Thanks Alexei.
From: Alexei Fedorov <Alexei.Fedorov@arm.com>
Sent: Monday, April 13, 2020 7:22 AM
To: tf-a@lists.trustedfirmware.org; Varun Wadekar <vwadekar@nvidia.com>
Cc: Kalyani Chidambaram Vaidyanathan <kalyanic@nvidia.com>; Anthony Zhou <anzhou@nvidia.com>
Subject: Re: BRANCH_PROTECTION
External email: Use caution opening links or attachments
|
Hi Varun,
Regards.
Alexei
From: TF-A <tf-a-bounces@lists.trustedfirmware.org> on behalf of Varun Wadekar via TF-A <tf-a@lists.trustedfirmware.org>
Sent: 10 April 2020 19:28
To: tf-a@lists.trustedfirmware.org <tf-a@lists.trustedfirmware.org>
Cc: Kalyani Chidambaram Vaidyanathan <kalyanic@nvidia.com>; Anthony Zhou <anzhou@nvidia.com>
Subject: Re: [TF-A] BRANCH_PROTECTION
Hello,
Can someone please help clarify?
-Varun
From: TF-A <tf-a-bounces@lists.trustedfirmware.org>
On Behalf Of Varun Wadekar via TF-A
Sent: Tuesday, April 7, 2020 9:58 PM
To: tf-a@lists.trustedfirmware.org
Cc: Kalyani Chidambaram Vaidyanathan <kalyanic@nvidia.com>; Anthony Zhou <anzhou@nvidia.com>
Subject: [TF-A] BRANCH_PROTECTION
External email: Use caution opening links or attachments
|
Hello,
Can someone please help me understand if
The docs provide this information.
<snip>
- ``BRANCH_PROTECTION``: Numeric value to enable ARMv8.3 Pointer Authentication
and ARMv8.5 Branch Target Identification support for TF-A BL images themselves.
If enabled, it is needed to use a compiler that supports the option
``-mbranch-protection``. Selects the branch protection features to use:
- 0: Default value turns off all types of branch protection
- 1: Enables all types of branch protection features
- 2: Return address signing to its standard level
- 3: Extend the signing to include leaf functions
The table below summarizes ``BRANCH_PROTECTION`` values, GCC compilation options
and resulting PAuth/BTI features.
+-------+--------------+-------+-----+
| Value | GCC option | PAuth | BTI |
+=======+==============+=======+=====+
| 0 | none | N | N |
+-------+--------------+-------+-----+
| 1 | standard | Y | Y |
+-------+--------------+-------+-----+
| 2 | pac-ret | Y | N |
+-------+--------------+-------+-----+
| 3 | pac-ret+leaf | Y | N |
+-------+--------------+-------+-----+
This option defaults to 0 and this is an experimental feature.
Note that Pointer Authentication is enabled for Non-secure world
irrespective of the value of this option if the CPU supports it.
<snip>
Thanks,
Varun
This email message is for the sole use of the intended recipient(s) and may contain confidential information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact
the sender by reply email and destroy all copies of the original message.
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person,
use it for any purpose, or store or copy the information in any medium. Thank you.