lib/accellerated: update asm and enable PAC/BTI

author Bill Roberts <bill.roberts@arm.com>

Fri, 2 Feb 2024 20:05:55 +0000 (14:05 -0600)

committer Bill Roberts <bill.roberts@arm.com>

Mon, 3 Jun 2024 14:01:26 +0000 (09:01 -0500)
author Bill Roberts <bill.roberts@arm.com>
Fri, 2 Feb 2024 20:05:55 +0000 (14:05 -0600)
committer Bill Roberts <bill.roberts@arm.com>
Mon, 3 Jun 2024 14:01:26 +0000 (09:01 -0500)
diff --git a/lib/accelerated/aarch64/aarch64-common.h b/lib/accelerated/aarch64/aarch64-common.h

index 78e08f3fe4941d07202ea524e1d77b38bcfd51d1..84b357ba36db89b0aa31078f054ab8abed94dcb8 100644 (file)
--- a/lib/accelerated/aarch64/aarch64-common.h
+++ b/lib/accelerated/aarch64/aarch64-common.h
@@ -44,4 +44,80 @@ void register_aarch64_crypto(void);
  #define ARMV8_PMULL (1 << 5)
  #define ARMV8_SHA512 (1 << 6)
  
+/*
+ * Support macros for
+ *   - Armv8.3-A Pointer Authentication and
+ *   - Armv8.5-A Branch Target Identification
+ * Further documentation can be found at:
+ *  - https://developer.arm.com/documentation/101028/0012/5--Feature-test-macros?lang=en
+ *
+ * Note that the hint instrunctions are used which means that on older assemblers they will assemble
+ * and that they are in the NOP space on older architectures and are NOP'd.
+ */
+
+/* BTI Support */
+#if defined(__ARM_FEATURE_BTI_DEFAULT) && __ARM_FEATURE_BTI_DEFAULT == 1
+#define GNU_PROPERTY_AARCH64_BTI (1 << 0) /* Has Branch Target Identification */
+#define AARCH64_VALID_CALL_TARGET hint #34 /* BTI 'c' */
+#else
+#define GNU_PROPERTY_AARCH64_BTI 0 /* No Branch Target Identification */
+#define AARCH64_VALID_CALL_TARGET
+#endif
+
+/* PAC Support has 2 modes if enabled, using the A key or the B key */
+#if defined(__ARM_FEATURE_PAC_DEFAULT)
+
+/* PAC Support enabled, define the property value for adding to the NOTES section */
+#define GNU_PROPERTY_AARCH64_POINTER_AUTH (1 << 1)
+
+/* Use the A Key */
+#if __ARM_FEATURE_PAC_DEFAULT & 1 == 1 /* MNEMONIC */
+#define AARCH64_SIGN_LINK_REGISTER hint #25 /* PACIASP */
+#define AARCH64_VALIDATE_LINK_REGISTER hint #29 /* AUTIASP */
+/* Use the B Key */
+#elif __ARM_FEATURE_PAC_DEFAULT & 2 == 2 /* MNEMONIC */
+#define AARCH64_SIGN_LINK_REGISTER hint #27 /* PACIBSP */
+#define AARCH64_VALIDATE_LINK_REGISTER hint #31 /* AUTIBSP */
+#else
+/* huh? We should have a key to use */
+#error "Expected __ARM_FEATURE_PAC_DEFAULT to have either bit 1 or bit 0 set"
+#endif /* __ARM_FEATURE_PAC_DEFAULT */
+#else
+/* No PAC Support turn down the bit in the GNU Notes section */
+#define GNU_PROPERTY_AARCH64_POINTER_AUTH 0
+
+#if GNU_PROPERTY_AARCH64_BTI != 0
+/*
+     * If BTI is enabled we need to define certain macros back to the BTI macros as they
+     * as they mark valid jump locations.
+     */
+#define AARCH64_SIGN_LINK_REGISTER AARCH64_VALID_CALL_TARGET
+#else
+#define AARCH64_SIGN_LINK_REGISTER
+#endif /* GNU_PROPERTY_AARCH64_BTI */
+#define AARCH64_VALIDATE_LINK_REGISTER
+#endif /* __ARM_FEATURE_PAC_DEFAULT */
+
+/*
+ * The GNU notes section declares if PAC and/or BTI are enabled. For BTI is important
+ * as the first ELF loaded that does not support BTI disables the support. For PAC it
+ * is a nice to have to know if the executable has support without needing to peer into
+ * it's instructions.
+ */
+#if defined(__ASSEMBLER__)
+#if GNU_PROPERTY_AARCH64_POINTER_AUTH != 0 || GNU_PROPERTY_AARCH64_BTI != 0
+.pushsection.note.gnu.property, "a";
+.balign 8;
+.long 4;
+.long 0x10;
+.long 0x5;
+.asciz "GNU";
+.long 0xc0000000; /* GNU_PROPERTY_AARCH64_FEATURE_1_AND */
+.long 4;
+.long(GNU_PROPERTY_AARCH64_POINTER_AUTH | GNU_PROPERTY_AARCH64_BTI);
+.long 0;
+.popsection;
+#endif
+#endif
+
  #endif /* GNUTLS_LIB_ACCELERATED_AARCH64_AARCH64_COMMON_H */
author	Bill Roberts <bill.roberts@arm.com>
	Fri, 2 Feb 2024 20:05:55 +0000 (14:05 -0600)
committer	Bill Roberts <bill.roberts@arm.com>
	Mon, 3 Jun 2024 14:01:26 +0000 (09:01 -0500)