM nor the names of its contributors may be used
* to endorse or promote products derived from this software without specific
* prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#include <assert.h>
#include <mmio.h>
#include <string.h>
#include <utils.h>
#include "juno_def.h"
#define NSAMPLE_CLOCKS 1 /* min 1 cycle, max 231 cycles */
#define NRETRIES 5
static inline int output_valid(void)
{
int i;
for (i = 0; i < NRETRIES; i++) {
uint32_t val;
val = mmio_read_32(TRNG_BASE + TRNG_STATUS);
if (val & 1U)
break;
}
if (i >= NRETRIES)
return 0; /* No output data available. */
return 1;
}
/*
* This function fills `buf` with `len` bytes of entropy.
* It uses the Trusted Entropy Source peripheral on Juno.
* Returns 0 when the buffer has been filled with entropy
* successfully and -1 otherwise.
*/
int juno_getentropy(void *buf, size_t len)
{
uint8_t *bp = buf;
assert(buf);
assert(len);
assert(!check_uptr_overflow((uintptr_t)bp, len));
/* Disable interrupt mode. */
mmio_write_32(TRNG_BASE + TRNG_INTMASK, 0);
/* Program TRNG to sample for `NSAMPLE_CLOCKS`. */
mmio_write_32(TRNG_BASE + TRNG_CONFIG, NSAMPLE_CLOCKS);
while (len > 0) {
int i;
/* Start TRNG. */
mmio_write_32(TRNG_BASE + TRNG_CONTROL, 1);
/* Check if output is valid. */
if (!output_valid())
return -1;
/* Fill entropy buffer. */
for (i = 0; i < TRNG_NOUTPUTS; i++) {
size_t n;
uint32_t val;
val = mmio_read_32(TRNG_BASE + i * sizeof(uint32_t));
n = MIN(len, sizeof(uint32_t));
memcpy(bp, &val, n);
bp += n;
len -= n;
if (len == 0)
break;
}
/* Reset TRNG outputs. */
mmio_write_32(TRNG_BASE + TRNG_STATUS, 1);
}
return 0;
}
#
# Copyright (c) 2013-2016, ARM Limited and Contributors. All rights reserved.
# Copyright (c) 2013-2017, ARM Limited and Contributors. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
......@@ -39,8 +39,12 @@ JUNO_INTERCONNECT_SOURCES := drivers/arm/cci/cci.c \
JUNO_SECURITY_SOURCES := drivers/arm/tzc/tzc400.c \
plat/arm/board/juno/juno_security.c \
plat/arm/board/juno/juno_trng.c \
plat/arm/common/arm_tzc400.c
ifneq (${ENABLE_STACK_PROTECTOR}, 0)
JUNO_SECURITY_SOURCES += plat/arm/board/juno/juno_stack_protector.c
endif
PLAT_INCLUDES := -Iplat/arm/board/juno/include
......@@ -51,7 +55,8 @@ BL1_SOURCES += lib/cpus/aarch64/cortex_a53.S \
lib/cpus/aarch64/cortex_a72.S \
plat/arm/board/juno/juno_bl1_setup.c \
plat/arm/board/juno/juno_err.c \
${JUNO_INTERCONNECT_SOURCES}
${JUNO_INTERCONNECT_SOURCES} \
${JUNO_SECURITY_SOURCES}
BL2_SOURCES += plat/arm/board/juno/juno_err.c \
${JUNO_SECURITY_SOURCES}
......
......@@ -95,6 +95,11 @@ SECTIONS
*/
__RW_START__ = . ;
/*
* .data must be placed at a lower address than the stacks if the stack
* protector is enabled. Alternatively, the .data.stack_protector_canary
* section can be placed independently of the main .data section.
*/
.data . : {
__DATA_START__ = .;
*(.data*)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment