From 74bbc300bdd601764971488e02dc214017ebe07a Mon Sep 17 00:00:00 2001 From: Gaurav Aggarwal Date: Wed, 16 Oct 2024 10:19:38 +0000 Subject: [PATCH] Code review suggestions Signed-off-by: Gaurav Aggarwal --- portable/ARMv8M/non_secure/port.c | 123 ++++++++++-------- .../portable/GCC/ARM_CM23/portmacro.h | 2 +- .../portable/GCC/ARM_CM23_NTZ/portmacro.h | 2 +- .../portable/GCC/ARM_CM33/portasm.c | 5 +- .../portable/GCC/ARM_CM33/portmacro.h | 2 +- .../portable/GCC/ARM_CM33_NTZ/portasm.c | 2 +- .../portable/GCC/ARM_CM33_NTZ/portmacro.h | 2 +- .../portable/GCC/ARM_CM35P/portmacro.h | 2 +- .../portable/GCC/ARM_CM55/portmacro.h | 2 +- .../portable/GCC/ARM_CM85/portmacro.h | 2 +- .../portable/IAR/ARM_CM23/portmacro.h | 2 +- .../portable/IAR/ARM_CM23_NTZ/portmacro.h | 2 +- .../portable/IAR/ARM_CM33/portasm.s | 5 +- .../portable/IAR/ARM_CM33/portmacro.h | 2 +- .../portable/IAR/ARM_CM33_NTZ/portasm.s | 2 +- .../portable/IAR/ARM_CM33_NTZ/portmacro.h | 2 +- .../portable/IAR/ARM_CM35P/portmacro.h | 2 +- .../portable/IAR/ARM_CM55/portmacro.h | 2 +- .../portable/IAR/ARM_CM85/portmacro.h | 2 +- portable/ARMv8M/non_secure/portmacrocommon.h | 49 ++----- portable/GCC/ARM_CM23/non_secure/port.c | 123 ++++++++++-------- portable/GCC/ARM_CM23/non_secure/portmacro.h | 2 +- .../GCC/ARM_CM23/non_secure/portmacrocommon.h | 49 ++----- portable/GCC/ARM_CM23_NTZ/non_secure/port.c | 123 ++++++++++-------- .../GCC/ARM_CM23_NTZ/non_secure/portmacro.h | 2 +- .../ARM_CM23_NTZ/non_secure/portmacrocommon.h | 49 ++----- portable/GCC/ARM_CM33/non_secure/port.c | 123 ++++++++++-------- portable/GCC/ARM_CM33/non_secure/portasm.c | 5 +- portable/GCC/ARM_CM33/non_secure/portmacro.h | 2 +- .../GCC/ARM_CM33/non_secure/portmacrocommon.h | 49 ++----- portable/GCC/ARM_CM33_NTZ/non_secure/port.c | 123 ++++++++++-------- .../GCC/ARM_CM33_NTZ/non_secure/portasm.c | 2 +- .../GCC/ARM_CM33_NTZ/non_secure/portmacro.h | 2 +- .../ARM_CM33_NTZ/non_secure/portmacrocommon.h | 49 ++----- portable/GCC/ARM_CM35P/non_secure/port.c | 123 ++++++++++-------- portable/GCC/ARM_CM35P/non_secure/portasm.c | 5 +- portable/GCC/ARM_CM35P/non_secure/portmacro.h | 2 +- .../ARM_CM35P/non_secure/portmacrocommon.h | 49 ++----- portable/GCC/ARM_CM35P_NTZ/non_secure/port.c | 123 ++++++++++-------- .../GCC/ARM_CM35P_NTZ/non_secure/portasm.c | 2 +- .../GCC/ARM_CM35P_NTZ/non_secure/portmacro.h | 2 +- .../non_secure/portmacrocommon.h | 49 ++----- portable/GCC/ARM_CM55/non_secure/port.c | 123 ++++++++++-------- portable/GCC/ARM_CM55/non_secure/portasm.c | 5 +- portable/GCC/ARM_CM55/non_secure/portmacro.h | 2 +- .../GCC/ARM_CM55/non_secure/portmacrocommon.h | 49 ++----- portable/GCC/ARM_CM55_NTZ/non_secure/port.c | 123 ++++++++++-------- .../GCC/ARM_CM55_NTZ/non_secure/portasm.c | 2 +- .../GCC/ARM_CM55_NTZ/non_secure/portmacro.h | 2 +- .../ARM_CM55_NTZ/non_secure/portmacrocommon.h | 49 ++----- portable/GCC/ARM_CM85/non_secure/port.c | 123 ++++++++++-------- portable/GCC/ARM_CM85/non_secure/portasm.c | 5 +- portable/GCC/ARM_CM85/non_secure/portmacro.h | 2 +- .../GCC/ARM_CM85/non_secure/portmacrocommon.h | 49 ++----- portable/GCC/ARM_CM85_NTZ/non_secure/port.c | 123 ++++++++++-------- .../GCC/ARM_CM85_NTZ/non_secure/portasm.c | 2 +- .../GCC/ARM_CM85_NTZ/non_secure/portmacro.h | 2 +- .../ARM_CM85_NTZ/non_secure/portmacrocommon.h | 49 ++----- portable/IAR/ARM_CM23/non_secure/port.c | 123 ++++++++++-------- portable/IAR/ARM_CM23/non_secure/portmacro.h | 2 +- .../IAR/ARM_CM23/non_secure/portmacrocommon.h | 49 ++----- portable/IAR/ARM_CM23_NTZ/non_secure/port.c | 123 ++++++++++-------- .../IAR/ARM_CM23_NTZ/non_secure/portmacro.h | 2 +- .../ARM_CM23_NTZ/non_secure/portmacrocommon.h | 49 ++----- portable/IAR/ARM_CM33/non_secure/port.c | 123 ++++++++++-------- portable/IAR/ARM_CM33/non_secure/portasm.s | 5 +- portable/IAR/ARM_CM33/non_secure/portmacro.h | 2 +- .../IAR/ARM_CM33/non_secure/portmacrocommon.h | 49 ++----- portable/IAR/ARM_CM33_NTZ/non_secure/port.c | 123 ++++++++++-------- .../IAR/ARM_CM33_NTZ/non_secure/portasm.s | 2 +- .../IAR/ARM_CM33_NTZ/non_secure/portmacro.h | 2 +- .../ARM_CM33_NTZ/non_secure/portmacrocommon.h | 49 ++----- portable/IAR/ARM_CM35P/non_secure/port.c | 123 ++++++++++-------- portable/IAR/ARM_CM35P/non_secure/portasm.s | 5 +- portable/IAR/ARM_CM35P/non_secure/portmacro.h | 2 +- .../ARM_CM35P/non_secure/portmacrocommon.h | 49 ++----- portable/IAR/ARM_CM35P_NTZ/non_secure/port.c | 123 ++++++++++-------- .../IAR/ARM_CM35P_NTZ/non_secure/portasm.s | 2 +- .../IAR/ARM_CM35P_NTZ/non_secure/portmacro.h | 2 +- .../non_secure/portmacrocommon.h | 49 ++----- portable/IAR/ARM_CM55/non_secure/port.c | 123 ++++++++++-------- portable/IAR/ARM_CM55/non_secure/portasm.s | 5 +- portable/IAR/ARM_CM55/non_secure/portmacro.h | 2 +- .../IAR/ARM_CM55/non_secure/portmacrocommon.h | 49 ++----- portable/IAR/ARM_CM55_NTZ/non_secure/port.c | 123 ++++++++++-------- .../IAR/ARM_CM55_NTZ/non_secure/portasm.s | 2 +- .../IAR/ARM_CM55_NTZ/non_secure/portmacro.h | 2 +- .../ARM_CM55_NTZ/non_secure/portmacrocommon.h | 49 ++----- portable/IAR/ARM_CM85/non_secure/port.c | 123 ++++++++++-------- portable/IAR/ARM_CM85/non_secure/portasm.s | 5 +- portable/IAR/ARM_CM85/non_secure/portmacro.h | 2 +- .../IAR/ARM_CM85/non_secure/portmacrocommon.h | 49 ++----- portable/IAR/ARM_CM85_NTZ/non_secure/port.c | 123 ++++++++++-------- .../IAR/ARM_CM85_NTZ/non_secure/portasm.s | 2 +- .../IAR/ARM_CM85_NTZ/non_secure/portmacro.h | 2 +- .../ARM_CM85_NTZ/non_secure/portmacrocommon.h | 49 ++----- 96 files changed, 1712 insertions(+), 2038 deletions(-) diff --git a/portable/ARMv8M/non_secure/port.c b/portable/ARMv8M/non_secure/port.c index 58b2b835d..dfdbbcb1b 100644 --- a/portable/ARMv8M/non_secure/port.c +++ b/portable/ARMv8M/non_secure/port.c @@ -378,11 +378,18 @@ typedef void ( * portISR_t )( void ); #define portNO_SECURE_CONTEXT 0 /** - * @brief Constant required to check PACBTI security feature implementation. + * @brief Constants required to check and configure PACBTI security feature implementation. */ -#if (portPROCESSOR_VARIANT == 85) +#if ( portHAS_PACBTI_FEATURE == 1 ) + #define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) ) -#endif /* portPROCESSOR_VARIANT == 85 */ + + #define portCONTROL_UPAC_EN ( 1UL << 7UL ) + #define portCONTROL_PAC_EN ( 1UL << 6UL ) + #define portCONTROL_UBTI_EN ( 1UL << 5UL ) + #define portCONTROL_BTI_EN ( 1UL << 4UL ) + +#endif /* portHAS_PACBTI_FEATURE */ /*-----------------------------------------------------------*/ /** @@ -420,22 +427,25 @@ static void prvTaskExitError( void ); static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; #endif /* configENABLE_FPU */ -#if (portPROCESSOR_VARIANT == 85) +#if ( portHAS_PACBTI_FEATURE == 1 ) /** - * @brief Checks the pointer authentication, and branch target identification security feature - * configuration based on the selected option using the FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG CMake variable, - * returns the value of the special purpose control register accordingly, and optionally updates - * the Control register value. Currently, only Cortex-M85 (ARMv8.1-M architecture based) - * target supports PACBTI security feature. + * @brief Configures PACBTI features. + * + * This functions configrues the Pointer Authentication, and Branch Target + * Identification security features as per the user configuration. It returns + * the value of the special purpose CONTROL register accordingly, and optionally + * updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M + * architecture based) target supports PACBTI security feature. * - * @param xWriteControlRegister used to control whether the special purpose Control register - * should be updated or not. + * @param xWriteControlRegister Used to control whether the special purpose + * CONTROL register should be updated or not. * - * @return Control register value according to the configured PACBTI option. + * @return CONTROL register value according to the configured PACBTI option. */ - static uint32_t prvCheckAndConfigPacBti ( BaseType_t xWriteControlRegister ); -#endif /* portPROCESSOR_VARIANT == 85 */ + static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister ); + +#endif /* portHAS_PACBTI_FEATURE */ /** * @brief Setup the timer to generate the tick interrupts. @@ -1484,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */ { uint32_t ulIndex = 0; + uint32_t ulControl = 0x0; xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */ ulIndex++; @@ -1530,13 +1541,14 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */ ulIndex++; - uint32_t ulControl = 0x0; - #if (portPROCESSOR_VARIANT == 85) + #if ( portHAS_PACBTI_FEATURE == 1 ) { - /* Check PACBTI security feature configuration before pushing the control register's value on task's TCB. */ - ulControl = prvCheckAndConfigPacBti(pdFALSE); + /* Check PACBTI security feature configuration before pushing the + * CONTROL register's value on task's TCB. */ + ulControl = prvConfigurePACBTI( pdFALSE ); } - #endif /* portPROCESSOR_VARIANT == 85 */ + #endif /* portHAS_PACBTI_FEATURE */ + if( xRunPrivileged == pdTRUE ) { xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG; @@ -1774,12 +1786,13 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */ portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR2_REG = 0; - #if (portPROCESSOR_VARIANT == 85) + #if ( portHAS_PACBTI_FEATURE == 1 ) { - /* Set the Control register value based on PACBTI security feature configuration before starting the first task. */ - ( void) prvCheckAndConfigPacBti(pdTRUE); + /* Set the CONTROL register value based on PACBTI security feature + * configuration before starting the first task. */ + ( void) prvConfigurePACBTI( pdTRUE ); } - #endif /* portPROCESSOR_VARIANT == 85 */ + #endif /* portHAS_PACBTI_FEATURE */ #if ( configENABLE_MPU == 1 ) { @@ -2200,43 +2213,41 @@ BaseType_t xPortIsInsideInterrupt( void ) #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ /*-----------------------------------------------------------*/ -#if (portPROCESSOR_VARIANT == 85) - static uint32_t prvCheckAndConfigPacBti ( BaseType_t xWriteControlRegister ) +#if ( portHAS_PACBTI_FEATURE == 1 ) + + static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister ) { - #if defined ( portARM_V_8_1_M_PACBTI_CONFIG ) - uint32_t ulIdIsar5 = portID_ISAR5_REG; - configASSERT(ulIdIsar5 != 0x0); + uint32_t ulControl = 0x0; - /* Enable UsageFault exception if the selected configuration is not portARM_V_8_1_M_PACBTI_CONFIG_NONE */ - #if ( portARM_V_8_1_M_PACBTI_CONFIG != portARM_V_8_1_M_PACBTI_CONFIG_NONE ) - portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; - #endif + /* Ensure that PACBTI is implemented. */ + configASSERT( portID_ISAR5_REG != 0x0 ); - uint32_t ulControl = 0x0; - #if ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_STANDARD ) || \ - ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI ) ) - /* Set UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits to one */ - ulControl = 0xF0; - #elif ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET ) || \ - ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF ) ) - /* Set UPAC_EN, and PAC_EN control bits to one */ - ulControl = 0xC0; - #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_BTI ) - /* Set UBTI_EN, and BTI_EN control bits to one */ - ulControl = 0x30; - #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_NONE ) - /* Clear UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ - ulControl = 0x00; - #else - #error "Invalid portARM_V_8_1_M_PACBTI_CONFIG option chosen" - #endif - if ( xWriteControlRegister == pdTRUE ) - { - __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); - } + /* Enable UsageFault exception if PAC or BTI is enabled. */ + #if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) ) + { + portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; + } + #endif + + #if( configENABLE_PAC == 1 ) + { + ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN ); + } + #endif - return ulControl; + #if( configENABLE_BTI == 1 ) + { + ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN ); + } #endif + + if( xWriteControlRegister == pdTRUE ) + { + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + } + + return ulControl; } -#endif /* portPROCESSOR_VARIANT == 85 */ + +#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */ /*-----------------------------------------------------------*/ diff --git a/portable/ARMv8M/non_secure/portable/GCC/ARM_CM23/portmacro.h b/portable/ARMv8M/non_secure/portable/GCC/ARM_CM23/portmacro.h index 52869c711..5acf8160f 100644 --- a/portable/ARMv8M/non_secure/portable/GCC/ARM_CM23/portmacro.h +++ b/portable/ARMv8M/non_secure/portable/GCC/ARM_CM23/portmacro.h @@ -50,10 +50,10 @@ /** * Architecture specifics. */ -#define portPROCESSOR_VARIANT 23 #define portARCH_NAME "Cortex-M23" #define portHAS_ARMV8M_MAIN_EXTENSION 0 #define portARMV8M_MINOR_VERSION 0 +#define portHAS_PACBTI_FEATURE 0 #define portDONT_DISCARD __attribute__( ( used ) ) /*-----------------------------------------------------------*/ diff --git a/portable/ARMv8M/non_secure/portable/GCC/ARM_CM23_NTZ/portmacro.h b/portable/ARMv8M/non_secure/portable/GCC/ARM_CM23_NTZ/portmacro.h index 52869c711..5acf8160f 100644 --- a/portable/ARMv8M/non_secure/portable/GCC/ARM_CM23_NTZ/portmacro.h +++ b/portable/ARMv8M/non_secure/portable/GCC/ARM_CM23_NTZ/portmacro.h @@ -50,10 +50,10 @@ /** * Architecture specifics. */ -#define portPROCESSOR_VARIANT 23 #define portARCH_NAME "Cortex-M23" #define portHAS_ARMV8M_MAIN_EXTENSION 0 #define portARMV8M_MINOR_VERSION 0 +#define portHAS_PACBTI_FEATURE 0 #define portDONT_DISCARD __attribute__( ( used ) ) /*-----------------------------------------------------------*/ diff --git a/portable/ARMv8M/non_secure/portable/GCC/ARM_CM33/portasm.c b/portable/ARMv8M/non_secure/portable/GCC/ARM_CM33/portasm.c index aa9379fdf..1f64cca73 100644 --- a/portable/ARMv8M/non_secure/portable/GCC/ARM_CM33/portasm.c +++ b/portable/ARMv8M/non_secure/portable/GCC/ARM_CM33/portasm.c @@ -134,8 +134,9 @@ " ldr r4, =xSecureContext \n" " str r1, [r4] \n" /* Set xSecureContext to this task's value for the same. */ " msr psplim, r2 \n" /* Set this task's PSPLIM value. */ - " movs r1, #2 \n" /* r1 = 2. */ - " msr CONTROL, r1 \n" /* Switch to use PSP in the thread mode. */ + " mrs r1, control \n" /* Obtain current control register value. */ + " orrs r1, r1, #2 \n" /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointer (PSP). */ + " msr control, r1 \n" /* Write back the new control register value. */ " adds r0, #32 \n" /* Discard everything up to r0. */ " msr psp, r0 \n" /* This is now the new top of stack to use in the task. */ " isb \n" diff --git a/portable/ARMv8M/non_secure/portable/GCC/ARM_CM33/portmacro.h b/portable/ARMv8M/non_secure/portable/GCC/ARM_CM33/portmacro.h index f87128731..452a43655 100644 --- a/portable/ARMv8M/non_secure/portable/GCC/ARM_CM33/portmacro.h +++ b/portable/ARMv8M/non_secure/portable/GCC/ARM_CM33/portmacro.h @@ -50,10 +50,10 @@ /** * Architecture specifics. */ -#define portPROCESSOR_VARIANT 33 #define portARCH_NAME "Cortex-M33" #define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portARMV8M_MINOR_VERSION 0 +#define portHAS_PACBTI_FEATURE 0 #define portDONT_DISCARD __attribute__( ( used ) ) /*-----------------------------------------------------------*/ diff --git a/portable/ARMv8M/non_secure/portable/GCC/ARM_CM33_NTZ/portasm.c b/portable/ARMv8M/non_secure/portable/GCC/ARM_CM33_NTZ/portasm.c index dd755e462..47996cd9e 100644 --- a/portable/ARMv8M/non_secure/portable/GCC/ARM_CM33_NTZ/portasm.c +++ b/portable/ARMv8M/non_secure/portable/GCC/ARM_CM33_NTZ/portasm.c @@ -133,7 +133,7 @@ " ldm r0!, {r1-r2} \n" /* Read from stack - r1 = PSPLIM and r2 = EXC_RETURN. */ " msr psplim, r1 \n" /* Set this task's PSPLIM value. */ " mrs r1, control \n" /* Obtain current control register value. */ - " orrs r1, r1, #2 \n" /* r1 = r1 | 0x2 - Setting the second bit to use the program stack pointer (PSP). */ + " orrs r1, r1, #2 \n" /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointer (PSP). */ " msr control, r1 \n" /* Write back the new control register value. */ " adds r0, #32 \n" /* Discard everything up to r0. */ " msr psp, r0 \n" /* This is now the new top of stack to use in the task. */ diff --git a/portable/ARMv8M/non_secure/portable/GCC/ARM_CM33_NTZ/portmacro.h b/portable/ARMv8M/non_secure/portable/GCC/ARM_CM33_NTZ/portmacro.h index f87128731..452a43655 100644 --- a/portable/ARMv8M/non_secure/portable/GCC/ARM_CM33_NTZ/portmacro.h +++ b/portable/ARMv8M/non_secure/portable/GCC/ARM_CM33_NTZ/portmacro.h @@ -50,10 +50,10 @@ /** * Architecture specifics. */ -#define portPROCESSOR_VARIANT 33 #define portARCH_NAME "Cortex-M33" #define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portARMV8M_MINOR_VERSION 0 +#define portHAS_PACBTI_FEATURE 0 #define portDONT_DISCARD __attribute__( ( used ) ) /*-----------------------------------------------------------*/ diff --git a/portable/ARMv8M/non_secure/portable/GCC/ARM_CM35P/portmacro.h b/portable/ARMv8M/non_secure/portable/GCC/ARM_CM35P/portmacro.h index 3c1387f1d..82b84f92a 100644 --- a/portable/ARMv8M/non_secure/portable/GCC/ARM_CM35P/portmacro.h +++ b/portable/ARMv8M/non_secure/portable/GCC/ARM_CM35P/portmacro.h @@ -50,10 +50,10 @@ /** * Architecture specifics. */ -#define portPROCESSOR_VARIANT 35 #define portARCH_NAME "Cortex-M35P" #define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portARMV8M_MINOR_VERSION 0 +#define portHAS_PACBTI_FEATURE 0 #define portDONT_DISCARD __attribute__( ( used ) ) /*-----------------------------------------------------------*/ diff --git a/portable/ARMv8M/non_secure/portable/GCC/ARM_CM55/portmacro.h b/portable/ARMv8M/non_secure/portable/GCC/ARM_CM55/portmacro.h index 07f0e3070..369d6825f 100644 --- a/portable/ARMv8M/non_secure/portable/GCC/ARM_CM55/portmacro.h +++ b/portable/ARMv8M/non_secure/portable/GCC/ARM_CM55/portmacro.h @@ -55,10 +55,10 @@ /** * Architecture specifics. */ -#define portPROCESSOR_VARIANT 55 #define portARCH_NAME "Cortex-M55" #define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portARMV8M_MINOR_VERSION 1 +#define portHAS_PACBTI_FEATURE 0 #define portDONT_DISCARD __attribute__( ( used ) ) /*-----------------------------------------------------------*/ diff --git a/portable/ARMv8M/non_secure/portable/GCC/ARM_CM85/portmacro.h b/portable/ARMv8M/non_secure/portable/GCC/ARM_CM85/portmacro.h index 2c7ec8d14..5067aa573 100644 --- a/portable/ARMv8M/non_secure/portable/GCC/ARM_CM85/portmacro.h +++ b/portable/ARMv8M/non_secure/portable/GCC/ARM_CM85/portmacro.h @@ -55,10 +55,10 @@ /** * Architecture specifics. */ -#define portPROCESSOR_VARIANT 85 #define portARCH_NAME "Cortex-M85" #define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portARMV8M_MINOR_VERSION 1 +#define portHAS_PACBTI_FEATURE 1 #define portDONT_DISCARD __attribute__( ( used ) ) /*-----------------------------------------------------------*/ diff --git a/portable/ARMv8M/non_secure/portable/IAR/ARM_CM23/portmacro.h b/portable/ARMv8M/non_secure/portable/IAR/ARM_CM23/portmacro.h index 89e7b3e97..4940e345e 100644 --- a/portable/ARMv8M/non_secure/portable/IAR/ARM_CM23/portmacro.h +++ b/portable/ARMv8M/non_secure/portable/IAR/ARM_CM23/portmacro.h @@ -50,10 +50,10 @@ /** * Architecture specifics. */ -#define portPROCESSOR_VARIANT 23 #define portARCH_NAME "Cortex-M23" #define portHAS_ARMV8M_MAIN_EXTENSION 0 #define portARMV8M_MINOR_VERSION 0 +#define portHAS_PACBTI_FEATURE 0 #define portDONT_DISCARD __root /*-----------------------------------------------------------*/ diff --git a/portable/ARMv8M/non_secure/portable/IAR/ARM_CM23_NTZ/portmacro.h b/portable/ARMv8M/non_secure/portable/IAR/ARM_CM23_NTZ/portmacro.h index 89e7b3e97..4940e345e 100644 --- a/portable/ARMv8M/non_secure/portable/IAR/ARM_CM23_NTZ/portmacro.h +++ b/portable/ARMv8M/non_secure/portable/IAR/ARM_CM23_NTZ/portmacro.h @@ -50,10 +50,10 @@ /** * Architecture specifics. */ -#define portPROCESSOR_VARIANT 23 #define portARCH_NAME "Cortex-M23" #define portHAS_ARMV8M_MAIN_EXTENSION 0 #define portARMV8M_MINOR_VERSION 0 +#define portHAS_PACBTI_FEATURE 0 #define portDONT_DISCARD __root /*-----------------------------------------------------------*/ diff --git a/portable/ARMv8M/non_secure/portable/IAR/ARM_CM33/portasm.s b/portable/ARMv8M/non_secure/portable/IAR/ARM_CM33/portasm.s index 418c5f887..b90b3a30c 100644 --- a/portable/ARMv8M/non_secure/portable/IAR/ARM_CM33/portasm.s +++ b/portable/ARMv8M/non_secure/portable/IAR/ARM_CM33/portasm.s @@ -179,8 +179,9 @@ vRestoreContextOfFirstTask: ldr r4, =xSecureContext str r1, [r4] /* Set xSecureContext to this task's value for the same. */ msr psplim, r2 /* Set this task's PSPLIM value. */ - movs r1, #2 /* r1 = 2. */ - msr CONTROL, r1 /* Switch to use PSP in the thread mode. */ + mrs r1, control /* Obtain current control register value. */ + orrs r1, r1, #2 /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointe (PSP). */ + msr control, r1 /* Write back the new control register value. */ adds r0, #32 /* Discard everything up to r0. */ msr psp, r0 /* This is now the new top of stack to use in the task. */ isb diff --git a/portable/ARMv8M/non_secure/portable/IAR/ARM_CM33/portmacro.h b/portable/ARMv8M/non_secure/portable/IAR/ARM_CM33/portmacro.h index a92ebc800..5e126dbf9 100644 --- a/portable/ARMv8M/non_secure/portable/IAR/ARM_CM33/portmacro.h +++ b/portable/ARMv8M/non_secure/portable/IAR/ARM_CM33/portmacro.h @@ -50,10 +50,10 @@ /** * Architecture specifics. */ -#define portPROCESSOR_VARIANT 33 #define portARCH_NAME "Cortex-M33" #define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portARMV8M_MINOR_VERSION 0 +#define portHAS_PACBTI_FEATURE 0 #define portDONT_DISCARD __root /*-----------------------------------------------------------*/ diff --git a/portable/ARMv8M/non_secure/portable/IAR/ARM_CM33_NTZ/portasm.s b/portable/ARMv8M/non_secure/portable/IAR/ARM_CM33_NTZ/portasm.s index e7fa8f041..be06f67ad 100644 --- a/portable/ARMv8M/non_secure/portable/IAR/ARM_CM33_NTZ/portasm.s +++ b/portable/ARMv8M/non_secure/portable/IAR/ARM_CM33_NTZ/portasm.s @@ -168,7 +168,7 @@ vRestoreContextOfFirstTask: ldm r0!, {r1-r2} /* Read from stack - r1 = PSPLIM and r2 = EXC_RETURN. */ msr psplim, r1 /* Set this task's PSPLIM value. */ mrs r1, control /* Obtain current control register value. */ - orrs r1, r1, #2 /* r1 = r1 | 0x2 - Setting the second bit to use the program stack pointe (PSP). */ + orrs r1, r1, #2 /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointe (PSP). */ msr control, r1 /* Write back the new control register value. */ adds r0, #32 /* Discard everything up to r0. */ msr psp, r0 /* This is now the new top of stack to use in the task. */ diff --git a/portable/ARMv8M/non_secure/portable/IAR/ARM_CM33_NTZ/portmacro.h b/portable/ARMv8M/non_secure/portable/IAR/ARM_CM33_NTZ/portmacro.h index a92ebc800..5e126dbf9 100644 --- a/portable/ARMv8M/non_secure/portable/IAR/ARM_CM33_NTZ/portmacro.h +++ b/portable/ARMv8M/non_secure/portable/IAR/ARM_CM33_NTZ/portmacro.h @@ -50,10 +50,10 @@ /** * Architecture specifics. */ -#define portPROCESSOR_VARIANT 33 #define portARCH_NAME "Cortex-M33" #define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portARMV8M_MINOR_VERSION 0 +#define portHAS_PACBTI_FEATURE 0 #define portDONT_DISCARD __root /*-----------------------------------------------------------*/ diff --git a/portable/ARMv8M/non_secure/portable/IAR/ARM_CM35P/portmacro.h b/portable/ARMv8M/non_secure/portable/IAR/ARM_CM35P/portmacro.h index f2f80f0e4..d617ac0c2 100644 --- a/portable/ARMv8M/non_secure/portable/IAR/ARM_CM35P/portmacro.h +++ b/portable/ARMv8M/non_secure/portable/IAR/ARM_CM35P/portmacro.h @@ -50,10 +50,10 @@ /** * Architecture specifics. */ -#define portPROCESSOR_VARIANT 35 #define portARCH_NAME "Cortex-M35P" #define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portARMV8M_MINOR_VERSION 0 +#define portHAS_PACBTI_FEATURE 0 #define portDONT_DISCARD __root /*-----------------------------------------------------------*/ diff --git a/portable/ARMv8M/non_secure/portable/IAR/ARM_CM55/portmacro.h b/portable/ARMv8M/non_secure/portable/IAR/ARM_CM55/portmacro.h index 8dcf71342..6a5272267 100644 --- a/portable/ARMv8M/non_secure/portable/IAR/ARM_CM55/portmacro.h +++ b/portable/ARMv8M/non_secure/portable/IAR/ARM_CM55/portmacro.h @@ -55,10 +55,10 @@ /** * Architecture specifics. */ -#define portPROCESSOR_VARIANT 55 #define portARCH_NAME "Cortex-M55" #define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portARMV8M_MINOR_VERSION 1 +#define portHAS_PACBTI_FEATURE 0 #define portDONT_DISCARD __root /*-----------------------------------------------------------*/ diff --git a/portable/ARMv8M/non_secure/portable/IAR/ARM_CM85/portmacro.h b/portable/ARMv8M/non_secure/portable/IAR/ARM_CM85/portmacro.h index efca5acc3..c88adc77c 100644 --- a/portable/ARMv8M/non_secure/portable/IAR/ARM_CM85/portmacro.h +++ b/portable/ARMv8M/non_secure/portable/IAR/ARM_CM85/portmacro.h @@ -55,10 +55,10 @@ /** * Architecture specifics. */ -#define portPROCESSOR_VARIANT 85 #define portARCH_NAME "Cortex-M85" #define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portARMV8M_MINOR_VERSION 1 +#define portHAS_PACBTI_FEATURE 1 #define portDONT_DISCARD __root /*-----------------------------------------------------------*/ diff --git a/portable/ARMv8M/non_secure/portmacrocommon.h b/portable/ARMv8M/non_secure/portmacrocommon.h index aa2d78811..a2d22b769 100644 --- a/portable/ARMv8M/non_secure/portmacrocommon.h +++ b/portable/ARMv8M/non_secure/portmacrocommon.h @@ -59,6 +59,17 @@ #error configENABLE_TRUSTZONE must be defined in FreeRTOSConfig.h. Set configENABLE_TRUSTZONE to 1 to enable TrustZone or 0 to disable TrustZone. #endif /* configENABLE_TRUSTZONE */ +#if ( portHAS_PACBTI_FEATURE == 1 ) + + #ifndef configENABLE_PAC + #error configENABLE_PAC must be defined in FreeRTOSConfig.h. Set configENABLE_PAC to 1 to enable the PAC or 0 to disable the PAC. + #endif + + #ifndef configENABLE_BTI + #error configENABLE_BTI must be defined in FreeRTOSConfig.h. Set configENABLE_BTI to 1 to enable the BTI or 0 to disable the BTI. + #endif + +#endif /* portHAS_PACBTI_FEATURE */ /*-----------------------------------------------------------*/ /** @@ -509,44 +520,6 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P #endif /* configUSE_PORT_OPTIMISED_TASK_SELECTION */ /*-----------------------------------------------------------*/ -#if (portPROCESSOR_VARIANT == 85) - - /** - * @brief PACBTI Security Feature Disabled - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_NONE 0 - - /** - * @brief PACBTI Security Feature Standard Configuration - * (PAC enabled without leaf functions support, and BTI enabled ). - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_STANDARD 1 - - /** - * @brief PACBTI Security Feature with only PAC enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET 2 - - /** - * @brief PACBTI Security Feature with PAC - * and PAC for leaf functions support enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF 3 - - /** - * @brief PACBTI Security Feature Standard + Leaf Configuration - * (PAC enabled with leaf functions support, and BTI enabled). - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI 4 - - /** - * @brief PACBTI Security Feature with only BTI enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_BTI 5 - -#endif /* portPROCESSOR_VARIANT == 85 */ -/*-----------------------------------------------------------*/ - /* *INDENT-OFF* */ #ifdef __cplusplus } diff --git a/portable/GCC/ARM_CM23/non_secure/port.c b/portable/GCC/ARM_CM23/non_secure/port.c index 58b2b835d..dfdbbcb1b 100644 --- a/portable/GCC/ARM_CM23/non_secure/port.c +++ b/portable/GCC/ARM_CM23/non_secure/port.c @@ -378,11 +378,18 @@ typedef void ( * portISR_t )( void ); #define portNO_SECURE_CONTEXT 0 /** - * @brief Constant required to check PACBTI security feature implementation. + * @brief Constants required to check and configure PACBTI security feature implementation. */ -#if (portPROCESSOR_VARIANT == 85) +#if ( portHAS_PACBTI_FEATURE == 1 ) + #define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) ) -#endif /* portPROCESSOR_VARIANT == 85 */ + + #define portCONTROL_UPAC_EN ( 1UL << 7UL ) + #define portCONTROL_PAC_EN ( 1UL << 6UL ) + #define portCONTROL_UBTI_EN ( 1UL << 5UL ) + #define portCONTROL_BTI_EN ( 1UL << 4UL ) + +#endif /* portHAS_PACBTI_FEATURE */ /*-----------------------------------------------------------*/ /** @@ -420,22 +427,25 @@ static void prvTaskExitError( void ); static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; #endif /* configENABLE_FPU */ -#if (portPROCESSOR_VARIANT == 85) +#if ( portHAS_PACBTI_FEATURE == 1 ) /** - * @brief Checks the pointer authentication, and branch target identification security feature - * configuration based on the selected option using the FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG CMake variable, - * returns the value of the special purpose control register accordingly, and optionally updates - * the Control register value. Currently, only Cortex-M85 (ARMv8.1-M architecture based) - * target supports PACBTI security feature. + * @brief Configures PACBTI features. + * + * This functions configrues the Pointer Authentication, and Branch Target + * Identification security features as per the user configuration. It returns + * the value of the special purpose CONTROL register accordingly, and optionally + * updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M + * architecture based) target supports PACBTI security feature. * - * @param xWriteControlRegister used to control whether the special purpose Control register - * should be updated or not. + * @param xWriteControlRegister Used to control whether the special purpose + * CONTROL register should be updated or not. * - * @return Control register value according to the configured PACBTI option. + * @return CONTROL register value according to the configured PACBTI option. */ - static uint32_t prvCheckAndConfigPacBti ( BaseType_t xWriteControlRegister ); -#endif /* portPROCESSOR_VARIANT == 85 */ + static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister ); + +#endif /* portHAS_PACBTI_FEATURE */ /** * @brief Setup the timer to generate the tick interrupts. @@ -1484,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */ { uint32_t ulIndex = 0; + uint32_t ulControl = 0x0; xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */ ulIndex++; @@ -1530,13 +1541,14 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */ ulIndex++; - uint32_t ulControl = 0x0; - #if (portPROCESSOR_VARIANT == 85) + #if ( portHAS_PACBTI_FEATURE == 1 ) { - /* Check PACBTI security feature configuration before pushing the control register's value on task's TCB. */ - ulControl = prvCheckAndConfigPacBti(pdFALSE); + /* Check PACBTI security feature configuration before pushing the + * CONTROL register's value on task's TCB. */ + ulControl = prvConfigurePACBTI( pdFALSE ); } - #endif /* portPROCESSOR_VARIANT == 85 */ + #endif /* portHAS_PACBTI_FEATURE */ + if( xRunPrivileged == pdTRUE ) { xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG; @@ -1774,12 +1786,13 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */ portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR2_REG = 0; - #if (portPROCESSOR_VARIANT == 85) + #if ( portHAS_PACBTI_FEATURE == 1 ) { - /* Set the Control register value based on PACBTI security feature configuration before starting the first task. */ - ( void) prvCheckAndConfigPacBti(pdTRUE); + /* Set the CONTROL register value based on PACBTI security feature + * configuration before starting the first task. */ + ( void) prvConfigurePACBTI( pdTRUE ); } - #endif /* portPROCESSOR_VARIANT == 85 */ + #endif /* portHAS_PACBTI_FEATURE */ #if ( configENABLE_MPU == 1 ) { @@ -2200,43 +2213,41 @@ BaseType_t xPortIsInsideInterrupt( void ) #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ /*-----------------------------------------------------------*/ -#if (portPROCESSOR_VARIANT == 85) - static uint32_t prvCheckAndConfigPacBti ( BaseType_t xWriteControlRegister ) +#if ( portHAS_PACBTI_FEATURE == 1 ) + + static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister ) { - #if defined ( portARM_V_8_1_M_PACBTI_CONFIG ) - uint32_t ulIdIsar5 = portID_ISAR5_REG; - configASSERT(ulIdIsar5 != 0x0); + uint32_t ulControl = 0x0; - /* Enable UsageFault exception if the selected configuration is not portARM_V_8_1_M_PACBTI_CONFIG_NONE */ - #if ( portARM_V_8_1_M_PACBTI_CONFIG != portARM_V_8_1_M_PACBTI_CONFIG_NONE ) - portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; - #endif + /* Ensure that PACBTI is implemented. */ + configASSERT( portID_ISAR5_REG != 0x0 ); - uint32_t ulControl = 0x0; - #if ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_STANDARD ) || \ - ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI ) ) - /* Set UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits to one */ - ulControl = 0xF0; - #elif ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET ) || \ - ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF ) ) - /* Set UPAC_EN, and PAC_EN control bits to one */ - ulControl = 0xC0; - #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_BTI ) - /* Set UBTI_EN, and BTI_EN control bits to one */ - ulControl = 0x30; - #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_NONE ) - /* Clear UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ - ulControl = 0x00; - #else - #error "Invalid portARM_V_8_1_M_PACBTI_CONFIG option chosen" - #endif - if ( xWriteControlRegister == pdTRUE ) - { - __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); - } + /* Enable UsageFault exception if PAC or BTI is enabled. */ + #if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) ) + { + portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; + } + #endif + + #if( configENABLE_PAC == 1 ) + { + ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN ); + } + #endif - return ulControl; + #if( configENABLE_BTI == 1 ) + { + ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN ); + } #endif + + if( xWriteControlRegister == pdTRUE ) + { + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + } + + return ulControl; } -#endif /* portPROCESSOR_VARIANT == 85 */ + +#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */ /*-----------------------------------------------------------*/ diff --git a/portable/GCC/ARM_CM23/non_secure/portmacro.h b/portable/GCC/ARM_CM23/non_secure/portmacro.h index 52869c711..5acf8160f 100644 --- a/portable/GCC/ARM_CM23/non_secure/portmacro.h +++ b/portable/GCC/ARM_CM23/non_secure/portmacro.h @@ -50,10 +50,10 @@ /** * Architecture specifics. */ -#define portPROCESSOR_VARIANT 23 #define portARCH_NAME "Cortex-M23" #define portHAS_ARMV8M_MAIN_EXTENSION 0 #define portARMV8M_MINOR_VERSION 0 +#define portHAS_PACBTI_FEATURE 0 #define portDONT_DISCARD __attribute__( ( used ) ) /*-----------------------------------------------------------*/ diff --git a/portable/GCC/ARM_CM23/non_secure/portmacrocommon.h b/portable/GCC/ARM_CM23/non_secure/portmacrocommon.h index aa2d78811..a2d22b769 100644 --- a/portable/GCC/ARM_CM23/non_secure/portmacrocommon.h +++ b/portable/GCC/ARM_CM23/non_secure/portmacrocommon.h @@ -59,6 +59,17 @@ #error configENABLE_TRUSTZONE must be defined in FreeRTOSConfig.h. Set configENABLE_TRUSTZONE to 1 to enable TrustZone or 0 to disable TrustZone. #endif /* configENABLE_TRUSTZONE */ +#if ( portHAS_PACBTI_FEATURE == 1 ) + + #ifndef configENABLE_PAC + #error configENABLE_PAC must be defined in FreeRTOSConfig.h. Set configENABLE_PAC to 1 to enable the PAC or 0 to disable the PAC. + #endif + + #ifndef configENABLE_BTI + #error configENABLE_BTI must be defined in FreeRTOSConfig.h. Set configENABLE_BTI to 1 to enable the BTI or 0 to disable the BTI. + #endif + +#endif /* portHAS_PACBTI_FEATURE */ /*-----------------------------------------------------------*/ /** @@ -509,44 +520,6 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P #endif /* configUSE_PORT_OPTIMISED_TASK_SELECTION */ /*-----------------------------------------------------------*/ -#if (portPROCESSOR_VARIANT == 85) - - /** - * @brief PACBTI Security Feature Disabled - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_NONE 0 - - /** - * @brief PACBTI Security Feature Standard Configuration - * (PAC enabled without leaf functions support, and BTI enabled ). - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_STANDARD 1 - - /** - * @brief PACBTI Security Feature with only PAC enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET 2 - - /** - * @brief PACBTI Security Feature with PAC - * and PAC for leaf functions support enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF 3 - - /** - * @brief PACBTI Security Feature Standard + Leaf Configuration - * (PAC enabled with leaf functions support, and BTI enabled). - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI 4 - - /** - * @brief PACBTI Security Feature with only BTI enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_BTI 5 - -#endif /* portPROCESSOR_VARIANT == 85 */ -/*-----------------------------------------------------------*/ - /* *INDENT-OFF* */ #ifdef __cplusplus } diff --git a/portable/GCC/ARM_CM23_NTZ/non_secure/port.c b/portable/GCC/ARM_CM23_NTZ/non_secure/port.c index 58b2b835d..dfdbbcb1b 100644 --- a/portable/GCC/ARM_CM23_NTZ/non_secure/port.c +++ b/portable/GCC/ARM_CM23_NTZ/non_secure/port.c @@ -378,11 +378,18 @@ typedef void ( * portISR_t )( void ); #define portNO_SECURE_CONTEXT 0 /** - * @brief Constant required to check PACBTI security feature implementation. + * @brief Constants required to check and configure PACBTI security feature implementation. */ -#if (portPROCESSOR_VARIANT == 85) +#if ( portHAS_PACBTI_FEATURE == 1 ) + #define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) ) -#endif /* portPROCESSOR_VARIANT == 85 */ + + #define portCONTROL_UPAC_EN ( 1UL << 7UL ) + #define portCONTROL_PAC_EN ( 1UL << 6UL ) + #define portCONTROL_UBTI_EN ( 1UL << 5UL ) + #define portCONTROL_BTI_EN ( 1UL << 4UL ) + +#endif /* portHAS_PACBTI_FEATURE */ /*-----------------------------------------------------------*/ /** @@ -420,22 +427,25 @@ static void prvTaskExitError( void ); static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; #endif /* configENABLE_FPU */ -#if (portPROCESSOR_VARIANT == 85) +#if ( portHAS_PACBTI_FEATURE == 1 ) /** - * @brief Checks the pointer authentication, and branch target identification security feature - * configuration based on the selected option using the FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG CMake variable, - * returns the value of the special purpose control register accordingly, and optionally updates - * the Control register value. Currently, only Cortex-M85 (ARMv8.1-M architecture based) - * target supports PACBTI security feature. + * @brief Configures PACBTI features. + * + * This functions configrues the Pointer Authentication, and Branch Target + * Identification security features as per the user configuration. It returns + * the value of the special purpose CONTROL register accordingly, and optionally + * updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M + * architecture based) target supports PACBTI security feature. * - * @param xWriteControlRegister used to control whether the special purpose Control register - * should be updated or not. + * @param xWriteControlRegister Used to control whether the special purpose + * CONTROL register should be updated or not. * - * @return Control register value according to the configured PACBTI option. + * @return CONTROL register value according to the configured PACBTI option. */ - static uint32_t prvCheckAndConfigPacBti ( BaseType_t xWriteControlRegister ); -#endif /* portPROCESSOR_VARIANT == 85 */ + static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister ); + +#endif /* portHAS_PACBTI_FEATURE */ /** * @brief Setup the timer to generate the tick interrupts. @@ -1484,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */ { uint32_t ulIndex = 0; + uint32_t ulControl = 0x0; xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */ ulIndex++; @@ -1530,13 +1541,14 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */ ulIndex++; - uint32_t ulControl = 0x0; - #if (portPROCESSOR_VARIANT == 85) + #if ( portHAS_PACBTI_FEATURE == 1 ) { - /* Check PACBTI security feature configuration before pushing the control register's value on task's TCB. */ - ulControl = prvCheckAndConfigPacBti(pdFALSE); + /* Check PACBTI security feature configuration before pushing the + * CONTROL register's value on task's TCB. */ + ulControl = prvConfigurePACBTI( pdFALSE ); } - #endif /* portPROCESSOR_VARIANT == 85 */ + #endif /* portHAS_PACBTI_FEATURE */ + if( xRunPrivileged == pdTRUE ) { xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG; @@ -1774,12 +1786,13 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */ portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR2_REG = 0; - #if (portPROCESSOR_VARIANT == 85) + #if ( portHAS_PACBTI_FEATURE == 1 ) { - /* Set the Control register value based on PACBTI security feature configuration before starting the first task. */ - ( void) prvCheckAndConfigPacBti(pdTRUE); + /* Set the CONTROL register value based on PACBTI security feature + * configuration before starting the first task. */ + ( void) prvConfigurePACBTI( pdTRUE ); } - #endif /* portPROCESSOR_VARIANT == 85 */ + #endif /* portHAS_PACBTI_FEATURE */ #if ( configENABLE_MPU == 1 ) { @@ -2200,43 +2213,41 @@ BaseType_t xPortIsInsideInterrupt( void ) #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ /*-----------------------------------------------------------*/ -#if (portPROCESSOR_VARIANT == 85) - static uint32_t prvCheckAndConfigPacBti ( BaseType_t xWriteControlRegister ) +#if ( portHAS_PACBTI_FEATURE == 1 ) + + static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister ) { - #if defined ( portARM_V_8_1_M_PACBTI_CONFIG ) - uint32_t ulIdIsar5 = portID_ISAR5_REG; - configASSERT(ulIdIsar5 != 0x0); + uint32_t ulControl = 0x0; - /* Enable UsageFault exception if the selected configuration is not portARM_V_8_1_M_PACBTI_CONFIG_NONE */ - #if ( portARM_V_8_1_M_PACBTI_CONFIG != portARM_V_8_1_M_PACBTI_CONFIG_NONE ) - portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; - #endif + /* Ensure that PACBTI is implemented. */ + configASSERT( portID_ISAR5_REG != 0x0 ); - uint32_t ulControl = 0x0; - #if ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_STANDARD ) || \ - ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI ) ) - /* Set UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits to one */ - ulControl = 0xF0; - #elif ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET ) || \ - ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF ) ) - /* Set UPAC_EN, and PAC_EN control bits to one */ - ulControl = 0xC0; - #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_BTI ) - /* Set UBTI_EN, and BTI_EN control bits to one */ - ulControl = 0x30; - #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_NONE ) - /* Clear UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ - ulControl = 0x00; - #else - #error "Invalid portARM_V_8_1_M_PACBTI_CONFIG option chosen" - #endif - if ( xWriteControlRegister == pdTRUE ) - { - __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); - } + /* Enable UsageFault exception if PAC or BTI is enabled. */ + #if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) ) + { + portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; + } + #endif + + #if( configENABLE_PAC == 1 ) + { + ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN ); + } + #endif - return ulControl; + #if( configENABLE_BTI == 1 ) + { + ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN ); + } #endif + + if( xWriteControlRegister == pdTRUE ) + { + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + } + + return ulControl; } -#endif /* portPROCESSOR_VARIANT == 85 */ + +#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */ /*-----------------------------------------------------------*/ diff --git a/portable/GCC/ARM_CM23_NTZ/non_secure/portmacro.h b/portable/GCC/ARM_CM23_NTZ/non_secure/portmacro.h index 52869c711..5acf8160f 100644 --- a/portable/GCC/ARM_CM23_NTZ/non_secure/portmacro.h +++ b/portable/GCC/ARM_CM23_NTZ/non_secure/portmacro.h @@ -50,10 +50,10 @@ /** * Architecture specifics. */ -#define portPROCESSOR_VARIANT 23 #define portARCH_NAME "Cortex-M23" #define portHAS_ARMV8M_MAIN_EXTENSION 0 #define portARMV8M_MINOR_VERSION 0 +#define portHAS_PACBTI_FEATURE 0 #define portDONT_DISCARD __attribute__( ( used ) ) /*-----------------------------------------------------------*/ diff --git a/portable/GCC/ARM_CM23_NTZ/non_secure/portmacrocommon.h b/portable/GCC/ARM_CM23_NTZ/non_secure/portmacrocommon.h index aa2d78811..a2d22b769 100644 --- a/portable/GCC/ARM_CM23_NTZ/non_secure/portmacrocommon.h +++ b/portable/GCC/ARM_CM23_NTZ/non_secure/portmacrocommon.h @@ -59,6 +59,17 @@ #error configENABLE_TRUSTZONE must be defined in FreeRTOSConfig.h. Set configENABLE_TRUSTZONE to 1 to enable TrustZone or 0 to disable TrustZone. #endif /* configENABLE_TRUSTZONE */ +#if ( portHAS_PACBTI_FEATURE == 1 ) + + #ifndef configENABLE_PAC + #error configENABLE_PAC must be defined in FreeRTOSConfig.h. Set configENABLE_PAC to 1 to enable the PAC or 0 to disable the PAC. + #endif + + #ifndef configENABLE_BTI + #error configENABLE_BTI must be defined in FreeRTOSConfig.h. Set configENABLE_BTI to 1 to enable the BTI or 0 to disable the BTI. + #endif + +#endif /* portHAS_PACBTI_FEATURE */ /*-----------------------------------------------------------*/ /** @@ -509,44 +520,6 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P #endif /* configUSE_PORT_OPTIMISED_TASK_SELECTION */ /*-----------------------------------------------------------*/ -#if (portPROCESSOR_VARIANT == 85) - - /** - * @brief PACBTI Security Feature Disabled - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_NONE 0 - - /** - * @brief PACBTI Security Feature Standard Configuration - * (PAC enabled without leaf functions support, and BTI enabled ). - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_STANDARD 1 - - /** - * @brief PACBTI Security Feature with only PAC enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET 2 - - /** - * @brief PACBTI Security Feature with PAC - * and PAC for leaf functions support enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF 3 - - /** - * @brief PACBTI Security Feature Standard + Leaf Configuration - * (PAC enabled with leaf functions support, and BTI enabled). - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI 4 - - /** - * @brief PACBTI Security Feature with only BTI enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_BTI 5 - -#endif /* portPROCESSOR_VARIANT == 85 */ -/*-----------------------------------------------------------*/ - /* *INDENT-OFF* */ #ifdef __cplusplus } diff --git a/portable/GCC/ARM_CM33/non_secure/port.c b/portable/GCC/ARM_CM33/non_secure/port.c index 58b2b835d..dfdbbcb1b 100644 --- a/portable/GCC/ARM_CM33/non_secure/port.c +++ b/portable/GCC/ARM_CM33/non_secure/port.c @@ -378,11 +378,18 @@ typedef void ( * portISR_t )( void ); #define portNO_SECURE_CONTEXT 0 /** - * @brief Constant required to check PACBTI security feature implementation. + * @brief Constants required to check and configure PACBTI security feature implementation. */ -#if (portPROCESSOR_VARIANT == 85) +#if ( portHAS_PACBTI_FEATURE == 1 ) + #define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) ) -#endif /* portPROCESSOR_VARIANT == 85 */ + + #define portCONTROL_UPAC_EN ( 1UL << 7UL ) + #define portCONTROL_PAC_EN ( 1UL << 6UL ) + #define portCONTROL_UBTI_EN ( 1UL << 5UL ) + #define portCONTROL_BTI_EN ( 1UL << 4UL ) + +#endif /* portHAS_PACBTI_FEATURE */ /*-----------------------------------------------------------*/ /** @@ -420,22 +427,25 @@ static void prvTaskExitError( void ); static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; #endif /* configENABLE_FPU */ -#if (portPROCESSOR_VARIANT == 85) +#if ( portHAS_PACBTI_FEATURE == 1 ) /** - * @brief Checks the pointer authentication, and branch target identification security feature - * configuration based on the selected option using the FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG CMake variable, - * returns the value of the special purpose control register accordingly, and optionally updates - * the Control register value. Currently, only Cortex-M85 (ARMv8.1-M architecture based) - * target supports PACBTI security feature. + * @brief Configures PACBTI features. + * + * This functions configrues the Pointer Authentication, and Branch Target + * Identification security features as per the user configuration. It returns + * the value of the special purpose CONTROL register accordingly, and optionally + * updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M + * architecture based) target supports PACBTI security feature. * - * @param xWriteControlRegister used to control whether the special purpose Control register - * should be updated or not. + * @param xWriteControlRegister Used to control whether the special purpose + * CONTROL register should be updated or not. * - * @return Control register value according to the configured PACBTI option. + * @return CONTROL register value according to the configured PACBTI option. */ - static uint32_t prvCheckAndConfigPacBti ( BaseType_t xWriteControlRegister ); -#endif /* portPROCESSOR_VARIANT == 85 */ + static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister ); + +#endif /* portHAS_PACBTI_FEATURE */ /** * @brief Setup the timer to generate the tick interrupts. @@ -1484,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */ { uint32_t ulIndex = 0; + uint32_t ulControl = 0x0; xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */ ulIndex++; @@ -1530,13 +1541,14 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */ ulIndex++; - uint32_t ulControl = 0x0; - #if (portPROCESSOR_VARIANT == 85) + #if ( portHAS_PACBTI_FEATURE == 1 ) { - /* Check PACBTI security feature configuration before pushing the control register's value on task's TCB. */ - ulControl = prvCheckAndConfigPacBti(pdFALSE); + /* Check PACBTI security feature configuration before pushing the + * CONTROL register's value on task's TCB. */ + ulControl = prvConfigurePACBTI( pdFALSE ); } - #endif /* portPROCESSOR_VARIANT == 85 */ + #endif /* portHAS_PACBTI_FEATURE */ + if( xRunPrivileged == pdTRUE ) { xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG; @@ -1774,12 +1786,13 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */ portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR2_REG = 0; - #if (portPROCESSOR_VARIANT == 85) + #if ( portHAS_PACBTI_FEATURE == 1 ) { - /* Set the Control register value based on PACBTI security feature configuration before starting the first task. */ - ( void) prvCheckAndConfigPacBti(pdTRUE); + /* Set the CONTROL register value based on PACBTI security feature + * configuration before starting the first task. */ + ( void) prvConfigurePACBTI( pdTRUE ); } - #endif /* portPROCESSOR_VARIANT == 85 */ + #endif /* portHAS_PACBTI_FEATURE */ #if ( configENABLE_MPU == 1 ) { @@ -2200,43 +2213,41 @@ BaseType_t xPortIsInsideInterrupt( void ) #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ /*-----------------------------------------------------------*/ -#if (portPROCESSOR_VARIANT == 85) - static uint32_t prvCheckAndConfigPacBti ( BaseType_t xWriteControlRegister ) +#if ( portHAS_PACBTI_FEATURE == 1 ) + + static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister ) { - #if defined ( portARM_V_8_1_M_PACBTI_CONFIG ) - uint32_t ulIdIsar5 = portID_ISAR5_REG; - configASSERT(ulIdIsar5 != 0x0); + uint32_t ulControl = 0x0; - /* Enable UsageFault exception if the selected configuration is not portARM_V_8_1_M_PACBTI_CONFIG_NONE */ - #if ( portARM_V_8_1_M_PACBTI_CONFIG != portARM_V_8_1_M_PACBTI_CONFIG_NONE ) - portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; - #endif + /* Ensure that PACBTI is implemented. */ + configASSERT( portID_ISAR5_REG != 0x0 ); - uint32_t ulControl = 0x0; - #if ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_STANDARD ) || \ - ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI ) ) - /* Set UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits to one */ - ulControl = 0xF0; - #elif ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET ) || \ - ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF ) ) - /* Set UPAC_EN, and PAC_EN control bits to one */ - ulControl = 0xC0; - #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_BTI ) - /* Set UBTI_EN, and BTI_EN control bits to one */ - ulControl = 0x30; - #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_NONE ) - /* Clear UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ - ulControl = 0x00; - #else - #error "Invalid portARM_V_8_1_M_PACBTI_CONFIG option chosen" - #endif - if ( xWriteControlRegister == pdTRUE ) - { - __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); - } + /* Enable UsageFault exception if PAC or BTI is enabled. */ + #if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) ) + { + portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; + } + #endif + + #if( configENABLE_PAC == 1 ) + { + ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN ); + } + #endif - return ulControl; + #if( configENABLE_BTI == 1 ) + { + ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN ); + } #endif + + if( xWriteControlRegister == pdTRUE ) + { + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + } + + return ulControl; } -#endif /* portPROCESSOR_VARIANT == 85 */ + +#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */ /*-----------------------------------------------------------*/ diff --git a/portable/GCC/ARM_CM33/non_secure/portasm.c b/portable/GCC/ARM_CM33/non_secure/portasm.c index aa9379fdf..1f64cca73 100644 --- a/portable/GCC/ARM_CM33/non_secure/portasm.c +++ b/portable/GCC/ARM_CM33/non_secure/portasm.c @@ -134,8 +134,9 @@ " ldr r4, =xSecureContext \n" " str r1, [r4] \n" /* Set xSecureContext to this task's value for the same. */ " msr psplim, r2 \n" /* Set this task's PSPLIM value. */ - " movs r1, #2 \n" /* r1 = 2. */ - " msr CONTROL, r1 \n" /* Switch to use PSP in the thread mode. */ + " mrs r1, control \n" /* Obtain current control register value. */ + " orrs r1, r1, #2 \n" /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointer (PSP). */ + " msr control, r1 \n" /* Write back the new control register value. */ " adds r0, #32 \n" /* Discard everything up to r0. */ " msr psp, r0 \n" /* This is now the new top of stack to use in the task. */ " isb \n" diff --git a/portable/GCC/ARM_CM33/non_secure/portmacro.h b/portable/GCC/ARM_CM33/non_secure/portmacro.h index f87128731..452a43655 100644 --- a/portable/GCC/ARM_CM33/non_secure/portmacro.h +++ b/portable/GCC/ARM_CM33/non_secure/portmacro.h @@ -50,10 +50,10 @@ /** * Architecture specifics. */ -#define portPROCESSOR_VARIANT 33 #define portARCH_NAME "Cortex-M33" #define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portARMV8M_MINOR_VERSION 0 +#define portHAS_PACBTI_FEATURE 0 #define portDONT_DISCARD __attribute__( ( used ) ) /*-----------------------------------------------------------*/ diff --git a/portable/GCC/ARM_CM33/non_secure/portmacrocommon.h b/portable/GCC/ARM_CM33/non_secure/portmacrocommon.h index aa2d78811..a2d22b769 100644 --- a/portable/GCC/ARM_CM33/non_secure/portmacrocommon.h +++ b/portable/GCC/ARM_CM33/non_secure/portmacrocommon.h @@ -59,6 +59,17 @@ #error configENABLE_TRUSTZONE must be defined in FreeRTOSConfig.h. Set configENABLE_TRUSTZONE to 1 to enable TrustZone or 0 to disable TrustZone. #endif /* configENABLE_TRUSTZONE */ +#if ( portHAS_PACBTI_FEATURE == 1 ) + + #ifndef configENABLE_PAC + #error configENABLE_PAC must be defined in FreeRTOSConfig.h. Set configENABLE_PAC to 1 to enable the PAC or 0 to disable the PAC. + #endif + + #ifndef configENABLE_BTI + #error configENABLE_BTI must be defined in FreeRTOSConfig.h. Set configENABLE_BTI to 1 to enable the BTI or 0 to disable the BTI. + #endif + +#endif /* portHAS_PACBTI_FEATURE */ /*-----------------------------------------------------------*/ /** @@ -509,44 +520,6 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P #endif /* configUSE_PORT_OPTIMISED_TASK_SELECTION */ /*-----------------------------------------------------------*/ -#if (portPROCESSOR_VARIANT == 85) - - /** - * @brief PACBTI Security Feature Disabled - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_NONE 0 - - /** - * @brief PACBTI Security Feature Standard Configuration - * (PAC enabled without leaf functions support, and BTI enabled ). - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_STANDARD 1 - - /** - * @brief PACBTI Security Feature with only PAC enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET 2 - - /** - * @brief PACBTI Security Feature with PAC - * and PAC for leaf functions support enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF 3 - - /** - * @brief PACBTI Security Feature Standard + Leaf Configuration - * (PAC enabled with leaf functions support, and BTI enabled). - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI 4 - - /** - * @brief PACBTI Security Feature with only BTI enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_BTI 5 - -#endif /* portPROCESSOR_VARIANT == 85 */ -/*-----------------------------------------------------------*/ - /* *INDENT-OFF* */ #ifdef __cplusplus } diff --git a/portable/GCC/ARM_CM33_NTZ/non_secure/port.c b/portable/GCC/ARM_CM33_NTZ/non_secure/port.c index 58b2b835d..dfdbbcb1b 100644 --- a/portable/GCC/ARM_CM33_NTZ/non_secure/port.c +++ b/portable/GCC/ARM_CM33_NTZ/non_secure/port.c @@ -378,11 +378,18 @@ typedef void ( * portISR_t )( void ); #define portNO_SECURE_CONTEXT 0 /** - * @brief Constant required to check PACBTI security feature implementation. + * @brief Constants required to check and configure PACBTI security feature implementation. */ -#if (portPROCESSOR_VARIANT == 85) +#if ( portHAS_PACBTI_FEATURE == 1 ) + #define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) ) -#endif /* portPROCESSOR_VARIANT == 85 */ + + #define portCONTROL_UPAC_EN ( 1UL << 7UL ) + #define portCONTROL_PAC_EN ( 1UL << 6UL ) + #define portCONTROL_UBTI_EN ( 1UL << 5UL ) + #define portCONTROL_BTI_EN ( 1UL << 4UL ) + +#endif /* portHAS_PACBTI_FEATURE */ /*-----------------------------------------------------------*/ /** @@ -420,22 +427,25 @@ static void prvTaskExitError( void ); static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; #endif /* configENABLE_FPU */ -#if (portPROCESSOR_VARIANT == 85) +#if ( portHAS_PACBTI_FEATURE == 1 ) /** - * @brief Checks the pointer authentication, and branch target identification security feature - * configuration based on the selected option using the FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG CMake variable, - * returns the value of the special purpose control register accordingly, and optionally updates - * the Control register value. Currently, only Cortex-M85 (ARMv8.1-M architecture based) - * target supports PACBTI security feature. + * @brief Configures PACBTI features. + * + * This functions configrues the Pointer Authentication, and Branch Target + * Identification security features as per the user configuration. It returns + * the value of the special purpose CONTROL register accordingly, and optionally + * updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M + * architecture based) target supports PACBTI security feature. * - * @param xWriteControlRegister used to control whether the special purpose Control register - * should be updated or not. + * @param xWriteControlRegister Used to control whether the special purpose + * CONTROL register should be updated or not. * - * @return Control register value according to the configured PACBTI option. + * @return CONTROL register value according to the configured PACBTI option. */ - static uint32_t prvCheckAndConfigPacBti ( BaseType_t xWriteControlRegister ); -#endif /* portPROCESSOR_VARIANT == 85 */ + static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister ); + +#endif /* portHAS_PACBTI_FEATURE */ /** * @brief Setup the timer to generate the tick interrupts. @@ -1484,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */ { uint32_t ulIndex = 0; + uint32_t ulControl = 0x0; xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */ ulIndex++; @@ -1530,13 +1541,14 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */ ulIndex++; - uint32_t ulControl = 0x0; - #if (portPROCESSOR_VARIANT == 85) + #if ( portHAS_PACBTI_FEATURE == 1 ) { - /* Check PACBTI security feature configuration before pushing the control register's value on task's TCB. */ - ulControl = prvCheckAndConfigPacBti(pdFALSE); + /* Check PACBTI security feature configuration before pushing the + * CONTROL register's value on task's TCB. */ + ulControl = prvConfigurePACBTI( pdFALSE ); } - #endif /* portPROCESSOR_VARIANT == 85 */ + #endif /* portHAS_PACBTI_FEATURE */ + if( xRunPrivileged == pdTRUE ) { xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG; @@ -1774,12 +1786,13 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */ portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR2_REG = 0; - #if (portPROCESSOR_VARIANT == 85) + #if ( portHAS_PACBTI_FEATURE == 1 ) { - /* Set the Control register value based on PACBTI security feature configuration before starting the first task. */ - ( void) prvCheckAndConfigPacBti(pdTRUE); + /* Set the CONTROL register value based on PACBTI security feature + * configuration before starting the first task. */ + ( void) prvConfigurePACBTI( pdTRUE ); } - #endif /* portPROCESSOR_VARIANT == 85 */ + #endif /* portHAS_PACBTI_FEATURE */ #if ( configENABLE_MPU == 1 ) { @@ -2200,43 +2213,41 @@ BaseType_t xPortIsInsideInterrupt( void ) #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ /*-----------------------------------------------------------*/ -#if (portPROCESSOR_VARIANT == 85) - static uint32_t prvCheckAndConfigPacBti ( BaseType_t xWriteControlRegister ) +#if ( portHAS_PACBTI_FEATURE == 1 ) + + static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister ) { - #if defined ( portARM_V_8_1_M_PACBTI_CONFIG ) - uint32_t ulIdIsar5 = portID_ISAR5_REG; - configASSERT(ulIdIsar5 != 0x0); + uint32_t ulControl = 0x0; - /* Enable UsageFault exception if the selected configuration is not portARM_V_8_1_M_PACBTI_CONFIG_NONE */ - #if ( portARM_V_8_1_M_PACBTI_CONFIG != portARM_V_8_1_M_PACBTI_CONFIG_NONE ) - portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; - #endif + /* Ensure that PACBTI is implemented. */ + configASSERT( portID_ISAR5_REG != 0x0 ); - uint32_t ulControl = 0x0; - #if ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_STANDARD ) || \ - ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI ) ) - /* Set UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits to one */ - ulControl = 0xF0; - #elif ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET ) || \ - ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF ) ) - /* Set UPAC_EN, and PAC_EN control bits to one */ - ulControl = 0xC0; - #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_BTI ) - /* Set UBTI_EN, and BTI_EN control bits to one */ - ulControl = 0x30; - #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_NONE ) - /* Clear UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ - ulControl = 0x00; - #else - #error "Invalid portARM_V_8_1_M_PACBTI_CONFIG option chosen" - #endif - if ( xWriteControlRegister == pdTRUE ) - { - __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); - } + /* Enable UsageFault exception if PAC or BTI is enabled. */ + #if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) ) + { + portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; + } + #endif + + #if( configENABLE_PAC == 1 ) + { + ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN ); + } + #endif - return ulControl; + #if( configENABLE_BTI == 1 ) + { + ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN ); + } #endif + + if( xWriteControlRegister == pdTRUE ) + { + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + } + + return ulControl; } -#endif /* portPROCESSOR_VARIANT == 85 */ + +#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */ /*-----------------------------------------------------------*/ diff --git a/portable/GCC/ARM_CM33_NTZ/non_secure/portasm.c b/portable/GCC/ARM_CM33_NTZ/non_secure/portasm.c index dd755e462..47996cd9e 100644 --- a/portable/GCC/ARM_CM33_NTZ/non_secure/portasm.c +++ b/portable/GCC/ARM_CM33_NTZ/non_secure/portasm.c @@ -133,7 +133,7 @@ " ldm r0!, {r1-r2} \n" /* Read from stack - r1 = PSPLIM and r2 = EXC_RETURN. */ " msr psplim, r1 \n" /* Set this task's PSPLIM value. */ " mrs r1, control \n" /* Obtain current control register value. */ - " orrs r1, r1, #2 \n" /* r1 = r1 | 0x2 - Setting the second bit to use the program stack pointer (PSP). */ + " orrs r1, r1, #2 \n" /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointer (PSP). */ " msr control, r1 \n" /* Write back the new control register value. */ " adds r0, #32 \n" /* Discard everything up to r0. */ " msr psp, r0 \n" /* This is now the new top of stack to use in the task. */ diff --git a/portable/GCC/ARM_CM33_NTZ/non_secure/portmacro.h b/portable/GCC/ARM_CM33_NTZ/non_secure/portmacro.h index f87128731..452a43655 100644 --- a/portable/GCC/ARM_CM33_NTZ/non_secure/portmacro.h +++ b/portable/GCC/ARM_CM33_NTZ/non_secure/portmacro.h @@ -50,10 +50,10 @@ /** * Architecture specifics. */ -#define portPROCESSOR_VARIANT 33 #define portARCH_NAME "Cortex-M33" #define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portARMV8M_MINOR_VERSION 0 +#define portHAS_PACBTI_FEATURE 0 #define portDONT_DISCARD __attribute__( ( used ) ) /*-----------------------------------------------------------*/ diff --git a/portable/GCC/ARM_CM33_NTZ/non_secure/portmacrocommon.h b/portable/GCC/ARM_CM33_NTZ/non_secure/portmacrocommon.h index aa2d78811..a2d22b769 100644 --- a/portable/GCC/ARM_CM33_NTZ/non_secure/portmacrocommon.h +++ b/portable/GCC/ARM_CM33_NTZ/non_secure/portmacrocommon.h @@ -59,6 +59,17 @@ #error configENABLE_TRUSTZONE must be defined in FreeRTOSConfig.h. Set configENABLE_TRUSTZONE to 1 to enable TrustZone or 0 to disable TrustZone. #endif /* configENABLE_TRUSTZONE */ +#if ( portHAS_PACBTI_FEATURE == 1 ) + + #ifndef configENABLE_PAC + #error configENABLE_PAC must be defined in FreeRTOSConfig.h. Set configENABLE_PAC to 1 to enable the PAC or 0 to disable the PAC. + #endif + + #ifndef configENABLE_BTI + #error configENABLE_BTI must be defined in FreeRTOSConfig.h. Set configENABLE_BTI to 1 to enable the BTI or 0 to disable the BTI. + #endif + +#endif /* portHAS_PACBTI_FEATURE */ /*-----------------------------------------------------------*/ /** @@ -509,44 +520,6 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P #endif /* configUSE_PORT_OPTIMISED_TASK_SELECTION */ /*-----------------------------------------------------------*/ -#if (portPROCESSOR_VARIANT == 85) - - /** - * @brief PACBTI Security Feature Disabled - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_NONE 0 - - /** - * @brief PACBTI Security Feature Standard Configuration - * (PAC enabled without leaf functions support, and BTI enabled ). - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_STANDARD 1 - - /** - * @brief PACBTI Security Feature with only PAC enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET 2 - - /** - * @brief PACBTI Security Feature with PAC - * and PAC for leaf functions support enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF 3 - - /** - * @brief PACBTI Security Feature Standard + Leaf Configuration - * (PAC enabled with leaf functions support, and BTI enabled). - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI 4 - - /** - * @brief PACBTI Security Feature with only BTI enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_BTI 5 - -#endif /* portPROCESSOR_VARIANT == 85 */ -/*-----------------------------------------------------------*/ - /* *INDENT-OFF* */ #ifdef __cplusplus } diff --git a/portable/GCC/ARM_CM35P/non_secure/port.c b/portable/GCC/ARM_CM35P/non_secure/port.c index 58b2b835d..dfdbbcb1b 100644 --- a/portable/GCC/ARM_CM35P/non_secure/port.c +++ b/portable/GCC/ARM_CM35P/non_secure/port.c @@ -378,11 +378,18 @@ typedef void ( * portISR_t )( void ); #define portNO_SECURE_CONTEXT 0 /** - * @brief Constant required to check PACBTI security feature implementation. + * @brief Constants required to check and configure PACBTI security feature implementation. */ -#if (portPROCESSOR_VARIANT == 85) +#if ( portHAS_PACBTI_FEATURE == 1 ) + #define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) ) -#endif /* portPROCESSOR_VARIANT == 85 */ + + #define portCONTROL_UPAC_EN ( 1UL << 7UL ) + #define portCONTROL_PAC_EN ( 1UL << 6UL ) + #define portCONTROL_UBTI_EN ( 1UL << 5UL ) + #define portCONTROL_BTI_EN ( 1UL << 4UL ) + +#endif /* portHAS_PACBTI_FEATURE */ /*-----------------------------------------------------------*/ /** @@ -420,22 +427,25 @@ static void prvTaskExitError( void ); static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; #endif /* configENABLE_FPU */ -#if (portPROCESSOR_VARIANT == 85) +#if ( portHAS_PACBTI_FEATURE == 1 ) /** - * @brief Checks the pointer authentication, and branch target identification security feature - * configuration based on the selected option using the FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG CMake variable, - * returns the value of the special purpose control register accordingly, and optionally updates - * the Control register value. Currently, only Cortex-M85 (ARMv8.1-M architecture based) - * target supports PACBTI security feature. + * @brief Configures PACBTI features. + * + * This functions configrues the Pointer Authentication, and Branch Target + * Identification security features as per the user configuration. It returns + * the value of the special purpose CONTROL register accordingly, and optionally + * updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M + * architecture based) target supports PACBTI security feature. * - * @param xWriteControlRegister used to control whether the special purpose Control register - * should be updated or not. + * @param xWriteControlRegister Used to control whether the special purpose + * CONTROL register should be updated or not. * - * @return Control register value according to the configured PACBTI option. + * @return CONTROL register value according to the configured PACBTI option. */ - static uint32_t prvCheckAndConfigPacBti ( BaseType_t xWriteControlRegister ); -#endif /* portPROCESSOR_VARIANT == 85 */ + static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister ); + +#endif /* portHAS_PACBTI_FEATURE */ /** * @brief Setup the timer to generate the tick interrupts. @@ -1484,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */ { uint32_t ulIndex = 0; + uint32_t ulControl = 0x0; xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */ ulIndex++; @@ -1530,13 +1541,14 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */ ulIndex++; - uint32_t ulControl = 0x0; - #if (portPROCESSOR_VARIANT == 85) + #if ( portHAS_PACBTI_FEATURE == 1 ) { - /* Check PACBTI security feature configuration before pushing the control register's value on task's TCB. */ - ulControl = prvCheckAndConfigPacBti(pdFALSE); + /* Check PACBTI security feature configuration before pushing the + * CONTROL register's value on task's TCB. */ + ulControl = prvConfigurePACBTI( pdFALSE ); } - #endif /* portPROCESSOR_VARIANT == 85 */ + #endif /* portHAS_PACBTI_FEATURE */ + if( xRunPrivileged == pdTRUE ) { xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG; @@ -1774,12 +1786,13 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */ portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR2_REG = 0; - #if (portPROCESSOR_VARIANT == 85) + #if ( portHAS_PACBTI_FEATURE == 1 ) { - /* Set the Control register value based on PACBTI security feature configuration before starting the first task. */ - ( void) prvCheckAndConfigPacBti(pdTRUE); + /* Set the CONTROL register value based on PACBTI security feature + * configuration before starting the first task. */ + ( void) prvConfigurePACBTI( pdTRUE ); } - #endif /* portPROCESSOR_VARIANT == 85 */ + #endif /* portHAS_PACBTI_FEATURE */ #if ( configENABLE_MPU == 1 ) { @@ -2200,43 +2213,41 @@ BaseType_t xPortIsInsideInterrupt( void ) #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ /*-----------------------------------------------------------*/ -#if (portPROCESSOR_VARIANT == 85) - static uint32_t prvCheckAndConfigPacBti ( BaseType_t xWriteControlRegister ) +#if ( portHAS_PACBTI_FEATURE == 1 ) + + static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister ) { - #if defined ( portARM_V_8_1_M_PACBTI_CONFIG ) - uint32_t ulIdIsar5 = portID_ISAR5_REG; - configASSERT(ulIdIsar5 != 0x0); + uint32_t ulControl = 0x0; - /* Enable UsageFault exception if the selected configuration is not portARM_V_8_1_M_PACBTI_CONFIG_NONE */ - #if ( portARM_V_8_1_M_PACBTI_CONFIG != portARM_V_8_1_M_PACBTI_CONFIG_NONE ) - portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; - #endif + /* Ensure that PACBTI is implemented. */ + configASSERT( portID_ISAR5_REG != 0x0 ); - uint32_t ulControl = 0x0; - #if ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_STANDARD ) || \ - ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI ) ) - /* Set UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits to one */ - ulControl = 0xF0; - #elif ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET ) || \ - ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF ) ) - /* Set UPAC_EN, and PAC_EN control bits to one */ - ulControl = 0xC0; - #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_BTI ) - /* Set UBTI_EN, and BTI_EN control bits to one */ - ulControl = 0x30; - #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_NONE ) - /* Clear UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ - ulControl = 0x00; - #else - #error "Invalid portARM_V_8_1_M_PACBTI_CONFIG option chosen" - #endif - if ( xWriteControlRegister == pdTRUE ) - { - __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); - } + /* Enable UsageFault exception if PAC or BTI is enabled. */ + #if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) ) + { + portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; + } + #endif + + #if( configENABLE_PAC == 1 ) + { + ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN ); + } + #endif - return ulControl; + #if( configENABLE_BTI == 1 ) + { + ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN ); + } #endif + + if( xWriteControlRegister == pdTRUE ) + { + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + } + + return ulControl; } -#endif /* portPROCESSOR_VARIANT == 85 */ + +#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */ /*-----------------------------------------------------------*/ diff --git a/portable/GCC/ARM_CM35P/non_secure/portasm.c b/portable/GCC/ARM_CM35P/non_secure/portasm.c index aa9379fdf..1f64cca73 100644 --- a/portable/GCC/ARM_CM35P/non_secure/portasm.c +++ b/portable/GCC/ARM_CM35P/non_secure/portasm.c @@ -134,8 +134,9 @@ " ldr r4, =xSecureContext \n" " str r1, [r4] \n" /* Set xSecureContext to this task's value for the same. */ " msr psplim, r2 \n" /* Set this task's PSPLIM value. */ - " movs r1, #2 \n" /* r1 = 2. */ - " msr CONTROL, r1 \n" /* Switch to use PSP in the thread mode. */ + " mrs r1, control \n" /* Obtain current control register value. */ + " orrs r1, r1, #2 \n" /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointer (PSP). */ + " msr control, r1 \n" /* Write back the new control register value. */ " adds r0, #32 \n" /* Discard everything up to r0. */ " msr psp, r0 \n" /* This is now the new top of stack to use in the task. */ " isb \n" diff --git a/portable/GCC/ARM_CM35P/non_secure/portmacro.h b/portable/GCC/ARM_CM35P/non_secure/portmacro.h index 3c1387f1d..82b84f92a 100644 --- a/portable/GCC/ARM_CM35P/non_secure/portmacro.h +++ b/portable/GCC/ARM_CM35P/non_secure/portmacro.h @@ -50,10 +50,10 @@ /** * Architecture specifics. */ -#define portPROCESSOR_VARIANT 35 #define portARCH_NAME "Cortex-M35P" #define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portARMV8M_MINOR_VERSION 0 +#define portHAS_PACBTI_FEATURE 0 #define portDONT_DISCARD __attribute__( ( used ) ) /*-----------------------------------------------------------*/ diff --git a/portable/GCC/ARM_CM35P/non_secure/portmacrocommon.h b/portable/GCC/ARM_CM35P/non_secure/portmacrocommon.h index aa2d78811..a2d22b769 100644 --- a/portable/GCC/ARM_CM35P/non_secure/portmacrocommon.h +++ b/portable/GCC/ARM_CM35P/non_secure/portmacrocommon.h @@ -59,6 +59,17 @@ #error configENABLE_TRUSTZONE must be defined in FreeRTOSConfig.h. Set configENABLE_TRUSTZONE to 1 to enable TrustZone or 0 to disable TrustZone. #endif /* configENABLE_TRUSTZONE */ +#if ( portHAS_PACBTI_FEATURE == 1 ) + + #ifndef configENABLE_PAC + #error configENABLE_PAC must be defined in FreeRTOSConfig.h. Set configENABLE_PAC to 1 to enable the PAC or 0 to disable the PAC. + #endif + + #ifndef configENABLE_BTI + #error configENABLE_BTI must be defined in FreeRTOSConfig.h. Set configENABLE_BTI to 1 to enable the BTI or 0 to disable the BTI. + #endif + +#endif /* portHAS_PACBTI_FEATURE */ /*-----------------------------------------------------------*/ /** @@ -509,44 +520,6 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P #endif /* configUSE_PORT_OPTIMISED_TASK_SELECTION */ /*-----------------------------------------------------------*/ -#if (portPROCESSOR_VARIANT == 85) - - /** - * @brief PACBTI Security Feature Disabled - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_NONE 0 - - /** - * @brief PACBTI Security Feature Standard Configuration - * (PAC enabled without leaf functions support, and BTI enabled ). - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_STANDARD 1 - - /** - * @brief PACBTI Security Feature with only PAC enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET 2 - - /** - * @brief PACBTI Security Feature with PAC - * and PAC for leaf functions support enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF 3 - - /** - * @brief PACBTI Security Feature Standard + Leaf Configuration - * (PAC enabled with leaf functions support, and BTI enabled). - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI 4 - - /** - * @brief PACBTI Security Feature with only BTI enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_BTI 5 - -#endif /* portPROCESSOR_VARIANT == 85 */ -/*-----------------------------------------------------------*/ - /* *INDENT-OFF* */ #ifdef __cplusplus } diff --git a/portable/GCC/ARM_CM35P_NTZ/non_secure/port.c b/portable/GCC/ARM_CM35P_NTZ/non_secure/port.c index 58b2b835d..dfdbbcb1b 100644 --- a/portable/GCC/ARM_CM35P_NTZ/non_secure/port.c +++ b/portable/GCC/ARM_CM35P_NTZ/non_secure/port.c @@ -378,11 +378,18 @@ typedef void ( * portISR_t )( void ); #define portNO_SECURE_CONTEXT 0 /** - * @brief Constant required to check PACBTI security feature implementation. + * @brief Constants required to check and configure PACBTI security feature implementation. */ -#if (portPROCESSOR_VARIANT == 85) +#if ( portHAS_PACBTI_FEATURE == 1 ) + #define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) ) -#endif /* portPROCESSOR_VARIANT == 85 */ + + #define portCONTROL_UPAC_EN ( 1UL << 7UL ) + #define portCONTROL_PAC_EN ( 1UL << 6UL ) + #define portCONTROL_UBTI_EN ( 1UL << 5UL ) + #define portCONTROL_BTI_EN ( 1UL << 4UL ) + +#endif /* portHAS_PACBTI_FEATURE */ /*-----------------------------------------------------------*/ /** @@ -420,22 +427,25 @@ static void prvTaskExitError( void ); static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; #endif /* configENABLE_FPU */ -#if (portPROCESSOR_VARIANT == 85) +#if ( portHAS_PACBTI_FEATURE == 1 ) /** - * @brief Checks the pointer authentication, and branch target identification security feature - * configuration based on the selected option using the FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG CMake variable, - * returns the value of the special purpose control register accordingly, and optionally updates - * the Control register value. Currently, only Cortex-M85 (ARMv8.1-M architecture based) - * target supports PACBTI security feature. + * @brief Configures PACBTI features. + * + * This functions configrues the Pointer Authentication, and Branch Target + * Identification security features as per the user configuration. It returns + * the value of the special purpose CONTROL register accordingly, and optionally + * updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M + * architecture based) target supports PACBTI security feature. * - * @param xWriteControlRegister used to control whether the special purpose Control register - * should be updated or not. + * @param xWriteControlRegister Used to control whether the special purpose + * CONTROL register should be updated or not. * - * @return Control register value according to the configured PACBTI option. + * @return CONTROL register value according to the configured PACBTI option. */ - static uint32_t prvCheckAndConfigPacBti ( BaseType_t xWriteControlRegister ); -#endif /* portPROCESSOR_VARIANT == 85 */ + static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister ); + +#endif /* portHAS_PACBTI_FEATURE */ /** * @brief Setup the timer to generate the tick interrupts. @@ -1484,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */ { uint32_t ulIndex = 0; + uint32_t ulControl = 0x0; xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */ ulIndex++; @@ -1530,13 +1541,14 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */ ulIndex++; - uint32_t ulControl = 0x0; - #if (portPROCESSOR_VARIANT == 85) + #if ( portHAS_PACBTI_FEATURE == 1 ) { - /* Check PACBTI security feature configuration before pushing the control register's value on task's TCB. */ - ulControl = prvCheckAndConfigPacBti(pdFALSE); + /* Check PACBTI security feature configuration before pushing the + * CONTROL register's value on task's TCB. */ + ulControl = prvConfigurePACBTI( pdFALSE ); } - #endif /* portPROCESSOR_VARIANT == 85 */ + #endif /* portHAS_PACBTI_FEATURE */ + if( xRunPrivileged == pdTRUE ) { xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG; @@ -1774,12 +1786,13 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */ portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR2_REG = 0; - #if (portPROCESSOR_VARIANT == 85) + #if ( portHAS_PACBTI_FEATURE == 1 ) { - /* Set the Control register value based on PACBTI security feature configuration before starting the first task. */ - ( void) prvCheckAndConfigPacBti(pdTRUE); + /* Set the CONTROL register value based on PACBTI security feature + * configuration before starting the first task. */ + ( void) prvConfigurePACBTI( pdTRUE ); } - #endif /* portPROCESSOR_VARIANT == 85 */ + #endif /* portHAS_PACBTI_FEATURE */ #if ( configENABLE_MPU == 1 ) { @@ -2200,43 +2213,41 @@ BaseType_t xPortIsInsideInterrupt( void ) #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ /*-----------------------------------------------------------*/ -#if (portPROCESSOR_VARIANT == 85) - static uint32_t prvCheckAndConfigPacBti ( BaseType_t xWriteControlRegister ) +#if ( portHAS_PACBTI_FEATURE == 1 ) + + static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister ) { - #if defined ( portARM_V_8_1_M_PACBTI_CONFIG ) - uint32_t ulIdIsar5 = portID_ISAR5_REG; - configASSERT(ulIdIsar5 != 0x0); + uint32_t ulControl = 0x0; - /* Enable UsageFault exception if the selected configuration is not portARM_V_8_1_M_PACBTI_CONFIG_NONE */ - #if ( portARM_V_8_1_M_PACBTI_CONFIG != portARM_V_8_1_M_PACBTI_CONFIG_NONE ) - portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; - #endif + /* Ensure that PACBTI is implemented. */ + configASSERT( portID_ISAR5_REG != 0x0 ); - uint32_t ulControl = 0x0; - #if ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_STANDARD ) || \ - ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI ) ) - /* Set UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits to one */ - ulControl = 0xF0; - #elif ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET ) || \ - ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF ) ) - /* Set UPAC_EN, and PAC_EN control bits to one */ - ulControl = 0xC0; - #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_BTI ) - /* Set UBTI_EN, and BTI_EN control bits to one */ - ulControl = 0x30; - #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_NONE ) - /* Clear UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ - ulControl = 0x00; - #else - #error "Invalid portARM_V_8_1_M_PACBTI_CONFIG option chosen" - #endif - if ( xWriteControlRegister == pdTRUE ) - { - __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); - } + /* Enable UsageFault exception if PAC or BTI is enabled. */ + #if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) ) + { + portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; + } + #endif + + #if( configENABLE_PAC == 1 ) + { + ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN ); + } + #endif - return ulControl; + #if( configENABLE_BTI == 1 ) + { + ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN ); + } #endif + + if( xWriteControlRegister == pdTRUE ) + { + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + } + + return ulControl; } -#endif /* portPROCESSOR_VARIANT == 85 */ + +#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */ /*-----------------------------------------------------------*/ diff --git a/portable/GCC/ARM_CM35P_NTZ/non_secure/portasm.c b/portable/GCC/ARM_CM35P_NTZ/non_secure/portasm.c index dd755e462..47996cd9e 100644 --- a/portable/GCC/ARM_CM35P_NTZ/non_secure/portasm.c +++ b/portable/GCC/ARM_CM35P_NTZ/non_secure/portasm.c @@ -133,7 +133,7 @@ " ldm r0!, {r1-r2} \n" /* Read from stack - r1 = PSPLIM and r2 = EXC_RETURN. */ " msr psplim, r1 \n" /* Set this task's PSPLIM value. */ " mrs r1, control \n" /* Obtain current control register value. */ - " orrs r1, r1, #2 \n" /* r1 = r1 | 0x2 - Setting the second bit to use the program stack pointer (PSP). */ + " orrs r1, r1, #2 \n" /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointer (PSP). */ " msr control, r1 \n" /* Write back the new control register value. */ " adds r0, #32 \n" /* Discard everything up to r0. */ " msr psp, r0 \n" /* This is now the new top of stack to use in the task. */ diff --git a/portable/GCC/ARM_CM35P_NTZ/non_secure/portmacro.h b/portable/GCC/ARM_CM35P_NTZ/non_secure/portmacro.h index 3c1387f1d..82b84f92a 100644 --- a/portable/GCC/ARM_CM35P_NTZ/non_secure/portmacro.h +++ b/portable/GCC/ARM_CM35P_NTZ/non_secure/portmacro.h @@ -50,10 +50,10 @@ /** * Architecture specifics. */ -#define portPROCESSOR_VARIANT 35 #define portARCH_NAME "Cortex-M35P" #define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portARMV8M_MINOR_VERSION 0 +#define portHAS_PACBTI_FEATURE 0 #define portDONT_DISCARD __attribute__( ( used ) ) /*-----------------------------------------------------------*/ diff --git a/portable/GCC/ARM_CM35P_NTZ/non_secure/portmacrocommon.h b/portable/GCC/ARM_CM35P_NTZ/non_secure/portmacrocommon.h index aa2d78811..a2d22b769 100644 --- a/portable/GCC/ARM_CM35P_NTZ/non_secure/portmacrocommon.h +++ b/portable/GCC/ARM_CM35P_NTZ/non_secure/portmacrocommon.h @@ -59,6 +59,17 @@ #error configENABLE_TRUSTZONE must be defined in FreeRTOSConfig.h. Set configENABLE_TRUSTZONE to 1 to enable TrustZone or 0 to disable TrustZone. #endif /* configENABLE_TRUSTZONE */ +#if ( portHAS_PACBTI_FEATURE == 1 ) + + #ifndef configENABLE_PAC + #error configENABLE_PAC must be defined in FreeRTOSConfig.h. Set configENABLE_PAC to 1 to enable the PAC or 0 to disable the PAC. + #endif + + #ifndef configENABLE_BTI + #error configENABLE_BTI must be defined in FreeRTOSConfig.h. Set configENABLE_BTI to 1 to enable the BTI or 0 to disable the BTI. + #endif + +#endif /* portHAS_PACBTI_FEATURE */ /*-----------------------------------------------------------*/ /** @@ -509,44 +520,6 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P #endif /* configUSE_PORT_OPTIMISED_TASK_SELECTION */ /*-----------------------------------------------------------*/ -#if (portPROCESSOR_VARIANT == 85) - - /** - * @brief PACBTI Security Feature Disabled - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_NONE 0 - - /** - * @brief PACBTI Security Feature Standard Configuration - * (PAC enabled without leaf functions support, and BTI enabled ). - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_STANDARD 1 - - /** - * @brief PACBTI Security Feature with only PAC enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET 2 - - /** - * @brief PACBTI Security Feature with PAC - * and PAC for leaf functions support enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF 3 - - /** - * @brief PACBTI Security Feature Standard + Leaf Configuration - * (PAC enabled with leaf functions support, and BTI enabled). - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI 4 - - /** - * @brief PACBTI Security Feature with only BTI enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_BTI 5 - -#endif /* portPROCESSOR_VARIANT == 85 */ -/*-----------------------------------------------------------*/ - /* *INDENT-OFF* */ #ifdef __cplusplus } diff --git a/portable/GCC/ARM_CM55/non_secure/port.c b/portable/GCC/ARM_CM55/non_secure/port.c index 58b2b835d..dfdbbcb1b 100644 --- a/portable/GCC/ARM_CM55/non_secure/port.c +++ b/portable/GCC/ARM_CM55/non_secure/port.c @@ -378,11 +378,18 @@ typedef void ( * portISR_t )( void ); #define portNO_SECURE_CONTEXT 0 /** - * @brief Constant required to check PACBTI security feature implementation. + * @brief Constants required to check and configure PACBTI security feature implementation. */ -#if (portPROCESSOR_VARIANT == 85) +#if ( portHAS_PACBTI_FEATURE == 1 ) + #define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) ) -#endif /* portPROCESSOR_VARIANT == 85 */ + + #define portCONTROL_UPAC_EN ( 1UL << 7UL ) + #define portCONTROL_PAC_EN ( 1UL << 6UL ) + #define portCONTROL_UBTI_EN ( 1UL << 5UL ) + #define portCONTROL_BTI_EN ( 1UL << 4UL ) + +#endif /* portHAS_PACBTI_FEATURE */ /*-----------------------------------------------------------*/ /** @@ -420,22 +427,25 @@ static void prvTaskExitError( void ); static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; #endif /* configENABLE_FPU */ -#if (portPROCESSOR_VARIANT == 85) +#if ( portHAS_PACBTI_FEATURE == 1 ) /** - * @brief Checks the pointer authentication, and branch target identification security feature - * configuration based on the selected option using the FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG CMake variable, - * returns the value of the special purpose control register accordingly, and optionally updates - * the Control register value. Currently, only Cortex-M85 (ARMv8.1-M architecture based) - * target supports PACBTI security feature. + * @brief Configures PACBTI features. + * + * This functions configrues the Pointer Authentication, and Branch Target + * Identification security features as per the user configuration. It returns + * the value of the special purpose CONTROL register accordingly, and optionally + * updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M + * architecture based) target supports PACBTI security feature. * - * @param xWriteControlRegister used to control whether the special purpose Control register - * should be updated or not. + * @param xWriteControlRegister Used to control whether the special purpose + * CONTROL register should be updated or not. * - * @return Control register value according to the configured PACBTI option. + * @return CONTROL register value according to the configured PACBTI option. */ - static uint32_t prvCheckAndConfigPacBti ( BaseType_t xWriteControlRegister ); -#endif /* portPROCESSOR_VARIANT == 85 */ + static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister ); + +#endif /* portHAS_PACBTI_FEATURE */ /** * @brief Setup the timer to generate the tick interrupts. @@ -1484,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */ { uint32_t ulIndex = 0; + uint32_t ulControl = 0x0; xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */ ulIndex++; @@ -1530,13 +1541,14 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */ ulIndex++; - uint32_t ulControl = 0x0; - #if (portPROCESSOR_VARIANT == 85) + #if ( portHAS_PACBTI_FEATURE == 1 ) { - /* Check PACBTI security feature configuration before pushing the control register's value on task's TCB. */ - ulControl = prvCheckAndConfigPacBti(pdFALSE); + /* Check PACBTI security feature configuration before pushing the + * CONTROL register's value on task's TCB. */ + ulControl = prvConfigurePACBTI( pdFALSE ); } - #endif /* portPROCESSOR_VARIANT == 85 */ + #endif /* portHAS_PACBTI_FEATURE */ + if( xRunPrivileged == pdTRUE ) { xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG; @@ -1774,12 +1786,13 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */ portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR2_REG = 0; - #if (portPROCESSOR_VARIANT == 85) + #if ( portHAS_PACBTI_FEATURE == 1 ) { - /* Set the Control register value based on PACBTI security feature configuration before starting the first task. */ - ( void) prvCheckAndConfigPacBti(pdTRUE); + /* Set the CONTROL register value based on PACBTI security feature + * configuration before starting the first task. */ + ( void) prvConfigurePACBTI( pdTRUE ); } - #endif /* portPROCESSOR_VARIANT == 85 */ + #endif /* portHAS_PACBTI_FEATURE */ #if ( configENABLE_MPU == 1 ) { @@ -2200,43 +2213,41 @@ BaseType_t xPortIsInsideInterrupt( void ) #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ /*-----------------------------------------------------------*/ -#if (portPROCESSOR_VARIANT == 85) - static uint32_t prvCheckAndConfigPacBti ( BaseType_t xWriteControlRegister ) +#if ( portHAS_PACBTI_FEATURE == 1 ) + + static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister ) { - #if defined ( portARM_V_8_1_M_PACBTI_CONFIG ) - uint32_t ulIdIsar5 = portID_ISAR5_REG; - configASSERT(ulIdIsar5 != 0x0); + uint32_t ulControl = 0x0; - /* Enable UsageFault exception if the selected configuration is not portARM_V_8_1_M_PACBTI_CONFIG_NONE */ - #if ( portARM_V_8_1_M_PACBTI_CONFIG != portARM_V_8_1_M_PACBTI_CONFIG_NONE ) - portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; - #endif + /* Ensure that PACBTI is implemented. */ + configASSERT( portID_ISAR5_REG != 0x0 ); - uint32_t ulControl = 0x0; - #if ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_STANDARD ) || \ - ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI ) ) - /* Set UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits to one */ - ulControl = 0xF0; - #elif ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET ) || \ - ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF ) ) - /* Set UPAC_EN, and PAC_EN control bits to one */ - ulControl = 0xC0; - #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_BTI ) - /* Set UBTI_EN, and BTI_EN control bits to one */ - ulControl = 0x30; - #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_NONE ) - /* Clear UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ - ulControl = 0x00; - #else - #error "Invalid portARM_V_8_1_M_PACBTI_CONFIG option chosen" - #endif - if ( xWriteControlRegister == pdTRUE ) - { - __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); - } + /* Enable UsageFault exception if PAC or BTI is enabled. */ + #if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) ) + { + portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; + } + #endif + + #if( configENABLE_PAC == 1 ) + { + ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN ); + } + #endif - return ulControl; + #if( configENABLE_BTI == 1 ) + { + ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN ); + } #endif + + if( xWriteControlRegister == pdTRUE ) + { + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + } + + return ulControl; } -#endif /* portPROCESSOR_VARIANT == 85 */ + +#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */ /*-----------------------------------------------------------*/ diff --git a/portable/GCC/ARM_CM55/non_secure/portasm.c b/portable/GCC/ARM_CM55/non_secure/portasm.c index aa9379fdf..1f64cca73 100644 --- a/portable/GCC/ARM_CM55/non_secure/portasm.c +++ b/portable/GCC/ARM_CM55/non_secure/portasm.c @@ -134,8 +134,9 @@ " ldr r4, =xSecureContext \n" " str r1, [r4] \n" /* Set xSecureContext to this task's value for the same. */ " msr psplim, r2 \n" /* Set this task's PSPLIM value. */ - " movs r1, #2 \n" /* r1 = 2. */ - " msr CONTROL, r1 \n" /* Switch to use PSP in the thread mode. */ + " mrs r1, control \n" /* Obtain current control register value. */ + " orrs r1, r1, #2 \n" /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointer (PSP). */ + " msr control, r1 \n" /* Write back the new control register value. */ " adds r0, #32 \n" /* Discard everything up to r0. */ " msr psp, r0 \n" /* This is now the new top of stack to use in the task. */ " isb \n" diff --git a/portable/GCC/ARM_CM55/non_secure/portmacro.h b/portable/GCC/ARM_CM55/non_secure/portmacro.h index 07f0e3070..369d6825f 100644 --- a/portable/GCC/ARM_CM55/non_secure/portmacro.h +++ b/portable/GCC/ARM_CM55/non_secure/portmacro.h @@ -55,10 +55,10 @@ /** * Architecture specifics. */ -#define portPROCESSOR_VARIANT 55 #define portARCH_NAME "Cortex-M55" #define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portARMV8M_MINOR_VERSION 1 +#define portHAS_PACBTI_FEATURE 0 #define portDONT_DISCARD __attribute__( ( used ) ) /*-----------------------------------------------------------*/ diff --git a/portable/GCC/ARM_CM55/non_secure/portmacrocommon.h b/portable/GCC/ARM_CM55/non_secure/portmacrocommon.h index aa2d78811..a2d22b769 100644 --- a/portable/GCC/ARM_CM55/non_secure/portmacrocommon.h +++ b/portable/GCC/ARM_CM55/non_secure/portmacrocommon.h @@ -59,6 +59,17 @@ #error configENABLE_TRUSTZONE must be defined in FreeRTOSConfig.h. Set configENABLE_TRUSTZONE to 1 to enable TrustZone or 0 to disable TrustZone. #endif /* configENABLE_TRUSTZONE */ +#if ( portHAS_PACBTI_FEATURE == 1 ) + + #ifndef configENABLE_PAC + #error configENABLE_PAC must be defined in FreeRTOSConfig.h. Set configENABLE_PAC to 1 to enable the PAC or 0 to disable the PAC. + #endif + + #ifndef configENABLE_BTI + #error configENABLE_BTI must be defined in FreeRTOSConfig.h. Set configENABLE_BTI to 1 to enable the BTI or 0 to disable the BTI. + #endif + +#endif /* portHAS_PACBTI_FEATURE */ /*-----------------------------------------------------------*/ /** @@ -509,44 +520,6 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P #endif /* configUSE_PORT_OPTIMISED_TASK_SELECTION */ /*-----------------------------------------------------------*/ -#if (portPROCESSOR_VARIANT == 85) - - /** - * @brief PACBTI Security Feature Disabled - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_NONE 0 - - /** - * @brief PACBTI Security Feature Standard Configuration - * (PAC enabled without leaf functions support, and BTI enabled ). - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_STANDARD 1 - - /** - * @brief PACBTI Security Feature with only PAC enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET 2 - - /** - * @brief PACBTI Security Feature with PAC - * and PAC for leaf functions support enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF 3 - - /** - * @brief PACBTI Security Feature Standard + Leaf Configuration - * (PAC enabled with leaf functions support, and BTI enabled). - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI 4 - - /** - * @brief PACBTI Security Feature with only BTI enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_BTI 5 - -#endif /* portPROCESSOR_VARIANT == 85 */ -/*-----------------------------------------------------------*/ - /* *INDENT-OFF* */ #ifdef __cplusplus } diff --git a/portable/GCC/ARM_CM55_NTZ/non_secure/port.c b/portable/GCC/ARM_CM55_NTZ/non_secure/port.c index 58b2b835d..dfdbbcb1b 100644 --- a/portable/GCC/ARM_CM55_NTZ/non_secure/port.c +++ b/portable/GCC/ARM_CM55_NTZ/non_secure/port.c @@ -378,11 +378,18 @@ typedef void ( * portISR_t )( void ); #define portNO_SECURE_CONTEXT 0 /** - * @brief Constant required to check PACBTI security feature implementation. + * @brief Constants required to check and configure PACBTI security feature implementation. */ -#if (portPROCESSOR_VARIANT == 85) +#if ( portHAS_PACBTI_FEATURE == 1 ) + #define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) ) -#endif /* portPROCESSOR_VARIANT == 85 */ + + #define portCONTROL_UPAC_EN ( 1UL << 7UL ) + #define portCONTROL_PAC_EN ( 1UL << 6UL ) + #define portCONTROL_UBTI_EN ( 1UL << 5UL ) + #define portCONTROL_BTI_EN ( 1UL << 4UL ) + +#endif /* portHAS_PACBTI_FEATURE */ /*-----------------------------------------------------------*/ /** @@ -420,22 +427,25 @@ static void prvTaskExitError( void ); static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; #endif /* configENABLE_FPU */ -#if (portPROCESSOR_VARIANT == 85) +#if ( portHAS_PACBTI_FEATURE == 1 ) /** - * @brief Checks the pointer authentication, and branch target identification security feature - * configuration based on the selected option using the FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG CMake variable, - * returns the value of the special purpose control register accordingly, and optionally updates - * the Control register value. Currently, only Cortex-M85 (ARMv8.1-M architecture based) - * target supports PACBTI security feature. + * @brief Configures PACBTI features. + * + * This functions configrues the Pointer Authentication, and Branch Target + * Identification security features as per the user configuration. It returns + * the value of the special purpose CONTROL register accordingly, and optionally + * updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M + * architecture based) target supports PACBTI security feature. * - * @param xWriteControlRegister used to control whether the special purpose Control register - * should be updated or not. + * @param xWriteControlRegister Used to control whether the special purpose + * CONTROL register should be updated or not. * - * @return Control register value according to the configured PACBTI option. + * @return CONTROL register value according to the configured PACBTI option. */ - static uint32_t prvCheckAndConfigPacBti ( BaseType_t xWriteControlRegister ); -#endif /* portPROCESSOR_VARIANT == 85 */ + static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister ); + +#endif /* portHAS_PACBTI_FEATURE */ /** * @brief Setup the timer to generate the tick interrupts. @@ -1484,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */ { uint32_t ulIndex = 0; + uint32_t ulControl = 0x0; xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */ ulIndex++; @@ -1530,13 +1541,14 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */ ulIndex++; - uint32_t ulControl = 0x0; - #if (portPROCESSOR_VARIANT == 85) + #if ( portHAS_PACBTI_FEATURE == 1 ) { - /* Check PACBTI security feature configuration before pushing the control register's value on task's TCB. */ - ulControl = prvCheckAndConfigPacBti(pdFALSE); + /* Check PACBTI security feature configuration before pushing the + * CONTROL register's value on task's TCB. */ + ulControl = prvConfigurePACBTI( pdFALSE ); } - #endif /* portPROCESSOR_VARIANT == 85 */ + #endif /* portHAS_PACBTI_FEATURE */ + if( xRunPrivileged == pdTRUE ) { xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG; @@ -1774,12 +1786,13 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */ portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR2_REG = 0; - #if (portPROCESSOR_VARIANT == 85) + #if ( portHAS_PACBTI_FEATURE == 1 ) { - /* Set the Control register value based on PACBTI security feature configuration before starting the first task. */ - ( void) prvCheckAndConfigPacBti(pdTRUE); + /* Set the CONTROL register value based on PACBTI security feature + * configuration before starting the first task. */ + ( void) prvConfigurePACBTI( pdTRUE ); } - #endif /* portPROCESSOR_VARIANT == 85 */ + #endif /* portHAS_PACBTI_FEATURE */ #if ( configENABLE_MPU == 1 ) { @@ -2200,43 +2213,41 @@ BaseType_t xPortIsInsideInterrupt( void ) #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ /*-----------------------------------------------------------*/ -#if (portPROCESSOR_VARIANT == 85) - static uint32_t prvCheckAndConfigPacBti ( BaseType_t xWriteControlRegister ) +#if ( portHAS_PACBTI_FEATURE == 1 ) + + static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister ) { - #if defined ( portARM_V_8_1_M_PACBTI_CONFIG ) - uint32_t ulIdIsar5 = portID_ISAR5_REG; - configASSERT(ulIdIsar5 != 0x0); + uint32_t ulControl = 0x0; - /* Enable UsageFault exception if the selected configuration is not portARM_V_8_1_M_PACBTI_CONFIG_NONE */ - #if ( portARM_V_8_1_M_PACBTI_CONFIG != portARM_V_8_1_M_PACBTI_CONFIG_NONE ) - portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; - #endif + /* Ensure that PACBTI is implemented. */ + configASSERT( portID_ISAR5_REG != 0x0 ); - uint32_t ulControl = 0x0; - #if ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_STANDARD ) || \ - ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI ) ) - /* Set UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits to one */ - ulControl = 0xF0; - #elif ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET ) || \ - ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF ) ) - /* Set UPAC_EN, and PAC_EN control bits to one */ - ulControl = 0xC0; - #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_BTI ) - /* Set UBTI_EN, and BTI_EN control bits to one */ - ulControl = 0x30; - #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_NONE ) - /* Clear UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ - ulControl = 0x00; - #else - #error "Invalid portARM_V_8_1_M_PACBTI_CONFIG option chosen" - #endif - if ( xWriteControlRegister == pdTRUE ) - { - __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); - } + /* Enable UsageFault exception if PAC or BTI is enabled. */ + #if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) ) + { + portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; + } + #endif + + #if( configENABLE_PAC == 1 ) + { + ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN ); + } + #endif - return ulControl; + #if( configENABLE_BTI == 1 ) + { + ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN ); + } #endif + + if( xWriteControlRegister == pdTRUE ) + { + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + } + + return ulControl; } -#endif /* portPROCESSOR_VARIANT == 85 */ + +#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */ /*-----------------------------------------------------------*/ diff --git a/portable/GCC/ARM_CM55_NTZ/non_secure/portasm.c b/portable/GCC/ARM_CM55_NTZ/non_secure/portasm.c index dd755e462..47996cd9e 100644 --- a/portable/GCC/ARM_CM55_NTZ/non_secure/portasm.c +++ b/portable/GCC/ARM_CM55_NTZ/non_secure/portasm.c @@ -133,7 +133,7 @@ " ldm r0!, {r1-r2} \n" /* Read from stack - r1 = PSPLIM and r2 = EXC_RETURN. */ " msr psplim, r1 \n" /* Set this task's PSPLIM value. */ " mrs r1, control \n" /* Obtain current control register value. */ - " orrs r1, r1, #2 \n" /* r1 = r1 | 0x2 - Setting the second bit to use the program stack pointer (PSP). */ + " orrs r1, r1, #2 \n" /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointer (PSP). */ " msr control, r1 \n" /* Write back the new control register value. */ " adds r0, #32 \n" /* Discard everything up to r0. */ " msr psp, r0 \n" /* This is now the new top of stack to use in the task. */ diff --git a/portable/GCC/ARM_CM55_NTZ/non_secure/portmacro.h b/portable/GCC/ARM_CM55_NTZ/non_secure/portmacro.h index 07f0e3070..369d6825f 100644 --- a/portable/GCC/ARM_CM55_NTZ/non_secure/portmacro.h +++ b/portable/GCC/ARM_CM55_NTZ/non_secure/portmacro.h @@ -55,10 +55,10 @@ /** * Architecture specifics. */ -#define portPROCESSOR_VARIANT 55 #define portARCH_NAME "Cortex-M55" #define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portARMV8M_MINOR_VERSION 1 +#define portHAS_PACBTI_FEATURE 0 #define portDONT_DISCARD __attribute__( ( used ) ) /*-----------------------------------------------------------*/ diff --git a/portable/GCC/ARM_CM55_NTZ/non_secure/portmacrocommon.h b/portable/GCC/ARM_CM55_NTZ/non_secure/portmacrocommon.h index aa2d78811..a2d22b769 100644 --- a/portable/GCC/ARM_CM55_NTZ/non_secure/portmacrocommon.h +++ b/portable/GCC/ARM_CM55_NTZ/non_secure/portmacrocommon.h @@ -59,6 +59,17 @@ #error configENABLE_TRUSTZONE must be defined in FreeRTOSConfig.h. Set configENABLE_TRUSTZONE to 1 to enable TrustZone or 0 to disable TrustZone. #endif /* configENABLE_TRUSTZONE */ +#if ( portHAS_PACBTI_FEATURE == 1 ) + + #ifndef configENABLE_PAC + #error configENABLE_PAC must be defined in FreeRTOSConfig.h. Set configENABLE_PAC to 1 to enable the PAC or 0 to disable the PAC. + #endif + + #ifndef configENABLE_BTI + #error configENABLE_BTI must be defined in FreeRTOSConfig.h. Set configENABLE_BTI to 1 to enable the BTI or 0 to disable the BTI. + #endif + +#endif /* portHAS_PACBTI_FEATURE */ /*-----------------------------------------------------------*/ /** @@ -509,44 +520,6 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P #endif /* configUSE_PORT_OPTIMISED_TASK_SELECTION */ /*-----------------------------------------------------------*/ -#if (portPROCESSOR_VARIANT == 85) - - /** - * @brief PACBTI Security Feature Disabled - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_NONE 0 - - /** - * @brief PACBTI Security Feature Standard Configuration - * (PAC enabled without leaf functions support, and BTI enabled ). - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_STANDARD 1 - - /** - * @brief PACBTI Security Feature with only PAC enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET 2 - - /** - * @brief PACBTI Security Feature with PAC - * and PAC for leaf functions support enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF 3 - - /** - * @brief PACBTI Security Feature Standard + Leaf Configuration - * (PAC enabled with leaf functions support, and BTI enabled). - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI 4 - - /** - * @brief PACBTI Security Feature with only BTI enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_BTI 5 - -#endif /* portPROCESSOR_VARIANT == 85 */ -/*-----------------------------------------------------------*/ - /* *INDENT-OFF* */ #ifdef __cplusplus } diff --git a/portable/GCC/ARM_CM85/non_secure/port.c b/portable/GCC/ARM_CM85/non_secure/port.c index 58b2b835d..dfdbbcb1b 100644 --- a/portable/GCC/ARM_CM85/non_secure/port.c +++ b/portable/GCC/ARM_CM85/non_secure/port.c @@ -378,11 +378,18 @@ typedef void ( * portISR_t )( void ); #define portNO_SECURE_CONTEXT 0 /** - * @brief Constant required to check PACBTI security feature implementation. + * @brief Constants required to check and configure PACBTI security feature implementation. */ -#if (portPROCESSOR_VARIANT == 85) +#if ( portHAS_PACBTI_FEATURE == 1 ) + #define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) ) -#endif /* portPROCESSOR_VARIANT == 85 */ + + #define portCONTROL_UPAC_EN ( 1UL << 7UL ) + #define portCONTROL_PAC_EN ( 1UL << 6UL ) + #define portCONTROL_UBTI_EN ( 1UL << 5UL ) + #define portCONTROL_BTI_EN ( 1UL << 4UL ) + +#endif /* portHAS_PACBTI_FEATURE */ /*-----------------------------------------------------------*/ /** @@ -420,22 +427,25 @@ static void prvTaskExitError( void ); static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; #endif /* configENABLE_FPU */ -#if (portPROCESSOR_VARIANT == 85) +#if ( portHAS_PACBTI_FEATURE == 1 ) /** - * @brief Checks the pointer authentication, and branch target identification security feature - * configuration based on the selected option using the FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG CMake variable, - * returns the value of the special purpose control register accordingly, and optionally updates - * the Control register value. Currently, only Cortex-M85 (ARMv8.1-M architecture based) - * target supports PACBTI security feature. + * @brief Configures PACBTI features. + * + * This functions configrues the Pointer Authentication, and Branch Target + * Identification security features as per the user configuration. It returns + * the value of the special purpose CONTROL register accordingly, and optionally + * updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M + * architecture based) target supports PACBTI security feature. * - * @param xWriteControlRegister used to control whether the special purpose Control register - * should be updated or not. + * @param xWriteControlRegister Used to control whether the special purpose + * CONTROL register should be updated or not. * - * @return Control register value according to the configured PACBTI option. + * @return CONTROL register value according to the configured PACBTI option. */ - static uint32_t prvCheckAndConfigPacBti ( BaseType_t xWriteControlRegister ); -#endif /* portPROCESSOR_VARIANT == 85 */ + static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister ); + +#endif /* portHAS_PACBTI_FEATURE */ /** * @brief Setup the timer to generate the tick interrupts. @@ -1484,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */ { uint32_t ulIndex = 0; + uint32_t ulControl = 0x0; xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */ ulIndex++; @@ -1530,13 +1541,14 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */ ulIndex++; - uint32_t ulControl = 0x0; - #if (portPROCESSOR_VARIANT == 85) + #if ( portHAS_PACBTI_FEATURE == 1 ) { - /* Check PACBTI security feature configuration before pushing the control register's value on task's TCB. */ - ulControl = prvCheckAndConfigPacBti(pdFALSE); + /* Check PACBTI security feature configuration before pushing the + * CONTROL register's value on task's TCB. */ + ulControl = prvConfigurePACBTI( pdFALSE ); } - #endif /* portPROCESSOR_VARIANT == 85 */ + #endif /* portHAS_PACBTI_FEATURE */ + if( xRunPrivileged == pdTRUE ) { xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG; @@ -1774,12 +1786,13 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */ portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR2_REG = 0; - #if (portPROCESSOR_VARIANT == 85) + #if ( portHAS_PACBTI_FEATURE == 1 ) { - /* Set the Control register value based on PACBTI security feature configuration before starting the first task. */ - ( void) prvCheckAndConfigPacBti(pdTRUE); + /* Set the CONTROL register value based on PACBTI security feature + * configuration before starting the first task. */ + ( void) prvConfigurePACBTI( pdTRUE ); } - #endif /* portPROCESSOR_VARIANT == 85 */ + #endif /* portHAS_PACBTI_FEATURE */ #if ( configENABLE_MPU == 1 ) { @@ -2200,43 +2213,41 @@ BaseType_t xPortIsInsideInterrupt( void ) #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ /*-----------------------------------------------------------*/ -#if (portPROCESSOR_VARIANT == 85) - static uint32_t prvCheckAndConfigPacBti ( BaseType_t xWriteControlRegister ) +#if ( portHAS_PACBTI_FEATURE == 1 ) + + static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister ) { - #if defined ( portARM_V_8_1_M_PACBTI_CONFIG ) - uint32_t ulIdIsar5 = portID_ISAR5_REG; - configASSERT(ulIdIsar5 != 0x0); + uint32_t ulControl = 0x0; - /* Enable UsageFault exception if the selected configuration is not portARM_V_8_1_M_PACBTI_CONFIG_NONE */ - #if ( portARM_V_8_1_M_PACBTI_CONFIG != portARM_V_8_1_M_PACBTI_CONFIG_NONE ) - portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; - #endif + /* Ensure that PACBTI is implemented. */ + configASSERT( portID_ISAR5_REG != 0x0 ); - uint32_t ulControl = 0x0; - #if ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_STANDARD ) || \ - ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI ) ) - /* Set UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits to one */ - ulControl = 0xF0; - #elif ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET ) || \ - ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF ) ) - /* Set UPAC_EN, and PAC_EN control bits to one */ - ulControl = 0xC0; - #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_BTI ) - /* Set UBTI_EN, and BTI_EN control bits to one */ - ulControl = 0x30; - #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_NONE ) - /* Clear UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ - ulControl = 0x00; - #else - #error "Invalid portARM_V_8_1_M_PACBTI_CONFIG option chosen" - #endif - if ( xWriteControlRegister == pdTRUE ) - { - __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); - } + /* Enable UsageFault exception if PAC or BTI is enabled. */ + #if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) ) + { + portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; + } + #endif + + #if( configENABLE_PAC == 1 ) + { + ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN ); + } + #endif - return ulControl; + #if( configENABLE_BTI == 1 ) + { + ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN ); + } #endif + + if( xWriteControlRegister == pdTRUE ) + { + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + } + + return ulControl; } -#endif /* portPROCESSOR_VARIANT == 85 */ + +#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */ /*-----------------------------------------------------------*/ diff --git a/portable/GCC/ARM_CM85/non_secure/portasm.c b/portable/GCC/ARM_CM85/non_secure/portasm.c index aa9379fdf..1f64cca73 100644 --- a/portable/GCC/ARM_CM85/non_secure/portasm.c +++ b/portable/GCC/ARM_CM85/non_secure/portasm.c @@ -134,8 +134,9 @@ " ldr r4, =xSecureContext \n" " str r1, [r4] \n" /* Set xSecureContext to this task's value for the same. */ " msr psplim, r2 \n" /* Set this task's PSPLIM value. */ - " movs r1, #2 \n" /* r1 = 2. */ - " msr CONTROL, r1 \n" /* Switch to use PSP in the thread mode. */ + " mrs r1, control \n" /* Obtain current control register value. */ + " orrs r1, r1, #2 \n" /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointer (PSP). */ + " msr control, r1 \n" /* Write back the new control register value. */ " adds r0, #32 \n" /* Discard everything up to r0. */ " msr psp, r0 \n" /* This is now the new top of stack to use in the task. */ " isb \n" diff --git a/portable/GCC/ARM_CM85/non_secure/portmacro.h b/portable/GCC/ARM_CM85/non_secure/portmacro.h index 2c7ec8d14..5067aa573 100644 --- a/portable/GCC/ARM_CM85/non_secure/portmacro.h +++ b/portable/GCC/ARM_CM85/non_secure/portmacro.h @@ -55,10 +55,10 @@ /** * Architecture specifics. */ -#define portPROCESSOR_VARIANT 85 #define portARCH_NAME "Cortex-M85" #define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portARMV8M_MINOR_VERSION 1 +#define portHAS_PACBTI_FEATURE 1 #define portDONT_DISCARD __attribute__( ( used ) ) /*-----------------------------------------------------------*/ diff --git a/portable/GCC/ARM_CM85/non_secure/portmacrocommon.h b/portable/GCC/ARM_CM85/non_secure/portmacrocommon.h index aa2d78811..a2d22b769 100644 --- a/portable/GCC/ARM_CM85/non_secure/portmacrocommon.h +++ b/portable/GCC/ARM_CM85/non_secure/portmacrocommon.h @@ -59,6 +59,17 @@ #error configENABLE_TRUSTZONE must be defined in FreeRTOSConfig.h. Set configENABLE_TRUSTZONE to 1 to enable TrustZone or 0 to disable TrustZone. #endif /* configENABLE_TRUSTZONE */ +#if ( portHAS_PACBTI_FEATURE == 1 ) + + #ifndef configENABLE_PAC + #error configENABLE_PAC must be defined in FreeRTOSConfig.h. Set configENABLE_PAC to 1 to enable the PAC or 0 to disable the PAC. + #endif + + #ifndef configENABLE_BTI + #error configENABLE_BTI must be defined in FreeRTOSConfig.h. Set configENABLE_BTI to 1 to enable the BTI or 0 to disable the BTI. + #endif + +#endif /* portHAS_PACBTI_FEATURE */ /*-----------------------------------------------------------*/ /** @@ -509,44 +520,6 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P #endif /* configUSE_PORT_OPTIMISED_TASK_SELECTION */ /*-----------------------------------------------------------*/ -#if (portPROCESSOR_VARIANT == 85) - - /** - * @brief PACBTI Security Feature Disabled - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_NONE 0 - - /** - * @brief PACBTI Security Feature Standard Configuration - * (PAC enabled without leaf functions support, and BTI enabled ). - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_STANDARD 1 - - /** - * @brief PACBTI Security Feature with only PAC enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET 2 - - /** - * @brief PACBTI Security Feature with PAC - * and PAC for leaf functions support enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF 3 - - /** - * @brief PACBTI Security Feature Standard + Leaf Configuration - * (PAC enabled with leaf functions support, and BTI enabled). - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI 4 - - /** - * @brief PACBTI Security Feature with only BTI enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_BTI 5 - -#endif /* portPROCESSOR_VARIANT == 85 */ -/*-----------------------------------------------------------*/ - /* *INDENT-OFF* */ #ifdef __cplusplus } diff --git a/portable/GCC/ARM_CM85_NTZ/non_secure/port.c b/portable/GCC/ARM_CM85_NTZ/non_secure/port.c index 58b2b835d..dfdbbcb1b 100644 --- a/portable/GCC/ARM_CM85_NTZ/non_secure/port.c +++ b/portable/GCC/ARM_CM85_NTZ/non_secure/port.c @@ -378,11 +378,18 @@ typedef void ( * portISR_t )( void ); #define portNO_SECURE_CONTEXT 0 /** - * @brief Constant required to check PACBTI security feature implementation. + * @brief Constants required to check and configure PACBTI security feature implementation. */ -#if (portPROCESSOR_VARIANT == 85) +#if ( portHAS_PACBTI_FEATURE == 1 ) + #define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) ) -#endif /* portPROCESSOR_VARIANT == 85 */ + + #define portCONTROL_UPAC_EN ( 1UL << 7UL ) + #define portCONTROL_PAC_EN ( 1UL << 6UL ) + #define portCONTROL_UBTI_EN ( 1UL << 5UL ) + #define portCONTROL_BTI_EN ( 1UL << 4UL ) + +#endif /* portHAS_PACBTI_FEATURE */ /*-----------------------------------------------------------*/ /** @@ -420,22 +427,25 @@ static void prvTaskExitError( void ); static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; #endif /* configENABLE_FPU */ -#if (portPROCESSOR_VARIANT == 85) +#if ( portHAS_PACBTI_FEATURE == 1 ) /** - * @brief Checks the pointer authentication, and branch target identification security feature - * configuration based on the selected option using the FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG CMake variable, - * returns the value of the special purpose control register accordingly, and optionally updates - * the Control register value. Currently, only Cortex-M85 (ARMv8.1-M architecture based) - * target supports PACBTI security feature. + * @brief Configures PACBTI features. + * + * This functions configrues the Pointer Authentication, and Branch Target + * Identification security features as per the user configuration. It returns + * the value of the special purpose CONTROL register accordingly, and optionally + * updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M + * architecture based) target supports PACBTI security feature. * - * @param xWriteControlRegister used to control whether the special purpose Control register - * should be updated or not. + * @param xWriteControlRegister Used to control whether the special purpose + * CONTROL register should be updated or not. * - * @return Control register value according to the configured PACBTI option. + * @return CONTROL register value according to the configured PACBTI option. */ - static uint32_t prvCheckAndConfigPacBti ( BaseType_t xWriteControlRegister ); -#endif /* portPROCESSOR_VARIANT == 85 */ + static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister ); + +#endif /* portHAS_PACBTI_FEATURE */ /** * @brief Setup the timer to generate the tick interrupts. @@ -1484,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */ { uint32_t ulIndex = 0; + uint32_t ulControl = 0x0; xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */ ulIndex++; @@ -1530,13 +1541,14 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */ ulIndex++; - uint32_t ulControl = 0x0; - #if (portPROCESSOR_VARIANT == 85) + #if ( portHAS_PACBTI_FEATURE == 1 ) { - /* Check PACBTI security feature configuration before pushing the control register's value on task's TCB. */ - ulControl = prvCheckAndConfigPacBti(pdFALSE); + /* Check PACBTI security feature configuration before pushing the + * CONTROL register's value on task's TCB. */ + ulControl = prvConfigurePACBTI( pdFALSE ); } - #endif /* portPROCESSOR_VARIANT == 85 */ + #endif /* portHAS_PACBTI_FEATURE */ + if( xRunPrivileged == pdTRUE ) { xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG; @@ -1774,12 +1786,13 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */ portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR2_REG = 0; - #if (portPROCESSOR_VARIANT == 85) + #if ( portHAS_PACBTI_FEATURE == 1 ) { - /* Set the Control register value based on PACBTI security feature configuration before starting the first task. */ - ( void) prvCheckAndConfigPacBti(pdTRUE); + /* Set the CONTROL register value based on PACBTI security feature + * configuration before starting the first task. */ + ( void) prvConfigurePACBTI( pdTRUE ); } - #endif /* portPROCESSOR_VARIANT == 85 */ + #endif /* portHAS_PACBTI_FEATURE */ #if ( configENABLE_MPU == 1 ) { @@ -2200,43 +2213,41 @@ BaseType_t xPortIsInsideInterrupt( void ) #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ /*-----------------------------------------------------------*/ -#if (portPROCESSOR_VARIANT == 85) - static uint32_t prvCheckAndConfigPacBti ( BaseType_t xWriteControlRegister ) +#if ( portHAS_PACBTI_FEATURE == 1 ) + + static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister ) { - #if defined ( portARM_V_8_1_M_PACBTI_CONFIG ) - uint32_t ulIdIsar5 = portID_ISAR5_REG; - configASSERT(ulIdIsar5 != 0x0); + uint32_t ulControl = 0x0; - /* Enable UsageFault exception if the selected configuration is not portARM_V_8_1_M_PACBTI_CONFIG_NONE */ - #if ( portARM_V_8_1_M_PACBTI_CONFIG != portARM_V_8_1_M_PACBTI_CONFIG_NONE ) - portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; - #endif + /* Ensure that PACBTI is implemented. */ + configASSERT( portID_ISAR5_REG != 0x0 ); - uint32_t ulControl = 0x0; - #if ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_STANDARD ) || \ - ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI ) ) - /* Set UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits to one */ - ulControl = 0xF0; - #elif ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET ) || \ - ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF ) ) - /* Set UPAC_EN, and PAC_EN control bits to one */ - ulControl = 0xC0; - #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_BTI ) - /* Set UBTI_EN, and BTI_EN control bits to one */ - ulControl = 0x30; - #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_NONE ) - /* Clear UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ - ulControl = 0x00; - #else - #error "Invalid portARM_V_8_1_M_PACBTI_CONFIG option chosen" - #endif - if ( xWriteControlRegister == pdTRUE ) - { - __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); - } + /* Enable UsageFault exception if PAC or BTI is enabled. */ + #if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) ) + { + portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; + } + #endif + + #if( configENABLE_PAC == 1 ) + { + ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN ); + } + #endif - return ulControl; + #if( configENABLE_BTI == 1 ) + { + ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN ); + } #endif + + if( xWriteControlRegister == pdTRUE ) + { + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + } + + return ulControl; } -#endif /* portPROCESSOR_VARIANT == 85 */ + +#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */ /*-----------------------------------------------------------*/ diff --git a/portable/GCC/ARM_CM85_NTZ/non_secure/portasm.c b/portable/GCC/ARM_CM85_NTZ/non_secure/portasm.c index dd755e462..47996cd9e 100644 --- a/portable/GCC/ARM_CM85_NTZ/non_secure/portasm.c +++ b/portable/GCC/ARM_CM85_NTZ/non_secure/portasm.c @@ -133,7 +133,7 @@ " ldm r0!, {r1-r2} \n" /* Read from stack - r1 = PSPLIM and r2 = EXC_RETURN. */ " msr psplim, r1 \n" /* Set this task's PSPLIM value. */ " mrs r1, control \n" /* Obtain current control register value. */ - " orrs r1, r1, #2 \n" /* r1 = r1 | 0x2 - Setting the second bit to use the program stack pointer (PSP). */ + " orrs r1, r1, #2 \n" /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointer (PSP). */ " msr control, r1 \n" /* Write back the new control register value. */ " adds r0, #32 \n" /* Discard everything up to r0. */ " msr psp, r0 \n" /* This is now the new top of stack to use in the task. */ diff --git a/portable/GCC/ARM_CM85_NTZ/non_secure/portmacro.h b/portable/GCC/ARM_CM85_NTZ/non_secure/portmacro.h index 2c7ec8d14..5067aa573 100644 --- a/portable/GCC/ARM_CM85_NTZ/non_secure/portmacro.h +++ b/portable/GCC/ARM_CM85_NTZ/non_secure/portmacro.h @@ -55,10 +55,10 @@ /** * Architecture specifics. */ -#define portPROCESSOR_VARIANT 85 #define portARCH_NAME "Cortex-M85" #define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portARMV8M_MINOR_VERSION 1 +#define portHAS_PACBTI_FEATURE 1 #define portDONT_DISCARD __attribute__( ( used ) ) /*-----------------------------------------------------------*/ diff --git a/portable/GCC/ARM_CM85_NTZ/non_secure/portmacrocommon.h b/portable/GCC/ARM_CM85_NTZ/non_secure/portmacrocommon.h index aa2d78811..a2d22b769 100644 --- a/portable/GCC/ARM_CM85_NTZ/non_secure/portmacrocommon.h +++ b/portable/GCC/ARM_CM85_NTZ/non_secure/portmacrocommon.h @@ -59,6 +59,17 @@ #error configENABLE_TRUSTZONE must be defined in FreeRTOSConfig.h. Set configENABLE_TRUSTZONE to 1 to enable TrustZone or 0 to disable TrustZone. #endif /* configENABLE_TRUSTZONE */ +#if ( portHAS_PACBTI_FEATURE == 1 ) + + #ifndef configENABLE_PAC + #error configENABLE_PAC must be defined in FreeRTOSConfig.h. Set configENABLE_PAC to 1 to enable the PAC or 0 to disable the PAC. + #endif + + #ifndef configENABLE_BTI + #error configENABLE_BTI must be defined in FreeRTOSConfig.h. Set configENABLE_BTI to 1 to enable the BTI or 0 to disable the BTI. + #endif + +#endif /* portHAS_PACBTI_FEATURE */ /*-----------------------------------------------------------*/ /** @@ -509,44 +520,6 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P #endif /* configUSE_PORT_OPTIMISED_TASK_SELECTION */ /*-----------------------------------------------------------*/ -#if (portPROCESSOR_VARIANT == 85) - - /** - * @brief PACBTI Security Feature Disabled - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_NONE 0 - - /** - * @brief PACBTI Security Feature Standard Configuration - * (PAC enabled without leaf functions support, and BTI enabled ). - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_STANDARD 1 - - /** - * @brief PACBTI Security Feature with only PAC enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET 2 - - /** - * @brief PACBTI Security Feature with PAC - * and PAC for leaf functions support enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF 3 - - /** - * @brief PACBTI Security Feature Standard + Leaf Configuration - * (PAC enabled with leaf functions support, and BTI enabled). - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI 4 - - /** - * @brief PACBTI Security Feature with only BTI enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_BTI 5 - -#endif /* portPROCESSOR_VARIANT == 85 */ -/*-----------------------------------------------------------*/ - /* *INDENT-OFF* */ #ifdef __cplusplus } diff --git a/portable/IAR/ARM_CM23/non_secure/port.c b/portable/IAR/ARM_CM23/non_secure/port.c index 58b2b835d..dfdbbcb1b 100644 --- a/portable/IAR/ARM_CM23/non_secure/port.c +++ b/portable/IAR/ARM_CM23/non_secure/port.c @@ -378,11 +378,18 @@ typedef void ( * portISR_t )( void ); #define portNO_SECURE_CONTEXT 0 /** - * @brief Constant required to check PACBTI security feature implementation. + * @brief Constants required to check and configure PACBTI security feature implementation. */ -#if (portPROCESSOR_VARIANT == 85) +#if ( portHAS_PACBTI_FEATURE == 1 ) + #define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) ) -#endif /* portPROCESSOR_VARIANT == 85 */ + + #define portCONTROL_UPAC_EN ( 1UL << 7UL ) + #define portCONTROL_PAC_EN ( 1UL << 6UL ) + #define portCONTROL_UBTI_EN ( 1UL << 5UL ) + #define portCONTROL_BTI_EN ( 1UL << 4UL ) + +#endif /* portHAS_PACBTI_FEATURE */ /*-----------------------------------------------------------*/ /** @@ -420,22 +427,25 @@ static void prvTaskExitError( void ); static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; #endif /* configENABLE_FPU */ -#if (portPROCESSOR_VARIANT == 85) +#if ( portHAS_PACBTI_FEATURE == 1 ) /** - * @brief Checks the pointer authentication, and branch target identification security feature - * configuration based on the selected option using the FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG CMake variable, - * returns the value of the special purpose control register accordingly, and optionally updates - * the Control register value. Currently, only Cortex-M85 (ARMv8.1-M architecture based) - * target supports PACBTI security feature. + * @brief Configures PACBTI features. + * + * This functions configrues the Pointer Authentication, and Branch Target + * Identification security features as per the user configuration. It returns + * the value of the special purpose CONTROL register accordingly, and optionally + * updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M + * architecture based) target supports PACBTI security feature. * - * @param xWriteControlRegister used to control whether the special purpose Control register - * should be updated or not. + * @param xWriteControlRegister Used to control whether the special purpose + * CONTROL register should be updated or not. * - * @return Control register value according to the configured PACBTI option. + * @return CONTROL register value according to the configured PACBTI option. */ - static uint32_t prvCheckAndConfigPacBti ( BaseType_t xWriteControlRegister ); -#endif /* portPROCESSOR_VARIANT == 85 */ + static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister ); + +#endif /* portHAS_PACBTI_FEATURE */ /** * @brief Setup the timer to generate the tick interrupts. @@ -1484,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */ { uint32_t ulIndex = 0; + uint32_t ulControl = 0x0; xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */ ulIndex++; @@ -1530,13 +1541,14 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */ ulIndex++; - uint32_t ulControl = 0x0; - #if (portPROCESSOR_VARIANT == 85) + #if ( portHAS_PACBTI_FEATURE == 1 ) { - /* Check PACBTI security feature configuration before pushing the control register's value on task's TCB. */ - ulControl = prvCheckAndConfigPacBti(pdFALSE); + /* Check PACBTI security feature configuration before pushing the + * CONTROL register's value on task's TCB. */ + ulControl = prvConfigurePACBTI( pdFALSE ); } - #endif /* portPROCESSOR_VARIANT == 85 */ + #endif /* portHAS_PACBTI_FEATURE */ + if( xRunPrivileged == pdTRUE ) { xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG; @@ -1774,12 +1786,13 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */ portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR2_REG = 0; - #if (portPROCESSOR_VARIANT == 85) + #if ( portHAS_PACBTI_FEATURE == 1 ) { - /* Set the Control register value based on PACBTI security feature configuration before starting the first task. */ - ( void) prvCheckAndConfigPacBti(pdTRUE); + /* Set the CONTROL register value based on PACBTI security feature + * configuration before starting the first task. */ + ( void) prvConfigurePACBTI( pdTRUE ); } - #endif /* portPROCESSOR_VARIANT == 85 */ + #endif /* portHAS_PACBTI_FEATURE */ #if ( configENABLE_MPU == 1 ) { @@ -2200,43 +2213,41 @@ BaseType_t xPortIsInsideInterrupt( void ) #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ /*-----------------------------------------------------------*/ -#if (portPROCESSOR_VARIANT == 85) - static uint32_t prvCheckAndConfigPacBti ( BaseType_t xWriteControlRegister ) +#if ( portHAS_PACBTI_FEATURE == 1 ) + + static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister ) { - #if defined ( portARM_V_8_1_M_PACBTI_CONFIG ) - uint32_t ulIdIsar5 = portID_ISAR5_REG; - configASSERT(ulIdIsar5 != 0x0); + uint32_t ulControl = 0x0; - /* Enable UsageFault exception if the selected configuration is not portARM_V_8_1_M_PACBTI_CONFIG_NONE */ - #if ( portARM_V_8_1_M_PACBTI_CONFIG != portARM_V_8_1_M_PACBTI_CONFIG_NONE ) - portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; - #endif + /* Ensure that PACBTI is implemented. */ + configASSERT( portID_ISAR5_REG != 0x0 ); - uint32_t ulControl = 0x0; - #if ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_STANDARD ) || \ - ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI ) ) - /* Set UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits to one */ - ulControl = 0xF0; - #elif ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET ) || \ - ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF ) ) - /* Set UPAC_EN, and PAC_EN control bits to one */ - ulControl = 0xC0; - #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_BTI ) - /* Set UBTI_EN, and BTI_EN control bits to one */ - ulControl = 0x30; - #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_NONE ) - /* Clear UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ - ulControl = 0x00; - #else - #error "Invalid portARM_V_8_1_M_PACBTI_CONFIG option chosen" - #endif - if ( xWriteControlRegister == pdTRUE ) - { - __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); - } + /* Enable UsageFault exception if PAC or BTI is enabled. */ + #if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) ) + { + portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; + } + #endif + + #if( configENABLE_PAC == 1 ) + { + ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN ); + } + #endif - return ulControl; + #if( configENABLE_BTI == 1 ) + { + ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN ); + } #endif + + if( xWriteControlRegister == pdTRUE ) + { + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + } + + return ulControl; } -#endif /* portPROCESSOR_VARIANT == 85 */ + +#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */ /*-----------------------------------------------------------*/ diff --git a/portable/IAR/ARM_CM23/non_secure/portmacro.h b/portable/IAR/ARM_CM23/non_secure/portmacro.h index 89e7b3e97..4940e345e 100644 --- a/portable/IAR/ARM_CM23/non_secure/portmacro.h +++ b/portable/IAR/ARM_CM23/non_secure/portmacro.h @@ -50,10 +50,10 @@ /** * Architecture specifics. */ -#define portPROCESSOR_VARIANT 23 #define portARCH_NAME "Cortex-M23" #define portHAS_ARMV8M_MAIN_EXTENSION 0 #define portARMV8M_MINOR_VERSION 0 +#define portHAS_PACBTI_FEATURE 0 #define portDONT_DISCARD __root /*-----------------------------------------------------------*/ diff --git a/portable/IAR/ARM_CM23/non_secure/portmacrocommon.h b/portable/IAR/ARM_CM23/non_secure/portmacrocommon.h index aa2d78811..a2d22b769 100644 --- a/portable/IAR/ARM_CM23/non_secure/portmacrocommon.h +++ b/portable/IAR/ARM_CM23/non_secure/portmacrocommon.h @@ -59,6 +59,17 @@ #error configENABLE_TRUSTZONE must be defined in FreeRTOSConfig.h. Set configENABLE_TRUSTZONE to 1 to enable TrustZone or 0 to disable TrustZone. #endif /* configENABLE_TRUSTZONE */ +#if ( portHAS_PACBTI_FEATURE == 1 ) + + #ifndef configENABLE_PAC + #error configENABLE_PAC must be defined in FreeRTOSConfig.h. Set configENABLE_PAC to 1 to enable the PAC or 0 to disable the PAC. + #endif + + #ifndef configENABLE_BTI + #error configENABLE_BTI must be defined in FreeRTOSConfig.h. Set configENABLE_BTI to 1 to enable the BTI or 0 to disable the BTI. + #endif + +#endif /* portHAS_PACBTI_FEATURE */ /*-----------------------------------------------------------*/ /** @@ -509,44 +520,6 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P #endif /* configUSE_PORT_OPTIMISED_TASK_SELECTION */ /*-----------------------------------------------------------*/ -#if (portPROCESSOR_VARIANT == 85) - - /** - * @brief PACBTI Security Feature Disabled - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_NONE 0 - - /** - * @brief PACBTI Security Feature Standard Configuration - * (PAC enabled without leaf functions support, and BTI enabled ). - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_STANDARD 1 - - /** - * @brief PACBTI Security Feature with only PAC enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET 2 - - /** - * @brief PACBTI Security Feature with PAC - * and PAC for leaf functions support enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF 3 - - /** - * @brief PACBTI Security Feature Standard + Leaf Configuration - * (PAC enabled with leaf functions support, and BTI enabled). - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI 4 - - /** - * @brief PACBTI Security Feature with only BTI enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_BTI 5 - -#endif /* portPROCESSOR_VARIANT == 85 */ -/*-----------------------------------------------------------*/ - /* *INDENT-OFF* */ #ifdef __cplusplus } diff --git a/portable/IAR/ARM_CM23_NTZ/non_secure/port.c b/portable/IAR/ARM_CM23_NTZ/non_secure/port.c index 58b2b835d..dfdbbcb1b 100644 --- a/portable/IAR/ARM_CM23_NTZ/non_secure/port.c +++ b/portable/IAR/ARM_CM23_NTZ/non_secure/port.c @@ -378,11 +378,18 @@ typedef void ( * portISR_t )( void ); #define portNO_SECURE_CONTEXT 0 /** - * @brief Constant required to check PACBTI security feature implementation. + * @brief Constants required to check and configure PACBTI security feature implementation. */ -#if (portPROCESSOR_VARIANT == 85) +#if ( portHAS_PACBTI_FEATURE == 1 ) + #define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) ) -#endif /* portPROCESSOR_VARIANT == 85 */ + + #define portCONTROL_UPAC_EN ( 1UL << 7UL ) + #define portCONTROL_PAC_EN ( 1UL << 6UL ) + #define portCONTROL_UBTI_EN ( 1UL << 5UL ) + #define portCONTROL_BTI_EN ( 1UL << 4UL ) + +#endif /* portHAS_PACBTI_FEATURE */ /*-----------------------------------------------------------*/ /** @@ -420,22 +427,25 @@ static void prvTaskExitError( void ); static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; #endif /* configENABLE_FPU */ -#if (portPROCESSOR_VARIANT == 85) +#if ( portHAS_PACBTI_FEATURE == 1 ) /** - * @brief Checks the pointer authentication, and branch target identification security feature - * configuration based on the selected option using the FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG CMake variable, - * returns the value of the special purpose control register accordingly, and optionally updates - * the Control register value. Currently, only Cortex-M85 (ARMv8.1-M architecture based) - * target supports PACBTI security feature. + * @brief Configures PACBTI features. + * + * This functions configrues the Pointer Authentication, and Branch Target + * Identification security features as per the user configuration. It returns + * the value of the special purpose CONTROL register accordingly, and optionally + * updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M + * architecture based) target supports PACBTI security feature. * - * @param xWriteControlRegister used to control whether the special purpose Control register - * should be updated or not. + * @param xWriteControlRegister Used to control whether the special purpose + * CONTROL register should be updated or not. * - * @return Control register value according to the configured PACBTI option. + * @return CONTROL register value according to the configured PACBTI option. */ - static uint32_t prvCheckAndConfigPacBti ( BaseType_t xWriteControlRegister ); -#endif /* portPROCESSOR_VARIANT == 85 */ + static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister ); + +#endif /* portHAS_PACBTI_FEATURE */ /** * @brief Setup the timer to generate the tick interrupts. @@ -1484,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */ { uint32_t ulIndex = 0; + uint32_t ulControl = 0x0; xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */ ulIndex++; @@ -1530,13 +1541,14 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */ ulIndex++; - uint32_t ulControl = 0x0; - #if (portPROCESSOR_VARIANT == 85) + #if ( portHAS_PACBTI_FEATURE == 1 ) { - /* Check PACBTI security feature configuration before pushing the control register's value on task's TCB. */ - ulControl = prvCheckAndConfigPacBti(pdFALSE); + /* Check PACBTI security feature configuration before pushing the + * CONTROL register's value on task's TCB. */ + ulControl = prvConfigurePACBTI( pdFALSE ); } - #endif /* portPROCESSOR_VARIANT == 85 */ + #endif /* portHAS_PACBTI_FEATURE */ + if( xRunPrivileged == pdTRUE ) { xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG; @@ -1774,12 +1786,13 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */ portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR2_REG = 0; - #if (portPROCESSOR_VARIANT == 85) + #if ( portHAS_PACBTI_FEATURE == 1 ) { - /* Set the Control register value based on PACBTI security feature configuration before starting the first task. */ - ( void) prvCheckAndConfigPacBti(pdTRUE); + /* Set the CONTROL register value based on PACBTI security feature + * configuration before starting the first task. */ + ( void) prvConfigurePACBTI( pdTRUE ); } - #endif /* portPROCESSOR_VARIANT == 85 */ + #endif /* portHAS_PACBTI_FEATURE */ #if ( configENABLE_MPU == 1 ) { @@ -2200,43 +2213,41 @@ BaseType_t xPortIsInsideInterrupt( void ) #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ /*-----------------------------------------------------------*/ -#if (portPROCESSOR_VARIANT == 85) - static uint32_t prvCheckAndConfigPacBti ( BaseType_t xWriteControlRegister ) +#if ( portHAS_PACBTI_FEATURE == 1 ) + + static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister ) { - #if defined ( portARM_V_8_1_M_PACBTI_CONFIG ) - uint32_t ulIdIsar5 = portID_ISAR5_REG; - configASSERT(ulIdIsar5 != 0x0); + uint32_t ulControl = 0x0; - /* Enable UsageFault exception if the selected configuration is not portARM_V_8_1_M_PACBTI_CONFIG_NONE */ - #if ( portARM_V_8_1_M_PACBTI_CONFIG != portARM_V_8_1_M_PACBTI_CONFIG_NONE ) - portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; - #endif + /* Ensure that PACBTI is implemented. */ + configASSERT( portID_ISAR5_REG != 0x0 ); - uint32_t ulControl = 0x0; - #if ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_STANDARD ) || \ - ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI ) ) - /* Set UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits to one */ - ulControl = 0xF0; - #elif ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET ) || \ - ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF ) ) - /* Set UPAC_EN, and PAC_EN control bits to one */ - ulControl = 0xC0; - #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_BTI ) - /* Set UBTI_EN, and BTI_EN control bits to one */ - ulControl = 0x30; - #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_NONE ) - /* Clear UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ - ulControl = 0x00; - #else - #error "Invalid portARM_V_8_1_M_PACBTI_CONFIG option chosen" - #endif - if ( xWriteControlRegister == pdTRUE ) - { - __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); - } + /* Enable UsageFault exception if PAC or BTI is enabled. */ + #if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) ) + { + portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; + } + #endif + + #if( configENABLE_PAC == 1 ) + { + ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN ); + } + #endif - return ulControl; + #if( configENABLE_BTI == 1 ) + { + ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN ); + } #endif + + if( xWriteControlRegister == pdTRUE ) + { + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + } + + return ulControl; } -#endif /* portPROCESSOR_VARIANT == 85 */ + +#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */ /*-----------------------------------------------------------*/ diff --git a/portable/IAR/ARM_CM23_NTZ/non_secure/portmacro.h b/portable/IAR/ARM_CM23_NTZ/non_secure/portmacro.h index 89e7b3e97..4940e345e 100644 --- a/portable/IAR/ARM_CM23_NTZ/non_secure/portmacro.h +++ b/portable/IAR/ARM_CM23_NTZ/non_secure/portmacro.h @@ -50,10 +50,10 @@ /** * Architecture specifics. */ -#define portPROCESSOR_VARIANT 23 #define portARCH_NAME "Cortex-M23" #define portHAS_ARMV8M_MAIN_EXTENSION 0 #define portARMV8M_MINOR_VERSION 0 +#define portHAS_PACBTI_FEATURE 0 #define portDONT_DISCARD __root /*-----------------------------------------------------------*/ diff --git a/portable/IAR/ARM_CM23_NTZ/non_secure/portmacrocommon.h b/portable/IAR/ARM_CM23_NTZ/non_secure/portmacrocommon.h index aa2d78811..a2d22b769 100644 --- a/portable/IAR/ARM_CM23_NTZ/non_secure/portmacrocommon.h +++ b/portable/IAR/ARM_CM23_NTZ/non_secure/portmacrocommon.h @@ -59,6 +59,17 @@ #error configENABLE_TRUSTZONE must be defined in FreeRTOSConfig.h. Set configENABLE_TRUSTZONE to 1 to enable TrustZone or 0 to disable TrustZone. #endif /* configENABLE_TRUSTZONE */ +#if ( portHAS_PACBTI_FEATURE == 1 ) + + #ifndef configENABLE_PAC + #error configENABLE_PAC must be defined in FreeRTOSConfig.h. Set configENABLE_PAC to 1 to enable the PAC or 0 to disable the PAC. + #endif + + #ifndef configENABLE_BTI + #error configENABLE_BTI must be defined in FreeRTOSConfig.h. Set configENABLE_BTI to 1 to enable the BTI or 0 to disable the BTI. + #endif + +#endif /* portHAS_PACBTI_FEATURE */ /*-----------------------------------------------------------*/ /** @@ -509,44 +520,6 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P #endif /* configUSE_PORT_OPTIMISED_TASK_SELECTION */ /*-----------------------------------------------------------*/ -#if (portPROCESSOR_VARIANT == 85) - - /** - * @brief PACBTI Security Feature Disabled - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_NONE 0 - - /** - * @brief PACBTI Security Feature Standard Configuration - * (PAC enabled without leaf functions support, and BTI enabled ). - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_STANDARD 1 - - /** - * @brief PACBTI Security Feature with only PAC enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET 2 - - /** - * @brief PACBTI Security Feature with PAC - * and PAC for leaf functions support enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF 3 - - /** - * @brief PACBTI Security Feature Standard + Leaf Configuration - * (PAC enabled with leaf functions support, and BTI enabled). - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI 4 - - /** - * @brief PACBTI Security Feature with only BTI enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_BTI 5 - -#endif /* portPROCESSOR_VARIANT == 85 */ -/*-----------------------------------------------------------*/ - /* *INDENT-OFF* */ #ifdef __cplusplus } diff --git a/portable/IAR/ARM_CM33/non_secure/port.c b/portable/IAR/ARM_CM33/non_secure/port.c index 58b2b835d..dfdbbcb1b 100644 --- a/portable/IAR/ARM_CM33/non_secure/port.c +++ b/portable/IAR/ARM_CM33/non_secure/port.c @@ -378,11 +378,18 @@ typedef void ( * portISR_t )( void ); #define portNO_SECURE_CONTEXT 0 /** - * @brief Constant required to check PACBTI security feature implementation. + * @brief Constants required to check and configure PACBTI security feature implementation. */ -#if (portPROCESSOR_VARIANT == 85) +#if ( portHAS_PACBTI_FEATURE == 1 ) + #define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) ) -#endif /* portPROCESSOR_VARIANT == 85 */ + + #define portCONTROL_UPAC_EN ( 1UL << 7UL ) + #define portCONTROL_PAC_EN ( 1UL << 6UL ) + #define portCONTROL_UBTI_EN ( 1UL << 5UL ) + #define portCONTROL_BTI_EN ( 1UL << 4UL ) + +#endif /* portHAS_PACBTI_FEATURE */ /*-----------------------------------------------------------*/ /** @@ -420,22 +427,25 @@ static void prvTaskExitError( void ); static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; #endif /* configENABLE_FPU */ -#if (portPROCESSOR_VARIANT == 85) +#if ( portHAS_PACBTI_FEATURE == 1 ) /** - * @brief Checks the pointer authentication, and branch target identification security feature - * configuration based on the selected option using the FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG CMake variable, - * returns the value of the special purpose control register accordingly, and optionally updates - * the Control register value. Currently, only Cortex-M85 (ARMv8.1-M architecture based) - * target supports PACBTI security feature. + * @brief Configures PACBTI features. + * + * This functions configrues the Pointer Authentication, and Branch Target + * Identification security features as per the user configuration. It returns + * the value of the special purpose CONTROL register accordingly, and optionally + * updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M + * architecture based) target supports PACBTI security feature. * - * @param xWriteControlRegister used to control whether the special purpose Control register - * should be updated or not. + * @param xWriteControlRegister Used to control whether the special purpose + * CONTROL register should be updated or not. * - * @return Control register value according to the configured PACBTI option. + * @return CONTROL register value according to the configured PACBTI option. */ - static uint32_t prvCheckAndConfigPacBti ( BaseType_t xWriteControlRegister ); -#endif /* portPROCESSOR_VARIANT == 85 */ + static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister ); + +#endif /* portHAS_PACBTI_FEATURE */ /** * @brief Setup the timer to generate the tick interrupts. @@ -1484,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */ { uint32_t ulIndex = 0; + uint32_t ulControl = 0x0; xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */ ulIndex++; @@ -1530,13 +1541,14 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */ ulIndex++; - uint32_t ulControl = 0x0; - #if (portPROCESSOR_VARIANT == 85) + #if ( portHAS_PACBTI_FEATURE == 1 ) { - /* Check PACBTI security feature configuration before pushing the control register's value on task's TCB. */ - ulControl = prvCheckAndConfigPacBti(pdFALSE); + /* Check PACBTI security feature configuration before pushing the + * CONTROL register's value on task's TCB. */ + ulControl = prvConfigurePACBTI( pdFALSE ); } - #endif /* portPROCESSOR_VARIANT == 85 */ + #endif /* portHAS_PACBTI_FEATURE */ + if( xRunPrivileged == pdTRUE ) { xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG; @@ -1774,12 +1786,13 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */ portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR2_REG = 0; - #if (portPROCESSOR_VARIANT == 85) + #if ( portHAS_PACBTI_FEATURE == 1 ) { - /* Set the Control register value based on PACBTI security feature configuration before starting the first task. */ - ( void) prvCheckAndConfigPacBti(pdTRUE); + /* Set the CONTROL register value based on PACBTI security feature + * configuration before starting the first task. */ + ( void) prvConfigurePACBTI( pdTRUE ); } - #endif /* portPROCESSOR_VARIANT == 85 */ + #endif /* portHAS_PACBTI_FEATURE */ #if ( configENABLE_MPU == 1 ) { @@ -2200,43 +2213,41 @@ BaseType_t xPortIsInsideInterrupt( void ) #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ /*-----------------------------------------------------------*/ -#if (portPROCESSOR_VARIANT == 85) - static uint32_t prvCheckAndConfigPacBti ( BaseType_t xWriteControlRegister ) +#if ( portHAS_PACBTI_FEATURE == 1 ) + + static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister ) { - #if defined ( portARM_V_8_1_M_PACBTI_CONFIG ) - uint32_t ulIdIsar5 = portID_ISAR5_REG; - configASSERT(ulIdIsar5 != 0x0); + uint32_t ulControl = 0x0; - /* Enable UsageFault exception if the selected configuration is not portARM_V_8_1_M_PACBTI_CONFIG_NONE */ - #if ( portARM_V_8_1_M_PACBTI_CONFIG != portARM_V_8_1_M_PACBTI_CONFIG_NONE ) - portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; - #endif + /* Ensure that PACBTI is implemented. */ + configASSERT( portID_ISAR5_REG != 0x0 ); - uint32_t ulControl = 0x0; - #if ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_STANDARD ) || \ - ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI ) ) - /* Set UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits to one */ - ulControl = 0xF0; - #elif ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET ) || \ - ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF ) ) - /* Set UPAC_EN, and PAC_EN control bits to one */ - ulControl = 0xC0; - #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_BTI ) - /* Set UBTI_EN, and BTI_EN control bits to one */ - ulControl = 0x30; - #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_NONE ) - /* Clear UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ - ulControl = 0x00; - #else - #error "Invalid portARM_V_8_1_M_PACBTI_CONFIG option chosen" - #endif - if ( xWriteControlRegister == pdTRUE ) - { - __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); - } + /* Enable UsageFault exception if PAC or BTI is enabled. */ + #if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) ) + { + portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; + } + #endif + + #if( configENABLE_PAC == 1 ) + { + ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN ); + } + #endif - return ulControl; + #if( configENABLE_BTI == 1 ) + { + ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN ); + } #endif + + if( xWriteControlRegister == pdTRUE ) + { + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + } + + return ulControl; } -#endif /* portPROCESSOR_VARIANT == 85 */ + +#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */ /*-----------------------------------------------------------*/ diff --git a/portable/IAR/ARM_CM33/non_secure/portasm.s b/portable/IAR/ARM_CM33/non_secure/portasm.s index 418c5f887..b90b3a30c 100644 --- a/portable/IAR/ARM_CM33/non_secure/portasm.s +++ b/portable/IAR/ARM_CM33/non_secure/portasm.s @@ -179,8 +179,9 @@ vRestoreContextOfFirstTask: ldr r4, =xSecureContext str r1, [r4] /* Set xSecureContext to this task's value for the same. */ msr psplim, r2 /* Set this task's PSPLIM value. */ - movs r1, #2 /* r1 = 2. */ - msr CONTROL, r1 /* Switch to use PSP in the thread mode. */ + mrs r1, control /* Obtain current control register value. */ + orrs r1, r1, #2 /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointe (PSP). */ + msr control, r1 /* Write back the new control register value. */ adds r0, #32 /* Discard everything up to r0. */ msr psp, r0 /* This is now the new top of stack to use in the task. */ isb diff --git a/portable/IAR/ARM_CM33/non_secure/portmacro.h b/portable/IAR/ARM_CM33/non_secure/portmacro.h index a92ebc800..5e126dbf9 100644 --- a/portable/IAR/ARM_CM33/non_secure/portmacro.h +++ b/portable/IAR/ARM_CM33/non_secure/portmacro.h @@ -50,10 +50,10 @@ /** * Architecture specifics. */ -#define portPROCESSOR_VARIANT 33 #define portARCH_NAME "Cortex-M33" #define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portARMV8M_MINOR_VERSION 0 +#define portHAS_PACBTI_FEATURE 0 #define portDONT_DISCARD __root /*-----------------------------------------------------------*/ diff --git a/portable/IAR/ARM_CM33/non_secure/portmacrocommon.h b/portable/IAR/ARM_CM33/non_secure/portmacrocommon.h index aa2d78811..a2d22b769 100644 --- a/portable/IAR/ARM_CM33/non_secure/portmacrocommon.h +++ b/portable/IAR/ARM_CM33/non_secure/portmacrocommon.h @@ -59,6 +59,17 @@ #error configENABLE_TRUSTZONE must be defined in FreeRTOSConfig.h. Set configENABLE_TRUSTZONE to 1 to enable TrustZone or 0 to disable TrustZone. #endif /* configENABLE_TRUSTZONE */ +#if ( portHAS_PACBTI_FEATURE == 1 ) + + #ifndef configENABLE_PAC + #error configENABLE_PAC must be defined in FreeRTOSConfig.h. Set configENABLE_PAC to 1 to enable the PAC or 0 to disable the PAC. + #endif + + #ifndef configENABLE_BTI + #error configENABLE_BTI must be defined in FreeRTOSConfig.h. Set configENABLE_BTI to 1 to enable the BTI or 0 to disable the BTI. + #endif + +#endif /* portHAS_PACBTI_FEATURE */ /*-----------------------------------------------------------*/ /** @@ -509,44 +520,6 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P #endif /* configUSE_PORT_OPTIMISED_TASK_SELECTION */ /*-----------------------------------------------------------*/ -#if (portPROCESSOR_VARIANT == 85) - - /** - * @brief PACBTI Security Feature Disabled - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_NONE 0 - - /** - * @brief PACBTI Security Feature Standard Configuration - * (PAC enabled without leaf functions support, and BTI enabled ). - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_STANDARD 1 - - /** - * @brief PACBTI Security Feature with only PAC enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET 2 - - /** - * @brief PACBTI Security Feature with PAC - * and PAC for leaf functions support enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF 3 - - /** - * @brief PACBTI Security Feature Standard + Leaf Configuration - * (PAC enabled with leaf functions support, and BTI enabled). - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI 4 - - /** - * @brief PACBTI Security Feature with only BTI enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_BTI 5 - -#endif /* portPROCESSOR_VARIANT == 85 */ -/*-----------------------------------------------------------*/ - /* *INDENT-OFF* */ #ifdef __cplusplus } diff --git a/portable/IAR/ARM_CM33_NTZ/non_secure/port.c b/portable/IAR/ARM_CM33_NTZ/non_secure/port.c index 58b2b835d..dfdbbcb1b 100644 --- a/portable/IAR/ARM_CM33_NTZ/non_secure/port.c +++ b/portable/IAR/ARM_CM33_NTZ/non_secure/port.c @@ -378,11 +378,18 @@ typedef void ( * portISR_t )( void ); #define portNO_SECURE_CONTEXT 0 /** - * @brief Constant required to check PACBTI security feature implementation. + * @brief Constants required to check and configure PACBTI security feature implementation. */ -#if (portPROCESSOR_VARIANT == 85) +#if ( portHAS_PACBTI_FEATURE == 1 ) + #define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) ) -#endif /* portPROCESSOR_VARIANT == 85 */ + + #define portCONTROL_UPAC_EN ( 1UL << 7UL ) + #define portCONTROL_PAC_EN ( 1UL << 6UL ) + #define portCONTROL_UBTI_EN ( 1UL << 5UL ) + #define portCONTROL_BTI_EN ( 1UL << 4UL ) + +#endif /* portHAS_PACBTI_FEATURE */ /*-----------------------------------------------------------*/ /** @@ -420,22 +427,25 @@ static void prvTaskExitError( void ); static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; #endif /* configENABLE_FPU */ -#if (portPROCESSOR_VARIANT == 85) +#if ( portHAS_PACBTI_FEATURE == 1 ) /** - * @brief Checks the pointer authentication, and branch target identification security feature - * configuration based on the selected option using the FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG CMake variable, - * returns the value of the special purpose control register accordingly, and optionally updates - * the Control register value. Currently, only Cortex-M85 (ARMv8.1-M architecture based) - * target supports PACBTI security feature. + * @brief Configures PACBTI features. + * + * This functions configrues the Pointer Authentication, and Branch Target + * Identification security features as per the user configuration. It returns + * the value of the special purpose CONTROL register accordingly, and optionally + * updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M + * architecture based) target supports PACBTI security feature. * - * @param xWriteControlRegister used to control whether the special purpose Control register - * should be updated or not. + * @param xWriteControlRegister Used to control whether the special purpose + * CONTROL register should be updated or not. * - * @return Control register value according to the configured PACBTI option. + * @return CONTROL register value according to the configured PACBTI option. */ - static uint32_t prvCheckAndConfigPacBti ( BaseType_t xWriteControlRegister ); -#endif /* portPROCESSOR_VARIANT == 85 */ + static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister ); + +#endif /* portHAS_PACBTI_FEATURE */ /** * @brief Setup the timer to generate the tick interrupts. @@ -1484,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */ { uint32_t ulIndex = 0; + uint32_t ulControl = 0x0; xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */ ulIndex++; @@ -1530,13 +1541,14 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */ ulIndex++; - uint32_t ulControl = 0x0; - #if (portPROCESSOR_VARIANT == 85) + #if ( portHAS_PACBTI_FEATURE == 1 ) { - /* Check PACBTI security feature configuration before pushing the control register's value on task's TCB. */ - ulControl = prvCheckAndConfigPacBti(pdFALSE); + /* Check PACBTI security feature configuration before pushing the + * CONTROL register's value on task's TCB. */ + ulControl = prvConfigurePACBTI( pdFALSE ); } - #endif /* portPROCESSOR_VARIANT == 85 */ + #endif /* portHAS_PACBTI_FEATURE */ + if( xRunPrivileged == pdTRUE ) { xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG; @@ -1774,12 +1786,13 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */ portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR2_REG = 0; - #if (portPROCESSOR_VARIANT == 85) + #if ( portHAS_PACBTI_FEATURE == 1 ) { - /* Set the Control register value based on PACBTI security feature configuration before starting the first task. */ - ( void) prvCheckAndConfigPacBti(pdTRUE); + /* Set the CONTROL register value based on PACBTI security feature + * configuration before starting the first task. */ + ( void) prvConfigurePACBTI( pdTRUE ); } - #endif /* portPROCESSOR_VARIANT == 85 */ + #endif /* portHAS_PACBTI_FEATURE */ #if ( configENABLE_MPU == 1 ) { @@ -2200,43 +2213,41 @@ BaseType_t xPortIsInsideInterrupt( void ) #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ /*-----------------------------------------------------------*/ -#if (portPROCESSOR_VARIANT == 85) - static uint32_t prvCheckAndConfigPacBti ( BaseType_t xWriteControlRegister ) +#if ( portHAS_PACBTI_FEATURE == 1 ) + + static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister ) { - #if defined ( portARM_V_8_1_M_PACBTI_CONFIG ) - uint32_t ulIdIsar5 = portID_ISAR5_REG; - configASSERT(ulIdIsar5 != 0x0); + uint32_t ulControl = 0x0; - /* Enable UsageFault exception if the selected configuration is not portARM_V_8_1_M_PACBTI_CONFIG_NONE */ - #if ( portARM_V_8_1_M_PACBTI_CONFIG != portARM_V_8_1_M_PACBTI_CONFIG_NONE ) - portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; - #endif + /* Ensure that PACBTI is implemented. */ + configASSERT( portID_ISAR5_REG != 0x0 ); - uint32_t ulControl = 0x0; - #if ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_STANDARD ) || \ - ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI ) ) - /* Set UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits to one */ - ulControl = 0xF0; - #elif ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET ) || \ - ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF ) ) - /* Set UPAC_EN, and PAC_EN control bits to one */ - ulControl = 0xC0; - #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_BTI ) - /* Set UBTI_EN, and BTI_EN control bits to one */ - ulControl = 0x30; - #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_NONE ) - /* Clear UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ - ulControl = 0x00; - #else - #error "Invalid portARM_V_8_1_M_PACBTI_CONFIG option chosen" - #endif - if ( xWriteControlRegister == pdTRUE ) - { - __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); - } + /* Enable UsageFault exception if PAC or BTI is enabled. */ + #if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) ) + { + portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; + } + #endif + + #if( configENABLE_PAC == 1 ) + { + ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN ); + } + #endif - return ulControl; + #if( configENABLE_BTI == 1 ) + { + ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN ); + } #endif + + if( xWriteControlRegister == pdTRUE ) + { + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + } + + return ulControl; } -#endif /* portPROCESSOR_VARIANT == 85 */ + +#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */ /*-----------------------------------------------------------*/ diff --git a/portable/IAR/ARM_CM33_NTZ/non_secure/portasm.s b/portable/IAR/ARM_CM33_NTZ/non_secure/portasm.s index e7fa8f041..be06f67ad 100644 --- a/portable/IAR/ARM_CM33_NTZ/non_secure/portasm.s +++ b/portable/IAR/ARM_CM33_NTZ/non_secure/portasm.s @@ -168,7 +168,7 @@ vRestoreContextOfFirstTask: ldm r0!, {r1-r2} /* Read from stack - r1 = PSPLIM and r2 = EXC_RETURN. */ msr psplim, r1 /* Set this task's PSPLIM value. */ mrs r1, control /* Obtain current control register value. */ - orrs r1, r1, #2 /* r1 = r1 | 0x2 - Setting the second bit to use the program stack pointe (PSP). */ + orrs r1, r1, #2 /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointe (PSP). */ msr control, r1 /* Write back the new control register value. */ adds r0, #32 /* Discard everything up to r0. */ msr psp, r0 /* This is now the new top of stack to use in the task. */ diff --git a/portable/IAR/ARM_CM33_NTZ/non_secure/portmacro.h b/portable/IAR/ARM_CM33_NTZ/non_secure/portmacro.h index a92ebc800..5e126dbf9 100644 --- a/portable/IAR/ARM_CM33_NTZ/non_secure/portmacro.h +++ b/portable/IAR/ARM_CM33_NTZ/non_secure/portmacro.h @@ -50,10 +50,10 @@ /** * Architecture specifics. */ -#define portPROCESSOR_VARIANT 33 #define portARCH_NAME "Cortex-M33" #define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portARMV8M_MINOR_VERSION 0 +#define portHAS_PACBTI_FEATURE 0 #define portDONT_DISCARD __root /*-----------------------------------------------------------*/ diff --git a/portable/IAR/ARM_CM33_NTZ/non_secure/portmacrocommon.h b/portable/IAR/ARM_CM33_NTZ/non_secure/portmacrocommon.h index aa2d78811..a2d22b769 100644 --- a/portable/IAR/ARM_CM33_NTZ/non_secure/portmacrocommon.h +++ b/portable/IAR/ARM_CM33_NTZ/non_secure/portmacrocommon.h @@ -59,6 +59,17 @@ #error configENABLE_TRUSTZONE must be defined in FreeRTOSConfig.h. Set configENABLE_TRUSTZONE to 1 to enable TrustZone or 0 to disable TrustZone. #endif /* configENABLE_TRUSTZONE */ +#if ( portHAS_PACBTI_FEATURE == 1 ) + + #ifndef configENABLE_PAC + #error configENABLE_PAC must be defined in FreeRTOSConfig.h. Set configENABLE_PAC to 1 to enable the PAC or 0 to disable the PAC. + #endif + + #ifndef configENABLE_BTI + #error configENABLE_BTI must be defined in FreeRTOSConfig.h. Set configENABLE_BTI to 1 to enable the BTI or 0 to disable the BTI. + #endif + +#endif /* portHAS_PACBTI_FEATURE */ /*-----------------------------------------------------------*/ /** @@ -509,44 +520,6 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P #endif /* configUSE_PORT_OPTIMISED_TASK_SELECTION */ /*-----------------------------------------------------------*/ -#if (portPROCESSOR_VARIANT == 85) - - /** - * @brief PACBTI Security Feature Disabled - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_NONE 0 - - /** - * @brief PACBTI Security Feature Standard Configuration - * (PAC enabled without leaf functions support, and BTI enabled ). - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_STANDARD 1 - - /** - * @brief PACBTI Security Feature with only PAC enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET 2 - - /** - * @brief PACBTI Security Feature with PAC - * and PAC for leaf functions support enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF 3 - - /** - * @brief PACBTI Security Feature Standard + Leaf Configuration - * (PAC enabled with leaf functions support, and BTI enabled). - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI 4 - - /** - * @brief PACBTI Security Feature with only BTI enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_BTI 5 - -#endif /* portPROCESSOR_VARIANT == 85 */ -/*-----------------------------------------------------------*/ - /* *INDENT-OFF* */ #ifdef __cplusplus } diff --git a/portable/IAR/ARM_CM35P/non_secure/port.c b/portable/IAR/ARM_CM35P/non_secure/port.c index 58b2b835d..dfdbbcb1b 100644 --- a/portable/IAR/ARM_CM35P/non_secure/port.c +++ b/portable/IAR/ARM_CM35P/non_secure/port.c @@ -378,11 +378,18 @@ typedef void ( * portISR_t )( void ); #define portNO_SECURE_CONTEXT 0 /** - * @brief Constant required to check PACBTI security feature implementation. + * @brief Constants required to check and configure PACBTI security feature implementation. */ -#if (portPROCESSOR_VARIANT == 85) +#if ( portHAS_PACBTI_FEATURE == 1 ) + #define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) ) -#endif /* portPROCESSOR_VARIANT == 85 */ + + #define portCONTROL_UPAC_EN ( 1UL << 7UL ) + #define portCONTROL_PAC_EN ( 1UL << 6UL ) + #define portCONTROL_UBTI_EN ( 1UL << 5UL ) + #define portCONTROL_BTI_EN ( 1UL << 4UL ) + +#endif /* portHAS_PACBTI_FEATURE */ /*-----------------------------------------------------------*/ /** @@ -420,22 +427,25 @@ static void prvTaskExitError( void ); static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; #endif /* configENABLE_FPU */ -#if (portPROCESSOR_VARIANT == 85) +#if ( portHAS_PACBTI_FEATURE == 1 ) /** - * @brief Checks the pointer authentication, and branch target identification security feature - * configuration based on the selected option using the FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG CMake variable, - * returns the value of the special purpose control register accordingly, and optionally updates - * the Control register value. Currently, only Cortex-M85 (ARMv8.1-M architecture based) - * target supports PACBTI security feature. + * @brief Configures PACBTI features. + * + * This functions configrues the Pointer Authentication, and Branch Target + * Identification security features as per the user configuration. It returns + * the value of the special purpose CONTROL register accordingly, and optionally + * updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M + * architecture based) target supports PACBTI security feature. * - * @param xWriteControlRegister used to control whether the special purpose Control register - * should be updated or not. + * @param xWriteControlRegister Used to control whether the special purpose + * CONTROL register should be updated or not. * - * @return Control register value according to the configured PACBTI option. + * @return CONTROL register value according to the configured PACBTI option. */ - static uint32_t prvCheckAndConfigPacBti ( BaseType_t xWriteControlRegister ); -#endif /* portPROCESSOR_VARIANT == 85 */ + static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister ); + +#endif /* portHAS_PACBTI_FEATURE */ /** * @brief Setup the timer to generate the tick interrupts. @@ -1484,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */ { uint32_t ulIndex = 0; + uint32_t ulControl = 0x0; xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */ ulIndex++; @@ -1530,13 +1541,14 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */ ulIndex++; - uint32_t ulControl = 0x0; - #if (portPROCESSOR_VARIANT == 85) + #if ( portHAS_PACBTI_FEATURE == 1 ) { - /* Check PACBTI security feature configuration before pushing the control register's value on task's TCB. */ - ulControl = prvCheckAndConfigPacBti(pdFALSE); + /* Check PACBTI security feature configuration before pushing the + * CONTROL register's value on task's TCB. */ + ulControl = prvConfigurePACBTI( pdFALSE ); } - #endif /* portPROCESSOR_VARIANT == 85 */ + #endif /* portHAS_PACBTI_FEATURE */ + if( xRunPrivileged == pdTRUE ) { xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG; @@ -1774,12 +1786,13 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */ portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR2_REG = 0; - #if (portPROCESSOR_VARIANT == 85) + #if ( portHAS_PACBTI_FEATURE == 1 ) { - /* Set the Control register value based on PACBTI security feature configuration before starting the first task. */ - ( void) prvCheckAndConfigPacBti(pdTRUE); + /* Set the CONTROL register value based on PACBTI security feature + * configuration before starting the first task. */ + ( void) prvConfigurePACBTI( pdTRUE ); } - #endif /* portPROCESSOR_VARIANT == 85 */ + #endif /* portHAS_PACBTI_FEATURE */ #if ( configENABLE_MPU == 1 ) { @@ -2200,43 +2213,41 @@ BaseType_t xPortIsInsideInterrupt( void ) #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ /*-----------------------------------------------------------*/ -#if (portPROCESSOR_VARIANT == 85) - static uint32_t prvCheckAndConfigPacBti ( BaseType_t xWriteControlRegister ) +#if ( portHAS_PACBTI_FEATURE == 1 ) + + static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister ) { - #if defined ( portARM_V_8_1_M_PACBTI_CONFIG ) - uint32_t ulIdIsar5 = portID_ISAR5_REG; - configASSERT(ulIdIsar5 != 0x0); + uint32_t ulControl = 0x0; - /* Enable UsageFault exception if the selected configuration is not portARM_V_8_1_M_PACBTI_CONFIG_NONE */ - #if ( portARM_V_8_1_M_PACBTI_CONFIG != portARM_V_8_1_M_PACBTI_CONFIG_NONE ) - portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; - #endif + /* Ensure that PACBTI is implemented. */ + configASSERT( portID_ISAR5_REG != 0x0 ); - uint32_t ulControl = 0x0; - #if ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_STANDARD ) || \ - ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI ) ) - /* Set UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits to one */ - ulControl = 0xF0; - #elif ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET ) || \ - ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF ) ) - /* Set UPAC_EN, and PAC_EN control bits to one */ - ulControl = 0xC0; - #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_BTI ) - /* Set UBTI_EN, and BTI_EN control bits to one */ - ulControl = 0x30; - #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_NONE ) - /* Clear UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ - ulControl = 0x00; - #else - #error "Invalid portARM_V_8_1_M_PACBTI_CONFIG option chosen" - #endif - if ( xWriteControlRegister == pdTRUE ) - { - __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); - } + /* Enable UsageFault exception if PAC or BTI is enabled. */ + #if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) ) + { + portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; + } + #endif + + #if( configENABLE_PAC == 1 ) + { + ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN ); + } + #endif - return ulControl; + #if( configENABLE_BTI == 1 ) + { + ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN ); + } #endif + + if( xWriteControlRegister == pdTRUE ) + { + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + } + + return ulControl; } -#endif /* portPROCESSOR_VARIANT == 85 */ + +#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */ /*-----------------------------------------------------------*/ diff --git a/portable/IAR/ARM_CM35P/non_secure/portasm.s b/portable/IAR/ARM_CM35P/non_secure/portasm.s index 418c5f887..b90b3a30c 100644 --- a/portable/IAR/ARM_CM35P/non_secure/portasm.s +++ b/portable/IAR/ARM_CM35P/non_secure/portasm.s @@ -179,8 +179,9 @@ vRestoreContextOfFirstTask: ldr r4, =xSecureContext str r1, [r4] /* Set xSecureContext to this task's value for the same. */ msr psplim, r2 /* Set this task's PSPLIM value. */ - movs r1, #2 /* r1 = 2. */ - msr CONTROL, r1 /* Switch to use PSP in the thread mode. */ + mrs r1, control /* Obtain current control register value. */ + orrs r1, r1, #2 /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointe (PSP). */ + msr control, r1 /* Write back the new control register value. */ adds r0, #32 /* Discard everything up to r0. */ msr psp, r0 /* This is now the new top of stack to use in the task. */ isb diff --git a/portable/IAR/ARM_CM35P/non_secure/portmacro.h b/portable/IAR/ARM_CM35P/non_secure/portmacro.h index f2f80f0e4..d617ac0c2 100644 --- a/portable/IAR/ARM_CM35P/non_secure/portmacro.h +++ b/portable/IAR/ARM_CM35P/non_secure/portmacro.h @@ -50,10 +50,10 @@ /** * Architecture specifics. */ -#define portPROCESSOR_VARIANT 35 #define portARCH_NAME "Cortex-M35P" #define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portARMV8M_MINOR_VERSION 0 +#define portHAS_PACBTI_FEATURE 0 #define portDONT_DISCARD __root /*-----------------------------------------------------------*/ diff --git a/portable/IAR/ARM_CM35P/non_secure/portmacrocommon.h b/portable/IAR/ARM_CM35P/non_secure/portmacrocommon.h index aa2d78811..a2d22b769 100644 --- a/portable/IAR/ARM_CM35P/non_secure/portmacrocommon.h +++ b/portable/IAR/ARM_CM35P/non_secure/portmacrocommon.h @@ -59,6 +59,17 @@ #error configENABLE_TRUSTZONE must be defined in FreeRTOSConfig.h. Set configENABLE_TRUSTZONE to 1 to enable TrustZone or 0 to disable TrustZone. #endif /* configENABLE_TRUSTZONE */ +#if ( portHAS_PACBTI_FEATURE == 1 ) + + #ifndef configENABLE_PAC + #error configENABLE_PAC must be defined in FreeRTOSConfig.h. Set configENABLE_PAC to 1 to enable the PAC or 0 to disable the PAC. + #endif + + #ifndef configENABLE_BTI + #error configENABLE_BTI must be defined in FreeRTOSConfig.h. Set configENABLE_BTI to 1 to enable the BTI or 0 to disable the BTI. + #endif + +#endif /* portHAS_PACBTI_FEATURE */ /*-----------------------------------------------------------*/ /** @@ -509,44 +520,6 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P #endif /* configUSE_PORT_OPTIMISED_TASK_SELECTION */ /*-----------------------------------------------------------*/ -#if (portPROCESSOR_VARIANT == 85) - - /** - * @brief PACBTI Security Feature Disabled - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_NONE 0 - - /** - * @brief PACBTI Security Feature Standard Configuration - * (PAC enabled without leaf functions support, and BTI enabled ). - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_STANDARD 1 - - /** - * @brief PACBTI Security Feature with only PAC enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET 2 - - /** - * @brief PACBTI Security Feature with PAC - * and PAC for leaf functions support enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF 3 - - /** - * @brief PACBTI Security Feature Standard + Leaf Configuration - * (PAC enabled with leaf functions support, and BTI enabled). - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI 4 - - /** - * @brief PACBTI Security Feature with only BTI enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_BTI 5 - -#endif /* portPROCESSOR_VARIANT == 85 */ -/*-----------------------------------------------------------*/ - /* *INDENT-OFF* */ #ifdef __cplusplus } diff --git a/portable/IAR/ARM_CM35P_NTZ/non_secure/port.c b/portable/IAR/ARM_CM35P_NTZ/non_secure/port.c index 58b2b835d..dfdbbcb1b 100644 --- a/portable/IAR/ARM_CM35P_NTZ/non_secure/port.c +++ b/portable/IAR/ARM_CM35P_NTZ/non_secure/port.c @@ -378,11 +378,18 @@ typedef void ( * portISR_t )( void ); #define portNO_SECURE_CONTEXT 0 /** - * @brief Constant required to check PACBTI security feature implementation. + * @brief Constants required to check and configure PACBTI security feature implementation. */ -#if (portPROCESSOR_VARIANT == 85) +#if ( portHAS_PACBTI_FEATURE == 1 ) + #define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) ) -#endif /* portPROCESSOR_VARIANT == 85 */ + + #define portCONTROL_UPAC_EN ( 1UL << 7UL ) + #define portCONTROL_PAC_EN ( 1UL << 6UL ) + #define portCONTROL_UBTI_EN ( 1UL << 5UL ) + #define portCONTROL_BTI_EN ( 1UL << 4UL ) + +#endif /* portHAS_PACBTI_FEATURE */ /*-----------------------------------------------------------*/ /** @@ -420,22 +427,25 @@ static void prvTaskExitError( void ); static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; #endif /* configENABLE_FPU */ -#if (portPROCESSOR_VARIANT == 85) +#if ( portHAS_PACBTI_FEATURE == 1 ) /** - * @brief Checks the pointer authentication, and branch target identification security feature - * configuration based on the selected option using the FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG CMake variable, - * returns the value of the special purpose control register accordingly, and optionally updates - * the Control register value. Currently, only Cortex-M85 (ARMv8.1-M architecture based) - * target supports PACBTI security feature. + * @brief Configures PACBTI features. + * + * This functions configrues the Pointer Authentication, and Branch Target + * Identification security features as per the user configuration. It returns + * the value of the special purpose CONTROL register accordingly, and optionally + * updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M + * architecture based) target supports PACBTI security feature. * - * @param xWriteControlRegister used to control whether the special purpose Control register - * should be updated or not. + * @param xWriteControlRegister Used to control whether the special purpose + * CONTROL register should be updated or not. * - * @return Control register value according to the configured PACBTI option. + * @return CONTROL register value according to the configured PACBTI option. */ - static uint32_t prvCheckAndConfigPacBti ( BaseType_t xWriteControlRegister ); -#endif /* portPROCESSOR_VARIANT == 85 */ + static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister ); + +#endif /* portHAS_PACBTI_FEATURE */ /** * @brief Setup the timer to generate the tick interrupts. @@ -1484,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */ { uint32_t ulIndex = 0; + uint32_t ulControl = 0x0; xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */ ulIndex++; @@ -1530,13 +1541,14 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */ ulIndex++; - uint32_t ulControl = 0x0; - #if (portPROCESSOR_VARIANT == 85) + #if ( portHAS_PACBTI_FEATURE == 1 ) { - /* Check PACBTI security feature configuration before pushing the control register's value on task's TCB. */ - ulControl = prvCheckAndConfigPacBti(pdFALSE); + /* Check PACBTI security feature configuration before pushing the + * CONTROL register's value on task's TCB. */ + ulControl = prvConfigurePACBTI( pdFALSE ); } - #endif /* portPROCESSOR_VARIANT == 85 */ + #endif /* portHAS_PACBTI_FEATURE */ + if( xRunPrivileged == pdTRUE ) { xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG; @@ -1774,12 +1786,13 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */ portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR2_REG = 0; - #if (portPROCESSOR_VARIANT == 85) + #if ( portHAS_PACBTI_FEATURE == 1 ) { - /* Set the Control register value based on PACBTI security feature configuration before starting the first task. */ - ( void) prvCheckAndConfigPacBti(pdTRUE); + /* Set the CONTROL register value based on PACBTI security feature + * configuration before starting the first task. */ + ( void) prvConfigurePACBTI( pdTRUE ); } - #endif /* portPROCESSOR_VARIANT == 85 */ + #endif /* portHAS_PACBTI_FEATURE */ #if ( configENABLE_MPU == 1 ) { @@ -2200,43 +2213,41 @@ BaseType_t xPortIsInsideInterrupt( void ) #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ /*-----------------------------------------------------------*/ -#if (portPROCESSOR_VARIANT == 85) - static uint32_t prvCheckAndConfigPacBti ( BaseType_t xWriteControlRegister ) +#if ( portHAS_PACBTI_FEATURE == 1 ) + + static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister ) { - #if defined ( portARM_V_8_1_M_PACBTI_CONFIG ) - uint32_t ulIdIsar5 = portID_ISAR5_REG; - configASSERT(ulIdIsar5 != 0x0); + uint32_t ulControl = 0x0; - /* Enable UsageFault exception if the selected configuration is not portARM_V_8_1_M_PACBTI_CONFIG_NONE */ - #if ( portARM_V_8_1_M_PACBTI_CONFIG != portARM_V_8_1_M_PACBTI_CONFIG_NONE ) - portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; - #endif + /* Ensure that PACBTI is implemented. */ + configASSERT( portID_ISAR5_REG != 0x0 ); - uint32_t ulControl = 0x0; - #if ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_STANDARD ) || \ - ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI ) ) - /* Set UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits to one */ - ulControl = 0xF0; - #elif ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET ) || \ - ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF ) ) - /* Set UPAC_EN, and PAC_EN control bits to one */ - ulControl = 0xC0; - #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_BTI ) - /* Set UBTI_EN, and BTI_EN control bits to one */ - ulControl = 0x30; - #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_NONE ) - /* Clear UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ - ulControl = 0x00; - #else - #error "Invalid portARM_V_8_1_M_PACBTI_CONFIG option chosen" - #endif - if ( xWriteControlRegister == pdTRUE ) - { - __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); - } + /* Enable UsageFault exception if PAC or BTI is enabled. */ + #if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) ) + { + portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; + } + #endif + + #if( configENABLE_PAC == 1 ) + { + ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN ); + } + #endif - return ulControl; + #if( configENABLE_BTI == 1 ) + { + ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN ); + } #endif + + if( xWriteControlRegister == pdTRUE ) + { + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + } + + return ulControl; } -#endif /* portPROCESSOR_VARIANT == 85 */ + +#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */ /*-----------------------------------------------------------*/ diff --git a/portable/IAR/ARM_CM35P_NTZ/non_secure/portasm.s b/portable/IAR/ARM_CM35P_NTZ/non_secure/portasm.s index e7fa8f041..be06f67ad 100644 --- a/portable/IAR/ARM_CM35P_NTZ/non_secure/portasm.s +++ b/portable/IAR/ARM_CM35P_NTZ/non_secure/portasm.s @@ -168,7 +168,7 @@ vRestoreContextOfFirstTask: ldm r0!, {r1-r2} /* Read from stack - r1 = PSPLIM and r2 = EXC_RETURN. */ msr psplim, r1 /* Set this task's PSPLIM value. */ mrs r1, control /* Obtain current control register value. */ - orrs r1, r1, #2 /* r1 = r1 | 0x2 - Setting the second bit to use the program stack pointe (PSP). */ + orrs r1, r1, #2 /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointe (PSP). */ msr control, r1 /* Write back the new control register value. */ adds r0, #32 /* Discard everything up to r0. */ msr psp, r0 /* This is now the new top of stack to use in the task. */ diff --git a/portable/IAR/ARM_CM35P_NTZ/non_secure/portmacro.h b/portable/IAR/ARM_CM35P_NTZ/non_secure/portmacro.h index f2f80f0e4..d617ac0c2 100644 --- a/portable/IAR/ARM_CM35P_NTZ/non_secure/portmacro.h +++ b/portable/IAR/ARM_CM35P_NTZ/non_secure/portmacro.h @@ -50,10 +50,10 @@ /** * Architecture specifics. */ -#define portPROCESSOR_VARIANT 35 #define portARCH_NAME "Cortex-M35P" #define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portARMV8M_MINOR_VERSION 0 +#define portHAS_PACBTI_FEATURE 0 #define portDONT_DISCARD __root /*-----------------------------------------------------------*/ diff --git a/portable/IAR/ARM_CM35P_NTZ/non_secure/portmacrocommon.h b/portable/IAR/ARM_CM35P_NTZ/non_secure/portmacrocommon.h index aa2d78811..a2d22b769 100644 --- a/portable/IAR/ARM_CM35P_NTZ/non_secure/portmacrocommon.h +++ b/portable/IAR/ARM_CM35P_NTZ/non_secure/portmacrocommon.h @@ -59,6 +59,17 @@ #error configENABLE_TRUSTZONE must be defined in FreeRTOSConfig.h. Set configENABLE_TRUSTZONE to 1 to enable TrustZone or 0 to disable TrustZone. #endif /* configENABLE_TRUSTZONE */ +#if ( portHAS_PACBTI_FEATURE == 1 ) + + #ifndef configENABLE_PAC + #error configENABLE_PAC must be defined in FreeRTOSConfig.h. Set configENABLE_PAC to 1 to enable the PAC or 0 to disable the PAC. + #endif + + #ifndef configENABLE_BTI + #error configENABLE_BTI must be defined in FreeRTOSConfig.h. Set configENABLE_BTI to 1 to enable the BTI or 0 to disable the BTI. + #endif + +#endif /* portHAS_PACBTI_FEATURE */ /*-----------------------------------------------------------*/ /** @@ -509,44 +520,6 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P #endif /* configUSE_PORT_OPTIMISED_TASK_SELECTION */ /*-----------------------------------------------------------*/ -#if (portPROCESSOR_VARIANT == 85) - - /** - * @brief PACBTI Security Feature Disabled - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_NONE 0 - - /** - * @brief PACBTI Security Feature Standard Configuration - * (PAC enabled without leaf functions support, and BTI enabled ). - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_STANDARD 1 - - /** - * @brief PACBTI Security Feature with only PAC enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET 2 - - /** - * @brief PACBTI Security Feature with PAC - * and PAC for leaf functions support enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF 3 - - /** - * @brief PACBTI Security Feature Standard + Leaf Configuration - * (PAC enabled with leaf functions support, and BTI enabled). - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI 4 - - /** - * @brief PACBTI Security Feature with only BTI enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_BTI 5 - -#endif /* portPROCESSOR_VARIANT == 85 */ -/*-----------------------------------------------------------*/ - /* *INDENT-OFF* */ #ifdef __cplusplus } diff --git a/portable/IAR/ARM_CM55/non_secure/port.c b/portable/IAR/ARM_CM55/non_secure/port.c index 58b2b835d..dfdbbcb1b 100644 --- a/portable/IAR/ARM_CM55/non_secure/port.c +++ b/portable/IAR/ARM_CM55/non_secure/port.c @@ -378,11 +378,18 @@ typedef void ( * portISR_t )( void ); #define portNO_SECURE_CONTEXT 0 /** - * @brief Constant required to check PACBTI security feature implementation. + * @brief Constants required to check and configure PACBTI security feature implementation. */ -#if (portPROCESSOR_VARIANT == 85) +#if ( portHAS_PACBTI_FEATURE == 1 ) + #define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) ) -#endif /* portPROCESSOR_VARIANT == 85 */ + + #define portCONTROL_UPAC_EN ( 1UL << 7UL ) + #define portCONTROL_PAC_EN ( 1UL << 6UL ) + #define portCONTROL_UBTI_EN ( 1UL << 5UL ) + #define portCONTROL_BTI_EN ( 1UL << 4UL ) + +#endif /* portHAS_PACBTI_FEATURE */ /*-----------------------------------------------------------*/ /** @@ -420,22 +427,25 @@ static void prvTaskExitError( void ); static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; #endif /* configENABLE_FPU */ -#if (portPROCESSOR_VARIANT == 85) +#if ( portHAS_PACBTI_FEATURE == 1 ) /** - * @brief Checks the pointer authentication, and branch target identification security feature - * configuration based on the selected option using the FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG CMake variable, - * returns the value of the special purpose control register accordingly, and optionally updates - * the Control register value. Currently, only Cortex-M85 (ARMv8.1-M architecture based) - * target supports PACBTI security feature. + * @brief Configures PACBTI features. + * + * This functions configrues the Pointer Authentication, and Branch Target + * Identification security features as per the user configuration. It returns + * the value of the special purpose CONTROL register accordingly, and optionally + * updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M + * architecture based) target supports PACBTI security feature. * - * @param xWriteControlRegister used to control whether the special purpose Control register - * should be updated or not. + * @param xWriteControlRegister Used to control whether the special purpose + * CONTROL register should be updated or not. * - * @return Control register value according to the configured PACBTI option. + * @return CONTROL register value according to the configured PACBTI option. */ - static uint32_t prvCheckAndConfigPacBti ( BaseType_t xWriteControlRegister ); -#endif /* portPROCESSOR_VARIANT == 85 */ + static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister ); + +#endif /* portHAS_PACBTI_FEATURE */ /** * @brief Setup the timer to generate the tick interrupts. @@ -1484,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */ { uint32_t ulIndex = 0; + uint32_t ulControl = 0x0; xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */ ulIndex++; @@ -1530,13 +1541,14 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */ ulIndex++; - uint32_t ulControl = 0x0; - #if (portPROCESSOR_VARIANT == 85) + #if ( portHAS_PACBTI_FEATURE == 1 ) { - /* Check PACBTI security feature configuration before pushing the control register's value on task's TCB. */ - ulControl = prvCheckAndConfigPacBti(pdFALSE); + /* Check PACBTI security feature configuration before pushing the + * CONTROL register's value on task's TCB. */ + ulControl = prvConfigurePACBTI( pdFALSE ); } - #endif /* portPROCESSOR_VARIANT == 85 */ + #endif /* portHAS_PACBTI_FEATURE */ + if( xRunPrivileged == pdTRUE ) { xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG; @@ -1774,12 +1786,13 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */ portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR2_REG = 0; - #if (portPROCESSOR_VARIANT == 85) + #if ( portHAS_PACBTI_FEATURE == 1 ) { - /* Set the Control register value based on PACBTI security feature configuration before starting the first task. */ - ( void) prvCheckAndConfigPacBti(pdTRUE); + /* Set the CONTROL register value based on PACBTI security feature + * configuration before starting the first task. */ + ( void) prvConfigurePACBTI( pdTRUE ); } - #endif /* portPROCESSOR_VARIANT == 85 */ + #endif /* portHAS_PACBTI_FEATURE */ #if ( configENABLE_MPU == 1 ) { @@ -2200,43 +2213,41 @@ BaseType_t xPortIsInsideInterrupt( void ) #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ /*-----------------------------------------------------------*/ -#if (portPROCESSOR_VARIANT == 85) - static uint32_t prvCheckAndConfigPacBti ( BaseType_t xWriteControlRegister ) +#if ( portHAS_PACBTI_FEATURE == 1 ) + + static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister ) { - #if defined ( portARM_V_8_1_M_PACBTI_CONFIG ) - uint32_t ulIdIsar5 = portID_ISAR5_REG; - configASSERT(ulIdIsar5 != 0x0); + uint32_t ulControl = 0x0; - /* Enable UsageFault exception if the selected configuration is not portARM_V_8_1_M_PACBTI_CONFIG_NONE */ - #if ( portARM_V_8_1_M_PACBTI_CONFIG != portARM_V_8_1_M_PACBTI_CONFIG_NONE ) - portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; - #endif + /* Ensure that PACBTI is implemented. */ + configASSERT( portID_ISAR5_REG != 0x0 ); - uint32_t ulControl = 0x0; - #if ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_STANDARD ) || \ - ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI ) ) - /* Set UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits to one */ - ulControl = 0xF0; - #elif ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET ) || \ - ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF ) ) - /* Set UPAC_EN, and PAC_EN control bits to one */ - ulControl = 0xC0; - #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_BTI ) - /* Set UBTI_EN, and BTI_EN control bits to one */ - ulControl = 0x30; - #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_NONE ) - /* Clear UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ - ulControl = 0x00; - #else - #error "Invalid portARM_V_8_1_M_PACBTI_CONFIG option chosen" - #endif - if ( xWriteControlRegister == pdTRUE ) - { - __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); - } + /* Enable UsageFault exception if PAC or BTI is enabled. */ + #if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) ) + { + portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; + } + #endif + + #if( configENABLE_PAC == 1 ) + { + ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN ); + } + #endif - return ulControl; + #if( configENABLE_BTI == 1 ) + { + ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN ); + } #endif + + if( xWriteControlRegister == pdTRUE ) + { + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + } + + return ulControl; } -#endif /* portPROCESSOR_VARIANT == 85 */ + +#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */ /*-----------------------------------------------------------*/ diff --git a/portable/IAR/ARM_CM55/non_secure/portasm.s b/portable/IAR/ARM_CM55/non_secure/portasm.s index 418c5f887..b90b3a30c 100644 --- a/portable/IAR/ARM_CM55/non_secure/portasm.s +++ b/portable/IAR/ARM_CM55/non_secure/portasm.s @@ -179,8 +179,9 @@ vRestoreContextOfFirstTask: ldr r4, =xSecureContext str r1, [r4] /* Set xSecureContext to this task's value for the same. */ msr psplim, r2 /* Set this task's PSPLIM value. */ - movs r1, #2 /* r1 = 2. */ - msr CONTROL, r1 /* Switch to use PSP in the thread mode. */ + mrs r1, control /* Obtain current control register value. */ + orrs r1, r1, #2 /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointe (PSP). */ + msr control, r1 /* Write back the new control register value. */ adds r0, #32 /* Discard everything up to r0. */ msr psp, r0 /* This is now the new top of stack to use in the task. */ isb diff --git a/portable/IAR/ARM_CM55/non_secure/portmacro.h b/portable/IAR/ARM_CM55/non_secure/portmacro.h index 8dcf71342..6a5272267 100644 --- a/portable/IAR/ARM_CM55/non_secure/portmacro.h +++ b/portable/IAR/ARM_CM55/non_secure/portmacro.h @@ -55,10 +55,10 @@ /** * Architecture specifics. */ -#define portPROCESSOR_VARIANT 55 #define portARCH_NAME "Cortex-M55" #define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portARMV8M_MINOR_VERSION 1 +#define portHAS_PACBTI_FEATURE 0 #define portDONT_DISCARD __root /*-----------------------------------------------------------*/ diff --git a/portable/IAR/ARM_CM55/non_secure/portmacrocommon.h b/portable/IAR/ARM_CM55/non_secure/portmacrocommon.h index aa2d78811..a2d22b769 100644 --- a/portable/IAR/ARM_CM55/non_secure/portmacrocommon.h +++ b/portable/IAR/ARM_CM55/non_secure/portmacrocommon.h @@ -59,6 +59,17 @@ #error configENABLE_TRUSTZONE must be defined in FreeRTOSConfig.h. Set configENABLE_TRUSTZONE to 1 to enable TrustZone or 0 to disable TrustZone. #endif /* configENABLE_TRUSTZONE */ +#if ( portHAS_PACBTI_FEATURE == 1 ) + + #ifndef configENABLE_PAC + #error configENABLE_PAC must be defined in FreeRTOSConfig.h. Set configENABLE_PAC to 1 to enable the PAC or 0 to disable the PAC. + #endif + + #ifndef configENABLE_BTI + #error configENABLE_BTI must be defined in FreeRTOSConfig.h. Set configENABLE_BTI to 1 to enable the BTI or 0 to disable the BTI. + #endif + +#endif /* portHAS_PACBTI_FEATURE */ /*-----------------------------------------------------------*/ /** @@ -509,44 +520,6 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P #endif /* configUSE_PORT_OPTIMISED_TASK_SELECTION */ /*-----------------------------------------------------------*/ -#if (portPROCESSOR_VARIANT == 85) - - /** - * @brief PACBTI Security Feature Disabled - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_NONE 0 - - /** - * @brief PACBTI Security Feature Standard Configuration - * (PAC enabled without leaf functions support, and BTI enabled ). - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_STANDARD 1 - - /** - * @brief PACBTI Security Feature with only PAC enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET 2 - - /** - * @brief PACBTI Security Feature with PAC - * and PAC for leaf functions support enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF 3 - - /** - * @brief PACBTI Security Feature Standard + Leaf Configuration - * (PAC enabled with leaf functions support, and BTI enabled). - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI 4 - - /** - * @brief PACBTI Security Feature with only BTI enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_BTI 5 - -#endif /* portPROCESSOR_VARIANT == 85 */ -/*-----------------------------------------------------------*/ - /* *INDENT-OFF* */ #ifdef __cplusplus } diff --git a/portable/IAR/ARM_CM55_NTZ/non_secure/port.c b/portable/IAR/ARM_CM55_NTZ/non_secure/port.c index 58b2b835d..dfdbbcb1b 100644 --- a/portable/IAR/ARM_CM55_NTZ/non_secure/port.c +++ b/portable/IAR/ARM_CM55_NTZ/non_secure/port.c @@ -378,11 +378,18 @@ typedef void ( * portISR_t )( void ); #define portNO_SECURE_CONTEXT 0 /** - * @brief Constant required to check PACBTI security feature implementation. + * @brief Constants required to check and configure PACBTI security feature implementation. */ -#if (portPROCESSOR_VARIANT == 85) +#if ( portHAS_PACBTI_FEATURE == 1 ) + #define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) ) -#endif /* portPROCESSOR_VARIANT == 85 */ + + #define portCONTROL_UPAC_EN ( 1UL << 7UL ) + #define portCONTROL_PAC_EN ( 1UL << 6UL ) + #define portCONTROL_UBTI_EN ( 1UL << 5UL ) + #define portCONTROL_BTI_EN ( 1UL << 4UL ) + +#endif /* portHAS_PACBTI_FEATURE */ /*-----------------------------------------------------------*/ /** @@ -420,22 +427,25 @@ static void prvTaskExitError( void ); static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; #endif /* configENABLE_FPU */ -#if (portPROCESSOR_VARIANT == 85) +#if ( portHAS_PACBTI_FEATURE == 1 ) /** - * @brief Checks the pointer authentication, and branch target identification security feature - * configuration based on the selected option using the FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG CMake variable, - * returns the value of the special purpose control register accordingly, and optionally updates - * the Control register value. Currently, only Cortex-M85 (ARMv8.1-M architecture based) - * target supports PACBTI security feature. + * @brief Configures PACBTI features. + * + * This functions configrues the Pointer Authentication, and Branch Target + * Identification security features as per the user configuration. It returns + * the value of the special purpose CONTROL register accordingly, and optionally + * updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M + * architecture based) target supports PACBTI security feature. * - * @param xWriteControlRegister used to control whether the special purpose Control register - * should be updated or not. + * @param xWriteControlRegister Used to control whether the special purpose + * CONTROL register should be updated or not. * - * @return Control register value according to the configured PACBTI option. + * @return CONTROL register value according to the configured PACBTI option. */ - static uint32_t prvCheckAndConfigPacBti ( BaseType_t xWriteControlRegister ); -#endif /* portPROCESSOR_VARIANT == 85 */ + static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister ); + +#endif /* portHAS_PACBTI_FEATURE */ /** * @brief Setup the timer to generate the tick interrupts. @@ -1484,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */ { uint32_t ulIndex = 0; + uint32_t ulControl = 0x0; xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */ ulIndex++; @@ -1530,13 +1541,14 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */ ulIndex++; - uint32_t ulControl = 0x0; - #if (portPROCESSOR_VARIANT == 85) + #if ( portHAS_PACBTI_FEATURE == 1 ) { - /* Check PACBTI security feature configuration before pushing the control register's value on task's TCB. */ - ulControl = prvCheckAndConfigPacBti(pdFALSE); + /* Check PACBTI security feature configuration before pushing the + * CONTROL register's value on task's TCB. */ + ulControl = prvConfigurePACBTI( pdFALSE ); } - #endif /* portPROCESSOR_VARIANT == 85 */ + #endif /* portHAS_PACBTI_FEATURE */ + if( xRunPrivileged == pdTRUE ) { xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG; @@ -1774,12 +1786,13 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */ portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR2_REG = 0; - #if (portPROCESSOR_VARIANT == 85) + #if ( portHAS_PACBTI_FEATURE == 1 ) { - /* Set the Control register value based on PACBTI security feature configuration before starting the first task. */ - ( void) prvCheckAndConfigPacBti(pdTRUE); + /* Set the CONTROL register value based on PACBTI security feature + * configuration before starting the first task. */ + ( void) prvConfigurePACBTI( pdTRUE ); } - #endif /* portPROCESSOR_VARIANT == 85 */ + #endif /* portHAS_PACBTI_FEATURE */ #if ( configENABLE_MPU == 1 ) { @@ -2200,43 +2213,41 @@ BaseType_t xPortIsInsideInterrupt( void ) #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ /*-----------------------------------------------------------*/ -#if (portPROCESSOR_VARIANT == 85) - static uint32_t prvCheckAndConfigPacBti ( BaseType_t xWriteControlRegister ) +#if ( portHAS_PACBTI_FEATURE == 1 ) + + static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister ) { - #if defined ( portARM_V_8_1_M_PACBTI_CONFIG ) - uint32_t ulIdIsar5 = portID_ISAR5_REG; - configASSERT(ulIdIsar5 != 0x0); + uint32_t ulControl = 0x0; - /* Enable UsageFault exception if the selected configuration is not portARM_V_8_1_M_PACBTI_CONFIG_NONE */ - #if ( portARM_V_8_1_M_PACBTI_CONFIG != portARM_V_8_1_M_PACBTI_CONFIG_NONE ) - portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; - #endif + /* Ensure that PACBTI is implemented. */ + configASSERT( portID_ISAR5_REG != 0x0 ); - uint32_t ulControl = 0x0; - #if ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_STANDARD ) || \ - ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI ) ) - /* Set UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits to one */ - ulControl = 0xF0; - #elif ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET ) || \ - ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF ) ) - /* Set UPAC_EN, and PAC_EN control bits to one */ - ulControl = 0xC0; - #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_BTI ) - /* Set UBTI_EN, and BTI_EN control bits to one */ - ulControl = 0x30; - #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_NONE ) - /* Clear UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ - ulControl = 0x00; - #else - #error "Invalid portARM_V_8_1_M_PACBTI_CONFIG option chosen" - #endif - if ( xWriteControlRegister == pdTRUE ) - { - __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); - } + /* Enable UsageFault exception if PAC or BTI is enabled. */ + #if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) ) + { + portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; + } + #endif + + #if( configENABLE_PAC == 1 ) + { + ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN ); + } + #endif - return ulControl; + #if( configENABLE_BTI == 1 ) + { + ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN ); + } #endif + + if( xWriteControlRegister == pdTRUE ) + { + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + } + + return ulControl; } -#endif /* portPROCESSOR_VARIANT == 85 */ + +#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */ /*-----------------------------------------------------------*/ diff --git a/portable/IAR/ARM_CM55_NTZ/non_secure/portasm.s b/portable/IAR/ARM_CM55_NTZ/non_secure/portasm.s index e7fa8f041..be06f67ad 100644 --- a/portable/IAR/ARM_CM55_NTZ/non_secure/portasm.s +++ b/portable/IAR/ARM_CM55_NTZ/non_secure/portasm.s @@ -168,7 +168,7 @@ vRestoreContextOfFirstTask: ldm r0!, {r1-r2} /* Read from stack - r1 = PSPLIM and r2 = EXC_RETURN. */ msr psplim, r1 /* Set this task's PSPLIM value. */ mrs r1, control /* Obtain current control register value. */ - orrs r1, r1, #2 /* r1 = r1 | 0x2 - Setting the second bit to use the program stack pointe (PSP). */ + orrs r1, r1, #2 /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointe (PSP). */ msr control, r1 /* Write back the new control register value. */ adds r0, #32 /* Discard everything up to r0. */ msr psp, r0 /* This is now the new top of stack to use in the task. */ diff --git a/portable/IAR/ARM_CM55_NTZ/non_secure/portmacro.h b/portable/IAR/ARM_CM55_NTZ/non_secure/portmacro.h index 8dcf71342..6a5272267 100644 --- a/portable/IAR/ARM_CM55_NTZ/non_secure/portmacro.h +++ b/portable/IAR/ARM_CM55_NTZ/non_secure/portmacro.h @@ -55,10 +55,10 @@ /** * Architecture specifics. */ -#define portPROCESSOR_VARIANT 55 #define portARCH_NAME "Cortex-M55" #define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portARMV8M_MINOR_VERSION 1 +#define portHAS_PACBTI_FEATURE 0 #define portDONT_DISCARD __root /*-----------------------------------------------------------*/ diff --git a/portable/IAR/ARM_CM55_NTZ/non_secure/portmacrocommon.h b/portable/IAR/ARM_CM55_NTZ/non_secure/portmacrocommon.h index aa2d78811..a2d22b769 100644 --- a/portable/IAR/ARM_CM55_NTZ/non_secure/portmacrocommon.h +++ b/portable/IAR/ARM_CM55_NTZ/non_secure/portmacrocommon.h @@ -59,6 +59,17 @@ #error configENABLE_TRUSTZONE must be defined in FreeRTOSConfig.h. Set configENABLE_TRUSTZONE to 1 to enable TrustZone or 0 to disable TrustZone. #endif /* configENABLE_TRUSTZONE */ +#if ( portHAS_PACBTI_FEATURE == 1 ) + + #ifndef configENABLE_PAC + #error configENABLE_PAC must be defined in FreeRTOSConfig.h. Set configENABLE_PAC to 1 to enable the PAC or 0 to disable the PAC. + #endif + + #ifndef configENABLE_BTI + #error configENABLE_BTI must be defined in FreeRTOSConfig.h. Set configENABLE_BTI to 1 to enable the BTI or 0 to disable the BTI. + #endif + +#endif /* portHAS_PACBTI_FEATURE */ /*-----------------------------------------------------------*/ /** @@ -509,44 +520,6 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P #endif /* configUSE_PORT_OPTIMISED_TASK_SELECTION */ /*-----------------------------------------------------------*/ -#if (portPROCESSOR_VARIANT == 85) - - /** - * @brief PACBTI Security Feature Disabled - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_NONE 0 - - /** - * @brief PACBTI Security Feature Standard Configuration - * (PAC enabled without leaf functions support, and BTI enabled ). - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_STANDARD 1 - - /** - * @brief PACBTI Security Feature with only PAC enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET 2 - - /** - * @brief PACBTI Security Feature with PAC - * and PAC for leaf functions support enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF 3 - - /** - * @brief PACBTI Security Feature Standard + Leaf Configuration - * (PAC enabled with leaf functions support, and BTI enabled). - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI 4 - - /** - * @brief PACBTI Security Feature with only BTI enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_BTI 5 - -#endif /* portPROCESSOR_VARIANT == 85 */ -/*-----------------------------------------------------------*/ - /* *INDENT-OFF* */ #ifdef __cplusplus } diff --git a/portable/IAR/ARM_CM85/non_secure/port.c b/portable/IAR/ARM_CM85/non_secure/port.c index 58b2b835d..dfdbbcb1b 100644 --- a/portable/IAR/ARM_CM85/non_secure/port.c +++ b/portable/IAR/ARM_CM85/non_secure/port.c @@ -378,11 +378,18 @@ typedef void ( * portISR_t )( void ); #define portNO_SECURE_CONTEXT 0 /** - * @brief Constant required to check PACBTI security feature implementation. + * @brief Constants required to check and configure PACBTI security feature implementation. */ -#if (portPROCESSOR_VARIANT == 85) +#if ( portHAS_PACBTI_FEATURE == 1 ) + #define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) ) -#endif /* portPROCESSOR_VARIANT == 85 */ + + #define portCONTROL_UPAC_EN ( 1UL << 7UL ) + #define portCONTROL_PAC_EN ( 1UL << 6UL ) + #define portCONTROL_UBTI_EN ( 1UL << 5UL ) + #define portCONTROL_BTI_EN ( 1UL << 4UL ) + +#endif /* portHAS_PACBTI_FEATURE */ /*-----------------------------------------------------------*/ /** @@ -420,22 +427,25 @@ static void prvTaskExitError( void ); static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; #endif /* configENABLE_FPU */ -#if (portPROCESSOR_VARIANT == 85) +#if ( portHAS_PACBTI_FEATURE == 1 ) /** - * @brief Checks the pointer authentication, and branch target identification security feature - * configuration based on the selected option using the FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG CMake variable, - * returns the value of the special purpose control register accordingly, and optionally updates - * the Control register value. Currently, only Cortex-M85 (ARMv8.1-M architecture based) - * target supports PACBTI security feature. + * @brief Configures PACBTI features. + * + * This functions configrues the Pointer Authentication, and Branch Target + * Identification security features as per the user configuration. It returns + * the value of the special purpose CONTROL register accordingly, and optionally + * updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M + * architecture based) target supports PACBTI security feature. * - * @param xWriteControlRegister used to control whether the special purpose Control register - * should be updated or not. + * @param xWriteControlRegister Used to control whether the special purpose + * CONTROL register should be updated or not. * - * @return Control register value according to the configured PACBTI option. + * @return CONTROL register value according to the configured PACBTI option. */ - static uint32_t prvCheckAndConfigPacBti ( BaseType_t xWriteControlRegister ); -#endif /* portPROCESSOR_VARIANT == 85 */ + static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister ); + +#endif /* portHAS_PACBTI_FEATURE */ /** * @brief Setup the timer to generate the tick interrupts. @@ -1484,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */ { uint32_t ulIndex = 0; + uint32_t ulControl = 0x0; xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */ ulIndex++; @@ -1530,13 +1541,14 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */ ulIndex++; - uint32_t ulControl = 0x0; - #if (portPROCESSOR_VARIANT == 85) + #if ( portHAS_PACBTI_FEATURE == 1 ) { - /* Check PACBTI security feature configuration before pushing the control register's value on task's TCB. */ - ulControl = prvCheckAndConfigPacBti(pdFALSE); + /* Check PACBTI security feature configuration before pushing the + * CONTROL register's value on task's TCB. */ + ulControl = prvConfigurePACBTI( pdFALSE ); } - #endif /* portPROCESSOR_VARIANT == 85 */ + #endif /* portHAS_PACBTI_FEATURE */ + if( xRunPrivileged == pdTRUE ) { xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG; @@ -1774,12 +1786,13 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */ portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR2_REG = 0; - #if (portPROCESSOR_VARIANT == 85) + #if ( portHAS_PACBTI_FEATURE == 1 ) { - /* Set the Control register value based on PACBTI security feature configuration before starting the first task. */ - ( void) prvCheckAndConfigPacBti(pdTRUE); + /* Set the CONTROL register value based on PACBTI security feature + * configuration before starting the first task. */ + ( void) prvConfigurePACBTI( pdTRUE ); } - #endif /* portPROCESSOR_VARIANT == 85 */ + #endif /* portHAS_PACBTI_FEATURE */ #if ( configENABLE_MPU == 1 ) { @@ -2200,43 +2213,41 @@ BaseType_t xPortIsInsideInterrupt( void ) #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ /*-----------------------------------------------------------*/ -#if (portPROCESSOR_VARIANT == 85) - static uint32_t prvCheckAndConfigPacBti ( BaseType_t xWriteControlRegister ) +#if ( portHAS_PACBTI_FEATURE == 1 ) + + static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister ) { - #if defined ( portARM_V_8_1_M_PACBTI_CONFIG ) - uint32_t ulIdIsar5 = portID_ISAR5_REG; - configASSERT(ulIdIsar5 != 0x0); + uint32_t ulControl = 0x0; - /* Enable UsageFault exception if the selected configuration is not portARM_V_8_1_M_PACBTI_CONFIG_NONE */ - #if ( portARM_V_8_1_M_PACBTI_CONFIG != portARM_V_8_1_M_PACBTI_CONFIG_NONE ) - portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; - #endif + /* Ensure that PACBTI is implemented. */ + configASSERT( portID_ISAR5_REG != 0x0 ); - uint32_t ulControl = 0x0; - #if ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_STANDARD ) || \ - ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI ) ) - /* Set UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits to one */ - ulControl = 0xF0; - #elif ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET ) || \ - ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF ) ) - /* Set UPAC_EN, and PAC_EN control bits to one */ - ulControl = 0xC0; - #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_BTI ) - /* Set UBTI_EN, and BTI_EN control bits to one */ - ulControl = 0x30; - #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_NONE ) - /* Clear UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ - ulControl = 0x00; - #else - #error "Invalid portARM_V_8_1_M_PACBTI_CONFIG option chosen" - #endif - if ( xWriteControlRegister == pdTRUE ) - { - __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); - } + /* Enable UsageFault exception if PAC or BTI is enabled. */ + #if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) ) + { + portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; + } + #endif + + #if( configENABLE_PAC == 1 ) + { + ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN ); + } + #endif - return ulControl; + #if( configENABLE_BTI == 1 ) + { + ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN ); + } #endif + + if( xWriteControlRegister == pdTRUE ) + { + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + } + + return ulControl; } -#endif /* portPROCESSOR_VARIANT == 85 */ + +#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */ /*-----------------------------------------------------------*/ diff --git a/portable/IAR/ARM_CM85/non_secure/portasm.s b/portable/IAR/ARM_CM85/non_secure/portasm.s index 418c5f887..b90b3a30c 100644 --- a/portable/IAR/ARM_CM85/non_secure/portasm.s +++ b/portable/IAR/ARM_CM85/non_secure/portasm.s @@ -179,8 +179,9 @@ vRestoreContextOfFirstTask: ldr r4, =xSecureContext str r1, [r4] /* Set xSecureContext to this task's value for the same. */ msr psplim, r2 /* Set this task's PSPLIM value. */ - movs r1, #2 /* r1 = 2. */ - msr CONTROL, r1 /* Switch to use PSP in the thread mode. */ + mrs r1, control /* Obtain current control register value. */ + orrs r1, r1, #2 /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointe (PSP). */ + msr control, r1 /* Write back the new control register value. */ adds r0, #32 /* Discard everything up to r0. */ msr psp, r0 /* This is now the new top of stack to use in the task. */ isb diff --git a/portable/IAR/ARM_CM85/non_secure/portmacro.h b/portable/IAR/ARM_CM85/non_secure/portmacro.h index efca5acc3..c88adc77c 100644 --- a/portable/IAR/ARM_CM85/non_secure/portmacro.h +++ b/portable/IAR/ARM_CM85/non_secure/portmacro.h @@ -55,10 +55,10 @@ /** * Architecture specifics. */ -#define portPROCESSOR_VARIANT 85 #define portARCH_NAME "Cortex-M85" #define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portARMV8M_MINOR_VERSION 1 +#define portHAS_PACBTI_FEATURE 1 #define portDONT_DISCARD __root /*-----------------------------------------------------------*/ diff --git a/portable/IAR/ARM_CM85/non_secure/portmacrocommon.h b/portable/IAR/ARM_CM85/non_secure/portmacrocommon.h index aa2d78811..a2d22b769 100644 --- a/portable/IAR/ARM_CM85/non_secure/portmacrocommon.h +++ b/portable/IAR/ARM_CM85/non_secure/portmacrocommon.h @@ -59,6 +59,17 @@ #error configENABLE_TRUSTZONE must be defined in FreeRTOSConfig.h. Set configENABLE_TRUSTZONE to 1 to enable TrustZone or 0 to disable TrustZone. #endif /* configENABLE_TRUSTZONE */ +#if ( portHAS_PACBTI_FEATURE == 1 ) + + #ifndef configENABLE_PAC + #error configENABLE_PAC must be defined in FreeRTOSConfig.h. Set configENABLE_PAC to 1 to enable the PAC or 0 to disable the PAC. + #endif + + #ifndef configENABLE_BTI + #error configENABLE_BTI must be defined in FreeRTOSConfig.h. Set configENABLE_BTI to 1 to enable the BTI or 0 to disable the BTI. + #endif + +#endif /* portHAS_PACBTI_FEATURE */ /*-----------------------------------------------------------*/ /** @@ -509,44 +520,6 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P #endif /* configUSE_PORT_OPTIMISED_TASK_SELECTION */ /*-----------------------------------------------------------*/ -#if (portPROCESSOR_VARIANT == 85) - - /** - * @brief PACBTI Security Feature Disabled - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_NONE 0 - - /** - * @brief PACBTI Security Feature Standard Configuration - * (PAC enabled without leaf functions support, and BTI enabled ). - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_STANDARD 1 - - /** - * @brief PACBTI Security Feature with only PAC enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET 2 - - /** - * @brief PACBTI Security Feature with PAC - * and PAC for leaf functions support enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF 3 - - /** - * @brief PACBTI Security Feature Standard + Leaf Configuration - * (PAC enabled with leaf functions support, and BTI enabled). - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI 4 - - /** - * @brief PACBTI Security Feature with only BTI enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_BTI 5 - -#endif /* portPROCESSOR_VARIANT == 85 */ -/*-----------------------------------------------------------*/ - /* *INDENT-OFF* */ #ifdef __cplusplus } diff --git a/portable/IAR/ARM_CM85_NTZ/non_secure/port.c b/portable/IAR/ARM_CM85_NTZ/non_secure/port.c index 58b2b835d..dfdbbcb1b 100644 --- a/portable/IAR/ARM_CM85_NTZ/non_secure/port.c +++ b/portable/IAR/ARM_CM85_NTZ/non_secure/port.c @@ -378,11 +378,18 @@ typedef void ( * portISR_t )( void ); #define portNO_SECURE_CONTEXT 0 /** - * @brief Constant required to check PACBTI security feature implementation. + * @brief Constants required to check and configure PACBTI security feature implementation. */ -#if (portPROCESSOR_VARIANT == 85) +#if ( portHAS_PACBTI_FEATURE == 1 ) + #define portID_ISAR5_REG ( *( ( volatile uint32_t * ) 0xe000ed74 ) ) -#endif /* portPROCESSOR_VARIANT == 85 */ + + #define portCONTROL_UPAC_EN ( 1UL << 7UL ) + #define portCONTROL_PAC_EN ( 1UL << 6UL ) + #define portCONTROL_UBTI_EN ( 1UL << 5UL ) + #define portCONTROL_BTI_EN ( 1UL << 4UL ) + +#endif /* portHAS_PACBTI_FEATURE */ /*-----------------------------------------------------------*/ /** @@ -420,22 +427,25 @@ static void prvTaskExitError( void ); static void prvSetupFPU( void ) PRIVILEGED_FUNCTION; #endif /* configENABLE_FPU */ -#if (portPROCESSOR_VARIANT == 85) +#if ( portHAS_PACBTI_FEATURE == 1 ) /** - * @brief Checks the pointer authentication, and branch target identification security feature - * configuration based on the selected option using the FREERTOS_ARM_V_8_1_M_PACBTI_CONFIG CMake variable, - * returns the value of the special purpose control register accordingly, and optionally updates - * the Control register value. Currently, only Cortex-M85 (ARMv8.1-M architecture based) - * target supports PACBTI security feature. + * @brief Configures PACBTI features. + * + * This functions configrues the Pointer Authentication, and Branch Target + * Identification security features as per the user configuration. It returns + * the value of the special purpose CONTROL register accordingly, and optionally + * updates the CONTROL register value. Currently, only Cortex-M85 (ARMv8.1-M + * architecture based) target supports PACBTI security feature. * - * @param xWriteControlRegister used to control whether the special purpose Control register - * should be updated or not. + * @param xWriteControlRegister Used to control whether the special purpose + * CONTROL register should be updated or not. * - * @return Control register value according to the configured PACBTI option. + * @return CONTROL register value according to the configured PACBTI option. */ - static uint32_t prvCheckAndConfigPacBti ( BaseType_t xWriteControlRegister ); -#endif /* portPROCESSOR_VARIANT == 85 */ + static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister ); + +#endif /* portHAS_PACBTI_FEATURE */ /** * @brief Setup the timer to generate the tick interrupts. @@ -1484,6 +1494,7 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO xMPU_SETTINGS * xMPUSettings ) /* PRIVILEGED_FUNCTION */ { uint32_t ulIndex = 0; + uint32_t ulControl = 0x0; xMPUSettings->ulContext[ ulIndex ] = 0x04040404; /* r4. */ ulIndex++; @@ -1530,13 +1541,14 @@ void vPortSVCHandler_C( uint32_t * pulCallerStackAddress ) /* PRIVILEGED_FUNCTIO xMPUSettings->ulContext[ ulIndex ] = ( uint32_t ) pxEndOfStack; /* PSPLIM. */ ulIndex++; - uint32_t ulControl = 0x0; - #if (portPROCESSOR_VARIANT == 85) + #if ( portHAS_PACBTI_FEATURE == 1 ) { - /* Check PACBTI security feature configuration before pushing the control register's value on task's TCB. */ - ulControl = prvCheckAndConfigPacBti(pdFALSE); + /* Check PACBTI security feature configuration before pushing the + * CONTROL register's value on task's TCB. */ + ulControl = prvConfigurePACBTI( pdFALSE ); } - #endif /* portPROCESSOR_VARIANT == 85 */ + #endif /* portHAS_PACBTI_FEATURE */ + if( xRunPrivileged == pdTRUE ) { xMPUSettings->ulTaskFlags |= portTASK_IS_PRIVILEGED_FLAG; @@ -1774,12 +1786,13 @@ BaseType_t xPortStartScheduler( void ) /* PRIVILEGED_FUNCTION */ portNVIC_SHPR3_REG |= portNVIC_SYSTICK_PRI; portNVIC_SHPR2_REG = 0; - #if (portPROCESSOR_VARIANT == 85) + #if ( portHAS_PACBTI_FEATURE == 1 ) { - /* Set the Control register value based on PACBTI security feature configuration before starting the first task. */ - ( void) prvCheckAndConfigPacBti(pdTRUE); + /* Set the CONTROL register value based on PACBTI security feature + * configuration before starting the first task. */ + ( void) prvConfigurePACBTI( pdTRUE ); } - #endif /* portPROCESSOR_VARIANT == 85 */ + #endif /* portHAS_PACBTI_FEATURE */ #if ( configENABLE_MPU == 1 ) { @@ -2200,43 +2213,41 @@ BaseType_t xPortIsInsideInterrupt( void ) #endif /* #if ( ( configENABLE_MPU == 1 ) && ( configUSE_MPU_WRAPPERS_V1 == 0 ) ) */ /*-----------------------------------------------------------*/ -#if (portPROCESSOR_VARIANT == 85) - static uint32_t prvCheckAndConfigPacBti ( BaseType_t xWriteControlRegister ) +#if ( portHAS_PACBTI_FEATURE == 1 ) + + static uint32_t prvConfigurePACBTI( BaseType_t xWriteControlRegister ) { - #if defined ( portARM_V_8_1_M_PACBTI_CONFIG ) - uint32_t ulIdIsar5 = portID_ISAR5_REG; - configASSERT(ulIdIsar5 != 0x0); + uint32_t ulControl = 0x0; - /* Enable UsageFault exception if the selected configuration is not portARM_V_8_1_M_PACBTI_CONFIG_NONE */ - #if ( portARM_V_8_1_M_PACBTI_CONFIG != portARM_V_8_1_M_PACBTI_CONFIG_NONE ) - portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; - #endif + /* Ensure that PACBTI is implemented. */ + configASSERT( portID_ISAR5_REG != 0x0 ); - uint32_t ulControl = 0x0; - #if ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_STANDARD ) || \ - ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI ) ) - /* Set UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits to one */ - ulControl = 0xF0; - #elif ( ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET ) || \ - ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF ) ) - /* Set UPAC_EN, and PAC_EN control bits to one */ - ulControl = 0xC0; - #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_BTI ) - /* Set UBTI_EN, and BTI_EN control bits to one */ - ulControl = 0x30; - #elif ( portARM_V_8_1_M_PACBTI_CONFIG == portARM_V_8_1_M_PACBTI_CONFIG_NONE ) - /* Clear UPAC_EN, PAC_EN, UBTI_EN, and BTI_EN control bits */ - ulControl = 0x00; - #else - #error "Invalid portARM_V_8_1_M_PACBTI_CONFIG option chosen" - #endif - if ( xWriteControlRegister == pdTRUE ) - { - __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); - } + /* Enable UsageFault exception if PAC or BTI is enabled. */ + #if( ( configENABLE_PAC == 1 ) || ( configENABLE_BTI == 1 ) ) + { + portSCB_SYS_HANDLER_CTRL_STATE_REG |= portSCB_USG_FAULT_ENABLE_BIT; + } + #endif + + #if( configENABLE_PAC == 1 ) + { + ulControl |= ( portCONTROL_UPAC_EN | portCONTROL_PAC_EN ); + } + #endif - return ulControl; + #if( configENABLE_BTI == 1 ) + { + ulControl |= ( portCONTROL_UBTI_EN | portCONTROL_BTI_EN ); + } #endif + + if( xWriteControlRegister == pdTRUE ) + { + __asm volatile ( "msr control, %0" : : "r" ( ulControl ) ); + } + + return ulControl; } -#endif /* portPROCESSOR_VARIANT == 85 */ + +#endif /* #if ( portHAS_PACBTI_FEATURE == 1 ) */ /*-----------------------------------------------------------*/ diff --git a/portable/IAR/ARM_CM85_NTZ/non_secure/portasm.s b/portable/IAR/ARM_CM85_NTZ/non_secure/portasm.s index e7fa8f041..be06f67ad 100644 --- a/portable/IAR/ARM_CM85_NTZ/non_secure/portasm.s +++ b/portable/IAR/ARM_CM85_NTZ/non_secure/portasm.s @@ -168,7 +168,7 @@ vRestoreContextOfFirstTask: ldm r0!, {r1-r2} /* Read from stack - r1 = PSPLIM and r2 = EXC_RETURN. */ msr psplim, r1 /* Set this task's PSPLIM value. */ mrs r1, control /* Obtain current control register value. */ - orrs r1, r1, #2 /* r1 = r1 | 0x2 - Setting the second bit to use the program stack pointe (PSP). */ + orrs r1, r1, #2 /* r1 = r1 | 0x2 - Set the second bit to use the program stack pointe (PSP). */ msr control, r1 /* Write back the new control register value. */ adds r0, #32 /* Discard everything up to r0. */ msr psp, r0 /* This is now the new top of stack to use in the task. */ diff --git a/portable/IAR/ARM_CM85_NTZ/non_secure/portmacro.h b/portable/IAR/ARM_CM85_NTZ/non_secure/portmacro.h index efca5acc3..c88adc77c 100644 --- a/portable/IAR/ARM_CM85_NTZ/non_secure/portmacro.h +++ b/portable/IAR/ARM_CM85_NTZ/non_secure/portmacro.h @@ -55,10 +55,10 @@ /** * Architecture specifics. */ -#define portPROCESSOR_VARIANT 85 #define portARCH_NAME "Cortex-M85" #define portHAS_ARMV8M_MAIN_EXTENSION 1 #define portARMV8M_MINOR_VERSION 1 +#define portHAS_PACBTI_FEATURE 1 #define portDONT_DISCARD __root /*-----------------------------------------------------------*/ diff --git a/portable/IAR/ARM_CM85_NTZ/non_secure/portmacrocommon.h b/portable/IAR/ARM_CM85_NTZ/non_secure/portmacrocommon.h index aa2d78811..a2d22b769 100644 --- a/portable/IAR/ARM_CM85_NTZ/non_secure/portmacrocommon.h +++ b/portable/IAR/ARM_CM85_NTZ/non_secure/portmacrocommon.h @@ -59,6 +59,17 @@ #error configENABLE_TRUSTZONE must be defined in FreeRTOSConfig.h. Set configENABLE_TRUSTZONE to 1 to enable TrustZone or 0 to disable TrustZone. #endif /* configENABLE_TRUSTZONE */ +#if ( portHAS_PACBTI_FEATURE == 1 ) + + #ifndef configENABLE_PAC + #error configENABLE_PAC must be defined in FreeRTOSConfig.h. Set configENABLE_PAC to 1 to enable the PAC or 0 to disable the PAC. + #endif + + #ifndef configENABLE_BTI + #error configENABLE_BTI must be defined in FreeRTOSConfig.h. Set configENABLE_BTI to 1 to enable the BTI or 0 to disable the BTI. + #endif + +#endif /* portHAS_PACBTI_FEATURE */ /*-----------------------------------------------------------*/ /** @@ -509,44 +520,6 @@ extern void vClearInterruptMask( uint32_t ulMask ) /* __attribute__(( naked )) P #endif /* configUSE_PORT_OPTIMISED_TASK_SELECTION */ /*-----------------------------------------------------------*/ -#if (portPROCESSOR_VARIANT == 85) - - /** - * @brief PACBTI Security Feature Disabled - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_NONE 0 - - /** - * @brief PACBTI Security Feature Standard Configuration - * (PAC enabled without leaf functions support, and BTI enabled ). - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_STANDARD 1 - - /** - * @brief PACBTI Security Feature with only PAC enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET 2 - - /** - * @brief PACBTI Security Feature with PAC - * and PAC for leaf functions support enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF 3 - - /** - * @brief PACBTI Security Feature Standard + Leaf Configuration - * (PAC enabled with leaf functions support, and BTI enabled). - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_PACRET_LEAF_BTI 4 - - /** - * @brief PACBTI Security Feature with only BTI enabled. - */ - #define portARM_V_8_1_M_PACBTI_CONFIG_BTI 5 - -#endif /* portPROCESSOR_VARIANT == 85 */ -/*-----------------------------------------------------------*/ - /* *INDENT-OFF* */ #ifdef __cplusplus } -- 2.34.1