Add support for pointer authentication

The previous commit added the infrastructure to load and save
ARMv8.3-PAuth registers during Non-secure <-> Secure world switches, but
didn't actually enable pointer authentication in the firmware.

This patch adds the functionality needed for platforms to provide
authentication keys for the firmware, and a new option (ENABLE_PAUTH) to
enable pointer authentication in the firmware itself. This option is
disabled by default, and it requires CTX_INCLUDE_PAUTH_REGS to be
enabled.

Change-Id: I35127ec271e1198d43209044de39fa712ef202a5
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

1 files changed, 23 insertions, 0 deletions

diff --git a/lib/el3_runtime/aarch64/context.S b/lib/el3_runtime/aarch64/context.S
index f5fed72d..4489e908 100644
--- a/lib/el3_runtime/aarch64/context.S
+++ b/lib/el3_runtime/aarch64/context.S
@@ -18,6 +18,9 @@
 	.global	pauth_context_restore
 	.global	pauth_context_save
 #endif
+#if ENABLE_PAUTH
+	.global	pauth_load_bl_apiakey
+#endif
 	.global	save_gp_registers
 	.global	restore_gp_registers
 	.global	restore_gp_registers_eret
@@ -374,6 +377,26 @@ endfunc pauth_context_restore
 #endif /* CTX_INCLUDE_PAUTH_REGS */
 
 /* -----------------------------------------------------
+ * The following function strictly follows the AArch64
+ * PCS to use x9-x17 (temporary caller-saved registers)
+ * to load the APIA key used by the firmware.
+ * -----------------------------------------------------
+ */
+#if ENABLE_PAUTH
+func pauth_load_bl_apiakey
+	/* Load instruction key A used by the Trusted Firmware. */
+	adrp	x11, plat_apiakey
+	add	x11, x11, :lo12:plat_apiakey
+	ldp	x9, x10, [x11, #0]
+
+	msr	APIAKeyLo_EL1, x9
+	msr	APIAKeyHi_EL1, x10
+
+	ret
+endfunc pauth_load_bl_apiakey
+#endif /* ENABLE_PAUTH */
+
+/* -----------------------------------------------------
  * The following functions are used to save and restore
  * all the general purpose registers. Ideally we would
  * only save and restore the callee saved registers when