From ef74d9384eea388e4a4fff35e5e861df81f2a762 Mon Sep 17 00:00:00 2001 From: Ahmed Ismail Date: Fri, 6 Sep 2024 11:01:51 +0100 Subject: [PATCH] armv8.1-m: Add PACBTI support to kernel NTZ implementation In this commit, Pointer Authentication, and Branch Target Identification Extension (PACBTI) support is added for Non-TrustZone variant of Cortex-M85 FreeRTOS-Kernel Port. The PACBTI support is added for Arm Compiler For Embedded, and IAR toolchains only. The support in the kernel is not yet enabled for GNU toolchain due to known issues. Signed-off-by: Ahmed Ismail --- .github/.cSpellWords.txt | 5 + portable/ARMv8M/non_secure/port.c | 66 +++++++++++++ .../portable/GCC/ARM_CM23/portmacro.h | 3 + .../portable/GCC/ARM_CM23_NTZ/portmacro.h | 3 + .../portable/GCC/ARM_CM33/portmacro.h | 3 + .../portable/GCC/ARM_CM33_NTZ/portmacro.h | 3 + .../portable/GCC/ARM_CM35P/portmacro.h | 3 + .../portable/GCC/ARM_CM55/portmacro.h | 3 + .../portable/GCC/ARM_CM85/portmacro.h | 3 + .../portable/IAR/ARM_CM23/portmacro.h | 3 + .../portable/IAR/ARM_CM23_NTZ/portmacro.h | 3 + .../portable/IAR/ARM_CM33/portmacro.h | 3 + .../portable/IAR/ARM_CM33_NTZ/portmacro.h | 3 + .../portable/IAR/ARM_CM35P/portmacro.h | 3 + .../portable/IAR/ARM_CM55/portmacro.h | 3 + .../portable/IAR/ARM_CM85/portmacro.h | 3 + portable/ARMv8M/non_secure/portmacrocommon.h | 40 ++++++++ portable/CMakeLists.txt | 97 +++++++++++++++++++ portable/GCC/ARM_CM23/non_secure/port.c | 66 +++++++++++++ portable/GCC/ARM_CM23/non_secure/portmacro.h | 3 + .../GCC/ARM_CM23/non_secure/portmacrocommon.h | 40 ++++++++ portable/GCC/ARM_CM23_NTZ/non_secure/port.c | 66 +++++++++++++ .../GCC/ARM_CM23_NTZ/non_secure/portmacro.h | 3 + .../ARM_CM23_NTZ/non_secure/portmacrocommon.h | 40 ++++++++ portable/GCC/ARM_CM33/non_secure/port.c | 66 +++++++++++++ portable/GCC/ARM_CM33/non_secure/portmacro.h | 3 + .../GCC/ARM_CM33/non_secure/portmacrocommon.h | 40 ++++++++ portable/GCC/ARM_CM33_NTZ/non_secure/port.c | 66 +++++++++++++ .../GCC/ARM_CM33_NTZ/non_secure/portmacro.h | 3 + .../ARM_CM33_NTZ/non_secure/portmacrocommon.h | 40 ++++++++ portable/GCC/ARM_CM35P/non_secure/port.c | 66 +++++++++++++ portable/GCC/ARM_CM35P/non_secure/portmacro.h | 3 + .../ARM_CM35P/non_secure/portmacrocommon.h | 40 ++++++++ portable/GCC/ARM_CM35P_NTZ/non_secure/port.c | 66 +++++++++++++ .../GCC/ARM_CM35P_NTZ/non_secure/portmacro.h | 3 + .../non_secure/portmacrocommon.h | 40 ++++++++ portable/GCC/ARM_CM55/non_secure/port.c | 66 +++++++++++++ portable/GCC/ARM_CM55/non_secure/portmacro.h | 3 + .../GCC/ARM_CM55/non_secure/portmacrocommon.h | 40 ++++++++ portable/GCC/ARM_CM55_NTZ/non_secure/port.c | 66 +++++++++++++ .../GCC/ARM_CM55_NTZ/non_secure/portmacro.h | 3 + .../ARM_CM55_NTZ/non_secure/portmacrocommon.h | 40 ++++++++ portable/GCC/ARM_CM85/non_secure/port.c | 66 +++++++++++++ portable/GCC/ARM_CM85/non_secure/portmacro.h | 3 + .../GCC/ARM_CM85/non_secure/portmacrocommon.h | 40 ++++++++ portable/GCC/ARM_CM85_NTZ/non_secure/port.c | 66 +++++++++++++ .../GCC/ARM_CM85_NTZ/non_secure/portmacro.h | 3 + .../ARM_CM85_NTZ/non_secure/portmacrocommon.h | 40 ++++++++ portable/IAR/ARM_CM23/non_secure/port.c | 66 +++++++++++++ portable/IAR/ARM_CM23/non_secure/portmacro.h | 3 + .../IAR/ARM_CM23/non_secure/portmacrocommon.h | 40 ++++++++ portable/IAR/ARM_CM23_NTZ/non_secure/port.c | 66 +++++++++++++ .../IAR/ARM_CM23_NTZ/non_secure/portmacro.h | 3 + .../ARM_CM23_NTZ/non_secure/portmacrocommon.h | 40 ++++++++ portable/IAR/ARM_CM33/non_secure/port.c | 66 +++++++++++++ portable/IAR/ARM_CM33/non_secure/portmacro.h | 3 + .../IAR/ARM_CM33/non_secure/portmacrocommon.h | 40 ++++++++ portable/IAR/ARM_CM33_NTZ/non_secure/port.c | 66 +++++++++++++ .../IAR/ARM_CM33_NTZ/non_secure/portmacro.h | 3 + .../ARM_CM33_NTZ/non_secure/portmacrocommon.h | 40 ++++++++ portable/IAR/ARM_CM35P/non_secure/port.c | 66 +++++++++++++ portable/IAR/ARM_CM35P/non_secure/portmacro.h | 3 + .../ARM_CM35P/non_secure/portmacrocommon.h | 40 ++++++++ portable/IAR/ARM_CM35P_NTZ/non_secure/port.c | 66 +++++++++++++ .../IAR/ARM_CM35P_NTZ/non_secure/portmacro.h | 3 + .../non_secure/portmacrocommon.h | 40 ++++++++ portable/IAR/ARM_CM55/non_secure/port.c | 66 +++++++++++++ portable/IAR/ARM_CM55/non_secure/portmacro.h | 3 + .../IAR/ARM_CM55/non_secure/portmacrocommon.h | 40 ++++++++ portable/IAR/ARM_CM55_NTZ/non_secure/port.c | 66 +++++++++++++ .../IAR/ARM_CM55_NTZ/non_secure/portmacro.h | 3 + .../ARM_CM55_NTZ/non_secure/portmacrocommon.h | 40 ++++++++ portable/IAR/ARM_CM85/non_secure/port.c | 66 +++++++++++++ portable/IAR/ARM_CM85/non_secure/portmacro.h | 3 + .../IAR/ARM_CM85/non_secure/portmacrocommon.h | 40 ++++++++ portable/IAR/ARM_CM85_NTZ/non_secure/port.c | 66 +++++++++++++ .../IAR/ARM_CM85_NTZ/non_secure/portmacro.h | 3 + .../ARM_CM85_NTZ/non_secure/portmacrocommon.h | 40 ++++++++ 78 files changed, 2430 insertions(+) diff --git a/.github/.cSpellWords.txt b/.github/.cSpellWords.txt index 42f9196d7d8..d100fcd494b 100644 --- a/.github/.cSpellWords.txt +++ b/.github/.cSpellWords.txt @@ -448,6 +448,7 @@ MAINRDY MAIR Mang Mbits +mbranch mcause MCFR MCKA @@ -586,6 +587,8 @@ OWATCOM OWDR OWER OWSR +pacbti +PACBTI PAGEN PCDR PCER @@ -900,6 +903,7 @@ TXTEN TXUBR TXVC TXVDIS +UBTI UDCP UNACKED uncrustify @@ -915,6 +919,7 @@ UNSUB UNSUBACK unsubscriptions unsuspended +UPAC URAD URAT URSTEN diff --git a/portable/ARMv8M/non_secure/port.c b/portable/ARMv8M/non_secure/port.c index 75e9ea9dd75..201b8291896 100644 --- a/portable/ARMv8M/non_secure/port.c +++ b/portable/ARMv8M/non_secure/port.c @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void ); #define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) ) #define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) ) #define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL ) +#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL ) /*-----------------------------------------------------------*/ /** @@ -373,6 +376,13 @@ typedef void ( * portISR_t )( void ); * any secure calls. */ #define portNO_SECURE_CONTEXT 0 + +/** + * @brief Constant required to check PACBTI security feature implementation. + */ +#if (portPROCESSOR_VARIANT == 85) + #define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) ) +#endif /* portPROCESSOR_VARIANT == 85 */ /*-----------------------------------------------------------*/ /** @@ -410,6 +420,16 @@ static void prvTaskExitError( void ); static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; #endif /* configENABLE_FPU */ +#if (portPROCESSOR_VARIANT == 85) + +/** + * @brief Enable/Disable pointer authentication, and/or branch target identification + * based on the selected configuration using the FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG CMake variable. + * Currently, only Cortex-M85 (ARMv8.1-M architecture based) target supports PACBTI security feature. + */ + static void prvConfigurePacBti ( void ); +#endif /* portPROCESSOR_VARIANT == 85 */ + /** * @brief Setup the timer to generate the tick interrupts. * @@ -1740,6 +1760,13 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */ portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR2_REG = 0; + #if (portPROCESSOR_VARIANT == 85) + { + /* Check and configure PACBTI security feature before starting the first task. */ + prvConfigurePacBti(); + } + #endif /* portPROCESSOR_VARIANT == 85 */ + #if ( configENABLE_MPU == 1 ) { /* Setup the Memory Protection Unit (MPU). */ @@ -2158,3 +2185,42 @@ BaseType_t xPortIsInsideInterrupt( void ) #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ /*-----------------------------------------------------------*/ + +#if (portPROCESSOR_VARIANT == 85) + static void prvConfigurePacBti ( void ) + { + #if defined ( portARM_V_8_1_M_PACBTI_CONFIG ) + uint32_t ulIdIsar5 = portID_ISAR5_REG; + configASSERT(ulIdIsar5 != 0x0); + + /* Enable UsageFault exception if the selected configuration is not portARM_V_8_1_M_PACBTI_CONFIG_NONE */ + #if ( portARM_V_8_1_M_PACBTI_CONFIG != portARM_V_8_1_M_PACBTI_CONFIG_NONE ) + portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; + #endif + + uint32_t ulControl; + #if ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_STANDARD ) || \ + ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI ) ) + /* Set UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ + ulControl = 0xF0; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET ) || \ + ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF ) ) + /* Set UPAC_EN, and PAC_EN control bits */ + ulControl = 0xC0; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_BTI ) + /* Set UBTI_EN, and BTI_EN control bits */ + ulControl = 0x30; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_NONE ) + /* Clear UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ + ulControl = 0x00; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #else + #error "Invalid portARM_V_8_1_M_PACBTI_CONFIG option chosen" + #endif + #endif + } +#endif /* portPROCESSOR_VARIANT == 85 */ +/*-----------------------------------------------------------*/ diff --git a/portable/ARMv8M/non_secure/portable/GCC/ARM_CM23/portmacro.h b/portable/ARMv8M/non_secure/portable/GCC/ARM_CM23/portmacro.h index a7f9db76750..52869c71143 100644 --- a/portable/ARMv8M/non_secure/portable/GCC/ARM_CM23/portmacro.h +++ b/portable/ARMv8M/non_secure/portable/GCC/ARM_CM23/portmacro.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -48,6 +50,7 @@ /** * Architecture specifics. */ +#define portPROCESSOR_VARIANT 23 #define portARCH_NAME "Cortex-M23" #define portHAS_ARMV8M_MAIN_EXTENSION 0 #define portARMV8M_MINOR_VERSION 0 diff --git a/portable/ARMv8M/non_secure/portable/GCC/ARM_CM23_NTZ/portmacro.h b/portable/ARMv8M/non_secure/portable/GCC/ARM_CM23_NTZ/portmacro.h index a7f9db76750..52869c71143 100644 --- a/portable/ARMv8M/non_secure/portable/GCC/ARM_CM23_NTZ/portmacro.h +++ b/portable/ARMv8M/non_secure/portable/GCC/ARM_CM23_NTZ/portmacro.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -48,6 +50,7 @@ /** * Architecture specifics. */ +#define portPROCESSOR_VARIANT 23 #define portARCH_NAME "Cortex-M23" #define portHAS_ARMV8M_MAIN_EXTENSION 0 #define portARMV8M_MINOR_VERSION 0 diff --git a/portable/ARMv8M/non_secure/portable/GCC/ARM_CM33/portmacro.h b/portable/ARMv8M/non_secure/portable/GCC/ARM_CM33/portmacro.h index 0fc61f23c22..f871287311b 100644 --- a/portable/ARMv8M/non_secure/portable/GCC/ARM_CM33/portmacro.h +++ b/portable/ARMv8M/non_secure/portable/GCC/ARM_CM33/portmacro.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -48,6 +50,7 @@ /** * Architecture specifics. */ +#define portPROCESSOR_VARIANT 33 #define portARCH_NAME "Cortex-M33" #define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portARMV8M_MINOR_VERSION 0 diff --git a/portable/ARMv8M/non_secure/portable/GCC/ARM_CM33_NTZ/portmacro.h b/portable/ARMv8M/non_secure/portable/GCC/ARM_CM33_NTZ/portmacro.h index 0fc61f23c22..f871287311b 100644 --- a/portable/ARMv8M/non_secure/portable/GCC/ARM_CM33_NTZ/portmacro.h +++ b/portable/ARMv8M/non_secure/portable/GCC/ARM_CM33_NTZ/portmacro.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -48,6 +50,7 @@ /** * Architecture specifics. */ +#define portPROCESSOR_VARIANT 33 #define portARCH_NAME "Cortex-M33" #define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portARMV8M_MINOR_VERSION 0 diff --git a/portable/ARMv8M/non_secure/portable/GCC/ARM_CM35P/portmacro.h b/portable/ARMv8M/non_secure/portable/GCC/ARM_CM35P/portmacro.h index 4db6e6d4ab9..3c1387f1dc9 100644 --- a/portable/ARMv8M/non_secure/portable/GCC/ARM_CM35P/portmacro.h +++ b/portable/ARMv8M/non_secure/portable/GCC/ARM_CM35P/portmacro.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -48,6 +50,7 @@ /** * Architecture specifics. */ +#define portPROCESSOR_VARIANT 35 #define portARCH_NAME "Cortex-M35P" #define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portARMV8M_MINOR_VERSION 0 diff --git a/portable/ARMv8M/non_secure/portable/GCC/ARM_CM55/portmacro.h b/portable/ARMv8M/non_secure/portable/GCC/ARM_CM55/portmacro.h index c6a179c524d..07f0e3070d3 100644 --- a/portable/ARMv8M/non_secure/portable/GCC/ARM_CM55/portmacro.h +++ b/portable/ARMv8M/non_secure/portable/GCC/ARM_CM55/portmacro.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -53,6 +55,7 @@ /** * Architecture specifics. */ +#define portPROCESSOR_VARIANT 55 #define portARCH_NAME "Cortex-M55" #define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portARMV8M_MINOR_VERSION 1 diff --git a/portable/ARMv8M/non_secure/portable/GCC/ARM_CM85/portmacro.h b/portable/ARMv8M/non_secure/portable/GCC/ARM_CM85/portmacro.h index 7e14f269603..2c7ec8d14e5 100644 --- a/portable/ARMv8M/non_secure/portable/GCC/ARM_CM85/portmacro.h +++ b/portable/ARMv8M/non_secure/portable/GCC/ARM_CM85/portmacro.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -53,6 +55,7 @@ /** * Architecture specifics. */ +#define portPROCESSOR_VARIANT 85 #define portARCH_NAME "Cortex-M85" #define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portARMV8M_MINOR_VERSION 1 diff --git a/portable/ARMv8M/non_secure/portable/IAR/ARM_CM23/portmacro.h b/portable/ARMv8M/non_secure/portable/IAR/ARM_CM23/portmacro.h index 9dfcc91325f..89e7b3e9769 100644 --- a/portable/ARMv8M/non_secure/portable/IAR/ARM_CM23/portmacro.h +++ b/portable/ARMv8M/non_secure/portable/IAR/ARM_CM23/portmacro.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -48,6 +50,7 @@ /** * Architecture specifics. */ +#define portPROCESSOR_VARIANT 23 #define portARCH_NAME "Cortex-M23" #define portHAS_ARMV8M_MAIN_EXTENSION 0 #define portARMV8M_MINOR_VERSION 0 diff --git a/portable/ARMv8M/non_secure/portable/IAR/ARM_CM23_NTZ/portmacro.h b/portable/ARMv8M/non_secure/portable/IAR/ARM_CM23_NTZ/portmacro.h index 9dfcc91325f..89e7b3e9769 100644 --- a/portable/ARMv8M/non_secure/portable/IAR/ARM_CM23_NTZ/portmacro.h +++ b/portable/ARMv8M/non_secure/portable/IAR/ARM_CM23_NTZ/portmacro.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -48,6 +50,7 @@ /** * Architecture specifics. */ +#define portPROCESSOR_VARIANT 23 #define portARCH_NAME "Cortex-M23" #define portHAS_ARMV8M_MAIN_EXTENSION 0 #define portARMV8M_MINOR_VERSION 0 diff --git a/portable/ARMv8M/non_secure/portable/IAR/ARM_CM33/portmacro.h b/portable/ARMv8M/non_secure/portable/IAR/ARM_CM33/portmacro.h index a2a301f0041..80f0164fbf5 100644 --- a/portable/ARMv8M/non_secure/portable/IAR/ARM_CM33/portmacro.h +++ b/portable/ARMv8M/non_secure/portable/IAR/ARM_CM33/portmacro.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -48,6 +50,7 @@ /** * Architecture specifics. */ +#define portPROCESSOR_VARIANT 33 #define portARCH_NAME "Cortex-M33" #define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portARMV8M_MINOR_VERSION 0 diff --git a/portable/ARMv8M/non_secure/portable/IAR/ARM_CM33_NTZ/portmacro.h b/portable/ARMv8M/non_secure/portable/IAR/ARM_CM33_NTZ/portmacro.h index f0d5f2b9c9c..86de0b218db 100644 --- a/portable/ARMv8M/non_secure/portable/IAR/ARM_CM33_NTZ/portmacro.h +++ b/portable/ARMv8M/non_secure/portable/IAR/ARM_CM33_NTZ/portmacro.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -48,6 +50,7 @@ /** * Architecture specifics. */ +#define portPROCESSOR_VARIANT 33 #define portARCH_NAME "Cortex-M33" #define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portARMV8M_MINOR_VERSION 0 diff --git a/portable/ARMv8M/non_secure/portable/IAR/ARM_CM35P/portmacro.h b/portable/ARMv8M/non_secure/portable/IAR/ARM_CM35P/portmacro.h index 633da3a6d0b..c0d75edf580 100644 --- a/portable/ARMv8M/non_secure/portable/IAR/ARM_CM35P/portmacro.h +++ b/portable/ARMv8M/non_secure/portable/IAR/ARM_CM35P/portmacro.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -48,6 +50,7 @@ /** * Architecture specifics. */ +#define portPROCESSOR_VARIANT 35 #define portARCH_NAME "Cortex-M35P" #define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portARMV8M_MINOR_VERSION 0 diff --git a/portable/ARMv8M/non_secure/portable/IAR/ARM_CM55/portmacro.h b/portable/ARMv8M/non_secure/portable/IAR/ARM_CM55/portmacro.h index 95b17941313..49c98bd81df 100644 --- a/portable/ARMv8M/non_secure/portable/IAR/ARM_CM55/portmacro.h +++ b/portable/ARMv8M/non_secure/portable/IAR/ARM_CM55/portmacro.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -53,6 +55,7 @@ /** * Architecture specifics. */ +#define portPROCESSOR_VARIANT 55 #define portARCH_NAME "Cortex-M55" #define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portARMV8M_MINOR_VERSION 1 diff --git a/portable/ARMv8M/non_secure/portable/IAR/ARM_CM85/portmacro.h b/portable/ARMv8M/non_secure/portable/IAR/ARM_CM85/portmacro.h index efde68dc2c2..8b51e874f37 100644 --- a/portable/ARMv8M/non_secure/portable/IAR/ARM_CM85/portmacro.h +++ b/portable/ARMv8M/non_secure/portable/IAR/ARM_CM85/portmacro.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -53,6 +55,7 @@ /** * Architecture specifics. */ +#define portPROCESSOR_VARIANT 85 #define portARCH_NAME "Cortex-M85" #define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portARMV8M_MINOR_VERSION 1 diff --git a/portable/ARMv8M/non_secure/portmacrocommon.h b/portable/ARMv8M/non_secure/portmacrocommon.h index 3cf65761f96..aa2d7881100 100644 --- a/portable/ARMv8M/non_secure/portmacrocommon.h +++ b/portable/ARMv8M/non_secure/portmacrocommon.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -507,6 +509,44 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P #endif /* configUSE_PORT_OPTIMISED_TASK_SELECTION */ /*-----------------------------------------------------------*/ +#if (portPROCESSOR_VARIANT == 85) + + /** + * @brief PACBTI Security Feature Disabled + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_NONE 0 + + /** + * @brief PACBTI Security Feature Standard Configuration + * (PAC enabled without leaf functions support, and BTI enabled ). + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_STANDARD 1 + + /** + * @brief PACBTI Security Feature with only PAC enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET 2 + + /** + * @brief PACBTI Security Feature with PAC + * and PAC for leaf functions support enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF 3 + + /** + * @brief PACBTI Security Feature Standard + Leaf Configuration + * (PAC enabled with leaf functions support, and BTI enabled). + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI 4 + + /** + * @brief PACBTI Security Feature with only BTI enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_BTI 5 + +#endif /* portPROCESSOR_VARIANT == 85 */ +/*-----------------------------------------------------------*/ + /* *INDENT-OFF* */ #ifdef __cplusplus } diff --git a/portable/CMakeLists.txt b/portable/CMakeLists.txt index 0c46ccd8f14..c75d5b25c9d 100644 --- a/portable/CMakeLists.txt +++ b/portable/CMakeLists.txt @@ -781,6 +781,103 @@ if( FREERTOS_PORT MATCHES "GCC_ARM_CM(3|4)_MPU" OR Common/mpu_wrappers_v2.c ) endif() + +if (DEFINED FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG ) + + if(${CMAKE_C_COMPILER_ID} STREQUAL "GNU") + message(FATAL_ERROR "ARMv8.1-M PACBTI support in the kernel is not yet enabled for GNU toolchain due to known issues.") + endif() + + if(FREERTOS_PORT MATCHES ".*ARM_CM85") + if(FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG STREQUAL "ARM_V_8_1_M_PACBTI_CONFIG_STANDARD") + target_compile_options(freertos_kernel_port PUBLIC $<$:-mbranch-protection=standard>) + target_compile_options(freertos_kernel_port PUBLIC $<$:$<$:--branch_protection=bti+pac-ret>>) + target_compile_definitions(freertos_kernel_port + PUBLIC + portARM_V_8_1_M_PACBTI_CONFIG=portARM_V_8_1_M_PACBTI_CONFIG_STANDARD + ) + elseif(FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG STREQUAL "ARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI") + if(${CMAKE_C_COMPILER_ID} STREQUAL "ARMClang") + target_compile_options(freertos_kernel_port + PUBLIC + -mbranch-protection=bti+pac-ret+leaf + ) + target_compile_definitions(freertos_kernel_port + PUBLIC + portARM_V_8_1_M_PACBTI_CONFIG=portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI + ) + elseif(${CMAKE_C_COMPILER_ID} STREQUAL "IAR") + message(FATAL_ERROR "ARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI PACBTI option is not supported on IAR Compiler.") + endif() + elseif(FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG STREQUAL "ARM_V_8_1_M_PACBTI_CONFIG_PACRET") + target_compile_options(freertos_kernel_port PUBLIC $<$:-mbranch-protection=pac-ret>) + target_compile_options(freertos_kernel_port PUBLIC $<$:$<$:--branch_protection=pac-ret>>) + target_compile_definitions(freertos_kernel_port + PUBLIC + portARM_V_8_1_M_PACBTI_CONFIG=portARM_V_8_1_M_PACBTI_CONFIG_PACRET + ) + elseif(FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG STREQUAL "ARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF") + if(${CMAKE_C_COMPILER_ID} STREQUAL "ARMClang") + target_compile_options(freertos_kernel_port + PUBLIC + -mbranch-protection=pac-ret+leaf + ) + target_compile_definitions(freertos_kernel_port + PUBLIC + portARM_V_8_1_M_PACBTI_CONFIG=portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF + ) + elseif(${CMAKE_C_COMPILER_ID} STREQUAL "IAR") + message(FATAL_ERROR "ARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF PACBTI option is not supported on IAR Compiler.") + endif() + elseif(FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG STREQUAL "ARM_V_8_1_M_PACBTI_CONFIG_BTI") + target_compile_options(freertos_kernel_port PUBLIC $<$:-mbranch-protection=bti>) + target_compile_options(freertos_kernel_port PUBLIC $<$:$<$:--branch_protection=bti>>) + target_compile_definitions(freertos_kernel_port + PUBLIC + portARM_V_8_1_M_PACBTI_CONFIG=portARM_V_8_1_M_PACBTI_CONFIG_BTI + ) + elseif(FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG STREQUAL "ARM_V_8_1_M_PACBTI_CONFIG_NONE") + if(${CMAKE_C_COMPILER_ID} STREQUAL "ARMClang") + target_compile_options(freertos_kernel_port + PUBLIC + -mbranch-protection=none + ) + target_compile_definitions(freertos_kernel_port + PUBLIC + portARM_V_8_1_M_PACBTI_CONFIG=portARM_V_8_1_M_PACBTI_CONFIG_NONE + ) + elseif(${CMAKE_C_COMPILER_ID} STREQUAL "IAR") + message(FATAL_ERROR "ARM_V_8_1_M_PACBTI_CONFIG_PACBTI_NONE PACBTI option is not supported on IAR Compiler.") + endif() + else() + message(FATAL_ERROR "Invalid FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG configuration, the supported configurations are + ARM_V_8_1_M_PACBTI_CONFIG_STANDARD, + ARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI, + ARM_V_8_1_M_PACBTI_CONFIG_PACRET, + ARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF, + ARM_V_8_1_M_PACBTI_CONFIG_BTI, + ARM_V_8_1_M_PACBTI_CONFIG_NONE + ") + endif() + if(NOT FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG STREQUAL "ARM_V_8_1_M_PACBTI_CONFIG_NONE") + # The reason why `--library_security=pacbti-m` link option is defined for both `freertos_kernel_port`, and + # `freertos_kernel` targets even though `freertos_kernel_port` gets linked to `freertos_kernel` is that the + # `freertos_kernel_port` is an object library where its linker options don't propagate to the targets that + # link against it. + target_link_options(freertos_kernel_port + PUBLIC + --library_security=pacbti-m + ) + target_link_options(freertos_kernel + PUBLIC + --library_security=pacbti-m + ) + endif() + else() + message(FATAL_ERROR "FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG option is currently only supported on ARM Cortex-M85 FreeRTOS port.") + endif() +endif() + add_library(freertos_kernel_port_headers INTERFACE) target_include_directories(freertos_kernel_port_headers INTERFACE diff --git a/portable/GCC/ARM_CM23/non_secure/port.c b/portable/GCC/ARM_CM23/non_secure/port.c index 75e9ea9dd75..201b8291896 100644 --- a/portable/GCC/ARM_CM23/non_secure/port.c +++ b/portable/GCC/ARM_CM23/non_secure/port.c @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void ); #define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) ) #define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) ) #define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL ) +#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL ) /*-----------------------------------------------------------*/ /** @@ -373,6 +376,13 @@ typedef void ( * portISR_t )( void ); * any secure calls. */ #define portNO_SECURE_CONTEXT 0 + +/** + * @brief Constant required to check PACBTI security feature implementation. + */ +#if (portPROCESSOR_VARIANT == 85) + #define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) ) +#endif /* portPROCESSOR_VARIANT == 85 */ /*-----------------------------------------------------------*/ /** @@ -410,6 +420,16 @@ static void prvTaskExitError( void ); static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; #endif /* configENABLE_FPU */ +#if (portPROCESSOR_VARIANT == 85) + +/** + * @brief Enable/Disable pointer authentication, and/or branch target identification + * based on the selected configuration using the FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG CMake variable. + * Currently, only Cortex-M85 (ARMv8.1-M architecture based) target supports PACBTI security feature. + */ + static void prvConfigurePacBti ( void ); +#endif /* portPROCESSOR_VARIANT == 85 */ + /** * @brief Setup the timer to generate the tick interrupts. * @@ -1740,6 +1760,13 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */ portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR2_REG = 0; + #if (portPROCESSOR_VARIANT == 85) + { + /* Check and configure PACBTI security feature before starting the first task. */ + prvConfigurePacBti(); + } + #endif /* portPROCESSOR_VARIANT == 85 */ + #if ( configENABLE_MPU == 1 ) { /* Setup the Memory Protection Unit (MPU). */ @@ -2158,3 +2185,42 @@ BaseType_t xPortIsInsideInterrupt( void ) #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ /*-----------------------------------------------------------*/ + +#if (portPROCESSOR_VARIANT == 85) + static void prvConfigurePacBti ( void ) + { + #if defined ( portARM_V_8_1_M_PACBTI_CONFIG ) + uint32_t ulIdIsar5 = portID_ISAR5_REG; + configASSERT(ulIdIsar5 != 0x0); + + /* Enable UsageFault exception if the selected configuration is not portARM_V_8_1_M_PACBTI_CONFIG_NONE */ + #if ( portARM_V_8_1_M_PACBTI_CONFIG != portARM_V_8_1_M_PACBTI_CONFIG_NONE ) + portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; + #endif + + uint32_t ulControl; + #if ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_STANDARD ) || \ + ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI ) ) + /* Set UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ + ulControl = 0xF0; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET ) || \ + ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF ) ) + /* Set UPAC_EN, and PAC_EN control bits */ + ulControl = 0xC0; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_BTI ) + /* Set UBTI_EN, and BTI_EN control bits */ + ulControl = 0x30; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_NONE ) + /* Clear UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ + ulControl = 0x00; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #else + #error "Invalid portARM_V_8_1_M_PACBTI_CONFIG option chosen" + #endif + #endif + } +#endif /* portPROCESSOR_VARIANT == 85 */ +/*-----------------------------------------------------------*/ diff --git a/portable/GCC/ARM_CM23/non_secure/portmacro.h b/portable/GCC/ARM_CM23/non_secure/portmacro.h index a7f9db76750..52869c71143 100644 --- a/portable/GCC/ARM_CM23/non_secure/portmacro.h +++ b/portable/GCC/ARM_CM23/non_secure/portmacro.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -48,6 +50,7 @@ /** * Architecture specifics. */ +#define portPROCESSOR_VARIANT 23 #define portARCH_NAME "Cortex-M23" #define portHAS_ARMV8M_MAIN_EXTENSION 0 #define portARMV8M_MINOR_VERSION 0 diff --git a/portable/GCC/ARM_CM23/non_secure/portmacrocommon.h b/portable/GCC/ARM_CM23/non_secure/portmacrocommon.h index 3cf65761f96..aa2d7881100 100644 --- a/portable/GCC/ARM_CM23/non_secure/portmacrocommon.h +++ b/portable/GCC/ARM_CM23/non_secure/portmacrocommon.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -507,6 +509,44 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P #endif /* configUSE_PORT_OPTIMISED_TASK_SELECTION */ /*-----------------------------------------------------------*/ +#if (portPROCESSOR_VARIANT == 85) + + /** + * @brief PACBTI Security Feature Disabled + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_NONE 0 + + /** + * @brief PACBTI Security Feature Standard Configuration + * (PAC enabled without leaf functions support, and BTI enabled ). + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_STANDARD 1 + + /** + * @brief PACBTI Security Feature with only PAC enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET 2 + + /** + * @brief PACBTI Security Feature with PAC + * and PAC for leaf functions support enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF 3 + + /** + * @brief PACBTI Security Feature Standard + Leaf Configuration + * (PAC enabled with leaf functions support, and BTI enabled). + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI 4 + + /** + * @brief PACBTI Security Feature with only BTI enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_BTI 5 + +#endif /* portPROCESSOR_VARIANT == 85 */ +/*-----------------------------------------------------------*/ + /* *INDENT-OFF* */ #ifdef __cplusplus } diff --git a/portable/GCC/ARM_CM23_NTZ/non_secure/port.c b/portable/GCC/ARM_CM23_NTZ/non_secure/port.c index 75e9ea9dd75..201b8291896 100644 --- a/portable/GCC/ARM_CM23_NTZ/non_secure/port.c +++ b/portable/GCC/ARM_CM23_NTZ/non_secure/port.c @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void ); #define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) ) #define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) ) #define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL ) +#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL ) /*-----------------------------------------------------------*/ /** @@ -373,6 +376,13 @@ typedef void ( * portISR_t )( void ); * any secure calls. */ #define portNO_SECURE_CONTEXT 0 + +/** + * @brief Constant required to check PACBTI security feature implementation. + */ +#if (portPROCESSOR_VARIANT == 85) + #define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) ) +#endif /* portPROCESSOR_VARIANT == 85 */ /*-----------------------------------------------------------*/ /** @@ -410,6 +420,16 @@ static void prvTaskExitError( void ); static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; #endif /* configENABLE_FPU */ +#if (portPROCESSOR_VARIANT == 85) + +/** + * @brief Enable/Disable pointer authentication, and/or branch target identification + * based on the selected configuration using the FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG CMake variable. + * Currently, only Cortex-M85 (ARMv8.1-M architecture based) target supports PACBTI security feature. + */ + static void prvConfigurePacBti ( void ); +#endif /* portPROCESSOR_VARIANT == 85 */ + /** * @brief Setup the timer to generate the tick interrupts. * @@ -1740,6 +1760,13 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */ portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR2_REG = 0; + #if (portPROCESSOR_VARIANT == 85) + { + /* Check and configure PACBTI security feature before starting the first task. */ + prvConfigurePacBti(); + } + #endif /* portPROCESSOR_VARIANT == 85 */ + #if ( configENABLE_MPU == 1 ) { /* Setup the Memory Protection Unit (MPU). */ @@ -2158,3 +2185,42 @@ BaseType_t xPortIsInsideInterrupt( void ) #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ /*-----------------------------------------------------------*/ + +#if (portPROCESSOR_VARIANT == 85) + static void prvConfigurePacBti ( void ) + { + #if defined ( portARM_V_8_1_M_PACBTI_CONFIG ) + uint32_t ulIdIsar5 = portID_ISAR5_REG; + configASSERT(ulIdIsar5 != 0x0); + + /* Enable UsageFault exception if the selected configuration is not portARM_V_8_1_M_PACBTI_CONFIG_NONE */ + #if ( portARM_V_8_1_M_PACBTI_CONFIG != portARM_V_8_1_M_PACBTI_CONFIG_NONE ) + portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; + #endif + + uint32_t ulControl; + #if ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_STANDARD ) || \ + ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI ) ) + /* Set UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ + ulControl = 0xF0; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET ) || \ + ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF ) ) + /* Set UPAC_EN, and PAC_EN control bits */ + ulControl = 0xC0; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_BTI ) + /* Set UBTI_EN, and BTI_EN control bits */ + ulControl = 0x30; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_NONE ) + /* Clear UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ + ulControl = 0x00; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #else + #error "Invalid portARM_V_8_1_M_PACBTI_CONFIG option chosen" + #endif + #endif + } +#endif /* portPROCESSOR_VARIANT == 85 */ +/*-----------------------------------------------------------*/ diff --git a/portable/GCC/ARM_CM23_NTZ/non_secure/portmacro.h b/portable/GCC/ARM_CM23_NTZ/non_secure/portmacro.h index a7f9db76750..52869c71143 100644 --- a/portable/GCC/ARM_CM23_NTZ/non_secure/portmacro.h +++ b/portable/GCC/ARM_CM23_NTZ/non_secure/portmacro.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -48,6 +50,7 @@ /** * Architecture specifics. */ +#define portPROCESSOR_VARIANT 23 #define portARCH_NAME "Cortex-M23" #define portHAS_ARMV8M_MAIN_EXTENSION 0 #define portARMV8M_MINOR_VERSION 0 diff --git a/portable/GCC/ARM_CM23_NTZ/non_secure/portmacrocommon.h b/portable/GCC/ARM_CM23_NTZ/non_secure/portmacrocommon.h index 3cf65761f96..aa2d7881100 100644 --- a/portable/GCC/ARM_CM23_NTZ/non_secure/portmacrocommon.h +++ b/portable/GCC/ARM_CM23_NTZ/non_secure/portmacrocommon.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -507,6 +509,44 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P #endif /* configUSE_PORT_OPTIMISED_TASK_SELECTION */ /*-----------------------------------------------------------*/ +#if (portPROCESSOR_VARIANT == 85) + + /** + * @brief PACBTI Security Feature Disabled + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_NONE 0 + + /** + * @brief PACBTI Security Feature Standard Configuration + * (PAC enabled without leaf functions support, and BTI enabled ). + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_STANDARD 1 + + /** + * @brief PACBTI Security Feature with only PAC enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET 2 + + /** + * @brief PACBTI Security Feature with PAC + * and PAC for leaf functions support enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF 3 + + /** + * @brief PACBTI Security Feature Standard + Leaf Configuration + * (PAC enabled with leaf functions support, and BTI enabled). + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI 4 + + /** + * @brief PACBTI Security Feature with only BTI enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_BTI 5 + +#endif /* portPROCESSOR_VARIANT == 85 */ +/*-----------------------------------------------------------*/ + /* *INDENT-OFF* */ #ifdef __cplusplus } diff --git a/portable/GCC/ARM_CM33/non_secure/port.c b/portable/GCC/ARM_CM33/non_secure/port.c index 75e9ea9dd75..201b8291896 100644 --- a/portable/GCC/ARM_CM33/non_secure/port.c +++ b/portable/GCC/ARM_CM33/non_secure/port.c @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void ); #define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) ) #define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) ) #define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL ) +#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL ) /*-----------------------------------------------------------*/ /** @@ -373,6 +376,13 @@ typedef void ( * portISR_t )( void ); * any secure calls. */ #define portNO_SECURE_CONTEXT 0 + +/** + * @brief Constant required to check PACBTI security feature implementation. + */ +#if (portPROCESSOR_VARIANT == 85) + #define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) ) +#endif /* portPROCESSOR_VARIANT == 85 */ /*-----------------------------------------------------------*/ /** @@ -410,6 +420,16 @@ static void prvTaskExitError( void ); static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; #endif /* configENABLE_FPU */ +#if (portPROCESSOR_VARIANT == 85) + +/** + * @brief Enable/Disable pointer authentication, and/or branch target identification + * based on the selected configuration using the FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG CMake variable. + * Currently, only Cortex-M85 (ARMv8.1-M architecture based) target supports PACBTI security feature. + */ + static void prvConfigurePacBti ( void ); +#endif /* portPROCESSOR_VARIANT == 85 */ + /** * @brief Setup the timer to generate the tick interrupts. * @@ -1740,6 +1760,13 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */ portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR2_REG = 0; + #if (portPROCESSOR_VARIANT == 85) + { + /* Check and configure PACBTI security feature before starting the first task. */ + prvConfigurePacBti(); + } + #endif /* portPROCESSOR_VARIANT == 85 */ + #if ( configENABLE_MPU == 1 ) { /* Setup the Memory Protection Unit (MPU). */ @@ -2158,3 +2185,42 @@ BaseType_t xPortIsInsideInterrupt( void ) #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ /*-----------------------------------------------------------*/ + +#if (portPROCESSOR_VARIANT == 85) + static void prvConfigurePacBti ( void ) + { + #if defined ( portARM_V_8_1_M_PACBTI_CONFIG ) + uint32_t ulIdIsar5 = portID_ISAR5_REG; + configASSERT(ulIdIsar5 != 0x0); + + /* Enable UsageFault exception if the selected configuration is not portARM_V_8_1_M_PACBTI_CONFIG_NONE */ + #if ( portARM_V_8_1_M_PACBTI_CONFIG != portARM_V_8_1_M_PACBTI_CONFIG_NONE ) + portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; + #endif + + uint32_t ulControl; + #if ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_STANDARD ) || \ + ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI ) ) + /* Set UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ + ulControl = 0xF0; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET ) || \ + ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF ) ) + /* Set UPAC_EN, and PAC_EN control bits */ + ulControl = 0xC0; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_BTI ) + /* Set UBTI_EN, and BTI_EN control bits */ + ulControl = 0x30; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_NONE ) + /* Clear UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ + ulControl = 0x00; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #else + #error "Invalid portARM_V_8_1_M_PACBTI_CONFIG option chosen" + #endif + #endif + } +#endif /* portPROCESSOR_VARIANT == 85 */ +/*-----------------------------------------------------------*/ diff --git a/portable/GCC/ARM_CM33/non_secure/portmacro.h b/portable/GCC/ARM_CM33/non_secure/portmacro.h index 0fc61f23c22..f871287311b 100644 --- a/portable/GCC/ARM_CM33/non_secure/portmacro.h +++ b/portable/GCC/ARM_CM33/non_secure/portmacro.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -48,6 +50,7 @@ /** * Architecture specifics. */ +#define portPROCESSOR_VARIANT 33 #define portARCH_NAME "Cortex-M33" #define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portARMV8M_MINOR_VERSION 0 diff --git a/portable/GCC/ARM_CM33/non_secure/portmacrocommon.h b/portable/GCC/ARM_CM33/non_secure/portmacrocommon.h index 3cf65761f96..aa2d7881100 100644 --- a/portable/GCC/ARM_CM33/non_secure/portmacrocommon.h +++ b/portable/GCC/ARM_CM33/non_secure/portmacrocommon.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -507,6 +509,44 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P #endif /* configUSE_PORT_OPTIMISED_TASK_SELECTION */ /*-----------------------------------------------------------*/ +#if (portPROCESSOR_VARIANT == 85) + + /** + * @brief PACBTI Security Feature Disabled + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_NONE 0 + + /** + * @brief PACBTI Security Feature Standard Configuration + * (PAC enabled without leaf functions support, and BTI enabled ). + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_STANDARD 1 + + /** + * @brief PACBTI Security Feature with only PAC enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET 2 + + /** + * @brief PACBTI Security Feature with PAC + * and PAC for leaf functions support enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF 3 + + /** + * @brief PACBTI Security Feature Standard + Leaf Configuration + * (PAC enabled with leaf functions support, and BTI enabled). + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI 4 + + /** + * @brief PACBTI Security Feature with only BTI enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_BTI 5 + +#endif /* portPROCESSOR_VARIANT == 85 */ +/*-----------------------------------------------------------*/ + /* *INDENT-OFF* */ #ifdef __cplusplus } diff --git a/portable/GCC/ARM_CM33_NTZ/non_secure/port.c b/portable/GCC/ARM_CM33_NTZ/non_secure/port.c index 75e9ea9dd75..201b8291896 100644 --- a/portable/GCC/ARM_CM33_NTZ/non_secure/port.c +++ b/portable/GCC/ARM_CM33_NTZ/non_secure/port.c @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void ); #define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) ) #define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) ) #define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL ) +#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL ) /*-----------------------------------------------------------*/ /** @@ -373,6 +376,13 @@ typedef void ( * portISR_t )( void ); * any secure calls. */ #define portNO_SECURE_CONTEXT 0 + +/** + * @brief Constant required to check PACBTI security feature implementation. + */ +#if (portPROCESSOR_VARIANT == 85) + #define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) ) +#endif /* portPROCESSOR_VARIANT == 85 */ /*-----------------------------------------------------------*/ /** @@ -410,6 +420,16 @@ static void prvTaskExitError( void ); static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; #endif /* configENABLE_FPU */ +#if (portPROCESSOR_VARIANT == 85) + +/** + * @brief Enable/Disable pointer authentication, and/or branch target identification + * based on the selected configuration using the FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG CMake variable. + * Currently, only Cortex-M85 (ARMv8.1-M architecture based) target supports PACBTI security feature. + */ + static void prvConfigurePacBti ( void ); +#endif /* portPROCESSOR_VARIANT == 85 */ + /** * @brief Setup the timer to generate the tick interrupts. * @@ -1740,6 +1760,13 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */ portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR2_REG = 0; + #if (portPROCESSOR_VARIANT == 85) + { + /* Check and configure PACBTI security feature before starting the first task. */ + prvConfigurePacBti(); + } + #endif /* portPROCESSOR_VARIANT == 85 */ + #if ( configENABLE_MPU == 1 ) { /* Setup the Memory Protection Unit (MPU). */ @@ -2158,3 +2185,42 @@ BaseType_t xPortIsInsideInterrupt( void ) #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ /*-----------------------------------------------------------*/ + +#if (portPROCESSOR_VARIANT == 85) + static void prvConfigurePacBti ( void ) + { + #if defined ( portARM_V_8_1_M_PACBTI_CONFIG ) + uint32_t ulIdIsar5 = portID_ISAR5_REG; + configASSERT(ulIdIsar5 != 0x0); + + /* Enable UsageFault exception if the selected configuration is not portARM_V_8_1_M_PACBTI_CONFIG_NONE */ + #if ( portARM_V_8_1_M_PACBTI_CONFIG != portARM_V_8_1_M_PACBTI_CONFIG_NONE ) + portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; + #endif + + uint32_t ulControl; + #if ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_STANDARD ) || \ + ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI ) ) + /* Set UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ + ulControl = 0xF0; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET ) || \ + ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF ) ) + /* Set UPAC_EN, and PAC_EN control bits */ + ulControl = 0xC0; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_BTI ) + /* Set UBTI_EN, and BTI_EN control bits */ + ulControl = 0x30; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_NONE ) + /* Clear UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ + ulControl = 0x00; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #else + #error "Invalid portARM_V_8_1_M_PACBTI_CONFIG option chosen" + #endif + #endif + } +#endif /* portPROCESSOR_VARIANT == 85 */ +/*-----------------------------------------------------------*/ diff --git a/portable/GCC/ARM_CM33_NTZ/non_secure/portmacro.h b/portable/GCC/ARM_CM33_NTZ/non_secure/portmacro.h index 0fc61f23c22..f871287311b 100644 --- a/portable/GCC/ARM_CM33_NTZ/non_secure/portmacro.h +++ b/portable/GCC/ARM_CM33_NTZ/non_secure/portmacro.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -48,6 +50,7 @@ /** * Architecture specifics. */ +#define portPROCESSOR_VARIANT 33 #define portARCH_NAME "Cortex-M33" #define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portARMV8M_MINOR_VERSION 0 diff --git a/portable/GCC/ARM_CM33_NTZ/non_secure/portmacrocommon.h b/portable/GCC/ARM_CM33_NTZ/non_secure/portmacrocommon.h index 3cf65761f96..aa2d7881100 100644 --- a/portable/GCC/ARM_CM33_NTZ/non_secure/portmacrocommon.h +++ b/portable/GCC/ARM_CM33_NTZ/non_secure/portmacrocommon.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -507,6 +509,44 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P #endif /* configUSE_PORT_OPTIMISED_TASK_SELECTION */ /*-----------------------------------------------------------*/ +#if (portPROCESSOR_VARIANT == 85) + + /** + * @brief PACBTI Security Feature Disabled + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_NONE 0 + + /** + * @brief PACBTI Security Feature Standard Configuration + * (PAC enabled without leaf functions support, and BTI enabled ). + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_STANDARD 1 + + /** + * @brief PACBTI Security Feature with only PAC enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET 2 + + /** + * @brief PACBTI Security Feature with PAC + * and PAC for leaf functions support enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF 3 + + /** + * @brief PACBTI Security Feature Standard + Leaf Configuration + * (PAC enabled with leaf functions support, and BTI enabled). + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI 4 + + /** + * @brief PACBTI Security Feature with only BTI enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_BTI 5 + +#endif /* portPROCESSOR_VARIANT == 85 */ +/*-----------------------------------------------------------*/ + /* *INDENT-OFF* */ #ifdef __cplusplus } diff --git a/portable/GCC/ARM_CM35P/non_secure/port.c b/portable/GCC/ARM_CM35P/non_secure/port.c index 75e9ea9dd75..201b8291896 100644 --- a/portable/GCC/ARM_CM35P/non_secure/port.c +++ b/portable/GCC/ARM_CM35P/non_secure/port.c @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void ); #define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) ) #define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) ) #define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL ) +#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL ) /*-----------------------------------------------------------*/ /** @@ -373,6 +376,13 @@ typedef void ( * portISR_t )( void ); * any secure calls. */ #define portNO_SECURE_CONTEXT 0 + +/** + * @brief Constant required to check PACBTI security feature implementation. + */ +#if (portPROCESSOR_VARIANT == 85) + #define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) ) +#endif /* portPROCESSOR_VARIANT == 85 */ /*-----------------------------------------------------------*/ /** @@ -410,6 +420,16 @@ static void prvTaskExitError( void ); static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; #endif /* configENABLE_FPU */ +#if (portPROCESSOR_VARIANT == 85) + +/** + * @brief Enable/Disable pointer authentication, and/or branch target identification + * based on the selected configuration using the FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG CMake variable. + * Currently, only Cortex-M85 (ARMv8.1-M architecture based) target supports PACBTI security feature. + */ + static void prvConfigurePacBti ( void ); +#endif /* portPROCESSOR_VARIANT == 85 */ + /** * @brief Setup the timer to generate the tick interrupts. * @@ -1740,6 +1760,13 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */ portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR2_REG = 0; + #if (portPROCESSOR_VARIANT == 85) + { + /* Check and configure PACBTI security feature before starting the first task. */ + prvConfigurePacBti(); + } + #endif /* portPROCESSOR_VARIANT == 85 */ + #if ( configENABLE_MPU == 1 ) { /* Setup the Memory Protection Unit (MPU). */ @@ -2158,3 +2185,42 @@ BaseType_t xPortIsInsideInterrupt( void ) #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ /*-----------------------------------------------------------*/ + +#if (portPROCESSOR_VARIANT == 85) + static void prvConfigurePacBti ( void ) + { + #if defined ( portARM_V_8_1_M_PACBTI_CONFIG ) + uint32_t ulIdIsar5 = portID_ISAR5_REG; + configASSERT(ulIdIsar5 != 0x0); + + /* Enable UsageFault exception if the selected configuration is not portARM_V_8_1_M_PACBTI_CONFIG_NONE */ + #if ( portARM_V_8_1_M_PACBTI_CONFIG != portARM_V_8_1_M_PACBTI_CONFIG_NONE ) + portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; + #endif + + uint32_t ulControl; + #if ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_STANDARD ) || \ + ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI ) ) + /* Set UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ + ulControl = 0xF0; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET ) || \ + ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF ) ) + /* Set UPAC_EN, and PAC_EN control bits */ + ulControl = 0xC0; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_BTI ) + /* Set UBTI_EN, and BTI_EN control bits */ + ulControl = 0x30; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_NONE ) + /* Clear UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ + ulControl = 0x00; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #else + #error "Invalid portARM_V_8_1_M_PACBTI_CONFIG option chosen" + #endif + #endif + } +#endif /* portPROCESSOR_VARIANT == 85 */ +/*-----------------------------------------------------------*/ diff --git a/portable/GCC/ARM_CM35P/non_secure/portmacro.h b/portable/GCC/ARM_CM35P/non_secure/portmacro.h index 4db6e6d4ab9..3c1387f1dc9 100644 --- a/portable/GCC/ARM_CM35P/non_secure/portmacro.h +++ b/portable/GCC/ARM_CM35P/non_secure/portmacro.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -48,6 +50,7 @@ /** * Architecture specifics. */ +#define portPROCESSOR_VARIANT 35 #define portARCH_NAME "Cortex-M35P" #define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portARMV8M_MINOR_VERSION 0 diff --git a/portable/GCC/ARM_CM35P/non_secure/portmacrocommon.h b/portable/GCC/ARM_CM35P/non_secure/portmacrocommon.h index 3cf65761f96..aa2d7881100 100644 --- a/portable/GCC/ARM_CM35P/non_secure/portmacrocommon.h +++ b/portable/GCC/ARM_CM35P/non_secure/portmacrocommon.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -507,6 +509,44 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P #endif /* configUSE_PORT_OPTIMISED_TASK_SELECTION */ /*-----------------------------------------------------------*/ +#if (portPROCESSOR_VARIANT == 85) + + /** + * @brief PACBTI Security Feature Disabled + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_NONE 0 + + /** + * @brief PACBTI Security Feature Standard Configuration + * (PAC enabled without leaf functions support, and BTI enabled ). + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_STANDARD 1 + + /** + * @brief PACBTI Security Feature with only PAC enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET 2 + + /** + * @brief PACBTI Security Feature with PAC + * and PAC for leaf functions support enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF 3 + + /** + * @brief PACBTI Security Feature Standard + Leaf Configuration + * (PAC enabled with leaf functions support, and BTI enabled). + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI 4 + + /** + * @brief PACBTI Security Feature with only BTI enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_BTI 5 + +#endif /* portPROCESSOR_VARIANT == 85 */ +/*-----------------------------------------------------------*/ + /* *INDENT-OFF* */ #ifdef __cplusplus } diff --git a/portable/GCC/ARM_CM35P_NTZ/non_secure/port.c b/portable/GCC/ARM_CM35P_NTZ/non_secure/port.c index 75e9ea9dd75..201b8291896 100644 --- a/portable/GCC/ARM_CM35P_NTZ/non_secure/port.c +++ b/portable/GCC/ARM_CM35P_NTZ/non_secure/port.c @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void ); #define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) ) #define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) ) #define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL ) +#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL ) /*-----------------------------------------------------------*/ /** @@ -373,6 +376,13 @@ typedef void ( * portISR_t )( void ); * any secure calls. */ #define portNO_SECURE_CONTEXT 0 + +/** + * @brief Constant required to check PACBTI security feature implementation. + */ +#if (portPROCESSOR_VARIANT == 85) + #define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) ) +#endif /* portPROCESSOR_VARIANT == 85 */ /*-----------------------------------------------------------*/ /** @@ -410,6 +420,16 @@ static void prvTaskExitError( void ); static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; #endif /* configENABLE_FPU */ +#if (portPROCESSOR_VARIANT == 85) + +/** + * @brief Enable/Disable pointer authentication, and/or branch target identification + * based on the selected configuration using the FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG CMake variable. + * Currently, only Cortex-M85 (ARMv8.1-M architecture based) target supports PACBTI security feature. + */ + static void prvConfigurePacBti ( void ); +#endif /* portPROCESSOR_VARIANT == 85 */ + /** * @brief Setup the timer to generate the tick interrupts. * @@ -1740,6 +1760,13 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */ portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR2_REG = 0; + #if (portPROCESSOR_VARIANT == 85) + { + /* Check and configure PACBTI security feature before starting the first task. */ + prvConfigurePacBti(); + } + #endif /* portPROCESSOR_VARIANT == 85 */ + #if ( configENABLE_MPU == 1 ) { /* Setup the Memory Protection Unit (MPU). */ @@ -2158,3 +2185,42 @@ BaseType_t xPortIsInsideInterrupt( void ) #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ /*-----------------------------------------------------------*/ + +#if (portPROCESSOR_VARIANT == 85) + static void prvConfigurePacBti ( void ) + { + #if defined ( portARM_V_8_1_M_PACBTI_CONFIG ) + uint32_t ulIdIsar5 = portID_ISAR5_REG; + configASSERT(ulIdIsar5 != 0x0); + + /* Enable UsageFault exception if the selected configuration is not portARM_V_8_1_M_PACBTI_CONFIG_NONE */ + #if ( portARM_V_8_1_M_PACBTI_CONFIG != portARM_V_8_1_M_PACBTI_CONFIG_NONE ) + portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; + #endif + + uint32_t ulControl; + #if ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_STANDARD ) || \ + ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI ) ) + /* Set UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ + ulControl = 0xF0; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET ) || \ + ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF ) ) + /* Set UPAC_EN, and PAC_EN control bits */ + ulControl = 0xC0; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_BTI ) + /* Set UBTI_EN, and BTI_EN control bits */ + ulControl = 0x30; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_NONE ) + /* Clear UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ + ulControl = 0x00; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #else + #error "Invalid portARM_V_8_1_M_PACBTI_CONFIG option chosen" + #endif + #endif + } +#endif /* portPROCESSOR_VARIANT == 85 */ +/*-----------------------------------------------------------*/ diff --git a/portable/GCC/ARM_CM35P_NTZ/non_secure/portmacro.h b/portable/GCC/ARM_CM35P_NTZ/non_secure/portmacro.h index 4db6e6d4ab9..3c1387f1dc9 100644 --- a/portable/GCC/ARM_CM35P_NTZ/non_secure/portmacro.h +++ b/portable/GCC/ARM_CM35P_NTZ/non_secure/portmacro.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -48,6 +50,7 @@ /** * Architecture specifics. */ +#define portPROCESSOR_VARIANT 35 #define portARCH_NAME "Cortex-M35P" #define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portARMV8M_MINOR_VERSION 0 diff --git a/portable/GCC/ARM_CM35P_NTZ/non_secure/portmacrocommon.h b/portable/GCC/ARM_CM35P_NTZ/non_secure/portmacrocommon.h index 3cf65761f96..aa2d7881100 100644 --- a/portable/GCC/ARM_CM35P_NTZ/non_secure/portmacrocommon.h +++ b/portable/GCC/ARM_CM35P_NTZ/non_secure/portmacrocommon.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -507,6 +509,44 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P #endif /* configUSE_PORT_OPTIMISED_TASK_SELECTION */ /*-----------------------------------------------------------*/ +#if (portPROCESSOR_VARIANT == 85) + + /** + * @brief PACBTI Security Feature Disabled + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_NONE 0 + + /** + * @brief PACBTI Security Feature Standard Configuration + * (PAC enabled without leaf functions support, and BTI enabled ). + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_STANDARD 1 + + /** + * @brief PACBTI Security Feature with only PAC enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET 2 + + /** + * @brief PACBTI Security Feature with PAC + * and PAC for leaf functions support enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF 3 + + /** + * @brief PACBTI Security Feature Standard + Leaf Configuration + * (PAC enabled with leaf functions support, and BTI enabled). + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI 4 + + /** + * @brief PACBTI Security Feature with only BTI enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_BTI 5 + +#endif /* portPROCESSOR_VARIANT == 85 */ +/*-----------------------------------------------------------*/ + /* *INDENT-OFF* */ #ifdef __cplusplus } diff --git a/portable/GCC/ARM_CM55/non_secure/port.c b/portable/GCC/ARM_CM55/non_secure/port.c index 75e9ea9dd75..201b8291896 100644 --- a/portable/GCC/ARM_CM55/non_secure/port.c +++ b/portable/GCC/ARM_CM55/non_secure/port.c @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void ); #define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) ) #define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) ) #define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL ) +#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL ) /*-----------------------------------------------------------*/ /** @@ -373,6 +376,13 @@ typedef void ( * portISR_t )( void ); * any secure calls. */ #define portNO_SECURE_CONTEXT 0 + +/** + * @brief Constant required to check PACBTI security feature implementation. + */ +#if (portPROCESSOR_VARIANT == 85) + #define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) ) +#endif /* portPROCESSOR_VARIANT == 85 */ /*-----------------------------------------------------------*/ /** @@ -410,6 +420,16 @@ static void prvTaskExitError( void ); static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; #endif /* configENABLE_FPU */ +#if (portPROCESSOR_VARIANT == 85) + +/** + * @brief Enable/Disable pointer authentication, and/or branch target identification + * based on the selected configuration using the FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG CMake variable. + * Currently, only Cortex-M85 (ARMv8.1-M architecture based) target supports PACBTI security feature. + */ + static void prvConfigurePacBti ( void ); +#endif /* portPROCESSOR_VARIANT == 85 */ + /** * @brief Setup the timer to generate the tick interrupts. * @@ -1740,6 +1760,13 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */ portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR2_REG = 0; + #if (portPROCESSOR_VARIANT == 85) + { + /* Check and configure PACBTI security feature before starting the first task. */ + prvConfigurePacBti(); + } + #endif /* portPROCESSOR_VARIANT == 85 */ + #if ( configENABLE_MPU == 1 ) { /* Setup the Memory Protection Unit (MPU). */ @@ -2158,3 +2185,42 @@ BaseType_t xPortIsInsideInterrupt( void ) #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ /*-----------------------------------------------------------*/ + +#if (portPROCESSOR_VARIANT == 85) + static void prvConfigurePacBti ( void ) + { + #if defined ( portARM_V_8_1_M_PACBTI_CONFIG ) + uint32_t ulIdIsar5 = portID_ISAR5_REG; + configASSERT(ulIdIsar5 != 0x0); + + /* Enable UsageFault exception if the selected configuration is not portARM_V_8_1_M_PACBTI_CONFIG_NONE */ + #if ( portARM_V_8_1_M_PACBTI_CONFIG != portARM_V_8_1_M_PACBTI_CONFIG_NONE ) + portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; + #endif + + uint32_t ulControl; + #if ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_STANDARD ) || \ + ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI ) ) + /* Set UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ + ulControl = 0xF0; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET ) || \ + ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF ) ) + /* Set UPAC_EN, and PAC_EN control bits */ + ulControl = 0xC0; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_BTI ) + /* Set UBTI_EN, and BTI_EN control bits */ + ulControl = 0x30; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_NONE ) + /* Clear UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ + ulControl = 0x00; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #else + #error "Invalid portARM_V_8_1_M_PACBTI_CONFIG option chosen" + #endif + #endif + } +#endif /* portPROCESSOR_VARIANT == 85 */ +/*-----------------------------------------------------------*/ diff --git a/portable/GCC/ARM_CM55/non_secure/portmacro.h b/portable/GCC/ARM_CM55/non_secure/portmacro.h index c6a179c524d..07f0e3070d3 100644 --- a/portable/GCC/ARM_CM55/non_secure/portmacro.h +++ b/portable/GCC/ARM_CM55/non_secure/portmacro.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -53,6 +55,7 @@ /** * Architecture specifics. */ +#define portPROCESSOR_VARIANT 55 #define portARCH_NAME "Cortex-M55" #define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portARMV8M_MINOR_VERSION 1 diff --git a/portable/GCC/ARM_CM55/non_secure/portmacrocommon.h b/portable/GCC/ARM_CM55/non_secure/portmacrocommon.h index 3cf65761f96..aa2d7881100 100644 --- a/portable/GCC/ARM_CM55/non_secure/portmacrocommon.h +++ b/portable/GCC/ARM_CM55/non_secure/portmacrocommon.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -507,6 +509,44 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P #endif /* configUSE_PORT_OPTIMISED_TASK_SELECTION */ /*-----------------------------------------------------------*/ +#if (portPROCESSOR_VARIANT == 85) + + /** + * @brief PACBTI Security Feature Disabled + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_NONE 0 + + /** + * @brief PACBTI Security Feature Standard Configuration + * (PAC enabled without leaf functions support, and BTI enabled ). + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_STANDARD 1 + + /** + * @brief PACBTI Security Feature with only PAC enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET 2 + + /** + * @brief PACBTI Security Feature with PAC + * and PAC for leaf functions support enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF 3 + + /** + * @brief PACBTI Security Feature Standard + Leaf Configuration + * (PAC enabled with leaf functions support, and BTI enabled). + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI 4 + + /** + * @brief PACBTI Security Feature with only BTI enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_BTI 5 + +#endif /* portPROCESSOR_VARIANT == 85 */ +/*-----------------------------------------------------------*/ + /* *INDENT-OFF* */ #ifdef __cplusplus } diff --git a/portable/GCC/ARM_CM55_NTZ/non_secure/port.c b/portable/GCC/ARM_CM55_NTZ/non_secure/port.c index 75e9ea9dd75..201b8291896 100644 --- a/portable/GCC/ARM_CM55_NTZ/non_secure/port.c +++ b/portable/GCC/ARM_CM55_NTZ/non_secure/port.c @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void ); #define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) ) #define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) ) #define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL ) +#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL ) /*-----------------------------------------------------------*/ /** @@ -373,6 +376,13 @@ typedef void ( * portISR_t )( void ); * any secure calls. */ #define portNO_SECURE_CONTEXT 0 + +/** + * @brief Constant required to check PACBTI security feature implementation. + */ +#if (portPROCESSOR_VARIANT == 85) + #define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) ) +#endif /* portPROCESSOR_VARIANT == 85 */ /*-----------------------------------------------------------*/ /** @@ -410,6 +420,16 @@ static void prvTaskExitError( void ); static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; #endif /* configENABLE_FPU */ +#if (portPROCESSOR_VARIANT == 85) + +/** + * @brief Enable/Disable pointer authentication, and/or branch target identification + * based on the selected configuration using the FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG CMake variable. + * Currently, only Cortex-M85 (ARMv8.1-M architecture based) target supports PACBTI security feature. + */ + static void prvConfigurePacBti ( void ); +#endif /* portPROCESSOR_VARIANT == 85 */ + /** * @brief Setup the timer to generate the tick interrupts. * @@ -1740,6 +1760,13 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */ portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR2_REG = 0; + #if (portPROCESSOR_VARIANT == 85) + { + /* Check and configure PACBTI security feature before starting the first task. */ + prvConfigurePacBti(); + } + #endif /* portPROCESSOR_VARIANT == 85 */ + #if ( configENABLE_MPU == 1 ) { /* Setup the Memory Protection Unit (MPU). */ @@ -2158,3 +2185,42 @@ BaseType_t xPortIsInsideInterrupt( void ) #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ /*-----------------------------------------------------------*/ + +#if (portPROCESSOR_VARIANT == 85) + static void prvConfigurePacBti ( void ) + { + #if defined ( portARM_V_8_1_M_PACBTI_CONFIG ) + uint32_t ulIdIsar5 = portID_ISAR5_REG; + configASSERT(ulIdIsar5 != 0x0); + + /* Enable UsageFault exception if the selected configuration is not portARM_V_8_1_M_PACBTI_CONFIG_NONE */ + #if ( portARM_V_8_1_M_PACBTI_CONFIG != portARM_V_8_1_M_PACBTI_CONFIG_NONE ) + portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; + #endif + + uint32_t ulControl; + #if ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_STANDARD ) || \ + ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI ) ) + /* Set UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ + ulControl = 0xF0; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET ) || \ + ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF ) ) + /* Set UPAC_EN, and PAC_EN control bits */ + ulControl = 0xC0; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_BTI ) + /* Set UBTI_EN, and BTI_EN control bits */ + ulControl = 0x30; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_NONE ) + /* Clear UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ + ulControl = 0x00; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #else + #error "Invalid portARM_V_8_1_M_PACBTI_CONFIG option chosen" + #endif + #endif + } +#endif /* portPROCESSOR_VARIANT == 85 */ +/*-----------------------------------------------------------*/ diff --git a/portable/GCC/ARM_CM55_NTZ/non_secure/portmacro.h b/portable/GCC/ARM_CM55_NTZ/non_secure/portmacro.h index c6a179c524d..07f0e3070d3 100644 --- a/portable/GCC/ARM_CM55_NTZ/non_secure/portmacro.h +++ b/portable/GCC/ARM_CM55_NTZ/non_secure/portmacro.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -53,6 +55,7 @@ /** * Architecture specifics. */ +#define portPROCESSOR_VARIANT 55 #define portARCH_NAME "Cortex-M55" #define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portARMV8M_MINOR_VERSION 1 diff --git a/portable/GCC/ARM_CM55_NTZ/non_secure/portmacrocommon.h b/portable/GCC/ARM_CM55_NTZ/non_secure/portmacrocommon.h index 3cf65761f96..aa2d7881100 100644 --- a/portable/GCC/ARM_CM55_NTZ/non_secure/portmacrocommon.h +++ b/portable/GCC/ARM_CM55_NTZ/non_secure/portmacrocommon.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -507,6 +509,44 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P #endif /* configUSE_PORT_OPTIMISED_TASK_SELECTION */ /*-----------------------------------------------------------*/ +#if (portPROCESSOR_VARIANT == 85) + + /** + * @brief PACBTI Security Feature Disabled + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_NONE 0 + + /** + * @brief PACBTI Security Feature Standard Configuration + * (PAC enabled without leaf functions support, and BTI enabled ). + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_STANDARD 1 + + /** + * @brief PACBTI Security Feature with only PAC enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET 2 + + /** + * @brief PACBTI Security Feature with PAC + * and PAC for leaf functions support enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF 3 + + /** + * @brief PACBTI Security Feature Standard + Leaf Configuration + * (PAC enabled with leaf functions support, and BTI enabled). + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI 4 + + /** + * @brief PACBTI Security Feature with only BTI enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_BTI 5 + +#endif /* portPROCESSOR_VARIANT == 85 */ +/*-----------------------------------------------------------*/ + /* *INDENT-OFF* */ #ifdef __cplusplus } diff --git a/portable/GCC/ARM_CM85/non_secure/port.c b/portable/GCC/ARM_CM85/non_secure/port.c index 75e9ea9dd75..201b8291896 100644 --- a/portable/GCC/ARM_CM85/non_secure/port.c +++ b/portable/GCC/ARM_CM85/non_secure/port.c @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void ); #define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) ) #define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) ) #define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL ) +#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL ) /*-----------------------------------------------------------*/ /** @@ -373,6 +376,13 @@ typedef void ( * portISR_t )( void ); * any secure calls. */ #define portNO_SECURE_CONTEXT 0 + +/** + * @brief Constant required to check PACBTI security feature implementation. + */ +#if (portPROCESSOR_VARIANT == 85) + #define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) ) +#endif /* portPROCESSOR_VARIANT == 85 */ /*-----------------------------------------------------------*/ /** @@ -410,6 +420,16 @@ static void prvTaskExitError( void ); static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; #endif /* configENABLE_FPU */ +#if (portPROCESSOR_VARIANT == 85) + +/** + * @brief Enable/Disable pointer authentication, and/or branch target identification + * based on the selected configuration using the FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG CMake variable. + * Currently, only Cortex-M85 (ARMv8.1-M architecture based) target supports PACBTI security feature. + */ + static void prvConfigurePacBti ( void ); +#endif /* portPROCESSOR_VARIANT == 85 */ + /** * @brief Setup the timer to generate the tick interrupts. * @@ -1740,6 +1760,13 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */ portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR2_REG = 0; + #if (portPROCESSOR_VARIANT == 85) + { + /* Check and configure PACBTI security feature before starting the first task. */ + prvConfigurePacBti(); + } + #endif /* portPROCESSOR_VARIANT == 85 */ + #if ( configENABLE_MPU == 1 ) { /* Setup the Memory Protection Unit (MPU). */ @@ -2158,3 +2185,42 @@ BaseType_t xPortIsInsideInterrupt( void ) #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ /*-----------------------------------------------------------*/ + +#if (portPROCESSOR_VARIANT == 85) + static void prvConfigurePacBti ( void ) + { + #if defined ( portARM_V_8_1_M_PACBTI_CONFIG ) + uint32_t ulIdIsar5 = portID_ISAR5_REG; + configASSERT(ulIdIsar5 != 0x0); + + /* Enable UsageFault exception if the selected configuration is not portARM_V_8_1_M_PACBTI_CONFIG_NONE */ + #if ( portARM_V_8_1_M_PACBTI_CONFIG != portARM_V_8_1_M_PACBTI_CONFIG_NONE ) + portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; + #endif + + uint32_t ulControl; + #if ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_STANDARD ) || \ + ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI ) ) + /* Set UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ + ulControl = 0xF0; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET ) || \ + ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF ) ) + /* Set UPAC_EN, and PAC_EN control bits */ + ulControl = 0xC0; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_BTI ) + /* Set UBTI_EN, and BTI_EN control bits */ + ulControl = 0x30; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_NONE ) + /* Clear UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ + ulControl = 0x00; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #else + #error "Invalid portARM_V_8_1_M_PACBTI_CONFIG option chosen" + #endif + #endif + } +#endif /* portPROCESSOR_VARIANT == 85 */ +/*-----------------------------------------------------------*/ diff --git a/portable/GCC/ARM_CM85/non_secure/portmacro.h b/portable/GCC/ARM_CM85/non_secure/portmacro.h index 7e14f269603..2c7ec8d14e5 100644 --- a/portable/GCC/ARM_CM85/non_secure/portmacro.h +++ b/portable/GCC/ARM_CM85/non_secure/portmacro.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -53,6 +55,7 @@ /** * Architecture specifics. */ +#define portPROCESSOR_VARIANT 85 #define portARCH_NAME "Cortex-M85" #define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portARMV8M_MINOR_VERSION 1 diff --git a/portable/GCC/ARM_CM85/non_secure/portmacrocommon.h b/portable/GCC/ARM_CM85/non_secure/portmacrocommon.h index 3cf65761f96..aa2d7881100 100644 --- a/portable/GCC/ARM_CM85/non_secure/portmacrocommon.h +++ b/portable/GCC/ARM_CM85/non_secure/portmacrocommon.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -507,6 +509,44 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P #endif /* configUSE_PORT_OPTIMISED_TASK_SELECTION */ /*-----------------------------------------------------------*/ +#if (portPROCESSOR_VARIANT == 85) + + /** + * @brief PACBTI Security Feature Disabled + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_NONE 0 + + /** + * @brief PACBTI Security Feature Standard Configuration + * (PAC enabled without leaf functions support, and BTI enabled ). + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_STANDARD 1 + + /** + * @brief PACBTI Security Feature with only PAC enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET 2 + + /** + * @brief PACBTI Security Feature with PAC + * and PAC for leaf functions support enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF 3 + + /** + * @brief PACBTI Security Feature Standard + Leaf Configuration + * (PAC enabled with leaf functions support, and BTI enabled). + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI 4 + + /** + * @brief PACBTI Security Feature with only BTI enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_BTI 5 + +#endif /* portPROCESSOR_VARIANT == 85 */ +/*-----------------------------------------------------------*/ + /* *INDENT-OFF* */ #ifdef __cplusplus } diff --git a/portable/GCC/ARM_CM85_NTZ/non_secure/port.c b/portable/GCC/ARM_CM85_NTZ/non_secure/port.c index 75e9ea9dd75..201b8291896 100644 --- a/portable/GCC/ARM_CM85_NTZ/non_secure/port.c +++ b/portable/GCC/ARM_CM85_NTZ/non_secure/port.c @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void ); #define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) ) #define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) ) #define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL ) +#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL ) /*-----------------------------------------------------------*/ /** @@ -373,6 +376,13 @@ typedef void ( * portISR_t )( void ); * any secure calls. */ #define portNO_SECURE_CONTEXT 0 + +/** + * @brief Constant required to check PACBTI security feature implementation. + */ +#if (portPROCESSOR_VARIANT == 85) + #define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) ) +#endif /* portPROCESSOR_VARIANT == 85 */ /*-----------------------------------------------------------*/ /** @@ -410,6 +420,16 @@ static void prvTaskExitError( void ); static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; #endif /* configENABLE_FPU */ +#if (portPROCESSOR_VARIANT == 85) + +/** + * @brief Enable/Disable pointer authentication, and/or branch target identification + * based on the selected configuration using the FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG CMake variable. + * Currently, only Cortex-M85 (ARMv8.1-M architecture based) target supports PACBTI security feature. + */ + static void prvConfigurePacBti ( void ); +#endif /* portPROCESSOR_VARIANT == 85 */ + /** * @brief Setup the timer to generate the tick interrupts. * @@ -1740,6 +1760,13 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */ portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR2_REG = 0; + #if (portPROCESSOR_VARIANT == 85) + { + /* Check and configure PACBTI security feature before starting the first task. */ + prvConfigurePacBti(); + } + #endif /* portPROCESSOR_VARIANT == 85 */ + #if ( configENABLE_MPU == 1 ) { /* Setup the Memory Protection Unit (MPU). */ @@ -2158,3 +2185,42 @@ BaseType_t xPortIsInsideInterrupt( void ) #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ /*-----------------------------------------------------------*/ + +#if (portPROCESSOR_VARIANT == 85) + static void prvConfigurePacBti ( void ) + { + #if defined ( portARM_V_8_1_M_PACBTI_CONFIG ) + uint32_t ulIdIsar5 = portID_ISAR5_REG; + configASSERT(ulIdIsar5 != 0x0); + + /* Enable UsageFault exception if the selected configuration is not portARM_V_8_1_M_PACBTI_CONFIG_NONE */ + #if ( portARM_V_8_1_M_PACBTI_CONFIG != portARM_V_8_1_M_PACBTI_CONFIG_NONE ) + portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; + #endif + + uint32_t ulControl; + #if ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_STANDARD ) || \ + ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI ) ) + /* Set UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ + ulControl = 0xF0; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET ) || \ + ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF ) ) + /* Set UPAC_EN, and PAC_EN control bits */ + ulControl = 0xC0; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_BTI ) + /* Set UBTI_EN, and BTI_EN control bits */ + ulControl = 0x30; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_NONE ) + /* Clear UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ + ulControl = 0x00; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #else + #error "Invalid portARM_V_8_1_M_PACBTI_CONFIG option chosen" + #endif + #endif + } +#endif /* portPROCESSOR_VARIANT == 85 */ +/*-----------------------------------------------------------*/ diff --git a/portable/GCC/ARM_CM85_NTZ/non_secure/portmacro.h b/portable/GCC/ARM_CM85_NTZ/non_secure/portmacro.h index 7e14f269603..2c7ec8d14e5 100644 --- a/portable/GCC/ARM_CM85_NTZ/non_secure/portmacro.h +++ b/portable/GCC/ARM_CM85_NTZ/non_secure/portmacro.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -53,6 +55,7 @@ /** * Architecture specifics. */ +#define portPROCESSOR_VARIANT 85 #define portARCH_NAME "Cortex-M85" #define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portARMV8M_MINOR_VERSION 1 diff --git a/portable/GCC/ARM_CM85_NTZ/non_secure/portmacrocommon.h b/portable/GCC/ARM_CM85_NTZ/non_secure/portmacrocommon.h index 3cf65761f96..aa2d7881100 100644 --- a/portable/GCC/ARM_CM85_NTZ/non_secure/portmacrocommon.h +++ b/portable/GCC/ARM_CM85_NTZ/non_secure/portmacrocommon.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -507,6 +509,44 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P #endif /* configUSE_PORT_OPTIMISED_TASK_SELECTION */ /*-----------------------------------------------------------*/ +#if (portPROCESSOR_VARIANT == 85) + + /** + * @brief PACBTI Security Feature Disabled + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_NONE 0 + + /** + * @brief PACBTI Security Feature Standard Configuration + * (PAC enabled without leaf functions support, and BTI enabled ). + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_STANDARD 1 + + /** + * @brief PACBTI Security Feature with only PAC enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET 2 + + /** + * @brief PACBTI Security Feature with PAC + * and PAC for leaf functions support enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF 3 + + /** + * @brief PACBTI Security Feature Standard + Leaf Configuration + * (PAC enabled with leaf functions support, and BTI enabled). + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI 4 + + /** + * @brief PACBTI Security Feature with only BTI enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_BTI 5 + +#endif /* portPROCESSOR_VARIANT == 85 */ +/*-----------------------------------------------------------*/ + /* *INDENT-OFF* */ #ifdef __cplusplus } diff --git a/portable/IAR/ARM_CM23/non_secure/port.c b/portable/IAR/ARM_CM23/non_secure/port.c index 75e9ea9dd75..201b8291896 100644 --- a/portable/IAR/ARM_CM23/non_secure/port.c +++ b/portable/IAR/ARM_CM23/non_secure/port.c @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void ); #define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) ) #define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) ) #define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL ) +#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL ) /*-----------------------------------------------------------*/ /** @@ -373,6 +376,13 @@ typedef void ( * portISR_t )( void ); * any secure calls. */ #define portNO_SECURE_CONTEXT 0 + +/** + * @brief Constant required to check PACBTI security feature implementation. + */ +#if (portPROCESSOR_VARIANT == 85) + #define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) ) +#endif /* portPROCESSOR_VARIANT == 85 */ /*-----------------------------------------------------------*/ /** @@ -410,6 +420,16 @@ static void prvTaskExitError( void ); static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; #endif /* configENABLE_FPU */ +#if (portPROCESSOR_VARIANT == 85) + +/** + * @brief Enable/Disable pointer authentication, and/or branch target identification + * based on the selected configuration using the FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG CMake variable. + * Currently, only Cortex-M85 (ARMv8.1-M architecture based) target supports PACBTI security feature. + */ + static void prvConfigurePacBti ( void ); +#endif /* portPROCESSOR_VARIANT == 85 */ + /** * @brief Setup the timer to generate the tick interrupts. * @@ -1740,6 +1760,13 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */ portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR2_REG = 0; + #if (portPROCESSOR_VARIANT == 85) + { + /* Check and configure PACBTI security feature before starting the first task. */ + prvConfigurePacBti(); + } + #endif /* portPROCESSOR_VARIANT == 85 */ + #if ( configENABLE_MPU == 1 ) { /* Setup the Memory Protection Unit (MPU). */ @@ -2158,3 +2185,42 @@ BaseType_t xPortIsInsideInterrupt( void ) #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ /*-----------------------------------------------------------*/ + +#if (portPROCESSOR_VARIANT == 85) + static void prvConfigurePacBti ( void ) + { + #if defined ( portARM_V_8_1_M_PACBTI_CONFIG ) + uint32_t ulIdIsar5 = portID_ISAR5_REG; + configASSERT(ulIdIsar5 != 0x0); + + /* Enable UsageFault exception if the selected configuration is not portARM_V_8_1_M_PACBTI_CONFIG_NONE */ + #if ( portARM_V_8_1_M_PACBTI_CONFIG != portARM_V_8_1_M_PACBTI_CONFIG_NONE ) + portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; + #endif + + uint32_t ulControl; + #if ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_STANDARD ) || \ + ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI ) ) + /* Set UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ + ulControl = 0xF0; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET ) || \ + ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF ) ) + /* Set UPAC_EN, and PAC_EN control bits */ + ulControl = 0xC0; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_BTI ) + /* Set UBTI_EN, and BTI_EN control bits */ + ulControl = 0x30; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_NONE ) + /* Clear UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ + ulControl = 0x00; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #else + #error "Invalid portARM_V_8_1_M_PACBTI_CONFIG option chosen" + #endif + #endif + } +#endif /* portPROCESSOR_VARIANT == 85 */ +/*-----------------------------------------------------------*/ diff --git a/portable/IAR/ARM_CM23/non_secure/portmacro.h b/portable/IAR/ARM_CM23/non_secure/portmacro.h index 9dfcc91325f..89e7b3e9769 100644 --- a/portable/IAR/ARM_CM23/non_secure/portmacro.h +++ b/portable/IAR/ARM_CM23/non_secure/portmacro.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -48,6 +50,7 @@ /** * Architecture specifics. */ +#define portPROCESSOR_VARIANT 23 #define portARCH_NAME "Cortex-M23" #define portHAS_ARMV8M_MAIN_EXTENSION 0 #define portARMV8M_MINOR_VERSION 0 diff --git a/portable/IAR/ARM_CM23/non_secure/portmacrocommon.h b/portable/IAR/ARM_CM23/non_secure/portmacrocommon.h index 3cf65761f96..aa2d7881100 100644 --- a/portable/IAR/ARM_CM23/non_secure/portmacrocommon.h +++ b/portable/IAR/ARM_CM23/non_secure/portmacrocommon.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -507,6 +509,44 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P #endif /* configUSE_PORT_OPTIMISED_TASK_SELECTION */ /*-----------------------------------------------------------*/ +#if (portPROCESSOR_VARIANT == 85) + + /** + * @brief PACBTI Security Feature Disabled + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_NONE 0 + + /** + * @brief PACBTI Security Feature Standard Configuration + * (PAC enabled without leaf functions support, and BTI enabled ). + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_STANDARD 1 + + /** + * @brief PACBTI Security Feature with only PAC enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET 2 + + /** + * @brief PACBTI Security Feature with PAC + * and PAC for leaf functions support enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF 3 + + /** + * @brief PACBTI Security Feature Standard + Leaf Configuration + * (PAC enabled with leaf functions support, and BTI enabled). + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI 4 + + /** + * @brief PACBTI Security Feature with only BTI enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_BTI 5 + +#endif /* portPROCESSOR_VARIANT == 85 */ +/*-----------------------------------------------------------*/ + /* *INDENT-OFF* */ #ifdef __cplusplus } diff --git a/portable/IAR/ARM_CM23_NTZ/non_secure/port.c b/portable/IAR/ARM_CM23_NTZ/non_secure/port.c index 75e9ea9dd75..201b8291896 100644 --- a/portable/IAR/ARM_CM23_NTZ/non_secure/port.c +++ b/portable/IAR/ARM_CM23_NTZ/non_secure/port.c @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void ); #define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) ) #define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) ) #define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL ) +#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL ) /*-----------------------------------------------------------*/ /** @@ -373,6 +376,13 @@ typedef void ( * portISR_t )( void ); * any secure calls. */ #define portNO_SECURE_CONTEXT 0 + +/** + * @brief Constant required to check PACBTI security feature implementation. + */ +#if (portPROCESSOR_VARIANT == 85) + #define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) ) +#endif /* portPROCESSOR_VARIANT == 85 */ /*-----------------------------------------------------------*/ /** @@ -410,6 +420,16 @@ static void prvTaskExitError( void ); static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; #endif /* configENABLE_FPU */ +#if (portPROCESSOR_VARIANT == 85) + +/** + * @brief Enable/Disable pointer authentication, and/or branch target identification + * based on the selected configuration using the FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG CMake variable. + * Currently, only Cortex-M85 (ARMv8.1-M architecture based) target supports PACBTI security feature. + */ + static void prvConfigurePacBti ( void ); +#endif /* portPROCESSOR_VARIANT == 85 */ + /** * @brief Setup the timer to generate the tick interrupts. * @@ -1740,6 +1760,13 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */ portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR2_REG = 0; + #if (portPROCESSOR_VARIANT == 85) + { + /* Check and configure PACBTI security feature before starting the first task. */ + prvConfigurePacBti(); + } + #endif /* portPROCESSOR_VARIANT == 85 */ + #if ( configENABLE_MPU == 1 ) { /* Setup the Memory Protection Unit (MPU). */ @@ -2158,3 +2185,42 @@ BaseType_t xPortIsInsideInterrupt( void ) #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ /*-----------------------------------------------------------*/ + +#if (portPROCESSOR_VARIANT == 85) + static void prvConfigurePacBti ( void ) + { + #if defined ( portARM_V_8_1_M_PACBTI_CONFIG ) + uint32_t ulIdIsar5 = portID_ISAR5_REG; + configASSERT(ulIdIsar5 != 0x0); + + /* Enable UsageFault exception if the selected configuration is not portARM_V_8_1_M_PACBTI_CONFIG_NONE */ + #if ( portARM_V_8_1_M_PACBTI_CONFIG != portARM_V_8_1_M_PACBTI_CONFIG_NONE ) + portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; + #endif + + uint32_t ulControl; + #if ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_STANDARD ) || \ + ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI ) ) + /* Set UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ + ulControl = 0xF0; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET ) || \ + ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF ) ) + /* Set UPAC_EN, and PAC_EN control bits */ + ulControl = 0xC0; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_BTI ) + /* Set UBTI_EN, and BTI_EN control bits */ + ulControl = 0x30; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_NONE ) + /* Clear UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ + ulControl = 0x00; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #else + #error "Invalid portARM_V_8_1_M_PACBTI_CONFIG option chosen" + #endif + #endif + } +#endif /* portPROCESSOR_VARIANT == 85 */ +/*-----------------------------------------------------------*/ diff --git a/portable/IAR/ARM_CM23_NTZ/non_secure/portmacro.h b/portable/IAR/ARM_CM23_NTZ/non_secure/portmacro.h index 9dfcc91325f..89e7b3e9769 100644 --- a/portable/IAR/ARM_CM23_NTZ/non_secure/portmacro.h +++ b/portable/IAR/ARM_CM23_NTZ/non_secure/portmacro.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -48,6 +50,7 @@ /** * Architecture specifics. */ +#define portPROCESSOR_VARIANT 23 #define portARCH_NAME "Cortex-M23" #define portHAS_ARMV8M_MAIN_EXTENSION 0 #define portARMV8M_MINOR_VERSION 0 diff --git a/portable/IAR/ARM_CM23_NTZ/non_secure/portmacrocommon.h b/portable/IAR/ARM_CM23_NTZ/non_secure/portmacrocommon.h index 3cf65761f96..aa2d7881100 100644 --- a/portable/IAR/ARM_CM23_NTZ/non_secure/portmacrocommon.h +++ b/portable/IAR/ARM_CM23_NTZ/non_secure/portmacrocommon.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -507,6 +509,44 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P #endif /* configUSE_PORT_OPTIMISED_TASK_SELECTION */ /*-----------------------------------------------------------*/ +#if (portPROCESSOR_VARIANT == 85) + + /** + * @brief PACBTI Security Feature Disabled + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_NONE 0 + + /** + * @brief PACBTI Security Feature Standard Configuration + * (PAC enabled without leaf functions support, and BTI enabled ). + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_STANDARD 1 + + /** + * @brief PACBTI Security Feature with only PAC enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET 2 + + /** + * @brief PACBTI Security Feature with PAC + * and PAC for leaf functions support enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF 3 + + /** + * @brief PACBTI Security Feature Standard + Leaf Configuration + * (PAC enabled with leaf functions support, and BTI enabled). + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI 4 + + /** + * @brief PACBTI Security Feature with only BTI enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_BTI 5 + +#endif /* portPROCESSOR_VARIANT == 85 */ +/*-----------------------------------------------------------*/ + /* *INDENT-OFF* */ #ifdef __cplusplus } diff --git a/portable/IAR/ARM_CM33/non_secure/port.c b/portable/IAR/ARM_CM33/non_secure/port.c index 75e9ea9dd75..201b8291896 100644 --- a/portable/IAR/ARM_CM33/non_secure/port.c +++ b/portable/IAR/ARM_CM33/non_secure/port.c @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void ); #define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) ) #define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) ) #define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL ) +#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL ) /*-----------------------------------------------------------*/ /** @@ -373,6 +376,13 @@ typedef void ( * portISR_t )( void ); * any secure calls. */ #define portNO_SECURE_CONTEXT 0 + +/** + * @brief Constant required to check PACBTI security feature implementation. + */ +#if (portPROCESSOR_VARIANT == 85) + #define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) ) +#endif /* portPROCESSOR_VARIANT == 85 */ /*-----------------------------------------------------------*/ /** @@ -410,6 +420,16 @@ static void prvTaskExitError( void ); static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; #endif /* configENABLE_FPU */ +#if (portPROCESSOR_VARIANT == 85) + +/** + * @brief Enable/Disable pointer authentication, and/or branch target identification + * based on the selected configuration using the FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG CMake variable. + * Currently, only Cortex-M85 (ARMv8.1-M architecture based) target supports PACBTI security feature. + */ + static void prvConfigurePacBti ( void ); +#endif /* portPROCESSOR_VARIANT == 85 */ + /** * @brief Setup the timer to generate the tick interrupts. * @@ -1740,6 +1760,13 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */ portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR2_REG = 0; + #if (portPROCESSOR_VARIANT == 85) + { + /* Check and configure PACBTI security feature before starting the first task. */ + prvConfigurePacBti(); + } + #endif /* portPROCESSOR_VARIANT == 85 */ + #if ( configENABLE_MPU == 1 ) { /* Setup the Memory Protection Unit (MPU). */ @@ -2158,3 +2185,42 @@ BaseType_t xPortIsInsideInterrupt( void ) #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ /*-----------------------------------------------------------*/ + +#if (portPROCESSOR_VARIANT == 85) + static void prvConfigurePacBti ( void ) + { + #if defined ( portARM_V_8_1_M_PACBTI_CONFIG ) + uint32_t ulIdIsar5 = portID_ISAR5_REG; + configASSERT(ulIdIsar5 != 0x0); + + /* Enable UsageFault exception if the selected configuration is not portARM_V_8_1_M_PACBTI_CONFIG_NONE */ + #if ( portARM_V_8_1_M_PACBTI_CONFIG != portARM_V_8_1_M_PACBTI_CONFIG_NONE ) + portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; + #endif + + uint32_t ulControl; + #if ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_STANDARD ) || \ + ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI ) ) + /* Set UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ + ulControl = 0xF0; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET ) || \ + ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF ) ) + /* Set UPAC_EN, and PAC_EN control bits */ + ulControl = 0xC0; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_BTI ) + /* Set UBTI_EN, and BTI_EN control bits */ + ulControl = 0x30; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_NONE ) + /* Clear UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ + ulControl = 0x00; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #else + #error "Invalid portARM_V_8_1_M_PACBTI_CONFIG option chosen" + #endif + #endif + } +#endif /* portPROCESSOR_VARIANT == 85 */ +/*-----------------------------------------------------------*/ diff --git a/portable/IAR/ARM_CM33/non_secure/portmacro.h b/portable/IAR/ARM_CM33/non_secure/portmacro.h index a2a301f0041..80f0164fbf5 100644 --- a/portable/IAR/ARM_CM33/non_secure/portmacro.h +++ b/portable/IAR/ARM_CM33/non_secure/portmacro.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -48,6 +50,7 @@ /** * Architecture specifics. */ +#define portPROCESSOR_VARIANT 33 #define portARCH_NAME "Cortex-M33" #define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portARMV8M_MINOR_VERSION 0 diff --git a/portable/IAR/ARM_CM33/non_secure/portmacrocommon.h b/portable/IAR/ARM_CM33/non_secure/portmacrocommon.h index 3cf65761f96..aa2d7881100 100644 --- a/portable/IAR/ARM_CM33/non_secure/portmacrocommon.h +++ b/portable/IAR/ARM_CM33/non_secure/portmacrocommon.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -507,6 +509,44 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P #endif /* configUSE_PORT_OPTIMISED_TASK_SELECTION */ /*-----------------------------------------------------------*/ +#if (portPROCESSOR_VARIANT == 85) + + /** + * @brief PACBTI Security Feature Disabled + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_NONE 0 + + /** + * @brief PACBTI Security Feature Standard Configuration + * (PAC enabled without leaf functions support, and BTI enabled ). + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_STANDARD 1 + + /** + * @brief PACBTI Security Feature with only PAC enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET 2 + + /** + * @brief PACBTI Security Feature with PAC + * and PAC for leaf functions support enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF 3 + + /** + * @brief PACBTI Security Feature Standard + Leaf Configuration + * (PAC enabled with leaf functions support, and BTI enabled). + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI 4 + + /** + * @brief PACBTI Security Feature with only BTI enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_BTI 5 + +#endif /* portPROCESSOR_VARIANT == 85 */ +/*-----------------------------------------------------------*/ + /* *INDENT-OFF* */ #ifdef __cplusplus } diff --git a/portable/IAR/ARM_CM33_NTZ/non_secure/port.c b/portable/IAR/ARM_CM33_NTZ/non_secure/port.c index 75e9ea9dd75..201b8291896 100644 --- a/portable/IAR/ARM_CM33_NTZ/non_secure/port.c +++ b/portable/IAR/ARM_CM33_NTZ/non_secure/port.c @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void ); #define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) ) #define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) ) #define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL ) +#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL ) /*-----------------------------------------------------------*/ /** @@ -373,6 +376,13 @@ typedef void ( * portISR_t )( void ); * any secure calls. */ #define portNO_SECURE_CONTEXT 0 + +/** + * @brief Constant required to check PACBTI security feature implementation. + */ +#if (portPROCESSOR_VARIANT == 85) + #define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) ) +#endif /* portPROCESSOR_VARIANT == 85 */ /*-----------------------------------------------------------*/ /** @@ -410,6 +420,16 @@ static void prvTaskExitError( void ); static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; #endif /* configENABLE_FPU */ +#if (portPROCESSOR_VARIANT == 85) + +/** + * @brief Enable/Disable pointer authentication, and/or branch target identification + * based on the selected configuration using the FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG CMake variable. + * Currently, only Cortex-M85 (ARMv8.1-M architecture based) target supports PACBTI security feature. + */ + static void prvConfigurePacBti ( void ); +#endif /* portPROCESSOR_VARIANT == 85 */ + /** * @brief Setup the timer to generate the tick interrupts. * @@ -1740,6 +1760,13 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */ portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR2_REG = 0; + #if (portPROCESSOR_VARIANT == 85) + { + /* Check and configure PACBTI security feature before starting the first task. */ + prvConfigurePacBti(); + } + #endif /* portPROCESSOR_VARIANT == 85 */ + #if ( configENABLE_MPU == 1 ) { /* Setup the Memory Protection Unit (MPU). */ @@ -2158,3 +2185,42 @@ BaseType_t xPortIsInsideInterrupt( void ) #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ /*-----------------------------------------------------------*/ + +#if (portPROCESSOR_VARIANT == 85) + static void prvConfigurePacBti ( void ) + { + #if defined ( portARM_V_8_1_M_PACBTI_CONFIG ) + uint32_t ulIdIsar5 = portID_ISAR5_REG; + configASSERT(ulIdIsar5 != 0x0); + + /* Enable UsageFault exception if the selected configuration is not portARM_V_8_1_M_PACBTI_CONFIG_NONE */ + #if ( portARM_V_8_1_M_PACBTI_CONFIG != portARM_V_8_1_M_PACBTI_CONFIG_NONE ) + portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; + #endif + + uint32_t ulControl; + #if ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_STANDARD ) || \ + ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI ) ) + /* Set UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ + ulControl = 0xF0; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET ) || \ + ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF ) ) + /* Set UPAC_EN, and PAC_EN control bits */ + ulControl = 0xC0; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_BTI ) + /* Set UBTI_EN, and BTI_EN control bits */ + ulControl = 0x30; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_NONE ) + /* Clear UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ + ulControl = 0x00; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #else + #error "Invalid portARM_V_8_1_M_PACBTI_CONFIG option chosen" + #endif + #endif + } +#endif /* portPROCESSOR_VARIANT == 85 */ +/*-----------------------------------------------------------*/ diff --git a/portable/IAR/ARM_CM33_NTZ/non_secure/portmacro.h b/portable/IAR/ARM_CM33_NTZ/non_secure/portmacro.h index f0d5f2b9c9c..86de0b218db 100644 --- a/portable/IAR/ARM_CM33_NTZ/non_secure/portmacro.h +++ b/portable/IAR/ARM_CM33_NTZ/non_secure/portmacro.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -48,6 +50,7 @@ /** * Architecture specifics. */ +#define portPROCESSOR_VARIANT 33 #define portARCH_NAME "Cortex-M33" #define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portARMV8M_MINOR_VERSION 0 diff --git a/portable/IAR/ARM_CM33_NTZ/non_secure/portmacrocommon.h b/portable/IAR/ARM_CM33_NTZ/non_secure/portmacrocommon.h index 3cf65761f96..aa2d7881100 100644 --- a/portable/IAR/ARM_CM33_NTZ/non_secure/portmacrocommon.h +++ b/portable/IAR/ARM_CM33_NTZ/non_secure/portmacrocommon.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -507,6 +509,44 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P #endif /* configUSE_PORT_OPTIMISED_TASK_SELECTION */ /*-----------------------------------------------------------*/ +#if (portPROCESSOR_VARIANT == 85) + + /** + * @brief PACBTI Security Feature Disabled + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_NONE 0 + + /** + * @brief PACBTI Security Feature Standard Configuration + * (PAC enabled without leaf functions support, and BTI enabled ). + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_STANDARD 1 + + /** + * @brief PACBTI Security Feature with only PAC enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET 2 + + /** + * @brief PACBTI Security Feature with PAC + * and PAC for leaf functions support enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF 3 + + /** + * @brief PACBTI Security Feature Standard + Leaf Configuration + * (PAC enabled with leaf functions support, and BTI enabled). + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI 4 + + /** + * @brief PACBTI Security Feature with only BTI enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_BTI 5 + +#endif /* portPROCESSOR_VARIANT == 85 */ +/*-----------------------------------------------------------*/ + /* *INDENT-OFF* */ #ifdef __cplusplus } diff --git a/portable/IAR/ARM_CM35P/non_secure/port.c b/portable/IAR/ARM_CM35P/non_secure/port.c index 75e9ea9dd75..201b8291896 100644 --- a/portable/IAR/ARM_CM35P/non_secure/port.c +++ b/portable/IAR/ARM_CM35P/non_secure/port.c @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void ); #define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) ) #define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) ) #define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL ) +#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL ) /*-----------------------------------------------------------*/ /** @@ -373,6 +376,13 @@ typedef void ( * portISR_t )( void ); * any secure calls. */ #define portNO_SECURE_CONTEXT 0 + +/** + * @brief Constant required to check PACBTI security feature implementation. + */ +#if (portPROCESSOR_VARIANT == 85) + #define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) ) +#endif /* portPROCESSOR_VARIANT == 85 */ /*-----------------------------------------------------------*/ /** @@ -410,6 +420,16 @@ static void prvTaskExitError( void ); static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; #endif /* configENABLE_FPU */ +#if (portPROCESSOR_VARIANT == 85) + +/** + * @brief Enable/Disable pointer authentication, and/or branch target identification + * based on the selected configuration using the FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG CMake variable. + * Currently, only Cortex-M85 (ARMv8.1-M architecture based) target supports PACBTI security feature. + */ + static void prvConfigurePacBti ( void ); +#endif /* portPROCESSOR_VARIANT == 85 */ + /** * @brief Setup the timer to generate the tick interrupts. * @@ -1740,6 +1760,13 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */ portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR2_REG = 0; + #if (portPROCESSOR_VARIANT == 85) + { + /* Check and configure PACBTI security feature before starting the first task. */ + prvConfigurePacBti(); + } + #endif /* portPROCESSOR_VARIANT == 85 */ + #if ( configENABLE_MPU == 1 ) { /* Setup the Memory Protection Unit (MPU). */ @@ -2158,3 +2185,42 @@ BaseType_t xPortIsInsideInterrupt( void ) #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ /*-----------------------------------------------------------*/ + +#if (portPROCESSOR_VARIANT == 85) + static void prvConfigurePacBti ( void ) + { + #if defined ( portARM_V_8_1_M_PACBTI_CONFIG ) + uint32_t ulIdIsar5 = portID_ISAR5_REG; + configASSERT(ulIdIsar5 != 0x0); + + /* Enable UsageFault exception if the selected configuration is not portARM_V_8_1_M_PACBTI_CONFIG_NONE */ + #if ( portARM_V_8_1_M_PACBTI_CONFIG != portARM_V_8_1_M_PACBTI_CONFIG_NONE ) + portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; + #endif + + uint32_t ulControl; + #if ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_STANDARD ) || \ + ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI ) ) + /* Set UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ + ulControl = 0xF0; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET ) || \ + ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF ) ) + /* Set UPAC_EN, and PAC_EN control bits */ + ulControl = 0xC0; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_BTI ) + /* Set UBTI_EN, and BTI_EN control bits */ + ulControl = 0x30; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_NONE ) + /* Clear UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ + ulControl = 0x00; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #else + #error "Invalid portARM_V_8_1_M_PACBTI_CONFIG option chosen" + #endif + #endif + } +#endif /* portPROCESSOR_VARIANT == 85 */ +/*-----------------------------------------------------------*/ diff --git a/portable/IAR/ARM_CM35P/non_secure/portmacro.h b/portable/IAR/ARM_CM35P/non_secure/portmacro.h index 633da3a6d0b..c0d75edf580 100644 --- a/portable/IAR/ARM_CM35P/non_secure/portmacro.h +++ b/portable/IAR/ARM_CM35P/non_secure/portmacro.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -48,6 +50,7 @@ /** * Architecture specifics. */ +#define portPROCESSOR_VARIANT 35 #define portARCH_NAME "Cortex-M35P" #define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portARMV8M_MINOR_VERSION 0 diff --git a/portable/IAR/ARM_CM35P/non_secure/portmacrocommon.h b/portable/IAR/ARM_CM35P/non_secure/portmacrocommon.h index 3cf65761f96..aa2d7881100 100644 --- a/portable/IAR/ARM_CM35P/non_secure/portmacrocommon.h +++ b/portable/IAR/ARM_CM35P/non_secure/portmacrocommon.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -507,6 +509,44 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P #endif /* configUSE_PORT_OPTIMISED_TASK_SELECTION */ /*-----------------------------------------------------------*/ +#if (portPROCESSOR_VARIANT == 85) + + /** + * @brief PACBTI Security Feature Disabled + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_NONE 0 + + /** + * @brief PACBTI Security Feature Standard Configuration + * (PAC enabled without leaf functions support, and BTI enabled ). + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_STANDARD 1 + + /** + * @brief PACBTI Security Feature with only PAC enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET 2 + + /** + * @brief PACBTI Security Feature with PAC + * and PAC for leaf functions support enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF 3 + + /** + * @brief PACBTI Security Feature Standard + Leaf Configuration + * (PAC enabled with leaf functions support, and BTI enabled). + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI 4 + + /** + * @brief PACBTI Security Feature with only BTI enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_BTI 5 + +#endif /* portPROCESSOR_VARIANT == 85 */ +/*-----------------------------------------------------------*/ + /* *INDENT-OFF* */ #ifdef __cplusplus } diff --git a/portable/IAR/ARM_CM35P_NTZ/non_secure/port.c b/portable/IAR/ARM_CM35P_NTZ/non_secure/port.c index 75e9ea9dd75..201b8291896 100644 --- a/portable/IAR/ARM_CM35P_NTZ/non_secure/port.c +++ b/portable/IAR/ARM_CM35P_NTZ/non_secure/port.c @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void ); #define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) ) #define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) ) #define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL ) +#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL ) /*-----------------------------------------------------------*/ /** @@ -373,6 +376,13 @@ typedef void ( * portISR_t )( void ); * any secure calls. */ #define portNO_SECURE_CONTEXT 0 + +/** + * @brief Constant required to check PACBTI security feature implementation. + */ +#if (portPROCESSOR_VARIANT == 85) + #define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) ) +#endif /* portPROCESSOR_VARIANT == 85 */ /*-----------------------------------------------------------*/ /** @@ -410,6 +420,16 @@ static void prvTaskExitError( void ); static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; #endif /* configENABLE_FPU */ +#if (portPROCESSOR_VARIANT == 85) + +/** + * @brief Enable/Disable pointer authentication, and/or branch target identification + * based on the selected configuration using the FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG CMake variable. + * Currently, only Cortex-M85 (ARMv8.1-M architecture based) target supports PACBTI security feature. + */ + static void prvConfigurePacBti ( void ); +#endif /* portPROCESSOR_VARIANT == 85 */ + /** * @brief Setup the timer to generate the tick interrupts. * @@ -1740,6 +1760,13 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */ portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR2_REG = 0; + #if (portPROCESSOR_VARIANT == 85) + { + /* Check and configure PACBTI security feature before starting the first task. */ + prvConfigurePacBti(); + } + #endif /* portPROCESSOR_VARIANT == 85 */ + #if ( configENABLE_MPU == 1 ) { /* Setup the Memory Protection Unit (MPU). */ @@ -2158,3 +2185,42 @@ BaseType_t xPortIsInsideInterrupt( void ) #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ /*-----------------------------------------------------------*/ + +#if (portPROCESSOR_VARIANT == 85) + static void prvConfigurePacBti ( void ) + { + #if defined ( portARM_V_8_1_M_PACBTI_CONFIG ) + uint32_t ulIdIsar5 = portID_ISAR5_REG; + configASSERT(ulIdIsar5 != 0x0); + + /* Enable UsageFault exception if the selected configuration is not portARM_V_8_1_M_PACBTI_CONFIG_NONE */ + #if ( portARM_V_8_1_M_PACBTI_CONFIG != portARM_V_8_1_M_PACBTI_CONFIG_NONE ) + portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; + #endif + + uint32_t ulControl; + #if ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_STANDARD ) || \ + ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI ) ) + /* Set UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ + ulControl = 0xF0; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET ) || \ + ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF ) ) + /* Set UPAC_EN, and PAC_EN control bits */ + ulControl = 0xC0; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_BTI ) + /* Set UBTI_EN, and BTI_EN control bits */ + ulControl = 0x30; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_NONE ) + /* Clear UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ + ulControl = 0x00; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #else + #error "Invalid portARM_V_8_1_M_PACBTI_CONFIG option chosen" + #endif + #endif + } +#endif /* portPROCESSOR_VARIANT == 85 */ +/*-----------------------------------------------------------*/ diff --git a/portable/IAR/ARM_CM35P_NTZ/non_secure/portmacro.h b/portable/IAR/ARM_CM35P_NTZ/non_secure/portmacro.h index 633da3a6d0b..c0d75edf580 100644 --- a/portable/IAR/ARM_CM35P_NTZ/non_secure/portmacro.h +++ b/portable/IAR/ARM_CM35P_NTZ/non_secure/portmacro.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -48,6 +50,7 @@ /** * Architecture specifics. */ +#define portPROCESSOR_VARIANT 35 #define portARCH_NAME "Cortex-M35P" #define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portARMV8M_MINOR_VERSION 0 diff --git a/portable/IAR/ARM_CM35P_NTZ/non_secure/portmacrocommon.h b/portable/IAR/ARM_CM35P_NTZ/non_secure/portmacrocommon.h index 3cf65761f96..aa2d7881100 100644 --- a/portable/IAR/ARM_CM35P_NTZ/non_secure/portmacrocommon.h +++ b/portable/IAR/ARM_CM35P_NTZ/non_secure/portmacrocommon.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -507,6 +509,44 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P #endif /* configUSE_PORT_OPTIMISED_TASK_SELECTION */ /*-----------------------------------------------------------*/ +#if (portPROCESSOR_VARIANT == 85) + + /** + * @brief PACBTI Security Feature Disabled + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_NONE 0 + + /** + * @brief PACBTI Security Feature Standard Configuration + * (PAC enabled without leaf functions support, and BTI enabled ). + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_STANDARD 1 + + /** + * @brief PACBTI Security Feature with only PAC enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET 2 + + /** + * @brief PACBTI Security Feature with PAC + * and PAC for leaf functions support enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF 3 + + /** + * @brief PACBTI Security Feature Standard + Leaf Configuration + * (PAC enabled with leaf functions support, and BTI enabled). + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI 4 + + /** + * @brief PACBTI Security Feature with only BTI enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_BTI 5 + +#endif /* portPROCESSOR_VARIANT == 85 */ +/*-----------------------------------------------------------*/ + /* *INDENT-OFF* */ #ifdef __cplusplus } diff --git a/portable/IAR/ARM_CM55/non_secure/port.c b/portable/IAR/ARM_CM55/non_secure/port.c index 75e9ea9dd75..201b8291896 100644 --- a/portable/IAR/ARM_CM55/non_secure/port.c +++ b/portable/IAR/ARM_CM55/non_secure/port.c @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void ); #define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) ) #define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) ) #define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL ) +#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL ) /*-----------------------------------------------------------*/ /** @@ -373,6 +376,13 @@ typedef void ( * portISR_t )( void ); * any secure calls. */ #define portNO_SECURE_CONTEXT 0 + +/** + * @brief Constant required to check PACBTI security feature implementation. + */ +#if (portPROCESSOR_VARIANT == 85) + #define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) ) +#endif /* portPROCESSOR_VARIANT == 85 */ /*-----------------------------------------------------------*/ /** @@ -410,6 +420,16 @@ static void prvTaskExitError( void ); static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; #endif /* configENABLE_FPU */ +#if (portPROCESSOR_VARIANT == 85) + +/** + * @brief Enable/Disable pointer authentication, and/or branch target identification + * based on the selected configuration using the FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG CMake variable. + * Currently, only Cortex-M85 (ARMv8.1-M architecture based) target supports PACBTI security feature. + */ + static void prvConfigurePacBti ( void ); +#endif /* portPROCESSOR_VARIANT == 85 */ + /** * @brief Setup the timer to generate the tick interrupts. * @@ -1740,6 +1760,13 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */ portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR2_REG = 0; + #if (portPROCESSOR_VARIANT == 85) + { + /* Check and configure PACBTI security feature before starting the first task. */ + prvConfigurePacBti(); + } + #endif /* portPROCESSOR_VARIANT == 85 */ + #if ( configENABLE_MPU == 1 ) { /* Setup the Memory Protection Unit (MPU). */ @@ -2158,3 +2185,42 @@ BaseType_t xPortIsInsideInterrupt( void ) #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ /*-----------------------------------------------------------*/ + +#if (portPROCESSOR_VARIANT == 85) + static void prvConfigurePacBti ( void ) + { + #if defined ( portARM_V_8_1_M_PACBTI_CONFIG ) + uint32_t ulIdIsar5 = portID_ISAR5_REG; + configASSERT(ulIdIsar5 != 0x0); + + /* Enable UsageFault exception if the selected configuration is not portARM_V_8_1_M_PACBTI_CONFIG_NONE */ + #if ( portARM_V_8_1_M_PACBTI_CONFIG != portARM_V_8_1_M_PACBTI_CONFIG_NONE ) + portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; + #endif + + uint32_t ulControl; + #if ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_STANDARD ) || \ + ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI ) ) + /* Set UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ + ulControl = 0xF0; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET ) || \ + ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF ) ) + /* Set UPAC_EN, and PAC_EN control bits */ + ulControl = 0xC0; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_BTI ) + /* Set UBTI_EN, and BTI_EN control bits */ + ulControl = 0x30; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_NONE ) + /* Clear UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ + ulControl = 0x00; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #else + #error "Invalid portARM_V_8_1_M_PACBTI_CONFIG option chosen" + #endif + #endif + } +#endif /* portPROCESSOR_VARIANT == 85 */ +/*-----------------------------------------------------------*/ diff --git a/portable/IAR/ARM_CM55/non_secure/portmacro.h b/portable/IAR/ARM_CM55/non_secure/portmacro.h index 95b17941313..49c98bd81df 100644 --- a/portable/IAR/ARM_CM55/non_secure/portmacro.h +++ b/portable/IAR/ARM_CM55/non_secure/portmacro.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -53,6 +55,7 @@ /** * Architecture specifics. */ +#define portPROCESSOR_VARIANT 55 #define portARCH_NAME "Cortex-M55" #define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portARMV8M_MINOR_VERSION 1 diff --git a/portable/IAR/ARM_CM55/non_secure/portmacrocommon.h b/portable/IAR/ARM_CM55/non_secure/portmacrocommon.h index 3cf65761f96..aa2d7881100 100644 --- a/portable/IAR/ARM_CM55/non_secure/portmacrocommon.h +++ b/portable/IAR/ARM_CM55/non_secure/portmacrocommon.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -507,6 +509,44 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P #endif /* configUSE_PORT_OPTIMISED_TASK_SELECTION */ /*-----------------------------------------------------------*/ +#if (portPROCESSOR_VARIANT == 85) + + /** + * @brief PACBTI Security Feature Disabled + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_NONE 0 + + /** + * @brief PACBTI Security Feature Standard Configuration + * (PAC enabled without leaf functions support, and BTI enabled ). + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_STANDARD 1 + + /** + * @brief PACBTI Security Feature with only PAC enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET 2 + + /** + * @brief PACBTI Security Feature with PAC + * and PAC for leaf functions support enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF 3 + + /** + * @brief PACBTI Security Feature Standard + Leaf Configuration + * (PAC enabled with leaf functions support, and BTI enabled). + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI 4 + + /** + * @brief PACBTI Security Feature with only BTI enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_BTI 5 + +#endif /* portPROCESSOR_VARIANT == 85 */ +/*-----------------------------------------------------------*/ + /* *INDENT-OFF* */ #ifdef __cplusplus } diff --git a/portable/IAR/ARM_CM55_NTZ/non_secure/port.c b/portable/IAR/ARM_CM55_NTZ/non_secure/port.c index 75e9ea9dd75..201b8291896 100644 --- a/portable/IAR/ARM_CM55_NTZ/non_secure/port.c +++ b/portable/IAR/ARM_CM55_NTZ/non_secure/port.c @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void ); #define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) ) #define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) ) #define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL ) +#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL ) /*-----------------------------------------------------------*/ /** @@ -373,6 +376,13 @@ typedef void ( * portISR_t )( void ); * any secure calls. */ #define portNO_SECURE_CONTEXT 0 + +/** + * @brief Constant required to check PACBTI security feature implementation. + */ +#if (portPROCESSOR_VARIANT == 85) + #define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) ) +#endif /* portPROCESSOR_VARIANT == 85 */ /*-----------------------------------------------------------*/ /** @@ -410,6 +420,16 @@ static void prvTaskExitError( void ); static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; #endif /* configENABLE_FPU */ +#if (portPROCESSOR_VARIANT == 85) + +/** + * @brief Enable/Disable pointer authentication, and/or branch target identification + * based on the selected configuration using the FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG CMake variable. + * Currently, only Cortex-M85 (ARMv8.1-M architecture based) target supports PACBTI security feature. + */ + static void prvConfigurePacBti ( void ); +#endif /* portPROCESSOR_VARIANT == 85 */ + /** * @brief Setup the timer to generate the tick interrupts. * @@ -1740,6 +1760,13 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */ portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR2_REG = 0; + #if (portPROCESSOR_VARIANT == 85) + { + /* Check and configure PACBTI security feature before starting the first task. */ + prvConfigurePacBti(); + } + #endif /* portPROCESSOR_VARIANT == 85 */ + #if ( configENABLE_MPU == 1 ) { /* Setup the Memory Protection Unit (MPU). */ @@ -2158,3 +2185,42 @@ BaseType_t xPortIsInsideInterrupt( void ) #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ /*-----------------------------------------------------------*/ + +#if (portPROCESSOR_VARIANT == 85) + static void prvConfigurePacBti ( void ) + { + #if defined ( portARM_V_8_1_M_PACBTI_CONFIG ) + uint32_t ulIdIsar5 = portID_ISAR5_REG; + configASSERT(ulIdIsar5 != 0x0); + + /* Enable UsageFault exception if the selected configuration is not portARM_V_8_1_M_PACBTI_CONFIG_NONE */ + #if ( portARM_V_8_1_M_PACBTI_CONFIG != portARM_V_8_1_M_PACBTI_CONFIG_NONE ) + portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; + #endif + + uint32_t ulControl; + #if ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_STANDARD ) || \ + ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI ) ) + /* Set UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ + ulControl = 0xF0; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET ) || \ + ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF ) ) + /* Set UPAC_EN, and PAC_EN control bits */ + ulControl = 0xC0; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_BTI ) + /* Set UBTI_EN, and BTI_EN control bits */ + ulControl = 0x30; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_NONE ) + /* Clear UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ + ulControl = 0x00; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #else + #error "Invalid portARM_V_8_1_M_PACBTI_CONFIG option chosen" + #endif + #endif + } +#endif /* portPROCESSOR_VARIANT == 85 */ +/*-----------------------------------------------------------*/ diff --git a/portable/IAR/ARM_CM55_NTZ/non_secure/portmacro.h b/portable/IAR/ARM_CM55_NTZ/non_secure/portmacro.h index 95b17941313..49c98bd81df 100644 --- a/portable/IAR/ARM_CM55_NTZ/non_secure/portmacro.h +++ b/portable/IAR/ARM_CM55_NTZ/non_secure/portmacro.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -53,6 +55,7 @@ /** * Architecture specifics. */ +#define portPROCESSOR_VARIANT 55 #define portARCH_NAME "Cortex-M55" #define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portARMV8M_MINOR_VERSION 1 diff --git a/portable/IAR/ARM_CM55_NTZ/non_secure/portmacrocommon.h b/portable/IAR/ARM_CM55_NTZ/non_secure/portmacrocommon.h index 3cf65761f96..aa2d7881100 100644 --- a/portable/IAR/ARM_CM55_NTZ/non_secure/portmacrocommon.h +++ b/portable/IAR/ARM_CM55_NTZ/non_secure/portmacrocommon.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -507,6 +509,44 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P #endif /* configUSE_PORT_OPTIMISED_TASK_SELECTION */ /*-----------------------------------------------------------*/ +#if (portPROCESSOR_VARIANT == 85) + + /** + * @brief PACBTI Security Feature Disabled + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_NONE 0 + + /** + * @brief PACBTI Security Feature Standard Configuration + * (PAC enabled without leaf functions support, and BTI enabled ). + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_STANDARD 1 + + /** + * @brief PACBTI Security Feature with only PAC enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET 2 + + /** + * @brief PACBTI Security Feature with PAC + * and PAC for leaf functions support enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF 3 + + /** + * @brief PACBTI Security Feature Standard + Leaf Configuration + * (PAC enabled with leaf functions support, and BTI enabled). + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI 4 + + /** + * @brief PACBTI Security Feature with only BTI enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_BTI 5 + +#endif /* portPROCESSOR_VARIANT == 85 */ +/*-----------------------------------------------------------*/ + /* *INDENT-OFF* */ #ifdef __cplusplus } diff --git a/portable/IAR/ARM_CM85/non_secure/port.c b/portable/IAR/ARM_CM85/non_secure/port.c index 75e9ea9dd75..201b8291896 100644 --- a/portable/IAR/ARM_CM85/non_secure/port.c +++ b/portable/IAR/ARM_CM85/non_secure/port.c @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void ); #define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) ) #define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) ) #define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL ) +#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL ) /*-----------------------------------------------------------*/ /** @@ -373,6 +376,13 @@ typedef void ( * portISR_t )( void ); * any secure calls. */ #define portNO_SECURE_CONTEXT 0 + +/** + * @brief Constant required to check PACBTI security feature implementation. + */ +#if (portPROCESSOR_VARIANT == 85) + #define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) ) +#endif /* portPROCESSOR_VARIANT == 85 */ /*-----------------------------------------------------------*/ /** @@ -410,6 +420,16 @@ static void prvTaskExitError( void ); static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; #endif /* configENABLE_FPU */ +#if (portPROCESSOR_VARIANT == 85) + +/** + * @brief Enable/Disable pointer authentication, and/or branch target identification + * based on the selected configuration using the FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG CMake variable. + * Currently, only Cortex-M85 (ARMv8.1-M architecture based) target supports PACBTI security feature. + */ + static void prvConfigurePacBti ( void ); +#endif /* portPROCESSOR_VARIANT == 85 */ + /** * @brief Setup the timer to generate the tick interrupts. * @@ -1740,6 +1760,13 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */ portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR2_REG = 0; + #if (portPROCESSOR_VARIANT == 85) + { + /* Check and configure PACBTI security feature before starting the first task. */ + prvConfigurePacBti(); + } + #endif /* portPROCESSOR_VARIANT == 85 */ + #if ( configENABLE_MPU == 1 ) { /* Setup the Memory Protection Unit (MPU). */ @@ -2158,3 +2185,42 @@ BaseType_t xPortIsInsideInterrupt( void ) #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ /*-----------------------------------------------------------*/ + +#if (portPROCESSOR_VARIANT == 85) + static void prvConfigurePacBti ( void ) + { + #if defined ( portARM_V_8_1_M_PACBTI_CONFIG ) + uint32_t ulIdIsar5 = portID_ISAR5_REG; + configASSERT(ulIdIsar5 != 0x0); + + /* Enable UsageFault exception if the selected configuration is not portARM_V_8_1_M_PACBTI_CONFIG_NONE */ + #if ( portARM_V_8_1_M_PACBTI_CONFIG != portARM_V_8_1_M_PACBTI_CONFIG_NONE ) + portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; + #endif + + uint32_t ulControl; + #if ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_STANDARD ) || \ + ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI ) ) + /* Set UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ + ulControl = 0xF0; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET ) || \ + ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF ) ) + /* Set UPAC_EN, and PAC_EN control bits */ + ulControl = 0xC0; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_BTI ) + /* Set UBTI_EN, and BTI_EN control bits */ + ulControl = 0x30; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_NONE ) + /* Clear UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ + ulControl = 0x00; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #else + #error "Invalid portARM_V_8_1_M_PACBTI_CONFIG option chosen" + #endif + #endif + } +#endif /* portPROCESSOR_VARIANT == 85 */ +/*-----------------------------------------------------------*/ diff --git a/portable/IAR/ARM_CM85/non_secure/portmacro.h b/portable/IAR/ARM_CM85/non_secure/portmacro.h index efde68dc2c2..8b51e874f37 100644 --- a/portable/IAR/ARM_CM85/non_secure/portmacro.h +++ b/portable/IAR/ARM_CM85/non_secure/portmacro.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -53,6 +55,7 @@ /** * Architecture specifics. */ +#define portPROCESSOR_VARIANT 85 #define portARCH_NAME "Cortex-M85" #define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portARMV8M_MINOR_VERSION 1 diff --git a/portable/IAR/ARM_CM85/non_secure/portmacrocommon.h b/portable/IAR/ARM_CM85/non_secure/portmacrocommon.h index 3cf65761f96..aa2d7881100 100644 --- a/portable/IAR/ARM_CM85/non_secure/portmacrocommon.h +++ b/portable/IAR/ARM_CM85/non_secure/portmacrocommon.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -507,6 +509,44 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P #endif /* configUSE_PORT_OPTIMISED_TASK_SELECTION */ /*-----------------------------------------------------------*/ +#if (portPROCESSOR_VARIANT == 85) + + /** + * @brief PACBTI Security Feature Disabled + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_NONE 0 + + /** + * @brief PACBTI Security Feature Standard Configuration + * (PAC enabled without leaf functions support, and BTI enabled ). + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_STANDARD 1 + + /** + * @brief PACBTI Security Feature with only PAC enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET 2 + + /** + * @brief PACBTI Security Feature with PAC + * and PAC for leaf functions support enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF 3 + + /** + * @brief PACBTI Security Feature Standard + Leaf Configuration + * (PAC enabled with leaf functions support, and BTI enabled). + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI 4 + + /** + * @brief PACBTI Security Feature with only BTI enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_BTI 5 + +#endif /* portPROCESSOR_VARIANT == 85 */ +/*-----------------------------------------------------------*/ + /* *INDENT-OFF* */ #ifdef __cplusplus } diff --git a/portable/IAR/ARM_CM85_NTZ/non_secure/port.c b/portable/IAR/ARM_CM85_NTZ/non_secure/port.c index 75e9ea9dd75..201b8291896 100644 --- a/portable/IAR/ARM_CM85_NTZ/non_secure/port.c +++ b/portable/IAR/ARM_CM85_NTZ/non_secure/port.c @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -110,6 +112,7 @@ typedef void ( * portISR_t )( void ); #define portSCB_VTOR_REG ( *( ( portISR_t ** ) 0xe000ed08 ) ) #define portSCB_SYS_HANDLER_CTRL_STATE_REG ( *( ( volatile uint32_t * ) 0xe000ed24 ) ) #define portSCB_MEM_FAULT_ENABLE_BIT ( 1UL << 16UL ) +#define portSCB_USG_FAULT_ENABLE_BIT ( 1UL << 18UL ) /*-----------------------------------------------------------*/ /** @@ -373,6 +376,13 @@ typedef void ( * portISR_t )( void ); * any secure calls. */ #define portNO_SECURE_CONTEXT 0 + +/** + * @brief Constant required to check PACBTI security feature implementation. + */ +#if (portPROCESSOR_VARIANT == 85) + #define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) ) +#endif /* portPROCESSOR_VARIANT == 85 */ /*-----------------------------------------------------------*/ /** @@ -410,6 +420,16 @@ static void prvTaskExitError( void ); static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; #endif /* configENABLE_FPU */ +#if (portPROCESSOR_VARIANT == 85) + +/** + * @brief Enable/Disable pointer authentication, and/or branch target identification + * based on the selected configuration using the FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG CMake variable. + * Currently, only Cortex-M85 (ARMv8.1-M architecture based) target supports PACBTI security feature. + */ + static void prvConfigurePacBti ( void ); +#endif /* portPROCESSOR_VARIANT == 85 */ + /** * @brief Setup the timer to generate the tick interrupts. * @@ -1740,6 +1760,13 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */ portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR2_REG = 0; + #if (portPROCESSOR_VARIANT == 85) + { + /* Check and configure PACBTI security feature before starting the first task. */ + prvConfigurePacBti(); + } + #endif /* portPROCESSOR_VARIANT == 85 */ + #if ( configENABLE_MPU == 1 ) { /* Setup the Memory Protection Unit (MPU). */ @@ -2158,3 +2185,42 @@ BaseType_t xPortIsInsideInterrupt( void ) #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ /*-----------------------------------------------------------*/ + +#if (portPROCESSOR_VARIANT == 85) + static void prvConfigurePacBti ( void ) + { + #if defined ( portARM_V_8_1_M_PACBTI_CONFIG ) + uint32_t ulIdIsar5 = portID_ISAR5_REG; + configASSERT(ulIdIsar5 != 0x0); + + /* Enable UsageFault exception if the selected configuration is not portARM_V_8_1_M_PACBTI_CONFIG_NONE */ + #if ( portARM_V_8_1_M_PACBTI_CONFIG != portARM_V_8_1_M_PACBTI_CONFIG_NONE ) + portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; + #endif + + uint32_t ulControl; + #if ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_STANDARD ) || \ + ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI ) ) + /* Set UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ + ulControl = 0xF0; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET ) || \ + ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF ) ) + /* Set UPAC_EN, and PAC_EN control bits */ + ulControl = 0xC0; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_BTI ) + /* Set UBTI_EN, and BTI_EN control bits */ + ulControl = 0x30; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_NONE ) + /* Clear UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ + ulControl = 0x00; + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + #else + #error "Invalid portARM_V_8_1_M_PACBTI_CONFIG option chosen" + #endif + #endif + } +#endif /* portPROCESSOR_VARIANT == 85 */ +/*-----------------------------------------------------------*/ diff --git a/portable/IAR/ARM_CM85_NTZ/non_secure/portmacro.h b/portable/IAR/ARM_CM85_NTZ/non_secure/portmacro.h index efde68dc2c2..8b51e874f37 100644 --- a/portable/IAR/ARM_CM85_NTZ/non_secure/portmacro.h +++ b/portable/IAR/ARM_CM85_NTZ/non_secure/portmacro.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -53,6 +55,7 @@ /** * Architecture specifics. */ +#define portPROCESSOR_VARIANT 85 #define portARCH_NAME "Cortex-M85" #define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portARMV8M_MINOR_VERSION 1 diff --git a/portable/IAR/ARM_CM85_NTZ/non_secure/portmacrocommon.h b/portable/IAR/ARM_CM85_NTZ/non_secure/portmacrocommon.h index 3cf65761f96..aa2d7881100 100644 --- a/portable/IAR/ARM_CM85_NTZ/non_secure/portmacrocommon.h +++ b/portable/IAR/ARM_CM85_NTZ/non_secure/portmacrocommon.h @@ -1,6 +1,8 @@ /* * FreeRTOS Kernel * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright 2024 Arm Limited and/or its affiliates + * * * SPDX-License-Identifier: MIT * @@ -507,6 +509,44 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P #endif /* configUSE_PORT_OPTIMISED_TASK_SELECTION */ /*-----------------------------------------------------------*/ +#if (portPROCESSOR_VARIANT == 85) + + /** + * @brief PACBTI Security Feature Disabled + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_NONE 0 + + /** + * @brief PACBTI Security Feature Standard Configuration + * (PAC enabled without leaf functions support, and BTI enabled ). + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_STANDARD 1 + + /** + * @brief PACBTI Security Feature with only PAC enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET 2 + + /** + * @brief PACBTI Security Feature with PAC + * and PAC for leaf functions support enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF 3 + + /** + * @brief PACBTI Security Feature Standard + Leaf Configuration + * (PAC enabled with leaf functions support, and BTI enabled). + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI 4 + + /** + * @brief PACBTI Security Feature with only BTI enabled. + */ + #define portARM_V_8_1_M_PACBTI_CONFIG_BTI 5 + +#endif /* portPROCESSOR_VARIANT == 85 */ +/*-----------------------------------------------------------*/ + /* *INDENT-OFF* */ #ifdef __cplusplus }