1. 04 Mar, 2021 1 commit
    • Pali Rohár's avatar
      Print newline after hex address in aarch64 el3_panic function · 805f22ba
      Pali Rohár authored
      
      
      Make the aarch64's el3_panic() function print a newline character after
      PC address, otherwise the output can get mangled in one line with output
      from other firmware. Here is an example of how the output of el3_panic()
      got mangled with Linux' console output:
      
          ERROR:   Unhandled External Abort received on 0x80000001 at EL3!
          ERROR:    exception reason=1 syndrome=0x92000210
          PANIC at PC : 0x0000000004027400[13438.473133] rcu: INFO: rcu_sched detected stalls on CPUs/tasks:
          [13438.479255] rcu:     1-...0: (4 ticks this GP) idle=35e/1/0x4000000000000000 softirq=146459/146459 fqs=2625
      
      The aarch32 version of this function already does this.
      Signed-off-by: default avatarPali Rohár <pali@kernel.org>
      Change-Id: I9f0d032c6cd1e2be7a1837f9c8e8244d30633993
      805f22ba
  2. 12 Oct, 2020 1 commit
    • Jimmy Brisson's avatar
      Increase type widths to satisfy width requirements · d7b5f408
      Jimmy Brisson authored
      
      
      Usually, C has no problem up-converting types to larger bit sizes. MISRA
      rule 10.7 requires that you not do this, or be very explicit about this.
      This resolves the following required rule:
      
          bl1/aarch64/bl1_context_mgmt.c:81:[MISRA C-2012 Rule 10.7 (required)]<None>
          The width of the composite expression "0U | ((mode & 3U) << 2U) | 1U |
          0x3c0U" (32 bits) is less that the right hand operand
          "18446744073709547519ULL" (64 bits).
      
      This also resolves MISRA defects such as:
      
          bl2/aarch64/bl2arch_setup.c:18:[MISRA C-2012 Rule 12.2 (required)]
          In the expression "3U << 20", shifting more than 7 bits, the number
          of bits in the essential type of the left expression, "3U", is
          not allowed.
      
      Further, MISRA requires that all shifts don't overflow. The definition of
      PAGE_SIZE was (1U << 12), and 1U is 8 bits. This caused about 50 issues.
      This fixes the violation by changing the definition to 1UL << 12. Since
      this uses 32bits, it should not create any issues for aarch32.
      
      This patch also contains a fix for a build failure in the sun50i_a64
      platform. Specifically, these misra fixes removed a single and
      instruction,
      
          92407e73        and     x19, x19, #0xffffffff
      
      from the cm_setup_context function caused a relocation in
      psci_cpus_on_start to require a linker-generated stub. This increased the
      size of the .text section and caused an alignment later on to go over a
      page boundary and round up to the end of RAM before placing the .data
      section. This sectionn is of non-zero size and therefore causes a link
      error.
      
      The fix included in this reorders the functions during link time
      without changing their ording with respect to alignment.
      
      Change-Id: I76b4b662c3d262296728a8b9aab7a33b02087f16
      Signed-off-by: default avatarJimmy Brisson <jimmy.brisson@arm.com>
      d7b5f408
  3. 09 Oct, 2020 1 commit
    • Jimmy Brisson's avatar
      Don't return error information from console_flush · 831b0e98
      Jimmy Brisson authored
      
      
      And from crash_console_flush.
      
      We ignore the error information return by console_flush in _every_
      place where we call it, and casting the return type to void does not
      work around the MISRA violation that this causes. Instead, we collect
      the error information from the driver (to avoid changing that API), and
      don't return it to the caller.
      
      Change-Id: I1e35afe01764d5c8f0efd04f8949d333ffb688c1
      Signed-off-by: default avatarJimmy Brisson <jimmy.brisson@arm.com>
      831b0e98
  4. 07 Oct, 2020 1 commit
    • Andre Przywara's avatar
      fdt: Fix coverity complaint about 32-bit multiplication · 4276cfe2
      Andre Przywara authored
      
      
      Coverity raised an eyebrow over our GICR frame size calculation:
      ========
          CID 362942:  Integer handling issues  (OVERFLOW_BEFORE_WIDEN)
      Potentially overflowing expression "nr_cores * gicr_frame_size" with type
      "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic,
      and then used in a context that expects an expression of type "uint64_t"
      (64 bits, unsigned).
      ========
      
      Even with a GICv4 (256KB frame size) we need 16384 cores to overflow
      32-bit, so it's not a practical issue.
      
      But it's also easy to fix, so let's just do that: cast gicr_frame_size
      to an unsigned 64-bit integer, so that the multiplication is done in the
      64-bit realm.
      
      Change-Id: Iad10e19b9e58d5fbf9d13205fbcef0aac5ae48af
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      4276cfe2
  5. 29 Sep, 2020 1 commit
    • Andre Przywara's avatar
      fdt: Add function to adjust GICv3 redistributor size · 9f7bab42
      Andre Przywara authored
      
      
      We now have code to detect the CPU topology at runtime, and can also
      populate the CPU nodes in a devicetree accordingly. This is used by the
      ARM FPGA port, for instance.
      But also a GICv3 compatible interrupt controller provides MMIO frames
      per core, so the size of this region needs to be adjusted in the DT,
      to match the number of cores as well.
      
      Provide a generic function to find the GICv3 interrupt controller in
      the DT, then adjust the "reg" entry to match the number of detected
      cores. Since the size of the GICR frame per cores differs between
      GICv4 and GICv3, this size is supplied as a parameter to the function.
      The caller should determine the applicable value by either hardcoding
      it or by observing GICR_TYPER.VLPIS.
      
      Change-Id: Ic2a6445c2c5381a36bf24263f52fcbefad378c05
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      9f7bab42
  6. 21 Sep, 2020 1 commit
    • Yann Gautier's avatar
      Align AARCH32 version of debug.S with AARCH64 · 00a55fe4
      Yann Gautier authored
      
      
      Re-order code (put panic and report_exception at the end of the file).
      Export asm_print_* functions.
      Add asm_print_line_dec macro, and asm_print_newline func.
      Align comments in both AARCH32 and AARCH64 files.
      Add blank lines in AARCH64 files to align with AARCH32.
      
      Change-Id: I8e299a27c1390f71f04e260cd4a0e59b2384eb19
      Signed-off-by: default avatarYann Gautier <yann.gautier@st.com>
      00a55fe4
  7. 01 Sep, 2020 1 commit
  8. 18 Aug, 2020 1 commit
    • Manish V Badarkhe's avatar
      Add wrapper for AT instruction · 86ba5853
      Manish V Badarkhe authored
      
      
      In case of AT speculative workaround applied, page table walk
      is disabled for lower ELs (EL1 and EL0) in EL3.
      Hence added a wrapper function which temporarily enables page
      table walk to execute AT instruction for lower ELs and then
      disables page table walk.
      
      Execute AT instructions directly for lower ELs (EL1 and EL0)
      assuming page table walk is enabled always when AT speculative
      workaround is not applied.
      
      Change-Id: I4ad4c0bcbb761448af257e9f72ae979473c0dde8
      Signed-off-by: default avatarManish V Badarkhe <Manish.Badarkhe@arm.com>
      86ba5853
  9. 21 May, 2020 1 commit
  10. 13 May, 2020 1 commit
    • Olivier Deprez's avatar
      SPMD: extract SPMC DTB header size from SPMD · 23d5ba86
      Olivier Deprez authored
      
      
      Currently BL2 passes TOS_FW_CONFIG address and size through registers to
      BL31. This corresponds to SPMC manifest load address and size. The SPMC
      manifest is mapped in BL31 by dynamic mapping. This patch removes BL2
      changes from generic code (which were enclosed by SPD=spmd) and retrieves
      SPMC manifest size directly from within SPMD. The SPMC manifest load
      address is still passed through a register by generic code.
      Signed-off-by: default avatarOlivier Deprez <olivier.deprez@arm.com>
      Change-Id: I35c5abd95c616ae25677302f0b1d0c45c51c042f
      23d5ba86
  11. 05 May, 2020 2 commits
    • Andre Przywara's avatar
      fdt/wrappers: Introduce code to find UART DT node · 60e2e27d
      Andre Przywara authored
      
      
      The stdout-path property in the /chosen node of a DTB points to a device
      node, which is used for boot console output.
      On most (if not all) ARM based platforms this is the debug UART.
      The ST platform code contains a function to parse this property and
      chase down eventual aliases to learn the node offset of this UART node.
      
      Introduce a slightly more generalised version of this ST platform function
      in the generic fdt_wrappers code. This will be useful for other platforms
      as well.
      
      Change-Id: Ie6da47ace7833861b5e35fe8cba49835db3659a5
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      60e2e27d
    • Andre Przywara's avatar
      plat/stm32: Use generic fdt_get_reg_props_by_name() · 7ad6d362
      Andre Przywara authored
      
      
      The STM32 platform port parse DT nodes to find base address to
      peripherals. It does this by using its own implementation, even though
      this functionality is generic and actually widely useful outside of the
      STM32 code.
      
      Re-implement fdt_get_reg_props_by_name() on top of the newly introduced
      fdt_get_reg_props_by_index() function, and move it to fdt_wrapper.c.
      This is removes the assumption that #address-cells and #size-cells are
      always one.
      
      Change-Id: I6d584930262c732b6e0356d98aea50b2654f789d
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      7ad6d362
  12. 30 Apr, 2020 1 commit
    • Andre Przywara's avatar
      arm: fconf: Fix GICv3 dynamic configuration · 364ad245
      Andre Przywara authored
      
      
      At the moment the fconf_populate_gicv3_config() implementation is
      somewhat incomplete: First it actually fails to store the retrieved
      information (the local addr[] array is going nowhere), but also it makes
      quite some assumptions about the device tree passed to it: it needs to
      use two address-cells and two size-cells, and also requires all five
      register regions to be specified, where actually only the first two
      are mandatory according to the binding (and needed by our code).
      
      Fix this by introducing a proper generic function to retrieve "reg"
      property information from a DT node:
      We retrieve the #address-cells and #size-cells properties from the
      parent node, then use those to extract the right values from the "reg"
      property. The function takes an index to select one region of a reg
      property.
      
      This is loosely based on the STM32 implementation using "reg-names",
      which we will subsume in a follow-up patch.
      
      Change-Id: Ia59bfdf80aea4e36876c7b6ed4d153e303f482e8
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      364ad245
  13. 29 Apr, 2020 2 commits
    • Andre Przywara's avatar
      plat/stm32: Implement fdt_read_uint32_default() as a wrapper · be858cff
      Andre Przywara authored
      
      
      The STM32 platform code uses its own set of FDT helper functions,
      although some of them are fairly generic.
      
      Remove the implementation of fdt_read_uint32_default() and implement it
      on top of the newly introduced fdt_read_uint32() function, then convert
      all users over.
      
      This also fixes two callers, which were slightly abusing the "default"
      semantic.
      
      Change-Id: I570533362b4846e58dd797a92347de3e0e5abb75
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      be858cff
    • Andre Przywara's avatar
      fdt/wrappers: Replace fdtw_read_cells() implementation · ff4e6c35
      Andre Przywara authored
      Our fdtw_read_cells() implementation goes to great lengths to
      sanity-check every parameter and result, but leaves a big hole open:
      The size of the storage the value pointer points at needs to match the
      number of cells given. This can't be easily checked at compile time,
      since we lose the size information by using a void pointer.
      Regardless the current usage of this function is somewhat wrong anyways,
      since we use it on single-element, fixed-length properties only, for
      which the DT binding specifies the size.
      Typically we use those functions dealing with a number of cells in DT
      context to deal with *dynamically* sized properties, which depend on
      other properties (#size-cells, #clock-cells, ...), to specify the number
      of cells needed.
      
      Another problem with the current implementation is the use of
      ambiguously sized types (uintptr_t, size_t) together with a certain
      expectation about their size. In general there is no relation between
      the length of a DT property and the bitness of the code that parses the
      DTB: AArch64 code could encounter 32-bit addresses (where the physical
      address space is limited to 4GB [1]), while AArch32 code could read
      64-bit sized properties (/memory nodes on LPAE systems, [2]).
      
      To make this more clear, fix the potential issues and also align more
      with other DT users (Linux and U-Boot), introduce functions to explicitly
      read uint32 and uint64 properties. As the other DT consumers, we do this
      based on the generic "read array" function.
      Convert all users to use either of those two new functions, and make
      sure we never use a pointer to anything other than uint32_t or uint64_t
      variables directly.
      
      This reveals (and fixes) a bug in plat_spmd_manifest.c, where we write
      4 bytes into a uint16_t variable (passed via a void pointer).
      
      Also we change the implementation of the function to better align with
      other libfdt users, by using the right types (fdt32_t) and common
      variable names (*prop, prop_names).
      
      [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/arm64/boot/dts/allwinner/sun50i-a64.dtsi#n874
      [2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/arm/boot/dts/ecx-2000.dts
      
      
      
      Change-Id: I718de960515117ac7a3331a1b177d2ec224a3890
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      ff4e6c35
  14. 28 Apr, 2020 1 commit
    • Andre Przywara's avatar
      fdt/wrappers: Generalise fdtw_read_array() · 6e3a89f4
      Andre Przywara authored
      
      
      Currently our fdtw_read_array() implementation requires the length of
      the property to exactly match the requested size, which makes it less
      flexible for parsing generic device trees.
      Also the name is slightly misleading, since we treat the cells of the
      array as 32 bit unsigned integers, performing the endianess conversion.
      
      To fix those issues and align the code more with other DT users (Linux
      kernel or U-Boot), rename the function to "fdt_read_uint32_array", and
      relax the length check to only check if the property covers at least the
      number of cells we request.
      This also changes the variable names to be more in-line with other DT
      users, and switches to the proper data types.
      
      This makes this function more useful in later patches.
      
      Change-Id: Id86f4f588ffcb5106d4476763ecdfe35a735fa6c
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      6e3a89f4
  15. 01 Apr, 2020 1 commit
  16. 06 Mar, 2020 1 commit
  17. 10 Feb, 2020 1 commit
  18. 07 Feb, 2020 2 commits
  19. 05 Feb, 2020 1 commit
  20. 03 Feb, 2020 1 commit
  21. 22 Jan, 2020 1 commit
  22. 14 Nov, 2019 1 commit
    • Sandrine Bailleux's avatar
      Refactor load_auth_image_internal(). · 9e7d6631
      Sandrine Bailleux authored
      
      
      The pre-processor directives make it hard to read the non-TBB version of
      this function. Refactor the code to improve readability. No functional
      change introduced.
      
      In particular, introduce a new helper function load_image_flush(),
      that simply loads an image and flushes it out to main memory. This is
      the only thing load_auth_image_internal() needs to do when TBB is
      disabled or when authentication is dynamically disabled.
      
      In other cases, we need to recursively authenticate the parent images up
      to the root of trust. To make this clearer, this code gets moved to a
      TBB-specific helper function called load_auth_image_recursive().
      
      As a result, load_auth_image_internal() now boils down to calling the
      right helper function (depending on TBB enablement and dynamic
      authentication status).
      
      Change-Id: I20a39a3b833810b97ecf4219358e7d2cac263890
      Signed-off-by: default avatarSandrine Bailleux <sandrine.bailleux@arm.com>
      9e7d6631
  23. 25 Sep, 2019 2 commits
    • Andre Przywara's avatar
      FDT helper functions: Respect architecture in PSCI function IDs · 66799507
      Andre Przywara authored
      
      
      PSCI uses different function IDs for CPU_SUSPEND and CPU_ON, depending on
      the architecture used (AArch64 or AArch32).
      For recent PSCI versions the client will determine the right version,
      but for PSCI v0.1 we need to put some ID in the DT node. At the moment
      we always add the 64-bit IDs, which is not correct if TF-A is built for
      AArch32.
      
      Use the function IDs matching the TF-A build architecture, for the two
      IDs where this differs. This only affects legacy OSes using PSCI v0.1.
      
      On the way remove the sys_poweroff and sys_reset properties, which were
      never described in the official PSCI DT binding.
      
      Change-Id: If77bc6daec215faeb2dc67112e765aacafd17f33
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      66799507
    • Andre Przywara's avatar
      FDT helper functions: Add function documentation · 6eaf928d
      Andre Przywara authored
      
      
      Since we moved some functions that amend a DT blob in memory to common
      code, let's add proper function documentation.
      This covers the three exported functions in common/fdt_fixup.c.
      
      Change-Id: I67d7d27344e62172c789d308662f78d54903cf57
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      6eaf928d
  24. 13 Sep, 2019 3 commits
    • Andre Przywara's avatar
      Add fdt_add_reserved_memory() helper function · 3ef45dda
      Andre Przywara authored
      
      
      If a firmware component like TF-A reserves special memory regions for
      its own or secure payload services, it should announce the location and
      size of those regions to the non-secure world. This will avoid
      disappointment when some rich OS tries to acccess this memory, which
      will likely end in a crash.
      
      The traditional way of advertising reserved memory using device tree is
      using the special memreserve feature of the device tree blob (DTB).
      However by definition those regions mentioned there do not prevent the
      rich OS to map this memory, which may lead to speculative accesses to
      this memory and hence spurious bus errors.
      
      A safer way of carving out memory is to use the /reserved-memory node as
      part of the normal DT structure. Besides being easier to setup, this
      also defines an explicit "no-map" property to signify the secure-only
      nature of certain memory regions, which avoids the rich OS to
      accidentally step on it.
      
      Add a helper function to allow platform ports to easily add a region.
      
      Change-Id: I2b92676cf48fd3bdacda05b5c6b1c7952ebed68c
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      3ef45dda
    • Andre Przywara's avatar
      qemu: Move and generalise FDT PSCI fixup · f240728b
      Andre Przywara authored
      
      
      The QEMU platform port scans its device tree to advertise PSCI as the
      CPU enable method. It does this by scanning *every* node in the DT and
      check whether its compatible string starts with "arm,cortex-a". Then it
      sets the enable-method to PSCI, if it doesn't already have one.
      
      Other platforms might want to use this functionality as well, so let's
      move it out of the QEMU platform directory and make it more robust by
      fixing some shortcomings:
      - A compatible string starting with a certain prefix is not a good way
      to find the CPU nodes. For instance a "arm,cortex-a72-pmu" node will
      match as well and is in turn favoured with an enable-method.
      - If the DT already has an enable-method, we won't change this to PSCI.
      
      Those two issues will for instance fail on the Raspberry Pi 4 DT.
      To fix those problems, we adjust the scanning method:
      The DT spec says that all CPU nodes are subnodes of the mandatory
      /cpus node, which is a subnode of the root node. Also each CPU node has
      to have a device_type = "cpu" property. So we find the /cpus node, then
      scan for a subnode with the proper device_type, forcing the
      enable-method to "psci".
      We have to restart this search after a property has been patched, as the
      node offsets might have changed meanwhile.
      
      This allows this routine to be reused for the Raspberry Pi 4 later.
      
      Change-Id: I00cae16cc923d9f8bb96a9b2a2933b9a79b06139
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      f240728b
    • Alexei Fedorov's avatar
      Refactor ARMv8.3 Pointer Authentication support code · ed108b56
      Alexei Fedorov authored
      
      
      This patch provides the following features and makes modifications
      listed below:
      - Individual APIAKey key generation for each CPU.
      - New key generation on every BL31 warm boot and TSP CPU On event.
      - Per-CPU storage of APIAKey added in percpu_data[]
        of cpu_data structure.
      - `plat_init_apiakey()` function replaced with `plat_init_apkey()`
        which returns 128-bit value and uses Generic timer physical counter
        value to increase the randomness of the generated key.
        The new function can be used for generation of all ARMv8.3-PAuth keys
      - ARMv8.3-PAuth specific code placed in `lib\extensions\pauth`.
      - New `pauth_init_enable_el1()` and `pauth_init_enable_el3()` functions
        generate, program and enable APIAKey_EL1 for EL1 and EL3 respectively;
        pauth_disable_el1()` and `pauth_disable_el3()` functions disable
        PAuth for EL1 and EL3 respectively;
        `pauth_load_bl31_apiakey()` loads saved per-CPU APIAKey_EL1 from
        cpu-data structure.
      - Combined `save_gp_pauth_registers()` function replaces calls to
        `save_gp_registers()` and `pauth_context_save()`;
        `restore_gp_pauth_registers()` replaces `pauth_context_restore()`
        and `restore_gp_registers()` calls.
      - `restore_gp_registers_eret()` function removed with corresponding
        code placed in `el3_exit()`.
      - Fixed the issue when `pauth_t pauth_ctx` structure allocated space
        for 12 uint64_t PAuth registers instead of 10 by removal of macro
        CTX_PACGAKEY_END from `include/lib/el3_runtime/aarch64/context.h`
        and assigning its value to CTX_PAUTH_REGS_END.
      - Use of MODE_SP_ELX and MODE_SP_EL0 macro definitions
        in `msr	spsel`  instruction instead of hard-coded values.
      - Changes in documentation related to ARMv8.3-PAuth and ARMv8.5-BTI.
      
      Change-Id: Id18b81cc46f52a783a7e6a09b9f149b6ce803211
      Signed-off-by: default avatarAlexei Fedorov <Alexei.Fedorov@arm.com>
      ed108b56
  25. 29 Aug, 2019 1 commit
  26. 15 Aug, 2019 1 commit
  27. 01 Aug, 2019 1 commit
    • Julius Werner's avatar
      Switch AARCH32/AARCH64 to __aarch64__ · 402b3cf8
      Julius Werner authored
      
      
      NOTE: AARCH32/AARCH64 macros are now deprecated in favor of __aarch64__.
      
      All common C compilers pre-define the same macros to signal which
      architecture the code is being compiled for: __arm__ for AArch32 (or
      earlier versions) and __aarch64__ for AArch64. There's no need for TF-A
      to define its own custom macros for this. In order to unify code with
      the export headers (which use __aarch64__ to avoid another dependency),
      let's deprecate the AARCH32 and AARCH64 macros and switch the code base
      over to the pre-defined standard macro. (Since it is somewhat
      unintuitive that __arm__ only means AArch32, let's standardize on only
      using __aarch64__.)
      
      Change-Id: Ic77de4b052297d77f38fc95f95f65a8ee70cf200
      Signed-off-by: default avatarJulius Werner <jwerner@chromium.org>
      402b3cf8
  28. 24 Jul, 2019 1 commit
    • Julius Werner's avatar
      Add helper to parse BL31 parameters (both versions) · d9af1f7b
      Julius Werner authored
      BL31 used to take a single bl31_params_t parameter structure with entry
      point information in arg0. In commit 72600226
      
       (Add new version of image
      loading.) this API was changed to a more flexible linked list approach,
      and the old parameter structure was copied into all platforms that still
      used the old format. This duplicated code unnecessarily among all these
      platforms.
      
      This patch adds a helper function that platforms can optionally link to
      outsource the task of interpreting arg0. Many platforms are just
      interested in the BL32 and BL33 entry point information anyway. Since
      some platforms still need to support the old version 1 parameters, the
      helper will support both formats when ERROR_DEPRECATED == 0. This allows
      those platforms to drop a bunch of boilerplate code and asynchronously
      update their BL2 implementation to the newer format.
      
      Change-Id: I9e6475adb1a7d4bccea666118bd1c54962e9fc38
      Signed-off-by: default avatarJulius Werner <jwerner@chromium.org>
      d9af1f7b
  29. 17 Jul, 2019 1 commit
    • Louis Mayencourt's avatar
      backtrace: Strip PAC field when PAUTH is enabled · b8b31ad0
      Louis Mayencourt authored
      
      
      When pointer authentication is enabled, the LR value saved on the stack
      contains a Pointer Authentication Code (PAC). It must be stripped to
      retrieve the return address.
      
      The PAC field is stored on the high bits of the address and defined as:
      - PAC field = Xn[54:bottom_PAC_bit], when address tagging is used.
      - PAC field = Xn[63:56, 54:bottom_PAC_bit], without address tagging.
      
      With bottom_PAC_bit = 64 - TCR_ELx.TnSZ
      
      Change-Id: I21d804e58200dfeca1da4c2554690bed5d191936
      Signed-off-by: default avatarLouis Mayencourt <louis.mayencourt@arm.com>
      b8b31ad0
  30. 10 Jul, 2019 1 commit
  31. 01 Mar, 2019 1 commit
  32. 27 Feb, 2019 1 commit
    • Antonio Nino Diaz's avatar
      Add support for pointer authentication · b86048c4
      Antonio Nino Diaz authored
      
      
      The previous commit added the infrastructure to load and save
      ARMv8.3-PAuth registers during Non-secure <-> Secure world switches, but
      didn't actually enable pointer authentication in the firmware.
      
      This patch adds the functionality needed for platforms to provide
      authentication keys for the firmware, and a new option (ENABLE_PAUTH) to
      enable pointer authentication in the firmware itself. This option is
      disabled by default, and it requires CTX_INCLUDE_PAUTH_REGS to be
      enabled.
      
      Change-Id: I35127ec271e1198d43209044de39fa712ef202a5
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      b86048c4
  33. 31 Jan, 2019 1 commit
  34. 30 Jan, 2019 1 commit